Difference between revisions of "Team 1 Sec3.2"
(Add to Section 3.2) |
(Add to Section 3.2) |
||
| Line 3: | Line 3: | ||
''3.2. Feasibility of acquiring the required technical and financial resources'' | ''3.2. Feasibility of acquiring the required technical and financial resources'' | ||
| − | + | I'm still working on the details, but here is an outline. I know, it includes topics from the other sections, but when I write this up, I'm just going to focus on the technical requirements. '''Question:''' Any suggestions about the amount of effort needed for these attacks? I gave some estimates, but they're just random guesses. I'm going to look for case studies of past attacks. --Yi-Kai | |
* Low-end targets: PC's w/ well-known vulnerabilities, no defenses. These are very common, and will likely remain so (see Section 4). Usual approach is to spread a worm, or assemble a botnet and use it to do a distributed denial-of-service attack. | * Low-end targets: PC's w/ well-known vulnerabilities, no defenses. These are very common, and will likely remain so (see Section 4). Usual approach is to spread a worm, or assemble a botnet and use it to do a distributed denial-of-service attack. | ||
| − | Technical requirements are minimal: vulnerabilities are well-documented, and exploit code and rootkits are freely available. Alternatively, a botnet can be bought for ? price. | + | Technical requirements are minimal: vulnerabilities are well-documented, and exploit code and rootkits are freely available. Estimate: takes 5 moderately skilled programmers, a few weeks? Alternatively, a botnet can be bought for ? price. |
Examples: Code Red worm, DDoS attacks. | Examples: Code Red worm, DDoS attacks. | ||
| Line 13: | Line 13: | ||
* High-end targets: PC's that have been patched to fix known vulnerabilities, w/ network defenses. These are typical in high-value business/government applications. Attacker may seek to destroy data, disrupt operations, or gather intelligence. | * High-end targets: PC's that have been patched to fix known vulnerabilities, w/ network defenses. These are typical in high-value business/government applications. Attacker may seek to destroy data, disrupt operations, or gather intelligence. | ||
| − | Technical requirements are substantial: need to find new vulnerabilities and develop new exploits; attacks are more complicated, and one has to worry about detection. Some information is available from hackers, but each attack must be tailored to a specific target. Insider information is helpful. Could be done by a software engineer, w/ experience in systems and network programming; substantial investment of effort ( | + | Technical requirements are substantial: need to find new vulnerabilities and develop new exploits; attacks are more complicated, and one has to worry about detection. Some information is available from hackers, but each attack must be tailored to a specific target. Insider information is helpful. Could be done by a software engineer, w/ experience in systems and network programming; substantial investment of effort (5 people, a few months?). |
Examples: return-to-libc attack, getting around intrusion detection systems. | Examples: return-to-libc attack, getting around intrusion detection systems. | ||
| Line 19: | Line 19: | ||
* Specialized targets: Uncommon, one-of-a-kind systems, like routers, mainframes, embedded control systems, SCADA. These may be found in critical infrastructure. | * Specialized targets: Uncommon, one-of-a-kind systems, like routers, mainframes, embedded control systems, SCADA. These may be found in critical infrastructure. | ||
| − | These can be very different from conventional PC's. Few sources of information about these systems--insider information is very helpful. May require special compilers, SDK's, hardware for testing--availability of special tools can help a lot. Developing an attack requires technical expertise, creativity, sustained effort ( | + | These can be very different from conventional PC's. Few sources of information about these systems--insider information is very helpful. May require special compilers, SDK's, hardware for testing--availability of special tools can help a lot. Developing an attack requires technical expertise, creativity, sustained effort (hard to predict?). However, many of these systems were not designed for security, and a successful attack can have catastrophic consequences. |
Examples: Cisco routers, sewage control system, electric grid. | Examples: Cisco routers, sewage control system, electric grid. | ||
Revision as of 10:01, 21 October 2005
3. Estimated feasibility and strategic value of the attack technique to a terrorist organization:
3.2. Feasibility of acquiring the required technical and financial resources
I'm still working on the details, but here is an outline. I know, it includes topics from the other sections, but when I write this up, I'm just going to focus on the technical requirements. Question: Any suggestions about the amount of effort needed for these attacks? I gave some estimates, but they're just random guesses. I'm going to look for case studies of past attacks. --Yi-Kai
- Low-end targets: PC's w/ well-known vulnerabilities, no defenses. These are very common, and will likely remain so (see Section 4). Usual approach is to spread a worm, or assemble a botnet and use it to do a distributed denial-of-service attack.
Technical requirements are minimal: vulnerabilities are well-documented, and exploit code and rootkits are freely available. Estimate: takes 5 moderately skilled programmers, a few weeks? Alternatively, a botnet can be bought for ? price.
Examples: Code Red worm, DDoS attacks.
- High-end targets: PC's that have been patched to fix known vulnerabilities, w/ network defenses. These are typical in high-value business/government applications. Attacker may seek to destroy data, disrupt operations, or gather intelligence.
Technical requirements are substantial: need to find new vulnerabilities and develop new exploits; attacks are more complicated, and one has to worry about detection. Some information is available from hackers, but each attack must be tailored to a specific target. Insider information is helpful. Could be done by a software engineer, w/ experience in systems and network programming; substantial investment of effort (5 people, a few months?).
Examples: return-to-libc attack, getting around intrusion detection systems.
- Specialized targets: Uncommon, one-of-a-kind systems, like routers, mainframes, embedded control systems, SCADA. These may be found in critical infrastructure.
These can be very different from conventional PC's. Few sources of information about these systems--insider information is very helpful. May require special compilers, SDK's, hardware for testing--availability of special tools can help a lot. Developing an attack requires technical expertise, creativity, sustained effort (hard to predict?). However, many of these systems were not designed for security, and a successful attack can have catastrophic consequences.
Examples: Cisco routers, sewage control system, electric grid.
Note that states such as the US and China are developing technologies for information warfare; state sponsorship is a possibility.
