1 / 38

Ethical Use of Malware

Ethical Use of Malware. Is it ethical for governments to develop malware that will disrupt another country’s military, economic, or government institutions?. What is Malware?. 1. Malicious Software

darryl-weeks
Download Presentation

Ethical Use of Malware

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Ethical Use of Malware Is it ethical for governments to develop malware that will disrupt another country’s military, economic, or government institutions?

  2. What is Malware? 1. Malicious Software 2. Software that is created to inflict damage, disable or spy on computers and computer systems. 3. Includes computer worms, viruses, spyware, trojan horses, adware, and other programs that intend to do harm.

  3. Includes computer worms, viruses, spyware, trojan horses, adware, and other programs that intend to do harm.

  4. Pro Vs. Con Use of Malware

  5. Stuxnet 1. Computer worm that attacks Microsoft Windows 2. Developed by the U.S. and Israel 3. Attacked Iran's main nuclear enrichment facilities 4. Purpose was to slow the progress of Iran’s nuclear program 5. An error in the worms coding allowed it to be set free outside of the intended target, to the rest of the world

  6. Why Government Sponsored Malware is Unethical • 1) Collateral damage (it’s difficult to direct the damage malware will inflict) • 2) Malware can be reverse engineered to attack other than intended targets. • 3) Continual retaliation between nations leads to ever more sophisticated malicious software, which civilians will suffer the most from. • 4) Money that governments spend on instigating/retaliating cyber attacks can be more appropriately spent on cyber defense.

  7. .. • “Cyber weapons are difficult to precisely target given the interdependence of most computer systems, so collateral damage to civilian targets is a major threat, as when a virus aimed at military sites spreads to civilian sites.”(IRMA-INT.ORG)

  8. Stuxnet perfectly illustrates the problem with using malware. • The computer worm got out of hand, and an error in its’ coding allowed it to spread outside of its original target. • While most of Stuxnet’s damage was inflicted on Iranian nuclear enrichment facilities, approximately 40% of the computers and computer systems infected were outside of Iran. • “It’s believed that Stuxnet was responsible for the failure of India’s INSAT-4B satellite in July”(FORBES.COM) • President Obama was very concerned with the damage that the “bug” could potentially do outside of Iran's NEFs. • VP Joe Biden believes that the spread of Stuxnet, outside of INEF’s, was the doing of the Israelis, “who went too far.” (NYTIMES)

  9. Malware can be reverse engineered to attack other than intended targets. • A) It’s believed that Iran reverse engineered U.S. created malware. • B) Iranian Disstrack malware strongly resembles sophisticated U.S. made Flame malware. • C) Flame was created and used by the U.S. to spy on Iran. • D) Iran then used Disstrack to attack and disrupt the Saudi Arabian oil company Aramco. It is the worlds largest oil producer and privately held company. (www.dailytech.com) • E) Disstrack also affected American financial institutions.

  10. Harm to Civilian Infrastructure • A malware arms race is ensuing throughout the globe. • Nations include the U.S., Israel, Japan, China and Iran. • Bullets in the Middle East more or less stay in the Middle East. A malware war between Iran and the United States can potentially affect our personal computers and finances.

  11. Money that governments spend on instigating/retaliating cyber attacks can be more appropriately spent on cyber defense. • Obama’s original strategy on cyber warfare when he first entered the White House, was to beef up “cyber-defense here at home.” • It is important to protect our struggling U.S. economy from both non-government and foreign government cyber attacks. • When the U.S. government attacks a nation like Iran with malware, it only increases our chances of being attacked or infected by malware ourselves.

  12. Malware Causes Tangible Destruction • There is a common misconception that cyber warfare creates no physical damage. • Stuxnet targeted five key nuclear enrichment facilities in Iran. Specifically- the facilities centrifuges. • Centrifuges are used to enrich uranium. They isolate the two isotopes in uranium. The two isotopes have a slightly different weight, and this enables centrifuges to separate them. Centrifuges create force that is thousands of times more powerful than the force of gravity. • When malware such as Stuxnet, abruptly stops a centrifuge spinning at 100,000 RPM, bad things happen and physical damage of a malware attack is evident.

  13. The Pros of Malware

  14. The pros of Malware

  15. Investment in cyber war started around 2006. • Today, several intelligence studies claim that more than 140 countries have a cyber weapon development programmeincluding the USA, China, Israel, and Russia. Cost-Effective

  16. Cost-Effective Contd. • US Defense Advanced Research Projects Agency or(DARPA) costs the United states of America 110 million dollars. • Plan X is part of a larger DARPA effort to create breakthrough offensive and defensive cyber-­capabilities. • Plan-X has a cyber budget of $1.54 billion from 2013 to 2017, DARPA will focus increasingly on cyber-offence to meet military needs, officials say. • Cyber Security will be increasing… though. What does it cost to fund the USA Cyber Defense? Well……

  17. Cost-Effective Contd. Military Computer Salaries • Computer Programmer: • Annual Salary 76,983. • Web Developer: • Annual Salary 72,014 • Information Security Specialist: • Annual salary equals 89,088 • Software Engineer: • Annual salary is around 101,820 http://jobsforveterans.military.com/506/top-10-technology-jobs/#ixzz2AonY3qba

  18. Military Spending

  19. Military Spending

  20. Military Spending

  21. Cost-Effective Contd. • James Lewis, a former U.S. foreign service officer now senior fellow and cyber specialist at Washington D.C.'s Centre for Strategic and International Studies. • "Neither side really wants a war because of the economic costs in particular. So this is what they do instead.“ • The advantages make cyber warfare very attractive for those “small” states that, despite having reduced funds for military expenses, and are able to compete with the most important countries in the new domain. To sum up the cost-effectiveness of malware…

  22. Virus Creators

  23. The pros of Malware Stealth • the preparation phase of a cyber weapon is easy to hide from prying eyes • Probe the technological capabilities and almost unpreventable. • elude penalties due to the low consensus on international penalties from what constitutes an “armed attack”

  24. The preparation phase of a cyber weapon is easy to hide from prying eyes… • Building a Cyber Weapon is much easier to hide compared to a missile, drone, or combat aircraft • Much easier to test by using a created server • Stuxnet took about ten years, but some anti-virus programs are created in days (the atomic bomb took around 8 years that we know of)

  25. Probe the technological capabilities of an enemy covertly and the attack itself is unpreventable • Cyber espionage: The act of information gathering to obtain sensitive, proprietary or classified information from individuals and governments also for military, political, or economic advantage using illegal exploitation methods on the internet, networks, software and/or computers. • The last thing men should know about Stuxnet is that it subverted every existing security policy and was ultimately not preventable. • No electronic security perimeters, data diodes or anti-virus software could have stopped it -- not even the most secure measure of all: air gaps (or air walls).

  26. The lack of definition makes it impossible to distinguish a cyber weapon and its proper use, and to evaluate the legal and political responsibility of the aggressor and the real level of threat made in a cyber warfare context. Elude penalties due to the low consensus on international penalties from what constitutes an “armed attack” “There is no legal definition of a cyber weapon”

  27. The Definition of Warfare US military strategist John Boyd states: “War comprises acts of physical, biological, psychological, social, cultural and other destruction at all levels, for example, intrapsychic, interpersonal, intergroup, interorganisational, and international.”

  28. Definition of Cyber-Warfare Cyber warfare is combat in cyberspace and includes computers, the Internet and the “sphere of human thought”

  29. Cyber-warfare operations Kinetic or Physical Destruction Non-Kinetic- is attacks against computers, intellectual property, financial systems, and the realm of ideas, opinions, beliefs and feelings.

  30. Dangerously Protective • The spectrum is very wide. In general a cyber weapon could hit every critical infrastructure and vital system of a country. • If a war did break out, infrastructures could be seriously damaged.

  31. Infrastructures damaged • Industrial control systems, of particular concern are those components that oversee the operation of plants for energy production and delivery of services of various kinds, such as water utilities. • Electric power supply grids. • Systems for territory controls. • Hospitals and government controls. • Communications networks. • Defense systems. • Military air traffic and airspace control systems. • Financial and banking systems.

  32. Life SAVING Even though cyber warfare can cause an extreme infrastructure to collapse the lives lost are significantly lower than traditional warfare.

  33. Destructive… If need be But, not to this extent. It is time to end destruction such as this!

  34. And this!

  35. Cyber-Warfare The change from military warfare to cyber-warfare

More Related