Mircea cel Batran Naval Academy CADET NAV 2019 [603292]

Mircea cel Batran Naval Academy – CADET NAV 2019

© 201 9 Mircea cel Batran Naval Academy Cyber security and threats to military information systems

Adelin Florin POENARU*
Rebeca Elena IONESCU**
Student: [anonimizat], Academia Forțelor Aeriene “Henri Coand ă”, Brașov
Student: [anonimizat], Academia Forțelor Aeriene “Henri Coand ă”, Brașov

Scientific coordinator : Lect. Eng. Constantin STRÎMBU, PhD
“Henri Coand ă” Air Force Academy , Bra șov

Abstract: Nowadays, at the same time with the development of technology, virtual space became a part of our
personal and professional life, triggering the risk of compromising confidential data. In view of these issues,
the concept of cyber security has emerged. This is one of the priorities of government specialists to protect
military, economic, f inancial, but especially reputational losses. At both individual and large computer systems,
there are a number of vulnerabilities of cyber attacks. This paper proposes a clear evidence of the risks that we
are exposing on online environment as soldiers an d it presenting some situations when military information
had been compromised. At the end of the paper, it is desirable to develop a military conflict considering the
advantage of a well -prepared army in domaind of espionage and jamming.

Keywords : cyber , warfare, malware, inflitration.

1. Introduction

This article explains what cyber security is and why the demand for cyber security professionals is growing
up. It explains what our online identity and data is, where it is, and why it is interesting for cyber criminals . It
also discusses what organizational data is, and why it must be protected. It discusses who the cyber attackers
are and what they want.
All types of organizations, such as medical, financial, and education institutions, use network for o perating
effectively. They use network for collecting, processing, storing, and sharing vast amounts of digital
information. As more digital information is gathered and shared, the protection of this information is becoming
even more vital to our national security and economic stability.
As more time as a person spend online, our identity, both online and offline, as more riskly that our life can
be affective. Our offline identity represent the information that your friends and family can access it everyday at
home, school, or work. They know our personal information, such as your name, age, or where you live (the
address). Our online identity represent the person who you are in cyberspace. Our online identity is how you
present yourself to others online. Th is online identity should present and share only a limited amount of
information about us.
Cyberspace has become another important dimension of warfare, where nations can deploy conflicts
without disposes the troops and machines. This allows countries wit h low number of military persons to be as
strong as other nations. Cyberwarfare is an Internet -based conflict that involves the penetration of devices
systems and networks of other nations. These attackers have the resources and expertise to launch massive
Internet -based attacks against other nations causing damage or blocking some services.

2. Cyberattacks

2.1. Security vulnerabilities

Most software security vulnerabilities fall into one of the following categories:

Cyber security and threats to military information systems / MASTERNAV 201 8 2
 Buffer overflow – This vulnerability occurs when data is written beyond the limits of a buffer.
Buffers are memory areas allocated to an application. By changing data beyond the boundaries of a buffer, the
application accesses memory allocated to other processes. This can lead to a system crash, dat a compromise, or
provide escalation of privileges.
 Non-validated input – Programs often work with data input. This data coming into the program
could have malicious content, designed to force the program to behave in an unintended way. Consider a
program t hat receives an image for processing. A malicious user could craft an image file with invalid image
dimensions. The maliciously crafted dimensions could force the program to allocate buffers of incorrect and
unexpected sizes.
 Race conditions – This vulnera bility is when the output of an event depends on ordered or timed
outputs. A race condition becomes a source of vulnerability when the required ordered or timed events do not
occur in the correct order or proper timing.
 Weaknesses in security practices – Systems and sensitive data can be protected through techniques
such as authentication, authorization, and encryption. Developers should not attempt to create their own
security algorithms because it will likely introduce vulnerabilities. It is strongly advi sed that developers use
security libraries that have already created, tested, and verified.
 Access -control problems – Access control is the process of controlling who does what and ranges
from managing physical access to equipment to dictating who has acce ss to a resource, such as a file, and what
they can do with it, such as read or change the file. Many security vulnerabilities are created by the improper
use of access controls.
Nearly all access controls and security practices can be overcome if the atta cker has physical access to
target equipment. For example, no matter what you set a file’s permissions to, the operating system cannot
prevent someone from bypassing the operating system and reading the data directly off the disk. To protect the
machine an d the data it contains, physical access must be restricted and encryption techniques must be used to
protect data from being stolen or corrupted.

2.2. Types of malware

Short for Malicious Software, malware is any code that can be used to steal data, bypass ac cess controls, or
cause harm to, or compromise a system. Below are a few common types of malware:
 Spyware – This malware is design to track and spy on the user. Spyware often includes activity trackers,
keystroke collection, and data capture. In an attempt to overcome security measures, spyware often
modifies security settings. Spyware often bundles itself with legitimate software or with Trojan horses.
 Adware – Advertising supported software is designed to automatically deliver advertisements. Adware is
often installed with some versions of software. Some adware is designed to only deliver advertisements but
it is also common for adware to come with spyware.
 Bot – From the word robot, a bot is malware designed to automatically perform action, usually online .
While most bots are harmless, one increasing use of malicious bots are botnets. Several computers are
infected with bots which are programmed to quietly wait for commands provided by the attacker.
 Ransomware – This malware is designed to hold a computer system or the data it contains captive until a
payment is made. Ransomware usually works by encrypting data in the computer with a key unknown to
the user. Some other versions of ransomware can take advantage of specific system vulnerabilities to lock
down the system. Ransomware is spread by a downloaded file or some software vulnerability.
 Scareware – This is a type of malware designed to persuade the user to take a specific action based on fear.
Scareware forges pop -up windows that resemble operating syst em dialogue windows. These windows
convey forged messages stating the system is at risk or needs the execution of a specific program to return
to normal operation. In reality, no problems were assessed or detected and if the user agrees and clears the
ment ioned program to execute, his or her system will be infected with malware.
 Rootkit – This malware is designed to modify the operating system to create a backdoor. Attackers then
use the backdoor to access the computer remotely. Most rootkits take advantage of software vulnerabilities
to perform privilege escalation and modify system files. It is also common for rootkits to modify system
forensics and monitoring tools, making them very hard to detect. Often, a computer infected by a rootkit
must be wiped and reinstalled.

Adelin Florin POENARU; Rebeca Elena IONESCU / MAST ERNAV 20 18 3
 Virus – A virus is malicious executable code that is attached to other executable files, often legitimate
programs. Most viruses require end -user activation and can activate at a specific time or date. Viruses can
be harmless and simply displ ay a picture or they can be destructive, such as those that modify or delete
data. Viruses can also be programmed to mutate to avoid detection. Most viruses are now spread by USB
drives, optical disks, network shares, or email.
 Trojan horse – A Trojan hors e is malware that carries out malicious operations under the guise of a
desired operation. This malicious code exploits the privileges of the user that runs it. Often, Trojans are
found in image files, audio files or games. A Trojan horse differs from a vi rus because it binds itself to non –
executable files.
 Worms – Worms are malicious code that replicate themselves by independently exploiting vulnerabilities
in networks. Worms usually slow down networks. Whereas a virus requires a host program to run, worms
can run by themselves. Other than the initial infection, they no longer require user participation. After a
host is infected, the worm is able to spread very quickly over the network. Worms share similar patterns.
They all have an enabling vulnerability, a way to propagate themselves, and they all contain a payload.
Worms are responsible for some of the most devastating attacks on the Internet. As shown in Figure 1, in
2001 the Code Red worm had infected 658 servers. Within 19 hours, the worm had infected over 300,000
servers as shown in Figure 2.
 Man -In-The-Middle (MitM) – MitM allows the attacker to take control over a device without the user’s
knowledge. With that level of access, the attacker can intercept and capture user information before
relaying it to its intended destination. MitM attacks are widely used to steal financial information. Many
malware and techniques exist to provide attackers with MitM capabilities.
 Man -In-The-Mobile (MitMo) – A variation of man -in-middle, MitMo is a type of attack us ed to take
control over a mobile device. When infected, the mobile device can be instructed to exfiltrate user -sensitive
information and send it to the attackers. ZeuS, an example of an exploit with MitMo capabilities, allows
attackers quietly to capture 2 -step verification SMS messages sent to users.

Regardless of the type of malware a system has been infected with, these are common malware symptoms:
 There is an increase in CPU usage;
 There is a decrease in computer speed;
 The computer freezes or crashes often;
 There is a decrease in Web browsing speed;
 There are unexplainable problems with network connections;
 Files are modified;
 Files are deleted;
 There is a presence of unknown files, programs, or desktop icons;
 There are unknown processes running;
 Progr ams are turning off or reconfiguring themselves;
 Email is being sent without the user’s knowledge or consent.

2.3. Methods of infiltration

 Social engineering is an access attack that attempts to manipulate individuals into performing actions or
divulging conf idential information. Social engineers often rely on people’s willingness to be helpful but
also prey on people’s weaknesses. For example, an attacker could call an authorized employee with an
urgent problem that requires immediate network access. The atta cker could appeal to the employee’s
vanity, invoke authority using name -dropping techniques, or appeal to the employee’s greed.

These are some types of social engineering attacks:
 Pretexting – This is when an attacker calls an individual and lies to them in an attempt to gain access to
privileged data. An example involves an attacker who pretends to need personal or financial data in
order to confirm the identity of the recipient.
 Tailgating – This is when an attacker quickly follows an authorized person i nto a secure location.
 Something for Something (Quid pro quo) – This is when an attacker requests personal information
from a party in exchange for something, like a free gift.

Cyber security and threats to military information systems / MASTERNAV 201 8 4

 Wi-Fi password cracking is the process of discovering the password used to pro tect a wireless network.
These are some techniques used in password cracking:
 Social engineering – The attacker manipulates a person who knows the password into providing it.
 Brute -force attacks – The attacker tries several possible passwords in an attempt to guess the
password. If the password is a 4 -digit number, for example, the attacker would have to try every one of
the 10000 combinations. Brute -force attacks usually involve a word -list file. This is a text file
containing a list of words taken from a dictionary. A program then tries each word and common
combinations. Because brute -force attacks take time, complex passwords take much longer to guess. A
few password brute -force tools include Ophcrack, L0phtCrack, THC Hydra, RainbowCrack, and
Medusa.
 Netw ork sniffing – By listening and capturing packets sent on the network, an attacker may be able to
discover the password if the password is being sent unencrypted (in plain text). If the password is
encrypted, the attacker may still be able to reveal it by using a password cracking tool.

 Phishing is when a malicious party sends a
fraudulent email disguised as being from a legitimate,
trusted source. The message intent is to trick the recipient
into installing malware on their device, or into sharing
perso nal or financial information. An example of phishing is
an email forged to look like it was sent by a retail store
asking the user to click a link to claim a prize. The link may
go to a fake site asking for personal information, or it may
install a virus. Spear phishing is a highly targeted phishing
attack. While phishing and spear phishing both use emails to
reach the victims, spear phishing emails are customized to a
specific person. The attacker researches the target’s interests
before sending the email. For example, an attacker learns the
target is interested in cars, and has been looking to buy a
specific model of car. The attacker joins the same car
discussion forum where the target is a member, forges a car
sale offering and sends email to the target. The email
contains a link for pictures of the car. When the target clicks
on the link, malware is installed on the target’s computer.

 Vulnerability exploitation. Exploiting
vulnerabilities is another common method of infiltration.
Attackers will scan co mputers to gain information about
them. Below is a common method for exploiting
vulnerabilities:
 Step 1 . Gather information about the target system.
This could be done in many different ways such as a port
scanner or social engineering. The goal is to lear n as much
as possible about the target computer.
 Step 2 .One of the pieces of relevant information
learned in step 1 might be the operating system, its version,
and a list of services running on it.
 Step 3 . When the target’s operating system and version is Fig. 2.1 Using the protocol WHOIS
known, the attacker looks for any known vulnerabilities specific
to that version of OS or other OS services.
 Step 4 . When a vulnerability is found, the attacker looks for a previously written exploit to use. If no
exploits have been written, the attacker may consider writing an exploit.

Adelin Florin POENARU; Rebeca Elena IONESCU / MAST ERNAV 20 18 5
Figure 2.1 portrays an attacker using whois , a public Internet database containing information about
domain names and their registrants. Figure 2.2 portrays an attacker using th e nmap tool, a popular port
scanner. With a port scanner, an attacker can probe ports of a target computer to learn about which services are
running on that computer.

Fig. 2.2 Nmap method exploration

 Advanced Persistent Threats . One way in which infiltration is achieved is through advanced persistent
threats (APTs). They consist of a multi -phase, long term, stealthy and advanced operation against a
specific target. Due to its complexity and skill level required, an APT is usually w ell funded. An APT
targets organizations or nations for business or political reasons. Usually related to network -based
espionage, APT’s purpose is to deploy customized malware on one or multiple of the target’s systems and
remain undetected. With multiple phases of operation and several customized types of malware that affect
different devices and perform specific functions, an individual attacker often lacks the skill -set, resources
or persistence to carry out APTs.

3. Conclusions

This paper covered th e ways that cyber security professionals analyze what has happened after a
cyberattack. It explains security software and hardware vulnerabilities and the different categories of security
vulnerabilities.
The different types of malicious software (known as malware) and the symptoms of malware was also
explained. Some of the malware that was discussed included viruses, worms, Trojan horses, spyware, adware,
and others.
Also this work focused on your personal devices, your personal data. It included tips for protecting your
devices, creating strong passwords and safely using wireless networks. It covered data backups, data storage
and deleting your data permanently.
It is very important to be more aware about how to mantain online security, to know more about the
potential consequences of cyberattacks and how to prevent it.
Blended attacks use multiple techniques to infiltrate and attack a system. Many of the most damaging
computer worms like Nimbda, CodeRed, BugBear, Klez and slammer are better categorized as blended attacks.
When an attack cannot be prevented, it is the job of a cyber security professional is to reduce the impact of that
attack.

4. Thanks

Thank you professor lect. e ng. Constantin Strîmbu, PhD for coordinate our paper and works , and „Henri
Coandă” Air Force Academy ’ library for all the necessary books made available.

5. Bibliography

Cyber security and threats to military information systems / MASTERNAV 201 8 6
* E-mail address: adelin_poenaru@yahoo.ro
** E -mail address : rebeca _94_elena@yahoo.com

[1] Peter Trim, David Upton, (2016). Cyber Security Culture, Counteracting Cyber Threats through
Organizational Learning and Training . Routledge.
[2] P.W. Singer, Allan Friedman, (2014). CYBER SECURITY AND CYBERWAR. WHAT EVERYONE NEE DS
TO KNOW . Oxford University Press.
[3] Steve Winterfeld, Jason Andress, (2013). THE BASICS OF CYBER WARFARE, Understanding the
Fundamentals of Cyber Warfare in Theory and Practice . Elsevier.
[4] https://www.netacad.com [08.03.2019]
[5] Meeuwisse Raef, (2 017). CYBERSECURITY for Beginners . CyberSimplicity.
[6] Stuttard Dafydd, Pinto Marcus, (2011). The Web Application. Hacker’s Handbook . Wiley Publishing.
[7] Chris McNab, (2008). Network Security Assessment: Know Your Network . O’Reilly.
[8] Augenbaum Scott E, (2019). THE SECRET TO CYBERSECURITY. A SIMPLE PLAN TO PROTECT YOUR
FAMILY AND BUSINESS FROM CYBERCRIME . Forefront Books.
[9] Hubbard W. Douglas, Seiersen Richard (2016). HOW TO MEASURE ANYTHING IN CYBERSECURITY
RISK . Wiley.
[10] Mowbray J. Thomas, (Octo ber, 2013). Cybersecurity: Managing Systems, Conducting Testing and
Investigating Intrusion. Source [online]. Available: https://news.asis.io [14.03.2019]
[11] Bellovin M. Steven, (November, 2015). Thinking Security. Stopping Next Year’s Hackers. Source
[online]. Available:
[12] https://rvchqpker.updog.co [15.03.2019].
[13] Schober N. Scott, (March, 2016). HACKED AGAIN. IT CAN HAPPENS TO EVERYONE EVEN A
CYBERSECURITY EXPERT . ScottSchober.com Publishing.
[14]https://coggle.it/diagram/WwwQT -fgI0AL7m5y/t/chapter -2-attacks%2C -concepts -and-
techniques
[15]http://beinghackermz.blogspot.com/2017/06/what -is-attacks -in-computer -and-there.html
[16] https://sampathblog82538928.wordpress.com/category/functional/
[17] https://sampathblog82538928.wordpress.com/tag/basic -guide/
[18] http://andreastrilljarve.blogspot.com/2017/
[19] http://andreastrilljarve.blogspot.com/2017/01/
[20] https://healcomputer.com/types -of-computer -viruses -and-how-to-identify -them/
[21] https://webac ad.neocities.org/txt/020.txt
[22] http://www.kmlbuy.com/2018/04/social -engineering.html?m=0