armageddon redux
play

Armageddon Redux The changing face of the Infocalypse DISCLAIMER - PowerPoint PPT Presentation

Mar 19, 2024 •326 likes •914 views

Armageddon Redux The changing face of the Infocalypse DISCLAIMER The views expressed in this talk are my own and not approved by or representative of my employer or this conference. WHOIS @headhntr http://twitter.com/headhntr

  1. Armageddon Redux The changing face of the Infocalypse

  2. DISCLAIMER • The views expressed in this talk are my own and not approved by or representative of my employer or this conference.

  3. WHOIS @headhntr • http://twitter.com/headhntr • Incident Responder

  4. EFF / Hackerspaces

  5. DeepSec

  6. Blended Threats

  7. Want 2 Cyber?

  8. Cyber is the new air

  9. Blackhat 2010 “Describing the Internet as the "fifth military domain" with air, land, sea and space being the other four, Hayden said that cyberspace was the first man-made location for warfare.” Retired General Michael Hayden, former head of the CIA and NSA.

  10. "Cyberspace is real. And so are the risks that come with it. From now on, our digital infrastructure, the networks and computers we depend on every day, will be treated as they should be, as a strategic national asset." Barack Obama, President USA

  11. The 5th Dimension of War Innovations in technology are changing the tactics of modern-day conflict. There are new tools in today's arsenal of weapons. Helped by advances in electro-magnetics and modern information and communications technology, a new form of electronic warfare has been created. It is called cyberwar and is increasingly recognised by governments and the military as posing a potentially grave threat.

  14. "...actions by a nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruption." Richard Clarke US National Security Council

  15. Cyberwar/Cyber-terrorism • Politically motivated hacking • Sabotage • Espionage

  16. Memory Lane • DDoS to APT • Buzzword Bingo

  17. ‘Cyberwar’ Lore • April-May 2007: Estonian DDoS • June-July 2008: Lithuania .gov web defacements. • August 2008: Georgian web site intrusions

  18. ‘Cyberwar’ Lore • 2007 - Syria: Operation Orchard • 2010 - Iranian Cyber Army • 2010 - Indian defacements • 2010 - Stuxnet

  19. Stuxnet

  20. Stuxnet .... 0x81C47C00:lsass.exe 1928 668 4 65 2011-06-03 04:26:55 .... 0x81E18B28:svchost.exe 1080 668 5 80 2010-10-29 17:08:55 .... 0x8205ADA0:alg.exe 188 668 6 107 2010-10-29 17:09:09 .... 0x823315D8:vmacthlp.exe 844 668 1 25 2010-10-29 17:08:55 .... 0x81E0EDA0:jqs.exe 1580 668 5 148 2010-10-29 17:09:05 .... 0x81C498C8:lsass.exe 868 668 2 23 2011-06-03 04:26:55 .... 0x82279998:imapi.exe 756 668 4 116 2010-10-29 17:11:54 ... 0x81E70020:lsass.exe 680 624 19 342 2010-10-29 17:08:54 Pid: 680 Priority: 9 Pid: 868 Priority: 8 Pid: 1928 Priority: 8

  21. Stuxnet !This program cannot be run in DOS mode. Rich .verif .text .bin .reloc ZwMapViewOfSection ZwCreateSection ZwOpenFile ZwClose ZwQueryAttributesFile ZwQuerySection TerminateProcess GetCurrentProcess CloseHandle WaitForSingleObject OpenProcess

  22. Duqu “Duqu Worm Causing Collateral Damage in a Silent Cyber-War” - eWeek “Cyberwar becoming a reality?” - Techweek “Cyberwarfare: What Goes Around Comes Around” - Eurasia Review

  23. Duqu

  24. Duqu

  25. History of APT • 1998-2000 - Moonlight Maze • 2002-? - Byzantine Hades • 2003-2005 - Titan Rain • 2006-2011 - Shady Rat • 2009 - Ghostnet • 2009 - Aurora • 2009 - Night Dragon • 2010 - Stuxnet • 2010 - French Government • 2011 - Lockheed Martin / RSA • 2011 - Commodo / Diginotar • 2011 - Nitro

  26. Byzantine Hades • Diplomatic Security Daily 5 Nov 2008 SECRET//NOFORN “ Byzantine Hades, a cover term for a series of related computer network intrusions with a believed nexus to China, has affected U.S. and foreign governments as well as cleared defense contractors since at least 2003. “

  27. Byzantine Hades • Diplomatic Security Daily 3 Nov 2008 SECRET//NOFORN “Since late 2002, USG organizations have been targeted with social-engineering online attacks by BC (Byzantine Candor) actors. BC, an intrusion subset of Byzantine Hades activity, is a series of related computer network intrusions affecting U.S. and foreign systems and is believed to originate from the PRC. BC intruders have relied on techniques including exploiting Windows system vulnerabilities and stealing login credentials to gain access to hundreds of USG and cleared defense contractor systems over the years. In the U.S., the majority of the systems BC actors have targeted belong to the U.S. Army, but targets also include other DoD services as well as DoS, Department of Energy, additional USG entities, and commercial systems and networks.”

  28. Byzantine Hades • Diplomatic Security Daily 3 Nov 2008 SECRET//NOFORN “Air Force Office of Special Investigations (AFOSI) reporting indicates, on March 11, Byzantine Candor (BC) actors gained access to one system at the ISP, onto which the actors transferred multiple files, including several C&C tools.” “From April through October 13, the BC actors used this computer system to conduct CNE on multiple victims. During this time period, the actors exfiltrated at least 50 megabytes of e-mail messages and attached documents, as well as a complete list of usernames and passwords from an unspecified USG agency.” “...a malicious file named salaryincrease-surveyandforecast.zip”

  29. Byzantine Hades • Diplomatic Security Daily Thu, 2 Apr 2009 SECRET//NOFORN “ Sensitive reports indicate the domains www.indexnews.org, www.indexindian.com, www.lookbytheway.net, and www.macfeeresponse.org were involved in Byzantine Hades (BH) intrusion activity in 2006. All four domains were registered in Chengdu, China. The IP addresses associated with these domains substantiate this as the location. Subsequent analysis of registration information also leads to a tenuous connection between these hostile domains and the People's Liberation Army (PLA) Chengdu Military Region First Technical Reconnaissance Bureau (TRB). “

  30. Byzantine Hades • Diplomatic Security Daily 18 Dec 2008 SECRET//NOFORN “Byzantine Anchor, a subset of Byzantine Hades, refers to a group of associated computer network intrusions with an apparent nexus to China. Numerous sensitive reports have identified an apparent relationship between the Chinese hacker group Javaphile and BA intrusion activity based on overlapping characteristics. IP addresses that have been involved in BA CNE attempts have also hosted the Javaphile.org webpage and been the source of Javaphile-linked bulletin board postings. Furthermore, Javaphile and BA have been associated due to the use of the customized command-and-control tool dubbed eRACS developed by Javaphile member 'Ericool8' -- one of many aliases used by Javaphile’s leader Yinan Peng.”

  31. Byzantine Hades • Diplomatic Security Daily 18 Dec 2008 SECRET//NOFORN “On July 30, 2008, an incident was attributed to BA wherein a compromised system located at the Pentagon downloaded and installed the eRACS tool from IP 203.81.177.121.”

  32. Byzantine Hades • Diplomatic Security Daily 18 Dec 2008 SECRET//NOFORN “he Government of Germany (GoG) has previously asserted publicly that Chinese actors have conducted intrusions into GoG networks. However, in the closed Berlin Talks, additional detail and perspective were provided.”

  33. Moonlight Maze

  34. Titan Rain

  35. Aurora

  36. Shady Rat

  37. Current Events • RSA / Lockheed • Commodo / Diginotar CA compromises • Nitro

  39. Threat Landscape

  40. Threat distinction vs

  41. Framing the argument Some of this stuff sounds bad: • operation orchard • Stuxnet Cyber-war vs Cyber-terrorism vs WAR

  42. Why War metaphors?

  43. Pathology of the 0wn3d • Shock -> Dismissal -> Hubris • Shock -> Dismissal -> Abrogation

  44. War Metaphors Backfire

  45. Cyber-terrorist

  46. Cyberwar Profiteering • War = $$$$

  47. It’s not just the Sexy

  48. The Infocalypse

  50. Reality Check What actually happens during a war? • First casualty is civil liberties • People who disagree with us = “terrorist” or “enemy” • Government = safety net • Patriotism escalates, dissent disappears • What else?

  51. Danger There's a power struggle going on for control of our nation's cyber security strategy, and the NSA and DoD are winning. If we frame the debate in terms of war, if we accept the military's expansive cyberspace definition of "war," we feed our fears. We reinforce the notion that we're helpless -- what person or organization can defend itself in a war? -- and others need to protect us. We invite the military to takeover security, and to ignore the limits on power that often get jettisoned during wartime. -- Bruce Schneier

  52. Hope!

  53. There is no Cyberwar “I think that is a terrible metaphor and I think that is a terrible concept,” Schmidt said. “There are no winners in that environment.”

  54. Every time you say “CYBERWAR” you lose a civil liberty.

  55. Packets are not bullets and once you start talking like they are, you reach all kinds of very wrong conclusions about what kind of actions are justified.

  57. Questions ????

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

1 8 Months of Redux March 4, 2017 Yuri Takhteyev CTO + 19 Ranglers Redux at Rangle

1 8 Months of Redux March 4, 2017 Yuri Takhteyev CTO + 19 Ranglers Redux at Rangle

1 8 Months of Redux March 4, 2017 Yuri Takhteyev CTO + 19 Ranglers Redux at Rangle Weve been actively using Redux for a bit over 18 months. This is a good opportunity to re fl ect on what weve De fi ne learned. Prepare

545 views • 33 slides
The Armageddon Equations Juliette Zerick PHY 256 Winter 2009 4 6 2 5 3 1. The AKMS and

The Armageddon Equations Juliette Zerick PHY 256 Winter 2009 4 6 2 5 3 1. The AKMS and

The Armageddon Equations Juliette Zerick PHY 256 Winter 2009 4 6 2 5 3 1. The AKMS and AK-47; the latter is one of the most popular light weapons worldwide. Image from: Wikimedia Commons,

265 views • 13 slides
The Environmentalists Tale Damnation, Purgatory and Armageddon The Environmentalists Tale 2

The Environmentalists Tale Damnation, Purgatory and Armageddon The Environmentalists Tale 2

The Environmentalists Tale Damnation, Purgatory and Armageddon The Environmentalists Tale 2 Environmental Eden Managing Ecology Shift in livelihood strategies Barka Alla, North of Kutum, North Darfur 70% 60% 50% 40% Before Currently

341 views • 21 slides
The Movie: Armageddon https://youtu.be/9r7i-9Myg4k?t=96 1975 Started In Industry As an

The Movie: Armageddon https://youtu.be/9r7i-9Myg4k?t=96 1975 Started In Industry As an

The Movie: Armageddon https://youtu.be/9r7i-9Myg4k?t=96 1975 Started In Industry As an electrician 2019 - in the 44 years since, I have watched thousands of projects often being won because the low bidder has missed something. - 1982

650 views • 16 slides
PerfMon redux: analyzing a CUDA application with the Windows PerfMon redux: analyzing a CUDA

PerfMon redux: analyzing a CUDA application with the Windows PerfMon redux: analyzing a CUDA

S6287 PerfMon redux: analyzing a CUDA application with the Windows PerfMon redux: analyzing a CUDA application with the Windows Performance Monitor Richard Wilton Department of Physics and Astronomy Johns Hopkins University S6287: Analyzing

279 views • 25 slides
The Hydrogen Atom Redux The first three wavefunctions (n=1,2,3) of a 1D particle in a box of

The Hydrogen Atom Redux The first three wavefunctions (n=1,2,3) of a 1D particle in a box of

The Hydrogen Atom Redux The first three wavefunctions (n=1,2,3) of a 1D particle in a box of length L. n=1 1.0 0.5 (x/L) x/L 0.2 0.4 0.6 0.8 1.0 - 0.5 n=3 - 1.0 n=2 Physics 273 The Hydrogen Atom Redux 2 Example: Lets

823 views • 13 slides
State Management and Redux Shan-Hung Wu & DataLab CS, NTHU Outline WeatherMood: Posts

State Management and Redux Shan-Hung Wu & DataLab CS, NTHU Outline WeatherMood: Posts

State Management and Redux Shan-Hung Wu & DataLab CS, NTHU Outline WeatherMood: Posts Why Redux? Actions and Reducers Async Actions and Middleware Connecting with React Components Remarks 2 Outline WeatherMood:

903 views • 47 slides
Managing Data with React and Redux 1 @Jack_Franklin @pusher 2 Code, notes, etc:

Managing Data with React and Redux 1 @Jack_Franklin @pusher 2 Code, notes, etc:

Managing Data with React and Redux 1 @Jack_Franklin @pusher 2 Code, notes, etc: github.com/jackfranklin/ react-redux-talk Slides (after talk): speakerdeck.com/ jackfranklin I'll tweet them all: twitter.com/jack_franklin 3 4 5

1.63k views • 135 slides
Automatic Groups Redux Robert Gilman Stevens Institute of Technology Geometric and Asymptotic

Automatic Groups Redux Robert Gilman Stevens Institute of Technology Geometric and Asymptotic

Automatic Groups Redux Robert Gilman Stevens Institute of Technology Geometric and Asymptotic Group Theory with Applications City College of New York May 28, 2013 Robert Gilman (Stevens) Automatic Groups Redux GAGTA 2013 1 / 11 Automatic

351 views • 11 slides
International Business Cycles Redux Yan Bai and Jos e-V ctor R os-Rull University of

International Business Cycles Redux Yan Bai and Jos e-V ctor R os-Rull University of

International Business Cycles Redux Yan Bai and Jos e-V ctor R os-Rull University of Rochester, University of Minnesota, Federal Reserve Bank of Minneapolis, Mpls Fed, NBER Wednesday 16 th January, 2013 Punchline Backus-Smith

526 views • 25 slides
Java Object-oriented Programming 1 HWs Redux HW 3 HW 4 CS 6452: Prototyping

Java Object-oriented Programming 1 HWs Redux HW 3 HW 4 CS 6452: Prototyping

Java Object-oriented Programming 1 HWs Redux HW 3 HW 4 CS 6452: Prototyping Interactive Systems 2 Learning Objectives Java classes and objects Instance data Methods Constrcutors Visibility Scope Static CS

592 views • 38 slides
CSCI E-170 Lecture 11: Redux of papers, Logging, The Law, Integrity Management Simson L.

CSCI E-170 Lecture 11: Redux of papers, Logging, The Law, Integrity Management Simson L.

CSCI E-170 Lecture 11: Redux of papers, Logging, The Law, Integrity Management Simson L. Garfinkel Center for Research on Computation and Society Harvard University December 5, 2005 1 Todays Agenda 1. Administrivia 2. Midterm Projects:

881 views • 54 slides
Self-Embeddings of Models of Arithmetic, Redux Ali Enayat (Report of Joint work with V. Yu.

Self-Embeddings of Models of Arithmetic, Redux Ali Enayat (Report of Joint work with V. Yu.

Self-Embeddings of Models of Arithmetic, Redux Ali Enayat (Report of Joint work with V. Yu. Shavrukov) Model Theory and Proof Theory of Arithemtic A Memorial Conference in Honor of Henryk Kotlarski and Zygmunt Ratajczyk July 25, 2012, Bedlewo

1.12k views • 90 slides
Richard Redux (With Apologies to John Updike) Ash Asudeh University of Rochester October

Richard Redux (With Apologies to John Updike) Ash Asudeh University of Rochester October

Richard Redux (With Apologies to John Updike) Ash Asudeh University of Rochester October 4, 2019 Introduction Copy raising is a fascinating phenomenon that tests the limits of our current understanding of syntax and how it interacts

969 views • 67 slides
H.264 as MTI for rtcweb Jonathan Rosenberg Bo Burman The Cisco Announcement Redux Open

H.264 as MTI for rtcweb Jonathan Rosenberg Bo Burman The Cisco Announcement Redux Open

H.264 as MTI for rtcweb Jonathan Rosenberg Bo Burman The Cisco Announcement Redux Open Source under BSD and binary module we distribute, we pay MPEG-LA Binary versions for Win, Mac, Linux, Android community can contribute builds for

527 views • 17 slides
Lessons from the Dakota Access Pipeline Redux New Orleans 18 October 2018 WindHorse

Lessons from the Dakota Access Pipeline Redux New Orleans 18 October 2018 WindHorse

What Does Better Engagement Look Like from Various Public Stakeholders? Lessons from the Dakota Access Pipeline Redux New Orleans 18 October 2018 WindHorse Strategic Initiatives, LLC Legal Disclaimer : This presentation,

554 views • 41 slides
Infrastructure Cybersecurity Introduction to Concepts, Language, Policy About me Jack

Infrastructure Cybersecurity Introduction to Concepts, Language, Policy About me Jack

Understanding Critical Infrastructure Cybersecurity Introduction to Concepts, Language, Policy About me Jack Whitsitt | http://twitter.com/sintixerr | jack@energysec.org Broad Background Lived in a little hacker compound as a

850 views • 47 slides
Enter a new world of web development where everything is serverless Whats possible and how

Enter a new world of web development where everything is serverless Whats possible and how

Enter a new world of web development where everything is serverless Whats possible and how will infrastructure be shaped in the future WAQ 18 Bastian Widmer - @dasrecht | @amazeeio Bonjour WAQ18! Bonjour WAQ18! Pardon my Franais - or

731 views • 55 slides
Challenges in Experimenting with Botnet Detection Systems Adam J. Aviv Andreas Haeberlen

Challenges in Experimenting with Botnet Detection Systems Adam J. Aviv Andreas Haeberlen

Challenges in Experimenting with Botnet Detection Systems Adam J. Aviv Andreas Haeberlen University of Pennsylvania August 8th, 2011 CSET-2011 1 Alice has developed a new botnet detector!!! What should the evaluation show? Alice's

767 views • 42 slides
Compilers and computer architecture: Just-in-time compilation Martin Berger 1 December 2019 1

Compilers and computer architecture: Just-in-time compilation Martin Berger 1 December 2019 1

Compilers and computer architecture: Just-in-time compilation Martin Berger 1 December 2019 1 Email: M.F.Berger@sussex.ac.uk , Office hours: Wed 12-13 in Chi-2R312 1 / 1 Recall the function of compilers 2 / 1 Welcome to the cutting edge

778 views • 50 slides
Virtual Parent Meetings: Return-to-School Leslie Nichols, Superintendent August 5, 6, & 7,

Virtual Parent Meetings: Return-to-School Leslie Nichols, Superintendent August 5, 6, & 7,

Virtual Parent Meetings: Return-to-School Leslie Nichols, Superintendent August 5, 6, & 7, 2020 Schedule of Zoom Meetings Wednesday, August 5, 9:00am Wednesday, August 5, 5:30pm Thursday, August 6, 12:30pm Friday, August

298 views • 13 slides
Secure Network Access System (SNAS) Indigenous Next Generation Network Security Solutions Gigi

Secure Network Access System (SNAS) Indigenous Next Generation Network Security Solutions Gigi

Secure Network Access System (SNAS) Indigenous Next Generation Network Security Solutions Gigi Joseph, Computer Division,BARC. Gigi@barc.gov.in Intranet Security Components 1a. Network Authentication Network Admission Control 1b. End

701 views • 38 slides
Select Topics in Implementing an Integrated Medicaid Managed Long-Term Care Program TennCare

Select Topics in Implementing an Integrated Medicaid Managed Long-Term Care Program TennCare

Select Topics in Implementing an Integrated Medicaid Managed Long-Term Care Program TennCare Overview Tennessees Medicaid Agency Tennessees Medicaid Program Managed care demonstration implemented in 1994 Operates under the

423 views • 15 slides
PREPARED STATEMENT OF LEONARD C. SLOSKY CHAIR-ELECT OF THE LOW-LEVEL RADIOACITVE WASTE FORUM,

PREPARED STATEMENT OF LEONARD C. SLOSKY CHAIR-ELECT OF THE LOW-LEVEL RADIOACITVE WASTE FORUM,

PREPARED STATEMENT OF LEONARD C. SLOSKY CHAIR-ELECT OF THE LOW-LEVEL RADIOACITVE WASTE FORUM, INC. AND THE ROCKY MOUNTIAN LOW-LEVEL RADIOACTIVE WASTE BOARD REPRESENTING THE LOW-LEVEL RADIOACTIVE WASTE FORUM, INC. AND THE STATES OF SOUTH

476 views • 6 slides

More recommend