Introduction to Security Threats
Our world is increasingly descending into the ancient vision of “good” versus “evil,” or at least the opposites of “ying” versus “yang.” The concentration of fresh talent in hot spots around the globe is resulting in innovative products and apps providing enhanced capabilities for an increasing number of users. From smartphones to smart cars, the “Internet of Things” is now upon us. The great companies of our times continue to experiment and introduce connective technologies that satisfy human needs and frequently create those needs. But simultaneously, the “evil” side is growing even faster in its capability, employing those very same technologies for malicious purposes.
Where technology users were previously merely annoyed by individuals and small groups who identified themselves as “hackers,” the software and techniques used for unwanted entry into systems are now readily available to groups aligned with nation-states (China and Russia being prime examples). Moreover, these widely available tools are constantly mutating into more complex versions. Programs generated for a specific strategic purpose, such as the Stuxnet worm, have been reverse engineered, and their complex code has now been altered to facilitate an attack on the control systems of any of our structural systems, including electrical power grids, water purification systems, air traffic control systems, and even our planes and cars. And this is just the beginning. A wealth of enabling tools is still to come with robotic, intelligent devices at our beck and call, while malicious agents will surely remain bent on attack, diversion, and destruction. The purpose of this book, then, is to apprise the reader of the various components that have enabled the services we use, as well as to explain how these very same tools have simultaneously been diverted for malicious purposes.
Our first example is a case study of the 2014 Anthem break-in by a Chinese hacking group in Shanghai and the step-by-step process by which the attackers gained entry, placed hidden software, downloaded information, and hid the evidence of their entry. Subsequently, we provide a discussion of the tools they employed, as well as the intent to establish a persistent presence in the systems they entered, the ability to use those sites as testbeds to determine successful variations of their software that elude detection, and the ability to reach out across “trusted connections” to the entire health-care system of the nation.
Next, we examine the components of technology that are being diverted. We start with application code and how it can best be protected with isolation approaches. We look at the general principles of a secure system and then how hackers approach such systems. We follow with an examination of the various forms of infection, including viruses, worms, bots, and Trojans. We then examine encryption, using the Rivest–Shamir–Adelman (RSA) algorithm as our working example. Internet Protocol Security (IPSec)—which is at the heart of the secure virtual private network (VPN) connectivity widely employed by American businesses—is discussed, along with the contrasting use by Chinese hackers of their own undetectable VPN, the Terracotta VPN, which makes the hackers’ activity appear to be normal traffic entering and traversing “protected” systems.
We examine web applications, complete web systems, domain name systems (DNSs), and the general structure of the public Internet. And, given that the world has rapidly migrated into a totally mobile, Steve Jobs–inspired world of instantaneous communication and download, we examine the present vulnerability of the ubiquitous “smart” devices. As the Stuxnet worm has gained such wide press, we examine the stepwise process of that particular infection and show how the electric grid system is a similarly exposed target for destruction by such a worm.
Finally, we conclude with RSA’s layout of the various forms of cyber warfare that the world is currently experiencing, many of which take advantage of the false sense of security into which many of us have lapsed.