Module 4 - Non-State Organizations

Question 1

What is scope?

Answer 1

Every nation that has government sponsored cyber warfare programs also have NSOs operating within borders.

May be hired by military or government orgs

Question 2

Types of NSOs

Answer 2

6 types:

• Individuals
• Self-identified groups of hackers
• Loose collection of individuals functioning as a group
• Corporations/businesses
• Organized crime
• Terrorists, but rarely

Question 3

Russian Hactivists

Answer 3

• Problem for Russian government
• Sought out by military and mafia
• Loosely connected to youth groups

Question 4

Chinese Hactivists

Answer 4

• Problem for Chinese government (attack targets internal to the country)
• Sought by PLA and recruited to attend universities

Question 5

Rogue State / non-state Hacktivists

Answer 5

• Cyber Criminals for own gain
• Iran and Hezbollah alliance
• Patriotic hacking when non-state actors feel imperative to act on behalf of state (Israel & Palestine conflict, India and Pakistan conflict)

Question 6

Targets and Techniques

Answer 6

3 main

• web site defacement (political message)
• DDoS through bots
• Theft (Identity, Credit Cards, Info to transfer to currency)

Question 7

Skillsets of NSOs

Answer 7

• Script kiddies
• Malware authors
• Social engineers

Question 8

Script Kiddies

Answer 8

often derogatory
Use code and tools developed by others
No particular skill in launching attacks

Question 9

Malware Authors

Answer 9

specialized skill
knowledge of OS of the target
Possibly identify zero day exploits

Question 10

Social engineers

Answer 10

gain valuable information by preying on poor OPSEC

Question 11

Corporations (as NSO)

Answer 11

• espionage to gain competetive advantage
• theft of trade secrets and research
• domestic or international

Question 12

Organized Crime (as NSO)

Answer 12

• theft of data and money
• identity theft
• advanced malware such as Zeus and SpyEye
• Botnets capable of sending large quantities of spam
• money transferred internationally
• in countries such as Russia and Ukraine, form a relation to the government and law enforcement

Question 13

Communication methods

Answer 13

IRCs with encrypted comms
hacker forums
Leetspeak and handles

Question 14

Notable NSO actors - Hammond events

Answer 14

Jeremy Hammond (aka Robin Hood), assoc with LulzSec
2006-2007
attack conservative group website

Question 15

Notable NSO actors - LulzSec events

Answer 15

2011, Jeremy Hammond
Target: Stratfor
- release list of clients 5 million emails to WikiLeaks
- Stratfor -> 1.75 million for lawsuits

2011, Raynaldo Rivera (age 20)
Target: Sony game system
Attack: SQL Injection

Question 16

Notable NSO actors - Anonymous events

Answer 16

Motivations: social issues
Target: Syrian websites - OpSyria Initiative
Comms through social networking, Pastebin, and 4chan.org

---
2011
Christopher Weatherhead
Target: PayPal
Attack: DDoS
Cost to fix: 3.5 million pounds

Target: Stratfor (intel company)
Barrett Lancaster Brown, 31
Charges: access device fraud, trafficking in stolen authentication features, identity theft related to sharing credit card info

Question 17

Notable NSO actors - CabinCr3w

Answer 17

offshoot of Anonymous
Higinio O. Ochoa III

Target: >= 4 websites of US law enforcement

• website defacement, content loaded
• 1 picture contained EXIF data (geolocation)

Question 18

Name 5 notable NSO hactivist groups:

Answer 18

LulzSec
Anonymous
CabinCr3w
Project PM (positive)
Izz ad-Din al-Qassam Cyber-Fighters

Question 19

Notable NSO actors - Project PM

Answer 19

online entity with intent to develop new ways to use the Internet for positive change to encourage others to adapt such methods.

• Operation MetalGear
• Operation Pursuant

Question 20

Operation MetalGear

Answer 20

• associated with Project PM group
• crowd-sourced investigation into intelligence contracting industry and role in development of “persona management” software
• wiki.echelon2.org

Question 21

Operation Pursuant

Answer 21

• involves encouraging individuals to form their own pursuants in order to pursue similar crowd-sourced investigations or otherwise engage in online activism of whatever sort they choose.
• check on corrupt institutions
• wiki.echelon2.org

Question 22

Notable NSO actors - Izz ad-Din al-Qassam Cyber-Fighters

Answer 22

2012
Target: US Banks
Attack: DDoS
Motive: YouTube video casting Islam in a negative light

Question 23

Catching NSOs

Answer 23

• some feel most likely to be caught
• indiv. do not have resources to hide their attacks/attribution
• Indiv, do not receive protection of respective governments
• Skill levels vary greatly from script kiddies to seasoned hackers/crackers

Question 24

Positive NSOs

Answer 24

• some NSOs serve as positive participants in cyber warfare and enable defensive measures.

(security research firms, public universities, anti-virus firms)

Question 25

Protective Roles (Rattray and Healey)

Answer 25

7 different roles:
User (mixed)
Attacker (negative)
Target (negative)
Source (negative)
Responder (positive)
Provider (positive)
Improver (positive)