FEDERAL BUREAU OF INVESTIGATION Cyber Division FBIHQ

Cyber Attacks: The NextSSA Robert Flaim Presented by Frontier

The nation is vulnerable to new forms of terrorism ranging from cyber attacks to attacks on military bases abroad to ballistic missile attacks on U.S. cities. Wars in the 21st century will increasingly require all elements of national power not just the military. They will require that economic, diplomatic, financial, law enforcement and intelligence capabilities work together.

Secretary Rumsfeld address to the National Defense University, January 31, 2002.

Discussion

Critical Infrastructures Terrorist Internet Exploits

Tactics and Strategy

Critical Infrastructures
Where the Crown Jewels Are

gine Planning for These Contingen

ATM Failures

Power Outages
Poisoned Water Supply

Telephone Outages

World Trade Center

Bridges Down

Airliner Crash

Oklahoma City

ISPs All Offline

Oil Refinery Fire

911 System Down

Unrelated Events or

Using Our Systems Against Us

Aircraft Pentagon/Twin Towers

Mail distribution network Anthrax

Computers next step ?

Real World Example Australia 2000

Maroochy Shire Waste Water Plant Sunshine Coast Insider

46 intrusions over 2 month period

Release of sewage into parks, rivers Environmental damage

Real World Example USA 2001

San Francisco FBI Field Office Investigation Internet probes from Saudi Arabia, Indonesia, Pakistan Casings of web sites regarding emergency telephone systems, electrical generation and transmissions, water storage and distribution, nuclear power plants and gas facilities

Exploring digital systems used to

Why Cyber Attack on Critical Infrastructures?

National Security Reduce the U.S.s ability to protect its interests Public Psyche Erode confidence in critical services and the government Economic impact Damage economic systems Enhancement of Physical Attacks Physical damage/distraction efforts Asymmetric Warfare Lack of attribution, low cost/high potential

How are we vulnerable?

Globalization of infrastructures = vulnerability Anonymous access to infrastructures via the Internet and SCADA

Interdependencies of systems make attack consequences harder to predict and more severe Malicious software is widely available and does not require a high degree of technical skill to use

Vulnerability Types

Computer based Poor passwords Lack of appropriate protection/or improperly configured protection Network based Unprotected or unnecessary open entry points Personnel based Temporary/staff firings Disgruntled personnel Lack of training Facility based Servers in unprotected areas Inadequate security policies

Al-Qaeda
Al-Qaeda laptop found in Afghanistan contained: Hits on web sites that contained Sabotage Handbook Handbook Internet tools, planning a hit, anti-surveillance methods, cracking tools Al-Qaeda actively researched publicly available information concerning critical

Terrorist Internet Exploits What are we up against?

Terrorist Groups

Terrorists
Attention must be paid to studying the terrorists: Ideology History Motivation Capabilities

Terrorists

Terrorism is carried out by disrupting activities, undermining confidence, and creating fear In the future, cyber terrorism may become a viable option to traditional physical acts of violence due to: Perceived anonymity Diverse targets Low risk of detection Low risk of personnel injury Low investment Operate from nearly any location

Terrorist Use of the Internet

Hacktivism
Cyber Facilitated Terrorism Cyber terrorism

Cyber Arsenal for Terrorists

Internet newsgroups, web home pages, and IRC channels include: Automated attack tools (Software Tools) Sniffers (capture information i.e. password/log-on) Rootkits (facilitate/mask intrusion) Network Vulnerability Analyzers (SATAN/Nessus) Spoofing Trojan Horses Worms DoS

Cyber Attack Methodology

Resource Denial Virus/malicious code Legitimate traffic overwhelms site (unauthorized high-volume links) DoS DDoS WWW Defacement Defacement to embarrass Content modification to convey message Content modification as component

Computer System Compromises

System Compromise Data destruction Data modification Information gathering Compromised platform : Launch pad for attacks Jump off point for other compromises Target Research and Acquisition Internet makes significant amounts of data instantly and anonymously

Hacktivism
Hacktivism is hacking with a cause and is concerned with influencing opinions on a specific issue.

Example: ELF hacks into the web page of a local ski resort and defaces the web page. This is done to reflect the

Hacktivism
Electronic Disturbance Theater
Smithsonian Mental Institution

Cyber Facilitated Terrorism

Terrorists utilize web sites to actively recruit members and publicize propaganda as well as to raise funds

Web sites also contain information necessary to construct weapons, obtain false identification

Use Internet as a communications tool via chat rooms, BBS, email

6. Feroz Abbasi

4. Zacarias Moussaoui

5. Richard Reid

3. Kamel Daoudi
7. Nizar Tribelsi 1. Finsbury Park Mosque, North London

2. Djamel Beghal

9. Abu Qatada

8. Abu Hamza

Kamel Daoudi
Believed to be AlQaeda Cyber Terrorist. Arrested for alleged involvement in plot to bomb American Embassy in Paris

Cyberterrorism
Cyberterrorism is a criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a particular political, social, or

The Cyberterrorist Threat

Assessing the threat
Behavioral Profile
THREAT

Technical Feasib

Operational Practicality

Cost & Means of Attack

Cost of Capability

Availability of Capability

1945

1955

1960

1970

1975

1985

Today

Cruise Missile Precisi Compute Strategic Missiles on Invasi Nuclear ICBM & SLBM Guided on Weapons

Tactics and Strategy Prevention and cooperation

FBI Cyber Transformation

Terrorism and Cyber Crime top priorities

FBI recruitment of engineers and computer scientists critical skills

Increasing agents dedicated to cyber crime

Creation of Cyber Task Forces in field offices

USA Patriot Act

Felony to hack into computer used in furtherance of national security or national defense

2702 Emergency Requests

Legal Subpoena expanded

Sentencing increased

USA Patriot Act contd

Share with DOJ for criminal prosecution Permits roving surveillance FISA orders for intelligence allowed if there is a significant reason for application rather than the reason Authorizes pen register and trap and trace orders for email as well as telephone

International Investigations
Cyber Evidence in USA
MLAT

Request

Joint

FBI-Foreign Police Investigation

Cyber Terrorism Prevention Old Methods for New Problem

Liaison Critical Infrastructure Companies, i.e. FBI InfraGard Internet Service Providers Universities Internet Cafes Hacker clubs IT companies, developers International, local law enforcement Look on the Internet Coordinate - national security, terrorist

Conclusion

Our national security, databases, and economy are extremely dependent upon automation
Therefore, there exists a target rich environment for those who would do harm via the Internet Our critical infrastructures require joint private/public efforts to protect them

Robert Flaim 1-571-2233338 rflaim@fbi. gov