Defense, Tech and Internet. The World Changed.

Transcript

1. Defense, Tech and Internet. The World Changed.
   Fernando Tricas Garc´
   ıa
   [email protected]
   Departamento de Inform´
   atica e Ingenier´
   ıa de Sistemas – Escuela de Ingenier´
   ıa y
   Arquitectura – Instituto de Investigaci´
   on en Ingenier´
   ıa de Arag´
   on – Universidad de
   Zaragoza
   Zaragoza, 25 de abril de 2023
   Defense, Tech and Internet. The World Changed.
   

   View Slide

2. About me
   Currently
   Ass. Professor at the University of Zaragoza (Dept. Computer
   Science at the Escuela de Ingenier´
   ıa y Arquitectura).
   Director of the Catedra Telef´
   onica – Universidad de Zaragoza
   de Ciberseguridad.
   Just before, ICT management at the University.
   Research topics (Instituto de Investigaci´
   on en Ingenier´
   ıa de
   Arag´
   on):
   Analysis and synthesis of well-behaved concurrent systems
   usign formal methods.
   Social Network Analysis in Internet.
   Defense, Tech and Internet. The World Changed.
   

   View Slide

3. Defense, Tech and Internet. The World Changed.
   

   View Slide

4. https://www.energy.gov/ceser/articles/national-strategy-secure-cyberspace-february-2003
   Defense, Tech and Internet. The World Changed.
   

   View Slide

5. STUXNET
   2005 (Start of development?) – 2010 (Uncovered)
   Israel & USA (unacknowledged),
   Operation Olympic Games.
   Attack against Iranian nuclear
   facilities.
   Target: Supervisory Control And
   Data Acquisition (SCADA).
   Programmable Logic Controllers
   (PLC).
   Gas centrifuges, for separating
   nuclear material.
   https://en.wikipedia.org/wiki/Gas_centrifuge
   Defense, Tech and Internet. The World Changed.
   

   View Slide

6. STUXNET
   They utilized four zero-day flaws.
   Remote Procedure Call (RPC) with no authenication (MS08-067)
   LNK/PIF vulnerability. (MS10-046)
   A Zero-day bug in the Print Spooler Service
   Elevation of privileges holes
   Windows machines and Siemens Step7 software.
   Collecting on industrial systems and causing the fast-spinning
   centrifuges to tear themselves apart.
   It can copy files, observe computer screens and keystrokes,
   remotely control computer functions ...
   Defense, Tech and Internet. The World Changed.
   

   View Slide

7. STUXNET
   Air gapped machines (offline)
   A rootkit, responsible for hiding all malicious files and
   processes, to prevent detection.
   Introduced to the target environment via an infected USB
   flash drive
   Unexpected commands to the PLC while returning a loop of
   normal operation system values back to the users.
   Defense, Tech and Internet. The World Changed.
   

   View Slide

8. STUXNET
   Air gapped machines (offline)
   A rootkit, responsible for hiding all malicious files and
   processes, to prevent detection.
   Introduced to the target environment via an infected USB
   flash drive
   Unexpected commands to the PLC while returning a loop of
   normal operation system values back to the users.
   Later. . . https://web.archive.org/web/20120104215049/http:
   //www.symantec.com/security_response/writeup.jsp?docid=2010-071400-3123-99
   Defense, Tech and Internet. The World Changed.
   

   View Slide

9. https:
   //nationalinterest.org/blog/buzz/these-olympic-games-launched-new-era-cyber-sabotage-190082
   Defense, Tech and Internet. The World Changed.
   

   View Slide

10. When did the Ukraine war start?
    Defense, Tech and Internet. The World Changed.
    

    View Slide

11. When did the Ukraine war start?
    https://jsis.washington.edu/news/
    cyberattack-critical-infrastructure-russia-ukrainian-power-grid-attacks/
    Defense, Tech and Internet. The World Changed.
    

    View Slide

12. Cyberwarfare
    Hybrid warfare (conventional + cyber)
    Low-level conventional and special operations.
    Offensive cyber and space operations.
    Psycological operations (social and traditional media)
    From low-intensity to high-intensity depending on
    circumstance.
    Strategy (General Nikolay Makarov)
    Disrupting adversary information systems, including by
    introducing harmful software
    Defending our own communications and command systems
    Working on domestic and foreign public opinion using the
    media, Internet and more.
    Defense, Tech and Internet. The World Changed.
    

    View Slide

13. Some keywords
    False flag
    Concealability, deniability
    Governments as malware authors.
    Markets
    Zero-days. . .
    attack or defense?
    Defense, Tech and Internet. The World Changed.
    

    View Slide

14. 2023, March
    Defense, Tech and Internet. The World Changed.
    

    View Slide

15. https://www.whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf
    Defense, Tech and Internet. The World Changed.
    

    View Slide

16. Recommended reading
    Nicole Perlroth. ‘This Is How They Tell Me the World Ends:
    The Cyber Weapons Arms’ (February 2021).
    Mikko Hypponen. ‘If It’s Smart, It’s Vulnerable’ (August 2,
    2022)
    More (classical) reading:
    Ken Thompson, ‘Reflections on Trusting Trust.’ Turing Award
    Lecture. 1984.
    https://users.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf
    Dan Geer. ‘Shared Risk at National Scale.’
    https://web.stanford.edu/class/msande91si/www-spr04/slides/geer.pdf
    Defense, Tech and Internet. The World Changed.
    

    View Slide

17. Thanks! ¡Gracias!
    [email protected]
    @fernand0
    https://webdiis.unizar.es/~ftricas/
    Defense, Tech and Internet. The World Changed.
    

    View Slide