Slide1:

Presented by SSA Robert Flaim FEDERAL BUREAU OF INVESTIGATION Cyber Division FBI
HQ Cyber Attacks: The Next Frontier
Slide2:
The nation is vulnerable to new forms of terrorism ranging from cyber attacks to
attacks on military bases abroad to ballistic missile attacks on U.S. cities. War
s in the 21st century will increasingly require all elements of national power n
ot just the military. They will require that economic, diplomatic, financial, la
w enforcement and intelligence capabilities work together. Secretary Rumsfeld add
ress to the National Defense University, January 31, 2002.
Discussion:
Discussion Critical Infrastructures Terrorist Internet Exploits Tactics and Stra
tegy
Critical Infrastructures:
Critical Infrastructures Where the Crown Jewels Are
Slide6:
Imagine Planning for These Contingencies Unrelated Events or Strategic Attack? I
SPs All Offline 911 System Down Poisoned Water Supply Telephone Outages
Using Our Systems Against Us:
Using Our Systems Against Us Aircraft Pentagon/Twin Towers Mail distribution net
work Anthrax Computers next step ?
Real World Example Australia 2000:
Real World Example Australia 2000 Maroochy Shire Waste Water Plant Sunshine Coas
t Insider 46 intrusions over 2 month period Release of sewage into parks, rivers
Environmental damage
Real World Example USA 2001:
Real World Example USA 2001 San Francisco FBI Field Office Investigation Interne
t probes from Saudi Arabia, Indonesia, Pakistan Casings of web sites regarding e
mergency telephone systems, electrical generation and transmissions, water stora
ge and distribution, nuclear power plants and gas facilities Exploring digital s
ystems used to manage these systems
Why Cyber Attack on Critical Infrastructures?:
Why Cyber Attack on Critical Infrastructures? National Security Reduce the U.S. s
ability to protect its interests Public Psyche Erode confidence in critical serv
ices and the government Economic impact Damage economic systems Enhancement of P
hysical Attacks Physical damage/distraction efforts Asymmetric Warfare Lack of a
ttribution, low cost/high potential impact
How are we vulnerable?:
How are we vulnerable? Globalization of infrastructures = vulnerability Anonymou
s access to infrastructures via the Internet and SCADA Interdependencies of syst
ems make attack consequences harder to predict and more severe Malicious softwar
e is widely available and does not require a high degree of technical skill to u
se More individuals with malicious intent on Internet New cyber threats outpace
defensive measures
Vulnerability Types:
Vulnerability Types Computer based Poor passwords Lack of appropriate protection
/or improperly configured protection Network based Unprotected or unnecessary op
en entry points Personnel based Temporary/staff firings Disgruntled personnel La
ck of training Facility based Servers in unprotected areas Inadequate security p
olicies
Al-Qaeda:
Al-Qaeda Al-Qaeda laptop found in Afghanistan contained: Hits on web sites that
contained Sabotage Handbook Handbook Internet tools, planning a hit, anti-surveill
ance methods, cracking tools Al-Qaeda actively researched publicly available infor
mation concerning critical infrastructures posted on web sites
Terrorist Internet Exploits:
Terrorist Internet Exploits What are we up against?
Terrorist Groups:
Terrorist Groups
Terrorists:
Terrorists Attention must be paid to studying the terrorists: Ideology History M
otivation Capabilities
Terrorists:
Terrorists Terrorism is carried out by disrupting activities, undermining confid
ence, and creating fear In the future, cyber terrorism may become a viable optio
n to traditional physical acts of violence due to: Perceived anonymity Diverse t
argets Low risk of detection Low risk of personnel injury Low investment Operate
from nearly any location Few resources are needed
Terrorist Use of the Internet:
Terrorist Use of the Internet Hacktivism Cyber Facilitated Terrorism Cyber terro
rism
Cyber Arsenal for Terrorists:
Cyber Arsenal for Terrorists Internet newsgroups, web home pages, and IRC channe
ls include: Automated attack tools (Software Tools) Sniffers (capture informatio
n i.e. password/log-on) Rootkits (facilitate/mask intrusion) Network Vulnerabili
ty Analyzers (SATAN/Nessus) Spoofing Trojan Horses Worms DoS
Cyber Attack Methodology:
Cyber Attack Methodology Resource Denial Virus/malicious code Legitimate traffic o
verwhelms site (unauthorized high-volume links) DoS DDoS WWW Defacement Defaceme
nt to embarrass Content modification to convey message Content modification as c
omponent of disinformation campaign
Computer System Compromises:
Computer System Compromises System Compromise Data destruction Data modification
Information gathering Compromised platform : Launch pad for attacks Jump off po
int for other compromises Target Research and Acquisition Internet makes signifi
cant amounts of data instantly and anonymously accessible.
Hacktivism:
Hacktivism Hacktivism is hacking with a cause and is concerned with influencing
opinions on a specific issue. Example: ELF hacks into the web page of a local sk
i resort and defaces the web page. This is done to reflect the groups objections
to environmental issues.
Slide23:
Electronic Disturbance Theater Hacktivism
Cyber Facilitated Terrorism:
Cyber Facilitated Terrorism Terrorists utilize web sites to actively recruit mem
bers and publicize propaganda as well as to raise funds Web sites also contain i
nformation necessary to construct weapons, obtain false identification Use Inter
net as a communications tool via chat rooms, BBS, email Hijackers utilized cyber
 cafés to communicate via Internet and order airline tickets
Slide26:
1. Finsbury Park Mosque, North London
Slide27:
Kamel Daoudi Believed to be Al-Qaeda Cyber Terrorist. Arrested for alleged invol
vement in plot to bomb American Embassy in Paris
Cyberterrorism:
Cyberterrorism Cyberterrorism is a criminal act perpetrated by the use of comput
ers and telecommunications capabilities, resulting in violence, destruction and/
or disruption of services to create fear by causing confusion and uncertainty wi
thin a given population, with the goal of influencing a government or population
to conform to a particular political, social, or ideological agenda.
The Cyberterrorist Threat:
The Cyberterrorist Threat Operational Practicality Behavioral Profile Assessing
the threat Technical Feasibility THREAT
Slide30:
Cost of Capability 1955 1960 1970 1975 1985 Cost & Means of Attack 1945 Today
Tactics and Strategy:
Tactics and Strategy Prevention and cooperation
FBI Cyber Transformation:
FBI Cyber Transformation Terrorism and Cyber Crime top priorities FBI recruitmen
t of engineers and computer scientists critical skills Increasing agents dedicat
ed to cyber crime Creation of Cyber Task Forces in field offices
USA Patriot Act :
USA Patriot Act Felony to hack into computer used in furtherance of national sec
urity or national defense 2702 Emergency Requests Legal Subpoena expanded Senten
cing increased
USA Patriot Act cont d:
USA Patriot Act cont d Share with DOJ for criminal prosecution Permits roving survei
llance FISA orders for intelligence allowed if there is a significant reason for
application rather than the reason Authorizes pen register and trap and trace o
rders for email as well as telephone conversations
International Investigations:
International Investigations Cyber Evidence in USA MLAT Request Joint FBI-Foreig
n Police Investigation Legal Subpoena
Cyber Terrorism Prevention Old Methods for New Problem:
Cyber Terrorism Prevention Old Methods for New Problem Liaison Critical Infrastr
ucture Companies, i.e. FBI InfraGard Internet Service Providers Universities Int
ernet Cafes Hacker clubs IT companies, developers International, local law enfor
cement Look on the Internet Coordinate - national security, terrorist personnel
Conclusion:
Conclusion Our national security, databases, and economy are extremely dependent
upon automation Therefore, there exists a target rich environment for those who w
ould do harm via the Internet Our critical infrastructures require joint private
/public efforts to protect them