DOCSLIB.ORG

©2020 Netenrich, Inc. All Rights Reserved

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
©2020 Netenrich, Inc. All Rights Reserved ©2020 Netenrich, Inc. All rights reserved 03 Potential Cyber and Electronic Threats Attacks on electronic voting Hacktivism Cybercrime High profile account hacks Campaign app misuse 06 Information Warfare Campaigns Disinformation campaigns Using social media apps, and ads for propaganda 08 Foreign Entities Russia China Iran North Korea India 13 Domestic Threats Coronavirus impact on voter turnout Interference with mail in ballots Violent or disruptive actions 14 Reputational Threats Smear campaigns Fabricated media 16 Conclusion ©2020 Netenrich, Inc. All rights reserved Threats Surrounding the 2020 U.S. Election In the months leading up to the 2020 U.S. Presidential election, it is necessary to analyze and understand potential threats to the election. Possible threats to the election and to the electoral process include but are not limited to cyber attacks, information warfare campaigns, targeted attacks by foreign and domestic Wut d fuct! entities, reputational threats, and physical threats. These threats may seek to undermine or interfere with the election process, to manipulate the outcome of the election in favor of a particular candidate, to allow criminals opportunistic U.S. officials have financial gain, and to allow threat actors to gather intelligence on a particular stepped up election demographic or policy issue. systems security since 2016, when Russian Potential Cyber and Electronic Threats threat actors targeted Attacks on electronic voting systems in all 50 states. According to the Department of Homeland Security, election systems are being scanned by unknown entities. Scanning is a technique used for cyber attack reconnaissance. However, it is possible that these systems were also passively scanned. Regardless of the motive, U.S. officials have stepped up election systems security since 2016, when Russian threat actors targeted systems in all 50 states. Attacks on electronic voting could include cyberattacks on polling locations, critical infrastructure attacks meant to prevent people from voting, attacks meant to manipulate votes in favor of a particular candidate, and attacks that seek to postpone the tallying of votes. Hacktivism Hacktivists - those activists who leverage information and cyber attacks to promote their ideologies - may pose a small threat to the 2020 election. Hacktivists typically have limited capabilities and resources. Common tactics, tools, and procedures (TTPs) employed by hacktivists include defacing websites, leaking information, doxxing individuals, and launching distributed denial of service attacks (DDoS) to overwhelm and incapacitate a particular website or service. Possible targets include individuals and organizations representative of ideologies or policy positions that oppose those of the hacktivists. page | 3 ©2020 Netenrich, Inc. All rights reserved Thus far, the only reported election-related hacktivist activity was an attack on Roblox user accounts. Roblox is a popular free-to-play multi-platform game with over 164 million active users. The userbase primarily consists of children under the age of 16. Pro-Trump hacktivists accessed Roblox user profiles and sent political messages, encouraging the userbase to tell their parents to vote for Donald Trump. The hacktivists also added red hats and patriotic themed clothing to the user avatars. The red hats were representative of the red MAGA (Make America Great Again) caps often worn by Trump supporters. Cybercrime Cyber criminals will potentially use the election as an opportunity for monetary gain. One of the most likely scenarios involves ransomware attacks. These may be used in conjunction with big game hunting (BGH) activities targeting the Presidential candidates. Big game hunting activities are strategically targeted attacks typically leveraging ransomware to target high value data or assets with a low tolerance for downtime. These attacks may target infrastructure and networks supporting the electoral process or those used by the candidates or major political parties. Theoretically, a ransomware attack on election infrastructure could stall the voting process by locking down electronic votes, postponing the official tally, and thereby delaying the results of the election. In the past, BGH actors have targeted law firms known to have prominent political figures as clientele. Cyber criminals have also been known to steal data and leverage it for extortion, threatening to leak sensitive data and demanding that the affected person or organization “buy back” the data. Other cyber crime ventures may include information theft, phishing attacks, phone call based fraud, or donation scams. High profile account hacks In the past, threat actors have been known to hack the accounts of high profile individuals, such as politicians and celebrities. While these account hacks are typically perpetrated by hacktivists or trolls, it is possible that a username threat actor may temporarily take over the account of a candidate or Login prominent political figure and post offensive messages meant to negatively impact the individual’s reputation, to sow discord, or to elicit a negative reaction from foreign governments. page | 4 ©2020 Netenrich, Inc. All rights reserved Campaign app misuse The official campaign apps of Presidential candidates Joe Biden and Donald Trump provide a unique attack surface. Additionally, their collection and sharing of user data raise privacy concerns. The Vote Joe Wut d fuct! App is Joe Biden’s official campaign app. It was intended as a way for supporters to share and spread voting awareness to family and friends. The app requires users to upload their phone contacts to check if their The Official Trump friends and family are registered to vote. The app used data supplied by 2020 app's Android a political marketing firm called TargetSmart. If a match was confirmed, the app displayed voter details including name, age, birthday, and most APK files exposed recent voter activity. However, the technology used by the app also hardcoded secret keys allowed users to create a contact with any voter’s name, allowing someone to potentially gather information on a person they do not associated with its know, whether out of curiosity or for malicious purposes. The “bug” has Twitter and Google reportedly been fixed since the unintended use was discovered. services. However, few people seem aware that many states have their registered voter data available for public access. The Official Trump 2020 app also experienced security related issues. In June, the app’s Android APK files exposed hardcoded secret keys associated with its Twitter and Google services. Researchers also found that the app collects large amounts of data, which includes tracking users. The Android version of the app requests a large amount of data including but not limited to access to user contacts and location, phone status and identity, the ability to read and delete SD card contents, permissions to view network connections, and permissions to prevent the phone from sleeping. In addition, users must provide their name, phone number, email address, and zip code at signup. Some may consider the data collection and access permissions to constitute an invasion of privacy. VOTE page | 5 ©2020 Netenrich, Inc. All rights reserved Information Warfare Campaigns Disinformation campaigns Phony memes In late September, the FBI and CISA (Cybersecurity and on Instagram Infrastructure Security Agency) issued an announcement to raise awareness of the potential for disinformation campaigns regarding 2020 election results. The agencies noted that threat actors may create or change websites or social media content in an attempt to falsify election results, discredit the electoral process, and undermine confidence in the U.S. political system. These threat actors could use the time needed to certify election D igital voter results as an opportunity to disseminate disinformation suppression regarding purported voter suppression, spread false news of cyberattacks on election infrastructure, allege voter fraud, and to spread disinformation regarding other issues that would cause the populous to question the election’s legitimacy. Other types of disinformation ideos fake" v campaigns targeting the election may include "Deep disinformation about how to legitimately vote (time, location, methods) and disinformation about political candidates or their standing on important political issues. actics WhatsApp scare t Hostile russians and Iranians F m or-pr anipu ofit latio n ser vices rated Domestically gene distortions Digital voter suppress ion Unwitting protesters page | 6 ©2020 Netenrich, Inc. All rights reserved Using social media apps, and ads for propaganda Wut d fuct! Due to its prevalence and ease of sharing posts, social media is a prime tool The networks originated in the Philippines for spreading propaganda. Facebook recently discovered two networks and in China. Facebook removed over leveraging social media to spread government propaganda. Related accounts, pages, and groups were removed due to violation of Facebook’s 200 accounts policies regarding CIB (coordinated inauthentic behavior). The networks originated in the Philippines and in China. Facebook removed over 200 42 pages accounts, 42 pages, 9 groups, and 27 Instagram accounts related to these campaigns. The Chinese account network used GANs (Generative 9 groups, and Adversarial Networks), an AI technique capable of fabricating faces in an attempt to elude detection. The Chinese campaign included activity directed 27 Instagram toward the U.S.
Load more

Recommended publications
  • North Korean Cyber Capabilities: in Brief
    North Korean Cyber Capabilities: In Brief Emma Chanlett-Avery Specialist in Asian Affairs Liana W. Rosen Specialist in International Crime and Narcotics John W. Rollins Specialist in Terrorism and National Security Catherine A. Theohary Specialist in National Security Policy, Cyber and Information Operations August 3, 2017 Congressional Research Service 7-5700 www.crs.gov R44912 North Korean Cyber Capabilities: In Brief Overview As North Korea has accelerated its missile and nuclear programs in spite of international sanctions, Congress and the Trump Administration have elevated North Korea to a top U.S. foreign policy priority. Legislation such as the North Korea Sanctions and Policy Enhancement Act of 2016 (P.L. 114-122) and international sanctions imposed by the United Nations Security Council have focused on North Korea’s WMD and ballistic missile programs and human rights abuses. According to some experts, another threat is emerging from North Korea: an ambitious and well-resourced cyber program. North Korea’s cyberattacks have the potential not only to disrupt international commerce, but to direct resources to its clandestine weapons and delivery system programs, potentially enhancing its ability to evade international sanctions. As Congress addresses the multitude of threats emanating from North Korea, it may need to consider responses to the cyber aspect of North Korea’s repertoire. This would likely involve multiple committees, some of which operate in a classified setting. This report will provide a brief summary of what unclassified open-source reporting has revealed about the secretive program, introduce four case studies in which North Korean operators are suspected of having perpetrated malicious operations, and provide an overview of the international finance messaging service that these hackers may be exploiting.
    [Show full text]
  • Threatscape of the US Election
    Gage Mele Threatscape of the US Election Overview of the mainstream highlighting the importance of The cyber attacks targeting political elections is in full free, fair, transparent, and credible elections to the swing as the 115th United States midterm elections preservation of democratic societies. However, what grow closer. The exploitation of vulnerabilities and can arguably be observed as the first large-scale direct cyber attacks targeting election-related entities election meddling operation took place in 2014 are somewhat expected; however, a different form when Russian-attributed threat actors targeted the of cyber attack has the potential to have a disruptive Ukrainian Presidential election. This can be viewed as impact to the elections: disinformation campaigns. the beginning of election cyber attacks because since The use of disinformation tactics in today’s social that time, it is difficult to go through election cycles media-obsessed society is the most prominent threat around the globe, particularly presidential elections, to the democratic process. This form of attack is at without hearing or seeing the possibility of Russian a significant and troublesome level that the average and other state-sponsored or threat group activity. voter may not be fully aware of. The presence and Fast-forward to the US 2018 midterm election, and overall use of social media on a global scale allows one would be hard-pressed to avoid seeing security the sharing of information at astounding speeds, and researchers and media outlets discuss threats posed threat actors can take advantage of this data sharing to nation’s election infrastructure. A wide range to propagate false narratives and influence the of threat actors pose a risk to the elections from masses.
    [Show full text]
  • North Korean Cyber Activity 03/25/2021
    North Korean Cyber Activity 03/25/2021 TLP: WHITE, ID# 202103251030 Agenda • DPRK National Interests • Timeline of Recent Activity • Overview of DPRK APT Groups • APT Threat Actor Profiles o HIDDEN COBRA o Andariel o APT37 o APT38 o TEMP.Hermit o TEMP.Firework o Kimsuky o Bureau 121 Bureau 325 o Slides Key: • Recommendations Non-Technical: Managerial, strategic and high- • Outlook level (general audience) Technical: Tactical / IOCs; requiring in-depth knowledge (sysadmins, IRT) 2 DPRK National Interests • North Korea, officially the Democratic People’s Republic of Korea (DPRK) • Supreme leader: Kim Jong-un (since 2011) • Primary strategic goal: perpetual Kim family rule via development of economy and nuclear weapons • Primary drivers of security strategy: o Deterring foreign intervention by obtaining nuclear capabilities o Eliminating perceived threats to Kim regime o Belief that North Korea is entitled to respect as a world power • “Cyberwarfare is an all-purpose sword that guarantees the North Korean People’s Armed Forces ruthless striking capability, along with nuclear weapons and missiles.” – Kim Jong-un (2013) • Reportedly has 7,000 cyber warriors • 300% increase in the volume of activity to and from North Korean networks since 2017 3 Timeline of Recent Activity Jan 2020 Feb 2021 Two distinct Aug 2020 Nov 2020 South Korean Feb 2021 clusters of USG exposed North Korean Intelligence North Korean DPRK cyber DPRK hackers claims DPRK Lazarus activity begin malware used targeted a targeted Group targeting in fake job major COVID- COVID-19
    [Show full text]
  • Digital Methods for Circumventing UN Sanctions a Case Study of the Democratic People’S Republic of Korea’S Cyber Force
    Compliance & Capacity Skills International, LLC Sanctions Practitioners 12 July 2019 Compliance Trainers Digital Methods for Circumventing UN Sanctions A Case Study of the Democratic People’s Republic of Korea’s Cyber Force By Ashley Taylor Introduction The cyber sphere is a new frontline in the implementation and circumvention of UN sanctions. Because the Internet provides a virtual space for instantaneous communication and transaction, it inherently opens cheaper and unregulated avenues for rogue actors to violate international norms. Illicit uses of digital technologies outpace the advancements of licit technologists, who generally do not prioritize international security in their business. The Democratic People’s Republic of Korea (DPRK) in particular has become increasingly adept at employing digital tools to circumvent sanctions. They have developed digital techniques to generate revenues to fund their illegal proliferation efforts, gain intelligence and technical know- how, and harm the business and reputation of their foreign adversaries, including to disrupt those that monitor the implementation of the DPRK sanctions regime adopted with UN resolution 1718 in October 2006. Kim Jong-un recently boasted that “cyber warfare, along with nuclear weapons and missiles, is an ‘all-purpose sword’ that guarantees our military’s capability to strike relentlessly."1 A North Korean military defector has reported that the cyber force is viewed as the strongest weapon in the “Secret War”2 and its members are considered part of the elite, being one of few well-paid positions. Where will they go from here? Evidence suggests that North Korean state actors and non-state proxies are increasingly making use of new anonymizing technologies like cryptocurrencies, the dark web, encryption, and advanced hard-to-detect cyberattacks.
    [Show full text]
  • Threat Landscape Report – 1St Quarter 2018
    TLP-AMBER Threat Landscape Report – 1st Quarter 2018 (FINAL) V1.0 – 10/04/2018 This quarterly report summarises the most significant direct cyber threats to EU institutions, bodies, and agencies (EU-I or 'Constituents') in Part I, the development of cyber-threats on a broader scale in Part II, and recent technical trends in Part III. KEY FINDINGS Direct Threats • In Europe, APT28 / Sofacy threat actor (likely affiliated to Russia military intelligence GRU) targeted government institutions related to foreign affairs and attendees of a military conference. Another threat actor, Turla (likely affiliated to Russia’s security service FSB) executed a cyber-operation against foreign affairs entities in a European country. • A spear-phishing campaign that targeted European foreign ministries in the end of 2017 was attributed to a China-based threat actor (Ke3chang) which has a long track record of targeting EU institutions (since 2011). As regards cyber-criminality against EU institutions, attempts to deliver banking trojans are stable, ransomware activities are still in decline and cryptojacking on the rise. Phishing lures involve generic matters (’invoice’, ‘payment’, ‘purchase’, ‘wire transfer’, ‘personal banking’, ‘job application’) and more specific ones (foreign affairs issues, European think tanks matters, energy contracts, EU delegation, EU watch keeper). Almost all EU-I are affected by credential leaks (email address | password) on pastebin-like websites. Several credential- harvesting attempts have also been detected. Attackers keep attempting to lure EU-I staff by employing custom methods such as spoofed EU-I email addresses or weaponisation of EU-I documents. Broader Threats • Critical infrastructure. In the energy sector, the US authorities have accused Russian actors of targeting critical infrastructure (including nuclear) for several years and are expecting this to continue in 2018.
    [Show full text]
  • Who Targets/Attacks the Japanese Financial Sector & Why?
    DSEI - Combating Threats of the New Era Measures against Cyber Who Targets Japan & Why? Ideas to Combat! Cartan McLaughlin CEO Nihon Cyber Defence Co., Ltd. © Nihon Cyber Defence Co., Ltd, 2019. All rights reserved. Warning! Hacking without permission is a criminal offence. COMMON NATION STATE THREAT ACTORS Russia - BEAR China - PANDA North Korea - CHOLLIMA • Fancy Bear (APT 28) • Emissary Panda (APT 27) • Lazarus • Cozy Bear (APT 29) • Stone Panda (APT 10) • Bluenoroff • Voodoo Bear • Comment Crew (APT 1) • Andariel • Energetic Bear • Ke3Chang • Deep Panda © Nihon Cyber Defence Co., Ltd, 2019. All rights reserved. Warning! Hacking without permission is a criminal offence. MISSION - NATION STATE THREAT ACTORS Russia – BEAR China – PANDA North Korea – CHOLLIMA • Political • Military • Financial • Military • Intellectual Property • Intellectual Property • Financial • Financial © Nihon Cyber Defence Co., Ltd, 2019. All rights reserved. Warning! Hacking without permission is a criminal offence. UN Report: North Korean virtual currency hackers have earned up to $2 billion so far © Nihon Cyber Defence Co., Ltd, 2019. All rights reserved. Warning! Hacking without permission is a criminal offence. RGB: NORTH KOREAN CYBER ESPIONAGE • The Reconnaissance General Bureau of AGENCY/GROUP North Korea • Prime Agency for North Korea cyber activities BUREAU 121: • North Korean cyberwarfare agency • Suspected/Alleged for Sony Hack 2014 • Suspected 1,800 specialists or more UNIT 180: • North Korean cyberwarfare cell • Suspected/Alleged for : - • Bangladesh Bank robbery in 2016 • the WannaCry ransomware attack 2017 LAZARUS GROUP: • Suspected for Bitpoint (2019) and Coincheck(2018) hack • Suspected groups under the hood: • Financially motivated © Nihon Cyber Defence Co., Ltd, 2019. All rights reserved. Warning! Hacking without permission is a criminal offence.
    [Show full text]
  • Covert Action and Cyber Offensive Operations: Revisiting Traditional Approaches in Light of New Technology
    Covert Action and Cyber Offensive Operations: Revisiting Traditional Approaches in Light of New Technology WILLIAM ROBERT CARRUTHERS Submitted in Partial Fulfilment of the Requirements of the Degree of Doctor of Philosophy University of Salford, School of Arts and Media 2018 TABLE OF CONTENTS FIGURE LIST ______________________________________________________ VI ACKNOWLEDGMENTS ____________________________________________ VII ABSTRACT ______________________________________________________ VIII INTRODUCTION ____________________________________________________ 1 RESEARCH AIMS ____________________________________________________ 8 LITERATURE REVIEW _________________________________________________ 9 METHODOLOGY AND SOURCES ________________________________________ 15 Interviews ______________________________________________________ 19 Newspaper Articles _______________________________________________ 21 Official Primary Documents: Contemporary and Archived ________________ 23 Leaks __________________________________________________________ 24 Cyber Security Reports ____________________________________________ 28 STRUCTURE OF THE THESIS ___________________________________________ 28 CYBER OFFENSIVE OPERATIONS AND COVERT ACTION ______________ 31 CYBER OFFENSIVE OPERATIONS ARE NOT CYBER WAR. _____________________ 32 UNDERSTANDING COVERT ACTION _____________________________________ 50 CYBER OFFENSIVE OPERATIONS AND COVERT ACTION: A COMPARISON ________ 54 CONCLUSION ______________________________________________________ 60 COVERT ACTION AND CYBER
    [Show full text]
  • Cyber Threat Actors: Hackonomics
    Cambridge Judge Business School Cambridge Centre for Risk Studies 2017 Risk Summit CYBER THREAT ACTORS: HACKONOMICS Andrew Smith, Research Assistant Centre for Risk Studies Cyber Risk Scenario and Data Schema Research Information Technology Operations Technology Loss Processes Scenarios of Asset Damage Data Exfiltration Cyber Attack on US Power Generation (‘Leakomania’) (‘Business Blackout’) * v1.1 Denial of Service Attack Cyber Attack on UK Power Distribution (‘Mass DDoS’) (‘Integrated Infrastructure’) Cloud Service Provider Failure Cyber attack on Commercial Office Buildings (‘Cloud Compromise’) (Laptop batteries fire induction’) Cyber attack on Marine Cargo Port Financial Theft (‘Port Management System’) (‘Cyber Heist’) Cyber Attack on Industrial Chemical Plant Ransomware (‘ICS Attack’) (‘Extortion Spree’) Malware Cyber Attack on Oil Rigs (‘Sybil Logic Bomb’’) (‘Phishing-Triggered Explosions’) Sybil US Cyber Exposure Data Accumulation UK Cyber Cyber Logic Bomb Blackout Schema Scenarios Blackout Terrorism ‘Hackonomics’ . Economic perspective of hacking . Profile cyber threat actors behaviour: - Case study approach to profiling . Create threat actor matrix . Understanding the ‘business models’ of hacking groups - Cyber-criminals are ‘profit maximisers’ . Model threat actor targeting using economic framework Sample of Known State Sponsored/ Nation State Groups Russian Actors Chinese Actors Israel – APT 28 (Fancy – APT 1(Comment Bear) – Unit 8200 Panda) – APT 29 (Cozy – Duqu Group – APT 3 (Gothic Bear) Palestine Panda) – Energetic Bear
    [Show full text]
  • North Korean Cyber Capabilities: in Brief
    North Korean Cyber Capabilities: In Brief Updated August 3, 2017 Congressional Research Service https://crsreports.congress.gov R44912 North Korean Cyber Capabilities: In Brief Overview As North Korea has accelerated its missile and nuclear programs in spite of international sanctions, Congress and the Trump Administration have elevated North Korea to a top U.S. foreign policy priority. Legislation such as the North Korea Sanctions and Policy Enhancement Act of 2016 (P.L. 114-122) and international sanctions imposed by the United Nations Security Council have focused on North Korea’s WMD and ballistic missile programs and human rights abuses. According to some experts, another threat is emerging from North Korea: an ambitious and well-resourced cyber program. North Korea’s cyberattacks have the potential not only to disrupt international commerce, but to direct resources to its clandestine weapons and delivery system programs, potentially enhancing its ability to evade international sanctions. As Congress addresses the multitude of threats emanating from North Korea, it may need to consider responses to the cyber aspect of North Korea’s repertoire. This would likely involve multiple committees, some of which operate in a classified setting. This report will provide a brief summary of what unclassified open-source reporting has revealed about the secretive program, introduce four case studies in which North Korean operators are suspected of having perpetrated malicious operations, and provide an overview of the international finance messaging
    [Show full text]
  • The Most Dangerous Cyber Nightmares in Recent Years Halloween Is the Time of Year for Dressing Up, Watching Scary Movies, and Telling Hair-Raising Tales
    The most dangerous cyber nightmares in recent years Halloween is the time of year for dressing up, watching scary movies, and telling hair-raising tales. Events in recent years have kept companies on high alert. Every day we are seeing an increase in cyberattacks carried out by organized hacker organizations. In a matter of seconds, these threats can destabilize large corporations, stealing large quantities of money and personal data, as well shake the very foundations of entire world powers. Have a look at some of the most terrifying attacks of recent years. 2010 2011 2012 Operation Aurora RSA SecurID Stratfor A series of cyberattacks carried out RSA suffered a security breach as a Publication and dissemination of worldwide, targeting 34 companies, result of a cyberattack that sought internal emails exchanged between including Google. The attack was details about its SecureID system. personnel of the private intelligence perpetrated by a group of Chinese espionage agency Stratfor, as well as hackers. PlayStation Network emails exchanged with clients of the firm. 77 million accounts were Australian Government compromised and blocked PS3 and DDoS attacks, carried out by the PlayStation Portable users from Linkedin online community Anonymous, accessing the service for 23 hours. The passwords of nearly 6.5 million against the Australian Government. user accounts were stolen by Russian cybercriminals. Operation Payback An attack coordinated jointly against opponents of Internet piracy. 2013 2014 Cyberattack in South Korea Celebrity photos Cyber networks of major South 500 private photographs of several Korean banks and television celebrities, mostly women, were networks were shut down in an placed on 4chan and subsequently alleged act of cyber warfare.
    [Show full text]
  • Nation States: Why They Hack Motivations That Drive Nation-States to Participate in Various Cyber Activity
    Nation States: Why They Hack Motivations That Drive Nation-States To Participate In Various Cyber Activity China - North Korea - Russia - Iran - Israel - United States WHY NATIONS HACK - Preface - “All nations are not created equal and, like individual hackers, each has a different motivation and capability.” We know that hackers hack for a variety of reasons. Some hack because they are greedy or have criminal motives. Some hack to satisfy their egos or gain peer recognition. Some hack alone, and some hack in groups. But many hackers, or more accurately “hacktivists,” join groups like Anonymous in order to demonstrate their dissatisfaction with powerful organizations—such as corporations and governments who fail to share their world views. These hackers don’t consider themselves to be bad actors. They see their activity in a positive light, viewing themselves as contributors to a greater body of knowledge, and often hacking without a clear vision of the second-order effects of their actions. Another category of hacker supports nation-state strategy by operating in the cyber domain. These hackers are difficult to categorize, since they may be directly employed by an arm of a national government (ex., the Chinese PLA). Or they may be from an organized crime entity employed by a national government. Think of recent hacks against JP Morgan Chase, which were attributed to an undefined group in Russia. Understanding the motivation of hackers and the organizations whom they are associated with, is essential to understanding their tactics. Knowing one’s enemy is a fundamental concept in kinetic warfare and is equally important, albeit more difficult, in the cyber environment.
    [Show full text]
  • Purple Cyber Security Red Team + Blue Team
    Cyber-TSCM Donald Baldwin MSc & Caramon Stanley PURPLE CYBER SECURITY RED TEAM + BLUE TEAM www.aurenav.com Release: v10 +46 8 604 07 02 © 2017 Aurenav WHAT IS A HACKER? A SHORT INTRODUCTION TO HACKERS AND HACKING HACKER HIERARCHY Skill level • Script Kiddies (Skid): Someone who downloads and uses tools with limited capability to configure or modify. Not able to make their own tools or develop their own exploits. • Hacker: Someone who builds the tools and has high level programming knowledge. Also involved in development of Zero days and reverse engineering code and hardware. • Elite hackers (1337 Haxor): Someone who has developed a reputation (Street credibility) primarily by being involved in high profile hack (attack) and [specialist team or group] hacker communities. The hacker community applies this context to Black Hats. Roles • White Hat: Someone that applies their technical knowledge solely to protection of IT infrastructure for society. In general, White Hat hackers are not often as technically skilled as Grey Hats and Black Hats – In order for an individual to gain strong technical skills in hacking they tend to either hack themselves or associate with people that are hacking. Because of this most of the really good White Hats are actually Grey Hats. • Grey Hat: Someone that generally plays the part of a White Hat but typically participates in the hacker subculture, often through participation in online forums and in some cases may cross the line by participating in Black Hat activities. • Whistle Blower: Someone who steals information from a government or business and leaks it to the internet.
    [Show full text]