Page 1

Evolution of the Cyber Attack

Mike Saylor – 2011

Page 2

AGENDA

• What we will cover• Definitions• Brief Timeline• Present Day

Page 3

SYNOPSIS

Tactics, motivators, and themeans by which Hackers conducttheir attacks have evolved overlast 100 years.

What was once just for-fun, isnow big business, nationalsecurity, and terrorism.

Page 4

DEFINITIONS

• Cyber Attack – the use of technology againstanother technology for one or more reasons;a) to gain access to networks, systems, and/ordata, b) disruption of networks and/orsystems, and/or c) manipulation of networks,systems, and/or data.

• Worms / Virus / Malware – Software orpieces of programming code intended tosupport or conduct a cyber attack, and insome cases automatically harvest data.

Page 5

DEFINITIONS

• SPAM / Phishing – a type of cyber attack,though typically passive in nature. Used tospread propaganda, solicit responses to pre-texting, or as a delivery method for WORMs,Virus, or Malware.

• Denial of Service (DoS) – Result of a cyberattacked aimed at disruption, where bysystems, websites, etc are unavailable andpotentially inaccessible.

Page 6

TIMELINE

1870

1990

Present Day

Page 7

TIMELINE

1870’s•Two US teenagers caused a denial of service theCountry’s brand new electronic phone system.

1930’s•The German Enigma machine is hacked and theBombe machine is developed to automatedecryption

1960’s•MIT Artificial Intelligence Lab – hacking electrictrains, and dumping passwords from IBM 7094systems

Page 8

TIMELINE

1970’s•Cap’n Crunch & Yippie Social Magazine teachesphreakers how to make free phone calls

• Blue boxes sold by Berkley Blue & Oak Toebark1980’s• International Cyber Espionage• 414 Hack group busted for 60 cyber intrusions, includingLos Alamos Laboratory (considered the 1st large scale)

• Legion of Doom & Chaos Computer Club founded• Hacker Manifesto authored• 2600: Hacker Quarterly founded to share hacker tips• Christmas Tree WORM; Morris WORM, Father ChristmasWORM, and WANK WORM

Page 9

TIMELINE

1980’s cont’d• Kevin Mitnick hones his skills as a social engineer &hacker; steals source code, monitors sensitive corporateconversations - FBI most wanted, Arrested & Convicted

• First National Bank of Chicago hacked for $70MM• Fry Guy Arrested• Legion of Doom arrests (Leftist, Prophet, Urvile)1990’s• First occurrence of polymorphic code in a WORM, toevade detection my anti-virus applications.

• ATT Denial of Service Attack left millions without service• ATT hackers arrested (Knight Lightening, Phiber Optick,Acid Phreak, Scorpion, Eric Bloodaxe)

Page 10

TIMELINE

1990’s cont’d• Dark Dante stole military secrets• USAF, NASA, Korean Atomic Research Institute hackedby 16yr old – Data Stream. Arrested soon after

• Cyber Death Threats emerge – Texas A&M professortargeted

• Kevin Mitnick arrested again• 1st Annual DefCon conference• Russian hackers take Citigroup for $10MM• Large scale federal website defacements (CIA, NASA,DoJ, DoD)

• 65% of attacks on DoD are successful in 1995• 75% of reporting organizations had a breach in 1997

Page 11

TIMELINE

1990’s cont’d• Windows NT security hacked• Spamming term coined when Federal Bureau ofStatistics is overwhelmed by thousands of informationrequests

• UN Children’s Fund website hacked• Pentagon systems hacked and threats to release sourcecode to terrorists

• Hacker group testifies before Congress about the howvulnerable the US Internet infrastructure is.

• 15 year old compromises USAF systems in Guam• MP3s run wild on the Internet, thanks to a hackerdefeating Digital Rights Management

Page 12

TIMELINE

2000’s• I LOVE YOU WORM & Anna Kournikova Virus• Code Red WORM, Klez WORM• 10,000th CISSP Certificate Issued• First case of Cyber Extortion• North Korea reportedly trained 500 gov’t hackers• Paris Hilton’s phone hacked• 21,549 websites defaced by a single hacker• 1st VOIP Hack• 1st DoS of an entire country (Estonia)• Spear Phishing the US Sec of Defense• Religious Hacktivism• 20 Chinese hackers report compromising the Pentagon

Page 13

TIMELINE

2000’s cont’d• Conflicker WORM• SWAT-ing• Ghost Exodus sentenced for Dallas Hospital Hack• Large Scale retail and financial institutions hacked• Large Scale Coordinated ATM attacks• Coordinated Denial of Service attacks• Cyber Terrorism and Effects Based Operations• Aurora and other Infrastructure incidents• Stuxnet and the Iranian network Disruption• PlayStation Network Hack

Page 14

EVOLUTION CHART

1870 1930 1960 1970 1980 1990 2000

Reverse Engineering

Denial of Service

Distributed Denial of Service

System Manipulation

Social Engineering

Virus / Worm / Malware

Page 15

Wireless

Networks

Internet

TYPICALCYBER ATTACK

•Public Record / Data

Enumeration

•Attack Surface is Internet

facing systems / Web

Apps / Wireless access

points / email

•Targets include unpatched

systems and applications,

unsecure wireless,

unfiltered emailEmails

Page 16

THE CONVERGENCE

Network

Attacks

Physical

Security

Breach

Social Engineering

Malware

WORMS

Virus

Page 17

Phone

Calls

Emails

Remote

Users

Wireless

Networks

Internet

Wireless

Home

Networks

Cloud Provider /

Vendor

Company Data

MULTI-VECTORCYBER ATTACK

Worms

Virus

Malware

Page 18

MULTI-VECTORCYBER ATTACK

Page 19

MULTI-VECTORATTACK

•Public Record / Data Enumeration

•Attack Surface includes

• Internet facing systems / Web Apps / Wireless access points / email

•Employee User Accounts

•Employee / Company Social Networking

•Facilities

•Employee Home Networks

•Social Engineering

•Company and Home Trash

•Pre-Texting

•Phishing

•Vendors and 3rd party service providers

•Targets include

•Un-patched systems and applications, unsecure wireless, unfiltered email

•Physical security

•Executives

•Privileged Users

Page 20

WHAT’s NEXT

Present Day• Most organized Cyber Crime spans internationalboundaries. The well organized criminals aren’t gettingcaught, just their mules. Many crimes are unsolved.

• Today’s attacks are more complex, and not just from atechnology perspective.

• Hackers are coming out of the basement and partneringwith other criminals to fill in the gaps of traditionalattack vectors.

• Source Code is the new currency. If the source codecan be compromised without the attacker beingdetected, systems / products running this code caninherently become compromised.

Page 21

INHERENTFAIL

Internet

Internet

Page 22

INHERENTFAIL

Page 23

TIMELINE

Present Day• The vast majority of US Cyber Infrastructure is owned,operated, and protected by Private Organizations.

• In order to increase the security posture and resilienceof our Country’s Cyber Infrastructure, it is the PrivateSector not the Government that needs to becomeproactive in taking action.

• It only takes a few of the right people, at the right priceto induce a large scale cyber pan-systema.

Page 24

Q&A

Thank you !

Infragard.org

CyberDefenseCenter.org

Mike.Saylor@CyberDefenseCenter.org