Preparing

for a
Cyber
Attack
Countdown to eDay!

By Kevin G.
Coleman
 Introduction

The world has awakened to a new threat.

China, Russia and North Korea's test of a
cyber weapon, Iran's cyber weapon
ambitions, the renewed defense industry’s
emphasis on the use of computers as a
weapon have all combined to accelerate the
rate of development of what I’ve called “the
most destructive weapon on the planet.” The
proliferation of cyber weapons has exploded
and estimates suggest that over 70% of
countries will have at least a basic level cyber
weapon by the end of 2008.
The China Syndrome
 A Bit of History

Back in 1998 when I was Chief Strategist of

Netscape, I became aware of an international
movement that was designed to create software
that could be used for criminal activity as well as
disrupt Internet activity. That was when I began to
research what we are now calling cyber warfare.

I testified on cyber crime, espionage and security

before a joint Congressional Caucus. At one point
in my live demo, Chris Dodd asked me, “Does our
Defense Department know about you?”
 Cyber Warfare & Cyber
Terrorism
Cyber Warfare and Terrorism is one of the
fifteen modalities of UnRestricted Warfare
(URW) also called asymmetric warfare.

– Cyber Warfare & Terrorism

• “The premeditated use of disruptive
activities, or the threat thereof, against
computers and/or networks, with the
intention to cause harm or further social,
ideological, religious, political or similar
objectives. Or to intimidate any person
in furtherance of such objectives.”
rce: U.S. Army Cyber Operations and Cyber Terrorism Handbook
 Counterfeit
Hardware

• February 2008 - U.S. Customs and Border

Protection Assistant Commissioner for the
Office of International Trade Dan Baldwin and
Director-General Robert Verrue, European
Commission Tax and Customs Directorate,
today announced the results of Operation
Infrastructure, which took place last November
and December.

• The Operation resulted in the seizure of more

than 360,000 counterfeit integrated circuits
and computer network components bearing
more than 40 different trademarks.

6
 Counterfeit
Hardware

February 2008
The Feds have confiscated more than $75
million of counterfeit Cisco networking
gear. The announcement is in a progress
report on a two-year-old investigation,
code named Operation Cisco Raider. In
most cases the fake gear was made in
China and imported into the United States
where unethical resellers passed it off as
legit.
 Impact of a Cyber
War

• Of those who do perform what we consider “daily”

activities online, more than half say they go online
every day or several times a week to perform those
activities.

• There are about 93 billion emails are sent per day

that will not go through.

• Millions of VoIP calls per day will not go through.

• Over 200 million Google searches per day will not

get done.

• A reported 33% of Internet users say they make

eCommerce transactions daily.
 Impact of a Cyber
War
• Some 88% of online user say the Internet plays a role
in their daily routines.

• Some 40% of Internet users who get the news online

say they log on daily.

• Some 25% of the online weather bugs will check

weather daily.

• Some 20% of online sports fans check sports scores

daily.
 A Recent Poll

How prepared is the U.S. for a

cyber attack?
43%

Not Prepared
Somewhat Prepa
Very Prepared

47%

10%

Source: A collaborative effort between DefenseTech.Org and the

Technolytics Institute with nearly 1,000 respondents to the poll.
Impact of a Cyber
War

INTELLIGEN
 Impact of a Cyber
War

Billion U.S. Retail eCommerce Sales

$250
That’s
$425
$200 million a
day.
$150

$100

$50

$0
2006 2007 2008 2009 2010
 Cyber Media
Warfare

One can only imagine the psychological impact on the viewers that witnessed
this prank. The TV channel CT2 said that they received frantic phone calls
from viewers who thought a nuclear war had started.
http://www.youtube.com/watch?v=MzaN2x8qXcM
 Think About This

• What if the Internet went away:

– For a day
– A week
– A month

• No eMails
• No BlackBerrys
• No eCommerce

Virtual business services of all sorts,

accounting, payroll and even sales
would come to a halt, as would many
 The worst thing to do
-
There is no doubt today that VoIP is taking
over the telecom market, and every month
increases penetration into business,
government and the consumer sectors.

– Almost two-thirds of large organizations in North

America will be using VoIP products and services
by year end.
– Small Business VoIP adoption will grow to 3 million
by 2010. Revenues are projected to reach $2
billion.
– Consumer VoIP adoption will drive wholesale VoIP
revenues to $3.8 billion by 2010.

You are putting all

your eggs in one
basket.
 Cyber Weapons
Proliferation

The cost to develop this new class of weapon is

within reach of any country, any extremist group,
any criminal organization and tens-of-millions of
individuals The raw materials needed to construct
cyber weapons are not restricted and are widely
available. We now have a weapon that can strike
at the speed of light, it can be launched from
anywhere in the world, and it can target anywhere
in the world. This briefing will provide an
understanding of the current state of cyber
weapons, current defenses and a unique look at
what the future cyber warfare scenario might
encompass.
 Your Cyber Attack IQ
Test

If I can give you three pieces of intelligence you did

not have before, would you agree this briefing
provided value?

1. What does EPFC and TEDs stand for?

2. How many of you address CBRNE in you contingency

plans?

3. Why should your organizations have supply-chain

integrated into the security program?
 Modern Weapons
Economics

What does a stealth bomber cost?

$1.5 to $2 billion

What does a stealth fighter cost?

$80 to $120 millio

$1 to $2 million
What does an cruise missile cost?

What does a cyber weapon cost?$300 to $50,000

 Find the Weapons
Facility

Nuclear Weapons Facility Cyber Weapons Facility

Where’s the Cyber Weapons Facility?

19
Cyber Weapons
Proliferation
 Cyber Arms Dealers

RBN and their support units provide scripts and

executables to make cyber weapons undetectable by
antivirus software. Every time a copy of the cyber
weapon is generated, it looks different to the anti-virus
engines and it often goes undetected. The
modularization of delivery platform and malicious
instructions is a growing design in cyber weapons. RBN’s
cyber weapons are very popular and powerful. In June
2007, one was used by a single person to attack and
compromise over 10,000 websites in a single assault.

u know RBN leases use/capacity on their 150 million node BotNe

 Cyber Weapons
Evolution

Basic Applied Early Rapid Significant Threat

High

Research Research Adopters Advancement

Advanced Weapons
Basic Weapons
Low

1994 1998 2002 2004 2008 2012 2016

22
 Interesting Quote

NATO's cyber defense chief has warned that computer-

based terrorism poses the same threat to national
security as a missile attack. He went on to say that
“Cyber war can become a very effective global problem
because it is low-risk, low-cost, highly effective and
easily globally deployable. It is almost an ideal weapon
that nobody can ignore.“

Using this as a framework, we can put into context the

evolving architecture for cyber weapons.
Cyber Weapons Design

Cyber Weapon Architecture

A missile is comprised of three basic
elements. The first is a delivery vehicle
(rocket engine), followed by a navigations
system (tells it how to get to the target)
and finally the payload (the component that
causes harm). As it turns out, the same
three elements now appear in the design of
cyber weapons.
 Cyber Weapons Design

Cyber Weapon – Delivery Vehicle

There are numerous methods of delivering cyber
weapons to their targets. Emails with malicious code
embedded or attached is one mechanism of delivery.
Another delivery vehicle is web sites that can have
malicious links and downloads. Hacking is a
manually delivery vehicle that allows a cyber soldier
to place the malicious payload on a target computer,
system or network. Counterfeit hardware, software
and electronic components can also be used as
delivery vehicles for cyber weapons.
 Cyber Weapons Design

Cyber Weapon – Delivery Vehicle

Just as a navigation system guides a missile, it
allows the malicious payload to reach a specific
point inside a computer, system or network. System
vulnerabilities are the primary navigation systems
used in cyber weapons. Vulnerabilities in software
and computer system configurations provide entry
points for the payload of a cyber weapon. These
security exposures in operating systems or other
software or applications allow for exploitation and
compromise. Exploitation of these vulnerabilities
may allow unauthorized remote access and control
over the system.
 Cyber Weapons Design

Cyber Weapon – Delivery Vehicle

The payload of a missile is sometimes called a
warhead and is packed with some type of
explosive. In a cyber weapon the payload could
be a program that copies information off of the
computer and sends it to an external source. It
can also be a program that begins to ease or alter
information stored on the system. Finally, it can
allow remote access so that the computer can be
controlled or directed over the internet. A “bot” (a
component of a botnet) is a great example of a
payload that allows remote use of the computer
by an unauthorized individual or organization.
 Cyber Weapons Design

Cyber Weapon – Architecture

This three element architecture demonstrates how
advanced and sophisticated cyber weapons are
becoming. The architecture creates reusability and
reconfiguration of all three components. As one
software or system vulnerability is discovered,
reported and patched, that component can be
removed and replaced while the other two
components are still viable. This not only creates
flexibility but also significantly increase the
productivity of the cyber weapons developers.
 Conclusion

Our nation is increasingly vulnerable to

cyber attacks that could have catastrophic
effects on critical infrastructure as well as
severely damage the country’s economy.
Whether the attack is focused on stealing
our business and technology secrets,
disrupting our financial systems or worse,
the threat is real. Countries, terrorists and
extremists around the world are
developing and implementing cyber
warfare doctrine, strategies and weapons.
 Conclusion

The Cold War may be over, but the cyber

arms race has just begun. The threat is
eminent. We must rapidly develop
offensive and defensive cyber weapons
capabilities as well as the military doctrine
and regeulations necessary to govern their
use. In the cyber arms race we cannot
finish anyplace but first.
 QUESTIONS

?
?

? ?
?
? ? ?
? ? ? ? ?

? ?

?
?
? ?
?
? ?
?

?
? ?
? ?
?
?

? ?
?

?
? ? ?
? ?
?
31
 Biography

Kevin G. Coleman is a Senior Fellow and The Technolytics Institute

Strategic Management Consultant with 4017 Washington Road
the Technolytics Institute. He is the Mail Stop #348
former Chief Strategist of Netscape and McMurray, PA 15317
was a member for the Science and
P 412-818-7656
Technology Advisory Panel at the Johns
F 412-291-1193
Hopkins University Applied Physics Lab.
I www.technolytics.com
He has briefed defense contractors and
other organization on cyber warfare and E
kgcolman@technolytics
is a highly published professional covering
.com
cyber security and writes regularly for Eye
Spy Magazine and authors the Cyber
Warfare Blog for DefenTech.org.