The Cyber Executive Order of April Fools’ Day 2015

Transcript

1. The Cyber Executive Order of April Fools’ Day 2015 Dr.

   Markku-Juhani O. Saarinen Visiting Researcher (From 01-Aug-15, Queen’s University Belfast, UK) [email protected] Gebze, Turkey – April 24, 2015 1 / 30

2. Disclaimer This is an unclassified, general audience cyber security training

   talk. All of the opinions and assessments are my own, and should not be attributed to my previous, current, or future employers. 2 / 30

3. Outline of Talk 1. → A personal story about cyber

   armaments, bypassing encryption. ← 2. Cryptography, Wassenaar, and the new Executive Order. 3. Opinions on “Cyber Training” curriculum. 3 / 30

4. Background: Advanced Security Training / Evaluation I did occasional PENTEST,

   INFOSEC, COMSEC, Forensics, Network Filtering and Monitoring, and other security consulting for Dubai based companies in 2004-13. In 2013 a Dubai competitor was offering “Extrusion Testing” services to test resistance against Advanced Persistent Threats (APT) using a custom Remote Access Tool/Trojan (RAT). The testing methodology closely follows that employed in cyber espionage – targeted e-mail attacks, utilization of exploits and RATs, data exfiltration. As the use of underworld tools were considered highly risky, a Dubai security consultancy asked me to develop proprietary tools for this type of Penetration Testing exercises. 4 / 30

5. Terminology: Targeted Attacks / Advanced Persisten Threat Weekly occurrence against

   governmental research organizations in most coutries. Low-risk attack, often attributed to Ru, Cn, SEA, ..., “Everybody, All The Time.” This is probably the cheapest, most effective industrial and and governmental espionage method – include in security training, then simulate and evaluate response. 1. Initial Compromise. Often at least partly based on social engineering. 2. Establish Foothold. Often via RATs & CC. 3. Escalate Privileges. Hacking: exploits, password cracking, keyloggers, sniffing, etc. 4. Internal Reconnaissance. Admin IDs, Server IPs and ports, tunnels, proxies etc. 5. Move Laterally. Move closer to targets of interest by using stolen credentials or hacking, social engineering techniques to further internal access.. 6. Maintain Presence. Install backdoors or attacker-controlled user accounts. 7. Complete Mission. Get the “loot” out. Clean up all traces of intrusion, if possible. 5 / 30

6. Targeted Attacks via Email Attack Operator Identified Target User From:

   [email protected] Subject: Mucho Importante! hagr4t.pdf Forged e-mail that drops the RAT The most common way to penetrate target organizations is to send an e-mail that has been specially crafted to be opened by target that has malicious payload or link. 6 / 30

7. Command and Control System for RATs Operator (hrterm) Target (hagr4t.exe)

   Firewall C&C Server (hrccd) Outbound HTTP Control Control Protocol Target (hagr4t.exe) The dropped RAT establishes outbound connection using http and standard libraries to a Command & Control server (C2), which can be hosted at arbitrary location. The C2 server can control any number of RATs. Operator connects to C2 service (perhaps via tor) to monitor, expand laterally, and exfiltrate “loot”. 7 / 30

8. Reference: A typical “Deep Web” RAT Unattributable, but often backdoored,

   “hacker quality” – not suited for PENTEST. 8 / 30

9. Reference: A Law Enforcement Interception Toolkit In contrast to espionage

   and cybercrime, in lawful interception attribution is not a problem. Complete suites for interception and intelligence analysis are available, together with appropriate commercial training and 24/7 phone helpdesk support! Administrator manual. Intercept Tech manual. Analyst Manual. 9 / 30

10. HAGRAT – Requirement Specification (Project Goals, March 2013) 1. Remote

    command-line shell. Allows the operator to examine the target system and its files. 2. Remote program execution. Operate “plugin” tools on target system for additional functionality. 3. A control terminal. A remote operator interface that connects to a Command and Control Server. 4. File transfer. File upload / download from the operator system without additional tools or services. 5. Communications security. Strong encryption and authentication of all traffic. Communication link not identifiable by network analyzers or IDS/IPS systems (indistinguishable from random). 6. Firewall penetration. HTTP control channel with the Windows system Proxy settings and credentials in order to effectively penetrate through firewalls. 7. Alerts. System can be configured to issue an alert message such as an e-mail when a specific RAT becomes active and the target system can be accessed. 8. Automation. A script system that allows automatic intelligence gathering and data acquisition. 9. Targeted binaries. Encoding of server address, persistence mechanism, and other configuration information into the RAT binary executable itself. 10. Limited persistence. A persistence mechanism and a “self-destruct” feature which erases the RAT from the target system after a specified date. 10 / 30

11. So I simply wrote a HAGRAT from Scratch.. 11 /

    30

12. Development took 3 months between March and May 2013 Command

    and Control infrastructure was Implemented for Linux, only ≈ 3,500 lines. Robust Linux Command and Control (r00tbsd took over PLA’s Poison Ivy CC in his hackback). Not as easily detectable due to discrimination in usage. Communications security: Early versions of Blinker & CBEAM (CT-RSA ’14) encryption developed for this project. The hagr4t.exe binary size is only 12kB ! Stuxnet and flame were in megabyte range, developed in multiple stages, languages. Excellent firewall penetration – even through authenticating proxies. Fakes a browser connection rather than proprietary port and protocol. 12 / 30

13. Almost FUD two years after delivery (last tested 15-Apr-15) Definition

    files were dated 14/15 April 2015. No detection by major vendors Comodo, Kaspersky, McAfee, Microsoft, Sophos, Symantec, Trendmicro, .. Heuristic warnings: AVG, Avira, F-Secure and some minor vendors. Based on this experiment, almost no effort is required to circumvent most of “current best practice” corporate / government malware detection. 13 / 30

14. Deeb Web IS useful for recent “drive-by” Exploit Kits (18-Apr-15)

    A custom RAT has a long lifetime, a $2 exploit kit does not. If you need 0-days, they have a going price of $10k .. $100k. But you really don’t. 14 / 30

15. Findings ▶ Anti-virus systems and firewalls do not actually protect

    against targeted threats. ▶ Three months and a $30,000 budget (≈ 1 JDAM bomb) was required to create a new RAT cybermunition & CC from scratch, which can circumvent encryption. ▶ Relatively safe: My tools were used in Red Team Exercises (or simulated cyber warfare campaigns) against live targets as its behavior was understood. ▶ Droppers available from metaspoit etc. Note: In 2013 APT12 intelligence gathering efforts did not even use an exploit, 0-day or otherwise. 2015 APT28 “RussianDoll” apparently used 0-days in both Flash (CVE-2015-3043) and Win (CVE-2015-1701). ▶ Operators need only moderate technical skills (e.g. CISSP level), more tenacity and social engineering skill required in writing the e-mail baits. ▶ Easy, cheap and fast ? I have 20 years of coding and 15 years of PENTEST / Ethical Hacking experience. But one does not need nation state resources. “Developing a Grey Hat C2 and RAT for APT Security Training and Assessment” https://mjos.fi/doc/saarinen_hrpaper.pdf 15 / 30

16. Outline of Talk 1. A personal story about cyber armaments,

    bypassing encryption. 2. → Cryptography, Wassenaar, and the new Executive Order. ← 3. Opinions on “Cyber Training” curriculum. 16 / 30

17. Arms Export Control / Dual-Use Goods and Technologies List ______________________

    * This version is a second corrigendum to the Control Lists (WA-LIST (14) 1 Corr.), to incorporate the amendment to ML10. Note 2 in the Munitions List. WA-LIST (14) 2* 25-03-2015 THE WASSENAAR ARRANGEMENT ON EXPORT CONTROLS FOR CONVENTIONAL ARMS AND DUAL-USE GOODS AND TECHNOLOGIES LIST OF DUAL-USE GOODS AND TECHNOLOGIES AND MUNITIONS LIST http://www.wassenaar.org CATEGORY 4 - COMPUTERS 4. D. 4. "Software" specially designed or modified for the generation, operation or delivery of, or communication with, "intrusion software". CATEGORY 5 PART 2 "INFORMATION SECURITY" 5.A.2.a.2. Designed or modified to perform ’cryptanalytic functions’; Note ’Cryptanalytic functions’ are functions designed to defeat cryptographic mechanisms in order to derive confidential variables or sensitive data, including clear text, passwords or cryptographic keys. Personal use exception does not apply to 0-days! 17 / 30

18. Reactions 18 / 30

19. POTUS Executive Order on “cyber-enabled activities” (01-Apr-15) THE WHITE HOUSE

    Office of the Press Secretary For Immediate Release April 1, 2015 TEXT OF A LETTER FROM THE PRESIDENT TO THE SPEAKER OF THE HOUSE OF REPRESENTATIVES AND THE PRESIDENT OF THE SENATE April 1, 2015 Dear Mr. Speaker: (Dear Mr. President:) Pursuant to the International Emergency Economic Powers Act (50 U.S.C. 1701 et seq.) (IEEPA), I hereby report that I have issued an Executive Order (the "order") declaring a national emergency with respect to the unusual and extraordinary threat to the national security, foreign policy, and economy of the United States posed by the increasing prevalence and severity of malicious cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States. The order would block the property and interests in property of:  any person determined by the Secretary of the Treasury, in consultation with the Attorney General and the Secretary of State, to be responsible for or complicit in, or to have engaged in, directly or indirectly, cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States that are reasonably likely to result in, or have materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial stability of the United States and that have the purpose or effect of: o harming, or otherwise significantly compromising the provision of services by, a computer or network of computers that support one or more entities in a critical infrastructure sector; o significantly compromising the provision of services by one or more entities in a critical infrastructure sector; o causing a significant disruption to the availability of a computer or network of computers; or o causing a significant misappropriation of funds or economic resources, trade secrets, personal identifiers, or financial information for commercial or competitive advantage or private financial gain; or http://www.whitehouse.gov “I, BARACK OBAMA, President of the United States of America, find that the increasing prevalence and severity of malicious cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States constitute an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States. I hereby declare a national emergency to deal with this threat.” “(B) to have materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services in support of, any activity described in subsections (a)(i) or (a)(ii)(A) of this section or any person whose property and interests in property are blocked pursuant to this order;” Ergo: I quit this line of work, moved fully to Academia! 19 / 30

20. Outline of Talk 1. A personal story about cyber armaments,

    bypassing encryption. 2. Cryptography, Wassenaar, and the new Executive Order. 3. → Opinions on “Cyber Training” curriculum. ← 20 / 30

21. Training for Cryptanalysis Before there were dedicated cryptography courses and

    programs, a cryptographer needed a solid background education in: Abstract Algebra, Algorithmics, Boolean Algebra, Coding Theory, Complexity Theory, Computational Number Theory, Computer Algebra Systems, Computer Arithmetic, Game Theory, Graph Theory, Group Theory, Gröbner Basis, Information Theory, Linear Algebra, Mathematical Analysis, Number Theory, Probability Theory, Statistics, etc. This mathematical and theoretical training prepared us for our profession (cryptology and cryptanalysis) and has been essentially unchanged for 30 years. “Spend a year or ten breaking ciphers and you should be good.” However, things have changed. “Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on.” –E.S. Note the emphasis on properly implemented. Badly implemented crypto is useless. 21 / 30

22. Broader Definition of “Cryptanalytic Vulnerability” 22 / 30

23. Cryptanalytic Vulnerability Cryptanalytic vulnerability in an information security device, according

    to NSA: 1. A design flaw. 2. An implementation flaw. 3. A system integration flaw. 4. Flaw in the way cryptographic device is used. Mathematical cryptanalysis deals only with [1] whereas [2,3,4] are equally important. Problem: ▶ Most cryptographers don’t really know how to engineer things. ▶ Most engineers do not have sufficient theoretical understanding of cryptography. ▶ Run-of-the-mill cryptographers and engineers lack operational security training. You need years of experience and training to implement crypto securely, and security is why we do crypto. Don’t just assign random engineers to it and expect good results! 23 / 30

24. The Problem is Global (1/2) I examined the “Reference Implementation”

    submissions to the NIST-sponsored CAESAR competition (which seeks to replace AES-GCM as the prominent AEAD). Protip: C does not have garbage collection Authors of MARBLE, CLOC, SILC, LAC, and POET reference implementations: C is not Java. You need to pick up your litter. These implementations have malloc() calls but no corresponding free() calls. ▶ This will, in the long run, crash any application using these implementations. ▶ Memory leakage has far more serious security implications than any cryptanalytic weakness that MARBLE, CLOC, SILC, LAC, or POET may have. ▶ All reasonable implementations of on-line ciphers avoid dynamic memory allocation altogether since it should not be necessary. 3 / 7 ← At FSE ’15. 24 / 30

25. The Problem is Global (2/2) Many of these “reference implementations”

    came from prominent international cryptographers who can’t write secure code at all and are extremely dangerous. Additional notes for Reference Implementations ▶ There are little-endian and big-endian computers and your reference code should give the same results on both (many submissions). ▶ There are aligment limitations on many platforms – some systems will halt if you read (big) words from unaligned addresses (many submissions). ▶ C source code files have .c suffix and C++ source files have .cpp suffix. If you put C functions into a .cpp file, linkage will be incompatible (PAEQ, Primates). ▶ In C, source code and data of founctions go into .c files and prototypes and definitions go into .h files (SABLIER, ELMD, AES-OTR, SHELL). With universal reference implementations you will have to sacrifice performance for uniform, correct operation on all platforms. This helps analysis. 5 / 7 ← At FSE ’15. 25 / 30

26. Information Security Programs I don’t have PhD in Mathematics or

    Computer Science, my PhD is officially in Information Security (RHUL, 2009). That was a start but a technical, employable INFOSEC professional also needs to have relevant education in: Application Security, Arms trade policies, Assembly languages, Cellular radio systems, Client-Server Programming, Compliance testing, Digital circuit design, Electronics, Embedded systems, Emission analysis, Encryption Standards, Exploit development, High-performance computing, History of cryptography, Intellectual property, Logic optimization, Microwave communications, Network engineering, Network programming, Optics, Penetration testing, Protocol Analysis, Quantum computing, Quantum cryptography, Quantum mechanics, Radio networks, Radio propagation, Satellite communication, Secure Programming Techniques, Side-channel attacks, Symmetric cryptanalysis, System programming, System security, Telephony Systems, Threat intelligence, Web Security, etc. In 2015, INFOSEC is a major independent field of study. Just look at the budgets! 26 / 30

27. USA: National Centers of Academic Excellence in IA / CD

    27 / 30

28. UK: Academic Centers of Excellence in Cyber Security Research 28

    / 30

29. Conclusions ▶ Targeted attacks are being used to steal your

    cryptographic keys. ▶ Offensive cyber capabilities are common and everyone should have training and understanding of the threat. Threat intelligence is vital. ▶ Very recent regulatory changes are causing limiting the exchange of information and tools for cryptanalysis and penetration testing. ▶ Cryptography and Information Security should be understood to be its own, independent field of study: ▶ A cryptographer who can’t write secure code is harmful. ▶ An engineer who does not understand maths (e.g. fields and curves) is harmful. ▶ Cryptographic system in an insecure system is harmful. ▶ In order to do more good than harm (by instilling false confidence), a rigorous training programme should be required from security engineering practioners. 29 / 30

30. Thank You! Any Questions? https://mjos.fi [email protected] 30 / 30