The global reliance on computers, networks and systems continues to grow. As our dependency grows so do the threats that target our military s Command, Control, Communications, Computers, Intelligence, Surveillance, Reconnaissance (C4ISR) systems as well as the operational components and electronic controls for our critical infrastructure. Over the past decade we have experienced a substantial rise in the complexity and sophistication of cyber attacks as well as a frightening increase in the impact of some of the attacks. Every computer is a potential cyber weapon waiting to be loaded and used by extremists, criminals, terrorists and rogue nation states. As the world becomes more and more dependent on computers and information technology, the greater the risk of cyber attacks. Government and military leaders now face this fact and our critical systems and infrastructure remain at great risk! This risk has made the ability to defend these critical systems and direct cyber attacks core capabilities required for the modern military. In the age of cyber conflict, leaders need to understand the weapons and strategies used to wage this rapidly evolving type of warfare. This handbook will provide the background needed to understand the new world of cyber warfare, define the tools and techniques for offensive and defensive action, and provide insight into the strategies behind building a dynamic and relevant cyber warfare capability.
The Internet, as well as other telecommunication networks and information systems, have become an integrated part of our daily lives, and our dependency upon their underlying infrastructure is ever-increasing. Unfortunately, as our dependency has grown, so have hostile attacks on the cyber infrastructure by network predators. The lack of security as a core element in the initial design of these information systems has made common desktop software, infrastructure services, and information networks increasingly vulnerable to continuous and innovative breakers of security. Worms, viruses, and spam are examples of attacks that cost the global economy billions of dollars in lost productivity. Sophisticated distributed denial of service (DDoS) attacks that use thousands of web robots (bots) on the Internet and telecommunications networks are on the rise. The ramifications of these attacks are clear: the potential for a devastating largescale network failure, service interruption, or the total unavailability of service. Yet many security programs are based solely on reactive measures, such as the patching of software or the detection of attacks that have already occurred, instead of proactive measures that prevent attacks in the first place. Most of the network security configurations are performed manually and require experts to monitor, tune security devices, and recover from attacks. On the other hand, attacks are getting more sophisticated and highly automated, which gives the attackers an advantage in this technology race. A key contribution of this book is that it provides an integrated view and a comprehensive framework of the various issues relating to cyber infrastructure protection. It covers not only strategy and policy issues, but it also covers social, legal, and technical aspects of cyber security as well. We strongly recommend this book for policymakers and researchers so that they may stay abreast of the latest research and develop a greater understanding of cyber security issues.
“It is late fall 2025; Al Qaeda sleeper cells target the disruption of airline traffic into multiple East coast airports during the busy travel season from Thanksgiving through Christmas. ADS-B IN/OUT has been fully implemented by the FAA; all commercial airlines have invested heavily to comply with the mandate. Oil prices are at an all time high and flights are carrying minimal fuel loads to save money and offset the cost of avionics.
The goal: force multiple airplanes to divert; pilots, FAA controllers and passengers to lose faith in the system; and possibly cause enough chaos to the NAS system that a few lives are lost.
The plan: exploit the U.S. dependency on ADS-B IN/OUT and GPS for arrivals into busy airports, especially during low visibility conditions.
The teams: five two man teams have been put into play for the mission. They are provided with all the commercially available technology they will need, along with a few modified laptop computers, antennas and transmitters.
The targets: Regan National, Dulles, La Guardia, JFK and Philadelphia International airports. The terrorists have been tasked to park minivans with computers containing modified software that are coupled to ADS-B OUT transmitters. The software is designed to be remotely activated and controlled over an Internet connection. Each computer is programmed specifically for the targeted airport, and transmits 978MHz and 1090MHz signals out a boosted transmitter.
As a result, airlines on final approach will receive false targets on their displays. The terrorists ghost target injects also propagate to the FAA controller’s screens. The terrorists intended these spoofed targets, programmed at conflicting arrival and departure corridors as well as in runway incursion situations, to cause multiple airports to become temporarily unusable. The resulting domino effect causes aircraft diversions and delays that will lead to chaos.”
The Weaponry and Strategies of Digital Conflict and Cyber War, Version 3, covering Cyber Warfare, Cyber Terrorism, Cyber Tradecraft, Cyber Activism and offensive, defensive actions and intelligence collection.
Cyber warfare, cyber terrorism, cyber espionage and cyber crime are all growing threats. The 2012 Version 3 of the Cyber Commander’s eHandbook provides the insight needed to understand the new world of cyber warfare, as well as defines the tools and techniques for offensive and defensive cyber action, and provide cyber intelligence needed to understand the strategies behind building a dynamic and relevant cyber warfare capability.
As the cliché reminds us, information is power. In this age of computer systems and technology, an increasing majority of the world’s information is stored electronically. It makes sense then that as an industry we rely on high-tech electronic protection systems to guard that information. As a professional hacker, I get paid to uncover weaknesses in those systems and exploit them. Whether breaking into buildings or slipping past industrial-grade firewalls, my goal has always been the same: extract the informational secrets using any means necessary. After hundreds of jobs, I discovered the secret to bypassing every conceivable high-tech security system. This book reveals those secrets, and as the title suggests, it has nothing to do with high technology. As it turns out, the secret isn’t much of a secret at all. Hackers have known about these techniques for years. Presented in a light, accessible style, you’ll get to ride shotgun with the authors on successful real-world break-ins as they share photos, videos and stories that prove how vulnerable the high-tech world is to no-tech attacks.
As you browse this book, you’ll hear old familiar terms like “dumpster diving”, “social engineering”, and “shoulder surfing”. Some of these terms have drifted into obscurity to the point of becoming industry folklore; the tactics of the pre-dawn information age. But make no mistake; these and other old-school tactics work with amazing effectiveness today. In fact, there’s a very good chance that someone in your organization will fall victim to one or more of these attacks this year. Will they be ready?
. Dumpster Diving
Be a good sport and don’t read the two “D” words written in big bold letters above, and act surprised when I tell you hackers can accomplish this without relying on a single bit of technology (punny).
Hackers and ninja both like wearing black, and they do share the ability to slip inside a building and blend with the shadows.
. Shoulder Surfing
If you like having a screen on your laptop so you can see what you’re working on, don’t read this chapter.
. Physical Security
Locks are serious business and lock technicians are true engineers, most backed with years of hands-on experience. But what happens when you take the age-old respected profession of the locksmith and sprinkle it with hacker ingenuity?
. Social Engineering with Jack Wiles
Jack has trained hundreds of federal agents, corporate attorneys, CEOs and internal auditors on computer crime and security-related topics. His unforgettable presentations are filled with three decades of personal “war stories” from the trenches of Information Security and Physical Security.
. Google Hacking
A hacker doesn’t even need his own computer to do the necessary research. If he can make it to a public library, Kinko’s or Internet cafe, he can use Google to process all that data into something useful.
. P2P Hacking
Let’s assume a guy has no budget, no commercial hacking software, no support from organized crime and no fancy gear. With all those restrictions, is this guy still a threat to you? Have a look at this chapter and judge for yourself.
. People Watching
Skilled people watchers can learn a whole lot in just a few quick glances. In this chapter we’ll take a look at a few examples of the types of things that draws a no-tech hacker’s eye.
What happens when a kiosk is more than a kiosk? What happens when the kiosk holds airline passenger information? What if the kiosk holds confidential patient information? What if the kiosk holds cash?
. Vehicle Surveillance
Most people don’t realize that some of the most thrilling vehicular espionage happens when the cars aren’t moving at all!