Internet Storm Center Infocon Status

Cyber Attack Research

:::: The *”Internet of Dangerous Things” ::::

1 – How do we define the internet?

The misconception is that the internet is just the information we access. The internet represents the whole collection of devices that makes up the whole internet realm.  Such devices include routers, switches, servers, as well as all Internet Service Providers (ISP’s), and can even be argued to include cell phones that have connectivity, and quite possibly even end-user devices such as media players (Roku, AppleTV’s, etc).  The internet is not simply what you access.  It is also how you access it and from what device you access it.

Think of all the devices that connect to the internet in your home and start listing them.

  • internet router
  • laptop / desktop
  • web streaming devices like Roku, Apple TV
  • smart tv’s
  • cell phones with wireless connection, iPods, internet radio devices
  • wireless printer/copier
Brian Krebs (krebsonsecurity.com) refers to the massive growth of devices as the “Internet of Dangerous Things?”

2. Internet of Dangerous Things… what does that mean?

One has to first recognize that the internet is under constant development.  New devices are coming on the market all the time.  Every device is, or should be, built to standards.  These standards include things like hardware standards, security measures, encryption, to keep the device somewhat secure.

The problem is that devices were, and are, being pumped out at an amazing rate.  Where once internet access was a home-user dialing up to the internet, it is now potentially on a user’s wrist as a smart watch, in their pockets, as a smartphone, and in their backpacks as a laptop/mobile computer.
With the massive surge of devices, there should have also been a massive surge in security measures, updates, fixes, and patches, to help keep these devices secure.  But, that has not been the case.  Additionally, old devices become obsolete, yet still connected to the internet.  These devices can easily be absorbed into “botnets.”

3. What are botnets?

Botnets are networks that use and abuse computers and other internet accessible technology (mostly without the user even knowing).  Botnets are used in attacks, such as the recent Sony attack.  But, botnets are not only made up of computers.  They are also made up from routers.  Very likely, the same type of router that you use for your home internet.  In fact, routers are a huge form of compromise as very few people take extra measures to protect them and they are often supplied by the ISP so that the user does not have full control of updates even if they wanted to update them.

4. How big is this problem and how big are these botnets?

It is very difficult to say how many non-secure devices are floating around the internet, but according to the Krebs article (linked below), the number well exceeds 20,000,000.  In Krebs recent book, Spam Nation, Krebs claims that only 10,000 routers would be needed to perform a large attack on a large company.  So, potentially, if botnets could pull together all these available non-secure devices at the same time, 2000 large attacks could be performed simultaneously!  That is not to say that botnets have access to all these devices, only to indicate the scale of attacks if they did have access.
*I believe the quote, “Internet of Dangerous Things,” is original to Brian Krebs (https://krebsonsecurity.com/2015/01/the-internet-of-dangerous-things/)
Other good research on cyber security can be found at schneier.com.

:::: Cyber Attack Research :::

5. Have there been recent warnings with regard to cyber security?

The articles below are from dates prior to Krebs recognition regarding the massive problem of device security.

:: USA Today :: Power Grid Vulnerable to Terrorist Attack
Date: 11/14/2012
http://www.usatoday.com/story/news/nation/2012/11/14/power-grid-vulnerable-terrorism/1704803/

:: NY Times :: Power Grid Attacked in Arkansas
Date: 10/08/2013
http://www.nytimes.com/2013/10/09/us/power-grid-is-attacked-in-arkansas.html

:: Fox News :: Digital Sniping Attack on Power Grid
Date: 02/06/2014 in reference to attack on 04/16/2013
http://www.foxnews.com/politics/2014/02/06/2013-sniper-attack-on-power-grid-still-concern-in-washington-and-for-utilities/

:: University of California at Riverside :: Research on Internet-based Attacks on Smart Grid
http://www.ee.ucr.edu/~hamed/MRLGjTSG11.pdf

:: Bloomberg :: Banks and Utilities as Targets of Syrian Attacks
Date: 08/28/2013
http://www.bloomberg.com/news/2013-08-28/banks-utilities-seen-as-targets-of-syrian-cyber-attacks.html

:: Federation of American Scientists :: Physical Security of Grid
Date: 06/17/2014
fas.org/sgp/crs/homesec/R43604.pdf

:: Fox News :: Reported on “cyber caliphate” prior to Twitter attacks on CentCom
09/14/2014
http://www.foxnews.com/world/2014/09/14/digital-jihad-isis-al-qaeda-seek-cyber-caliphate-to-launch-attacks-on-us/

:: Krebs on Security :: Home Routers Used in Recent Attacks
01/09/2015
http://krebsonsecurity.com/2015/01/lizard-stresser-runs-on-hacked-home-routers/

:: Hollywood Reporter :: Google’s Eric Schmidt, “The Internet will disappear…” (an article about how we are incredibly reliant on the Internet)
01/22/2015
http://www.hollywoodreporter.com/news/google-chairman-eric-schmidt-internet-765989

:::: Cyber Attacks and America ::::

6. Can cyber attacks ever be good for the American people?

I believe there is a mixed answer to this question.  There are two fantastic examples of attacks are likely government prompted that probably have our safety in mind.  One is Stuxnet, the other, Regin (pronounced: “region” according to Symantec).

If both of these can be attributed to the US government, then we see the role of government stepping between the user and the global internet.  I’m undecided what I think about that.

Additionally, in the most recent Snowden releases, we see evidence that the US government further has a network that can intercept attacks and divert the traffic if necessary.  It sure seems like great technology, but what happens if/when you can’t trust your government.  It seems like they have total control.

7. What are Stuxnet and Regin?

Both Stuxnet and Regin are sophisticated.  Stuxnet was used to spin the Iranian centrifuges, used to refine natural Uranium into weapons grade Uranium, out of control and destroy them.  One can easily argue that Stuxnet was an incredible success.  Stuxnet was likely a cooperative effort between the US and Israel, though neither take credit for the attack.

Though Stuxnet can be pegged as a success, Regin may fall more into a gray area.  Regin is part of a massive digital infiltration.  Regin is multi-purpose.  One purpose is to gather access usernames and passwords to infrastructure.  Yet, other purposes are also hidden.  The code seems very smart.  Those on the control end of the code can use various triggers to make the code do certain things, such as control the computer.

Regin infections are represented here:

When examining the map, you see that infections were primarily found in Russia and Saudi Arabia.  Regin could lead one to believe that we are in the middle of a Cyber Cold War.  Just as with the nuclear scenario of the 80’s, what if there was an unleashing of cyber war potential against the US at the same time attacks were being unleashed in attacking countries.
Regin also can lead one to question, “what if there was other malware embedded in the USA, maybe even more well hidden?”  Additionally, “what if the US, of other country, was using such measures for information gathering against US citizens?”

:: Wired Magazine :: Stuxnet
11/03/2014
http://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/

:: Symantec :: Regin



:::: Cyber Warfare Damage ::::


8. What damage can cyber-warfare inflict?

In recent news, we know that cyber warfare can bring a company like Sony to its knees.  The Sony attack prevented freedom of speech as Sony pulled a movie from the theaters (even though they performed an internet release of the movie).

But, this is just a small example.  Krebs (in Spam Nation) discusses how companies use attacks to control companies and their interests on a much larger scale.

From the information you have seen here, do you think it is likely that cyber warfare could be used to…

  1. take down a bank?
  2. take down a power plant?
  3. take down an ISP (Internet Service Provider)?
  4. take down telecoms infrastructure?
  5. to gather personal information for identification purposes?
  6. control or change information on the internet?

Recently, Detroit had a power outage due to a faulty line.  The outage had a huge impact on all emergency services (police, fire, etc), the hospital, and buildings were shut down.  It was chaos for the few hours when the outage was at its peak.  Just imagine the chaos that would be caused by a larger outage.

:::: What Can You Do Against a Cyber Attack? ::::

“Hope for the best, plan for the worst.” – Lee Child

Despite picking up books to help you plan for a disaster, you will unlikely know if you even have what it takes until a disaster hits.  Most will pick up books, read them once or twice, and maybe even make a few adjustments to the way they live, but I fear that few people are truly prepared for a disaster.  Books often bring subjects to consider, but too often, we don’t make hard decisions until we are forced to.

:::: Decide, then Do. ::::

9. So, how can someone become better prepared?

1. Decide, then Do Change Your Mindset:
You must determine that you are more intelligent than the “infrastructure,” whatever “infrastructure” means to you.  Infrastructure could be cellular service, internet, power, transportation, access to health services, or anything else you cannot provide for yourself.

Until you begin changing your mindset, you will do nothing else.  You won’t really change. 

2. Decide, then Do Prioritize:
Step 1: Make a list of the services/items or items you rely on.
Step 2: Immediately scratch off the items you can do without in an emergency.
Step 3: Prioritize the remaining items in order.  Pick the biggest, mark it with a one.  Then, the next biggest with a two… and so on.

Some items from your list may include things like… grocery store, fuel, heat/lights, money, communication, internet, healthcare, clothes, job/work or trade.

3. Decide, then Do Learn:
Start with items one, two, and three on your list.  You will learn about these three areas first.  As you begin to develop confidence in a particular area, move on down the list until you’ve learned basics of many different topics.  Ask yourself, “What do I need to do to replace this item on my list?”  For example, for grocery store, you should be thinking what hunting/fishing/trapping/foraging/gardening skills and techniques can I learn to help provide for me and my family?  Another example is healthcare.  Ask yourself, “Do I understand the basics of First Aid?”

I am runner.  I have run a few marathons, as well as races from 5k to 25k. What I discovered is that I would not truly be motivated to train for a race until I had registered for the race.  In like fashion, get registered for some training.  Get registered for a First Aid class.  Get registered for a hunter safety class.  That could be the start of some great motivation.

4. Decide, then Do Collaborate:
Finding like-minded people can sometimes be a challenge.  Take advantage of the situation.  For example, if the power goes out in your workplace, start asking your co-workers what they would do if the power went out for the rest of the day, the rest of the week, and what if it went out for a month.  If you feel and earthquake tremor, start asking your friends if they have a plan for a earthquake.  Next time you get a big storm, ask your friends or co-workers if they have enough food.  Their answers may surprise you and you may find some like-minded individuals closer than you think.

Other ideas may be to find a good “prepper” book that you can do without and pass it to a friend or co-worker.  If they pass it back with a cross look, then pass it on to someone else.

The point is that collaboration is up to you.  Don’t rely on someone else to make it happen.

5. Decide, then Do Plan:
As you start picking up new knowledge and making new “prepper” friends, plan for various emergencies.  Pick the biggest threats and plan for them.  If you live in a harsh whether environment, plan for that weather.  It could be hurricanes, harsh winter storms, etc.  If you live in an earthquake zone, plan for earthquakes.

6. Decide, then Do Practice:
Put your plan into action.  Of course, you need to note the things that worked and change the things that did not work.  Go back to your plan and make whatever revisions need to be made.


TO FIND OUT ABOUT SECURE EMAIL ACCESS, PLEASE CLICK HERE