Team 1 Sec2

From CyberSecurity
Revision as of 14:20, 18 October 2005 by Jalsalam (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search 
 Section 2) Estimated dollar value of the damage that such an attack could cause 1)
 to a private home computer, 2) to a corporate computer used for letters and
 correspondence by Walmart's Corporate VP for Ordering Stuff from China, and
 3) to a Charles Schwab computer used to place buy/sell orders on the New
 York Stock Exchange. Your estimate should consider potential damage to both
 the computer's owner and third parties.


The cogent aspect of the attack is that upon getting a shell prompt, any command can be run on the computer (so anything that someone with administrator rights could do on the computer could be done).

Question to Parvez, others: do you think that we should only be considering damage that an ideologically motivated terrorist would have? This would certainly narrow the attacks that we could consider, which are numerous if we are trying to consider terrorists, as well as the various other skill and motivation profiles.

  • Private home computer –
    • a.Destruction of property – might be able to corrupt the computer to the point that it would not be worthwhile. Max $5,000 if it is the value of the entire computer and all software. Worth nothing to a money-motivated attacker. Worth relatively little per computer for an ego-motivated hacker. Worth either a lot or nothing if an ideology-motivated attacker and important information is destroyed.
    • b.Botnet – could set up the computer to attack other computers that use the same wireless network, over email, or over networked connections (assuming that the attack was instituted as a network attack). Using the attack that worked on that computer, or another one.
    • c. Identity theft – it could function as a Trojan and gather information on the computer and in future use to try to steal the identity of the users of the computer and possibly other contacts (but this would take more guessing). The fact that identity theft products are valued so low on the internet (I believe that one of the speakers quoted something like $20 for a compromised account) says to me that this might not be very valuable to an attacker.
    • d. Steal information – could copy all information on the computer to the attacker’s computer. This could range very widely depending upon whose computer it is and what they have stored on it. In the very worst case, it might contain classified information (if someone is being extremely negligent). More realistically (on the extremely damaging end of things), if the computer belongs to a data professional who works from home, then there might be information sufficient for a large number of identity thefts – perhaps 1,000 if a salesman (all necessary credit card information), perhaps as many as 50,000 if they do data work for a larger organization (which is so lax about their client data).
    • e. Fear value – might be very damaging to the company who is deemed “responsible” by the media (if a large number of computers are compromised - in this case since there are so many fewer home Linux users, it doesn't seem like attacks could happen on a large scale)
    • f. Average Damage – if many computers are attacked, the maximum damage to the public is probably about $1,000 to $5,000 / depending upon the value of the computer and information stored on it.

Question: does gaining shell access allow you to do things like mess up the computer beyond the point of re-installing the OS?

  • 2) Corporate Computer used by VP of Walmart
    • a. Destruction of Property - $5,000 plus it might be easier to institute attack on other computers through corporate network. Files could also be destroyed, but because this is an executive, they are probably backed up in other places as well, so it seems unlikely that a loss of information would take place.
    • b. Send Emails – Could send virus-laden emails to a lot of Walmart’s important contacts in China. Could pose as corporate VP, possibly induce contacts to reveal damaging information. This could damage some trust between Walmart and large Chinese companies, which could potentially be very damaging to Walmart – it is difficult to quantify how much damaging a trust relationship might have an economic impact – especially since once someone realizes that the break has taken place, the computer can be isolated.
    • c. Steal information – all the emails could be downloaded and read. It is unlikely that the corporate VP would have any information for direct theft of money, the most interesting thing to an attacker might be back-room shenanigans that might be in the correspondence – this could assist in a Walmart smear campaign, possibly more media coverage than such a campaign would otherwise get.
    • d. Expected damage might be in the range of $10,000 to $250,000. How can I justify this number? I am not sure yet - but maybe it would be worth looking up what the usual fluctuations in Walmart's sales are from day-to-day and figure that soem bad press might swing a good week for Walmart into a bad week for Walmart, and see what amount of money that might represent - at least in one geographic region. This is difficult, because if there is actually an impact on Walmart's sales, then the damage is magnified very quickly, but if the effect does not reach the level of approaching sales, it could be arguable if there is any effect at all...
Retrieved from "http://cubist.cs.washington.edu/CyberSecurity/index.php?title=Team_1_Sec2&oldid=1894"