Modern Day Computer Systems are Weapons

[rokdownload menuitem="430" downloaditem="3" direct_download="true"]Click here to Download this Article[/rokdownload]

Modern Day Computer System Are Weapons

Ken Winter

Real World Security Practitioner

Peak Security

Abstract

This paper will explain how the modern computer system is used as a weapon. The vast majority of computer users view computers as simple devices that can perform a variety of household or corporate functions. But in an analogous way, computers are weapons that can be used in an offensive manner, a defensive manner, perform reconnaissance against a potential target and can even come together as teams of systems to carry out a full scale war. While the average user sits back in the comfort of their own home chatting with long distance friends or family, e-mailing business proposals, or surfing the internet, all along believing they are protected and safe, the underlining technologies that allow this innocuous activity to happen have a dark and insidious side that is used to steal identities, pilfer bank accounts, or take control over someone else's systems. In the end, computers can be used to attack and defend, just like a traditional weapon.

Modern Day Computer Systems are Weapons

Everyday millions of people around the world turn on their computers in order to do something they think is safe and harmless, such as surfing the Internet, sending out e-mails, chatting with friends or family somewhere else in the world, or performing business transactions. Accessing the Internet can be relatively safe when the systems that are communicating together are configured with security in mind. Unfortunately not all of the computer systems in homes, corporate offices or used by the military are configured to be as secure as possible. More often than not, operational capability will trump the need for a secure computer system. Risk assessment and acceptance dictates that it is tolerable to disclose certain information, spend additional money on man-hours to fix compromised systems or play the waiting game for something bad to happen to the systems, instead of making systems as secure as possible before they can be taken advantage of. Having systems around the world connected to the Internet that are not as secure as they could be opens up the possibility that these critical assets can fall victim to compromise or exploitation. By accepting the risk of not having a secure computer, one accepts the possibility that their system could be used to inflict harm to themselves, or worse yet, someone else. The online reference dictionary (2010) defines a weapon as anything used against an opponent, adversary, or victim. When a hacker uses a computer to take control of another person's computer, the compromised computer has fallen victim to the attacker. Therefore, a modern day computer system is a weapon.

A modern day computer system can be used as a reconnaissance tool, gathering critical information on an adversary or victim. A successful military operation is based largely in part on the accuracy of the intelligence gathered before an attack. Specialized software tools, such as nmap (2010), SAINT vulnerability scanner (2010) and other software applications can successfully determine key components of an IT structure of a network, thereby helping to pinpoint areas of weakness. For example, nmap can be used to determine the IP addresses of a network and the components that reside on the target network. Once the IP ranges and systems are successfully identified, Saint can be used to determine the specific exploits that can be used against the identified operating system (such as Windows, Linux, Checkpoint, Cisco, etc) and the vulnerabilities associated with those operating systems. The intelligence gathered can be used to determine where weaknesses may lay, painting a clear picture on how to execute a successful attack. While performing a reconnaissance operation, no actual attack is performed. The goal of reconnaissance is to simply seek out the components on the network, identify what operating systems or applications are running on those systems and hopefully identify any sort of weakness that may exist in those systems. To defend against reconnaissance, technical personnel along with organizational policy can take counter reconnaissance measures, such as hiding operating system or application versions, disabling Internet Control Message Protocol (ICMP) response messages, or blocking high-risk ports at the perimeter, thereby thwarting the intelligence gathering measures. Reconnaissance can also be as simple as finding a network diagram of an organizations computing infrastructure by performing internet searches, social networking or by other means. If an accurate network diagram can be obtained, the attacker would have far less work to do since he would already know how the network is designed. In addition, the diagram may divulge critical information such as IP addresses, open ports and protocols, and other information that is typically presented on good network diagrams. Modern day computers can perform intelligence gathering and reconnaissance of other computing systems by actively searching the internet for information, using applications to scan a remote system or running simple tools to get ICMP responses messages in order to get a better understanding of how targeted systems are configured, which can then be used in a attack.

A weapon is typically thought of as having an offensive capability, with the intention of physically inflicting harm to another. An offensive attack is the act of proactive engagement against someone else with a set goal in mind such as controlling a piece of land, or in this case gaining administrative control of someone else's system. Throughout history, man has fought one another, and in nearly all instances, a weapon was brought to the engagement in hopes of outmatching the opposition. When a weapon is used in an offensive manner, the intent is clear and that intent is to use a tool to cause as much harm as possible, as quickly as possible and as efficiently as possible. Not long ago, computers systems had limited capabilities. Such as low communication speeds, small storage capabilities and poor number crunching abilities. Today’s computers are highly capable tools that use high-speed processors, have large amounts of memory and the ability to store an exorbitant amount of data. A modern day computer's capability enables an expert user to compromise an insecure computer, quickly, efficiently, and most of all effectively. Even in the hands of a less savvy hacker, such as a script kiddie, the power of a modern day computer can cause significant damage to an organization or person. In addition to the basic hardware aspect of computers, the operating system and the applications that run on them are key components that make the weapon so effective. Applications have become immensely complicated, yet simple and effective at the same time. Some applications, such as Metasploit, can easily be used by novice hackers to cause great harm to unsuspecting victims by using automated routines that exploit remote systems. Once a system is compromised, multiple scenarios could play out based on the desire of the person that compromised the system. One such scenario is to become a member of a Botnet, as reported by Michael Cooney (2007). In the end, a compromised system is no longer under full control of the user or owner. The harm that occurs by a compromise or exploitation is the loss of perceived ownership of a system.

There is a wide variety of attack techniques that can be employed to cause harm. Some of the techniques include creating a denial of service against a target, capturing key strokes, or taking administrative control of a computer system. Harm can come in an array of means. To harm a victim with a computer system, a hacker could compromise a home computer system by installing a key-logger application to record all the keys strokes the victim enters on the keyboard, thereby retrieving bank account numbers, e-mail account information and corporate system logins, all of which could be collected for later use. When the time is right, the attacker can use the aforementioned information to transfer bank account balances, gain access to corporate systems to get sensitive information, monitor personal e-mail communications and so on. The harm in this example could include financial hardships, emotional suffering, demoralization, possible long-term impact to credit ratings, and a variety of other problems, as explained in detail by Susan Stern (2009). Another example of causing harm is in the form of espionage, or spying. In this scenario, an attacker could compromise a system that contains sensitive, proprietary, or classified information, which could then be used to gain an advantage over a competitor, or worse yet, over a nation. Attacks with the intent of espionage in mind will not initially begin with a denial of service, but instead the attack would be based on the intent of gaining inside access, typically through techniques such as installing rootkits on critical internal systems, planting Trojans on internal systems and other methods with covert intentions and actions. Gaining repeatable access to internal systems is often referred to as having a foothold. Once a foothold is established, the attacker could cause great harm at any time, or worse yet, continue to compromise more systems. In an interview with Alex Cox (2010), internal footholds go beyond the single identified system "Saying my organization only has one compromised host to make yourself feel better really isn't realistic because that is the root of the compromise really.” Additionally, harm sometimes will not be noticed until the most inopportune time, by creating a denial of service when the systems are needed the most. There are a variety of techniques that can be used to attack systems, ranging from installing key-logging applications used to gain sensitive information or compromising internal systems with rootkits and backdoors, all with the intent of causing harm later.

A weapon can also be used as a defensive capability and protection. Defense by nature is the act of protecting something from someone. Just as the Spartans had the Spartan shield, or the Apache tomahawk, a single tool can be used offensively or defensively. While an attacker is using a computer to attack another computer, the defender's computer has the ability to protect attacking marauders from gaining unauthorized access to a system, data, or control. Just like walls around a castle, modern day computers have the ability to have a firewall for protection. The firewall is typically the first line of defense in warding off attacks. It can be configured to masquerade or hide the presence of the defenders computer, thereby making it difficult to even detect. On the inside of the firewall, sits all the key items that an offender might want access to. Like the interior of a castle, there are chambers, rooms, corridors, warehouses, tunnels and compartments that are strategically placed and protected in accordance with the value of what it contains. To further defenses, modern day computers have security control mechanisms to limit what can be accessed and by whom by using a compartmental strategy to protect critical aspects in proportion to the significance of the computing system. Security mechanisms that further protect computer systems can include the use of additional software, such as anti-virus, anti- malware, access control list that limit what can be executed or run, and host intrusion protection systems (HIPS), all of which aid in protecting the core or underlying system from unauthorized access. To a vast extent, gaining root or administrative level access on a computer is the Holy Grail in an attack. By gaining root level access, one becomes the king of the castle by having all commands executed without question. The defensive posture of a modern day computer can be well defined, even to the point where legitimate users cannot gain access to any data, revealing just how well defensive security can be employed.

When a computer is used as a weapon that violates the law, the act is considered a cybercrime. Cybercrime is a new addition to the law books. Cyber Crime On The Rise (2010) categorizes cybercrime into three areas: crime against a person, crime against an organization and crime against a nation or country. Traditional crimes, or crimes not committed with a computer, can be committed with or without a weapon, such as stealing, or committing armed robbery. Cybercrime always includes the use of a weapon to commit a crime since it requires the use of a computer or other electronic device. Examples of cybercrimes that can be committed against a person include using a computer for stealing someone's identity, gaining access to someone's bank account and stealing their money, sending e-mails to blackmail or extort, or the transferring of illegal data. Cybercrime statistics from the 2009 Internet Crime Report (2009) indicate, “The total dollar loss from all referred cases was $559.7 million” which is up $300 million from 2008. Examples of cybercrime against an organization include espionage, data exfiltration, monetary theft and denial of service. Cybercrime against a nation or country can include all of the aforementioned items, but the stakes and motives are different. The motives for cybercrime against a nation are complex and typically not qualified. Countries normally do not publicly announce or acknowledge cybercrime activity, yet it occurs every day and is rarely reported to the press. National pride typically drives the decision not to release any known attack information to the media or public, or as reported by John Mello Jr. (2010) reports do not surface until years after the attack actually occurs. Regardless of whether or not a cybercrime is reported, history has shown that cybercrime does occur. Computer Science and Telecommunications Board (1991) states “Tomorrow's terrorist may be able to do more damage with a keyboard than with a bomb.” If a bomb is considered a weapon, and a computer can do more damage than a bomb, then the correlation exists that a modern day computer is a weapon.

While the typical computer user views a computer as a highly productive and entertaining electronic device, criminals, hackers and other individuals with malicious intent use modern day computers as weapons, inflicting harm in a variety of ways. Modern computers are extremely flexible and capable devices that enable general users the ability to create videos, mix music, design, and edit incredible pictures and graphics, and a host of other productive tasks. However, a computer has the ability to be a weapon in the hands of a more unscrupulous person. In the hands of a savvy person with harm in mind, a computer can be used to scan remote systems, looking for points of vulnerability and unleash an attack that could harm a person, an organization or a nation. The harm caused by attacks and compromises can range from financial loses, identity theft, loss of perceived ownership or theft of intellectual property. If a computer is used in theft or damage, then the act is considered a cybercrime with distinct and specific laws that dictate how legal actions will proceed. Cybercrime is clearly on the rise as more companies, organizations, and individuals are more connected to the internet, and this trend does not appear to be slowing down. As harmless as computers may seem, the truth is computers can be used as a tool to cause harm, which indicate that computers are actually weapons.

References

weapon. (2010). In Reference Online Dictionary.

Retrieved August 12, 2010, from http://dictionary.reference.com/browse/weapon

Nmap. (2010). Nmap.org

Retrieved September 28, 2010 from http://nmap.org/book/man.html#man-description

Saint Vulnerability Scanner. (2010). Saint Corporation

Retrieved September 28, 2010 http://www.saintcorporation.com/solutions/penetrationTest.html

Cooney, Michael (2007). FBI Finds Over 1 Million Botnet Victims

Retrieved September 28, 2010, from http://www.pcworld.com/article/132872/fbi_finds_over_1_million_botnet_victims.html

Stern, Susan (2009). NE Law Lax Cyberstalk

Retrieved September 28, 2010, from http://sternpr4less.com/tag/keylogger-crimes-omaha/

Cox, Alex (2010). Kneber Botnet Threat to Government IT