Talk:Team 13 Main
Contents
Status/updates
- 10/18/2005 5pm [Jeff Bilger] - Sent email to Alex explaining exploit and information relevant to section 1.
Draft
Section 1 (Alex)
A plain English, no jargon description of attack techniques attempted, vulnerabilities exposed, estimated difficulty, and the estimated cost/feasibility of defending against other, similar attacks in the future. (We encourage the policy members of the team to write this section of the report -- it will ensure that the technical members of the team have helped teach them the technical basics.)
Section 2 (Andrew)
Estimated dollar value of the damage that such an attack could cause 1) to a private home computer, 2) to a corporate computer used for letters and correspondence by Walmart's Corporate VP for Ordering Stuff from China, and 3) to a Charles Schwab computer used to place buy/sell orders on the New York Stock Exchange. Your estimate should consider potential damage to both the computer's owner and third parties.
abc Below is link to a quick draft of where I am (the Wiki HATES my formatting). Do a ctrl-F for "XXX" to find places where additional research needs to be done. Most of this should be very simple, and I will fill in as I go, but others are encouraged to look into this as well. Alex, your help here would be awesome since a lot of this can be found on the internet quite, quite easily.
Thanks... --andrew
Section 3 (Noor/Jeff)
Estimated feasibility and strategic value of the attack technique to a terrorist organization. Teams should consider, at a minimum, 1) scalability of techniques, 2) feasibility of acquiring the required technical and financial resources, and 3) potential value of cyberattack as a tool for achieving the various terrorist aims identified in lectures 1, 2, 3, and/or 5.
3.1 Scalability
The very nature of the Internet, coupled with the fact that automated hacking tools are widely available, enable buffer overflow attacks to scale extremely well. Every year, the number of computers connected to the Internet has increased at a dramatic pace. Current estimates indicate that the Internet has over 58M active servers connected. If a vulnerability exists on one server, there is a high probability that the same vulnerability will exist on other servers running the same operating system or program. Automation is another key factor since performing a buffer overflow attack without automated tools can take many hours. Without automation, a relatively skilled attacker must analyze source code to locate potential exploitable programs, craft the code necessary to perform the exploit, and finally perform laborious trial and error in order to successfully execute the attack. In contrast, widely available tools that automate this process such as those introduced by Aleph One and packetstorm.com enable relatively unskilled attackers to successfully execute buffer overflow attacks in minutes. Moreover, attackers leveraging compromised systems could utilize such systems as a base for launching further attacks, thus amplifying their ability to attack multiple targets from multiple sources or a single target from multiple sources.
3.2 Feasibility of acquiring the required technical and financial resources
Attacking systems using buffer overflow techniques is feasible from both a technical and financial resource point of view due to many reasons. First, automated exploit tools and source code are freely available and easy to obtain. Leveraging these tools, a terrorist organization would only need to train a semi-technically skilled member of their organization to use the tools. As such, it would not be necessary to have expert knowledge in how to craft a buffer overflow exploit nor specific knowledge of the target system. Additionally, due to emergence of hackers-for-hire, a terrorist organization could outsource the attack as well. From a financial point of view, it would cost relatively little to mount such an attack. This is due to the fact that the tools are free and it only requires semi-skilled personnel to execute the attack.
ngsingh My Section :-> Potential value of cyberattack as a tool for achieving the various terrorist aims identified in lectures 1, 2, 3, and/or 5.
What are the some of the top terrorist aims?
a. Spread their message without hindrances. This is to ensure a more and more recruits for their cause.
b. Be "invisible" while threatening their adversaries.
c. Threatened use of violence, directed against victims selected for symbolic value.
Generally, there is asymmetry in the level of power and resources between the state and the various terrorist groups. Internet can be great leveler. A lot of the web is universally accessible and ready for anonymous access.
A cyberattack to cripple a nation's information infrastructure or spread fear among the populace achieves many of the terrorist aims.
a- Spread their message..
Most of the terrorist groups are using the Internet extensively to spread their message and to communicate and coordinate action. Governments can not shutdown terrorists web sites running from foreign countries. Orchestrating cyber attacks helps them to reach the ever-increasing online world.
Cyber attack would likely garner extensive media coverage, since media and the public alike are fascinated by practically any kind of computer attack.
b- Be "Invisible"….
A Cyberattack can be executed remotely and anonymously. It is easy to hide your tracks and does not require leaving physical evidences. The Internet communication technologies allow people to reach each other while spoofing their identities. Response in kind by the US government against sophisticated Attackers is near impossible due to the difficulty of pinpointing activity in Cyberspace and legal strictures on tracing attackers.
c- Threatened use of violence…
A lot of the critical infrastructure of developed nations is online for all the benefits that the ubiquitous Internet provides. However, it also creates a large number of symbolic targets that can shake the confidence of masses in those technology institutions. Some times an attack on cyber property can also have ramifications with the physical entity associated with it. Cyberterrorists could conduct attacks with the goal of corrupting key information within a system that requires high confidence for its use. Corrupting information about blood types within a hospital data base or strike prices within the stock trade settlement systems would involve much more recovery time and effort than a simple denial of service attack on the same target. Such an attack would inflict direct economic costs from system downtime, checking and correcting data and settling disputes. Successful Cyberterrorists attacks of this sort may also degrade user confidence in provision of services of fundamental importance to society.
Cyberspace is the new area for the exchange of digital information to conduct commerce, provide entertainment, pursue education, and a wide range of other activities. Information systems, in particular computer software and hardware, now serve as both weapons and targets of warfare. Disruption of a significant entity in Cyberspace can have ramifications that are similar to terrorism in the physical world.
Section 4 (Joe)
Feasibility and cost of defending against such attacks. For each class of target (home, corporate, financial), teams should 1) identify existing financial and non-financial incentives for installing defenses, 2) evaluate the adequacy of these incentives, 3) discuss whether additional protection would be cost-effective, 4) identify the lowest cost provider for upgrading protection (e.g., Microsoft, Norton, AOL, Corporate IT networks, computer owners), and 5) list and evaluate possible policy levers for government intervention (e.g., tax incentives, legal liability, insurance).
my section
I'm done with my section
http://www.sisyphusreborn.com/RedTeamReport_Section4_Joe.doc
