Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

[BruCON] How to conduct a Cyber attack

Eric Adrian Filiol – How to prepare, coordinate and conduct a Cyber attack

  • What can attacker really do ?
  • Generalize the concepts of cyber attacks
  • Generalize the concept of critical infrastructure

Doctorin of Cyber attacks “Nothing is forbidden, everything is a weapon”. Taken from “Unrestricted Warfare“.

The ultimate target is the physical world. Moving from the virtual world to the physical is the final hurdle.

Obliteration of space
By moving an attack into cyberspace it’s possible to effect systems in a wide area without the issue of distance.

Obliteration of time
Quick attacks without prior warning associated with movement of physical equipment. Planning can be prepared months ahead and the correct time can be selected for the attack to begin.

Obliteration of proof
Everything can be falsified. Documents can be manipulated and forged. The concept of digital retaliation has no validity.

Anybody can be a soldier in a cyber attack. Historically individual groups have performed cyber attacks on behalf of their country.

Definition of the target must involve not only the primary objective, but also the secondary partners that supply and support the target. Attacking dependencies. By mapping these dependencies it’s possible to map out various paths of attack in order to adapt to the targets actions.

Nature of intelligence

  • Technical intelligence
  • Human (Blogs, social networks, public places, etc…)
  • Open documents (Public market offers…)
  • “Ambient” intelligence

Goal: To gain a precise view of the target and it’s possibility to react.

Technical intelligence

  • Very easy when you know where to look!
  • Used hard drives
  • Innocent looking files… (Metadata,…)

Planning phase

  • General structure of maneuvers
  • Generate the required forces
  • Coordinate the different attack bricks
  • Coordinate conventional pieces of the attack
  • Manage the unexpected, Choice of variants

Conduct phase

  • Do not improvise
  • Continue intelligence gathering
  • Prevent forensic analysis
    • Partition the attack
    • Maintain the attackers anonymity
    • Incrimination of 3rd parties ???
  • ….

The Bricks of attack demonstrated in the presentation make it easy to understand how a series of small actions can result in a big effect. As soon as the slides are available, I’d suggest taking a look. There’s a lot of information on strategy and examples here that aren’t possible to really convey here.

Advertisements

Comments are closed.

%d bloggers like this: