DOCSLIB.ORG

Committee: General Assembly 3 (Disarmament and Global Security

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Committee: General Assembly 3 (Disarmament and Global Security Committee: General Assembly 3 (Disarmament and Global Security) Issue: Establishing International Methods of Combatting Cyber Warfare Student Officer: Alia ElKattan (President of General Assembly 3) I. Introduction Cyber warfare is using computers and electronic means to attack other networks and computers worldwide. Hackers are generally trained in software programming and knowing the details of computer networks, to form the attacks. The difficulty in combating cyber-attacks lies in the difficulty to identify the source of attacks, making it difficult to trace down the attackers. Hackers often are working under governments or organizations, attacking other governments for the aim of disruption or destroying their networks. It is one of the strongest current weapons, and is influenced by political aims and conflicts. Generally, cyber warfare can be used for both spying and destroying other networks. The most unique aspect of cyber warfare is that cyber space is the only warfare domain that is entirely man-made (unlike land, sea, air, and space). II. Key Vocabulary Stuxnet Trojan: [noun] Said to be one of the most sophisticated cyber weapon yet, developed by the US and Israel, and is used to demolish Iran's nuclear system. Cyber: [prefix] Electronic and internet technology. Infrastructure: [noun] Organizations and facilities needed for the operation of a society. Electronic Pearl Harbor: [noun] Pearl Harbor is the part that led the US to enter World War II. The term electronic Pearl Harbor is not used in this literal meaning, but to symbolize attacks or how cyber warfare can lead to wars or great losses to society. Malware: [noun] A software that intents to harm and disturb computers and networks. III. Involved Countries and Organizations India Cyber-attacks have been a constant challenge to the Indian government, the greatest external pressures being China, Bangladesh, and Pakistan. Their national security agenda is constantly being attacked and intruded. The government has allowed closer cooperation with industry and government work to enhance India's IT software. As a result, a Defense Intelligence Agency and a National Defense university have been formed. Amongst the DIA (Defense Intelligence Agency)'s work is the establishment of a powerful information warfare agency specialized for cyber war and other technologies. After nuclear tests in New Delhi,"Milw0rm", an anti-nuclear group hacked into India's Bhaba Atomic Research Center (BARC) on June 7, 1998. Probably India's greatest rival and cause to its cyber warfare capabilities is Pakistan. There have been conflicts between India and Pakistan concerning cyber war. The Indian Home Secretary R.K Singh has commented on it before saying, "Pakistan is trying to create trouble by inciting people… This exposes its attempt at cyber warfare against India." ‘G-force Pakistan’, ‘Death to India’, and ‘Dr. Nuker’ are all Pakistani hacker groups that have been reportedly attacking Indian cyberspace. Due to cyber wars between Pakistan and India, hundreds of websites have been hacked and destroyed on both sides. 1 "The rapid technological developments underway at the same time not only facilitate these events by reducing our reaction time but add entirely new dimensions of threat and challenges, such as the Revolution in Military Affairs (RMA) and offensive/defensive information warfare.", Government of India in a report about National Security, 2001. United States The United States is one of the major countries that are involved in cyber warfare on a large scale. It is under great threat from many criminal groups, individuals, and nation states. It is, however, one of the most powerful countries in the world in the cyber world. The United States of America has made numerous attacks previously, most importantly its attacks on Iran. In 2010, Stuxnet Trojan, which is linked with the US, has attacked Iran's nuclear program and the Flame cyber surveillance tool. After Obama won the American presidency, he has decided to continue and speed up the attacks on Iran's nuclear program. The American Air Force was also seeking to enhance its cyber warfare tools and capabilities. According to the Air Force, it is looking and aiming to "disrupt, deny, degrade, destroy, or deceive an adversary's ability to use the cyberspace domain to his advantage," US Marine Corps Lt. General Mills has openly admitted the use of cyber warfare in Afghanistan and its success. He talked about the uses of cyber warfare on August 15th, 2012 saying "I can tell you that as a commander in Afghanistan in the year 2010, I was able to use my cyber operations against my adversary with great impact." According to the U.S Defense Secretary, the country has strongly stated that it is planning on strengthening its cyber warfare unit and significantly increasing its importance in the Pentagon. As Defense Secretary Chuck Hagel said, this was to protect the country against foreign cyber-attacks. When asked about his policies, he stated that while he aimed to show strength, he also wants to “tame” the United States’ image as an aggressor in the field of computer warfare. The United States, Hagel said, does not seek militarizing cyberspace. China China is one of the strongest 'Cyber Powers' in the world, with a unique model for cyber warfare with their national support and the PLA (People's Liberation Army). There is clear development in the Chinese cyber warfare strategies and capabilities, starting from the 1990's. The Chinese government thinks that a great step towards becoming a very powerful nation is to increase its security and cyber warfare capabilities. The PLA has capabilities to test new technologies and increase its sophisticated tools with China's strong economy support. China sees cyber warfare as a tool to defeat a superior military. According to a quote mentioned by the CIA, an unknown Chinese official has expressed the great and powerful capabilities of cyber-attacks and military technology saying, "We can make the enemy's command centers not work by changing their data system. We can cause the enemy's headquarters to make incorrect judgment(s) by sending disinformation. We can dominate the enemy's banking system and even its entire social order." One of China's most powerful cyber-attacks was GhostNet, which succeeded in penetrating 103 countries. Chinese Major General Wang Pufeng has also stated his views concerning information warfare, and China’s wills to become more powerful and superior in the field: "In summary, our warfare methods must adapt to the needs of information warfare. We must use all types, forms, and methods of force, and especially make more use of nonlinear warfare and many types of information warfare methods which combine native and Western elements to use our strengths in order to attack the enemy's weaknesses, avoid being reactive, and strive for being active. In this way, it will be entirely possible for China to achieve comprehensive victory over the enemy even under the conditions of inferiority in information technology." 2 NATO Cyber-attacks have been and are a continuous threat to the North Atlantic Treaty Organization. NATO realizes that with the current cyber warfare attacks, defending its network systems and information is a top priority. NATO defense ministers have approved a policy that sets a clear path and vision on the NATO's cyber defense; the NATO Policy on Cyber Defense. The organization has stated on their official website that cyber defense is one of its main capabilities. They have made several training sessions, where representatives from countries try to fight 'fake' cyber-attacks, and see how they will deal with it if NATO is under attack. As new defense tools will be applied, all structures in the organization will be brought to centralized defense, protecting it from any possible attacks. NATO has established the NATO Communications and Information Agency (NCIA) on the 1st of July, 2012, in efforts of bringing NATO under severe protection and save long-term costs, along with many significant benefits to the organization. INTERPOL The 'International Police for a Safer World' views cybercrime as probably the fastest growing areas of crime, with the fastest growing rate of criminals. Unlike in the past when cybercrime was committed by individuals, nowadays organized associations both in the private sector and governments work together on cyber-attacks. Up to USD 1 trillion was stolen from worldwide businesses using cybercrime, and over USD 8 billion were spent on cybercrime worldwide in the years 2007 and 2008. The INTERPOL sees its role is to form investigations worldwide on cybercrime, develop partnerships with worldwide organizations, and identify the threats. They have also created a contact list of 131 officers by the end of 2011 which are always available and open for cybercrime investigations. IV. Focused Overview of the Issue Cyberspace is considered to be the fourth war domain, not subject to any natural barrier, and the only domain man made. It is the internet, telecommunication, and computer systems. Moreover, cyber space, is made, owned, and operated by private organizations and governments around the globe. The system of computers is very complicated, and therefore makes it extremely hard sometimes to identify the source of cyber-attacks. Many governments and private sectors have the capabilities for cyber warfare, a UNIDIR report showed that 33 countries use cyber warfare and 133 countries using open source information and organizations. 3 Cyber Warfare in the UN Charter Attacks in cyber warfare can be categorized into three types: attack, defense, or exploitation (misuse of the cyber space). Cyber-attack, while examined by the United Nations, could be identified as three things: 1. International threat. 2. Necessary attack for self-defense. 3. "Threat to the peace", a "breach of the peace", or a form of aggression. In this case, the attacks are subject to be discussed by the United Nations Security Council, where there intervention would be necessary.
Load more

Recommended publications
  • Investigating Web Defacement Campaigns at Large
    Session 11: Malware and Web ASIACCS’18, June 4–8, 2018, Incheon, Republic of Korea Investigating Web Defacement Campaigns at Large Federico Maggi, Marco Balduzzi, Ryan Flores, Lion Gu, Vincenzo Ciancaglini Forward-Looking Threat Research Team - Trend Micro, Inc. ABSTRACT the attack, team affiliation of the defacer(s), or nicknames ofthe Website defacement is the practice of altering the web pages of a supporting actors. Over the years, defacers have abandoned their website after its compromise. The altered pages, called deface pages, interested in defacing for the mere purpose of advertising the com- can negatively affect the reputation and business of the victim site. promise, pursuing defacement more as a mean to broadcast strong Previous research has focused primarily on detection, rather than messages “to the World”—by compromising popular websites. exploring the defacement phenomenon in depth. While investigat- Despite several actors are still driven by the desire of promot- ing several defacements, we observed that the artifacts left by the ing their own reputation, an increasing number of defacers strive defacers allow an expert analyst to investigate the actors’ modus instead to promote their ideologies, religious orientation, political operandi and social structure, and expand from the single deface views, or other forms of activism, often closely following real-world page to a group of related defacements (i.e., a campaign). However, events (e.g., war, elections, crisis, terrorist attacks). We refer to this manually performing such analysis on millions of incidents is te- phenomenon as dark propaganda, to highlight that legitimate re- dious, and poses scalability challenges. From these observations, we sources are abused for pushing the actors’ viewpoints.
    [Show full text]
  • Crime and the Internet
    Crime and the Internet Is the Internet really powerful enough to enable a sixteen-year-old boy to become the biggest threat to world peace since Adolf Hitler? Are we all now susceptible to cybercriminals who can steal from us without ever having to leave the comfort of their own armchairs? These are fears which have been articulated since the popular development of the Internet, yet criminologists have been slow to respond to them. Consequently, questions about what cyber- crimes are, what their impacts will be and how we respond to them remain largely unanswered. Organised into three sections, this book engages with the various crimino- logical debates that are emerging over cybercrime. The first section looks at the general problem of crime and the internet; it then describes what is currently understood by the term ‘cybercrime’, before identifying some of the challenges that are presented for criminology. The second section explores the different types of cybercrime and their attendant problems. The final section contem- plates some of the challenges that cybercrimes give rise to for the criminal justice system. David Wall is Director of the Centre for Criminal Justice Studies, Department of Law, University of Leeds Crime and the Internet Edited by David S. Wall London and New York First published 2001 by Routledge 11 New Fetter Lane, London EC4P 4EE Simultaneously published in the USA and Canada by Routledge 29 West 35th Street, New York, NY 10001 Routledge is an imprint of the Taylor & Francis Group This edition published in the Taylor & Francis e-Library, 2004. © 2001 selection and editorial matter David S.
    [Show full text]
  • Ethical Hacking
    Ethical Hacking Alana Maurushat University of Ottawa Press ETHICAL HACKING ETHICAL HACKING Alana Maurushat University of Ottawa Press 2019 The University of Ottawa Press (UOP) is proud to be the oldest of the francophone university presses in Canada and the only bilingual university publisher in North America. Since 1936, UOP has been “enriching intellectual and cultural discourse” by producing peer-reviewed and award-winning books in the humanities and social sciences, in French or in English. Library and Archives Canada Cataloguing in Publication Title: Ethical hacking / Alana Maurushat. Names: Maurushat, Alana, author. Description: Includes bibliographical references. Identifiers: Canadiana (print) 20190087447 | Canadiana (ebook) 2019008748X | ISBN 9780776627915 (softcover) | ISBN 9780776627922 (PDF) | ISBN 9780776627939 (EPUB) | ISBN 9780776627946 (Kindle) Subjects: LCSH: Hacking—Moral and ethical aspects—Case studies. | LCGFT: Case studies. Classification: LCC HV6773 .M38 2019 | DDC 364.16/8—dc23 Legal Deposit: First Quarter 2019 Library and Archives Canada © Alana Maurushat, 2019, under Creative Commons License Attribution— NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) https://creativecommons.org/licenses/by-nc-sa/4.0/ Printed and bound in Canada by Gauvin Press Copy editing Robbie McCaw Proofreading Robert Ferguson Typesetting CS Cover design Édiscript enr. and Elizabeth Schwaiger Cover image Fragmented Memory by Phillip David Stearns, n.d., Personal Data, Software, Jacquard Woven Cotton. Image © Phillip David Stearns, reproduced with kind permission from the artist. The University of Ottawa Press gratefully acknowledges the support extended to its publishing list by Canadian Heritage through the Canada Book Fund, by the Canada Council for the Arts, by the Ontario Arts Council, by the Federation for the Humanities and Social Sciences through the Awards to Scholarly Publications Program, and by the University of Ottawa.
    [Show full text]
  • Introduction
    Introduction Toward a Radical Criminology of Hackers In the expansive Rio Hotel and Casino in Las Vegas, I stood in line for around an hour and a half to pay for my badge for admittance into DEF CON 21, one of the largest hacker conventions in the world. The wad of cash in my hand felt heavier than it should have as I approached the badge vendor. DEF CON is an extravagant affair and attendees pay for it (though, from my own readings, the conference administrators work to keep the costs reduced). The line slowly trickled down the ramp into the hotel con- vention area where the badge booths were arranged. As I laid eyes on the convention, my jaw dropped. It was packed. Attendees were already mov- ing hurriedly throughout the place, engaged in energetic conversations. Black t- shirts— a kind of hacker uniform— were everywhere. Las Vegas- and gambling- themed décor lined the walls and floors. Already, I could see a line forming at the DEF CON merchandise booth. Miles, a hacker I had gotten to know throughout my research, mentioned that if I wanted some of the “swag” or “loot” (the conference merchandise), I should go ahead and get in line, a potential three- to four-hour wait. Seemingly, everyone wanted to purchase merchandise to provide some evidence they were in attendance. Wait too long and the loot runs out. After winding through the serpentine line of conference attendees wait- ing for admittance, I approached the badge vendors and (dearly) departed with almost $200. Stepping into the convention area, I felt that loss in the pit of my stomach.
    [Show full text]
  • The Hacker Voice Telecomms Digest #2.00 LULU
    P3 … Connections. P5 … You Got Mail… Voicemail. P7 … Unexpected Hack? P8 … Rough Guide To No. Stations pt2. P12 … One Way/One Time Pads. P16 … Communications. Your Letters, Answered… Perhaps! P17 … The Hacker Voice Projects. P19 … Automating Network Enumeration. P22 … An Introduction to Backdoors. The Hackers Voice Digest Team P27 … Interesting Numbers. Editors: Demonix & Blue_Chimp. Staff Writers: Belial, Blue_Chimp, Naxxtor, Demonix, P28 … Phreaking Bloody Adverts! Hyper, & 10Nix. Pssst! Over Here… You want one of these?! Contributors: Skrye, Vesalius, Remz, Tsun, Alan, Desert Rose & Zinya. P29 … Intro to VoIP for Practical Phreaking Layout: Demonix. Cover Graphics : Belial & Demonix. P31 … Google Chips. Printing: Printed copies of this magazine (inc. back issues) are available from P32 … Debain Ubuntu A-Z of Administration. www.lulu.com. Thanks : To everyone who has input into this issue, especially the people who have P36 … DIY Tools. submitted an article and gave feedback on the first Issue. P38 … Beginners Guide to Pen Testing. Back Page: UV’s World War Poster Productions. P42 … The Old Gibson Phone System. What is The Hackers Voice? The Hackers Voice is a community designed to bring back hacking P43 … Introduction to R.F.I. and phreaking to the UK . Hacking is the exploration of Computer Science, Electronics, or anything that has been modified to P55 … Unexpected Hack – The Return! perform a function that it wasn't originally designed to perform. Hacking IS NOT EVIL, despite what the mainstream media says. We do not break into people / corporations' computer systems and P56 … Click, Print, 0wn! networks with the intent to steal information, software or intellectual property.
    [Show full text]
  • Index Images Download 2006 News Crack Serial Warez Full 12 Contact
    index images download 2006 news crack serial warez full 12 contact about search spacer privacy 11 logo blog new 10 cgi-bin faq rss home img default 2005 products sitemap archives 1 09 links 01 08 06 2 07 login articles support 05 keygen article 04 03 help events archive 02 register en forum software downloads 3 security 13 category 4 content 14 main 15 press media templates services icons resources info profile 16 2004 18 docs contactus files features html 20 21 5 22 page 6 misc 19 partners 24 terms 2007 23 17 i 27 top 26 9 legal 30 banners xml 29 28 7 tools projects 25 0 user feed themes linux forums jobs business 8 video email books banner reviews view graphics research feedback pdf print ads modules 2003 company blank pub games copyright common site comments people aboutus product sports logos buttons english story image uploads 31 subscribe blogs atom gallery newsletter stats careers music pages publications technology calendar stories photos papers community data history arrow submit www s web library wiki header education go internet b in advertise spam a nav mail users Images members topics disclaimer store clear feeds c awards 2002 Default general pics dir signup solutions map News public doc de weblog index2 shop contacts fr homepage travel button pixel list viewtopic documents overview tips adclick contact_us movies wp-content catalog us p staff hardware wireless global screenshots apps online version directory mobile other advertising tech welcome admin t policy faqs link 2001 training releases space member static join health
    [Show full text]
  • The Web Attacker Perspective – a Field Study
    20102010 IEEE 21st 21st International International Symposium Symposium on onSoftware Software Reliability Reliability Engineering Engineering The Web Attacker Perspective – A Field Study José Fonseca Marco Vieira, Henrique Madeira CISUC, University of Coimbra / CISUC, University of Coimbra Polytechnic Institute of Guarda, Portugal Coimbra, Portugal [email protected] [email protected], [email protected] Abstract—Web applications are a fundamental pillar of today’s corporations in recent years reflects the increasing concern globalized world. Society depends and relies on them for top managers now have about web security. However, there business and daily life. However, web applications are under are some significant factors that still make securing web constant attack by hackers that exploit their vulnerabilities to applications a task hard to fulfill. Some examples are the fast access valuable assets and disrupt business. Many studies and growing market, their high exposure to attacks and the reports on web application security problems analyze the general lack of knowledge or experience in the area of victim’s perspective by detailing the vulnerabilities publicly security from those who develop and manage these disclosed. In this paper we present a field study on the applications. attacker’s perspective by looking at over 300 real exploits used In spite of all security-related efforts, web applications by hackers to attack web applications. Results show that SQL are typically deployed with security vulnerabilities that make injection and Remote File Inclusion are the two most frequently used exploits and that hackers prefer easier rather them vulnerable to attacks. This suggests that web than complicated attack techniques.
    [Show full text]
  • Zero-Day Malware Project Assignment
    Zero-day Malware Project Assignment Trondheim, December 17, 2008 Norwegian University of Science and Technology Faculty of Information Technology, Mathematics and Electrical Engineering Department of Telematics Finn Michael Halvorsen, Rune Walsø Nerg˚ardand H˚avard Vegge NORWEGIAN UNIVERSITY OF SCIENCE AND TECHNOLOGY FACULTY OF INFORMATION TECHNOLOGY, MATHEMATICS AND ELECTRICAL ENGINEERING PROJECT ASSIGNMENT Students: Finn Michael Halvorsen, Rune Walsø Nerg˚ard and H˚avard Vegge Course: TTM4530 Title: Zero-day Malware Description: The current trend in malware is increased stealth for the purpose of creating large, undetected botnets. Coupled with the closing gap between time of vulnerability detection to time of available exploit, this leads to an increasing lag time for anti-malware vendors. The task is two-fold: 1. Design a laboratory testbed consisting of updated Microsoft Windows PCs, with updated anti-malware software installed, and then expose these systems to known suspicious sites, file-sharing systems, etc. 2. At a given time afterwards perform an offline malware search of the system with updated anti-malware tools to determine whether the system was infected with zero-day malware. Deadline: December 17, 2008 Submission date: December 17, 2008 Carried out at: Department of Telematics Supervisor: Martin Gilje Jaatun, SINTEF ICT Co-Supervisor: Jostein Jensen, SINTEF ICT Trondheim, December 11, 2008 Danilo Gligoroski Professor Abstract There has been an enormous increase in malware variants during the last year. This has made it even more difficult for the anti-malware vendors to maintain protection against the vast amount of threats. Various obfuscation techniques, such as polymorphism, con- tribute to this trend. The ongoing battle between malware creators and anti-virus vendors causes an increasing signature lag, which leads to vulnerable end-systems for home users as well as in corporate environments.
    [Show full text]
  • Cyber Warfare an Analysis of the Means and Motivations of Selected Nation States
    CYBER WARFARE AN ANALYSIS OF THE MEANS AND MOTIVATIONS OF SELECTED NATION STATES INSTITUTE FOR SECURITY TECHNOLOGY STUDIES AT DARTMOUTH COLLEGE November 2004 Charles Billo Revised December 2004 Welton Chang 45 Lyme Road Hanover, NH 03755 603-646-0700 INSTITUTE FOR SECURITY TECHNOLOGY STUDIES ___________________________________________________________ Authors of this report: Charles G. Billo Senior Research Associate, ISTS Welton Chang Research Intern, ISTS ACKNOWLEDGEMENTS We are grateful for the numerous comments received from our anonymous reviewers as well as ISTS reviewers. In particular, the substantive suggestions received from Professor David Kotz, Eric Goetz, and Colleen Hurd, were especially helpful. We would like to thank Sarah Brooks and Jocelyn Troy for their help. We would also like to thank George Bakos, Kathleen Cassedy, Amy Gannon, Robert Hillery, Dennis McGrath, and the Technical Analysis Group at ISTS. DISCLAIMERS All Internet links and citations contained within were active at the time of publication. We cannot guarantee that the links will remain active indefinitely, although an effort was made to ensure that each citation contained enough information for the cited source to be located in print or other forms of media. Information available prior to November 1, 2004 was used in this report. Copyright © 2004, Trustees of Dartmouth College. All rights reserved. This project was supported under Award No. 2000-DT-CX-K001 from the Office for Domestic Preparedness, U.S. Department of Homeland Security. Points of view in this document are those of the authors and do not necessarily represent the official position of the U.S.Department of Homeland Security. 2 INSTITUTE FOR SECURITY TECHNOLOGY STUDIES ___________________________________________________________ FOREWORD This study, written in response to a grant provided by the Department of Homeland Security, assesses potential foreign computer threats to information technology networks in the United States.
    [Show full text]
  • Hack Attacks Revealed
    Hack Attacks Revealed A Complete Reference with Custom Security Hacking Toolkit John Chirillo This netLibrary eBook does not include the ancillary media that was packaged with the original printed version of the book. Publisher: Robert Ipsen Editor: Carol A. Long Assistant Editor: Adaobi Obi Managing Editor: Micheline Frederick New Media Editor: Brian Snapp Text Design & Composition: Thomark Design Designations used by companies to distinguish their products are often claimed as trademarks. In all instances where John Wiley & Sons, Inc., is aware of a claim, the product names appear in initial capital or ALL CAPITAL LETTERS. Readers, however, should contact the appropriate companies for more complete information regarding trademarks and registration. Copyright © 2001 by John Chirillo. All rights reserved. Published by John Wiley & Sons, Inc. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per- copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750- 8400, fax (978) 750-4744. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 605 Third Avenue, New York, NY 10158-0012, (212) 850-6011, fax (212) 850-6008, E-Mail: PERMREQ @ WILEY.COM. This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is sold with the understanding that the publisher is not engaged in professional services.
    [Show full text]
  • Anti-War and the Cyber Triangle Strategic Implications of Cyber Operations and Cyber Security for the State
    Anti-War and the Cyber Triangle Strategic Implications of Cyber Operations and Cyber Security for the State Sven Herpig ACKNOWLEDGEMENT I would like to thank my loving wife – source of inspiration, firmest believer and harshest critic. For without her, this research would have never progressed beyond the first few paragraphs. I am deeply grateful for having an amazing family. Their tireless encouragement and support allowed me to pursue my dreams. During the years of research, I was not able to spend as much time with them as I would have wanted, and only a tiny fraction of what they would have deserved. I would also like to acknowledge Doctor David Lonsdale, brilliant academic and amazing supervisor, without whom this work would have remained a body without soul. Last but not least, I want to give a shout-out to all the infosec people, cyber libertarians, strategists, hackers, academics and practitioners who helped me with their immense knowledge and vast networks over the last couple of years. Sven Herpig, January 2016 ____________________________ PhD Thesis, University of Hull Research: May 2011–March 2015 Approval: August 2015 Editing: January 2016 1 TABLE OF CONTENTS LIST OF ABBREVIATIONS .....................................................................................7 LIST OF FIGURES ................................................................................................... 10 LIST OF TABLES ..................................................................................................... 11 INTRODUCTION ....................................................................................................
    [Show full text]
  • 1. Introduction a Small Number of ‘Mass Market’ Software Infrastructures Now Support a Broad Range of Critical Systems
    Anti‐Social Networking: Crowdsourcing and the CyberDefence of National Critical Infrastructures Chris W. Johnson, School of Computing Science, University of Glasgow, Glasgow, Scotland, G12 8RZ. [email protected], http://www.dcs.gla.ac.uk/~johnson Abstract The last decade has seen a growing number of cyber‐attacks, for instance on Estonia, Belarus, Lithuania, Georgia, Pakistan and India. It has been difficult to determine whether or not these incidents were state‐sponsored. This paper identifies three different roles that social networking and social media have played in this ‘attribution problem’. Firstly, social networks have motivated individuals to participate in mass Denial of Service (DoS) attacks. They have disseminated information and provided access to resources, including botnets that were originally developed by cyber‐criminal groups. Secondly, we show how information about an individual’s social networks has supported targeted attacks, such as spear phishing, on opposition groups. Malware is, typically, disguised in a document that was intercepted from a colleague or friend. The recipient is more likely to open an attachment or link if it has been sent from a trusted source. Thirdly, we show how the development of Cloud infrastructures to support social networking applications has created disposable architectures for the Command and Control servers that coordinate malware attacks. The ubiquitous and distributed nature of these architectures makes it increasingly difficult to determine who owns and operates these systems. The closing sections of the paper identify a roadmap for the defensive measures that might be used to minimise the future threats from the ‘dark side’ of social networking1. Keywords: Cyber‐defence, National Critical Infrastructures, Software Security.
    [Show full text]