Saturday, May 29, 2010

Cyber-Terrorism Simulation

Today I intend to share with you a real case in cyber terrorism which I found it so useful after explaining the types of attackers and hackers and different formats of attack which may happen in cyber terrorism.

On February 16 the Bipartisan Policy Center (BPC) hosted Cyber ShockWave, a simulated cyber attack on the United States, in Washington D.C. The simulation envisioned an attack that unfolds over a single day in July 2011. When the Cabinet convenes to face this crisis, 20 million of the nation’s smart phones have already stopped working. The attack, the result of a malware program that had been planted in phones months earlier through a popular “March Madness” basketball bracket application, disrupts mobile service for millions. The attack escalates, shutting down an electronic energy trading platform and crippling the power grid on the Eastern seaboard. Of a potential cyber attack on the U.S., Stephen Friedman, who played the role of Secretary of the Treasury, said, “There is no question in my mind that this is a predictable surprise and we need to get our act together.”

Joe Hagin, former White House Deputy Chief of Staff stated, “In today’s highly charged environment and with the incredible reliance upon mobile communications, it is of vital importance that anyone with exposure to cellular technologies, either personally or in their business, take proactive steps to protect themselves, their networks, their users, and their data from attack.”



SMobile Systems offered five best practices to avoid the vulnerabilities exposed by the BPC simulation, these include:

  • Protect mobile devices with the same baseline security as PCs;
  • Recognize and take action to centrally control a heterogeneous mobile device environment;
  • Implement technology to protect against all lost and stolen devices;
  • Embrace productivity by supplementing mobile devices with security;
  • Look to the cloud for solutions.

While it is hard to know how realistic the exercise was or exactly what the stated outcome of: “unprepared for cyber threats” exactly means, exercises such as these can be valuable, if nothing else to get people to think about disaster preparedness.



Sunday, May 16, 2010

Classifying Cyber terrorism Attacks


In this post I am going to share information about different kind of attack which may happen and classifying them into different categories. As I talked about different kind of hackers and attackers in previous post in this post it is better to discuss about the ways and strategies which have been used by hackers and cyber terrorists that they apply in order to attack their victims.

At any rate, cyber attacks have now become threats that system administrators and webmasters need to guard against.

There are five forms of attacks commonly used against computers and networks, according to Aaron Turpen, in his article 'Hacker Prevention Techniques.'

1. Distributed Denial of Service (DDoS) attacks:

security that unwittingly become hacker accomplices). This kind of attack focuses on open ports and connections in the network or system. They undermine the network by flooding it with req Usually aimed at networks by third party systems (typically, compromised systems lacking uests, thereby causing one or more systems and their resources to shut down or crash

2. Trojan Horse:

Software disguised as something else (typically useful shareware or freeware) and so are installed in your system consciously. it either contains a "back door," (which allows others to enter your system, and do what they want with it, while you're using the software), or a "trigger," (sets itself off when triggered, either by a date or a time or a series of events, etc., and cause your system to shut down or attack other computers.

3. Virus:


It is one the most common attacks. Primary concern is to replicate and spread itself, and then destroy or attempt an attack on the host system. Examples include: I Love You; Crazy Boot, Cascade; Tequila; Frodo

4. Websites - malicious sites that use known security holes in certain Web technologies to trigger your web browser to perform unwanted functions in your system (ex. an older version of ActiveX had a "hole" that allowed content in any one folder or directory on your hard drive to be automatically uploaded to a web directory or emailed to a receiver)

5. Worm:

It consumes resources (quietly) until the system finally becomes overloaded and ceases to function. It is a combination of a DDoS and a virus attack. Usually reproduces as often as possible to spread as widely as they can. Typically built for a certain type of system and is benign to all other. This attack commonly aimed at larger systems (mainframes, corporate networks, etc.); some are built to "consume" data and filter it back out to unauthorized users (i.e. corporate spies)

After classifying these attacks I would like to mention a real case study which happened in year 2009.

In March, 2009, researchers in Toronto concluded a 10-month investigation that revealed a massive cyber espionage ring they called Ghostnet that had penetrated more than 1,200 systems in 103 countries. The victims were foreign embassies, NGOs, news media institutions, foreign affairs ministries, and international organizations. Almost all Tibet-related organizations had been compromised, including the offices of the Dalai Lama. The attacks used Chinese malware and came from Beijing.

The truth is, practically anyone connecting to the Internet is vulnerable to being hacked, infiltrated by a Trojan horse or attacked by a virus or worm. Thus, there is a need to be proactive when it comes to protecting your system from such attacks.