cyberwar

New York Times National Security Correspondent David Sanger sees cyber-espionage as a whole new “field of conflict” on the global stage — and that the U.S. isn’t having an open discussion about it:

"The Obama administration has pressed more leak investigations, conducted more leak investigations, launched formal inquiries, or in some cases, criminal cases, than all previous [administrations] combined. And these investigations all have a chilling effect on later stories that you do even if the later stories are on completely different subjects.

I think there’s a lot more concern inside the U.S. government right now about being found to be talking to reporters, even if you’re talking about something that is unclassified. … It’s understandably difficult to get American officials to talk about their plans for potential cyberattacks of cyberdefenses. I understand that, but it’s also very difficult to get officials to talk about our policy about using these cyberweapons as a tool of American power. And that’s what worries me, because in a healthy democracy, I think the American citizens have to be at least informed of — and maybe participate in the debate about — how we want to use these weapons since we are vulnerable to them ourselves.”

vimeo

Stuxnet: Anatomy of a Computer Virus

Stuxnet has been called the world’s first weapon made entirely out of code. It is responsible for damaging Iran’s uranium enrichment infrastructure and effectively halting the country’s nuclear program.

This infographic explores the ramifications of Stuxnet. It was created by Patrick Clair for HungryBeast, a TV program on Australia’s ABC1.

Run Time - 3:21.

This Week in War. A Friday round-up of what happened and what’s been written in the world of war and military/security affairs this week. It’s a mix of news reports, policy briefs, blog posts and longform journalism.

Photo: Feb 24. A boy walks down a shelled out street in Baba Amro, Homs. The building on the right is where photographer William Daniels stayed with other journalists, including Marie Colvin and Rémi Ochlik. William Daniels - Panos for TIME.

In case you were wondering, here’s how infamous Iran-infrastructure-damaging bug Stuxnet worked. And to answer your question, the U.S. was involved in what was intended as an act of cyberwar … but the virus (which only got its name after it broke out online) was never intended it to break out onto the larger Internet. But Stuxnet, which broke out in 2010, is old news. A newer virus, Flame, is currently causing major online trauma in the Middle East.

US cyberwar virus aimed at Iran, infects Chevron accidentally 

November 9, 2012

America’s cyberwar is already seeing collateral damage, and it’s hitting the country’s own billion-dollar companies. Oil giants Chevron say the Stuxnet computer virus made by the US to target Iran infected their systems as well.

California-based Chevron, a Fortune 500 company that’s among the biggest corporations in the world, admits this week that they discovered the Stuxnet worm on their systems back in 2010. Up until now, Chevron managed to make their finding a well-kept secret, and their disclosure published by the Wall Street Journal on Thursday marks the first time a US company has come clean about being infected by the virus intended for Iran’s nuclear enrichment program. Mark Koelmel of the company’s earth sciences department says that they are likely to not be the last, though.

“We’re finding it in our systems and so are other companies,” says Koelmel. “So now we have to deal with this.”

Koelmel claims that the virus did not have any adverse effects on his company, which generated a quarter of a trillion dollars in revenue during 2011. As soon as Chevron identified the infection, it was taken care of immediately, he says. Other accidental targets might not be so lucky though, and the computer worm’s complex coding means it might be a while before anyone else becomes aware of the damage.

“I don’t think the US government even realized how far it had spread,” Koelmel adds.

Discovered in 2010, the Stuxnet worm was reported with all but certainty to be the creation of the United States, perhaps with the assistance of Israel, to set back Iran’s nuclear enrichment program as a preemptive measure against an eventual war. Only as recently as this June, however, American officials with direct knowledge of the worm went public with Uncle Sam’s involvement.

In a June 2012 article published by The New York Times, government agents with direct knowledge of Stuxnet claimed that first President George W. Bush, then Barack Obama, oversaw the deployment of the worm as part of a well-crafted cyberassault on Iran. Coupled with another malicious program named Flame and perhaps many more, Stuxnet was waged against Iran as part of an initiative given the codename “Olympic Games.” Rather than solely stealing intelligence through use of computer coding, the endeavor was believed to be the first cyberattack that intended to cause actual hard damage.

“Previous cyberattacks had effects limited to other computers,” Michael Hayden, the former chief of the CIA, explained to the Times earlier this year. “This is the first attack of a major nature in which a cyberattack was used to effect physical destruction.”

On the record, the federal government maintains ignorance on the subject of Stuxnet. With American companies perhaps soon coming out of the woodwork to discuss how they were hit, though, the White House may have to finally admit that they’ve had direct involvement.

After the Times published their expose in June, Senator Dianne Feinstein, chairwoman of Intelligence Committee, called for an investigation to track down how the media was first made aware of America’s involvement in Olympic Games.

"I am deeply disturbed by the continuing leaks of classified information to the media, most recently regarding alleged cyber efforts targeting Iran’s nuclear program,” Feinstein said through a statement at the time. “I made it clear that disclosures of this type endanger American lives and undermine America’s national security."

When Feinstein spoke to DC’s The Hill newspaper, she said, “the leak about the attack on Iran’s nuclear program could ‘to some extent’ provide justification for copycat attacks against the United States.” According to the chairwoman, “This is like an avalanche. It is very detrimental and, candidly, I found it very concerning. There’s no question that this kind of thing hurts our country.”

Just last month, a shadowy Iranian-based hacking group called The Qassam Cyber Fighters took credit for launching a cyberattack on the servers of Capital One Financial Corp. and BB&T Corp., two of the biggest names in the American banking industry. Days earlier, Google informed some of its American users that they may be targeted in a state-sponsored cyberattack from abroad, and computer experts insist that these assaults will only intensify over time.

“We absolutely have seen more activity from the Middle East, and in particular Iran has been increasingly active as they build up their cyber capabilities,” CrowdStrike Security President George Kurtz told the Times.

Speaking of the accidental impact Stuxnet could soon have in the US, Chevron’s Koelmel tells the Journal, “I think the downside of what they did is going to be far worse than what they actually accomplished.”

Source

Modern cryptosystems rely on “keys” as the secret way of coding or decoding information on which trust is built. “Symmetric encryption” relies on sharing the same key with other trusted parties. I encrypt data with the same key that you use to decrypt it. It is like us both sharing the same key for a bank lockbox.

But what if we have never met each other? How will we exchange these secret keys securely? “Asymmetric cryptography” solves this problem. The idea is to separate a secret key into a public key, which is shared with everyone, and a private key that remains secret. The two keys are generated such that something that is encrypted with a public key is decrypted with the corresponding private key, and vice versa. This figure illustrates how public cryptology works to protect both the confidentiality and the integrity of a message.

From P.W. Singer and Allan Friedman’s Cybersecurity and Cyberwar: What Everyone Needs to Know.

Image credit: P.W. Singer, Allan Friedman, and Jordan Clayton. Used with permission. 

The Gaza Strip Cyberwar

As military strikes between Israel and Gaza continued with the deaths of 11 Palestinian civilians on Sunday, a complicated internet battlefront has appeared. A virtual info-war is just beginning, and it exists on multiple fronts. There is an unprecedentedly transparent wave of social media propaganda by both sides, a fairly predictable backlash of Israeli website defacement from Anonymous, and an effort to bring open internet access for civilians affected by the strikes from a group called Telecomix.

On Wednesday, the IDF released an infographic-filled video describing the methods the IDF uses (phone calls and precision strikes) to minimize civilian casualties. The IDF is also live-tweeting the strikes on Gaza using their shiny new Twitter account, @IDFSpokesperson. The Twitter feed for Al Qassam, the military branch of Hamas, has responded by tweeting numerous photos of dead children killed by Israeli strikes. These photos are a very effective and graphic response to the monochromatic circles Israel is using in their videos to say they’re not killing anyone who doesn’t deserve it.

Besides this public social media conflict between governments—which is shockingly savvy and direct—the hacker group Anonymous is also taking action through a campaign they’re calling #OpIsrael. According to AnonymousIsrael threatened to cut out electricity and the internet in Gazathough that has not been confirmed by any news source. Anonymous responded to this supposed threat, and to the bombings in Gaza, with one of their trademark public service announcements on YouTube. The resulting offensive from Anonymous led to the temporary shutdowns and defacements of hundreds of Israeli websites, including the Bank of Jerusalem.


I was greeted with this defacement page on a website for the Israeli Tourism Board yesterday.

While most sources are claiming the number of Israeli websites taken down is between 663 and 700, Israel’s Finance Minister has said that the government has “deflected 44 million cyber attacks on government websites” and called this wave of attacks a “second front” in this conflict. Besides website defacements and takedowns, Anonymous leaked a document containing thousands of email addresses and passwords supposedly belonging to IDF operatives and Israeli government officials. Attached to the leaked document, the Anonymous leaker added: “this is/will turn into a cyber war.”

Anonymous has also been distributing a “care package” to the citizens of Gaza. The package, named “OpIsrael.Care.Package.v2.0” contains a press release, first aid instructions in English and Arabic, a technical guide with information on how to circumvent authoritarian internet shut-downs (like the one in Egypt during their Arab Spring), a proxy that can be used to hide the IP address and location of your computer, as well as a small image file of the Anonymous crest.

After running the documents through Google Translate, it’s clear that the information inside of the care package is designed to help civilians get online and spread information in the event of an Internet shutdown. The documents describe how to activate Twitter via text messaging in case the internet is inactive, advises people to use fax machines, make their own WiFi antennas out of spare aluminum, and to print out their email contacts in case they lose access to their virtual address book. It also encourages people to use the Telecomix dial-up network.

Continue

A Real-Time Map of Global Cyberattacks

Cyberattacks are happening constantly across the globe, and now you can see what that looks in real-time with this map by the Honeynet Project that shows so many attacks, it looks and feels like it’s straight out of an apocalyptic war movie.

Each red dot that pops up when you go to the map represents an attack on a computer. Yellow dots represent honeypots, or systems set up to record incoming attacks. The black box on the bottom says where each attack is coming from as they come in. The data comes from the members of Honeynet Project’s network of honeypot sensors that choose to publish the attacks. Not all of members of the project, which has more than 40 chapters around the world, chose to push data, which is why more red dots show up in Europe. 

» via The Atlantic

Recent work by security researchers indicates that one of the problems with having a “smart” home is that some day, it might be smart enough to attack you. The essence of the forthcoming “internet of things” is that everything we own, from our refrigerators and egg cartons to our cars and thermostats, will some day…

The attack used spear phishing and sophisticated social engineering techniques to gain access to the factory’s office networks, from which access to production networks was gained. Spear phishing involves the use of email that appears to come from within an organization. After the system was compromised, individual components or even entire systems started to fail frequently.

Due to these failures, one of the plant’s blast furnaces could not be shut down in a controlled manner, which resulted in “massive damage to plant,” the BSI said, describing the technical skills of the attacker as “very advanced.”

1973
The Defense Advanced Research Projects Agency in the U.S. starts a program to look into technologies that link computer networks.

1982
15-year-old Pennsylvanian Rich Skrenta writes the Elk Cloner program, the first computer virus ever found “in the wild.”

1984
Author of Neuromancer, William Gibson, coins the term “cyberspace.”

February 1998
A series of attacks on U.S. Department of Defense computers is dubbed Solar Sunrise, in which sensitive data was stolen across 500 systems, seemingly from servers around the world. The hack is traced to three teenagers in California.

May 1998
Stephen Glass is busted for fabricating, “Hack Heaven,” his story for The New Republic. The article told the fictitious tale of Ian Retsil, a 15-year-old hacker who used a school computer to bypass the security settings of fictional software company Jukt Micronics.

May 2000
Quaint by today’s standards, ILOVEYOU, or the Love Letter virus, was a computer worm that attacked tens of millions of Windows computers. A user is sent an email with “ILOVEYOU” in the subject line, and once opened, it overwrites image files and sends itself to the first 50 names in the user’s address book.

July 2001
Code Red, and still remembered for how quickly it spread, exploited a flaw in Microsoft operating systems that enabled it to deface and take down some websites. At one point it brought down the White House webpage, and forced other government agencies to take down their websites as well.

2003
Anonymous is born on 4chan’s image board.

2003
The U.S. Department of Homeland Security combines several of its cyberdefense offices into a new department, the National CyberSecurity Division. Its purpose is to protect government computers from hacks.

May 2003
Yet another email worm attacks users, but Fizzer was different—it went after money. Fizzer is the worm that sent out the now-everyday porn and pill email spam. It got so big that Microsoft offered a $250,000 reward for information that would lead to the arrest of its creator.

May 2004
The Sasser worm attacks the British Coast Guard, Agence France-Presse, and Delta Airlines. The virus also affects universities, hospitals, and major corporations—and it all came from a 17-year-old German kid.

December 2006
Internet-based watchdog and activist group WikiLeaks publishes its first document, a secret decision signed by Sheikh Hassan Dahir Aweys, a Somali rebel leader for the Islamic Courts Union. The document calls for the execution of government officials.

April 2007
A large-scale cyber attack, originating in Russia (and perhaps with government encouragement), brings down major Estonian websites and IT networks, including the president’s office, the parliament, police, and the country’s two largest banks.

June 2007
U.S. Secretary of Defence Robert Gates gets his unclassified email account hacked. The attack allegedly coordinated by the People’s Liberation Army in China.

December 2008
The Koobface worm—an anagram of Facebook—is first detected on social media platforms.The worm targets users of Facebook, MySpace, and Twitter among others, and uses compromised computers to build a peer-to-peer botnet.

May 2010
A memo by the Canadian Security Intelligence Service says that the risk of cyber attacks are growing substantially.

January 2010
Dozens of Silicon Valley tech companies—including Google—report that hackers from China attacked their computer networks.

June 2010
The computer worm Stuxnet, thought to have been created by the U.S. and Israel, attacks the operating systems of nuclear facilities in Iran.

October 2010
WikiLeaks posts 391,832 classified U.S. military documents on the war in Iraq. It was the largest leak in history, and revealed instances of the military ignoring detainee abuse and an increase in the civilian casualty count.

December 2010
Anonymous targets PayPal and Mastercard in what it calls Operation Payback, a movement to take revenge on companies that have suspended WikiLeaks accounts.

January 2011
Hackers from China target not only the Canadian government but also the Defence Research and Development Canada, the scientific and technological arm of the Department of National Defence. The hacks leave officials concerned about how much sensitive information was accessed.

April 2011
A hacker steals the names, e-mail addresses, and passwords of more than 70 million users of Sony’s online gaming network. The hack costs an estimated $170 million.

September 2011
Conservative MP Bob Dechert admits that he sent flirtatious emails to Shi Rong, a journalist working in for China’s Xinhua news agency. Xinhua is state-controlled, and many believe that some of its correspondents pass information to Chinese intelligence or even operate as spies.

October 2012
Ottawa considers banning China’s Huawei, a telecommunications equipment and services company, for fear that the Chinese government is using their products to spy on other countries. Huawei denies the claim.

April 2012
Former presidential advisor and counter-terrorism expert Richard A. Clarke publishes Cyber War about the threat of cyber-terrorism. In the book, Clarke warns about an “electronic Pearl Harbor” replete with mass blackouts and subway crashes.

February 2013
A 12-storey building on the outskirts of Shanghai is discovered to be the headquarters of Unit 61398 of the People’s Liberation Army—the unit suspected of being behind cyber attacks around the world.

March 2013
Internet activist and Reddit co-founder Aaron Swartz commits suicide at 26. In 2011, Swartz was arrested for allegedly downloading around four million academic journals with intent to distribute them for free.

April 2013
Matthew Keys, the deputy social media editor for Reuters, is fired after being indicted on federal charges for conspiring with Anonymous. It’s alleged that Keys conspired with Anonymous in order to hack into and change a news story on the Los Angeles Times website.

April 2013
The 2013 Data Breach Investigations Report says that 96 per cent of incidents of government cyber-espionage originate in China. The other 4 percent are from unknown sources.

May 2013
In just 10 hours, hackers in more than two dozen countries steal $45 million from thousands of ATMs around the world. They erased withdrawal limits on prepaid debit cards in tens of thousands of transactions. Eight defendants are charged for attacks in December and February.

May 2013
All four members of LulzSec, a group of hackers that attacked multiple organizations, are sentenced in the UK for their crimes. Hacking mostly for the fun of it, LulzSec went after Sony, the CIA, and Fox.

Cyberattacks diminish rather than accentuate political violence by making it easier for states, groups, and individuals to engage in two kinds of aggression that do not rise to the level of war: sabotage and espionage. Weaponized computer code and computer-based sabotage operations make it possible to carry out highly targeted attacks on an adversary’s technical systems without directly and physically harming human operators and managers.