Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Overview
Introduction
Definitions
Examples
Observations
Summary
CoC - page 2
A Different Internet
Armies may cease to march
Stock may lose a hundred points
Businesses may be bankrupted
Individuals may lose their social identity
Threats not from novice teenagers, but purposeful
military, political, and criminal organizations
CoC - page 3
Cyber Threats
Out-of-the-box Linux PC hooked to Internet, not
announced:
[30 seconds] First service probes/scans detected
[1 hour] First compromise attempts detected
[12 hours] PC fully compromised:
Administrative access obtained
Event logging selectively disabled
System software modified to suit intruder
Attack software installed
PC actively probing for new hosts to intrude
Clear the disk and try again!
2002 by Carnegie Mellon University
CoC - page 4
Auto
Coordinated
Tools
High
sniffers
Intruder
Knowledge
sweepers
Staged
distributed
attack tools
www attacks
automated probes/scans
GUI
back doors
network mgmt. diagnostics
disabling audits
hijacking
burglaries sessions
Attack
Sophistication
Intruders
password guessing
Low
1980
1985
1990
1995
2000
CoC - page 5
Automated
Scanning/Exploit
Tools Developed
Widespread Use
of Automated
Scanning/Exploit
Tools
Intruders
Begin
Using New
Types
of Exploits
Advanced
Intruders
Discover New
Vulnerability
CoC - page 6
Definitions
Cyberterror: The deliberate
destruction, disruption or distortion
of digital data or information flows with
widespread effect for political, religious
or ideological reasons.
Cyber-utilization: The use of on-line networks or data by
terrorist organizations for supportive purposes.
Cybercrime: The deliberate misuse of digital data or
information flows.
CoC - page 7
Sophistication of Cybercrime
Simple Unstructured: Individuals or groups working with
little structure, forethought or preparation
Advanced Structured: Groups working with some
structure, but little forethought or preparation
Complex Coordinated: Groups working with advance
preparation with specific targets and objectives.
CoC - page 8
CoC - page 9
CoC - page 10
Pakistani/Indian Defacements
More
1/0
0
10/99
Well written
4/0
0
7/0
0
10/00
1/0
1
4/0
1
Juvenile
CoC - page 11
Cyber Trends
CERT/CC Year 2000 - 21,756 Incidents
16,129 Probes/Scans
2,912 Information Requests
261 Hoaxes, false alarms, vul reports, unknown
2454 Incidents with substantive impact on target
Profiled 851 incidents, all active during July-Oct 2000
(plus some preliminary June data, profiling work is
ongoing)
Many different dimensions for analysis and trend
generation (analysis work is ongoing)
CoC - page 12
Incidents
Incidents Active
600
500
400
300
200
100
0
Ports in Incidents
Ports
100
80
60
40
20
0
CoC - page 13
com
gov
edu
intl
user
isp
org
fin
k12
misc
other
70
60
50
40
30
20
10
0
CoC - page 14
2/17/01
2/3/01
1/20/01
1/6/01
12/23/00
12/9/00
11/25/00
11/11/00
10/28/00
10/14/00
9/30/00
9/16/00
9/2/00
8/19/00
8/5/00
7/22/00
7/8/00
6/24/00
100
Weekly Incidents by OS
90
80
70
60
50
40
30
unknown
LX
NT
SO
UN
IR
MO
Other
misc
20
10
CoC - page 15
Disrupt
Distort
disclosure
Destruct
Deception
Unknown
60
50
40
30
20
2/17/01
2/3/01
1/20/01
1/6/01
12/23/00
12/9/00
11/25/00
11/11/00
10/28/00
10/14/00
9/30/00
9/16/00
9/2/00
8/19/00
8/5/00
7/22/00
7/8/00
6/24/00
10
CoC - page 16
100
Socio-Political Activity
Inauguration
90
Holidays
Conventions
Debates
80
Election
Best Fit
Controversy
70
Campaign
60
50
40
30
20
10
CoC - page 17
Summary
Majority of on-line threat is cybercrime
Cyberterror is still emerging
Evolving threat
Integrating critical missions with general Internet
Increasing damage/speed of attacks
Continued vulnerability of off-the-shelf software
Much confusion of descriptions and definitions
Widely viewed as critical weakness of Western nations
CoC - page 18