Team 1 Sec2

From CyberSecurity
Revision as of 07:42, 20 October 2005 by Jalsalam (talk | contribs)

Jump to: navigation, search 
 Section 2) Estimated dollar value of the damage that such an attack could cause 1)
 to a private home computer, 2) to a corporate computer used for letters and
 correspondence by Walmart's Corporate VP for Ordering Stuff from China, and
 3) to a Charles Schwab computer used to place buy/sell orders on the New
 York Stock Exchange. Your estimate should consider potential damage to both
 the computer's owner and third parties.

 back to Team_1_Main

The cogent aspect of the attack is that upon getting a shell prompt, any command can be run on the computer (so anything that someone with administrator rights could do on the computer could be done).

Question to Parvez, others: do you think that we should only be considering damage that an ideologically motivated terrorist would have? This would certainly narrow the attacks that we could consider, which are numerous if we are trying to consider terrorists, as well as the various other skill and motivation profiles.

  • Private home computer –
    • a.Destruction of property – might be able to corrupt the computer to the point that it would not be worthwhile. Max $5,000 if it is the value of the entire computer and all software. Worth nothing to a money-motivated attacker. Worth relatively little per computer for an ego-motivated hacker. Worth either a lot or nothing if an ideology-motivated attacker and important information is destroyed.
    • b.Botnet – could set up the computer to attack other computers that use the same wireless network, over email, or over networked connections (assuming that the attack was instituted as a network attack). Using the attack that worked on that computer, or another one.
    • c. Identity theft – it could function as a Trojan and gather information on the computer and in future use to try to steal the identity of the users of the computer and possibly other contacts (but this would take more guessing). The fact that identity theft products are valued so low on the internet (I believe that one of the speakers quoted something like $20 for a compromised account) says to me that this might not be very valuable to an attacker.
    • d. Steal information – could copy all information on the computer to the attacker’s computer. This could range very widely depending upon whose computer it is and what they have stored on it. In the very worst case, it might contain classified information (if someone is being extremely negligent). More realistically (on the extremely damaging end of things), if the computer belongs to a data professional who works from home, then there might be information sufficient for a large number of identity thefts – perhaps 1,000 if a salesman (all necessary credit card information), perhaps as many as 50,000 if they do data work for a larger organization (which is so lax about their client data).
    • e. Fear value – might be very damaging to the company who is deemed “responsible” by the media (if a large number of computers are compromised - in this case since there are so many fewer home Linux users, it doesn't seem like attacks could happen on a large scale)
    • f. Average Damage – if many computers are attacked, the maximum damage to the public is probably about $1,000 to $5,000 / depending upon the value of the computer and information stored on it.

Question: does gaining shell access allow you to do things like mess up the computer beyond the point of re-installing the OS? Could someone please verify to me that this is possible - I am assuming that it is, but I do not know how to do it. It is important to take out the "physical damage" thread if this is not a real option.


  • 2) Corporate Computer used by VP of Walmart
    • a. Destruction of Property - $5,000 plus it might be easier to institute attack on other computers through corporate network. Files could also be destroyed, but because this is an executive, they are probably backed up in other places as well, so it seems unlikely that a loss of information would take place.
    • b. Send Emails – Could send virus-laden emails to a lot of Walmart’s important contacts in China. Could pose as corporate VP, possibly induce contacts to reveal damaging information. This could damage some trust between Walmart and large Chinese companies, which could potentially be very damaging to Walmart – it is difficult to quantify how much damaging a trust relationship might have an economic impact – especially since once someone realizes that the break has taken place, the computer can be isolated.
    • c. Steal information – all the emails could be downloaded and read. It is unlikely that the corporate VP would have any information for direct theft of money, the most interesting thing to an attacker might be back-room shenanigans that might be in the correspondence – this could assist in a Walmart smear campaign, possibly more media coverage than such a campaign would otherwise get.
    • d. Expected damage might be in the range of $10,000 to $250,000. How can I justify this number? I am not sure yet - but maybe it would be worth looking up what the usual fluctuations in Walmart's sales are from day-to-day and figure that soem bad press might swing a good week for Walmart into a bad week for Walmart, and see what amount of money that might represent - at least in one geographic region. This is difficult, because if there is actually an impact on Walmart's sales, then the damage is magnified very quickly, but if the effect does not reach the level of approaching sales, it could be arguable if there is any effect at all...

Comments: For point (a), destroying files might only cause a temporary disruption, but it could do a lot of harm if it happened at a critical time, like when the VP is negotiating with a major supplier in China. For point (c), the VP probably has access to a lot of information on the company network, just because he/she is a trusted person within Walmart. People often have access to information that they don't need. You can also exploit the VP's social position within Walmart: if the VP e-mails another employee and requests some information, the employee will probably reply first and ask questions later. --Yi-Kai

  • 3) Charles Schwab Computer Used to Buy/Sell
    • a) Theft - this computer probably has access to move quite a large amount of money. It is possible there are safeguards to prevent a trader from running off, or sending client's money to overseas bank accounts, but maybe this enforcement is based on social controls, in which case someone with access to the computer might be able to steal client's money. Once you can move any significant amount of money, it highly magnifies the damage to the firm, because it calls into question other institution's ability to trust as well as clients' ability to trust Charles Schwab. If you are going to hand over so much of your money to someone, you probably would not choose a company that has been in the news lately for a major break-in, so it could cause a large loss of business, and damage to the company, even if the person could ultimately not collect the money themselves. Theft loss - $500,000
    • b) Reputation cost to Schwab - Millions, with respect to relationship to NYSE and customers.
    • c) Possible (temporary) market manipulations - could indirectly profit from using schwab monies to drive small stocks up and down and time own trading along with it. But this also seems to make it sort of easy to trace the perp.


DRAFT COPY:

Damage could be carried out through four modes after an attacker gains access to the shell using sploit.c: 1) Damage to the computer itself; 2) Theft of information stored on the computer; 3) Use of the computer's access to outside physical things; 4) Use of the implicit identity of the computer (user) to cause social harm. It is difficult to anticipate the motives of an attacker, but different options have more or less monetary or symbolic value to an attacker, depending upon the contents and permissions involved in a particular target.

Retrieved from "http://cubist.cs.washington.edu/CyberSecurity/index.php?title=Team_1_Sec2&oldid=1940"