the rapid evolution of information security: a game of spy vs spy john a. copeland weitnaur chair...
TRANSCRIPT
![Page 1: The Rapid Evolution of Information Security: A Game of Spy vs Spy John A. Copeland Weitnaur Chair Professor, Georgia Institute of Technology](https://reader036.vdocument.in/reader036/viewer/2022082817/56649db45503460f94aa47b9/html5/thumbnails/1.jpg)
The Rapid Evolution of Information Security:
A Game of Spy vs Spy
John A. Copeland
Weitnaur Chair Professor,
Georgia Institute of Technology
QuickTime™ and a decompressor
are needed to see this picture.
![Page 2: The Rapid Evolution of Information Security: A Game of Spy vs Spy John A. Copeland Weitnaur Chair Professor, Georgia Institute of Technology](https://reader036.vdocument.in/reader036/viewer/2022082817/56649db45503460f94aa47b9/html5/thumbnails/2.jpg)
1960's -Computers come into widespread use in government and companies.
Attacks
The "Logic Bomb" - program installed by computer technician that would wipe out memory after a time period (if not reset).
This may be retaliation for a firing. In one case the culprit called the company and said he heard about their disaster, and said that fortunately he had backup tapes at home that he would sell (he went to prison).
Defenses
Better off-site data backup systems.
2
QuickTime™ and a decompressor
are needed to see this picture.
![Page 3: The Rapid Evolution of Information Security: A Game of Spy vs Spy John A. Copeland Weitnaur Chair Professor, Georgia Institute of Technology](https://reader036.vdocument.in/reader036/viewer/2022082817/56649db45503460f94aa47b9/html5/thumbnails/3.jpg)
3
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
1970's -Computers became accessible from remote terminals.
Attacks (Insiders only, or Burglars)
Guess other user's passwords, or write "Trojan Horse" programs for others to use which would write passwords and other information into the hacker's file.
Defense
Better passwords (educate users - still an ongoing battle today).
Trojan Horse programs are still a problem today. Only install programs from trusted sources. Government "Trusted Computers" check permissions on every read and write.
![Page 4: The Rapid Evolution of Information Security: A Game of Spy vs Spy John A. Copeland Weitnaur Chair Professor, Georgia Institute of Technology](https://reader036.vdocument.in/reader036/viewer/2022082817/56649db45503460f94aa47b9/html5/thumbnails/4.jpg)
1980's -Computers became accessible from telephone voice lines by using a modem.
"Bulletin Board" servers downloaded files, mostly text files for printout.
Attacks
Demon Dialers - rapidly dialed telephone numbers in sequence to find lines with a modem. Then password guessing, if a password was even needed.
Defenses
Better passwords and challenge-response
1983, Teen hacks into US Air Defense Command computer WOPR, and almost starts World War 3 .
QuickTime™ and a decompressor
are needed to see this picture.
4
authentication. [RSA dongles provide one-time passwords, but their basic code was stolen by hackers in 2010].
![Page 5: The Rapid Evolution of Information Security: A Game of Spy vs Spy John A. Copeland Weitnaur Chair Professor, Georgia Institute of Technology](https://reader036.vdocument.in/reader036/viewer/2022082817/56649db45503460f94aa47b9/html5/thumbnails/5.jpg)
QuickTime™ and a decompressor
are needed to see this picture.
1982, Computer innards portrayed as a virtual world where protagonists compete.
Thanks to the movies, computer hacking (breaking in) becomes a sport for high-school age males. They can find "exploit" programs on the Internet from "hacker" Bulletin Boards, and instructions on how to use them.
Many of these young men claim they are doing good by exposing weak security in corporate and government computers. They do damage, even without meaning too by deleting files and crashing mainframes.
Who writes the exploit programs? Could it be professional hackers who want the network noise to cover their own tracks?
5
![Page 6: The Rapid Evolution of Information Security: A Game of Spy vs Spy John A. Copeland Weitnaur Chair Professor, Georgia Institute of Technology](https://reader036.vdocument.in/reader036/viewer/2022082817/56649db45503460f94aa47b9/html5/thumbnails/6.jpg)
1990's - The World Wide Web is born.
Web servers, which work with Web Browses using the HTTP protocol and HTML formatted pages, download all manner of files: email, images, articles.
6
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
Attacks
Download executable files, that install root kits and back doors. "Viruses" (computer programs that replicate and spread) have different payloads.
Defenses
Anti-virus software. Updates continually coming more often and becoming larger. More frequent OS patches.
Spread of Sapphire virus, after 38 minutes.
![Page 7: The Rapid Evolution of Information Security: A Game of Spy vs Spy John A. Copeland Weitnaur Chair Professor, Georgia Institute of Technology](https://reader036.vdocument.in/reader036/viewer/2022082817/56649db45503460f94aa47b9/html5/thumbnails/7.jpg)
Early 2000's - The Decade of the Worm.
In Nov. 1988, the Morris "Worm" (a Virus that spreads through network connections) spread through email servers. Not intended to be malicious, it infected servers multiple times, crashing the Internet email service.
In 2001, the "Anna Kournikova" spreads as an email attachment ("click here"). "Code Red" attacks 360,000 PC's over the Internet. The infected number doubled every 37 minutes. The Sapphire worm later spread 100 times faster,
7
QuickTime™ and a decompressor
are needed to see this picture.
infecting almost every computer that was susceptible worldwide within 10 minutes.
In 2004, the "Witty" worm is targeted at certain network security products: ISS "Black Ice" and "Real Secure." Every available system worldwide was infected within 45 minutes.
Code Red spread
![Page 8: The Rapid Evolution of Information Security: A Game of Spy vs Spy John A. Copeland Weitnaur Chair Professor, Georgia Institute of Technology](https://reader036.vdocument.in/reader036/viewer/2022082817/56649db45503460f94aa47b9/html5/thumbnails/8.jpg)
8
Late 2000's - The Worm Evolves into the "Bot" (for Robot).
A Botnet is a sparse network of compromised computers. They communicate with only a few other members to hide the "Command and Control" points. These could be Web servers whose URL belongs to the Bot Master. The Bot Master can provide services such as Spam mailing, phishing email, flood Denial of Service attacks (for extortion or damage to competitors). Botnets are usually controlled by criminal organizations (e.g., Russian Mafia).
In Nov. 2008, the "Conficker" bot infected over 10 million computers. It could send over 10 billion spam emails a day.
QuickTime™ and a decompressor
are needed to see this picture.
![Page 9: The Rapid Evolution of Information Security: A Game of Spy vs Spy John A. Copeland Weitnaur Chair Professor, Georgia Institute of Technology](https://reader036.vdocument.in/reader036/viewer/2022082817/56649db45503460f94aa47b9/html5/thumbnails/9.jpg)
9
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
Cell phones will become the primary access to the Internet (shopping and banking), and a way to access short-range networks like point-of-sale payment systems and auto access.
Wireless Networks have a checkered history. Early AMPS cell phones were cloned. WiFi cryptographic methods WEP and WPA were broken very quickly.
Attacks - All previous, and spoofing.
Defense - Using network characteristics to "fingerprint" wireless nodes to detect intruders.
R. A. Beyah -"The Case for Ubiquitous Intrusion Detection Systems"
2010's - Wireless Networks are Everywhere
![Page 10: The Rapid Evolution of Information Security: A Game of Spy vs Spy John A. Copeland Weitnaur Chair Professor, Georgia Institute of Technology](https://reader036.vdocument.in/reader036/viewer/2022082817/56649db45503460f94aa47b9/html5/thumbnails/10.jpg)
10
QuickTime™ and a decompressor
are needed to see this picture.
Stuxnet spread around the world before being detected. It did no harm except to a specific combination of Siemens equipment found only in Iran.
It contained four previously unknown (Day-0) vulnerabilities in Windows worth $250,000 each on the hacker market.
Defense against new bots with Day-0 exploits: none.
Stuxnet - The first computer worm aimed at destroying specific physical facilities (Iran's uranium purifying centrifuges). The attacker is unknown, though widely believed to be the U.S., Israel, Germany, or a combination.
![Page 11: The Rapid Evolution of Information Security: A Game of Spy vs Spy John A. Copeland Weitnaur Chair Professor, Georgia Institute of Technology](https://reader036.vdocument.in/reader036/viewer/2022082817/56649db45503460f94aa47b9/html5/thumbnails/11.jpg)
QuickTime™ and a decompressor
are needed to see this picture.
BW, July 25, 201111
Cyber War
The commercial Internet in Estonia was disrupted for several days by Russian hackers unhappy because a WW2 monument was moved.
Thousands of computers in South Korea were destroyed in what was thought to be a test by North Korea.
The U.S. government has developed thresholds for a Cyber Attack that would warrant a counter Cyber-War attack, or a conventional military response.
Defense: None, not even MAD.
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.