|
|
| (6 intermediate revisions by the same user not shown) |
| Line 2: |
Line 2: |
| | | | |
| | Group Members: Becky Chen, Jonathan Weinberg, Jeremy Chiu, Tim Pevzner | | Group Members: Becky Chen, Jonathan Weinberg, Jeremy Chiu, Tim Pevzner |
| − |
| |
| − | === Final Report Rough Draft ===
| |
| − | 1 Threats of attacks:
| |
| − | Internet was sponsored by the Department of Defense during the Cold War as a mean of ensuring continued communications in the even of a nuclear war destroying the conventional telecommunications infrastructure. However, as people become more and more dependent on the Internet, it becomes a platform for cost-effective attacks due to the vast and open nature of cyberspace. Attacks can be conducted remotely thus reducing the chance of capturing. The software has known vulnerability and more vulnerabilities are being discovered. More and more powerful and easy to use hacker software are available online. With Microsoft dominance in operating system for personal computer, vulnerabilities of Microsoft systems are heard more often. However, other operating systems such as Linux and Mac also have known vulnerabilities. It is extremely to defend from cyber terrorism attacks and trace down the invader for accountability. Imagine what would happen if terrorists are able to access the air traffic control systems and alter the flight paths and cause planes to crash. These cyber terrorist activities could be used in conjunction with or to support more traditional attacks. To see the potential of damage, results of actions from individuals who have acted without a war motive and without government official backing would give us some insights into the situation. The main threats of attacks are intrusion and destruction of critical nation infrastructures, denial of service attacks and virus and warms.
| |
| − | 1.1 Intrusion and Destruction of Critical National Infrastructures
| |
| − | Information infrastructure with significant economic, political or symbolic value is most likely target for cyber attacks. According to Riptech, which provides managed security service, severe attacks were directed chiefly at the power and energy industries and the financial services industries, both critical infrastructures. Following that is the high tech industry with financial servies further down the list. Power grids, dams and other industrial facilities monitored by SCADA (Supervisory Control and Data Acquisition systems) should be carefully protected since any failure to these system will result in panic and mass hysterical among the population in addition to the significant economic lost. Many reports have indicated that SCADA systems such as water supply, wastewater and similar systems are particularly vulnerable as they have been “outside” the realm of consideration as critical protection. With 40% of SCADA were connected to the Internet, and 60% of them being accessible by modem, the system could possibly be hacked by insider or attacked through computer worms or virus.
| |
| − | Many people would probably consider this as far reached and impossible. However, unauthorized access to our critical nation infrastructure had already occurred. In 1998, the huge Roosevelt Dam on the Salt River in Arizona, USA was hacked by a 12-year-old boy. He was in the position to release flood waters that would have inundated Mesa and Tempe, endangering at least one million people. Besides our water supply, our power grid had also been successfully attacked by hackers. In 1997, 35 computer specialists used hacking tools freely available on website to down large segments of the US power grid. The command and control system of the Pacific Command in Honolulu was also shut down. In March 1998, a series of intrusions, collectively known as Moonlight Maze in U.S. government systems over a period of several years was first detected. During the assaults, hundreds of unclassified network used by the Pentagon, the Department of Energy, NASA, as well as variety of defense contractors, may have been compromised. Even though these incidents are attacked by people may not be attacking with social or political motivation as terrorists do, these incidents demonstrate the weakness of our national infrastructure against intruders. One can only imagine how much harm terrorists group could possibly cause once they started to attack our critical national infrastructure.
| |
| − | 1.2 Denial of Service Attacks
| |
| − | As people becomes more and more dependent on service on the Internet such as email and e-commerce, shutting down access to websites or even Internet service would cost millions of dollars in loss. Theses attacks are known as Denial of Service (DOS) attacks to deny authorized persons access to a computer or computer network. Denial of Service attacks can be conducted using a single computer or millions of computer, launching from innocent systems that have been compromised by the attackers. The San Diego Supercomputing Center estimated about 4,000 DOS attacks take place per week. DOS attacks methods includes but not limit to: emails bombs by sending thousands of emails to a particular computer system until that system crashes or SYN attacks by sending thousands of connection establishment request until the web site crashes. DOS attacks are very difficult to trace and international extradition laws may prove a hitch in bring perpetrators under the authority of the law.
| |
| − | The first recorded cyber terrorist denial of service attack was carried out by ethnic Tamil guerrillas Tigers against Sri Lankan embassies around the world in 1998 by swamping with 800 emails a day over a two-week period. The message read, “We are the Internet Black Tigers and we’re doing this to disrupt your communications”. In 1998, Spanish protestors bombarded the Institute for Global Communications with thousands of emails and demanded that AIGC stop hosting the web site for the Euskal Herria Journal, a New York based publication supporting Basque independence. Finally, IGC was forced to pull the site because of the email bombings. Later, in January 2002, a UK based Internet Service Provider, Cloud Nine, was forced to shut shop after a week-long Denial of Service attack resulted in the complete stoppage of its service. [2] Denial of Service attacks may not result in loss of human life like physical attacks do, but it would result in million dollars of loss and significantly affect the life of people.
| |
| − | 1.3 Virus and Worms
| |
| − | Computer virus and worms are nothing new in today’s information age. Ever since Fred Cohen created and documented the first virus during his study for PhD at the University of Southern California to demonstrate the security weakness, virus has become part of our life. As computer viruses celebrate 20 years of existence, there are more than 60,000 today. A computer virus is a self-replicating program that spreads by inserting copies of itself into other executable code or documents. A computer worm is a self-replicating computer program just like a computer virus, but a worm is self-contained and does not need to be part of another program to propagate itself. According to an anti-virus company, which scanned their client’s e-mail, in 1999 a virus infected one in 1,400 e-mails, and in 2001 it is 1 in 300 e-mails. It is projected 3 out of 4 e-mails will have virus in year 2015. [7]
| |
| − | While most of viruses are fairly benign or annoy to the user, some of the viruses are managed to destroy data or even motherboard such as the CIH virus. The CIH virus (also known as Chernobyl virus) has capability to render the motherboard useless and in 1999 it affected about a quarter of a million computers in Korea and caused over $250 million in damage. While a virus like CIH is able to effectively turn ones computer into one useless plastic, a senior technology consultant for Sophos said that more and more virus writers are turning away from the data destructive payloads used in the Chernobyl virus and design their virus to steal information such as credit cards and passwords.
| |
| − | Computer viruses normally exploit known weakness in security. In June 2001, a computer security company identified a weakness in a popular web server program by Microsoft that could lead to a buffer overflow exploit. The company published a benign exploit to demonstrate its point and within days the identified weakness was making the rounds in the hacker world. Less than a moth later, the Code Red worm appeared, leveraging the same weakness to spread itself to other machines running the web server software. The Code Red worm spread quickly across the Internet and infecting 359,000 hosts in a 13-hour period. Despite that Microsoft released a heavily publicized path against the security hole after the release of the initial report, at least twelve thousand systems failed to heed the advance and become a victim of the Code Red worm. Several weeks later, the Code Red II was created that allow any hacker to gain control of the infected machine. The Code Red worm was able to use the infected machine as zombies for the distributed denial of service targeting the White House website, intending to disable a political symbol of the American government. Security experts fear the residual fallout of such a massive distributed denial of service attack could cripple the entire Internet.[5] The losses caused by the Code Red worm is estimated to be around $2.6 billion. Many people believe the Code Red worm is a memorial salute to cyberwar a year ago between Chinese and America as the result of the mistaken Belgrade bombing of the Chinese Embassy by NATO with more than 660 websites in the US being defaced by the Chinese hackers, according to Michael Cheek from the security firm iDefense. [6]
| |
| − | Computer virus has cost millions of dollars for corporate for the past few years. For the past years, a lot of the attacks are not carried out by activists or terrorists; they are carried out by kids having fun or by organized criminal groups who steal credit card information. One can imagine the catastrophic effect if a group of hackers all decided to deploy their virus at once toward a common target as terrorists would most likely to do. Entire Internet could be crippled through the use of virus to organize distributed denial of service attack or personal computers can be turned useless through virus such as CIH. Computer virus spread faster before one can stop it, and a computer virus that targets critical computer such as ones in the hospital will be fatal. This would not only break down our economic structure as more and more corporations are relying on computers, it would also dysfunction people’s everyday life and even takes away lives.
| |
| − | 2 Who
| |
| − | Who are the most likely people to conduct cyber terrorism attacks?
| |
| − | 2.1 Trained Terrorists
| |
| − | Terrorist group has been known to train their people to use weapons, developing bombs or even take flight lessons to fly suicide planes. Terrorist group will have the money and can train their people to be hackers and gain insider information on critical infrastructures. National infrastructure information was found on al-Qaeda computers and investigators discovered a house in Pakistan run by al-Qaeda that was devoted to train for cyberwarefare and hacking according to coalition intelligence officials.[1] Even further back, the terrorists group that carried out a poison gas attack on the Tokyo subway, the Aum Shinryko group, had written software the police were using. The group was under contract to develop systems for ten government agencies and eighty commercial firms. [7]
| |
| − | 2.2 Insiders
| |
| − | In Australia, a man who were turned down for a job with the county hack into the sewage control system and reverse the flows of sewage to harmed the environment and kill wildlife. He was able to pull this off because he had worked for the company that wrote the software and taken this home when he left eh company. A person like him who knows the details and vulnerabilities of the software can be brought by terrorist group to conduct violent activities against our critical infrastructures. Plenty of spies have sold information to foreign governments and we cannot assume that people who work in the areas of critical infrastructures will not turn on us.
| |
| − | 2.3 Paid Hackers
| |
| − | If there are hackers who are hacking into financial institutions or designing computer virus to steal credit card information for personal gain, there will be some hackers who are willing to work for terrorist group for financial gain. The strength of terrorist group is that they have the funding and tools to train, to buy equipment and hire people for their terrorist activities. Individual hackers could be hired to carry out attacks on behalf of a terrorist organization. They will be able to organize a massive cyber attack against our computer and network systems.
| |
| − | 2.4 Terrorist Sympathizers
| |
| − | Historically, there are more cyber attacks conducted by those who are anti-U.S. and anti-allied than by the terrorists themselves or by nation-states. During the War against the Terror, various attacks are by those who are sympathetic to the terrorist groups responsible for the September 11, 2001 attacks on the United Sates. [1]
| |
| − |
| |
| − |
| |
| − |
| |
| − | [1] http://www.giac.org/practical/GSEC/Michael_Ratledge_GSEC.pdf
| |
| − | [2] http://www.asianlaws.org/cyberlaw/library/cc/rn_ct.htm
| |
| − | [3] Warren, M.J. and Furnell, S.M. “Cyber-Terrorism- the Political Evolution of the Computer Hacker”.
| |
| − | [4] http://news.bbc.co.uk/2/hi/technology/3257165.stm
| |
| − | [5] http://antivirus.about.com/library/weekly/aa071901d.htm
| |
| − | [6] http://www.landfield.com/isn/mail-archive/2002/May/0125.html
| |
| − | [7] http://www.marshall.org/pdf/materials/58.pdf
| |
| − | [8] http://www.phoenix360.com/tech/datadr/index.asp?did=9054
| |
