Cyber Security In The Three Times: Past, Present & Future
Carnegie Mellon CyLab4720 FORBES AVENUECIC BUILDINGPITTSBURGH, PA 15213PH: 412.268.1870FX: 412.268.7675www.cylab.cmu.eduCyber Security in the Three Times:Past, Present & FutureCERT 20th Anniversary Seminar SeriesPittsburgh, Pennsylvania, 7/22/08
Cyber Security in the Three TimesAgenda Speaker’s BioCyLab’s MissionGlobal Economy & CyberspaceGlimpses Into the 21st Century Threat MatrixCyber Risks TimelineElements of A Holistic ProgramRuminations & ConclusionsRichard Power, Carnegie Mellon CyLab 20082
Harnessing the Future to Secure the PresentRichard Power CyLab Distinguished FellowDirector of Global Security Intelligence for Deloitte Touche Tohmatsu (2002-2005)Editorial Director for Computer Security Institute (1994-2002)Author of Five Books, Including– Secrets Stolen/Fortunes Lost: Preventing Intellectual Property Theft & EconomicEspionage in the 21st Century, (w/ Christopher Burgess)– Tangled Web: Tales of Digital Crime from the Shadows of Cyberspace Author of War & Peace in Cyberspace, monthly column for Computer Fraud and SecurityJournal (w/ Dario Forte)Richard Power, Carnegie Mellon CyLab 20083
CyLab’s MissionCyLab is A bold and visionary effort, which establishes public-private partnerships to developnew technologies for measurable, available, secure, trustworthy, and sustainablecomputing and communications systems as well as to educate individuals at alllevels. A dynamic matrix, in which great works are accomplished, great minds cometogether, and great careers are launched. A vital resource for government and business to draw on in addressing cyber risksthat threaten national and economic security. A world leader in both technological research and the education of informationassurance professionals,CyLab harnesses the future to secure the present.Richard Power, Carnegie Mellon CyLab 20084
Harnessing the Future to Secure the PresentOne of the world’s premier centers forcyber security, dependability and privacy Largest U.S. university-based cybersecurity research & education programComputer Emergency Response Team(CERT)National Science Foundation (NSF)CyberTrust CenterKey partner in NSF-funded Centerfor Team Research in Ubiquitous SecureTechnologyNational Security Administration (NSA)Center of Academic Excellence inInformation Assurance EducationRichard Power, Carnegie Mellon CyLab 2008Unique comprehensive approach Multi-disciplinary, university-wide– Faculty and researchers from sixcolleges of Carnegie Mellon– 50 faculty/researchers and130 graduate students Funded by private and public funds– Budget of approximately 12M infiscal year 2007– Supported by 50 member privatecompanies and government researchfunds Global educational partnerships & initiatives:e.g., Taiwan, India, Portugal, Singapore,Greece, Japan, etc.5
6
Benefits of CyLab Partners ProgramThe Four R’s of CyLab Partner Program Benefits - Research– Leverage CyLab researchers and facilities for your R&D Recruitment– Get inside track on hiring CyLab graduates to build your technologyteam Reputation– Embellish your image by association with leading research center Return on Investment– Cost-savings & boost in reputation translate into immediate ROIRichard Power, Carnegie Mellon CyLab 20087
The Web of Life“All things are connected like the blood thatunites us all. Man did not weave the Web ofLife, he is merely a strand in it. Whatever hedoes to the Web he does to himself.”Chief Seattle,1854Richard Power, Carnegie Mellon CyLab 20088
Growth of the Global EconomyEveryone & Everything Everywhere is Connected 2001: 34 nations sign “Free Trade Americas” pact for massive free-tradezone of 800 million people from Alaska to Argentina.1999: Euro, a common currency for 11 European nations. “Biggesteconomic event we’ll see in our lifetime.”1998: Asian economic crisis impacts the world.1995: General Agreement on Tariffs and Trade (GATT) signed.1994: North American Free Trade Agreement (NAFTA) signed.1992: Treaty on European Union (EU) signed.1989-1991: Collapse of Soviet Union, German reunification.9
Growth of CyberspaceEveryone & Everything Everywhere is Connected Radio -- 35 Years to Reach 50 Million People TV -- 15 Years to Reach 50 Million People WWW – 5 Years to Reach 50 Million PeopleRichard Power, Carnegie Mellon CyLab 200810
As They Evolve, They Increasingly Interpenetrate1980sGlobal EconomyCyberspace1990sCyberspaceGlobal Economy21st CenturyGlobal EconomySecrets Stolen/Fortunes Lost,Synergy Press, 2008Cyberspace11
In 21st Century, They Occupy Same Space & Share Risk1980sGlobal Economy-- Competitors-- EspionageCyberspace-- Hackers-- Data Theft1990sCyberspaceGlobal Economy21st CenturyGlobal Economy--- Hackers-- Data TheftCyberspace-- Competitors-- EspionageSecrets Stolen/Fortunes Lost,12Synergy Press, 2008
Yoga of the Three TimesIn the 8th Century, this teaching was written down by Yeshe Tsogyal, Tibetanyogini and consort of the great sage, Padma Sambhava; it was then “hiddenaway amidst a cache of precious things” to be read by seekers of the future – The yoga of the past not being practiced,memory of the past remains latent. The Future, not being welcomed,is completely severed by the mind from the present. The Present not being fixable remains in the state of voidness(Tibetan Book of the Great Liberation, Ed. & Trans. by W.Y. Evans-Wentz, Oxford University,1954)Richard Power, Carnegie Mellon CyLab 200813
Glimpses into the 21st Century Threat MatrixOn the dark side of cyberspace -- a rapidly expandingspectrum of risks & threats, ever-evolving in sophistication Every technological advance for mobile workers offers new opportunitiesfor cyber criminals and industrial spies Rise of organized crime in Eastern Europe was predicted 14 years ago,and yet, it has grown powerful & pervasive Not just petty crime, recent headlines highlight attacks on nationalsecurity, financial markets & power grids Meanwhile, perennial threats, like the disgruntled or dishonest insider,continue unabatedRichard Power, Carnegie Mellon CyLab 200814
Glimpses into the 21st Century Threat MatrixA random sampling from 30 days of newspaper headlinesunderscores the scope of the challenge Bank: Rogue trader hackedcomputers (CNN, 1-27-08) Hackers darken cities, CIA says(Security Focus, 1-21-08) China has penetrated key U.S.databases (SC Magazine, 1-18-08) Wi-fi users, beware: Hot spots are weakspots (Wall Street Journal, 1-16-08) New mass hack strikes sites, confoundsresearchers (Computerworld, 1-14-08) Former Cox employee who shutRichard Power,MellonCyLab2008down911 Carnegiegets jailtime(SCMagazine, 1-11-08) Former New Jersey system administratorgets 30 months in prison for ‘logic bomb’(SC Magazine 1-9-08) Engineer: I stole IDs from hotel computers(Miami Herald, 1-9-08) Mass hack infects tens of thousands of sites(Computerworld, 1-7-08) FAA: Boeing's New 787 May Be Vulnerable toHacker Attack (Wired, 1-4-08) eBay goes far to fight fraud – all the way toRomania (L.A. Times, 12-26-07) Pune woman 12mn cyber theft (DNA, 12-28-07)15
Glimpses into the 21st Century Threat MatrixAnother random sampling from recent newspaper headlinesunderscores the scope of the challenge Crimeware server exposes breadthof data theft (GCN, 5-6-08) Hackers' posts on epilepsy forumcause migraines, seizures (SMH, 58-08) Hacktivists collect fingerprint offingerprint collector (Register, 3-3008) Hackers Hijack a Half-million SitesIn Latest Attack (Computerworld, 5-1308)Richard Power, Carnegie Mellon CyLab 2008 FBI Worried as DoD SoldC t f it N t ki G(CSO Rare SCADA vulnerability discovered (SCMagazine 5-9-08) Technology, media firms overconfident,unprepared for breaches: Deloitte survey(SC Magazine, 2-7-08) Hackers Focus on VoIP Accounts (WebProNews, 5-12-08) Hackers May Have Stolen Millions of Cards(Newsday 5-15-08) Hackers catch ride on Grand Theft Auto IVdownloaders (Computer Weekly, 5-15-08) Russia’s state hackers target Radio FreeEurope in Prague (Sunday Herald, 5-10-08)16
Glimpses into the 21st Century Threat MatrixA random sampling from 30 days of newspaper headlinesunderscores the scope of the challenge Spam Blockers Losing Ground onSophisticated Attackers (6-08) Software Engineer First to beSentenced Under EconomicEspionage Act (6-18-08) Citibank Server Breach LikelySource of Compromised ATM Cards(6-18-08) Stolen Computer Holds OutsourcedHuman Resources Data (6-23-08)Richard Power, Carnegie Mellon CyLab 2008 MarshallIslands hit by 'zombie'attack (6 25 08) Former Employee Allegedly Deleted OrganBank Data (6-26-8) More Than 630,000 Laptops Lost at AirportsEach Year (6-30-08) S.F. officials locked out of computer network(7-15-08) New trojan in the wild targeting multimediafiles (SC Magazine, 7-14-08) Hackers break 3G iPhone lock (7-13-08) Hackers Steal Millions From 7-Eleven ATM(AP, 7-3-08)17
Glimpses into the 21st Century Threat MatrixTrends for 2008-2009 (it’s only going to get worse) - Increased professionalism and commercialization of malicious activities Threats tailored for specific regions, Increasing numbers of multi-stagedattacks Attackers targeting victims by first exploiting trusted entities Convergence of attack methods Automated evasion process Advanced Web threats – laundering origins through the Web Diversification of bot usage(Symantec Internet Threat Report 2007)Richard Power, Carnegie Mellon CyLab 200818
Glimpses into the 21st Century Threat MatrixTrends for 2008-2009 (it’s only going to get worse) - Ratio of non-malicious to malicious software reaching tipping point, levels of maliciouscode & unwanted programs will exceed number of legitimate software; securitytechniques will switch from blacklisting to whitelistingForty-three percent of enterprises have little or no measures in place to addresspermissions or restrictions on removable media, less than 17% have related end-pointsecurity measures; attackers may introduce malicious code at one point or anotherduring manufacture or distributionMore advanced botnet threats that employ stealth methods such as steganography,allowing bot masters to exploit public forums and search enginesAs US national elections draw near, an increase in phishing, scams and malicious codetargeting candidates, campaigns, etc.(Symantec Internet Threat Report 2008)Richard Power, Carnegie Mellon CyLab 200819
Cyber Risks Timeline: 1996US Senate Permanent Investigations Subcommittee Hearingson “Security In Cyberspace” Senator Sam Nunn (D-GA) presidingWitnesses included––––––––––Keith Rhodes (GAO)Jim Christy (DoD)Peter Neumann (SRI)John Deutch (CIA)Roger Molander (RAND)Jamie Gorelick (DoJ)Richard Pethia (CERT)Senator Patrick Leahy (D-VT)Senator John Kyl (R-AZ)Richard Power (CSI)“Human beings are building systems,deploying them and breaking intothem. So it is human beings that wehave to reach in terms of training,awareness, and understanding theirresponsibility, not only to theircorporations, or to their own jobsecurity, but to their country, and tothe world.”– Testimony of Richard PowerRichard Power, Carnegie Mellon CyLab 200820
Cyber Risks Timeline: 1995-2002CSI/FBI Computer Crime & Security Survey Intent– To Raise Awareness– Encourage Reporting of Cyber Crimes to Law Enforcement– Inspire In-Depth Research Methodology– Non-Scientific Trends– External Attacks on the Rise– Perpetrators Not Only Insiders or Juveniles– Significant Financial LossesRichard Power, Carnegie Mellon CyLab 200821
Internet As Frequent Point of Attack: 1996-2002% of Respondents8070706050403054 332420383528221812100INTERNALSYSTEMSCSI/FBI 2002 Computer Crime and Security SurveySource: Computer Security InstituteREMOTEDIAL-ININTERNET2002: 414 Respondents/82%2001: 384 Respondents/72%2000: 443 Respondents/68%1999: 324 Respondents/62%1998: 279 Respondents/54%1997: 391 Respondents/69%1996: 174 Respondents/40%22
Financial Losses Summary: 1997-2002Total dollar losses:1997: 249 respondents, US 100,119,5551998: 241 respondents, US 136,822,0001999: 163 respondents, US 123,779,0002000: 273 respondents, US 265,589,9402001: 196 respondents, US 377,828,7002002: 223 respondents, US 455,848,000Grand total: US 1,459,755,245CSI/FBI 2002 Computer Crime and Security SurveySource: Computer Security Institute23
False Notions about Cyber Crime & Cyber Security9Cyber crime costs are exaggerated -- WRONG9Cyber crime is a rare occurrence -- WRONG9Insiders 80% of problem, outsiders are only 20% -- WRONG9Problem is mostly juvenile hackers -- WRONG9Economic espionage is done almost exclusively by the turning of insiders – WRONG9Security technology security -- WRONG9Security policies & awareness posters security -- WRONG9Budget security -- WRONG9Security technology, policies, awareness posters & budget security -- WRONGRichard Power, Carnegie Mellon CyLab 200824
Cyber Risks TimelineIn the late 1990s, “Current & Future Danger: A Primer on CyberCrime & Information Warfare” Articulated Four Areas of GreatestConcern, They are Still the Four Areas of Greatest Concern: Electronic Commerce CrimeEconomic EspionageInfrastructure AttacksPersonal Cyber InsecurityRichard Power, Carnegie Mellon CyLab 200825
9/11: Lessons Learned?Those Who Cannot Remember the Pastare Condemned to Repeat It False Meme: “The World Changed on9/11.”– False Meme: “9/11 was the Result ofIntelligence Failures.”– Some people simply woke up to the realityof the world in which we lived in on 9/10Plenty of pre-9/11 intelligence, but whathappened to it?Fear is Not Awareness–Missed opportunity to raise awarenessand education not only for the USpopulace, but the world Richard Power/Dario Forte,Computer Fraud & Security Journal (2006)26
Cyber Risks TimelineFrom Salgado in 1997 to TJX in 2006 Carlos Salgado (1997)– 86,326 credit cards from 1,214 institutions– Based on average credit card fraud losses—e.g., 1,836 for fraudulentcredit application—potential impact could have been 1 billion– Cost of card reissue alone: 125 per card, 10,780,750 TJ Maxx (2007)– A hacker or hackers stole data from at least 45.7 million credit and debitcards of shoppers at off-price retailers including T.J. Maxx andMarshalls in a case believed to be the largest such breach of consumerinformation. (MSNBC, 3-30-07)Richard Power, Carnegie Mellon CyLab 200827
Cyber Risks TimelineBlacknet was a hoax, but Phonemasters wasn’t Accessed telephone networks of AT&T, British Telecommunications, GTE,MCI, Southwestern Bell and Sprint Broke into credit-reporting databases of Equifax and TRW, and Nexis/Lexisdatabases Eavesdropped on phone conversations, compromised secure databases andredirected communications Accessed national power grid, air traffic control system and a digital cache ofunpublished phone numbers at the White House Customers included private investigators, so-called ‘information brokers,’ andby way of middlemen, the Sicilian Mafia Price list included personal credit reports for 75; state motor vehicle records, 25; records from the FBI’s Crime Information Center, 100; address or phonenumber of any celebrity or important person, 500.Richard Power, Carnegie Mellon CyLab 200828
Cyber Risks TimelineThe Scope of Eastern European & Asian Cybercrime “The chain of command of a cybercrimegang is not unlike the Mafia, an evolutionthat shows how online crime is becoming abroad, well-organized endeavor. (IDG, 7-1508)“Moroccan and European intelligenceauthorities continue to identify significantlinks between eCrime targeting Westernfinancial institutions and active terrorist cellsin Morocco.” (ISIGHT Partners, 5-20-08)“Likely that the use of Russian and EasternEuropean ‘botnet’ (large quantities ofmalware-infected computers) for politicalpurposes will increase, due to their low cost,the difficulty in tracing their owners (ISN,3-15-08) “The notorious [RBN] has suddenly pickedup from its St. Petersburg digs anddiversified, spreading its unwholesomeactivity to new chunks of IP addresses, withRBN-like activity almost immediatelyappearing on newly registered blocks ofChinese and Taiwanese IP addresses ”(e-Week, 11-8-07 )“The FBI estimates all types of computercrime in the U.S. costs industry about 400billion A growing worry is that cybercrookscould target emergency services forextortion purposes ” (Reuters, 9-15-06)“The number of people engaged in cybercrime as a full-time ‘profession’ in EasternEurope and, especially, in Asia isskyrocketing.” (SANS, 8-14-06)Richard Power, Carnegie Mellon CyLab 200829
Warnings Unheeded, Lessons UnlearnedA Decade Passed Between Salgado’s Almost Completely IgnoredCyber Caper & the TJ Maxx Blockbuster;Over A Decade has Passed Since the First Warnings of the Riseof Eastern European Organized Cyber Crime Richard Power, Carnegie Mellon CyLab 200830
Warnings Unheeded, Lessons UnlearnedHere are Some Important Questions –What Could Governments & Businesses Have Done?What Should Governments & Business Have Done?What Next Generation Risks & Threats Are We Ignoring Now?Richard Power, Carnegie Mellon CyLab 200831
Personal Cyber InsecurityWireless, Broadband, etc. Turn Home PCs into BothTargets & BasesIn 20th Century, Privacy wasSomething You Had to Protect In the 21st Century, Privacy isSomething You Have to CreateRichard Power, Carnegie Mellon CyLab 2008 Identity theftFinancial fraudCyber vandalismCyber stalkingCyber voyeurismRecon for physical theftRecon for physical violenceCharacter assassinationIntel gathering for blackmailIntel gathering for socialengineering attacks“John Deutch” factor32
Cyber Risks TimelineTen Years in the Wilderness – A Decade After Nunn Hearings Bad Software (Microsoft is Not “the Evil Empire” But )– 2006: Bill Gates -- Man of The Year (Again) “Microsoft perceives its customers to be developers, Apple perceives it customers to beend users” Only one US corporation that existed in 1900 still existed in 2000 (GE), but in 3000, therewill be two (GE & Microsoft) Bill Gates belongs on TIME cover for his humanitarian efforts Bill Gates does not belong keynoting RSA Conference -- three years in a row– 2003: CTO Loses Job for Blast at Microsoft Dan Geer, CTO for @Stake (which consults for Microsoft) fired for report calling Windowsa national cyber security threat Signed by seven researchers, report said dominance of Microsoft software on PCs hasmade networks susceptible to "massive, cascading failures," & that the complexity of thesoftware made it particularly vulnerable to virus & other attacksRichard Power/Dario Forte,Computer Fraud & Security Journal (2006)33
Cyber Risks TimelineTen Years in the Wilderness – A Decade After Nunn Hearings Lack of Progress and/or Continuity in Government– “Last year CSIA encouraged Congress & the Administration to raise the profile ofinformation security; improve information sharing, threat analysis, & contingencyplanning; & to prioritize & fund research & development .Unfortunately there is noforward momentum or clear set of priorities for action in 2006.” (CISA, 2006)– “For Chertoff to create a high-level cybersecurity position but neglect to fill thatposition after a year indicates that the Bush administration places a higher value onphysical security than it does on the nation's information infrastructure. Meanwhile,the country lacks a leader with the clout to coordinate communications in the eventof a massive IT disruption.” (Information Week, 7-06)– “The Homeland Security Department is not ready for a cyberattack or a naturaldisaster that causes a major Internet disruption, according to a GovernmentAccountability Report released today.” (FCW, 7-28-06)Richard Power/Dario Forte,Computer Fraud & Security Journal (2006)34
One Step Forward, Two Steps Back or Five Expert Views–––––Becky Bace (Infidel/Trident)Rik Farrow (www.spirit.com)Justin Peltier (Peltier Associates)Keith Rhodes (US GAO)Gene Spafford (CERIAS)In general, in terms of cyber security and cyber crime, would yousay one step forward two steps back or two steps forward onestep back? Or would you characterize it some other way?Richard Power/Dario Forte,Computer Fraud & Security Journal (2006)35
One Step Forward, Two Steps Back or Becky Bace, Infidel/Trident“ seriously behind the power curve .cybersecurity andcybercrime suffer from the ‘one generation trailing’ problem - bydefinition, both are reactive disciplines, especially in thecommercial arena - funding is applied to the problem only aftersomeone has divined that there is a problem Another aspect that is frustrating to me personally is the lack ofattention paid to security education. I can't think of any area thathas more strategic impact on our industrial base and nationalsecurity, yet public funding is consistently underbudgeted,mistargeted and misspent.”Richard Power/Dario Forte,Computer Fraud & Security Journal (2006)36
One Step Forward, Two Steps Back or Rik Farrow, www.spirit.com“Have there been any steps forward at all? Identity theft is still on therise, a large part of it due to identity info stolen via keystroke monitorsor phishing/scam sites. This information is traded in large onlinebazaars, and it appears that law enforcement is doing little to stopthis . Has software security gotten any better? Nope .Things have not gotten better. Instead, we continue to see a bandaidstyle approach – ‘Here, let me sell you irewall/NIPS/HIPS’ ”Richard Power/Dario Forte,Computer Fraud & Security Journal (2006)37
One Step Forward, Two Steps Back or Justin Peltier, Peltier Associates“One forward and two back . Too many security technologies areentrenched in the corporate environment and not enoughinnovation is taking place. Most organizations are rolling out thesame technologies that have failed time and time again, while theattackers are gaining complexity and new attacks at an almostmonthly basis.As long as security is mostly defined by one large enterprisefirewall and a poorly configured IDS/IPS system, the attackers willstill have an edge.”Richard Power/Dario Forte,Computer Fraud & Security Journal (2006)38
One Step Forward, Two Steps Back or Keith Rhodes, formerly US GAO, now Verizon“While our attack morphologies are getting much better (one stepforward) the attack vectors are increasing in number and speeddue to everyone having high speed internet access from their home(one step back) and due to the code getting buggier and buggier(one step back).So, if my math is correct, that's one step forward, two steps back.”Richard Power/Dario Forte,Computer Fraud & Security Journal (2006)39
One Step Forward, Two Steps Back or Gene Spafford, CERIAS, Purdue University“It's almost like we are making no steps.We have kept adding new technologies that are dangerous, seenour decision-makers choosing the path of least cost but significantdanger, and they have consistently applied band-aides for the mostcurrent threat but failed to heed long-term advice, or provideinvestment for research to really break out of the rut they havegotten into.Overall, I'm not very optimistic about the future.”Richard Power/Dario Forte,Computer Fraud & Security Journal (2006)40
Beginner’s Mind “In the beginner’s mind there are manypossibilities, but in the expert’s there are few.” “The goal is always to keep our beginner’smind.” “If you discriminate too much, you limityourself.” “If your mind is empty, it is already ready foranything; it is open to everything.” “This is the real secret of the arts: always be abeginner.”Shunryo Suzuki-RoshiRichard Power, Carnegie Mellon CyLab 200841
Information OperationsGoals of Information Operations “The objective for all IO is to dominate the information battlefield byattacking the enemy’s information resources and decision-makingcapabilities while protecting your own resources and capabilities from alladversaries. “In other words, IO has two very simple goals:– Goal #1: Optimize the decision making of the friendly guys– Goal #2: Degrade the decision making of the bad guys– That’s IO in a nutshell.”Col. Lawrence D. Dietz,US Army (Retired)Richard Power, Carnegie Mellon CyLab 200842
Infrastructure Attacks: What & HowMostly Privately Owned, Relied On for Public Good Information & Communications: Phones, InternetPhysical Distribution: Air traffic, rail, pipelinesEnergy: Gas, oil, electric power industriesBanking & Finance: Banks, financial services, mutualfunds, stock & commodities exchanges Vital Human Services: Water supply, emergencyservices, vital recordsSame Skills, Exploits, Modus Operandi, Opportunities areSeized by Common Cyber Criminals, (including badly designedsoftware & lack of preparedness in government & business) -Only Better Financed, Better Equipped, And Operating WithRelative ImpunityRichard Power, Carnegie Mellon CyLab 200843
Glimpses into the 21st Century Threat MatrixImagine if On 911, the last image people sawon their TVs was the WTC collapsingand then the phones went dead andthe power grid failedImagine if On 911, after the initial attacks, as allflights were grounded, those planesstill in the air could not land becauseof a series of attacks on the air trafficcontrol systemRichard Power, Carnegie Mellon CyLab 200844
Al-Qaeda Targeted Infrastructure“Routed thru switches in Saudi Arabia, Indonesia and Pakistan ”“Studied emergency telephone systems, electrical generation and transmission, waterstorage and distribution, nuclear power plants and gas facilities.“Some probes suggested planning for a conventional attack. But others homed in on aclass of digital devices that allow remote control of services such as fire dispatch and ofequipment such as pipelines.“More information about those devices -- and how to program them -- turned up on alQaeda computers seized this year.“Most significantly, perhaps, U.S. investigators have found evidence in the logs that marka browser's path through the Internet that al Qaeda operators spent time on sites thatoffer software and programming instructions for the digital switches that run power, water,transport and communications grids.”(Washington Post, 6-26-02)Richard Power, Carnegie Mellon CyLab 200845
Lebanon 2006“What Hezbollah did was to monitor our radio andimmediately send it to their Al-Manar TV, whichbroadcast it almost live, long before the official Israeliradio.” Hezbollah appears to have divided a three milewide strip along the Israeli-Lebanese border intonumerous “killing boxes”. Each box was protected inclassic guerrilla fashion with booby-traps, land mines,and even CCTV cameras to watch every step of theadvancing Israeli army. (London Times, 8-27-06)Israel hacked into the television station of Hezbollah,emblazoning images on the screen showing pictures ofcorpses and claiming the Shiite militant group's leaderHassan Nasrallah was a liar .Israel also hacked intoFM radio stations and instead of normal programs atwo-minute recording was repeatedly broadcast (Agence France-Presse, 8-2-06)Richard Power, Carnegie Mellon CyLab 2008Hezbollah monitors Israeli and internationaltelevision news footage of scenes fromrocket landings inside Israel and has usedthe broadcasts the past few weeks to moreaccurately target installations in the Jewishstate (World Net Daily, 8-14-06)46
Glimpses into the 21ST Century Threat MatrixWho & Why: Usual (& Unusual) Suspects? Jihadists– Economic & Psychological Blow Nation States (Hegemons & Rogues)– Distract & Debilitate Adversary Bizarro World (Cults & Loners)– Hasten Apocalypse, Tear Down Social Order Criminal Elements– Extortion, Reprisal Corporate and/or Internal Political Enemies– Foil Competitors, Subvert Democratic InstitutionsRichard Power, Carnegie Mellon CyLab 200847
Truth is Stranger Than Fiction1984: “Shoko Asahara had a one-room yoga school, a handful ofdevotees, and a dream: world domination. A decade later, AumSupreme Truth boasted 40,000 followers in six countries and aworldwide network .” (David E. Kaplin, Cult At The End of the World)1995: Aum Shinrikyo (Supreme Truth) cult carried six packages ontoTokyo subway trains releasing deadly Sarin gas killing 12 persons andinjuring more than 5,000. first major attack using chemical weapons bya terrorist organisation (History of War)2000: Japan’s Defense Agency delayed deployment of a new computersystem after discovering that it used software developed by members ofAum Shinri Kyo. The Defense Agency was only one of 90 governmentorganizations and private companies that unknowingly ordered softwareproduced by the cult. (BBC, 3-1-00)2006: Japanese security officers raided 25 offices of the doomsday cult after its founder lost a last appeal against his death sentence. (TheAustralian, 9-16-06)Richard Power, Carnegie Mellon CyLab 200848
Truth is Stranger Than FictionTheodore John Kaczynski, a.k.a. the Unabomber, mathematician,genius, loner and Luddite1978 – 1995: 15 bombings throughout the USA, killing 3 andwounding 234-24-95: New York Times receives a letter from the Unabomber,promising to stop sending bombs if a 29,000- to 37,000-word articlewritten by the group is printed9-19-95: Washington Post prints the Unabomber's 'manifesto' in aneight-page supplement4-3-96: Kaczynski, living as a recluse in a one-room cabin, turned in byhis brother who thought Kaczynski's writings bore a strikingresemblance to the Unabomber's manifestoRichard Power, Carnegie Mellon CyLab 200849
Could the First Cyber War Be Domestic?Avi Rubin:"There are many things that we teachin Security 101 that were notunderstood by the developers ofthese machines Within an hour oflooking at the source code in theDiebold machines, we knew werelooking at very bad code ”(CBS, 1-3-03)Richard Power/Dario Forte,Computer Fraud & Security Journal (2006)50
Could the First Cyber War Be Domestic?Examples of problems reported by GAOinclude C
CSI/FBI 2002 Computer Crime and Security Survey Source: Computer Security Institute 2002: 414 Respondents/82% 2001: 384 Respondents/72% 2000: 443 Respondents/68% 1999: 324 Respondents/62% 1998: 279 Respondents/54% 1997: 391 Respondents/69% 1996: 174 Respondents/40% % of Respondents
May 02, 2018 · D. Program Evaluation ͟The organization has provided a description of the framework for how each program will be evaluated. The framework should include all the elements below: ͟The evaluation methods are cost-effective for the organization ͟Quantitative and qualitative data is being collected (at Basics tier, data collection must have begun)
Silat is a combative art of self-defense and survival rooted from Matay archipelago. It was traced at thé early of Langkasuka Kingdom (2nd century CE) till thé reign of Melaka (Malaysia) Sultanate era (13th century). Silat has now evolved to become part of social culture and tradition with thé appearance of a fine physical and spiritual .
On an exceptional basis, Member States may request UNESCO to provide thé candidates with access to thé platform so they can complète thé form by themselves. Thèse requests must be addressed to esd rize unesco. or by 15 A ril 2021 UNESCO will provide thé nomineewith accessto thé platform via their émail address.
̶The leading indicator of employee engagement is based on the quality of the relationship between employee and supervisor Empower your managers! ̶Help them understand the impact on the organization ̶Share important changes, plan options, tasks, and deadlines ̶Provide key messages and talking points ̶Prepare them to answer employee questions
Dr. Sunita Bharatwal** Dr. Pawan Garga*** Abstract Customer satisfaction is derived from thè functionalities and values, a product or Service can provide. The current study aims to segregate thè dimensions of ordine Service quality and gather insights on its impact on web shopping. The trends of purchases have
Chính Văn.- Còn đức Thế tôn thì tuệ giác cực kỳ trong sạch 8: hiện hành bất nhị 9, đạt đến vô tướng 10, đứng vào chỗ đứng của các đức Thế tôn 11, thể hiện tính bình đẳng của các Ngài, đến chỗ không còn chướng ngại 12, giáo pháp không thể khuynh đảo, tâm thức không bị cản trở, cái được
Glossary of Social Security Terms (Vietnamese) Term. Thuật ngữ. Giải thích. Application for a Social Security Card. Đơn xin cấp Thẻ Social Security. Mẫu đơn quý vị cần điền để xin số Social Security hoặc thẻ thay thế. Baptismal Certificate. Giấy chứng nhận rửa tội
the 1st Edition of Botswana Cyber Security Report. This report contains content from a variety of sources and covers highly critical topics in cyber intelligence, cyber security trends, industry risk ranking and Cyber security skills gap. Over the last 6 years, we have consistently strived to demystify the state of Cyber security in Africa.
