170 likes | 611 Vues
FORE SEC Academy Security Essentials (II ). Information Warfare. Information Warfare Tools. Perception management/social engineering Malicious code Virus Blitz Predictable response. Could a Company be Destroyed?.
E N D
FORESEC AcademySecurity Essentials (II) Information Warfare
Information Warfare Tools • Perception management/social engineering • Malicious code • Virus Blitz • Predictable response
Could a Company beDestroyed? February 2002, following the attack, Cloud Nine’s management assessed the cost of attempting to improve the ISP’s security, and realized that they could not afford the extra investment required, and the loss of income while the work was carried out, said Miszti. They were forced to close, and sold their assets to fellow ISP ZetNet shortly after the attack. http://zdnet.com.com/2100-1105-837412.html In 2002 ISPs themselves were vulnerable to DDOS attacks
Could the Presidency beAffected? Republican Web site hit by hacker, taken off-line By MARC L. SONGINI (November 07, 2000) A hacker crept into the Republican National Committee's Web site early this morning and planted a rambling tirade against Texas Gov. George W. Bush, forcing the site to be temporarily taken off-line on the day when voters are casting their ballots in the presidential election. How close was that election? What if it was well done?
Could Anyone be Killed? “almost anyone with a little technical savvy could break into the system and shut down radar at major air hubs around the nation.” http://abcnews.go.com/sections/us/DailyNews/faa_computers001016.html Please take a minutes to read and consider the notes page
Could Currency be Destabilized? A band of 50 terrorists with $10 million or less could buy the training, computers and other tools needed to launch a cyberattack against a major bank or investments firm . even through secure phone lines, says Michael Erbschloe, a computer security consultant with Computer Economics. http://www.usatoday.com/money/finance/2001-10-29-network-russian-hacker.htm Please take a minute to read the notes page.
Could a City be Destroyed? The Russian Federal Security Service (FSB) department in Voronezh Region completed a hacking investigation, on October 18, against a programmer at a rocket plant who allegedly used malicious code to gain unauthorized access to online systems and communications with other space industry companies. Think about satellite with nuclear propulsion!
Y2K Fever • Large investment in corrections in the USA • What about patching mission critical systems? • In the end, low impact, the reality perception gap • The rush to y2k certify was a predictable response
Y2K Fixes a Year Later • Many organizations did not have programming staff to accomplish Y2K fixes • They used contractors that used off shore contractors • NIPC published an article warning about malicious code . try finding it now!
Information Warfare Theory • Asymmetry • Indications and Warning • Players and roles • Measures of effectiveness • Cycle time
Code Red Worm July 2001 • As of 1200 EDT • Ken Eichman cas.org