Não é preciso ter olhos abertos para ver o sol, nem é preciso ter ouvidos afiados para ouvir o trovão ATENÇÃO As informações e idéias contidas na apresentação são pessoais e podem não refletir a opinião de instituições, empresas ou grupos que o autor participa ou pertence. Os textos em língua inglesa são cópias de documentos ou sites estrangeiros, para não modificar o sentido foram mantidos em sua língua original Porque a NSA faz espionagem cibernética? • Porque ela foi criada para fazer • Coleta de Informaçoes de Inteligência – – – HUMINT – Fontes humanas IMINT – Imagens SIGINT – Comunicações , radar, telemetria, redes de computadores – MASINT – tudo o que não for imagem ou dados e for derivado da eletrônica – assinaturas de radar... Definição • Espionagem cibernética - é uma operação ofensiva cibernética : – – – – – • Tempo Utilizada para obter informações residentes ou em trânsito De adversários ou parceiros Sobre sistemas ou redes Que não deve ser percebida Cyberexploitation refers to the use of cyber offensive actions—perhaps over an extended period of time—to support the goals and missions of the party conducting the exploitation, usually for the purpose of obtaining information resident on or transiting through an adversary’s or partners computer systems or networks. Cyberexploitations do not seek to disturb the normal functioning of a computer system or network from the user’s point of view—indeed, the best cyberexploitation is one that such a user never notices Objetivos da Espionagem Cibernética • Obter informações disponíveis nas redes • Ser um observador passivo das topologias das redes e do tráfego • Obter informações técnicas da rede de uma empresa ou de uma nação para obter vantagem. Você acha que uma ação de espionagem cibernética vai ser dirigida para sua empresa ou governo? Na sua casa – At home • A hypothetical example of cyberexploitation based on remote access might involve “pharming” against an unprotected DNS server, such as the one resident in wireless routers. Because wireless routers at home tend to be less well protected than institutional routers, they are easier to compromise. Successful pharming would mean that web traffic originating at the home of the targeted individual (who might be a senior official in an adversary’s political leadership) could be redirected to websites controlled by the exploiter. With access to the target’s home computer thus provided, vulnerabilities in that computer could be used to insert a payload that would exfiltrate the contents of the individual’s hard disk, possibly providing the exploiter with information useful for blackmailing the target. No seu parceiro de logística • A hypothetical example of cyberexploitation based on close access might involve intercepting desktop computers in their original shipping cartons while they are awaiting delivery to the victim, and substituting for the original video card a modified one that performs all of the original functions and also monitors the data being displayed for subsequent transmission to the exploiter ATENÇÃO “Os cenários a seguir são uma obra de ficção, qualquer semelhança com nomes, pessoas, fatos, situações ou nações terá sido mera coincidência” Zendia e Ruritania não existem Fonte - E-book Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities http://www.nap.edu/catalog/12651.html E se? • The director of the Zendian intelligence service is known to be a strong supporter of the Zendian national soccer team. The soccer team maintains a website on which it provides team statistics, video highlights from recent games, and other content of interest to fans. An intelligence collection operation is launched to exploit a flaw in the operating system of the server that handles the soccer team’s website, and installs a Trojan horse program as a modification of an existing videoclip. When the director views the clip, the clip is downloaded to his hard drive, and when his desktop search program indexes the file, the Trojan horse is launched. The collection payload then searches the local hard drive for evidence suggesting that the user is in fact the director. If none is found, the program erases itself. If the program finds evidence that the user is the director of intelligence (or perhaps the minister of defense, also known to be a soccer fan), it retrieves all plaintext files within reach and e-mails encrypted compressed versions of them to an e-mail address set up specifically as a “dead-drop” location. O meu sistema não esta na Internet • The Zendian Secret Internet Protocol Router Network (Z-SIPRNet) carries classified information and messages for the Zendian ministry of defense, and supports the Zendian command and control system for managing troop deployments, the Zendian defense message system, and many other classified warfighting and planning applications. Although no connections between ZSIPRNet and the public Internet are allowed, it is known that Gorga, a system administrator, has connected his computer at work to a password-protected mobile modem. Through a manipulation of the telephone switching center, phone calls from Gorga’s phone number to the modem are secretly redirected to a login simulator that captures his login name and password. Using Gorga’s administrator privileges, the intelligence collection operation installs a “sniffer” on the network that examines all passing traffic, and forwards interesting communications to a file that is saved in a temporary work area on Gorga’s computer. At night, while Gorga is sleep, notebook go on, connect Internet and and send the collection operation. No USB que eu ganhei no evento • An intelligence collection operation scatters inexpensive universal serial bus (USB) flash drives in parking lots, smoking areas, and other areas of high traffic near a building associated with the ZendianMinistry of Defense. In addition to some innocuous images, each drive has alreadyloaded software that collects passwords, login names, and machinespecific information from the user’s computer, and then e-mails the findings to the intelligence collectors. Because many systems support an “auto-run” feature for insertable media (i.e., when the medium is inserted, the system automatically runs a program named “autorun.exe” on the medium) and the feature is often turned on, the intelligence collectors can receive their findings as notified as soon as the drive is inserted. The program also deletes itself and any trace of the e-mail after sending. The login information can then be used to compromise the security of existing accounts. Na licitação internacional • A Zendian firm and a Ruritanian firm are competitors for a multibillion- dollar contract in a third country. Working closely with the Zendian firm to understand what it would need to know to compete more effectively, the Zendian intelligence service conducts against the Ruritanian firm a series of cyber offensive actions that install dual-purpose and well-hidden Trojan horses on the firm’s network. At first, these Trojan horses are programmed to send back to Zendian intelligence confidential business information about the Ruritanian bid; this information is subsequently shared with the Zendian negotiating team. Later, as the deadline for each side’s best and final bid approaches, the second function of the Trojan horses is activated, and they proceed to subtly alter key data files associated with the Ruritanian proposal that will disadvantage the firm when the proposals are compared side by side. Covert Action - Inclui • Influencing an election; • Disseminating propaganda; • Providing financial support to opposition civil society groups and helping them set up international networks; ATENÇÃO “Os cenários a seguir são uma obra de ficção, qualquer semelhança com nomes, pessoas, fatos, situações ou nações terá sido mera coincidência” Zendia e Ruritania não existem Fonte - E-book Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities http://www.nap.edu/catalog/12651.html Voto eletrônico • An election is to be held in Zendia, and the predicted margin of victory between the favored and disfavored parties is relatively small. This election will be the first Zendian election to use electronic voting , and the Zendian election authorities have obtained electronic voting machines to administer this election from Ruritania . U.S. intelligence operatives intercept the CD-ROM containing a software update from the Ruritanian vendor en route to Zendia , and substitute a new CD-ROM in the package containing the original update plus additional functionality that will tilt the election toward the favored party. Erros no sistema de pagamento • A disfavored party is in power in Zendia, and the U.S. government wishes to weaken it. U.S intelligence operatives conduct a cyberattack against the Zendian Social Services Agency by compromising employees of the agency, using the USB flash drive technique described above. Obtaining access to the Social Services Agency databases, the United States corrupts the pension records of many millions of people in the country. In the next election, the disfavored ruling party is voted out of office because of the scandal that resulted. Acalmando inimigos • Two traditionally adversarial nations are armed with nuclear weapons, and the United States has been conducting intelligence collection operations against these nations for many years. Through a mix of human and technical means, it has been successful in learning about cyber vulnerabilities in the nuclear command and control networks of each nation. During a crisis between the two nations in which both sides have launched conventional kinetic attacks against the other side’s territory and armed forces, nuclear confrontation between them is imminent.The U.S. government makes a decision to corrupt the transmission of any nuclear launch orders transmitted through those networks in order to prevent their use. Ajudando o acesso • Zendia is an authoritarian nation that recognizes the value of the Internet to its economy, but as an instrument of political control, it actively censors certain kinds of Internet content (e.g., negative stories about the Zendian government in the foreign press) for its population. Its censor-ship mechanisms are largely automated and operate at one of a few Internet gateways to the country. During a time of tension with Zendia, the United States launches a cyberattack against the automated Zendian censors so that the population can obtain, at least temporarily, a broader range of information than it would otherwise be able to access. Com o dinheiro alheio... • A party favored by the United States is conducting an armed rebellion against the Zendian government. No funds are currently available to help the favored party. However, the U.S. President wishes to find a way to help the rebels, and authorizes a cyberattack that diverts money from the Zendian national treasury to the rebels. Sua saúde é importante • A Zendian cyberattack is launched against the military medical services of Ruritania to obtain the medical records of all active personnel . In the days before a planned armed attack by Zendia, postings and mailings from anonymous sources appear pointing out that Ruritanian Colonel X is being treated for bipolar disorder, that Captain Y was treated three times for a sexually transmitted disease in the last 2 years, and that Admiral Z is on tranquilizers. Copies of the medical records—sometimes secretly and undetectably altered—were released to back up the stories. The results led to some family problems for Captain Y, Admiral Z was relieved of field command, and Colonel X resigned his commission . Others were simply discomfited. The result was a drop in readiness by the command structure when Zendia struck, giving Zendia some advantage. Note that this particular covert action has an element of intelligence collection. Destruindo reputação • The Zendian nuclear weapons program relies on a social network of scientists and engineers. The United States launches cyberattacks against a dozen key scientific leaders in this network to harass and discredit them. These cyberattacks plant false adverse information into their security dossiers, insert drivingunder-the-influence-of-drugs/alcohol incidents into their driving records, alter their credit records to show questionable financial statuses, change records of bill payments to show accounts in arrears, and falsify telephone records to show patterns of contact with known Zendian criminals and subversives. Discrediting these individuals throws the program into chaos. Causando falhas • Scientists working on the Zendian biological weapons program use an in-house network to communicate with each other and manage their research and development program. U.S. intelligence agencies penetrate the network to install dual-purpose software agents to exfiltrate the traffic on the network to intelligence analysts. When analysis of the traffic indicates that the Zendian research efforts are reaching a critical stage, the software agents begin to alter key data clandestinely so that critical experiments fail. Further, these software agents are so well hidden that they can maintain their presence over a period of years so that subsequent experiments fail at critical times as well. Ajudando as empresas • The Zendian airplane industry and a major U.S. defense contractor are engaged in a competition to win a lucrative contract from Ruritania for producing fighter aircraft. In order to support a key company in the U.S. defense industrial base, the U.S. government conducts a cyberattack to disrupt and delay the production of the Zendian fighter plane and thereby provides an additional incentive for Ruritania to select the U.S.-produced plane. Pegadas • Testimony of Director of National Intelligence J. Michael McConnell to the Senate Select Committee ON Intelligence in February 2008. • McConnell noted a need for the United States“to take proactive measures to detect and prevent intrusions from whatever source, as they happen, and before they can do significant damage.” Fonte The US surveillance programmes and their impact on EU citizens' fundamental rights DIRECTORATE GENERAL FOR INTERNAL POLICIES POLICY DEPARTMENT C: CITIZENS' RIGHTS AND CONSTITUTIONAL AFFAIRS CIVIL LIBERTIES, JUSTICE AND HOME AFFAIRS http://www.europarl.europa.eu/studies É tudo verdade... • After the first revelations about the PRISM programme, Gen. Alexander (Director of the NSA) confirmed over two public hearings of Congressional intelligence review committees that the NSA collects (both domestic and international) telephone call metadata from all major carriers and maintains a database of all such calls for five years ‘Direct Access’ to data-centres granted for surveillance purposes? • Microsoft asserted that they only responded to requests referencing specific account identifiers, and Google and Facebook denied they had “black boxes” stationed in their networks giving “direct access”. The companies are constrained by the secrecy provisions of s.702, on pain of contempt or even espionage charges. Um problema legal • 1976- 1979 – dados que são necessários para uso ou confiados a terceiros não tem expectativa de privacidade – não é necessário ordem judicial... • - transações de cartão de credito , billing ,dados de celular, logs de serviços de internet, redes sociais... Como proteger? • NSA - $10Bi por ano • CIA - $15Bi por ano • Balck Budget – $50bi por ano Como proteger • Mais atenção na informação • Escolher o canal adequado • Saber que tudo pode ser interceptado • O local aonde a informação esta armazenada pode ser o problema • Problemas legais podem requerer localização (não resolve segurança) • O problema não é cofre para informação Não se engane • Criptografia – dados não podem ser processados criptografados • A NSA tem condições ,recursos financeiros e pessoas para invadir qualquer sistema em qualquer lugar do mundo • Seus dados não estão seguros Maior ensinamento As pessoas são o elo mais fraco da corrente. Treinamento, maturidade, observação continua Se tiver que optar invista nas pessoas AS PESSOAS EM PRIMEIRO LUGAR Raimundo Colombo Governador do Estado de Santa Catarina Conclusão • “Não é preciso ter olhos abertos para ver o sol, nem é preciso ter ouvidos afiados para ouvir o trovão. Para ser vitorioso você precisa ver o que não está visível.” Sun Tzu Obrigado pela sua atenção • João Rufino de Sales • Presidente do CIASC • www.ciasc.sc.gov.br • [email protected] • www.facebook.com/jrufinos • jrsseg.blogspot.com • 55-48-36641166