Professional Documents
Culture Documents
Overview
Introduction Definitions Examples Observations Summary
CoC - page 2
A Different Internet
Armies may cease to march Stock may lose a hundred points Businesses may be bankrupted Individuals may lose their social identity Threats not from novice teenagers, but purposeful military, political, and criminal organizations
CoC - page 3
Cyber Threats
Out-of-the-box Linux PC hooked to Internet, not announced: [30 seconds] First service probes/scans detected
Auto Coordinated
Cross site scripting stealth / advanced scanning techniques packet spoofing denial of service sniffers Intruder Knowledge sweepers
Tools
Staged
back doors disabling audits network mgmt. diagnostics hijacking burglaries sessions Attack Sophistication exploiting known vulnerabilities password cracking self-replicating code
Low
1980
password guessing
Intruders
1995 2000
CoC - page 5
1985
1990
CoC - page 6
Definitions
Cyberterror: The deliberate destruction, disruption or distortion of digital data or information flows with widespread effect for political, religious or ideological reasons. Cyber-utilization: The use of on-line networks or data by terrorist organizations for supportive purposes. Cybercrime: The deliberate misuse of digital data or information flows.
CoC - page 7
Sophistication of Cybercrime
Simple Unstructured: Individuals or groups working with little structure, forethought or preparation
Advanced Structured: Groups working with some structure, but little forethought or preparation
Complex Coordinated: Groups working with advance preparation with specific targets and objectives.
CoC - page 8
CoC - page 9
Pakistani/Indian Defacements
More
10/99 1/00 4/00
7/00
10/00
1/01
4/01
Well written
Juvenile
CoC - page 11
Cyber Trends
CERT/CC Year 2000 - 21,756 Incidents 16,129 Probes/Scans 2,912 Information Requests 261 Hoaxes, false alarms, vul reports, unknown 2454 Incidents with substantive impact on target Profiled 851 incidents, all active during July-Oct 2000 (plus some preliminary June data, profiling work is ongoing) Many different dimensions for analysis and trend generation (analysis work is ongoing)
CoC - page 12
Seasonal trend of incidents per month (some incidents carry over between months) Varying diversity of ports used in incidents
Shifts in operating systems involved in incidents Generic attack tools adapted to specific targets
100 80 60 40 20 0
Ju l-0 Au 0 g0 Se 0 p0 O 0 ct N 00 ov -0 D 0 ec -0 Ja 0 n0 Fe 1 b01
CoC - page 13
Ju
n0
n0 Ju
Ju
Ports
70
60
50
40
30
20
10
00
00
00
00
00
00
00
00
01
/0
/0
/0
/0
/0
/0
/0
01
4/
8/
1/
5/
8/
5/
2/
3/
6/
24
22
19
16
30
/9
20
3/
/1
/2
/1
/2
7/
8/
9/
/2
1/
12
6/
7/
8/
9/
9/
1/
2/
10
10
11
11
12
2/
17
CoC - page 14
/0
100
10
20
30
40
50
60
70
80
90
6 /2 4 /0 0
7 /8 /0 0
7 /2 2 /0 0
8 /5 /0 0
8 /1 9 /0 0
Weekly Incidents by OS
CoC - page 15
u n kn ow n LX NT SO UN IR MO O th e r m is c
100
10
20
30
40
50
60
70
80
90
6 /2 4 /0 0
7 /8 /0 0
7 /2 2 /0 0
8 /5 /0 0
8 /1 9 /0 0
CoC - page 16
D is r u p t D is t o r t d is c l o s u r e D e s tru c t D e c e p t io n U n kn ow n
6/ 2
100
10
20
30
40
50
60
70
80
90
Conventions
Socio-Political Activity
4/ 0 7/ 0 1/ 0 7/ 0 8/ 7/ 00 15 7/ /00 22 7/ /00 29 / 8/ 00 5 8/ /00 12 8/ /00 19 8/ /00 26 /0 9/ 0 2/ 0 9/ 0 9/ 9/ 00 16 9/ /00 23 9/ /00 30 10 /00 / 10 7/0 /1 0 10 4/0 /2 0 10 1/0 /2 0 8 11 /00 / 11 4/0 /1 0 11 1/0 /1 0 11 8/0 /2 0 5 12 /00 /2 12 /00 / 12 9/0 /1 0 12 6/0 /2 0 12 3/00 /3 0/ 0 1/ 0 6/ 1/ 01 13 1/ /01 20 1/ /01 27 /0 2/ 1 3/ 2/ 01 10 2/ /01 17 /0 1
CoC - page 17
Best Fit
Campaign
Holidays
Summary
Majority of on-line threat is cybercrime Cyberterror is still emerging Evolving threat Integrating critical missions with general Internet Increasing damage/speed of attacks Continued vulnerability of off-the-shelf software Much confusion of descriptions and definitions Widely viewed as critical weakness of Western nations
CoC - page 18