This document summarizes a presentation given by Raoul Chiesa on critical infrastructure attacks. It discusses the evolution of hi-tech crimes in the 21st century, including various types of hackers and their motivations. It then focuses on critical national infrastructures, describing common types and providing examples of security incidents that have impacted systems like SCADA. The presentation highlights issues found in securing these infrastructures and concludes by discussing potential solutions like security training programs.
1. ITN 2009 – Torino, 15 Ottobre 2009
Attacchi ad infrastrutture critiche:
storie di vita vissuta
Raoul Chiesa
Founder, Honorary President, @ Mediaservice.net
Director of Communication, Board of Directors Member, ISECOM
Senior Advisor, Strategic Alliances & Cybercrime Issues at the United Nations
chiesa@UNICRI.it
Document Keywords
Infrastrutture Critiche Nazionali; SCADA; Automazione Industriale; Incidenti di Sicurezza; Attacchi
Informatici; Hacking; Sicurezza Nazionale; Penetration Test.
1
2. ITN 2009 – Torino, 15 Ottobre 2009
Agenda
Who is who
- Il relatore
- ISECOM
- UNICRI
I crimini Hi-Tech nel XXI secolo & l’hacking
Le Infrastrutture Critiche Nazionali
- Attacchi
- Problematiche riscontrate
- Incidenti
- TETRA
- Soluzioni
Contatti, Q&A
2
3. ITN 2009 – Torino, 15 Ottobre 2009
Il relatore
Raoul Chiesa
– Director of Communications at ISECOM
– Institute for Security and Open Methodologies
– Originally called the Ideahamster Organization (Est. 2000)
– Open Source Community Registered OSI
– Project Manager for H.P.P., OSSTMM Key Contributor
• OPST, OPSA, ISECOM Authorized International Trainer
– Professor of IT Security at various Universities & Masters (Italy)
– Advisor on Cybercrime for the United Nations at UNICRI
– Board of Directors Member at ISECOM, CLUSIT, Telecom Security Task
Force, and ISO ISMS IUG & OWASP
Italian Chapters
3
4. ITN 2009 – Torino, 15 Ottobre 2009
ISECOM: who is who
• Institute for Security and Open Methodologies (Est.
2002)
• Una Non-Profit Organization (registrata)
• Sedi a Barcelona (Spagna) e New York (U.S.A.)
• Open Source Community Registered OSI: utilizza un
processo di Open and Peer Review assicurando
Qualità e sviluppando una Chain of Trust,
diventando così una community
internazionalmente riconosciuta.
• Una Certification Authority “grown in the trust” e
supportata da istituzioni accademiche (La Salle
University network).
4
5. ITN 2009 – Torino, 15 Ottobre 2009
UNICRI: who is who
• United Nations Interregional Crime &
Justice Research Institute
• Fondato nel 1968 per assistere le
organizzazioni governative,
intergovernative e non-governative
nella creazione e miglioramento di
policy nel campo della crime
prevention e criminal justice.
• WHQ a Torino (UN Staff College,
ITC/ILO); uffici a Roma, Ginevra, New
York, Luanda (Angola), Maputo
(Mozambico).
5
6. ITN 2009 – Torino, 15 Ottobre 2009
Information Security
• L’evoluzione dei crimini dovrebbe essere analizzata
da punti di vista innovativi
• Diversamente, non saremmo in grado di
comprendere i nuovi nemici e, soprattutto, le loro
motivazioni
• Informazione è la keyword per le minacce di oggi
• You got the information, you got the power…
6
7. ITN 2009 – Torino, 15 Ottobre 2009
21st Century
Le minacce odierne si stanno trasformando,
ed evolvendo:
• Hacking “for fun”
• (Low-level) Hacking for money/phishing
• (High-level) Hacking/Industrial espionage
• On-line Child pornography (business)
• Botnets
• Critical Information Infrastructures, CNI &
SCADA
• Cyberterrorism
• Copyright & Intellectual property violations
• E-Commerce frauds, scams
• On line gambling
• Privacy issues (social networks)
7
8. ITN 2009 – Torino, 15 Ottobre 2009
Hacking: macro tipologie di attackers
Low-level hackers: “script-kiddies” hunting for known security flaws
(kind of “NEW”) Phishing, Remote low-level Social Engineering Attacks
Insiders (user/supervisor/admin)
Disgruntled Employees
High-level, sophisticated hackers, Organized Crime: middle and high level attacks
Hobbiest hackers
Unethical “security guys”
Unstructured attackers (SCAMs, medium & high-level hi-tech frauds,VISHING …)
Structured attackers (“the italian job”, targeted attacks, industrial espionage)
Espionage, Terrorism
Foreign Espionage
Hacktivist (unfunded groups)
Terrorist groups (funded)
State sponsored attacks
8
9. ITN 2009 – Torino, 15 Ottobre 2009
Critical National Infrastructures: high-level view
Le (principali) Infrastrutture Critiche Nazionali odierne possono essere
riassunte in:
Telecommunications
Electrical power systems
Gas and oil storage and transportation
Banking and finance
Transportation
Water supply systems
Emergency services (medical, police, fire and rescue)
Continuity of government
9
10. ITN 2009 – Torino, 15 Ottobre 2009
Critical National Infrastructures: zooming/1
Sector Sample Target Sub-sectors
1.Energy and Utilities Electrical power (generation, transmission, nuclear)
Natural gas
Oil production and transmission systems
2.Communications and
Information Technology Telecommunications (phone, fax, cable, satellites)
Broadcasting systems
Software
Hardware
Networks (Internet)
3. Finance Banking
Securities
Investment
4.Health Care Hospitals
Health-care facilities
Blood-supply facilities
Laboratories
Pharmaceuticals
5. Food Food safety
Agriculture and food industry
Food distribution
10
11. ITN 2009 – Torino, 15 Ottobre 2009
Critical National Infrastructures: zooming/2
Sector Sample Target Sub-sectors
6. Water Drinking water
Wastewater management
7. Transportation Air
Rail
Marine
Surface
8. Safety Chemical, biological, radiological, and nuclear safety
Hazardous materials
Search and rescue
Emergency services (police, fire, ambulance and others)
Dams
9. Government Government facilities
Government services (for example meteorological services)
Government information networks
Government assets
Key national symbols (cultural institutions and national sites
and monuments)
10. Manufacturing Chemical industry
Defence industrial base
11
12. ITN 2009 – Torino, 15 Ottobre 2009
China is attacking: UK
12
13. ITN 2009 – Torino, 15 Ottobre 2009
China is attacking: USA
13
14. ITN 2009 – Torino, 15 Ottobre 2009
China is attacking: Germany
The comments follow charges made by a top German intelligence
official that computer hacking by China was occurring on an almost
daily basis.
14
15. ITN 2009 – Torino, 15 Ottobre 2009
China is attacking: France
France has become the fourth country to speak out against hackers in
China following an attack on French government systems.
Francis Delon, France's secretary general for national defence,
claimed that the country's systems had been compromised and that
the evidence pointed to China.
15
16. ITN 2009 – Torino, 15 Ottobre 2009
I problemi riscontrati
Key issues Conseguenza
Reti piatte (no segmentazione) Vita facile ai worm
No FW ..arriva di tutto
No AV vulns note, bloccano la rete!
No xIDS Incident handling ?!? Anomalie ? Attacchi ?
Trojan “ad-hoc” ?
No Integrity Checker Modifiche ai file eseguibili
Sicurezza fisica Accesso fisico non autorizzato
Security Through Obscurity Non funziona più (GSM Association docet)
Differenze culturali Paradigma C-I-A VS A-I-C
16
26. ITN 2009 – Torino, 15 Ottobre 2009
TETRA & 911
• Nel 2007 siamo stati chiamati per effettuare verifiche
di sicurezza presso un Paese dell’area GCC (Middle-
East)
• Oltre ad un assessment di sicurezza “standard”, ci è
stato chiesto di “spegnere il 911”
• Dopo aver richiesto autorizzazioni estese, e dopo aver
toccato con mano lo scetticismo (vendor, e Cliente),
ci siamo messi all’opera
• Dopo 14 minuti il 911 era down: no police, no
ambulance, no fire department.
26
27. ITN 2009 – Torino, 15 Ottobre 2009
Altri case-studies (sotto NDA)
• Negli ultimi 3 anni ci siamo anche occupati di
verificare l’effettivo livello di sicurezza esistente presso:
– Energy Plants (Test Plant)
– Pharmaceutical (live)
– Finance
– Telco
– Air transport
– Highways
– Chemical
– Industry
• ..In tutti questi casi, siamo riusciti a violare con
successo l’infrastruttura e/o il target individuato.
27
28. ITN 2009 – Torino, 15 Ottobre 2009
Possibili soluzioni ? Cultura!
• Cybercrime Trainings on SCADA & NCIs @ the United
Nations (Torino, Italy)
– http://www.unicri.it/wwd/cybertraining/index.php
– http://www.unicri.it/wwd/cybertraining/info_security.php
– http://www.unicri.it/wwd/cybertraining/hacker_profiling.php
– http://www.unicri.it/wwd/cybertraining/SCADA.php
– http://www.unicri.it/wwd/cybertraining/digital_forensics.php
– http://www.unicri.it/wwd/cybertraining/ap-form_info.php
28
29. ITN 2009 – Torino, 15 Ottobre 2009
Contacts, Q&A
Contacts:
• If you are interested in ISECOM projects:
Raoul Chiesa, Director of Communications at ISECOM raoul@ISECOM.org
• If you are interested in professional penetration testing for governments and LEAs:
Raoul Chiesa, Chief Technical Officer & Tiger Team manager raoul@mediaservice.net
• If you are interested in UNICRI’s Cybercrime Trainings:
Raoul Chiesa, Senior Advisor & Strategic Alliances chiesa@UNICRI.it
GRAZIE DELL’ATTENZIONE!
DOMANDE ?
29