Difference between revisions of "Team 1 Sec2"

From CyberSecurity
Jump to: navigation, search
m
Line 50: Line 50:
  
 
--[[User:Anandam|Parvez Anandam]] 21:11, 21 October 2005 (PDT): Thanks for the draft, Jameel. I've added to it.
 
--[[User:Anandam|Parvez Anandam]] 21:11, 21 October 2005 (PDT): Thanks for the draft, Jameel. I've added to it.
 +
 +
I like your changes and additions - they clarify the mode of analysis.  I think section 2 can qualify as final.  --[[User:Jalsalam|Jameel]] 13:57, 23 October 2005 (PDT)
  
 
DRAFT COPY:
 
DRAFT COPY:

Revision as of 20:57, 23 October 2005

 Section 2) Estimated dollar value of the damage that such an attack could cause 1)
 to a private home computer, 2) to a corporate computer used for letters and
 correspondence by Walmart's Corporate VP for Ordering Stuff from China, and
 3) to a Charles Schwab computer used to place buy/sell orders on the New
 York Stock Exchange. Your estimate should consider potential damage to both
 the computer's owner and third parties.

 back to Team_1_Main

The cogent aspect of the attack is that upon getting a shell prompt, any command can be run on the computer (so anything that someone with administrator rights could do on the computer could be done).

Question to Parvez, others: do you think that we should only be considering damage that an ideologically motivated terrorist would have? This would certainly narrow the attacks that we could consider, which are numerous if we are trying to consider terrorists, as well as the various other skill and motivation profiles.

--Parvez Anandam 21:11, 21 October 2005 (PDT): I think we should not narrow down the focus to terrorist acitivity, especially since the emphasis is on the dollar amount. The way you've analyzed things below is perfect, Jameel.

  • Private home computer –
    • a.Destruction of property – might be able to corrupt the computer to the point that it would not be worthwhile. Max $5,000 if it is the value of the entire computer and all software. Worth nothing to a money-motivated attacker. Worth relatively little per computer for an ego-motivated hacker. Worth either a lot or nothing if an ideology-motivated attacker and important information is destroyed.
    • b.Botnet – could set up the computer to attack other computers that use the same wireless network, over email, or over networked connections (assuming that the attack was instituted as a network attack). Using the attack that worked on that computer, or another one.
    • c. Identity theft – it could function as a Trojan and gather information on the computer and in future use to try to steal the identity of the users of the computer and possibly other contacts (but this would take more guessing). The fact that identity theft products are valued so low on the internet (I believe that one of the speakers quoted something like $20 for a compromised account) says to me that this might not be very valuable to an attacker.
    • d. Steal information – could copy all information on the computer to the attacker’s computer. This could range very widely depending upon whose computer it is and what they have stored on it. In the very worst case, it might contain classified information (if someone is being extremely negligent). More realistically (on the extremely damaging end of things), if the computer belongs to a data professional who works from home, then there might be information sufficient for a large number of identity thefts – perhaps 1,000 if a salesman (all necessary credit card information), perhaps as many as 50,000 if they do data work for a larger organization (which is so lax about their client data).
    • e. Fear value – might be very damaging to the company who is deemed “responsible” by the media (if a large number of computers are compromised - in this case since there are so many fewer home Linux users, it doesn't seem like attacks could happen on a large scale)
    • f. Average Damage – if many computers are attacked, the maximum damage to the public is probably about $1,000 to $5,000 / depending upon the value of the computer and information stored on it.

Question: does gaining shell access allow you to do things like mess up the computer beyond the point of re-installing the OS? Could someone please verify to me that this is possible - I am assuming that it is, but I do not know how to do it. It is important to take out the "physical damage" thread if this is not a real option.

I think damage to the hardware is possible, but unlikely. Hardware usually has built-in safety mechanisms, because the designers don't trust the software. There are exceptions, but they're not very common, and they vary a lot among different manufacturers and systems. However, reinstalling the OS is already a huge headache, especially if there is lots of software and a complicated configuration (like on a business computer). The labor cost is probably substantial. --Yi-Kai

--Parvez Anandam 21:11, 21 October 2005 (PDT): As Yi-Kai said, it's not impossible to actually destroy the hardware but it's pretty difficult.

  • 2) Corporate Computer used by VP of Walmart
    • a. Destruction of Property - $5,000 plus it might be easier to institute attack on other computers through corporate network. Files could also be destroyed, but because this is an executive, they are probably backed up in other places as well, so it seems unlikely that a loss of information would take place.
    • b. Send Emails – Could send virus-laden emails to a lot of Walmart’s important contacts in China. Could pose as corporate VP, possibly induce contacts to reveal damaging information. This could damage some trust between Walmart and large Chinese companies, which could potentially be very damaging to Walmart – it is difficult to quantify how much damaging a trust relationship might have an economic impact – especially since once someone realizes that the break has taken place, the computer can be isolated.
    • c. Steal information – all the emails could be downloaded and read. It is unlikely that the corporate VP would have any information for direct theft of money, the most interesting thing to an attacker might be back-room shenanigans that might be in the correspondence – this could assist in a Walmart smear campaign, possibly more media coverage than such a campaign would otherwise get.

--Parvez Anandam 21:11, 21 October 2005 (PDT): The information stolen could be very valuable to competitors and vendors. This could be a case of corporate espionage. If Target, for example, could get a complete list of what Walmart is buying for the Christmas holidays before Walmart even places the orders, that would be very valuable to them. The information could also be very valuable to the vendors from whom Walmart is buying the goods from. For example, if the Chinese maker of the hottest toy this season knows that Walmart will pay up to $15 for the toy, it will hold out for that price when Walmart begins the negotiations at $8. The value of such information could run into millions of dollars.

    • d. Expected damage might be in the range of $10,000 to $250,000. How can I justify this number? I am not sure yet - but maybe it would be worth looking up what the usual fluctuations in Walmart's sales are from day-to-day and figure that soem bad press might swing a good week for Walmart into a bad week for Walmart, and see what amount of money that might represent - at least in one geographic region. This is difficult, because if there is actually an impact on Walmart's sales, then the damage is magnified very quickly, but if the effect does not reach the level of approaching sales, it could be arguable if there is any effect at all...


Comments: For point (a), destroying files might only cause a temporary disruption, but it could do a lot of harm if it happened at a critical time, like when the VP is negotiating with a major supplier in China. For point (c), the VP probably has access to a lot of information on the company network, just because he/she is a trusted person within Walmart. People often have access to information that they don't need. You can also exploit the VP's social position within Walmart: if the VP e-mails another employee and requests some information, the employee will probably reply first and ask questions later. --Yi-Kai

  • 3) Charles Schwab Computer Used to Buy/Sell
    • a) Theft - this computer probably has access to move quite a large amount of money. It is possible there are safeguards to prevent a trader from running off, or sending client's money to overseas bank accounts, but maybe this enforcement is based on social controls, in which case someone with access to the computer might be able to steal client's money. Once you can move any significant amount of money, it highly magnifies the damage to the firm, because it calls into question other institution's ability to trust as well as clients' ability to trust Charles Schwab. If you are going to hand over so much of your money to someone, you probably would not choose a company that has been in the news lately for a major break-in, so it could cause a large loss of business, and damage to the company, even if the person could ultimately not collect the money themselves. Theft loss - $500,000
    • b) Reputation cost to Schwab - Millions, with respect to relationship to NYSE and customers.
    • c) Possible (temporary) market manipulations - could indirectly profit from using schwab monies to drive small stocks up and down and time own trading along with it. But this also seems to make it sort of easy to trace the perp.


I will now try to translate into an actual section of a paper, below: Parvez, I think that the below is a pretty good draft. I am going to leave any further refinement of this section up to you. - Jameel

--Parvez Anandam 21:11, 21 October 2005 (PDT): Thanks for the draft, Jameel. I've added to it.

I like your changes and additions - they clarify the mode of analysis. I think section 2 can qualify as final. --Jameel 13:57, 23 October 2005 (PDT)

DRAFT COPY:

The economic damage caused by an attacker who gains administrative access to a computer can be classified into four categories: 1) damage to the software and hardware of the computer, 2) theft or destruction of information stored on the computer, 3) leverage of other computers' trust in the compromised one, 4) impersonation of the computer's user to cause social harm.

It is useful to prepare for worst case scenarios, even though the latter are unlikely to actually occur, since they demand a series of fortuitous events. Worst case scenarios typically involve attackers who seek to maximize economic disruption to all parties rather than to directly profit from it.

On a private home computer, there is usually not a lot of valuable information stored, and no special access to external resources beyond what could be reached from any internet-connected computer. There are two caveats: that this computer is not used to store work related information and that this computer does not have access to a corporate network through a virtual private network. The information on the computer that is monetarily valuable is therefore limited to stealing the identity of the computer's user and to information about bank, credit and brokerage accounts. Even reaping such informaiton is not guaranteed, since the user would have to be computer savvy enough to store it electronically but not so sophisticated as to protect it with a password. This is a fairly inefficent way to conduct identity theft, since phishing scams can be carried out quickly on a mass scale and organize this information without any human input. The market rate for a stolen identity record is $10 to $60 (source: cbsnews.com). The typical damage done in the case of a personal home computer is probably limited in magnitude to the value of the hardware and software, around $3,000 maximum. The realistic worst case damage occurs when the attacker gets a complete set of credit card information for the user and goes on an online shopping binge, for themselves or to just squander the money. That worst case damage amount could be $20,000 - $50,000.

A word-processing computer used by the high-level Walmart VP is unlikely to have direct access to any Walmart operations control, but probably does contain time-sensitive information and have access to the company network. The information could be exploited in many ways. First, if it were published, it would have serious public relations implications for Walmart. Second, if files are deleted, an attacker could hinder important negotiations; for example, emails from contacts overseas could be selectively deleted without revealing that the computer has been compromised. Third, if the attack were a case of corporate espionage by a Walmart competitor, that competitor could use the tactical information to buy similar goods or ink deals with suppliers before Walmart does. Fourth, if the attacker is one of Walmart's suppliers, that supplier may find out the price Walmart is willing to go to and hold out on the negotiations with Walmart till that price point is reached. In addition to stealing information, the ability to impersonate the VP allows an attacker who is trying to obtain specific information to request it from other Walmart employees; that ability could also be used to misrepresent Walmart to outsiders. The greatest financial damage arises when the attacker uses the information to affect Walmart's sales for the quarter, even by a tiny fraction. Competitors and vendors are the most likely candidates to cause a dip in revenue. A 0.1% change in Walmart's quarterly revenue is about $75 million.

A computer on the trading floor of Schwab is most valuable for its ability to manipulate clients' funds - to buy and sell stock with no controls outside of the trader sitting at his computer, although sign-offs by several individuals may be necessary for large trades. With such a computer, there could well be many other identity safeguards that would ensure that root access of an individual terminal would be insufficient to obtain the ability to conduct trades - an strong authentication token specific to the trader is likely to be necessary. If the attacker is able to bypass such checks, the compromise of a computer with this level of control of external resources during trading hours would have a large economic impact on Schwab as well as provide possibly large financial opportunities to the attacker. If a good amount of clients' money is either stolen or misused in the market, or even immobilized during an important shift in the market, then customer confidence could be severely shaken. Furthermore, if Charles Schwab attempts to "take back" any trades executed from the compromised computer, their trust through the New York Stock Exchange might be questioned, which is the entire foundation of their business. Not just for the victimized financial institution, but for the entire stock exchange, the serious compromising of a trading computer would probably carry financial damage of at least $1 Million, depending upon how far the permissions of the computer go in its ability to continue to make trades before it is taken off-line, or daily limits are reached for the user of the terminal.

Retrieved from "http://cubist.cs.washington.edu/CyberSecurity/index.php?title=Team_1_Sec2&oldid=2156"