(in) Security - Academic Conferences Limited
(in) Security - Academic Conferences Limited
(in) Security - Academic Conferences Limited
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
6.1 The tactic theme<br />
Eric Filiol<br />
Let us suppose that the WorldLeaderInManyTh<strong>in</strong>gs company – a non European <strong>in</strong>dustrial consortium --<br />
wants to take control over its commercial competitor the EuropeanLeaderInOneTh<strong>in</strong>g company. The<br />
latter is struggl<strong>in</strong>g to develop a high-technology product – called StarWay project-- <strong>in</strong> critical field for the<br />
European community which wants to equip Europe with its own system and therefore ga<strong>in</strong> its strategic<br />
<strong>in</strong>dependence. Indeed, Europe is currently depend<strong>in</strong>g on the WorldLeaderInManyTh<strong>in</strong>gs company’s<br />
country for that technology.<br />
EuropeanLeaderInOneTh<strong>in</strong>g’s eng<strong>in</strong>eers, its CEO and CTO are frequently visit<strong>in</strong>g European entities<br />
both <strong>in</strong> Brussels and Luxembourg. Upon failure on develop<strong>in</strong>g this sensitive technology, the company will<br />
face major f<strong>in</strong>ancial problems and is likely to look for <strong>in</strong>dustrial partnerships. They are always lodg<strong>in</strong>g <strong>in</strong><br />
the FourGoldenStar Hotel with which they have a commercial agreement.<br />
The deadl<strong>in</strong>e to deliver the technology is the end of November 2010. Then the <strong>in</strong>dustrial development<br />
must beg<strong>in</strong>.<br />
6.2 The course of events<br />
In March 2010, a major one-week meet<strong>in</strong>g <strong>in</strong> Brussels takes place with the European technical<br />
supervisors of the StarWay Project and the EuropeanLeaderInOneTh<strong>in</strong>g’s eng<strong>in</strong>eer team and<br />
executive staff. A number of critical issues are to be discussed.<br />
At the beg<strong>in</strong>n<strong>in</strong>g of April, the EuropeanLeaderInOneTh<strong>in</strong>g company suffers from a series of computer<br />
problems that jeopardize the project: data loss, development servers’ failure and unavailability... More<br />
worry<strong>in</strong>g, the bus<strong>in</strong>ess press and later the general press <strong>in</strong> Europe spread the news accord<strong>in</strong>g to which<br />
the StarWay Project will have to suffer from major delays and tremendous cost overruns. As a<br />
consequence, the EuropeanLeaderInOneTh<strong>in</strong>g company shares are suddenly down of nearly 30 %<br />
over the April month. The CTO is dismissed. The European commission asks for a f<strong>in</strong>ancial <strong>in</strong>vestigation<br />
and a technical evaluation of the situation. Two months later, an official announcement is made by the<br />
EC: the StarWay Project is moved back at least one year while an addition of 1.5 billion of euros to the<br />
project budget has to be made. The EuropeanLeaderInOneTh<strong>in</strong>g company shares are immediately<br />
plung<strong>in</strong>g after the annoucement (40 % down more). The company CEO is dismissed. A major crisis is<br />
about to strike the company. At the beg<strong>in</strong>n<strong>in</strong>g of september, the WorldLeaderInManyTh<strong>in</strong>gs company<br />
makes a takeover bid over the EuropeanLeaderInOneTh<strong>in</strong>g company. The shareholders massively<br />
accept and the takeover is a success. The European commission delayed the StarWay Project until<br />
further notice.<br />
6.3 Course of events analysis<br />
In reality all those events and the f<strong>in</strong>al outcome result from multi-level, multi-step computer <strong>in</strong>telligence<br />
and computer attacks by the WorldLeaderInManyTh<strong>in</strong>gs company aga<strong>in</strong>st the<br />
EuropeanLeaderInOneTh<strong>in</strong>g company. Its aim was first to get rid of a commercial competitor<br />
(commercial <strong>in</strong>terest) and second to make sure that the StarWay Project is questioned (strategic <strong>in</strong>terest<br />
for its home country). For that purpose, it has hired a few <strong>in</strong>telligence experts and hackers. We will call<br />
them the A-Team.<br />
In a first <strong>in</strong>telligence step, the A-Team has analyzed the habits of the EuropeanLeaderInOneTh<strong>in</strong>g<br />
company eng<strong>in</strong>eers and staff that regularly traveled and stay <strong>in</strong> Brussels and Luxembourg for the<br />
StarWay Project. The A-team quickly noticed that they were regularly us<strong>in</strong>g the wire <strong>in</strong>ternet accesses <strong>in</strong><br />
the Hotel bus<strong>in</strong>ess lounge or <strong>in</strong> the cyber cafe near the bar and restaurant they frequented downtown.<br />
Listen<strong>in</strong>g to their discussions, they determ<strong>in</strong>ed that the EuropeanLeaderInOneTh<strong>in</strong>g company CSO<br />
strongly forbade the use of wireless network. Tak<strong>in</strong>g control over the hotel and Internet cafe computers<br />
the A-team first <strong>in</strong>stalled computer surveillance. Hence it has been possible to ga<strong>in</strong> a precise <strong>in</strong>sight of<br />
the security <strong>in</strong> force <strong>in</strong> the EuropeanLeaderInOneTh<strong>in</strong>g company. The A-team manage to steal<br />
passwords of EuropeanLeaderInOneTh<strong>in</strong>g company email accounts, to collect a lot of sensitive<br />
<strong>in</strong>formation on their USB key (<strong>in</strong>clud<strong>in</strong>g deleted ones).<br />
In a second step the attack aga<strong>in</strong>st the EuropeanLeaderInOneTh<strong>in</strong>g company LAN network has been<br />
<strong>in</strong>itiated. USB keys used by their eng<strong>in</strong>eers and CTO have been <strong>in</strong>fected with malware that could not be<br />
detected by the antivirus <strong>in</strong> place). Infect<strong>in</strong>g Word and PDF documents was sufficient. A few days later,<br />
111