Não é preciso ter olhos abertos para ver o sol,
nem é preciso ter ouvidos afiados para ouvir o
trovão
ATENÇÃO
As informações e idéias contidas na
apresentação são pessoais e podem não
refletir a opinião de instituições,
empresas ou grupos que o autor
participa ou pertence.
Os textos em língua inglesa são cópias
de documentos ou sites estrangeiros,
para não modificar o sentido foram
mantidos em sua língua original
Porque a NSA faz espionagem
cibernética?
• Porque ela foi criada para fazer
• Coleta de Informaçoes de Inteligência
–
–
–
HUMINT – Fontes humanas
IMINT – Imagens
SIGINT – Comunicações , radar, telemetria, redes de
computadores
– MASINT – tudo o que não for imagem ou dados e for
derivado da eletrônica – assinaturas de radar...
Definição
• Espionagem cibernética - é uma operação ofensiva
cibernética :
–
–
–
–
–
•
Tempo
Utilizada para obter informações residentes ou em trânsito
De adversários ou parceiros
Sobre sistemas ou redes
Que não deve ser percebida
Cyberexploitation refers to the use of cyber offensive actions—perhaps over an extended period of
time—to support the goals and missions of the party conducting the exploitation, usually for the
purpose of obtaining information resident on or transiting through an adversary’s or partners
computer systems or networks. Cyberexploitations do not seek to disturb the normal functioning of a
computer system or network from the user’s point of view—indeed, the best cyberexploitation is one
that such a user never notices
Objetivos da Espionagem Cibernética
• Obter informações disponíveis nas redes
• Ser um observador passivo das
topologias das redes e do tráfego
• Obter informações técnicas da rede de
uma empresa ou de uma nação para
obter vantagem.
Você acha que uma ação de
espionagem cibernética vai
ser dirigida para sua empresa
ou governo?
Na sua casa – At home
• A hypothetical example of cyberexploitation based on remote
access might involve “pharming” against an unprotected DNS
server, such as the one resident in wireless routers. Because
wireless routers at home tend to be less well protected than
institutional routers, they are easier to compromise. Successful
pharming would mean that web traffic originating at the home of
the targeted individual (who might be a senior official in an
adversary’s political leadership) could be redirected to websites
controlled by the exploiter. With access to the target’s home
computer thus provided, vulnerabilities in that computer could be
used to insert a payload that would exfiltrate the contents of the
individual’s hard disk, possibly providing the exploiter with
information useful for blackmailing the target.
No seu parceiro de logística
• A hypothetical example of cyberexploitation
based on close access might involve
intercepting desktop computers in their original
shipping cartons while they are awaiting
delivery to the victim, and substituting for the
original video card a modified one that
performs all of the original functions and also
monitors the data being displayed for
subsequent transmission to the exploiter
ATENÇÃO
“Os cenários a seguir são uma obra
de ficção, qualquer semelhança
com nomes, pessoas, fatos,
situações ou nações terá sido mera
coincidência”
Zendia e Ruritania não existem
Fonte - E-book Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use
of Cyberattack Capabilities
http://www.nap.edu/catalog/12651.html
E se?
• The director of the Zendian intelligence service is known to be a strong
supporter of the Zendian national soccer team. The soccer team maintains a
website on which it provides team statistics, video highlights from recent
games, and other content of interest to fans. An intelligence collection
operation is launched to exploit a flaw in the operating system of the server
that handles the soccer team’s website, and installs a Trojan horse program
as a modification of an existing videoclip. When the director views the clip,
the clip is downloaded to his hard drive, and when his desktop search
program indexes the file, the Trojan horse is launched. The collection
payload then searches the local hard drive for evidence suggesting that the
user is in fact the director. If none is found, the program erases itself. If the
program finds evidence that the user is the director of intelligence (or
perhaps the minister of defense, also known to be a soccer fan), it retrieves
all plaintext files within reach and e-mails encrypted compressed versions of
them to an e-mail address set up specifically as a “dead-drop” location.
O meu sistema não esta na Internet
• The Zendian Secret Internet Protocol Router Network (Z-SIPRNet) carries
classified information and messages for the Zendian ministry of defense, and
supports the Zendian command and control system for managing troop
deployments, the Zendian defense message system, and many other classified
warfighting and planning applications. Although no connections between ZSIPRNet and the public Internet are allowed, it is known that Gorga, a system
administrator, has connected his computer at work to a password-protected
mobile modem. Through a manipulation of the telephone switching center, phone
calls from Gorga’s phone number to the modem are secretly redirected to a login
simulator that captures his login name and password. Using Gorga’s administrator
privileges, the intelligence collection operation installs a “sniffer” on the network
that examines all passing traffic, and forwards interesting communications to a
file that is saved in a temporary work area on Gorga’s computer. At night, while
Gorga is sleep, notebook go on, connect Internet and and send the collection
operation.
No USB que eu ganhei no evento
• An intelligence collection operation scatters inexpensive universal serial
bus (USB) flash drives in parking lots, smoking areas, and other areas of
high traffic near a building associated with the ZendianMinistry of
Defense. In addition to some innocuous images, each drive has alreadyloaded software that collects passwords, login names, and machinespecific information from the user’s computer, and then e-mails the
findings to the intelligence collectors. Because many systems support an
“auto-run” feature for insertable media (i.e., when the medium is
inserted, the system automatically runs a program named “autorun.exe”
on the medium) and the feature is often turned on, the intelligence
collectors can receive their findings as notified as soon as the drive is
inserted. The program also deletes itself and any trace of the e-mail after
sending. The login information can then be used to compromise the
security of existing accounts.
Na licitação internacional
• A Zendian firm and a Ruritanian firm are competitors for a multibillion-
dollar contract in a third country. Working closely with the Zendian firm to
understand what it would need to know to compete more effectively, the
Zendian intelligence service conducts against the Ruritanian firm a series
of cyber offensive actions that install dual-purpose and well-hidden Trojan
horses on the firm’s network. At first, these Trojan horses are
programmed to send back to Zendian intelligence confidential business
information about the Ruritanian bid; this information is subsequently
shared with the Zendian negotiating team. Later, as the deadline for each
side’s best and final bid approaches, the second function of the Trojan
horses is activated, and they proceed to subtly alter key data files
associated with the Ruritanian proposal that will disadvantage the firm
when the proposals are compared side by side.
Covert Action - Inclui
• Influencing an election;
• Disseminating propaganda;
• Providing financial support to opposition
civil society groups and helping them set
up international networks;
ATENÇÃO
“Os cenários a seguir são uma obra
de ficção, qualquer semelhança
com nomes, pessoas, fatos,
situações ou nações terá sido mera
coincidência”
Zendia e Ruritania não existem
Fonte - E-book Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use
of Cyberattack Capabilities
http://www.nap.edu/catalog/12651.html
Voto eletrônico
• An election is to be held in Zendia, and the predicted margin
of victory between the favored and disfavored parties is
relatively small. This election will be the first Zendian
election to use electronic voting , and the Zendian election
authorities have obtained electronic voting machines to
administer this election from Ruritania . U.S. intelligence
operatives intercept the CD-ROM containing a software
update from the Ruritanian vendor en route to Zendia , and
substitute a new CD-ROM in the package containing the
original update plus additional functionality that will tilt the
election toward the favored party.
Erros no sistema de pagamento
• A disfavored party is in power in Zendia, and the U.S.
government wishes to weaken it. U.S intelligence
operatives conduct a cyberattack against the Zendian
Social Services Agency by compromising employees of
the agency, using the USB flash drive technique
described above. Obtaining access to the Social
Services Agency databases, the United States corrupts
the pension records of many millions of people in the
country. In the next election, the disfavored ruling
party is voted out of office because of the scandal that
resulted.
Acalmando inimigos
• Two traditionally adversarial nations are armed with nuclear
weapons, and the United States has been conducting intelligence
collection operations against these nations for many years.
Through a mix of human and technical means, it has been
successful in learning about cyber vulnerabilities in the nuclear
command and control networks of each nation. During a crisis
between the two nations in which both sides have launched
conventional kinetic attacks against the other side’s territory and
armed forces, nuclear confrontation between them is
imminent.The U.S. government makes a decision to corrupt the
transmission of any nuclear launch orders transmitted through
those networks in order to prevent their use.
Ajudando o acesso
• Zendia is an authoritarian nation that recognizes the value of the
Internet to its economy, but as an instrument of political control, it
actively censors certain kinds of Internet content (e.g., negative
stories about the Zendian government in the foreign press) for its
population. Its censor-ship mechanisms are largely automated and
operate at one of a few Internet gateways to the country. During a
time of tension with Zendia, the United States launches a
cyberattack against the automated Zendian censors so that the
population can obtain, at least temporarily, a broader range of
information than it would otherwise be able to access.
Com o dinheiro alheio...
• A party favored by the United States is
conducting an armed rebellion against the
Zendian government. No funds are currently
available to help the favored party. However,
the U.S. President wishes to find a way to
help the rebels, and authorizes a cyberattack
that diverts money from the Zendian national
treasury to the rebels.
Sua saúde é importante
• A Zendian cyberattack is launched against the military medical services
of Ruritania to obtain the medical records of all active personnel . In the
days before a planned armed attack by Zendia, postings and mailings
from anonymous sources appear pointing out that Ruritanian Colonel X is
being treated for bipolar disorder, that Captain Y was treated three times
for a sexually transmitted disease in the last 2 years, and that Admiral Z
is on tranquilizers. Copies of the medical records—sometimes secretly
and undetectably altered—were released to back up the stories. The
results led to some family problems for Captain Y, Admiral Z was relieved
of field command, and Colonel X resigned his commission . Others were
simply discomfited. The result was a drop in readiness by the command
structure when Zendia struck, giving Zendia some advantage. Note that
this particular covert action has an element of intelligence collection.
Destruindo reputação
• The Zendian nuclear weapons program relies on a social network
of scientists and engineers. The United States launches
cyberattacks against a dozen key scientific leaders in this network
to harass and discredit them. These cyberattacks plant false
adverse information into their security dossiers, insert drivingunder-the-influence-of-drugs/alcohol incidents into their driving
records, alter their credit records to show questionable financial
statuses, change records of bill payments to show accounts in
arrears, and falsify telephone records to show patterns of contact
with known Zendian criminals and subversives. Discrediting these
individuals throws the program into chaos.
Causando falhas
• Scientists working on the Zendian biological weapons program use
an in-house network to communicate with each other and manage
their research and development program. U.S. intelligence
agencies penetrate the network to install dual-purpose software
agents to exfiltrate the traffic on the network to intelligence
analysts. When analysis of the traffic indicates that the Zendian
research efforts are reaching a critical stage, the software agents
begin to alter key data clandestinely so that critical experiments
fail. Further, these software agents are so well hidden that they
can maintain their presence over a period of years so that
subsequent experiments fail at critical times as well.
Ajudando as empresas
• The Zendian airplane industry and a major U.S.
defense contractor are engaged in a competition
to win a lucrative contract from Ruritania for
producing fighter aircraft. In order to support a key
company in the U.S. defense industrial base, the
U.S. government conducts a cyberattack to disrupt
and delay the production of the Zendian fighter
plane and thereby provides an additional incentive
for Ruritania to select the U.S.-produced plane.
Pegadas
• Testimony of Director of National Intelligence J.
Michael McConnell to the Senate Select
Committee ON Intelligence in February 2008.
• McConnell noted a need for the United
States“to take proactive measures to detect
and prevent intrusions from whatever source,
as they happen, and before they can do
significant damage.”
Fonte
The US surveillance
programmes and their
impact on EU citizens'
fundamental rights
DIRECTORATE GENERAL FOR INTERNAL POLICIES
POLICY DEPARTMENT C: CITIZENS' RIGHTS AND
CONSTITUTIONAL AFFAIRS
CIVIL LIBERTIES, JUSTICE AND HOME AFFAIRS
http://www.europarl.europa.eu/studies
É tudo verdade...
• After the first revelations about the PRISM
programme, Gen. Alexander (Director of the
NSA) confirmed over two public hearings of
Congressional intelligence review committees
that the NSA collects (both domestic and
international) telephone call metadata from all
major carriers and maintains a database of all
such calls for five years
‘Direct Access’ to data-centres granted for
surveillance purposes?
• Microsoft asserted that they only responded to
requests referencing specific account identifiers, and
Google and Facebook denied they had “black boxes”
stationed in their networks giving “direct access”. The
companies are constrained by the secrecy provisions of
s.702, on pain of contempt or even espionage charges.
Um problema legal
• 1976- 1979 – dados que são necessários
para uso ou confiados a terceiros não
tem expectativa de privacidade – não é
necessário ordem judicial...
• - transações de cartão de credito ,
billing ,dados de celular, logs de serviços
de internet, redes sociais...
Como proteger?
• NSA - $10Bi por ano
• CIA - $15Bi por ano
• Balck Budget – $50bi por ano
Como proteger
• Mais atenção na informação
• Escolher o canal adequado
• Saber que tudo pode ser interceptado
• O local aonde a informação esta armazenada pode ser
o problema
• Problemas legais podem requerer localização (não
resolve segurança)
• O problema não é cofre para informação
Não se engane
• Criptografia – dados não podem ser
processados criptografados
• A NSA tem condições ,recursos
financeiros e pessoas para invadir
qualquer sistema em qualquer lugar do
mundo
• Seus dados não estão seguros
Maior ensinamento
As pessoas são o elo mais fraco
da corrente.
Treinamento, maturidade,
observação continua
Se tiver que optar
invista nas pessoas
AS PESSOAS EM PRIMEIRO
LUGAR
Raimundo Colombo
Governador do Estado de Santa
Catarina
Conclusão
• “Não é preciso ter olhos abertos para ver o sol,
nem é preciso ter ouvidos afiados para ouvir o
trovão.
Para ser vitorioso você precisa ver
o que não está visível.” Sun Tzu
Obrigado pela sua atenção
• João Rufino de Sales
• Presidente do CIASC
• www.ciasc.sc.gov.br
• [email protected]
• www.facebook.com/jrufinos
• jrsseg.blogspot.com
• 55-48-36641166