Design of a strike-back attack against cyber threat actors
Hauser, Stephan (2020-11-20)
Design of a strike-back attack against cyber threat actors
(20.11.2020)
Julkaisu on tekijänoikeussäännösten alainen. Teosta voi lukea ja tulostaa henkilökohtaista käyttöä varten. Käyttö kaupallisiin tarkoituksiin on kielletty.
suljettu
Julkaisun pysyvä osoite on:
https://urn.fi/URN:NBN:fi-fe2020120198973
https://urn.fi/URN:NBN:fi-fe2020120198973
Tiivistelmä
With critical infrastructure becoming more complex and interconnected, and criminals making billions via malware, cyber security is more important than ever. Nation states have also recognized cyber warfare as a very cost effective and efficient way of conducting misinformation campaigns directly against the enemy, leading into a new type of cold war.
Defending against cyber attacks on the other hand is very difficult, given a single mistake often allows an attacker to work around huge investments in security. While many classic defense mechanisms try to prevent the attack from happening, reacting to a successful attacker is often seen as less important, or even ignored.
Strike-back attacks against cyber threat actors are a potential way to defend one’s own infrastructure, or potentially even attributing an attack to a specific group. Since these types of counters are illegal in most countries, they have largely been ignored in the public research.
This thesis takes a deeper look at the security model of Kali Linux, the most common penetration testing distribution. Furthermore a security review of a selection of the penetration testing tools provided by it was conducted. A strike-back attack is then constructed using a honeypot server, with the goal of running an arbitrary payload on the attacker’s system. The payload implemented collects information about the attacker, which can then be used to help attributing the attack or linking multiple attackers together to the same group or person.
While the legal framework in place in most countries does not allow to implement such a system in a real world scenario, lawmakers have proposed changes to allow for such systems to be used legally. This makes it very important for us to understand both the implications and potential of such systems to ensure we can adopt to these changes.
Defending against cyber attacks on the other hand is very difficult, given a single mistake often allows an attacker to work around huge investments in security. While many classic defense mechanisms try to prevent the attack from happening, reacting to a successful attacker is often seen as less important, or even ignored.
Strike-back attacks against cyber threat actors are a potential way to defend one’s own infrastructure, or potentially even attributing an attack to a specific group. Since these types of counters are illegal in most countries, they have largely been ignored in the public research.
This thesis takes a deeper look at the security model of Kali Linux, the most common penetration testing distribution. Furthermore a security review of a selection of the penetration testing tools provided by it was conducted. A strike-back attack is then constructed using a honeypot server, with the goal of running an arbitrary payload on the attacker’s system. The payload implemented collects information about the attacker, which can then be used to help attributing the attack or linking multiple attackers together to the same group or person.
While the legal framework in place in most countries does not allow to implement such a system in a real world scenario, lawmakers have proposed changes to allow for such systems to be used legally. This makes it very important for us to understand both the implications and potential of such systems to ensure we can adopt to these changes.