Download - Chiesa_ Isecom
![Page 1: Chiesa_ Isecom](https://reader035.vdocuments.pub/reader035/viewer/2022070322/559068c11a28ab5f2c8b459b/html5/thumbnails/1.jpg)
1
ITN 2009 – Torino, 15 Ottobre 2009
Attacchi ad infrastrutture critiche: Attacchi ad infrastrutture critiche: storie di vita vissuta storie di vita vissuta
Raoul Chiesa
Founder, Honorary President, @ Mediaservice.netDirector of Communication, Board of Directors Member, ISECOM
Senior Advisor, Strategic Alliances & Cybercrime Issues at the United [email protected]
Document KeywordsDocument KeywordsInfrastrutture Critiche Nazionali; SCADA; Automazione Industriale; Incidenti di Sicurezza; Attacchi Informatici; Hacking; Sicurezza Nazionale; Penetration Test.
![Page 2: Chiesa_ Isecom](https://reader035.vdocuments.pub/reader035/viewer/2022070322/559068c11a28ab5f2c8b459b/html5/thumbnails/2.jpg)
2
ITN 2009 – Torino, 15 Ottobre 2009
AgendaWho is who
- Il relatore- ISECOM- UNICRI
I crimini Hi-Tech nel XXI secolo & l’hacking
Le Infrastrutture Critiche Nazionali- Attacchi- Problematiche riscontrate- Incidenti- TETRA- Soluzioni
Contatti, Q&A
![Page 3: Chiesa_ Isecom](https://reader035.vdocuments.pub/reader035/viewer/2022070322/559068c11a28ab5f2c8b459b/html5/thumbnails/3.jpg)
3
ITN 2009 – Torino, 15 Ottobre 2009
Il relatoreRaoul Chiesa– Director of Communications at ISECOM
– Institute for Security and Open Methodologies– Originally called the Ideahamster Organization (Est. 2000)– Open Source Community Registered OSI
– Project Manager for H.P.P., OSSTMM Key Contributor• OPST, OPSA, ISECOM Authorized International Trainer
– Professor of IT Security at various Universities & Masters (Italy)– Advisor on Cybercrime for the United Nations at UNICRI– Board of Directors Member at ISECOM, CLUSIT, Telecom Security Task
Force, and ISO ISMS IUG & OWASPItalian Chapters
![Page 4: Chiesa_ Isecom](https://reader035.vdocuments.pub/reader035/viewer/2022070322/559068c11a28ab5f2c8b459b/html5/thumbnails/4.jpg)
4
ITN 2009 – Torino, 15 Ottobre 2009
ISECOM: who is who• Institute for Security and Open Methodologies (Est.
2002) • Una Non-Profit Organization (registrata)• Sedi a Barcelona (Spagna) e New York (U.S.A.)• Open Source Community Registered OSI: utilizza un
processo di Open and Peer Review assicurando Qualità e sviluppando una Chain of Trust, diventando così una community internazionalmente riconosciuta.
• Una Certification Authority “grown in the trust” e supportata da istituzioni accademiche (La Salle University network).
![Page 5: Chiesa_ Isecom](https://reader035.vdocuments.pub/reader035/viewer/2022070322/559068c11a28ab5f2c8b459b/html5/thumbnails/5.jpg)
5
ITN 2009 – Torino, 15 Ottobre 2009
UNICRI: who is who
• United Nations Interregional Crime & Justice Research Institute
• Fondato nel 1968 per assistere le organizzazioni governative, intergovernative e non-governative nella creazione e miglioramento di policy nel campo della crime prevention e criminal justice.
• WHQ a Torino (UN Staff College, ITC/ILO); uffici a Roma, Ginevra, New York, Luanda (Angola), Maputo (Mozambico).
![Page 6: Chiesa_ Isecom](https://reader035.vdocuments.pub/reader035/viewer/2022070322/559068c11a28ab5f2c8b459b/html5/thumbnails/6.jpg)
6
ITN 2009 – Torino, 15 Ottobre 2009
Information Security
• L’evoluzione dei crimini dovrebbe essere analizzata da punti di vista innovativi
• Diversamente, non saremmo in grado di comprendere i nuovi nemici e, soprattutto, le loro motivazioni
• Informazione è la keyword per le minacce di oggi
• You got the information, you got the power…
![Page 7: Chiesa_ Isecom](https://reader035.vdocuments.pub/reader035/viewer/2022070322/559068c11a28ab5f2c8b459b/html5/thumbnails/7.jpg)
7
ITN 2009 – Torino, 15 Ottobre 2009
21st Century
Le minacce odierne si stanno trasformando, ed evolvendo:
• Hacking “for fun”• (Low-level) Hacking for money/phishing• (High-level) Hacking/Industrial espionage• On-line Child pornography (business)• Botnets• Critical Information Infrastructures, CNI & SCADA• Cyberterrorism• Copyright & Intellectual property violations• E-Commerce frauds, scams• On line gambling• Privacy issues (social networks)
![Page 8: Chiesa_ Isecom](https://reader035.vdocuments.pub/reader035/viewer/2022070322/559068c11a28ab5f2c8b459b/html5/thumbnails/8.jpg)
8
ITN 2009 – Torino, 15 Ottobre 2009
Low-level hackers: “script-kiddies” hunting for known security flaws(kind of “NEW”) Phishing, Remote low-level Social Engineering AttacksInsiders (user/supervisor/admin)Disgruntled Employees
High-level, sophisticated hackers, Organized Crime: middle and high level attacksHobbiest hackersUnethical “security guys”Unstructured attackers (SCAMs, medium & high-level hi-tech frauds,VISHING …)Structured attackers (“the italian job”, targeted attacks, industrial espionage)
Espionage, TerrorismForeign EspionageHacktivist (unfunded groups)Terrorist groups (funded)State sponsored attacks
Hacking: macro tipologie di attackers
![Page 9: Chiesa_ Isecom](https://reader035.vdocuments.pub/reader035/viewer/2022070322/559068c11a28ab5f2c8b459b/html5/thumbnails/9.jpg)
9
ITN 2009 – Torino, 15 Ottobre 2009
Critical National Infrastructures: high-level view
Le (principali) Infrastrutture Critiche Nazionali odierne possono essere riassunte in:
TelecommunicationsElectrical power systemsGas and oil storage and transportationBanking and financeTransportationWater supply systemsEmergency services (medical, police, fire and rescue)Continuity of government
![Page 10: Chiesa_ Isecom](https://reader035.vdocuments.pub/reader035/viewer/2022070322/559068c11a28ab5f2c8b459b/html5/thumbnails/10.jpg)
10
ITN 2009 – Torino, 15 Ottobre 2009
Critical National Infrastructures: zooming/1Sector Sample Target Sub-sectors
1.Energy and Utilities Electrical power (generation, transmission, nuclear)Natural gasOil production and transmission systems
2.Communications andInformation Technology Telecommunications (phone, fax, cable, satellites)
Broadcasting systemsSoftwareHardwareNetworks (Internet)
3. Finance BankingSecurities Investment
4.Health Care HospitalsHealth-care facilities
Blood-supply facilitiesLaboratoriesPharmaceuticals
5. Food Food safetyAgriculture and food industryFood distribution
![Page 11: Chiesa_ Isecom](https://reader035.vdocuments.pub/reader035/viewer/2022070322/559068c11a28ab5f2c8b459b/html5/thumbnails/11.jpg)
11
ITN 2009 – Torino, 15 Ottobre 2009
Critical National Infrastructures: zooming/2Sector Sample Target Sub-sectors
6. Water Drinking waterWastewater management
7. Transportation AirRailMarineSurface
8. Safety Chemical, biological, radiological, and nuclear safetyHazardous materialsSearch and rescueEmergency services (police, fire, ambulance and others)Dams
9. Government Government facilities Government services (for example meteorological services)Government information networksGovernment assetsKey national symbols (cultural institutions and national sites and monuments)
10. Manufacturing Chemical industryDefence industrial base
![Page 12: Chiesa_ Isecom](https://reader035.vdocuments.pub/reader035/viewer/2022070322/559068c11a28ab5f2c8b459b/html5/thumbnails/12.jpg)
12
ITN 2009 – Torino, 15 Ottobre 2009
China is attacking: UK
![Page 13: Chiesa_ Isecom](https://reader035.vdocuments.pub/reader035/viewer/2022070322/559068c11a28ab5f2c8b459b/html5/thumbnails/13.jpg)
13
ITN 2009 – Torino, 15 Ottobre 2009
China is attacking: USA
![Page 14: Chiesa_ Isecom](https://reader035.vdocuments.pub/reader035/viewer/2022070322/559068c11a28ab5f2c8b459b/html5/thumbnails/14.jpg)
14
ITN 2009 – Torino, 15 Ottobre 2009
China is attacking: Germany
The comments follow charges made by a top German intelligence official that computer hacking by China was occurring on an almost daily basis.
![Page 15: Chiesa_ Isecom](https://reader035.vdocuments.pub/reader035/viewer/2022070322/559068c11a28ab5f2c8b459b/html5/thumbnails/15.jpg)
15
ITN 2009 – Torino, 15 Ottobre 2009
China is attacking: France
France has become the fourth country to speak out against hackers in China following an attack on French government systems.
Francis Delon, France's secretary general for national defence, claimed that the country's systems had been compromised and that the evidence pointed to China.
![Page 16: Chiesa_ Isecom](https://reader035.vdocuments.pub/reader035/viewer/2022070322/559068c11a28ab5f2c8b459b/html5/thumbnails/16.jpg)
16
ITN 2009 – Torino, 15 Ottobre 2009
Key issues Conseguenza
Reti piatte (no segmentazione) Vita facile ai wormNo FW ..arriva di tuttoNo AV vulns note, bloccano la rete!No xIDS Incident handling ?!? Anomalie ? Attacchi ?
Trojan “ad-hoc” ? No Integrity Checker Modifiche ai file eseguibiliSicurezza fisica Accesso fisico non autorizzatoSecurity Through Obscurity Non funziona più (GSM Association docet)Differenze culturali Paradigma C-I-A VS A-I-C
I problemi riscontrati
![Page 17: Chiesa_ Isecom](https://reader035.vdocuments.pub/reader035/viewer/2022070322/559068c11a28ab5f2c8b459b/html5/thumbnails/17.jpg)
17
ITN 2009 – Torino, 15 Ottobre 2009
SCADA&NCIs: incidents
![Page 18: Chiesa_ Isecom](https://reader035.vdocuments.pub/reader035/viewer/2022070322/559068c11a28ab5f2c8b459b/html5/thumbnails/18.jpg)
18
ITN 2009 – Torino, 15 Ottobre 2009
SCADA&NCIs: incidents
![Page 19: Chiesa_ Isecom](https://reader035.vdocuments.pub/reader035/viewer/2022070322/559068c11a28ab5f2c8b459b/html5/thumbnails/19.jpg)
19
ITN 2009 – Torino, 15 Ottobre 2009
SCADA&NCIs: incidents
![Page 20: Chiesa_ Isecom](https://reader035.vdocuments.pub/reader035/viewer/2022070322/559068c11a28ab5f2c8b459b/html5/thumbnails/20.jpg)
20
ITN 2009 – Torino, 15 Ottobre 2009
SCADA: going commercial…
Videoclip time !
![Page 21: Chiesa_ Isecom](https://reader035.vdocuments.pub/reader035/viewer/2022070322/559068c11a28ab5f2c8b459b/html5/thumbnails/21.jpg)
21
ITN 2009 – Torino, 15 Ottobre 2009
SCADA&NCIs: sabotage
![Page 22: Chiesa_ Isecom](https://reader035.vdocuments.pub/reader035/viewer/2022070322/559068c11a28ab5f2c8b459b/html5/thumbnails/22.jpg)
22
ITN 2009 – Torino, 15 Ottobre 2009
SCADA&NCIs: incidents
![Page 23: Chiesa_ Isecom](https://reader035.vdocuments.pub/reader035/viewer/2022070322/559068c11a28ab5f2c8b459b/html5/thumbnails/23.jpg)
23
ITN 2009 – Torino, 15 Ottobre 2009
SCADA: incidents
![Page 24: Chiesa_ Isecom](https://reader035.vdocuments.pub/reader035/viewer/2022070322/559068c11a28ab5f2c8b459b/html5/thumbnails/24.jpg)
24
ITN 2009 – Torino, 15 Ottobre 2009
SCADA&NCIs: incidents
![Page 25: Chiesa_ Isecom](https://reader035.vdocuments.pub/reader035/viewer/2022070322/559068c11a28ab5f2c8b459b/html5/thumbnails/25.jpg)
25
ITN 2009 – Torino, 15 Ottobre 2009
SCADA&NCIs: incidents
![Page 26: Chiesa_ Isecom](https://reader035.vdocuments.pub/reader035/viewer/2022070322/559068c11a28ab5f2c8b459b/html5/thumbnails/26.jpg)
26
ITN 2009 – Torino, 15 Ottobre 2009
TETRA & 911
• Nel 2007 siamo stati chiamati per effettuare verifiche di sicurezza presso un Paese dell’area GCC (Middle-East)
• Oltre ad un assessment di sicurezza “standard”, ci èstato chiesto di “spegnere il 911”
• Dopo aver richiesto autorizzazioni estese, e dopo aver toccato con mano lo scetticismo (vendor, e Cliente), ci siamo messi all’opera
• Dopo 14 minuti il 911 era down: no police, no ambulance, no fire department.
![Page 27: Chiesa_ Isecom](https://reader035.vdocuments.pub/reader035/viewer/2022070322/559068c11a28ab5f2c8b459b/html5/thumbnails/27.jpg)
27
ITN 2009 – Torino, 15 Ottobre 2009
Altri case-studies (sotto NDA)
• Negli ultimi 3 anni ci siamo anche occupati di verificare l’effettivo livello di sicurezza esistente presso:– Energy Plants (Test Plant)
– Pharmaceutical (live)
– Finance
– Telco
– Air transport
– Highways
– Chemical
– Industry
• ..In tutti questi casi, siamo riusciti a violare con successo l’infrastruttura e/o il target individuato.
![Page 28: Chiesa_ Isecom](https://reader035.vdocuments.pub/reader035/viewer/2022070322/559068c11a28ab5f2c8b459b/html5/thumbnails/28.jpg)
28
ITN 2009 – Torino, 15 Ottobre 2009
Possibili soluzioni ? Cultura!
• Cybercrime Trainings on SCADA & NCIs @ the United Nations (Torino, Italy)
– http://www.unicri.it/wwd/cybertraining/index.php
– http://www.unicri.it/wwd/cybertraining/info_security.php– http://www.unicri.it/wwd/cybertraining/hacker_profiling.php– http://www.unicri.it/wwd/cybertraining/SCADA.php– http://www.unicri.it/wwd/cybertraining/digital_forensics.php
– http://www.unicri.it/wwd/cybertraining/ap-form_info.php
![Page 29: Chiesa_ Isecom](https://reader035.vdocuments.pub/reader035/viewer/2022070322/559068c11a28ab5f2c8b459b/html5/thumbnails/29.jpg)
29
ITN 2009 – Torino, 15 Ottobre 2009
Contacts, Q&AContacts:
• If you are interested in ISECOM projects:Raoul Chiesa, Director of Communications at ISECOM [email protected]
• If you are interested in professional penetration testing for governments and LEAs:Raoul Chiesa, Chief Technical Officer & Tiger Team manager [email protected]
• If you are interested in UNICRI’s Cybercrime Trainings:Raoul Chiesa, Senior Advisor & Strategic Alliances [email protected]
GRAZIE DELL’ATTENZIONE!
DOMANDE ?