Scribd
Upload
206 views39 pages

TSCM Forensics on Sunshine Coast Cyber Threats

This document summarizes a presentation given by FBI SSA Robert Flaim on cyber attacks and critical infrastructures. It discusses how cyber attacks could be the next frontier for terrorism, using examples like the Australian sewage plant attack in 2000 and FBI investigation of probes of US infrastructure sites from abroad in 2001. It outlines the reasons terrorists may conduct cyber attacks, including reducing US power and damaging the economy. It also discusses terrorist groups' use of the internet, including for recruitment and propaganda, and analyzes their cyber capabilities and methodologies like DoS attacks. The presentation calls for increased cyber security of critical infrastructures and international cooperation to prevent cyber terrorism.

Uploaded by

pari89
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
206 views39 pages

TSCM Forensics on Sunshine Coast Cyber Threats

This document summarizes a presentation given by FBI SSA Robert Flaim on cyber attacks and critical infrastructures. It discusses how cyber attacks could be the next frontier for terrorism, using examples like the Australian sewage plant attack in 2000 and FBI investigation of probes of US infrastructure sites from abroad in 2001. It outlines the reasons terrorists may conduct cyber attacks, including reducing US power and damaging the economy. It also discusses terrorist groups' use of the internet, including for recruitment and propaganda, and analyzes their cyber capabilities and methodologies like DoS attacks. The presentation calls for increased cyber security of critical infrastructures and international cooperation to prevent cyber terrorism.

Uploaded by

pari89
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd

FEDERAL BUREAU OF

INVESTIGATION
Cyber Division
FBIHQ

Cyber Attacks:
The Next
Presented Frontier
by SSA Robert Flaim
 “The nation is vulnerable to new forms of
terrorism ranging from cyber attacks to attacks
on military bases abroad to ballistic missile
attacks on U.S. cities.

 “Wars in the 21st century will increasingly


require all elements of national power – not just
the military. They will require that economic,
diplomatic, financial, law enforcement and
intelligence capabilities work together.”

Secretary Rumsfeld address to the National Defense University,


January 31, 2002.
Discussion

 Critical Infrastructures
 Terrorist Internet Exploits
 Tactics and Strategy
Critical
Infrastructures
Where the
Crown Jewels
Are
magine Planning for These Contingencie

ATM
Failures

Telephone Outages
Power Outages
World Trade Center

Poisoned Water Supply

Bridges Down Airliner Crash

Oklahoma City ISPs All Offline

Oil Refinery Fire 911 System Down

Unrelated Events or Strategic


Using Our Systems Against
Us
 Aircraft – Pentagon/Twin Towers

 Mail distribution network –


Anthrax

 Computers – next step ?


Real World Example –
Australia 2000
Maroochy Shire Waste Water Plant –
Sunshine Coast
– Insider
– 46 intrusions over 2 month period
– Release of sewage into parks, rivers
– Environmental damage
Real World Example – USA
2001
San Francisco FBI Field Office Investigation
– Internet probes from Saudi Arabia, Indonesia,
Pakistan
– Casings of web sites regarding emergency
telephone systems, electrical generation and
transmissions, water storage and distribution,
nuclear power plants and gas facilities
– Exploring digital systems used to manage these
systems
Why Cyber Attack on Critical
Infrastructures?
 National Security
– Reduce the U.S.’s ability to protect its interests
 Public Psyche
– Erode confidence in critical services and the
government
 Economic impact
– Damage economic systems
 Enhancement of Physical Attacks
– Physical damage/distraction efforts
 Asymmetric Warfare
– Lack of attribution, low cost/high potential impact
How are we vulnerable?
 Globalization of infrastructures = vulnerability
 Anonymous access to infrastructures via the
Internet and SCADA
 Interdependencies of systems make attack
consequences harder to predict and more severe
 Malicious software is widely available and does
not require a high degree of technical skill to use
 More individuals with malicious intent on
Internet
 New cyber threats outpace defensive measures
Vulnerability Types
 Computer based
– Poor passwords
– Lack of appropriate protection/or improperly
configured protection
 Network based
– Unprotected or unnecessary open entry points
 Personnel based
– Temporary/staff firings
– Disgruntled personnel
– Lack of training
 Facility based
– Servers in unprotected areas
– Inadequate security policies
Al-Qaeda

Al-Qaeda laptop found in Afghanistan


contained:
 Hits on web sites that contained “Sabotage
Handbook”
 Handbook – Internet tools, planning a hit,
anti-surveillance methods, “cracking” tools
 Al-Qaeda actively researched publicly
available information concerning
critical infrastructures posted on web sites
Terrorist Internet
Exploits
What are we up
against?
Terrorist Groups
Terrorists
Attention must be paid to studying the
terrorists:

– Ideology

– History

– Motivation

– Capabilities
Terrorists
 Terrorism is carried out by disrupting activities,
undermining confidence, and creating fear
 In the future, cyber terrorism may become a
viable option to traditional physical acts of
violence due to:
– Perceived anonymity
– Diverse targets
– Low risk of detection
– Low risk of personnel injury
– Low investment
– Operate from nearly any location
– Few resources are needed
Terrorist Use of the Internet

 Hacktivism

 Cyber Facilitated Terrorism

 Cyber terrorism
Cyber Arsenal for Terrorists
Internet newsgroups, web home pages, and IRC channels
include:
– Automated attack tools (Software Tools)
• Sniffers (capture information i.e. password/log-
on)
• Rootkits (facilitate/mask intrusion)
• Network Vulnerability Analyzers
(SATAN/Nessus)
• Spoofing
• Trojan Horses
• Worms
• DoS
Cyber Attack Methodology
 Resource Denial
– Virus/malicious code
– “Legitimate” traffic overwhelms site
(unauthorized high-volume links)
– DoS
– DDoS
 WWW Defacement
– Defacement to embarrass
– Content modification to convey message
– Content modification as component of
disinformation campaign
Computer System
Compromises
 System Compromise
– Data destruction
– Data modification
– Information gathering
– Compromised platform :
• Launch pad for attacks
• Jump off point for other compromises
 Target Research and Acquisition
– Internet makes significant amounts of data
instantly and anonymously accessible.
Hacktivism

Hacktivism is hacking with a cause


and is concerned with influencing
opinions on a specific issue.

Example: ELF hacks into the web


page of a local ski resort and defaces
the web page. This is done to reflect
the groups objections to
environmental issues.
Hacktivism
Smithsonian
Electronic Mental Institution
Disturbance
Theater
Cyber Facilitated Terrorism
 Terrorists utilize web sites to actively recruit
members and publicize
propaganda as well as to raise funds
 Web sites also contain information necessary
to construct weapons, obtain false identification
 Use Internet as a communications tool via
chat rooms, BBS, email
 Hijackers utilized cyber cafés to
communicate via Internet and order airline
6. Feroz Abbasi
4. Zacarias 5. Richard Reid
Moussaoui

3. Kamel Daoudi
7. Nizar Tribelsi
1. Finsbury Park Mosque,
North London

8. Abu Hamza
2. Djamel Beghal 9. Abu Qatada
Kamel Daoudi –
Believed to be Al-Qaeda
Cyber Terrorist. Arrested
for alleged involvement in
plot to bomb American
Embassy in Paris
Cyberterrorism

Cyberterrorism is a criminal act perpetrated by


the use of computers and telecommunications
capabilities, resulting in violence, destruction
and/or disruption of services to create fear by
causing confusion and uncertainty within a
given population, with the goal of influencing
a government or population to conform to a
particular political, social, or ideological
agenda.
The Cyberterrorist Threat

Assessing the threat

Behavioral Profile Technical Feasibility


THREAT

Operational Practicality
Cost & Means of Attack
Cost of
Capability

Availability of Capability

1945 1955 1960 1970 1975 1985 Today

Cruise MissilePrecisio
Computer
Invasi Strategic Missiles n
Nuclear
on Weapons
ICBM & SLBM Guided
Tactics and
Strategy
Prevention and
cooperation
FBI Cyber Transformation
 Terrorism and Cyber Crime – top priorities
 FBI recruitment of engineers and computer
scientists – critical skills
 Increasing agents dedicated to cyber crime
 Creation of Cyber Task Forces in field offices
USA Patriot Act

Felony to hack into computer used in furtherance


of national security or national defense
 2702 Emergency Requests
 Legal Subpoena expanded
 Sentencing increased
USA Patriot Act
cont’d
 Share with DOJ for criminal prosecution
 Permits “roving” surveillance
 FISA orders for intelligence allowed if there is a
significant reason for application rather than the
reason
 Authorizes pen register and trap and trace orders
for email as well as telephone conversations
International
Investigations
Cyber Evidence in USA
MLAT Request
Joint FBI-Foreign
Police Investigation
Legal Subpoena
Cyber Terrorism Prevention
– Old Methods for New
Problem
Liaison
 Critical Infrastructure Companies, i.e. FBI InfraGard
 Internet Service Providers
 Universities
 Internet Cafes
 Hacker clubs
 IT companies, developers
 International, local law enforcement
 Look – on the Internet
 Coordinate - national security, terrorist personnel
Conclusion

 Our national security, databases, and


economy are extremely dependent upon
automation
 Therefore, there exists a “target rich
environment” for those who would do
harm via the Internet
 Our critical infrastructures require joint
private/public efforts to protect them
Robert Flaim
1-571-223-
3338
rflaim@fbi.g
ov

You might also like