Which government agency would you attack, and how would you go about it? Give specifics
I would attack the National Security Agency (NSA) by recruiting one of the students in the National Centers of Academic Excellence in Information Assurance Education (CAEIAE) program. I would identify a young adult about 20 years old how has interest in Information technology. An ideal candidate would probably be an engineering student from a poor background since they would be easy to convince using financial freedom as an incentive.
The chosen student will be sponsored to concentrate on information technology (IT) courses so as to improve their technical proficiency. Once they have attained high standards in information technology, they would be required to apply for a place in National Centers of Academic Excellence in Information Assurance Education program. Once they join the program, the student will be trained on how to prevent cyber attacks and cyber terrorism in general. They will therefore gain knowledge on the prevention Information Technology protocols and procedures in case of a cyber attack.
On completion of the course at the centre, they will be offered a job at my company, which they will be told that they are working for the NSA as Cyber attack analyst. Their job description will be to develop software that are able to launch cyber attacks in the NSA computer network undetected as way of developing adequate measure to prevent actual attacks . They are supposed to identify any loopholes and show practically how they can be exploited to launch a cyber attack on the NSA without detection. The recruit is ordered to use Botnet codes to see if he can access and retrieve information from the NSA database.
He / She should also see if he could introduce malicious codes into the network to destroy the information stored in the databases. Other Botnet codes may be developed by other employees and the recruit asked to find a way of installing them in the NSA network, Since the recruit is well trained by the NSA and they believe they are working for the benefit of their country they will be motivated to prove their expertise. With every success in tasks assigned, the recruit will be promoted to a higher rank with greater financial benefits as a way of keeping them motivated.
How would you mitigate this cyber attack is you had advance warning of the possibility of such an attack?
In recent years, Botnet codes have become the tool of choose if you want to conduct a cyber crime. There possess two main advantages, they can be designed by people who have very little technical expertise in Information technology networks and they can be designed to disrupt computer networks in many different ways. In second half of 2006 Symantec, a security firm reported six million Bot infected computers.
The first step when I learn of the possibility of an attack is to first carry out thorough investigation on all recruits who have studied at the National Centers of Academic Excellence in Information Assurance Education program. This is to find out their backgrounds so as to ascertain that any information provided in the application forms is accurate. This investigation may also help to determine possible suspects for further investigation. However, at this stage no person should be absolutely exempted from suspicion.
The next step is to check if any unauthorized access to the agency’s network and databases or any access where the right procedures and protocols were followed though the person accessed information beyond their security clearance.
The next step is to check for any previous anomalies in the NSA information technology databases and networks to see if they were in fact attempts to launch cyber attacks. All analysts in the agency should be vetted again before they are tasked to find out possible weaknesses in the network. These are the points most likely to be used to put Botnets into the network. All databases and networks should be analyzed to see if they contain any suspicious files. Any files found should be analyzed to determine their date or entry into the network, if possible their source and the point in the network where they were introduced. This will help in sealing such loopholes thus avoid future cyber attacks.
The next step in to develop software in the shortest time possible to prevent the uploading of any files into the networks without it being checked several times. Sources for all files should be authenticated and any suspicious files undergo further scrutiny. Scans on all databases should be done continuously in order to detect any malicious codes.
The final step is to develop new protocols and procedures for the agency’s information technology network so as to prevent the exploitation of any weakness the previous network procedures and protocols have. The aim should be to compartmentalize information according to its security clearance. This limits the number of people with access to sensitive information.