Black Hat 2012 and Space Cybersecurity

The main floor at Black Hat 2012 (Credits: Rachel C. Samples).

Leading corporations, government agencies, and the underground hacking community are gathered at the Black Hat Europe 2012 from March 14 to 16 in Amsterdam, the Netherlands to discuss the newest vulnerabilities, defense mechanisms, and industry trends in the cyber world. The Black Hat is a unique conference, combining training and seminars that cover the information security landscape at multiple levels. The event attracts some of the world’s leading security departments from the financial sector and government – should the space community start to take notice?

“We see an expansion of scope to security all over,” said Travis Carelock, the Black Hat Technical Director. “There is an explosion of scope in devices and features.  Everything has a chip in it.”

The focus for security can extend from mobile devices to computer networks to GPS. The conference hosts a number of representatives from web browsers like Mozilla, and those that run anti-viruses, but many are not aware of the recent cyber securities plaguing the space sector.

“The space community? I never thought about that,” said Lorenz Inglin, Head Security Management of UBS AG. “People are interested in communicating across all sectors.”

Although cybersecurity has been a global issue for years, only recently has space been prominently affected. Space Safety Magazine will be pursuing this concern with cyber professionals, discussing NASA Inspector General’s recently announced cyber security issues, some of the commonalities that the international financial and space sector face, the botnets malware that recently struck worldwide computer systems including NASA’s, switching to cloud computing, and the difficulties of communicating problems across different industries.

Cyber professionals participate in a Black Hat botnet workshop (Credits: Rachel C. Samples).

On March 14, in a standing room only presentation at Black Hat Europe 2012 in the Netherlands, Dr. Ken Baylor of Gladius Consulting gave a two hour workshop on how to build a botnet. His goal was to teach security professionals to thoroughly understand one of their greatest threats: Botnets. Using the ZeuS botnet, also called Zbot, users are able to create and build their own custom bot. With this knowledge, security professionals can more easily protect their networks.

“A Botnet is a type of malware or malicious software, which could include worms, Trojans, or viruses,” said Baylor. “Botnets basically steal all of your personal information.”

For the workshop attendees used ZeuS version 2, to create their own bot. This version was picked because of its powerful features and the devastation it is currently causing on the internet, being responsible for over 80% of attacks on financial institutions. It has infected millions of home users and infected most corporate networks. It is able to infect Windows 7, Vista, XP and all Microsoft server versions. Participants were able to learn how the malware works, what a bot could do, how to configure it and how bots communicate back to their command & control servers. Attendees comment how beneficial the session was and how important the topic is:

“I need to understand how they work and how to fight them,” said Lorenz Inglin, Head Security Management at UBS AG. “I think they will evolve, morph and become more advanced.”

Malware in Space

Malware is everyone’s problem, and can result in the loss of data, information, and disruption of basic operations and missions.

• In the Feb. 29, 2012, testimony to the subcommittee of Investigation and Oversight in the US House of Representative’s Committee on Science, Space and Technology, it was announced that NASA had 5,408 computer security incidents in 2010 and 2011. Resulting in an estimated cost of $7 million
• On January 13, 2012, JAXA announced that a compromised employee’s computer leaked information on the H-II Transfer Vehicle to the ISS
• In 2008 an astronaut’s personal computer aboard the ISS was found to contain a virus

Culture of Security

The number and reputation of malware could be helping to spread them. In an interview after the workshop, Baylor expresses why companies like NASA or other industries might have a harder time mitigating the risks of downloading Botnets and Advance Persistent Threat (APTs).

“People are expecting their networks to enforce tighter security, thus they don’t think twice when they are asked additional authentication information,” said Baylor. “For NASA a notice that ‘you must upgrade right now or else you will be reported’ might get them to open the file or click the link. It is very difficult for users to distinguish between legitimate network security demands and malware operators phishing their credentials to cause severe damage.”

Baylor explains that many technologies referred to as cutting-edge APTs are in fact old tools, old technology mixed in with social engineering. Botnets are becoming the tools of choice for APTs, as they are rapidly updated and excellent at avoiding detection. They usually rely on tricking users into installing them. Oftentimes, the offenders pretend to be legitimate network security administrators, and users will comply with their requests without question. A common security saying is, that the human element is always a point of vulnerability.

Stay tuned as Space Safety Magazine continues to report from Black Hat 2012.