The Reverse Challenge Results

Home Page [Be-Secure]
Back

*******************************************************************
*                                                                 *
*           The "Nazgul" Attack tool: Cost Analysis               *
*                                                                 *
*******************************************************************

By G. Lamastra, P. Abeni, D. Sestito, E. Caprella
   F. Frosali, F. Coda Zabetta, G. Cangini
Be-Secure, Telecom Italia Labs
May 5th, 2002


This note is aimed at giving an estimate of the costs suffered as
a consequence of the attacks.
We did the following hypothesis, which holds in our specific situation:
- We imagined a standard server compromise; our server is used for providing
  two web applications, which are used by 24 different users.
  On the average (data collected from access logs), 10 users/day use one
  of the two application; the average interaction time is 20 minutes.

- The server has been taken off-line for two days; the cost for the
  downtime is estimated to be: 10 * 20min * 2days = 400 min = 6.6 hours
  of lost time activity; we round up this value to a single man/day
  We estimated that the binary was immediately discovered, and we did not
  performed any deep forensic analysis; the binary was saved, and the
  system reinstalled.
  This is coherent with the policy planned for the server in case of
  incidents; again, we recall that the server does not host any critical
  application.

- Full reinstall of the operating system and web applications takes two
  days of system administator activity

- The complete process of reverse-engineering the binary, broken by
  person/group is detailed in the following scheme:

  Paolo: 10 days \
  Dario:  7 days  - The Reverse Engineering Team: 16 man*days
  Ettore: 5 days /
  
  Federico:  2 days \
  Gianluca:  2 days  - To setup the tests and write the client: 6 man*days
  Francesco: 2 days /
  
  Gerardo: 3 days - Coordination, tests, and documents production

  Overhead: 1 day - Meeting, discussion, coffee time

  Reverse Challenge Total Effort: 32 man*days
                    Duration:     13 days (5/16/02 .. 5/29/02)

- Total cost: 35 man/days (including downtime & reinstalling);
  
  Assuming 70.000$/yr as requested, assuming 200 working days a year
  (Italy standards), we have an estimate of 350$/(man*day).
  Hence, the total is 35*350$ = 12.250$.

Home Page [Be-Secure]
Back