Chapter 5

Understanding Today’s Threats in the Cyber Vapor—“War Stories” from the Front Lines1

Abstract

When discussing the various aspects of cyber security, the cyber security officer must understand that he or she is also an information warrior and is working in the midst of global information warfare (GIW). It is important to also be aware of the actual, various types of information warfare attacks that are currently being conducted 24/7 around the world against individuals, groups, businesses, and governments.

Keywords

Cyber Command; Global information warfare (GIW); Information warfare (IW) games; Info-warriors; National Security Agency’s (NSA); Programmable logic controllers (PLCs); Secret Service

2Existing and potential threats in the sphere of information security are among the most serious challenges of the twenty-first century. Threats emanate from a wide variety of sources and manifest themselves in disruptive activities that target individuals, businesses, national infrastructure, and governments alike. Their effects carry significant risk for public safety, the security of nations, and the stability of the globally linked international community as a whole.

When discussing the various aspects of cyber security, the cyber security officer must understand that he or she is also an information warrior and is working in the midst of global information warfare (GIW). It is important to also be aware of the actual, various types of information warfare attacks that are currently being conducted 24/7 around the world against individuals, groups, businesses, and governments.
Being aware of such attacks, one can get a better appreciation of the massive challenges ahead for those cyber security professionals, sometimes also called info-warriors throughout this chapter, trying, often in vain, to protect the information and information systems being used today.
It is also important to know of the latest technologies being developed and by whom, as well as understanding the politics of the time, because as tensions rise among people, businesses, groups, and nations, they are more apt to become aggressively involved in GIW.
As you read through these actual attacks and their related commentaries3, think of how to defend against them and also how to use them, piggy-back off of them, when conducting maybe “aggressive defensive” operations against adversaries. Knowing the who, how, where, when, why, and what will help defend against GIW attacks as well as providing a basis that can be used for enhancing your corporation’s or government agency’s defenses.
As you read through them, consider that one or more of these attacks are happening 24/7 and your corporation or government agency is now under attack, has been, or will be. Details are not provided, as the point is to get an understanding of these attacks, similar to old warfare bombardment of our defenses, if you were in a physical war zone. Details of each of these attacks or other information provided can be found at referenced Web sites. As you know, all information online is subject to being perishable. Even so, you can search the topic and find information you need on each threat to help you build your defenses.

Reported Digital Battlefield Attacks and Related Stories

Let us start off with one of the most sophisticated attacks, allegedly made in July 2010 against Iran’s nuclear program using a program called “Stuxnet.”
Stuxnet is a computer worm that was discovered in June 2010. It was designed to attack industrial programmable logic controllers (PLCs). PLCs allow the automation of electromechanical processes such as those used to control machinery on factory assembly lines, amusement rides, or centrifuges for separating nuclear material.4
Allegedly, this program was the work of the United States and Israel, although this is just speculation. The worm entered the Iranian network and destabilized over 1000 of their centrifuges.
Now, one can only speculate how it entered a “closed” network. Some allege it was inserted via a CD/DVD or a flash drive by an insider. Others speculate a disk or flash drive was left in a place where someone working in the Iranian facility found it and entered it into the closed Iranian nuclear network just to see what was on the medium and thus unleashed the worm.
The “Regin” malware—allegedly the most powerful to date, even more powerful than Stuxnet, targets mostly Russian and Saudi telecommunication companies. It has been out there since 2008 and even when detected, you cannot tell what it is doing. It is supposedly in 10 countries, including India and Iran, with half of its attacks in Russia. Some say it is so good it is believed it could be developed only by a nation-state—a Western nation-state. Interestingly, attacks are now being reported in the United States.
• Varney & Company, business news program, Fox Business TV Channel, November 24, 2014
Now, let us talk about a simple attack:
A journalist tells the story5 of his devices allegedly being hacked and his photos, e-mails—basically his entire cyber life—were deleted. He was able to contact the hackers, who were teenagers, and they said they just did it for “fun.” He agreed not to press charges, not to identify them, but wanted to know how they did it.
They allegedly told him that they did not hack his passwords, but basically did the following: They began by “social engineering” their way into his accounts taking advantage of loopholes in the system.
• They first called amazon.com as him and gave them a false credit card number.
• They received a temporary password from Amazon.
• Now they owned his Amazon account.
• They got the last four numbers of his actual credit card.
• Apple was using it also as an identity verification method.
• Apple gave “him” (the hackers) a password reset.
• Now they owned his Apple account.
• They then went to Google and then to Twitter.
Note: As you can see, today’s GIW attacks can range from the nontechnical, using social engineering techniques, to the more sophisticated covert malware types of attacks, to a combination of both, and everything in-between.
U.S. military academies’ information warfare (IW) games: Every year the U.S. military academies of the Army, Navy, Coast Guard, and Air Force put together a group of cadet info-warriors to compete in an IW game using a points system to determine the winner. It begins with each academy selecting a team and building a “secure” network and all are then attacked over a three-day period by a “Red Team.” This sophisticated IW game is used to help train the U.S. military info-warriors of the future.6
Do you ever get the feeling you are being watched? If you’ve got a webcam, you might be right … It’s stunningly easy since most companies, in an effort to be helpful, put installation manuals online, manuals that make public the default passwords for their products.
The Taiwanese government is investigating whether Xiaomi, Inc., China’s leading smartphone company … is a cyber security threat … as governments become increasingly wary of potential cyber security threats from the world’s second-biggest economy. … The smartphone maker recently came under fire for unauthorized data access.
A Syrian Twitter user appeared to break the news of U.S.-led air strikes in Syria overnight before the Pentagon announced it had launched them.
Home Depot said Thursday a recent cyber attack on its computer network affected a colossal 56 million customer payment cards … is believed to be the biggest ever hack of a retail firm’s computer systems … used malware to collect customer information.
Hackers would love to weasel their way onto your smartphone or tablet … mobile gadgets are a bit harder to crack … hackers have to be even sneakier and use malicious apps or hidden Wi-Fi attacks or simply walk off with your gadget.
Governments all around the world use malware and spyware to keep tabs on people, from visitors to residents.
The Detekt tool was developed and supported by several human rights groups. Detekt checks for malware that is often used against journalists, activists, and others.
A company Web site, along with 1.2 billion other Web sites, was targeted by Russian hackers utilizing a massive “bot” attack. These bots aggressively attempted access to Web sites with user name and password options.
Voting machines that switch Republican votes to Democrats are being reported in Maryland.
Australian defense officials are preparing for what could be a barrage of possible cyber attacks during the G20 leaders’ summit this Saturday and Sunday in Brisbane. “Targeting of high profile events such as the G20 by state-sponsored or other foreign adversaries, cyber criminals and issue-motivated groups is a real and persistent threat …”
Some of the “FBI’s Cyber’s Most Wanted” show that this problem is global in nature as those wanted come from all parts of the world. (See their photos and descriptions on their Web site—also note that they are from all over the world—http://www.fbi.gov/wanted/cyber.)
Their offenses include such things7 as conspiracy to commit wire fraud, money laundering, passport fraud, and trafficking in counterfeit service marks; wire fraud; money laundering; passport fraud; and trafficking in counterfeit service marks. Reward: The U.S. Department of State’s Transnational Organized Crime Rewards Program is offering a reward of up to $1 million for information leading to the arrest and/or conviction … conspiring to commit computer fraud; accessing a computer without authorization for the purpose of commercial advantage and private financial gain; damaging computers through the transmission of code and commands; aggravated identity theft; economic espionage; and theft of trade secrets.
On May 1, 2014, a grand jury in the Western District of Pennsylvania indicted five members of the People’s Liberation Army (PLA) of the People’s Republic of China (PRC) on 31 criminal counts, including conspiring to commit computer fraud, accessing a computer without authorization for the purpose of commercial advantage and private financial gain, damaging computers through the transmission of code and commands, aggravated identity theft, economic espionage, and theft of trade secrets.
The subjects were allegedly officers of the PRC’s Third Department of the General Staff Department of the PLA, Second Bureau, Third Office, Military Unit Cover Designator 61398, at some point during the investigation. The activities executed by each of the individuals allegedly involved in the conspiracy varied according to his specialties. Each provided his individual expertise to an alleged conspiracy to penetrate the computer networks of six American companies while those companies were engaged in negotiations or joint ventures or were pursuing legal action with, or against, state-owned enterprises in China. They then used their illegal access to allegedly steal proprietary information including, for instance, e-mail exchanges among company employees and trade secrets related to technical specifications for nuclear plant designs. One subject, Sun, who held the rank of captain during the early stages of the investigation, was observed both sending malicious e-mails and controlling victim computers.
One individual is wanted for his alleged involvement in manufacturing spyware, which was used to intercept the private communications of hundreds, if not thousands, of victims. As part of the scheme, the suspect ran a Web site offering customers a way to “catch a cheating lover” by sending spyware masquerading as an electronic greeting card. Victims who opened the greeting card would unwittingly install a program onto their computers. The program collected keystrokes and other incoming and outgoing electronic communications on the victims’ computers. The program would periodically send e-mail messages back to the purchaser of the service containing the acquired communications, including the victims’ passwords, lists of visited Web sites, intercepted e-mail messages, and keystroke logs. The program in question was initially called “e-mail PI” and renamed “Lover Spy” in July/August 2003. The suspect allegedly hosted the Web site, as well as creating the computer program. He ran the operation from his San Diego residence in 2003.
He was charged with the following crimes: manufacturing a surreptitious interception device, sending a surreptitious interception device, advertising a surreptitious interception device, unlawfully intercepting electronic communications, disclosing unlawfully intercepted electronic communications, unauthorized access to protected computer for financial gain, and aiding and abetting.
This suspect was in the United States on a travel visa and then obtained a student visa while he was taking college courses. He has ties to San Diego, California, and his last known location is San Salvador, El Salvador.
One security expert noted that healthcare.gov is a still a huge ripe target … and that unlike the private sector, no law requires the federal government to even inform you if your information has been hacked.
Throughout the flood of hacks and data breaches at retailers, restaurants, health care providers, and online companies this year—Home Depot, Target, Subway, Adobe, and eBay were just a handful …
Defense Advanced Research Project Agency leaders told lawmakers the agency is making progress with an ongoing cyber security project known as Plan X to increase cyber visibility and provide a new foundation for the fast-developing world of cyber warfare moving into the future.
Information warfare is one of the hottest topics in current discussions of battlefield and geopolitical conflict. It has been addressed in writings, conferences, doctrines and plans, and military reorganizations, and it has been proposed as a fundamental element of twenty-first-century conflict. In a way, the IW situation is reminiscent of the concept of logistics as a military discipline, c.1940:
• Elements of the concept had been known and used for millennia.
• The value of integrating those elements into a coherent discipline was just beginning to be recognized.
• The discipline was to become a central element of modern warfare—it is now said that “amateur generals [that is, Saddam Hussein] talk strategy, professional generals talk logistics.”
• From L. Scott Johnson, who works for Tera Research, Inc., a contractor performing analysis on behalf of the Directorate of Intelligence.
General Zhu’s comments were echoed during a spirited question-and-answer session following Hagel’s speech. In the session, PLA Major General Yao Yunzhu questioned America’s repeated claim that it doesn’t take sides in territorial disputes, asking how that can be true when the United States also claims the disputed islands in the East China Sea are covered by a U.S. treaty with Japan.
Virtual Battlespace 3 … Using the system, the Army can build battlefield scenarios and tailor the game to reflect specific requirements. Soldiers, for example, can simulate driving a Stryker, conduct patrols, engage in close combat, and drive down to the firing position to practice gunnery in realistic terrain.
The U.S. Department of Homeland Security is investigating about two dozen cases of suspected cyber security flaws in medical devices and hospital equipment that officials fear could be exploited by hackers …
BlackBerry has announced a deal to acquire German anti-eavesdropping specialist SecuSmart … provides its technology to German Chancellor Angela Merkel, who is at the center of a controversy over an alleged National Security Agency phone tap.
Between traffic-light cameras, blue-light cameras that scan neighborhoods for violent crime, cameras on board city trains and buses—not to mention private security cameras—there are few places you can go in Chicago without being monitored.
The United States plans to “keep up the pressure” on China as it gauges that nation’s response to this week’s indictment of five Chinese military officials for allegedly hacking into American corporate computers … If China doesn’t begin to acknowledge and curb its corporate cyber espionage, the United States plans to start selecting from a range of retaliatory options.
There are at least 19 bogus cell phone towers operating across the United States that could be used to spy upon, and even hijack, passing mobile phones.
More than 1000 U.S. retailers could be infected with malicious software lurking in their cash register computers, allowing hackers to steal customer financial data, the Homeland Security Department …
The director of the CIA, in a rare apology, has acknowledged an internal probe’s findings that CIA employees in the Executive Branch improperly spied on the Legislative Branch by searching Senate computers earlier this year.
In the field of artificial intelligence, there is no more iconic and controversial milestone than the Turing Test, when a computer convinces a sufficient number of interrogators into believing that it is not a machine but rather is a human. Having a computer that can trick a human into thinking that someone, or even something, is a person we trust is a wake-up call to cyber crime.
The mission data packages now being developed by the Air Force’s 53rd Wing are designed to accommodate new information as new threat data become available. The database is loaded with a wide range of information to include commercial airliner information and specifics on Russian and Chinese fighter jets.
The National Security Agency’s (NSA) surveillance machinery is again in the spotlight after a media report claimed that it is secretly providing data to almost two dozen U.S. government agencies via a powerful “Google-like” search engine.
The federal government is spending nearly $1 million to create an online database that will track “misinformation” and hate speech on Twitter … monitor “suspicious memes” and what it considers “false and misleading ideas,” with a major focus on political activity online.
The Secret Service has confirmed what you’ve probably suspected for a long time: Public computers at hotels are ridiculously insecure, and you’re taking a gamble with your personal data each time you use one.
Israeli’s secret service intercepted Secretary of State John Kerry’s phone calls during 2013 Middle East peace negotiations, according to the German publication Spiegel.
China took its investigation of “alleged monopoly actions” by Microsoft to a new level this week, raiding four of the company’s offices and carrying away internal documents and computers.
Samsung Electronics said five of its Galaxy-branded smartphones and tablets that come with its enterprise security software recently received approval from the U.S. Defense Information Systems Agency, allowing them to be listed as an option for officials.
As more devices and appliances with Internet capabilities enter the market, protecting those devices from hackers becomes critical. Unfortunately, many of these noncomputer, nonsmartphone devices—from toilets to refrigerators to alarm systems—were not built with security in mind.
Hot on the heels of the NSA snooping firestorm, a leaked document appears to detail the cyber espionage tricks employed by its U.K. counterpart, GCHQ.
The spy agency has relied more on facial-recognition technology in the past 4 years as a result of new software that can process the flood of digital communications such as e-mails, text messages, and even video conferences …
Concerned over network security following news last year suggesting German leader Angela Merkel had her phone tapped by the NSA, the government said it will transfer all its telecom and Internet-related services to the German firm Deutsche Telekom…
The U.K. Cyber Security Strategy: Protecting and promoting the United Kingdom in a digital world. Our vision is for the United Kingdom in 2015 to derive huge economic and social value from a vibrant, resilient, and secure cyberspace, where our actions, guided by our core values of liberty, fairness, transparency, and the rule of law, enhance prosperity, national security, and a strong society.
Many of America’s military secrets can be stolen by exploiting the networks over which unclassified information is shared by military contractors and subcontractors … Chinese hackers are believed to have stolen the designs for “more than two dozen major weapons systems …”
… The Pentagon was pushing to expand its cyber security forces. The U.S. military’s so-called Cyber Command will grow fivefold over the next few years, from 900 employees at present to about 5000 civilian and military personnel, Orr reported.
U.S. officials are blaming Chinese hackers for another serious data breach. Someone broke into secure government networks that hold personal information for all federal employees. The target appears to be workers applying for high-level security clearances.
On average, the hackers would spend nearly a year perusing a targeted company’s systems looking for sensitive information to steal: product development plans, manufacturing techniques, business plans, and the e-mail messages of senior executives. The point is to help Chinese companies be more competitive.
Hackers may have breached the Office of Personnel Management’s network … intrusion has been traced to China, although it is not clear that the Chinese government is involved.
A Chinese hacking group has been accused of stealing data from Israel’s billion-dollar Iron Dome missile system.
The state-sponsored Comment Crew hacking group, thought to operate out of China, was responsible for attacks from 2011 onward on three Israeli defense technology companies, Elisra Group, Israel Aerospace Industries, and Rafael Advanced Defense Systems, all involved with the Iron Dome project.
Ballistic-missile defenses, joint-strike fighters, Black Hawks, and more—Chinese hackers have their hands on plans for these and more of the Pentagon’s most sophisticated weapons systems, just the latest sign that the culture of hacking in China continues to put America on the defensive …
Security attacks/breaches in the U.S. government from July 2014 to November 2014, include Health and Human Services, Energy Department, Postal Service, White House, State Department—those are just the reported ones; there maybe more that are not reported or, worse yet, do not even know they were attacked.8

Summary

As you can see, attacks and those issues associated with attacks and defense are numerous and vary in their approach. Learn from these attacks, so your government agency or corporation does not become a casualty of this global information warfare.

1 Much of this chapter is quoted with permission from the author and his coauthor’s book, Global Information Warfare, second edition, published by CRC Press.

2 Report (A/65/201) of the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security.

3 All stories are edited, generally direct quotes from the cited Web sites, except where otherwise noted.

4 http://en.wikipedia.org/wiki/Stuxnet; Razvan, Bogdan. “Win32.Worm.Stuxnet.A”. Retrieved March 28, 2014.

5 TV Program called “NOVA,” October 8, 2014.

6 Cyber Wargame,” August 25, 2014, Fox Business Channel TV.

7 Taken from the FBI’s Web site.

8 Cavuto, Fox New TV Program, November 21, 2014.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.12.152.194