Sicurezza Informatica e Internet
Giuseppe F. Italiano
[email protected] Tel. 06 72597394
Giuseppe F. Italiano
Siamo tutti “consumatori” di sicurezza inf.
Pagina Web del Corso http://sites.google.com/site/ italianodidattica/didattica/ssi-info/ Giuseppe F. Italiano
♦ Contiene tutto (o quasi) sul corso ♦ Lucidi, link, informazioni sull’orario di
ricevimento, sugli appelli
Gruppo Facebook del Corso
Giuseppe F. Italiano
Sicurezza informatica e Internet – Tor Vergata ♦ https://www.facebook.com/groups/
124516421011095/ ♦ Chiedere l’iscrizione ♦ Dedicato esclusivamente a discussioni e notifiche sul corso
Twitter
Giuseppe F. Italiano
@GFItaliano ♦ Tweets su argomenti di security
1. SII (9 CFU)
Giuseppe F. Italiano
§ Esame consiste in:
1. Prova scritta 2. Progetto (sarà disponibile su sito Web) § Altro?
Organizzazione del Corso ♦ Lezioni (piu’ o meno tradizionali) ♦ Guest lectures ♦ Ricevimento: dopo lezione oppure giovedì Giuseppe F. Italiano
ore 13:00-14:00.
Attacchi recenti ♦ Maggiori informazioni sul Gruppo
Giuseppe F. Italiano
Facebook
Giuseppe F. Italiano
Main Targets
Source: Radware Global Application and Network Security Report
Giuseppe F. Italiano
Main Techniques
Source: Arbor Networks - Worldwide Infrastructure Security Report
Giuseppe F. Italiano
Zero Day Exploits Shopping List
Source: Forbes, “Shopping For Zero-Days: A Price List For Hackers’ Secret Software Exploits”, 2012
Main Threats (Actors) ♦ Criminal activities – Credit card theft, child pornography, copyright infringement, spyware and other unauthorized cyber tracking software, phishing and fake websites
Giuseppe F. Italiano
♦ Insiders – Both intentional and unintentional ♦ Terrorist groups – Covert communications, funding, coordination ♦ States – State-sponsored or corporate cyber espionage ♦ Individuals/Hacktivists – Propaganda/Web defacements
1. Cyber Crime
Giuseppe F. Italiano
♦ Professional level malware… – Not scriptkiddies, – Worldwide actors and impact ♦ Favorite tools – Fakeware (Rogue antivirus, codecs), Malicious “PACKS” (Crimepack, Neosploit, Phoenix Exploit Kit etc…), Misc keyloggers ♦ Why? – Botnets (spam, DDOS) – Credentials (user, banking, military…) – It’s all about money
RSA – Mar 2011 ♦ Hackers penetrated RSA servers ♦ Stole information from their systems ♦ Some information specifically related to SecurID
Giuseppe F. Italiano
2-factor authentication products (used, among others, by Lockheed-Martin and Northrop-Grumman...) ♦ Breach carried out by phishing attack towards small number of employees. – Email with xls attachment containing malware (Adobe Flash zero-day exploit) that installed backdoor.
Giuseppe F. Italiano
RSA – Mar 2011 “Our investigation has led us to believe that the attack is in the category of an Advanced Persistent Threat (APT). Our investigation also revealed that the attack resulted in certain information being extracted from RSA's systems. Some of that information is specifically related to RSA's SecurID two-factor authentication products. While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack. We are very actively communicating this situation to RSA customers and providing immediate steps for them to take to strengthen their SecurID implementations..” Art Coviello, Executive Chairman, RSA
Giuseppe F. Italiano
Bitcoin – Feb 2014 "Bitcoin was, of course, created in part to cater to libertarian dreams – to provide a way to store your wealth where governments can’t steal it through taxation or currency debasement. And it’s true! Thanks to Bitcoin, you can instead have your wealth stolen by private hackers."
2. Insider Threats
Giuseppe F. Italiano
♦ Can be most dangerous threat – Modern systems require information be available to greatest number of participants – Disgruntled employees ♦ Technology makes it easy to leak – Unintentional leakage of classified data onto unclassified networks ♦ Wikileaks demonstrates impact
of insider threats – One event released hundreds of thousands of classified documents
3. Cyber Terrorism ♦ Terrorists currently using
Giuseppe F. Italiano
networks for operational support – Propaganda, planning, recruitment, funding, communications, …
♦ Easier to hire cyber criminals
to conduct network attacks – Botnets for hire (e.g., Iranian Cyber Army shopping botnet to cyber criminals in Sept. 2010)
4. State Threats?
Giuseppe F. Italiano
♦ Series of coordinated cyber attacks
(DDOS)
that began April 27, 2007 and swamped websites of Estonian organizations, including Estonian parliament, banks, ministries, newspapers and broadcasters, amid the country's row with Russia about the relocation of the “Bronze Soldier”, an Soviet-era war memorial in Tallinn ♦ Estonian Foreign Minister Urmas Paet accused the Kremlin of direct involvement in the cyberattacks. On September 6, 2007 Estonia’s defense minister admitted he had no evidence linking cyber attacks to Russian authorities
4. State Threats? ♦ Sep 2007: Israeli airstrike on a
♦
Giuseppe F. Italiano
♦
♦
♦ ♦
Syrian facility (suspected of being associated with nuclear enrichment). Non-stealthy warplanes flied undetected. First of all the local Syrian air defense site was assaulted with electronic attack (EA) to enable the Israeli planes to enter and exit Syrian air space Further elements of the attack included network penetration involving both remote air-to-ground EA and intrusion through computer-to-computer links More interesting was that the cyber-attack seemed to be conducted from the air just before the kinetic attack Known as “Operation Orchard”
State Threats?
Giuseppe F. Italiano
♦ 2008: Malicious code on USB
flash drive in U.S. military facility in Middle East spread on Pentagon systems. Caused big military data loss. ♦ French Navy (Marine Nationale) admitted that Conficker worm struck some important systems preventing operative units to download their flight plans as databases were infected. ♦ January 2009, British Defence Ministry attacked by a version of Conficker that infected some 24 RAF bases and 75% of the Royal Navy fleet, Ark Royal aircraft carrier comprised!
State Threats? ♦ March 2009: cyber spy
Giuseppe F. Italiano
network, GhostNet, into classified documents targeting Tibetan exiles – Attacked 1,300 computers in 103 countries, government and private, reading e-mails and forwarding secret documents – GhostNet invaded its victim computers when users opened a malicious e-mail attachment – GhostNet-infected machines were controlled by computers in China – Targets included embassies, ministries, news outlets, NGOs, and specifically the Dalai Lama
Giuseppe F. Italiano
Main Objectives
08/03/2011
"Università degli Studi di Roma Tor Vergata"
23
Giuseppe F. Italiano
Per chi non sa il francese…
Giuseppe F. Italiano
Stuxnet Windows-specific worm first discovered in June 2010 by VirusBlokAda, a security firm based in Belarus Written specifically to attack Supervisory Control And Data Acquisition (SCADA) systems used to control and monitor industrial processes. Stuxnet includes the capability to reprogram Programmable Logic Controllers (PLCs) and hide changes. First known worm to target critical industrial infrastructure “A working and fearsome prototype of a cyber-weapon that will lead to the creation of a new arms race in the world.” Source: Kaspersky Lab
Giuseppe F. Italiano
Stuxnet Propagation
(China
6,000,000 unconfirmed)
Giuseppe F. Italiano
Stuxnet Propagation
(China
6,000,000 unconfirmed)
Giuseppe F. Italiano
Flame
Giuseppe F. Italiano
Flame
Giuseppe F. Italiano
Flame
Giuseppe F. Italiano
State Threats?
Drones invisible to radars but not to viruses! Virus was a key logger
Giuseppe F. Italiano
State Threats? On Dec 4, 2011 US Lockheed Martin RQ-170 Sentinel UAV (Unmanned Aerial Vehicle) captured by Iranian forces in northeastern Iran. “The operators of the UAV lost control of the aircraft and had been working to determine its status.” Source: NATO - International Security Assistance Force in Afghanistan
Giuseppe F. Italiano
More GPS Jamming / Spoofing?
Giuseppe F. Italiano
NSA PRISM
Giuseppe F. Italiano
5. Individuals / Hacktivists
Giuseppe F. Italiano
Giuseppe F. Italiano
Giuseppe F. Italiano
Current / Future Trends?
Technology on Attacker’s Side
Giuseppe F. Italiano
♦ HW: growth in CPU speeds / cost decrease – Today able to crack 8-character passwords in 2 hours using currently available processors with graphics cards and software publicly available ♦ SW: malware
growth is exponential
Current / Future Trends? ♦ Cloud computing ♦ Mobile / Smart phone vulnerabilities ♦ Attacks against critical infrastructures
Giuseppe F. Italiano
♦ Compromised social networking sites ♦ Interconnectivity of more devices
(Internet of things) ♦ But… New jobs in the market!
Giuseppe F. Italiano
New Jobs in the Market
Giuseppe F. Italiano
Giuseppe F. Italiano
Giuseppe F. Italiano
Giuseppe F. Italiano
Giuseppe F. Italiano
Health Wall of Shame
Giuseppe F. Italiano
https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
Come possiamo proteggerci? ♦ Segretezza delle
Giuseppe F. Italiano
♦ ♦ ♦ ♦ ♦ ♦
informationi sui propri sistemi Segretezza della comunicazione Controllo dei nostri sistemi e reti Integrità dei dati Denial of Service Autenticità dei partner nella comunicazione Privacy
♦ Uso esteso della ♦
♦ ♦ ♦ ♦ ♦
crittografia Controllo degli Accessi (hardware, software, sistema, applicazioni) Autenticazione (password, certificazione, biometrica) Virtual Private Networks Sistemi per la rilevazioni delle intrusioni Ridondanza delle strutture Cultura della riservatezza
Giuseppe F. Italiano
Programma del corso ♦ Crittografia – breve storia, convenzionale e a chiave pubblica (gestione e distribuzione delle chiavi in altro modulo) ♦ Autenticazione – Sistemi base, challenge-response, autenticazione di sistemi ed utenti ♦ Sicurezza delle Communicazioni – IPSec, VPN, sicurezza del Web , sicurezza dell’email. ♦ Incidenti e contromisure – firewalls, tripwire, sistemi di controllo e gestione delle intrusioni