SlideShare a Scribd company logo

The New Front Line:An observation of cyber threats in the 21st century

Jonathan Francis Roscoe
Jonathan Francis Roscoe

Slides for a presentation based on an article from IEEE Security & Privacy. Jonathan Francis Roscoe (jjr6*AT*aber.ac.uk)

Technology
1 of 19
Download to read offline
The New Front Line An observation of cyber threats in the 21st century Jonathan Francis Roscoe <jjr6@aber.ac.uk> November 4t 2010
Outline Introduction Malice in Wonderland Cyber Warriors Worms Denial of Service Attacks The Estonian Cyberassault Stuxnet Defensive Measures The Future Conclusions 2 of 19
The New Front Line: Estonia under cyberassault • IEEE Security & Privacy July/August 2007 (vol. 5 no. 4) • Overviews a Distributed Denial of Service attack on Estonia, hypothesises perpetrators, mechanisms and even cost • Michael Lesk of Rutgers University Wrote a number of Unix utilities - lex, uucp and the predecessor to stdio Involved with a number of information systems Apparently only recent contributions 3 of 19
Malice in Wonderland There are a variety of software threats for machines connected to a network. • Worms • Viruses • Trojans • Rootkits • Other malware But threats may come from software not created with malicious intent.. 4 of 19
Cyber Warriors - Who • Academics • Malicious programmers & ”Script Kiddies” • Spammers • Disgruntled employees • Hacktivists • Military groups 5 of 19
Cyber Warfare - Why The why depends on the who.. • Research • Mischief • Corporate espionage • Money • Political statements • Terrorism 6 of 19
Worms A computer program that self-replicates over a computer network. • 1988 - The Morris Worm - intended to guage the size of the Internet • 1999 - ILOVEYOU - simple VBS script that used Outlook to propagate • 2003 - SQL Slammer - slowed general Internet traffic, targetted a buffer overflow in MS SQL • 2010 - Stuxnet - attacks a specific industrial PLC system from Siemens 7 of 19
Worms - How • Install ◦ Backdoor ◦ Ideally unnoticed • Propagate ◦ Counterfeit/bogus software ◦ Software exploits ◦ Email attachments 8 of 19
Botnets • A collection of infected hosts running autonomous software that can repond to commands • Worms designed to contact and respond to an owner • Geographically dispersed • Used for Denial of Service attacks, Spamming, Proxying, Dialing • Software is easy to obtain and modify • Often ”war” between owners for control of susceptible machines • Up to a quarter of personal computers may be a part of a botnet (BBC) 9 of 19
Botnets Illustration of a Distributed Denial of Service attack performed with a botnet. 10 of 19
Botnets A graph counting all the known command and control networks by the Shadowserver Foundation 11 of 19
Denial of Service An extremely common form of general attack. Often use botnets. • Type ◦ Distributed ◦ Flood - ICMP, SYN, Smurf ◦ Teardrop ◦ Peer-to-peer& multicast ◦ Application flood ◦ Phlashing • Motive ◦ Personal ◦ Business ◦ Political and Tactical 12 of 19
Denial of Service Attacks Summary of DoS attack methods, from http://atlas.arbor.net/summary/dos 13 of 19
The Estonian Cyberassault • Stong technological society • Followed protests in which one person was killed and several injured • Attack not large, but target was small • Estonia closed itself off from the wider Internet • General consensus is that it was not a military attack, due to the style 14 of 19
Stuxnet An unusually sophisticated worm. • Utilises zero-day exploits in Windows • Fradulent authentication certificates • Seeks out Programmable Logic Controllers (specifically Siemens) - industrial controllers for electromechanical devices • Speculation that it was targeted at nuclear assets • Majority of infection in Iran (Symantec) • Uses fingerprinting, apparently to target a specific system • Designed to cause catastrophic physical failure • ”..mischief or financial reward wasn’t its purpose, it was aimed right at the heart of a critical infrastructure.” - Lumension IT Security 15 of 19
Defensive Measures • Common sense & Awareness ◦ Software updates ◦ Physical access ◦ Data authentication • Using open source platforms • Antivirus • Firewalls & Routers • Intrusion Detection Systems (IDS) 16 of 19
The Future • Attacks can be economically and tactically significant to an entire nation.. and the world?.. • Attacks will get more specific - there are many kinds of embedded system and many of them are turning into fully-fledged computers • Continuingly increasing awareness and security will force novel methods of attack 17 of 19
Conclusions • Undeniable military and political motivations • Power is in the hand of individuals • There is money to be made • There’s as much potential for abuse and misuse as for growth and advancement 18 of 19
Resources • Bob Gourley - Open Source Software and Cyber Defense • http://asert.arbornetworks.com/2007/05/estonian-ddos- attacks-a-summary-to-date/ • http://www.direct.gov.uk/nationalsecuritystrategy • http://tools.ietf.org/rfc/rfc4732.txt • http://schneier.com/blog/archives/2010/10/stuxnet.html • http://www.avast.com/virus-monitor • http://atlas.arbor.net/summary/dos • http://news.bbc.co.uk/1/hi/business/6298641.stm • http://www.bbc.co.uk/news/technology-11388018 • http://www.governmentsecurity.org/ • http://www.shadowserver.org/ • http://news.bbc.co.uk/1/hi/8489265.stm 19 of 19

Recommended

Cyberware
CyberwareCyberware
Cyberware
Ensar Seker
 
Towngas Infomation Security Week 2013 presentation
Towngas Infomation Security Week 2013 presentationTowngas Infomation Security Week 2013 presentation
Towngas Infomation Security Week 2013 presentation
Charles Mok
 
CyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency ManagementCyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency Management
Ricardo Reis
 
Lesson2.9 o u2l6 who cares about encryption
Lesson2.9 o u2l6 who cares about encryptionLesson2.9 o u2l6 who cares about encryption
Lesson2.9 o u2l6 who cares about encryption
Lexume1
 
"BitDefender - What's Next" by Alexandru Balan @ eLiberatica 2008
"BitDefender - What's Next" by Alexandru Balan @ eLiberatica 2008"BitDefender - What's Next" by Alexandru Balan @ eLiberatica 2008
"BitDefender - What's Next" by Alexandru Balan @ eLiberatica 2008
eLiberatica
 
MR201501 Latest trends in Linux Malware
MR201501 Latest trends in Linux MalwareMR201501 Latest trends in Linux Malware
MR201501 Latest trends in Linux Malware
FFRI, Inc.
 
Cyberwarfare
CyberwarfareCyberwarfare
Cyberwarfare
shifahirani
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
shaympariyar
 

Recommended

Cyberware
CyberwareCyberware
Cyberware
Ensar Seker
 
Towngas Infomation Security Week 2013 presentation
Towngas Infomation Security Week 2013 presentationTowngas Infomation Security Week 2013 presentation
Towngas Infomation Security Week 2013 presentation
Charles Mok
 
CyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency ManagementCyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency Management
Ricardo Reis
 
Lesson2.9 o u2l6 who cares about encryption
Lesson2.9 o u2l6 who cares about encryptionLesson2.9 o u2l6 who cares about encryption
Lesson2.9 o u2l6 who cares about encryption
Lexume1
 
"BitDefender - What's Next" by Alexandru Balan @ eLiberatica 2008
"BitDefender - What's Next" by Alexandru Balan @ eLiberatica 2008"BitDefender - What's Next" by Alexandru Balan @ eLiberatica 2008
"BitDefender - What's Next" by Alexandru Balan @ eLiberatica 2008
eLiberatica
 
MR201501 Latest trends in Linux Malware
MR201501 Latest trends in Linux MalwareMR201501 Latest trends in Linux Malware
MR201501 Latest trends in Linux Malware
FFRI, Inc.
 
Cyberwarfare
CyberwarfareCyberwarfare
Cyberwarfare
shifahirani
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
shaympariyar
 
Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 ) Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 )
ClubHack
 
Securing Indian Cyberspace Shojan
Securing Indian Cyberspace ShojanSecuring Indian Cyberspace Shojan
Securing Indian Cyberspace Shojan
Shojan Jacob
 
Cyber War ( World War 3 )
Cyber War ( World War 3 )Cyber War ( World War 3 )
Cyber War ( World War 3 )
Sameer Paradia
 
Echo p.410 422 ch 10, irina
Echo p.410 422 ch 10, irinaEcho p.410 422 ch 10, irina
Echo p.410 422 ch 10, irina
misecho
 
Chapter 10, part 2
Chapter 10, part 2Chapter 10, part 2
Chapter 10, part 2
misecho
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
Abhay Vijay
 
Cyber Terrorism Presentation
Cyber Terrorism PresentationCyber Terrorism Presentation
Cyber Terrorism Presentation
merlyna
 
Cyber warfare Threat to Cyber Security by Prashant Mali
Cyber warfare Threat to Cyber Security by Prashant MaliCyber warfare Threat to Cyber Security by Prashant Mali
Cyber warfare Threat to Cyber Security by Prashant Mali
Adv Prashant Mali
 
Cyber Security, Cyber Warfare
Cyber Security, Cyber WarfareCyber Security, Cyber Warfare
Cyber Security, Cyber Warfare
Amit Anand
 
Cyber warfare an architecture for deterrence
Cyber warfare an architecture for deterrenceCyber warfare an architecture for deterrence
Cyber warfare an architecture for deterrence
Bikrant Gautam
 
Cyber warfare introduction
Cyber warfare introductionCyber warfare introduction
Cyber warfare introduction
jagadeesh katla
 
Aleksei zaitchenkov slides about DOS Attacks
Aleksei zaitchenkov slides about DOS AttacksAleksei zaitchenkov slides about DOS Attacks
Aleksei zaitchenkov slides about DOS Attacks
Dipesh Karade
 
list of Deception as well as detection techniques for maleware
list of Deception as well as detection techniques for malewarelist of Deception as well as detection techniques for maleware
list of Deception as well as detection techniques for maleware
AJAY VISHKARMA
 
Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)
Digicomp Academy AG
 
Shubhrat.presentationfor cybercrime.ppt
Shubhrat.presentationfor cybercrime.pptShubhrat.presentationfor cybercrime.ppt
Shubhrat.presentationfor cybercrime.ppt
Shubhrat Mishra
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
Hiren Selani
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorism
Sai praveen Seva
 
chapter 8- Management Information Systems Managing the Digital Firm
chapter 8- Management Information Systems Managing the Digital Firmchapter 8- Management Information Systems Managing the Digital Firm
chapter 8- Management Information Systems Managing the Digital Firm
Mohamad Fathi
 
Computer security: hackers and Viruses
Computer security: hackers and VirusesComputer security: hackers and Viruses
Computer security: hackers and Viruses
Wasif Ali Syed
 
The Stuxnet Virus FINAL
The Stuxnet Virus FINALThe Stuxnet Virus FINAL
The Stuxnet Virus FINAL
Nicholas Poole
 
Looking Forwards to Going Backwards
Looking Forwards to Going BackwardsLooking Forwards to Going Backwards
Looking Forwards to Going Backwards
Jonathan Francis Roscoe
 
Weekly Code Drop July 4, creating auth tokens
Weekly Code Drop July 4, creating auth tokensWeekly Code Drop July 4, creating auth tokens
Weekly Code Drop July 4, creating auth tokens
jasonc411
 

More Related Content

What's hot

Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 ) Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 )
ClubHack
 
Echo p.410 422 ch 10, irina
Echo p.410 422 ch 10, irinaEcho p.410 422 ch 10, irina
Echo p.410 422 ch 10, irina
misecho
 
Chapter 10, part 2
Chapter 10, part 2Chapter 10, part 2
Chapter 10, part 2
misecho
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorism
Sai praveen Seva
 
The Stuxnet Virus FINAL
The Stuxnet Virus FINALThe Stuxnet Virus FINAL
The Stuxnet Virus FINAL
Nicholas Poole
 

What's hot (20)

Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 ) Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 )
 
Securing Indian Cyberspace Shojan
Securing Indian Cyberspace ShojanSecuring Indian Cyberspace Shojan
Securing Indian Cyberspace Shojan
 
Cyber War ( World War 3 )
Cyber War ( World War 3 )Cyber War ( World War 3 )
Cyber War ( World War 3 )
 
Echo p.410 422 ch 10, irina
Echo p.410 422 ch 10, irinaEcho p.410 422 ch 10, irina
Echo p.410 422 ch 10, irina
 
Chapter 10, part 2
Chapter 10, part 2Chapter 10, part 2
Chapter 10, part 2
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
Cyber Terrorism Presentation
Cyber Terrorism PresentationCyber Terrorism Presentation
Cyber Terrorism Presentation
 
Cyber warfare Threat to Cyber Security by Prashant Mali
Cyber warfare Threat to Cyber Security by Prashant MaliCyber warfare Threat to Cyber Security by Prashant Mali
Cyber warfare Threat to Cyber Security by Prashant Mali
 
Cyber Security, Cyber Warfare
Cyber Security, Cyber WarfareCyber Security, Cyber Warfare
Cyber Security, Cyber Warfare
 
Cyber warfare an architecture for deterrence
Cyber warfare an architecture for deterrenceCyber warfare an architecture for deterrence
Cyber warfare an architecture for deterrence
 
Cyber warfare introduction
Cyber warfare introductionCyber warfare introduction
Cyber warfare introduction
 
Aleksei zaitchenkov slides about DOS Attacks
Aleksei zaitchenkov slides about DOS AttacksAleksei zaitchenkov slides about DOS Attacks
Aleksei zaitchenkov slides about DOS Attacks
 
list of Deception as well as detection techniques for maleware
list of Deception as well as detection techniques for malewarelist of Deception as well as detection techniques for maleware
list of Deception as well as detection techniques for maleware
 
Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)
 
Shubhrat.presentationfor cybercrime.ppt
Shubhrat.presentationfor cybercrime.pptShubhrat.presentationfor cybercrime.ppt
Shubhrat.presentationfor cybercrime.ppt
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorism
 
chapter 8- Management Information Systems Managing the Digital Firm
chapter 8- Management Information Systems Managing the Digital Firmchapter 8- Management Information Systems Managing the Digital Firm
chapter 8- Management Information Systems Managing the Digital Firm
 
Computer security: hackers and Viruses
Computer security: hackers and VirusesComputer security: hackers and Viruses
Computer security: hackers and Viruses
 
The Stuxnet Virus FINAL
The Stuxnet Virus FINALThe Stuxnet Virus FINAL
The Stuxnet Virus FINAL
 

Viewers also liked

Viewers also liked (9)

Looking Forwards to Going Backwards
Looking Forwards to Going BackwardsLooking Forwards to Going Backwards
Looking Forwards to Going Backwards
 
Weekly Code Drop July 4, creating auth tokens
Weekly Code Drop July 4, creating auth tokensWeekly Code Drop July 4, creating auth tokens
Weekly Code Drop July 4, creating auth tokens
 
More about PHP
More about PHPMore about PHP
More about PHP
 
Base64 Encoding
Base64 EncodingBase64 Encoding
Base64 Encoding
 
Bypassing Corporate Email Filtering
Bypassing Corporate Email FilteringBypassing Corporate Email Filtering
Bypassing Corporate Email Filtering
 
Hacker's Practice Ground - CarolinaCon - 2015
Hacker's Practice Ground - CarolinaCon - 2015Hacker's Practice Ground - CarolinaCon - 2015
Hacker's Practice Ground - CarolinaCon - 2015
 
Unicode (and Python)
Unicode (and Python)Unicode (and Python)
Unicode (and Python)
 
Mastering Python 3 I/O
Mastering Python 3 I/OMastering Python 3 I/O
Mastering Python 3 I/O
 
Mastering Python 3 I/O (Version 2)
Mastering Python 3 I/O (Version 2)Mastering Python 3 I/O (Version 2)
Mastering Python 3 I/O (Version 2)
 

Similar to The New Front Line:An observation of cyber threats in the 21st century

Francesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityFrancesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber security
Andrea Rossetti
 
Profile Of The Worlds Top Hackers Webinar Slides 063009
Profile Of The Worlds Top Hackers Webinar Slides 063009Profile Of The Worlds Top Hackers Webinar Slides 063009
Profile Of The Worlds Top Hackers Webinar Slides 063009
Lumension
 
Principles of Computer Security, Fourth Edition Copyright .docx
Principles of Computer Security, Fourth Edition Copyright .docxPrinciples of Computer Security, Fourth Edition Copyright .docx
Principles of Computer Security, Fourth Edition Copyright .docx
harrisonhoward80223
 

Similar to The New Front Line:An observation of cyber threats in the 21st century (20)

Francesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityFrancesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber security
 
Honeypots and honeynets
Honeypots and honeynetsHoneypots and honeynets
Honeypots and honeynets
 
Cyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSCyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoS
 
Cyber Attack Analysis
Cyber Attack AnalysisCyber Attack Analysis
Cyber Attack Analysis
 
Is6120 data security presentation
Is6120 data security presentationIs6120 data security presentation
Is6120 data security presentation
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issues
 
Cyber(in)security: systemic risks and responses
Cyber(in)security: systemic risks and responsesCyber(in)security: systemic risks and responses
Cyber(in)security: systemic risks and responses
 
Systemic cybersecurity risk
Systemic cybersecurity riskSystemic cybersecurity risk
Systemic cybersecurity risk
 
Hunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsHunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systems
 
Cyber security by Gaurav Singh
Cyber security by Gaurav SinghCyber security by Gaurav Singh
Cyber security by Gaurav Singh
 
Profile Of The Worlds Top Hackers Webinar Slides 063009
Profile Of The Worlds Top Hackers Webinar Slides 063009Profile Of The Worlds Top Hackers Webinar Slides 063009
Profile Of The Worlds Top Hackers Webinar Slides 063009
 
Stuxnet, a malicious computer worm
Stuxnet, a malicious computer wormStuxnet, a malicious computer worm
Stuxnet, a malicious computer worm
 
The Shift from Social Network Security to the Social IOT Security
The Shift from Social Network Security to the Social IOT SecurityThe Shift from Social Network Security to the Social IOT Security
The Shift from Social Network Security to the Social IOT Security
 
CCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityCCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network security
 
Cyber warfare ss
Cyber warfare ssCyber warfare ss
Cyber warfare ss
 
Principles of Computer Security, Fourth Edition Copyright .docx
Principles of Computer Security, Fourth Edition Copyright .docxPrinciples of Computer Security, Fourth Edition Copyright .docx
Principles of Computer Security, Fourth Edition Copyright .docx
 
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and AfraidAECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
 
Brooks18
Brooks18Brooks18
Brooks18
 
The shift from social network security to the social iot security
The shift from social network security to the social iot securityThe shift from social network security to the social iot security
The shift from social network security to the social iot security
 
The shift from social network security to the social iot security
The shift from social network security to the social iot securityThe shift from social network security to the social iot security
The shift from social network security to the social iot security
 

Recently uploaded

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Recently uploaded (20)

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 

The New Front Line:An observation of cyber threats in the 21st century

  • 1. The New Front Line An observation of cyber threats in the 21st century Jonathan Francis Roscoe <jjr6@aber.ac.uk> November 4t 2010
  • 2. Outline Introduction Malice in Wonderland Cyber Warriors Worms Denial of Service Attacks The Estonian Cyberassault Stuxnet Defensive Measures The Future Conclusions 2 of 19
  • 3. The New Front Line: Estonia under cyberassault • IEEE Security & Privacy July/August 2007 (vol. 5 no. 4) • Overviews a Distributed Denial of Service attack on Estonia, hypothesises perpetrators, mechanisms and even cost • Michael Lesk of Rutgers University Wrote a number of Unix utilities - lex, uucp and the predecessor to stdio Involved with a number of information systems Apparently only recent contributions 3 of 19
  • 4. Malice in Wonderland There are a variety of software threats for machines connected to a network. • Worms • Viruses • Trojans • Rootkits • Other malware But threats may come from software not created with malicious intent.. 4 of 19
  • 5. Cyber Warriors - Who • Academics • Malicious programmers & ”Script Kiddies” • Spammers • Disgruntled employees • Hacktivists • Military groups 5 of 19
  • 6. Cyber Warfare - Why The why depends on the who.. • Research • Mischief • Corporate espionage • Money • Political statements • Terrorism 6 of 19
  • 7. Worms A computer program that self-replicates over a computer network. • 1988 - The Morris Worm - intended to guage the size of the Internet • 1999 - ILOVEYOU - simple VBS script that used Outlook to propagate • 2003 - SQL Slammer - slowed general Internet traffic, targetted a buffer overflow in MS SQL • 2010 - Stuxnet - attacks a specific industrial PLC system from Siemens 7 of 19
  • 8. Worms - How • Install ◦ Backdoor ◦ Ideally unnoticed • Propagate ◦ Counterfeit/bogus software ◦ Software exploits ◦ Email attachments 8 of 19
  • 9. Botnets • A collection of infected hosts running autonomous software that can repond to commands • Worms designed to contact and respond to an owner • Geographically dispersed • Used for Denial of Service attacks, Spamming, Proxying, Dialing • Software is easy to obtain and modify • Often ”war” between owners for control of susceptible machines • Up to a quarter of personal computers may be a part of a botnet (BBC) 9 of 19
  • 10. Botnets Illustration of a Distributed Denial of Service attack performed with a botnet. 10 of 19
  • 11. Botnets A graph counting all the known command and control networks by the Shadowserver Foundation 11 of 19
  • 12. Denial of Service An extremely common form of general attack. Often use botnets. • Type ◦ Distributed ◦ Flood - ICMP, SYN, Smurf ◦ Teardrop ◦ Peer-to-peer& multicast ◦ Application flood ◦ Phlashing • Motive ◦ Personal ◦ Business ◦ Political and Tactical 12 of 19
  • 13. Denial of Service Attacks Summary of DoS attack methods, from http://atlas.arbor.net/summary/dos 13 of 19
  • 14. The Estonian Cyberassault • Stong technological society • Followed protests in which one person was killed and several injured • Attack not large, but target was small • Estonia closed itself off from the wider Internet • General consensus is that it was not a military attack, due to the style 14 of 19
  • 15. Stuxnet An unusually sophisticated worm. • Utilises zero-day exploits in Windows • Fradulent authentication certificates • Seeks out Programmable Logic Controllers (specifically Siemens) - industrial controllers for electromechanical devices • Speculation that it was targeted at nuclear assets • Majority of infection in Iran (Symantec) • Uses fingerprinting, apparently to target a specific system • Designed to cause catastrophic physical failure • ”..mischief or financial reward wasn’t its purpose, it was aimed right at the heart of a critical infrastructure.” - Lumension IT Security 15 of 19
  • 16. Defensive Measures • Common sense & Awareness ◦ Software updates ◦ Physical access ◦ Data authentication • Using open source platforms • Antivirus • Firewalls & Routers • Intrusion Detection Systems (IDS) 16 of 19
  • 17. The Future • Attacks can be economically and tactically significant to an entire nation.. and the world?.. • Attacks will get more specific - there are many kinds of embedded system and many of them are turning into fully-fledged computers • Continuingly increasing awareness and security will force novel methods of attack 17 of 19
  • 18. Conclusions • Undeniable military and political motivations • Power is in the hand of individuals • There is money to be made • There’s as much potential for abuse and misuse as for growth and advancement 18 of 19
  • 19. Resources • Bob Gourley - Open Source Software and Cyber Defense • http://asert.arbornetworks.com/2007/05/estonian-ddos- attacks-a-summary-to-date/ • http://www.direct.gov.uk/nationalsecuritystrategy • http://tools.ietf.org/rfc/rfc4732.txt • http://schneier.com/blog/archives/2010/10/stuxnet.html • http://www.avast.com/virus-monitor • http://atlas.arbor.net/summary/dos • http://news.bbc.co.uk/1/hi/business/6298641.stm • http://www.bbc.co.uk/news/technology-11388018 • http://www.governmentsecurity.org/ • http://www.shadowserver.org/ • http://news.bbc.co.uk/1/hi/8489265.stm 19 of 19