Fortinet Confidential Surviving Cyber War Richard Stiennon Chief Research Analyst IT-Harvest Blog: ThreatChaos.com twitter.com/stiennon
Nov 11, 2014
Fortinet Confidential
Surviving Cyber War
Richard StiennonChief Research AnalystIT-Harvest
Blog: ThreatChaos.com twitter.com/stiennon
Fortinet Confidential
Prelude: February 24, 2008
Fortinet Confidential
No more YouTube
Fortinet Confidential
No more Pakistan
Fortinet Confidential
Threat hierarchy is a time line!
• Information Warfare• CyberCrime• Hactivism• Vandalism• Experimentation
Fortinet Confidential
Rumblings
April 1, 2001
Navy EP-3
ChineseF-8
Fortinet Confidential
The Five Levels of Cyber Defense Conditions• Cyber DefCon 1. Travel warnings. Governments issue warnings
about protecting data when traveling to foreign nations.• Cyber DefCon 2. Nation states probe each other’s network’s for
vulnerabilities.• Cyber Defcon 3. Wide spread information theft with intent to mine
industrial as well as military and geo-political secret information.• Cyber DefCon 4. Targeted attacks against a nation’s military and
government installations. Loss of critical data, collateral damage. • Cyber DefCon 5. Nation to nation attacks are malicious with intent
to destroy communication infrastructure and disable business processes including financial markets.
Fortinet Confidential
Custom Trojans, tools of the tradeMichael Haephrati shows us how.
While China…
Fortinet Confidential
China takes it to the next level
• In the UK, the Home Office has warned about a spate of attacks in recent months involving e-mail Trojans. "We have never seen anything like this in terms of the industrial scale of this series of attacks," said Roger Cumming, director of NISCC
Fortinet Confidential
Titan Rain
• Custom Trojans• Sandia drops its shorts, 2005• Shawn Carpenter, First US Cyber Warrior• Summer 2007 Pentagon is attacked and shut down. Source
of attack Chinese Red Army
Fortinet Confidential
Multiple fronts in this info war
• German Chancellery, Summer 2007• Whitehall, UK• France• India• Australia
Fortinet Confidential
Cyber war breaks out• Estonia, March 2007• Ukrain November 2007• Lithuania, June 2008• Georgia, August 2008
Nashi summer camp ‘07
Fortinet Confidential
300 Lithuanian websites defaced
"All the hackers of the country have decided to unite, to counter the impudent actions of Western superpowers. We are fed up with NATO's encroachment on our motherland, we have had enough of Ukrainian politicians who have forgotten their nation and only think about their own interests. And we are fed up with Estonian government institutions that blatantly re-write history and support fascism," the message stated.
-The Baltic Course http://www.baltic-course.com
Fortinet Confidential
Surviving Cyber War
• Same rules apply, only more so. • Appoint a cyber security commander • Defense in depth against multiple adversaries• Fighting the low and slow war. Your information is their
weapon. Worry about infiltration.• DDoS. Yes, it takes investment.• Surviving a meltdown. Remember modems?
Fortinet Confidential
Blog: www.threatchaos.com
email: [email protected]
Twitter: twitter.com/stiennon
Fortinet Confidential
DEFCON 4