DOCSLIB.ORG

Cyber-Attacks and the Exploitable Imperfections of International Law

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Cyber-Attacks and the Exploitable Imperfections of International Law Cyber-Attacks and the Exploitable Imperfections of International Law By Yaroslav Radziwill LEIDEN | BOSTON Library of Congress Cataloging-in-Publication Data Radziwill, Yaroslav, author. Cyber-attacks and the exploitable imperfection of international law / by Yaroslav Radziwill. pages cm Based on author’s thesis (doctoral — University of Warwick, 2014) issued under title: Cyber-attacks and international law : imperfections of a stagnant legal regime. Includes bibliographical references and index. ISBN 978-90-04-29833-0 (hardback : alk. paper) — ISBN 978-90-04-29830-9 (e-book) 1. Information warfare (International law) 2. Cyberspace operations (Military science) I. Title. KZ6718.R33 2015 341.6’3—dc23 2015023019 This publication has been typeset in the multilingual “Brill” typeface. With over 5,100 characters covering Latin, ipa, Greek, and Cyrillic, this typeface is especially suitable for use in the humanities. For more information, please see brill.com/brill-typeface. isbn 978-90-04-29833-0 (hardback) isbn 978-90-04-29830-9 (e-book) Copyright 2015 by Koninklijke Brill nv, Leiden, The Netherlands. Koninklijke Brill NV incorporates the imprints Brill, Brill Hes & De Graaf, Brill Nijhoff, Brill Rodopi and Hotei Publishing. All rights reserved. No part of this publication may be reproduced, translated, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior written permission from the publisher. Authorization to photocopy items for internal or personal use is granted by Koninklijke Brill nv provided that the appropriate fees are paid directly to The Copyright Clearance Center, 222 Rosewood Drive, Suite 910, Danvers, ma 01923, usa. Fees are subject to change. This book is printed on acid-free paper. This book is dedicated to my wonderful, lovely wife Maarja. ∵ Contents Preface ix Abbreviations x Glossary xiv 1 Introduction 1 1.1 Introduction 1 1.2 Objectives and Research Questions 4 1.3 Structure of the Book 9 1.4 Choice of Terminology 11 1.5 Conclusion 14 2 Theoretical Framework 15 2.1 Introduction 15 2.2 Legal Framework 15 2.3 Political Component 28 2.4 Conclusion 39 3 Cyber-Threat 40 3.1 Introduction 40 3.2 The Hypothetical Threat 40 3.3 Reported Cyber-Incidents 57 3.4 Conclusion 83 4 Cyber-Space 85 4.1 Introduction 85 4.2 Territoriality of Cyber-Space 86 4.3 Sovereignty over the Virtual Realm 95 4.4 Jurisdiction in Cyber-Space 109 4.5 Conclusion 123 5 Cyber-Strikes and Jus ad Bellum 125 5.1 Introduction 125 5.2 Cyber-Attacks and the Use of Force 126 5.3 Cyber-Attacks and Self-Defense 142 5.4 Cyber-Attacks and Aggression 160 5.5 Conclusion 171 viii contents 6 Humanitarian Law Perspective 173 6.1 Introduction 173 6.2 General Applicability of International Humanitarian Law 174 6.3 Principle of Humanity 181 6.4 Necessity and Proportionality in Jus in Bello 195 6.5 Principle of Distinction 201 6.6 Deception 214 6.7 Principle of Neutrality 218 6.8 Conclusion 223 7 Cyber-Terrorism 225 7.1 Introduction 225 7.2 Terrorism and Cyber-Terrorism as Legal Concepts 226 7.3 Conventional Cyber-Terrorism 243 7.4 Escalated Conventional Cyber-Terrorism: Jus ad Bellum 247 7.5 Archaic Cyber-Terrorism: Jus in Bello 257 7.6 Conclusion 265 8 Role of International Organizations 266 8.1 Introduction 266 8.2 United Nations as Part of the Problem 267 8.3 United Nations as Part of the Solution 277 8.4 Role of Other International Organizations 301 8.5 Conclusion 310 9 Conclusion 312 9.1 Introduction 312 9.2 Validity of the Idea 312 9.3 A Way Forward 321 Appendix 1—Toolkit of a Modern-Day Cracker 323 Appendix 2—Normative Model for Command Authorities (Jus ad Bellum) 330 Appendix 3—Direct Participation in Hostilities: A List of Academic Examples 332 Bibliography 337 Index 400 Preface In April 2007, Estonia’s attention was focused, for the most part, on the vio- lent riot resulting from the relocation of the Bronze Soldier and on the police brutality pertaining to the suppression of that riot. During this period, Estonia became a target for a number of cyber-attacks. As an Estonian national from Tallinn and an undergraduate student at the University of Tartu at the time, I witnessed these cyber-strikes and had the experience of seeing their consequences firsthand. Moreover, as an Estonian Russian, I understood the broader context of the issue and could follow the reactions to the cyber-offensive in both major ethnic communities. In my experience, the 2007 cyber-attacks were barely noticeable. I could access the Internet as usual and no extraordinary interference was encoun- tered. While the inability to enter my bank (Hansapank) online at one point may or may not have been due to the ongoing cyber-offensive, such problems were not uncommon anyway. Neither ethnic group generally (Estonians nor Estonian Russians) seemed to care particularly about the few cyber-attacks that were visible. Website defacements were viewed as ordinary hooliganism, no more damaging than the physical defacement of Anton H. Tammsaare’s statue with a concise, untranslatable Russian insult to Estonia’s prime minister. Considering my personal experience, it is still surprising to see scholarly descriptions of the 2007 cyber-attacks as severe, devastating and crippling, causing fear and mental anguish among the population. The exaggerated dan- ger of something so minor seems to undermine the seriousness of the threat that severe cyber-attacks could have. In fact, the discrepancy between how the 2007 cyber-strikes felt and how they were perceived abroad is one of the fac- tors that inspired me to write a book on this topic. As work progressed, I came to realize that academic views ranged from those skeptically denying the possibility of cyber-attacks causing any damage whatsoever to those that promise “cyber-apocalypse”. The same range of atti- tudes vis-à-vis cyber-security were encountered in the practical realm, be it the Council of Europe’s Committee of Experts on Terrorism, the NATO Cooperative Cyber-Defense Center of Excellence or the United Nations Counter-Terrorism Implementation Task Force. Thus, while the present book focuses on how international law applies to cyber-warfare, it aims to ensure that cyber-threats are presented in a realistic light, without overemphasizing the danger, but also without giving them too little weight. Abbreviations 3D Three-Dimensional 9/11 11 September 2001 ACHR African Court on Human and Peoples’ Rights AmJIL American Journal of International Law ANZUS Security Treaty between the United States, Australia, and New Zealand AP Additional Protocol to the Geneva Conventions AU African Union CCDCOE NATO Cooperative Cyber Defense Center of Excellence CERT Computer Emergency Response Team CETS CoE Treaty Series CIA US Central Intelligence Agency CIS Commonwealth of Independent States CODEXTER CoE Committee of Experts on Terrorism CoE Council of Europe CTITF UN Counter-Terrorism Implementation Task Force CTS Consolidated Treaty Series CUP Cambridge University Press DDoS Distributed Denial of Service DISEC Disarmament and International Security Committee DoD US Department of Defense DoS Denial of Service DNS Domain Name System DPKO UN Department for Peacekeeping Operations DPRK Democratic People’s Republic of Korea DRC Democratic Republic of Congo ECHR European Convention on Human Rights ECOWAS Economic Community of West African States ECtHR European Court of Human Rights EICAR European Institute for Computer Antivirus Research EJIL European Journal of International Law ENDC Estonian National Defense College ENISA European Network and Information Security Agency ESIL European Society of International Law ETA Basque Homeland and Freedom (Euskadi Ta Askatasuna) EU European Union EUR Euro abbreviations xi FARC Revolutionary Armed Forces of Colombia—People’s Army (Fuerzas Armadas Revolucionarias de Colombia—Ejército del Pueblo) FBI US Federal Bureau of Investigation G20 Group of Twenty GBP British Pound Sterling GC Geneva Convention (1–4)1 GPS Global Positioning System HC Hague Convention (1–4; 1–14)2 HCA Annex to a Hague Convention IACHR Inter-American Commission on Human Rights IAEA International Atomic Energy Agency ICAO International Civil Aviation Organization ICC International Criminal Court ICISS International Commission on Intervention and State Sovereignty ICJ International Court of Justice ICLQ International & Comparative Law Quarterly ICRC International Committee of the Red Cross ICTR International Criminal Tribunal for Rwanda ICTY International Criminal Tribunal for the former Yugoslavia IDF Israel Defense Forces IEEE Institute of Electrical and Electronics Engineers ILC International Law Commission ILJ International Law Journal ILM International Legal Materials IMO International Maritime Organization IMEI International Mobile Equipment Identifier IMSI International Mobile Subscriber Identity Interpol International Criminal Police 1 Convention (I) for the Amelioration of the Condition of the Wounded and Sick in Armed Forces in the Field (adopted 12 August 1949, entered into force 21 October 1950) 75 UNTS 31; Convention (II) for the Amelioration of the Condition of Wounded, Sick and Shipwrecked Members of Armed Forces at Sea (adopted 12 August 1949, entered into force 21 October 1950) 75 UNTS 85; Convention (III) Relative to the Treatment of Prisoners of War (adopted 12 August 1949, entered into force 21 October 1950) 75 UNTS 135; Convention (IV) Relative to the Protection of Civilian Persons
Recommended publications
  • Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress

    Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress

    Order Code RL32114 Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress Updated January 29, 2008 Clay Wilson Specialist in Technology and National Security Foreign Affairs, Defense, and Trade Division Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress Summary Cybercrime is becoming more organized and established as a transnational business. High technology online skills are now available for rent to a variety of customers, possibly including nation states, or individuals and groups that could secretly represent terrorist groups. The increased use of automated attack tools by cybercriminals has overwhelmed some current methodologies used for tracking Internet cyberattacks, and vulnerabilities of the U.S. critical infrastructure, which are acknowledged openly in publications, could possibly attract cyberattacks to extort money, or damage the U.S. economy to affect national security. In April and May 2007, NATO and the United States sent computer security experts to Estonia to help that nation recover from cyberattacks directed against government computer systems, and to analyze the methods used and determine the source of the attacks.1 Some security experts suspect that political protestors may have rented the services of cybercriminals, possibly a large network of infected PCs, called a “botnet,” to help disrupt the computer systems of the Estonian government. DOD officials have also indicated that similar cyberattacks from individuals and countries targeting economic,
  • Attribution and Response to Cybercrime/Terrorism/Warfare Susan W

    Attribution and Response to Cybercrime/Terrorism/Warfare Susan W

    Journal of Criminal Law and Criminology Volume 97 Article 2 Issue 2 Winter Winter 2007 At Light Speed: Attribution and Response to Cybercrime/Terrorism/Warfare Susan W. Brenner Follow this and additional works at: https://scholarlycommons.law.northwestern.edu/jclc Part of the Criminal Law Commons, Criminology Commons, and the Criminology and Criminal Justice Commons Recommended Citation Susan W. Brenner, At Light Speed: Attribution and Response to Cybercrime/Terrorism/Warfare, 97 J. Crim. L. & Criminology 379 (2006-2007) This Symposium is brought to you for free and open access by Northwestern University School of Law Scholarly Commons. It has been accepted for inclusion in Journal of Criminal Law and Criminology by an authorized editor of Northwestern University School of Law Scholarly Commons. 0091-4169/07/9702-0379 THE JOURNALOF CRIMINAL LAW & CRIMINOLOGY Vol. 97. No. 2 Copyright 0 2007 by NorthwesternUniversity. Schoolof Low Printedin U.S.A. "AT LIGHT SPEED": ATTRIBUTION AND RESPONSE TO CYBERCRIME/TERRORISM/WARFARE SUSAN W. BRENNER* This Article explains why and how computer technology complicates the related processes of identifying internal (crime and terrorism) and external (war) threats to social order of respondingto those threats. First, it divides the process-attribution-intotwo categories: what-attribution (what kind of attack is this?) and who-attribution (who is responsiblefor this attack?). Then, it analyzes, in detail, how and why our adversaries' use of computer technology blurs the distinctions between what is now cybercrime, cyberterrorism, and cyberwarfare. The Article goes on to analyze how and why computer technology and the blurring of these distinctions erode our ability to mount an effective response to threats of either type.
  • A the Hacker

    A the Hacker

    A The Hacker Madame Curie once said “En science, nous devons nous int´eresser aux choses, non aux personnes [In science, we should be interested in things, not in people].” Things, however, have since changed, and today we have to be interested not just in the facts of computer security and crime, but in the people who perpetrate these acts. Hence this discussion of hackers. Over the centuries, the term “hacker” has referred to various activities. We are familiar with usages such as “a carpenter hacking wood with an ax” and “a butcher hacking meat with a cleaver,” but it seems that the modern, computer-related form of this term originated in the many pranks and practi- cal jokes perpetrated by students at MIT in the 1960s. As an example of the many meanings assigned to this term, see [Schneier 04] which, among much other information, explains why Galileo was a hacker but Aristotle wasn’t. A hack is a person lacking talent or ability, as in a “hack writer.” Hack as a verb is used in contexts such as “hack the media,” “hack your brain,” and “hack your reputation.” Recently, it has also come to mean either a kludge, or the opposite of a kludge, as in a clever or elegant solution to a difficult problem. A hack also means a simple but often inelegant solution or technique. The following tentative definitions are quoted from the jargon file ([jargon 04], edited by Eric S. Raymond): 1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary.
  • Recent Developments in Cybersecurity Melanie J

    Recent Developments in Cybersecurity Melanie J

    American University Business Law Review Volume 2 | Issue 2 Article 1 2013 Fiddling on the Roof: Recent Developments in Cybersecurity Melanie J. Teplinsky Follow this and additional works at: http://digitalcommons.wcl.american.edu/aublr Part of the Law Commons Recommended Citation Teplinsky, Melanie J. "Fiddling on the Roof: Recent Developments in Cybersecurity." American University Business Law Review 2, no. 2 (2013): 225-322. This Article is brought to you for free and open access by the Washington College of Law Journals & Law Reviews at Digital Commons @ American University Washington College of Law. It has been accepted for inclusion in American University Business Law Review by an authorized administrator of Digital Commons @ American University Washington College of Law. For more information, please contact [email protected]. ARTICLES FIDDLING ON THE ROOF: RECENT DEVELOPMENTS IN CYBERSECURITY MELANIE J. TEPLINSKY* TABLE OF CONTENTS Introduction .......................................... ..... 227 I. The Promise and Peril of Cyberspace .............. ........ 227 II. Self-Regulation and the Challenge of Critical Infrastructure ......... 232 III. The Changing Face of Cybersecurity: Technology Trends ............ 233 A. Mobile Technology ......................... 233 B. Cloud Computing ........................... ...... 237 C. Social Networking ................................. 241 IV. The Changing Face of Cybersecurity: Cyberthreat Trends ............ 244 A. Cybercrime ................................. ..... 249 1. Costs of Cybercrime
  • 2016 8Th International Conference on Cyber Conflict: Cyber Power

    2016 8Th International Conference on Cyber Conflict: Cyber Power

    2016 8th International Conference on Cyber Conflict: Cyber Power N.Pissanidis, H.Rõigas, M.Veenendaal (Eds.) 31 MAY - 03 JUNE 2016, TALLINN, ESTONIA 2016 8TH International ConFerence on CYBER ConFlict: CYBER POWER Copyright © 2016 by NATO CCD COE Publications. All rights reserved. IEEE Catalog Number: CFP1626N-PRT ISBN (print): 978-9949-9544-8-3 ISBN (pdf): 978-9949-9544-9-0 CopyriGHT AND Reprint Permissions No part of this publication may be reprinted, reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior written permission of the NATO Cooperative Cyber Defence Centre of Excellence ([email protected]). This restriction does not apply to making digital or hard copies of this publication for internal use within NATO, and for personal or educational use when for non-profit or non-commercial purposes, providing that copies bear this notice and a full citation on the first page as follows: [Article author(s)], [full article title] 2016 8th International Conference on Cyber Conflict: Cyber Power N.Pissanidis, H.Rõigas, M.Veenendaal (Eds.) 2016 © NATO CCD COE Publications PrinteD copies OF THIS PUBlication are availaBLE From: NATO CCD COE Publications Filtri tee 12, 10132 Tallinn, Estonia Phone: +372 717 6800 Fax: +372 717 6308 E-mail: [email protected] Web: www.ccdcoe.org Head of publishing: Jaanika Rannu Layout: Jaakko Matsalu LEGAL NOTICE: This publication contains opinions of the respective authors only. They do not necessarily reflect the policy or the opinion of NATO CCD COE, NATO, or any agency or any government.
  • Cyber Warfare a “Nuclear Option”?

    Cyber Warfare a “Nuclear Option”?

    CYBER WARFARE A “NUCLEAR OPTION”? ANDREW F. KREPINEVICH CYBER WARFARE: A “NUCLEAR OPTION”? BY ANDREW KREPINEVICH 2012 © 2012 Center for Strategic and Budgetary Assessments. All rights reserved. About the Center for Strategic and Budgetary Assessments The Center for Strategic and Budgetary Assessments (CSBA) is an independent, nonpartisan policy research institute established to promote innovative thinking and debate about national security strategy and investment options. CSBA’s goal is to enable policymakers to make informed decisions on matters of strategy, secu- rity policy and resource allocation. CSBA provides timely, impartial, and insight- ful analyses to senior decision makers in the executive and legislative branches, as well as to the media and the broader national security community. CSBA encour- ages thoughtful participation in the development of national security strategy and policy, and in the allocation of scarce human and capital resources. CSBA’s analysis and outreach focus on key questions related to existing and emerging threats to US national security. Meeting these challenges will require transforming the national security establishment, and we are devoted to helping achieve this end. About the Author Dr. Andrew F. Krepinevich, Jr. is the President of the Center for Strategic and Budgetary Assessments, which he joined following a 21-year career in the U.S. Army. He has served in the Department of Defense’s Office of Net Assessment, on the personal staff of three secretaries of defense, the National Defense Panel, the Defense Science Board Task Force on Joint Experimentation, and the Defense Policy Board. He is the author of 7 Deadly Scenarios: A Military Futurist Explores War in the 21st Century and The Army and Vietnam.
  • The Most Common Blunder People Make When the Topic of a Computer Virus Arises Is to Refer to a Worm Or Trojan Horse As a Virus

    The Most Common Blunder People Make When the Topic of a Computer Virus Arises Is to Refer to a Worm Or Trojan Horse As a Virus

    Trojan And Email Forging 1) Introduction To Trojan&viruses: A Trojan horse, or Trojan, in computing is a generally non-self-replicating type of malware program containing malicious code that, when executed, carries out actions determined by the nature of the Trojan, typically causing loss or theft of data, and possible system harm. The term is derived from the story of the wooden horse used to trick defenders of Troy into taking concealed warriors into their city in ancient Anatolia, because computer Trojans often employ a form of social engineering, presenting themselves as routine, useful, or interesting in order to persuade victims to install them on their computers.[1][2][3][4][5] A Trojan often acts as a backdoor, contacting a controller which can then have unauthorized access to the affected computer.[6] While Trojans and backdoors are not easily detectable by themselves, computers may appear to run slower due to heavy processor or network usage. Malicious programs are classified as Trojans if they do not attempt to inject themselves into other files (computer virus) or otherwise propagate themselves (worm).[7] A computer may host a Trojan via a malicious program a user is duped into executing (often an e-mail attachment disguised to be unsuspicious, e.g., a routine form to be filled in) or by drive-by download. The Difference Between a Computer Virus, Worm and Trojan Horse The most common blunder people make when the topic of a computer virus arises is to refer to a worm or Trojan horse as a virus. One common mistake that people make when the topic of a computer virus arises is to refer to a worm or Trojan horse as a virus.
  • Diapositiva 1

    Diapositiva 1

    Feliciano Intini Responsabile dei programmi di Sicurezza e Privacy di Microsoft Italia • NonSoloSecurity Blog: http://blogs.technet.com/feliciano_intini • Twitter: http://twitter.com/felicianointini 1. Introduction - Microsoft Security Intelligence Report (SIR) 2. Today‘s Threats - SIR v.8 New Findings – Italy view 3. Advancements in Software Protection and Development 4. What the Users and Industry Can Do The 8th volume of the Security Intelligence Report contains data and intelligence from the past several years, but focuses on the second half of 2009 (2H09) Full document covers Malicious Software & Potentially Unwanted Software Email, Spam & Phishing Threats Focus sections on: Malware and signed code Threat combinations Malicious Web sites Software Vulnerability Exploits Browser-based exploits Office document exploits Drive-by download attacks Security and privacy breaches Software Vulnerability Disclosures Microsoft Security Bulletins Exploitability Index Usage trends for Windows Update and Microsoft Update Microsoft Malware Protection Center (MMPC) Microsoft Security Response Center (MSRC) Microsoft Security Engineering Center (MSEC) Guidance, advice and strategies Detailed strategies, mitigations and countermeasures Fully revised and updated Guidance on protecting networks, systems and people Microsoft IT ‗real world‘ experience How Microsoft IT secures Microsoft Malware patterns around the world with deep-dive content on 26 countries and regions Data sources Malicious Software and Potentially Unwanted Software MSRT has a user base
  • Proposal of N-Gram Based Algorithm for Malware Classification

    Proposal of N-Gram Based Algorithm for Malware Classification

    SECURWARE 2011 : The Fifth International Conference on Emerging Security Information, Systems and Technologies Proposal of n-gram Based Algorithm for Malware Classification Abdurrahman Pektaş Mehmet Eriş Tankut Acarman The Scientific and Technological The Scientific and Technological Computer Engineering Dept. Research Council of Turkey Research Council of Turkey Galatasaray University National Research Institute of National Research Institute of Istanbul, Turkey Electronics and Cryptology Electronics and Cryptology e-mail:[email protected] Gebze, Turkey Gebze, Turkey e-mail:[email protected] e-mail:[email protected] Abstract— Obfuscation techniques degrade the n-gram malware used by the previous work. Similar methodologies features of binary form of the malware. In this study, have been used in source authorship, information retrieval methodology to classify malware instances by using n-gram and natural language processing [5], [6]. features of its disassembled code is presented. The presented The first known use of machine learning in malware statistical method uses the n-gram features of the malware to detection is presented by the work of Tesauro et al. in [7]. classify its instance with respect to their families. n-gram is a fixed size sliding window of byte array, where n is the size of This detection algorithm was successfully implemented in the window. The contribution of the presented method is IBM’s antivirus scanner. They used 3-grams as a feature set capability of using only one vector to represent malware and neural networks as a classification model. When the 3- subfamily which is called subfamily centroid. Using only one grams parameter is selected, the number of all n-gram vector for classification simply reduces the dimension of the n- features becomes 2563, which leads to some spacing gram space.
  • Tangled Web : Tales of Digital Crime from the Shadows of Cyberspace

    Tangled Web : Tales of Digital Crime from the Shadows of Cyberspace

    TANGLED WEB Tales of Digital Crime from the Shadows of Cyberspace RICHARD POWER A Division of Macmillan USA 201 West 103rd Street, Indianapolis, Indiana 46290 Tangled Web: Tales of Digital Crime Associate Publisher from the Shadows of Cyberspace Tracy Dunkelberger Copyright 2000 by Que Corporation Acquisitions Editor All rights reserved. No part of this book shall be reproduced, stored in a Kathryn Purdum retrieval system, or transmitted by any means, electronic, mechanical, pho- Development Editor tocopying, recording, or otherwise, without written permission from the Hugh Vandivier publisher. No patent liability is assumed with respect to the use of the infor- mation contained herein. Although every precaution has been taken in the Managing Editor preparation of this book, the publisher and author assume no responsibility Thomas Hayes for errors or omissions. Nor is any liability assumed for damages resulting from the use of the information contained herein. Project Editor International Standard Book Number: 0-7897-2443-x Tonya Simpson Library of Congress Catalog Card Number: 00-106209 Copy Editor Printed in the United States of America Michael Dietsch First Printing: September 2000 Indexer 02 01 00 4 3 2 Erika Millen Trademarks Proofreader Benjamin Berg All terms mentioned in this book that are known to be trademarks or ser- vice marks have been appropriately capitalized. Que Corporation cannot Team Coordinator attest to the accuracy of this information. Use of a term in this book should Vicki Harding not be regarded as affecting the validity of any trademark or service mark. Design Manager Warning and Disclaimer Sandra Schroeder Every effort has been made to make this book as complete and as accurate Cover Designer as possible, but no warranty or fitness is implied.
  • Download Slides

    Download Slides

    Scott Wu Point in time cleaning vs. RTP MSRT vs. Microsoft Security Essentials Threat events & impacts More on MSRT / Security Essentials MSRT Microsoft Windows Malicious Software Removal Tool Deployed to Windows Update, etc. monthly since 2005 On-demand scan on prevalent malware Microsoft Security Essentials Full AV RTP Inception in Oct 2009 RTP is the solution One-off cleaner has its role Quiikck response Workaround Baseline ecosystem cleaning Industrypy response & collaboration Threat Events Worms (some are bots) have longer lifespans Rogues move on quicker MarMar 2010 2010 Apr Apr 2010 2010 May May 2010 2010 Jun Jun 2010 2010 Jul Jul 2010 2010 Aug Aug 2010 2010 1,237,15 FrethogFrethog 979,427 979,427 Frethog Frethog 880,246880,246 Frethog Frethog465,351 TaterfTaterf 5 1,237,155Taterf Taterf 797,935797,935 TaterfTaterf 451,561451,561 TaterfTaterf 497,582 497,582 Taterf Taterf 393,729393,729 Taterf Taterf447,849 FrethogFrethog 535,627535,627 AlureonAlureon 493,150 493,150 AlureonAlureon 436,566 436,566 RimecudRimecud 371,646 371,646 Alureon Alureon 308,673308,673 Alureon Alureon 441,722 RimecudRimecud 341,778341,778 FrethogFrethog 473,996473,996 BubnixBubnix 348,120 348,120 HamweqHamweq 289,603 289,603 Rimecud Rimecud289,629 289,629 Rimecud Rimecud318,041 AlureonAlureon 292,810 292,810 BubnixBubnix 471,243 471,243 RimecudRimecud 287,942287,942 ConfickerConficker 286,091286, 091 Hamwe Hamweqq 250,286250, 286 Conficker Conficker220,475220, 475 ConfickerConficker 237237,348, 348 RimecudRimecud 280280,440, 440 VobfusVobfus 251251,335, 335
  • Trojan White Paper

    Trojan White Paper

    Trojan White Paper Aelphaeis Mangarae [Igniteds.NET] May 5 th 2006 http://igniteds.net irc.EFnet.org #d-u © Copyright Igniteds Security Community 2006 Igniteds Security Group - Igniteds.NET______________________ Contents [Introduction] [What Is A Trojan?] [Anti-Virus Solutions] - Introduction - How Do AV’s Detect Trojans? - What Is Heuristic Analysis? - What Is A File Packer/Compressor? - Norton Anti-Virus (Symantec) - McAfee Anti-Virus (Network Associates) - Kaspersky Anti-Virus (Kaspersky Labs) - NOD32 (ESET) - Bit Defender - Panda Anti-Virus (Panda Software) [Trojans] - Back Orifice XP - Bifrost - CIA - Lithium - MoSucker - Net Devil - Nuclear RAT - Optix Pro - Poison Ivy - SubSeven - Tequila Bandita - Theef [The Scene] - The Trojan Coder - The Script Kiddie [Trojan Removal] - Detecting A Trojan - General Removal [Methods Of Infection] - IRC - P2P - Instant Messaging - Web Pages - Software Vulnerabilities - Social Engineering Igniteds Security Group - Igniteds.NET______________________ [Trojan Technologies] - Rootkit Technology - Polymorphism - Firewall Bypass - Reverse Connection [Security Tools] - Zone Alarm - Agnitum Outpost Firewall - PsList - PsKill - Registry Commander - X-Netstat [About The Author] [Greetz To] Igniteds Security Group - Igniteds.NET______________________ [Introduction] Many home users are kept in the dark about Trojans, what they are exactly, and the force behind them. The Trojan scene is quite an interesting one, one which I will document in this text, in order to give readers a better understanding of Trojans and the people that create and use them, After all there is more to Trojans than just the Trojans themselves. I will also detail in this text the technologies the latest Trojans incorporate in order to make themselves more stealthy and/or harder to remove. The general purpose of this text is to educate the reader about Trojans, so they can help protect themselves against them, and in the event of infection they may remove them and try and to prevent them from doing any further damage.