Beruflich Dokumente
Kultur Dokumente
6-8
-Clarke's book cyber war" written by someone who does not understand the technical details.
-To help the persons in charge of making decisions concerning cyber war to differentiate between the fact from fiction
For comparison
US Annual military spending: $708 Billion US Cyber Command: $105 Million
North Korea military spending: $5 Billion North Korean cyber warfare spending: $56 Million
Iran cyber warfare spending: $76 Million My hypothetical cyber army is a bargain at $49 Million!
Memo
57-79
Exploit developers
Boot collectors Bot maintainers
Operators
Remote personnel Developers
Testers
Technical consultants System admins
Managers
-Could start many small companies (or contract out to existing companies) -Plus this is better operating security , to avoid people from getting worried ,if all the sudden all known security researchers disappeared.
Vulnerability analysts
Level 1: 10
Salary /year Level (qualification ) Total = 2.900.000 $ 250.000 Well know World class expert
Level 2: 10
$ 40.000 College level Computer security major
Exploit developers
Level 1: 10
Salary /year level
(qualification )
Level 2: 40
$ 100.000 Prolific Metasploit contributors: write exploits
Level 3 :20
$ 40.000 College level Specialization in Computer security
$ 250.000 World class experts (devise various ways to beat Against exploitation
Total = $ 7.300.000
Bot collectors
Level 1: 50 Salary /year level
(qualification )
Total = $ 4.150.000
Bot maintainers
Level 1: 200 Salary /year level
(qualification )
Total = $ 12.900.000
Operators
Level 1: 50 Salary /year level
(qualification )
Total = $ 5.400.000
Remote personal
Level 1: 10 Salary /year Spy agency in charge of payment Experienced spy's Level 2: 10 $ 40.000
level
(qualification )
Total = $ 400.000
Developers
Level 1: 10 Salary /year level $ 125.000 Experienced (qualification ) Kernel Developers Level 2: 20 $ 60.000 Bachelor of Science in Computer security Level 3:10 $ 40.000 computer security Major
Total = $ 2.850.000
Testers
Level 1: 10 Salary /year level
(qualification )
Total = $ 800.000
Others
Technical Consultants 20 at $ 100.000 fee System Admins 10 at $50.000 fee Managers 1 manager head for 10 people 1 senior manager for 10 managers
Total $ 2000,000
Total $ 500.000
Equipment
Hardware :
1 person = 2 computer Testing lab with 50 computers and necessary network equipment's have to be setup.
Software :
MSDN subscription, IDA Pro, Hex Rays, Canvas, Core Impact, 010 editor, Bin Navi, etc
Servers :
well just use some owned boxes
ARMY
- Content of 592 people
- 45 million is the annual salary Average annual salary $ 77,534 - Equipment costs = $ 3.000.000
Pie charts!
Cost-annual
after 1 year
- - taking over the control of some system parts in the hard target - The bots in the system keep growing to 5 million hosts
- 0-day exploits available for many browsers ad operating system combination and some other smartphone
Access to the system for the military ,finical and some utilities achieved
0-day exploits available for all browser/ OS combinations, DOS conditions known for BIND, many Cisco IOS configurations Control of mostly air gapped system.
After 2 year
- All hard targets are now Comprehensive risk- System of bots continue growing up to reach 500 million hosts ,include 20% form personal computer and many smartphone air gapped and crucial system is totally controlled
ATTACK
- Revised financial data statements - Military and government networks rustiness
- Utilities affected, blackouts ensue - Ticket booking and air traffic control systems offline - DOS launched against root DNS servers - The Border Gateway Protocol (BGP) routes altered - Phone system jammed with calls from owned smartphones - North Korea wins!