# Information Warfare

Chia sẻ: Huy Hoang | Ngày: | Loại File: PDF | Số trang:42

0
78
lượt xem
9

## Information Warfare

Mô tả tài liệu

"Warfare" can be broadly defined as "the waging of armed conflict against an enemy." In this module we will consider what warfare means in the context of today's information systems and networks. We will see that the fundamental principles of warfare known for thousands of years are still relevant on today's new battleground.

Chủ đề:

Bình luận(0)

Lưu

## Nội dung Text: Information Warfare

1. Information Warfare Security Essentials The SANS Institute Information Assurance Foundations - SANS ©2001 1 "Warfare" can be broadly defined as "the waging of armed conflict against an enemy." In this module we will consider what warfare means in the context of today's information systems and networks. We will see that the fundamental principles of warfare known for thousands of years are still relevant on today's new battleground. 5-1
2. Agenda • What is Information Warfare? • Why is it Important? • Offensive Tactics • Introduction to Network Attacks • Defensive Tactics Information Warfare - SANS ©2001 2 After introducing the concept of information warfare, we will be concentrating on warfare principles and strategies. We will discuss both offensive and defensive tactics, both theory and practice. As a concrete example of offensive tactics, a quick introduction to TCP/IP network attacks is provided. 5-2
3. What is Information Warfare? Information warfare is the offensive and defensive use of information and information systems to deny, exploit, corrupt, or destroy, an adversary's information, information-based processes, information systems, and computer-based networks while protecting one's own. Such actions are designed to achieve advantages over military or business adversaries. Dr. Ivan Goldberg Information Warfare - SANS ©2001 3 We start our discussion with a definition of information warfare. The definition above simply maps our intuitive definition of warfare (subvert the enemy while protecting ourselves) into the realm of computers and networks. This definition has been provided by Dr. Ivan Goldberg, who leads the "Institute for the Advanced Study of Information Warfare". The institute's website has a number of white papers and reports on information warfare topics. http://www.psycom.net/iwar.1.html Eric Hrovat provides some interesting perspectives on information warfare in his paper, "Information Warfare: The Unconventional Art in a Digital World" published by SANS: http://rr.sans.org/infowar/infowar.php 5-3
4. Examples of Information Warfare • A company breaking into a competitor’s computer system to find out their list of customers • An R&D company putting false information about research on their web site to mislead the competition • A foreign government stealing tapes containing classified information Information Warfare - SANS ©2001 4 There are many possible forms of information warfare, the above slide provides three examples. Any time someone uses information as a weapon against an adversary, that is information warfare. The distinguishing factors are only how the information is obtained, how it is used, and to what impact. We consider theft of information a form of information warfare, but the most critical issue is how the stolen information is used against its rightful owner. In terms of the examples, a company who discovers a list of their competitor's customers might send false or misleading information to the customers, might market to these people specifically, or might simply see to it that the customers are harassed by telemarketers and spam (so the recipients think that the company they trusted released their information without permission). A foreign government stealing classified backup tapes might be able to discover detailed technical information concerning the capabilities of their adversary's weapons, or might obtain documents detailing strategies, names of informants, or maps of secret testing facilities. The possibilities are endless. A startup tech company that has a next generation product to release might post information stating that their product will not be ready for several months. Such a posting might lull the company's competitors into a false sense of not needing to hurry their own development cycles. When the startup releases its product months earlier than advertised, the competition is caught flat-footed. 5-4
5. Key Points From the Examples • Information Warfare can be: – Theft – Deception – Sabotage • Does not have to be technical or sophisticated • Attackers will always go after the weakest link Information Warfare - SANS ©2001 5 Abstracting the previous examples a level, we can list out a few fundamental concepts. Theft, espionage, blackmail, deception, sabotage, destruction -- these are all common goals in information warfare attacks. As in other forms of warfare, a skilled attacker will seek out his opponent's weaknesses and attack those first and most vigorously. For example, sometimes social engineering or packet flooding attacks most effectively accomplish an attacker's goals, but neither of these attacks requires any sophisticated technical skills. 5-5
6. Why is it Important? • Affects all governments and companies, and even individuals • Can be devastating • Risks are often not well understood • Can be difficult to predict or detect • Defenses must be custom tailored • Raises questions of legalities and liabilities Information Warfare - SANS ©2001 6 In today's world, information warfare impacts everyone, whether they own a computer or not. Consider identity theft, where one person is able to impersonate another, resulting in destroyed credit histories, undeserved criminal records, misassigned debt and liability, false healthcare documents, and more. Most people and organizations are not fully aware of the risks that surround them, although the results of an attack can be devastating. Because each organization is different, there is no "one size fits all" defense system. The only way to design a good defense is to understand the offensive tactics used by attackers, and to understand the defensive tactics and tools available to us. We will explore both offensive and defensive tactics in this module, and see how (fortunately) a few basic principles can be applied across a large number of situations. Interestingly, our most useful principles come not from information theory, but from a compilation of warfare strategies written well over two thousand years ago: Sun Tzu's "Art of War". These strategies are as relevant today as when they were first written. 5-6
7. How Dangerous is it Really? A few facts from the Honeynet project concerning break-ins between April and December 2000: • Seven default Red Hat 6.2 servers were attacked within 3 days of connecting to net • Fastest time for any server to be compromised was 15 minutes from first connection to net • Default Win98 box compromised in less than 24 hours from first connection, and compromised another four times in the next three days Information Warfare - SANS ©2001 7 But lets back up a minute. Perhaps we are over-reacting. Is it really all that dangerous on the internet today? Are there really that many "evil-doers" out to do me ill when I connect to the internet? Unfortunately, yes. The Honeynet project (a group that sets up and monitors whole networks of honeypots of all different operating systems) recently reported some statistics concerning the rate of break-ins to their small network over a period of 9 months. The full information concerning the stats above is quoted from the paper below. http://project.honeynet.org/papers/stats/ ---------------- • Between April and December 2000, seven default installations of Red Hat 6.2 servers were attacked within three days of connecting to the internet. Based on this, we estimate the life expectancy of a default installation of Red Hat 6.2 server to be less than 72 hours. The last time we attempted to confirm this, the system was compromised in less than eight hours. The fastest time ever for a system to be compromised was 15 minutes. This means the system was scanned, probed, and exploited within 15 minutes of connecting to the internet. Coincidentally, this was the first honeypot we ever setup, in March of 1999. • A default Windows 98 desktop was installed on October 31, 2000, with sharing enabled, the same configuration found in many homes and organizations. The honeypot was compromised in less than twenty four hours. In the following three days it was successfully compromised another four times. This makes a total of five successful attacks in less than four days. ---------------- These facts (and other information in the paper) demostrate the hostility of today's networks even to a simple home user. Even "grandma" needs to be aware of the dangers of the online environment today. As an example, consider that many of us use home computers to fill out year-end income tax forms. An attacker able to access that information would know enough to cause significant problems. Today's networks are infested with worms and automated attack programs that relentlessly seek out and compromise vulnerable computers, reporting back to a human only after accomplishing a successful compromise. Companies and governments must be secured against these threats, as well as against more sophisticated attackers specifically targeting their organization. 5-7
8. How Would you be Impacted? • Consider the following scenario: – You go into work tomorrow and all of your computers are gone and there is no internet connection. • Could you handle the situation? • Do you have backups? Uncontaminated backups? Is there a restore process? • Could your organization survive the loss? Information Warfare - SANS ©2001 8 Is your organization prepared for an attack? Either from the internet or from a natural disaster or terrorist act? Part of information warfare is planning for the worst and having a recovery plan in place. Many of us would be in a lot of trouble if a particular building burned down for example -- that building being the one holding the primary information and all of its backup copies. The September11th tragedy demonstrated how critical backups can be to a company's survival. When we ask about "uncontaminated backups", does that make sense to you? Consider a virus that spreads rapidly but remains undetected because it does not do anything observable. The virus infects several computers, but because it is not detected the virus program is copied onto the backup tapes along with legitimate information. Time passes. Ten months later the virus' payload goes into action and starts destroying files and laying waste to operating systems. You think, no problem, I've got backups going back 6 months. Oh no! All the backups are contaminated too! What do we do now? Do you have insurance against information loss? A recent Information Week article (January 2, 2002) explains how many insurance providers have decided to exclude online assets and terrorism- related damages from their IT policy offerings. http://www.informationweek.com/story/IWK20020102S0004 5-8
9. Threats • Internal threats – Employees – Contractors – Visitors • External threats – Anyone connected to the internet Information Warfare - SANS ©2001 9 The threat to a company could really be anything. Threats are typically broken down into internal and external threats. Internal threats are attacks launched by internal attackers, contractors, or even visitors to your facility. External threats could really be anyone that is connected to the internet. Threats can also range from intentional to unintentional events. Unintentional events, like floods or fires, could also be a threat that impacts a company. Even though these threats are not meant to hurt the company, the net result is the same. Therefore it is important to understand and react to all possible threats that are posed to your company. 5-9
10. Offensive Tactics • Using publicly available information maliciously • Stealing confidential information • Destroying or corrupting important data • Denial of Service attacks against business or livelihood • Providing false information in order to deceive, mislead, or confuse • Impersonation and slandering • Public embarrassment (e.g. website defacement) Information Warfare - SANS ©2001 10 Let us begin our consideration of information warfare concepts by looking at the offensive side of the game. Defensive strategies will be covered later. The slide above lists several common ways information can be involved in an attack against an organization or individual. At first glance it may seem that these attack methods are specific to the information age. In the next few slides we will take a closer look at several of the specific tactics and show that the concepts behind them have been well-known to warriors for centuries. 5 - 10
13. False Information "All warfare is based on deception...The one who is skillful maintains deceitful appearances, according to which the enemy will act." -Sun Tzu • If you know someone is watching you, why not give them misleading information? – False press releases – False company information – False server banners Information Warfare - SANS ©2001 13 This warfare tactic has the goal of misleading the enemy. The hope is that the enemy will use the false information to influence their actions to our advantage. For example, a company might "leak" the fact that they are going to submit a proposal for a particular job at the price of $5 million. The competition, upon hearing this information, decides to bid$4.5 million. When the original company actually bids $4 million (instead of the "leaked"$5 million figure) the spying competitor finds themselves underbid. As another example of misinformation in the information age, consider the case of an attacker who fabricated a false press release that led to a publicly traded company temporarily losing more than $2 million in market value. The bogus press release was submitted via email to InternetWire and picked up and distributed by a number of major news organizations. The press release stated that the company in question (Emulex) was under investigation by the SEC, had revised its latest earnings reports to show a loss instead of a profit, and was losing its CEO. The result was that investors started to dump the company's stock en masse, sending Emulex's stock plummeting as much as 62%. The company lost as much as$2.5 billion in market value before the fraud was discovered and Nasdaq halted its trading. http://www.usdoj.gov/criminal/cybercrime/emulex.htm http://www.ecommercetimes.com/perl/story/4426.html In general, the misinformation strategy is quite interesting and complex. The complexities arise the same as in any other lie, how to lie to some people, while telling the truth to others and keep it all straight? An organization employing these methods can easily lose control, or become liable for damages resulting from the false statements. The techniques can be quite effective however. 5 - 13