Transcript We are in a state of war on the Internet - ISSA

James D. Brown
Chief Engineer and Senior Fellow
Information Resource Management
L-3 Communications
WE LIVE IN A CYBER WORLD










Cyber Addiction
Cyber Bullying
Cyber Cafe
Cyber Crime
Cyber Critic
Cyber Dating
Cyber Espionage
Cyber Identity
Cyber Porn
Cyber Punk









Cyber Safety
Cyber Security
Cyber Sex
Cyber Space
Cyber Speak
Cyber Stalking
Cyber Technology
Cyber Text
Cyber Terrorism
2008 US Commerce Committee Report

“China is aggressively pursuing cyber warfare
capabilities that may provide it with an asymmetric
advantage against the United States. In a conflict
situation, this advantage would reduce current U.S.
conventional military dominance.”

“Cyber space is a critical vulnerability of the U.S.
government and economy, since both depend heavily
on the use of computers and their connection to the
Internet. The dependence on the Internet makes
computers and information stored on those computers
vulnerable.”
Capability of the People’s Republic of China to
Conduct Cyber Warfare and Computer Network Exploitation
October 9, 2009
Figure 1: General Staff Department of the People's Liberation Army51
The conceptual framework currently guiding PLA IW strategy is called “Integrated
Network Electronic Warfare” a combined application of computer network operations and
electronic warfare used in a coordinated or simultaneous attack on enemy networks and
other key information systems. The objective is to deny an enemy access to information
essential for continued combat operations.
Mandiant Report
“China’s economic espionage has reached an intolerable
level and I believe that the United States and our allies in
Europe and Asia have an obligation to confront Beijing and
demand that they put a stop to this piracy.
Beijing is waging a massive trade war on us all, and we
should band together to pressure them to stop. Combined,
the United States and our allies in Europe and Asia have
significant diplomatic and economic leverage over China,
and we should use this to our advantage to put an end to
this scourge.”
— U.S. Rep. Mike Rogers, October, 2011
Mandiant Report Summary

APT1 is believed to be the 2nd Bureau of the People’s Liberation Army (PLA) General
Staff Department’s (GSD) 3rd Department ,which is most commonly known by its Military
Unit Cover Designator (MUCD) as Unit 61398.

APT1 has systematically stolen hundreds of terabytes of data from at least 141
organizations, and has demonstrated the capability and intent to steal from dozens
of organizations simultaneously.

APT1 maintains an extensive infrastructure of computer systems around the world.

In over 97% of the 1,905 times Mandiant observed APT1 intruders connecting to
their attack infrastructure, APT1 used IP addresses registered in Shanghai and
systems set to use the Simplified Chinese language.

The size of APT1’s infrastructure implies a large organization with at least dozens,
but potentially hundreds of human operators.

In an effort to underscore that there are actual individuals behind the keyboard,
Mandiant is revealing three personas that are associated with APT1 activity.

Mandiant is releasing more than 3,000 indicators to bolster defenses against APT1
operations.
Home of APT - 61398
Advanced Persistence Threat









It was defined by the US Air Force and Mandiant
It is a special class of targeted coordinated attacks
They are highly specialized and extremely sophisticated
Very stealthy (under the radar)
Very hard to detect and remove
Mainly aimed at US Defense Contractors
Used by foreign governments and organized crime (China
and Russia)
Takes advantage of US companies lackadaisical attitude
toward network security
Targets are now spreading to areas of the Internet
How Do APT’s Work