Cyberattack -- Whose Side is Your Computer On?

A short URL pointing to this page is: http://is.gd/Cyberattacks   -- link to PPT slides (updated 3/2015)

OLLI Concord, 1PM-2:30 March 27 to April 24th


A look at the paths used to penetrate computers, the motives for doing so and some cyber security history. Dissect some of the first cyber-warfare events (Stuxnet, etc.) to see how this weapon can be used to destroy enemy facilities. Your computer or cell phone may be drafted into a "zombie" army to be used for criminal, military, or nationalistic purposes --  touch on some of the steps you can take to resist. No computer literacy required.


Security on the Internet is a matter of personal protection, commercial espionage,  criminal theft, blackmail, possible terrorism and nation state warfare
We will look at some of the history of  cyber-cracking; black and white hats, personal impact, and national defense.

Concepts -- See WSJ Malware Glossary
  • Virus, worm, Trojan horse
  • Adware, pop-up, pop-under, 
  • Bot, Botnet, Zombie
  • spyware, keystroke logging
  • Identify Theft
  • Scripts
  • Rootkit
  • Email risks: Spam, Phishing, Downloaders
  • Spoofing: email, URL's, SPAM -- ref: How to read an email header (a bit technical)
  • Social Engineering
  • Hoaxes
  • The Good stuff
    • Firewall
    • Patches, updates
    • encryption - public/private keys - VPN
  • What makes computers and networks vulnerable -- Complexity and Clones
  • Day zero attacks (approximately 12 of 12 million new attacks each year - valued at $50k-500k)
  • How do you get infected? TED video 18min 

History
(Cr)Hacking for fun an profit

Nation States  -- Bill Lynn "Defending a New Domain: the Pentagon's CyberSecurity" 2010


The big problem: cyberwarfare - see TEDEd intro to this at http://ed.ted.com/lessons/defining-cyberwarfare-in-hopes-of-preventing-it-daniel-garrie

  • ECHELON - 1960's "a global system for the interception of private and commercial communications"  (US, UK, Canada, Australia, NZ)
  • Farewell Dosier - 1986 Pipeline distruction
  • PROMIS -- 1970's (and beyond) tool for tracking individuals though data mining in diverse legal (or other) databases & possible trojan horse
  • PRISIM -- 2007 NSA monitoring of electronic communications channels
  • Desert Storm
  • Estonia April 27, 2007
  • Georgia, Aug 2008
  • CNN/Bipartisan Institute Shockwave 2010 or Bipartisian Policy Institute Official Site   -- Shockwave Transcript
  • Stuxnet June 2009-July 2010 -- wikipedia,  TEDtalk ,  Wired detectives, 2013 update
    • The Human Factor - "always a weak link" -- thumbdrive (replication vector as well)
    • valid signed certificate - public/private key encryption
    • appeared to be industrial espionage - stealing info from Siemens PLC controllers
    • in-memory ghost DLL file
    • report to systems in Malaysia and Denmark, and provided for "updates"
      (re-directed to "sinkhole" -- identified 100,000+ systems in dozens of countries)
    • four zero day exploits - deeply hidden [Symantic doing deep analysis in a "3 level secure lab" similar to bio-hazard controls]
      ("crackme" games - reverse engineering code -- what does this do?)
    • contains a "genealogical tree" of infections - led to 5 systems in Iran
    • table drive code -- how long it should spread, # of systems to infect, end-date: July 12, 2012
    • Intercepted and changed control commands, disabled exception detection & alarms
    • First occurrence of using digital attack to destroy physical property
    • Two weeks after reporting PLC sabotage objectives, the systems  in Iran stopped reporting
    • Precision targeting for a specific facility/configuration
    • Patience -- then running a bit out of spec, and back to normal -- excessive wear, resulting in premature failure
    • Inoculation value - prevents infection of previously flagged (registry) systems
    • "In the end, Stuxnet’s creators invested years and perhaps hundreds of thousands of dollars in an attack that was derailed by a single rebooting PC, a trio of naive researchers who knew nothing about centrifuges, and a brash-talking German who didn’t even have an internet connection at home." Wired
    • May have 2005 and 2007 precursors
    • "“Acts that kill or injure persons or destroy or damage objects are unambiguously uses of force” and likely violate international law, according to the Tallinn Manual on the International Law Applicable to Cyber Warfare, a study produced by a group of independent legal experts at the request of NATO’s Cooperative Cyber Defense Center of Excellence in Estonia." Wired 2013
  • Flame   Cyber Espionage targeted apparently at Iran
  • Espionage - "96% involving threat actors in China" 2013 Voice of America summary of Verizon report. 
  • Iranian attacking US Banks with DoS (2013, 3 million/month)
  • Bill Lynn (past deputy Sec. of Defense) , Dartmouth lecture: "The Cyber Security Challenge" Aug 2012
What's new(s)?

What can you do?
  • Passwords -- Homeland Security Observation
    • But ... what is the value of what you are protecting ... Jim's thought, use a simplistic password for sites that have limited or no value for you (all of those commercial sites you need to "register" for, but do not have things like your credit card,  etc.)  -- other tricks - pass phrase variations: eg: 4Score&7annos (but not this its on the web
  • Anti-virus
    • PC Magazine
      • Free: AVG AntiVirus Free or Adaware AntiVirus
      • Paid: Bitdefender, Webroot SecureAnywhere Antivirus or Kaspersky Anti-Virus
    • Consumer reports (6/2013):
      • Free: Avast and Avira
      • Paid: Gdata, ESET, F-Secure, Kaspersky, Avira
  • Anti-malware: Malwarebytes anti-malware is well rated (static, not run time)
  • Some pointers to relevant tools:
  • FBI Points:
    • Firewall - have one, turned on -- built into most operating systems, also some come with anti-virus packages
    • AntiVirus - keep it current
    • AntiSpyware
    • Keep OS up to date (install those pesky updates)
    • Be careful what you ask for (download)
    • Turn your computer off when it is non in use (hibernate is ok as well)
  • A few other hints
    • Turn off "file extension hiding" (OS file display option)
    • Turn off 3rd party cookies (Browser -- may create problems with some sites)
    • Turn off picture/image display in Browser (isolate to "trust this site")
    • Get in the habit of "mouseover" on URLs to see what the target is
  • Who's watching the hen house - Wired on Kaspersky

A backup strategy:

  • Identify what files you REALLY need to keep.(you can reinstall most software after reinstalling your operating system)
  • My candidates include: Photographs (digital ones are hard to replace); music (pain to copy back on the system from original media, and financial data (Quicken...)) 
  • For these items I suggest a 3-copy strategy
    (of course a copy of all photos to write-once CD/DVD can be an excellent quasi-permanent solution)
  • For example with a set of (3) 16GB memory sticks:
    1. run your anti-virus and malware software
    2. .Insert oldest copy thumb drive and copy selected files to this device (easiest if they are in folders)
    3. Do this once a month, so you have 1mo/2mo/3mo old backups (REMOVED from device)
    4. Put this on your calendar so you are always "up to date"
Related topics we may touch upon
  • Encryption - Public/Private Key, one time pads, steganography


Comments