Jarno Limnéll writes: A hundred years ago, World War I moved warfare into the skies. Today no nation regards its security as complete without an air force, and no serious future conflict will lack a cyber aspect, either.
Russia and Ukraine apparently traded cyber attacks during the referendum on Crimea. Media reports indicate NATO and Ukrainian media websites suffered DDoS (denial of service) assaults during the vote, and that servers in Moscow took apparently retaliatory – and bigger – strikes afterward.
Observers tend to miss, though, that these are relatively modest skirmishes in cyber space. They routinely break out among competing states, even without concurrent political or military hostilities. Angling to hobble an opponent’s web resources by clogging networks with junk traffic? Another day at the office.
I see three distinct levels or “rings” to contemporary cyber conflicts. Only the first is clearly apparent in the Ukraine crisis. Full-blown cyber war is not yet occurring. The prospect of escalation, however, is real and worrisome. The West should watch carefully, because developments in Ukraine offer a model for contemporary conflicts worldwide – which will henceforth have integral cyber elements for all but the least developed nations.
By observing Ukraine we can deduce not only the capabilities of cyber weapons, but the goals and policies behind their use. [Continue reading...]
The Washington Post reports: The Pentagon is significantly growing the ranks of its cyberwarfare unit in an effort to deter and defend against foreign attacks on crucial U.S. networks, Defense Secretary Chuck Hagel said Friday.
In his first major speech on cyber policy, Hagel sought to project strength but also to tame perceptions of the United States as an aggressor in computer warfare, stressing that the government “does not seek to militarize cyberspace.”
His remarks, delivered at the retirement ceremony of Gen. Keith Alexander, the outgoing director of the National Security Agency and Cyber Command, come in advance of Hagel’s trip to China next week, his first as defense secretary. The issues of cyberwarfare and cyber-espionage have been persistent sources of tensions between Washington and Beijing.
Hagel said that the fighting force at U.S. Cyber Command will number more than 6,000 people by 2016, making it one of the largest such forces in the world. The force will help expand the president’s options for responding to a crisis with “full-spectrum cyber capabilities,” Hagel said, a reference to cyber operations that can include destroying, damaging or sabotaging an adversary’s computer systems and that can complement other military operations.
But, Hagel said, the military’s first purpose is “to prevent and de-escalate conflict.” The Pentagon will maintain “an approach of restraint to any cyber operations outside of U.S. government networks.”
Although some U.S. adversaries, notably China and Russia, which also have formidable cyber capabilities, may view his remarks with skepticism, Hagel said the Pentagon is making an effort to be “open and transparent” about its cyberforces and doctrine. The hope, senior officials said, is that transparency will lead to greater stability in cyberspace. [Continue reading...]
The New York Times reports: The Chinese government called on the United States on Monday to explain its actions and halt the practice of cyberespionage after news reports said that the National Security Agency had hacked its way into the computer systems of China’s largest telecommunications company.
The reports, based on documents provided by the former security contractor Edward J. Snowden, related how the spy agency penetrated servers owned by the company, Huawei, and monitored communications by its senior executives in an effort to discover whether the executives had links to the Chinese military. The operation also sought to exploit the company’s technology and gain access to the communications of customers who use Huawei cellphones, fiber optic cables and network hubs.
American officials have been working to block Huawei from entering the American telecommunications market because of concerns that its equipment could provide Chinese hackers with a “back door” for stealing American corporate and government secrets.[Continue reading...]
MIT Technology Review: Security experts have been warning for some time that computer networks are not secure from intruders. But in 2013, we learned that the mayhem has become strategic. Governments now write computer viruses. And if they can’t, they can purchase them. A half-dozen boutique R&D houses, like Italy’s Hacking Team, develop computer vulnerabilities and openly market them to government attackers.
Criminals use common computer weaknesses to infect as many machines as possible. But governments assemble large research teams and spend millions patiently pursuing narrow objectives. Costin Raiu, who investigates such “advanced persistent threats” as director of research and analysis for anti-virus company Kaspersky Lab, says he logs on to his computer assuming he is not alone. “I operate under the principle that my computer is owned by at least three governments,” he says.
That is a threat mainstream technology companies are grappling with. The U.S. government circumvented Google’s security measures and secretly collected customer data. British spies scooped up millions of webcam images from Yahoo. In December, on Microsoft’s official blog, the company’s top lawyer, Brad Smith, said he had reason to view surreptitious “government snooping” as no different from criminal malware. Microsoft, along with Google and Yahoo, has responded by greatly widening its use of encryption (see “The Year of Encryption”).
“We’re living in a very interesting time, where companies are becoming unwilling pawns in cyberwarfare,” says Menny Barzilay, a former Israeli intelligence officer now working in IT security for the Bank Hapoalim Group, in Tel Aviv. In this new context, nobody can say where the responsibilities of a company may end and those of a nation might begin. Should a commercial bank be expected to expend resources to defend itself when its attacker is a country? “This is not a ‘maybe’ situation. This is happening right now,” says Barzilay. “And this is just the beginning.” [Continue reading...]
Christian Science Monitor reports: As high-level international talks in Vienna over Iran’s nuclear program edged closer to a deal last fall, something curious happened – massive cyber-attacks that had hammered Wall Street bank websites repeatedly for about a year slowed to a near stop.
While banking industry officials were relieved, others wondered why those Iran-linked “distributed denial of service” attacks that had so regularly flooded bank websites with bogus Internet traffic were shut off like a faucet. One likely reason, say US experts on cyber-conflict: to reduce friction, at least temporarily, at the Vienna nuclear talks.
Yet, even as the “distributed denial of service” attacks abated for apparently diplomatic reasons, overall Iranian cyber-spying on US military and energy corporation networks has surged, these experts say.
Iran was fingered last fall, for instance, for infiltrating the US Navy Marine Corps Intranet. It then took the Navy nearly four months to root out the Iranian hackers infesting its largest unclassified computer network, the Wall Street Journal reported in February.
This litany of Iranian activity is evidence, say experts, that after years as a cyber also-ran, Iran is morphing swiftly into a major threat in the rapidly evolving era of cyber-conflict. [Continue reading...]
Is this Russia’s Stuxnet? Experts analyze Snake, Uroburos, Turla malware samples dating back to 2005
Techworld reports: The mysterious ‘Uroburos’ cyberweapon named last week in Germany has been stalking its victims since as far back as 2005 and large enterprises and governments need to pay urgent attention to the threat it poses, UK security firm BAE Systems has urged.
German firm G Data’s recent analysis dubbed it ‘Uroburos’ while it is also known to some security firms as ‘Turla’. BAE Systems’ Applied Intelligence division, which today published its own research, prefers the catchier ‘Snake’ but under any name the picture is alarming.
According to BAE Systems, It now transpires that Snake has been slithering silently around networks in the US and its NATO allies and former Soviet states for almost a decade, stealing data, getting ever more complex and modular and remaining almost invisible.
To be clear, this isn’t any old malware. Snake is just too long-lived, too targeted, too sophisticated, too evasive, too innovative. It appears to be on par with any of the complex cyberweapons attributed to the US such as Flame, first analysed by Kaspersky Lab in 2012.
After several months of research, the UK firm takes what we know a lot further, offering for the first time some objective data on targets. Culling data from malware research sites (i.e. those to which suspected malware samples are submitted for inspection), it has been spotted 32 times in the Ukraine since 2010, 11 times in Lithuania, 4 times in the UK, and a handful of times altogether from the US, Belgium, Georgia, Romania, Hungary and Italy.
These are very small numbers but BAE Systems believes that on past experience they are highly indicative. While they represent a tiny fraction of the number of infections that will have occurred in these countries and beyond, they can be used to reliably infer that Snake has been aimed at Western and Western-aligned countries pretty much exclusively.
In a week Russia planted boots on the ground in the Crimean region of the Ukraine, this is an unfortunate coincidence because while BAE Systems refused to name the state as the culprit, G Data and others are convinced that the links are suspicious.
Hints of the malware’s provenance have surfaced from time to time. In 2008, the US Department of Defense (DoD) reported that something called, Agent.btz had attacked its systems, an incident later attributed on more than one occasion to the Russian state without further elaboration. [Continue reading...]
The 2008 attack targeted U.S. Central Command. A few days ago, threats coming from the Syrian Electronic Army via Twitter were also directed at #CENTCOM, an indication perhaps that this group, linked to the Assad regime, has its roots in Russia.
Softpedia reports: “SEA advises the terrorist Obama to think very hard before attempting ‘cyberattacks’ on Syria,” the hackers wrote on Twitter. “We know what Obama is planning and we will soon make him understand that we can respond.”
So far, the Syrian hacktivists have mainly targeted media organizations whose reporting they don’t like. Social media accounts have been compromised, and websites have been defaced. However, they claim that their attacks against the US government will not be of “the same kind.”
“The next attack will prove that the entire US command structure was a house of cards from the start. #SEA #CENTCOM,” reads the last tweet they posted.
The #CENTCOM hashtag suggests that the hackers’ next target is the US Central Command (centcom.mil).
The Syrian Electronic Army’s announcement comes shortly after the New York Times published an article about the United States’ intention to develop a battle plan against Syria. The use of cyber weapons is being taken into consideration.
The New York Times reports: The crisis in Ukraine has spread to the Internet, where hackers from both sides are launching large cyberattacks against opposing news organizations.
Security experts say that they are currently witnessing unusually large denial-of-service attacks, also called DDoS attacks, in which hackers flood a website with traffic to knock it offline. The attacks have been directed at both pro-Western and pro-Russian Ukrainian news sites.
In at least one case, hackers successfully defaced the website of the Kremlin-financed news network Russia Today, replacing headlines and articles containing the word “Russia” with the word “nazi.”
Experts say the attacks on pro-Western Ukrainian news sites closely resemble the attacks on Chechnyan news sites, which security experts say are under almost constant siege.
Matthew Prince, the chief executive and a co-founder of Cloudflare, a San Francisco company that helps websites speed up performance and mitigate DDoS attacks, said in an interview Tuesday that while this week’s attacks were similar to the attacks on Chechnyan news sites that use Cloudflare, it was not clear who was responsible for the attacks. [Continue reading...]
The Associated Press reports: Unit 61398 of the People’s Liberation Army has been recruiting computer experts for at least a decade. It has made no secret of details of community life such as badminton matches and kindergarten, but its apparent purpose became clear only when a U.S. Internet security firm accused it of conducting a massive hacking campaign against North American targets.
Hackers with the Chinese unit have been active for years, using online handles such as “UglyGorilla,” Virginia-based firm Mandiant said in a report released Tuesday as the U.S. prepared to crack down on countries responsible for cyber espionage. The Mandiant report plus details collected by The Associated Press depict a highly specialized community of Internet warriors working from a blocky white building in Shanghai:
—RECRUITING THE SPIES: Unit 61398, alleged to be one of several hacking operations run by China’s military, recruits directly from universities. It favors high computer expertise and English language skills. A notice dated 2003 on the Chinese Internet said the unit was seeking master’s degree students from Zhejiang University’s College of Computer Science and Technology. It offered a scholarship, conditional on the student reporting for work at Unit 61398 after graduation.
—CYBERSPY WORKPLACE: Mandiant says it traced scores of cyberattacks on U.S. defense and infrastructure companies to a neighborhood in Shanghai’s Pudong district that includes the 12-story building where Unit 61398 is known to be housed. The building has office space for up to 2,000 people. Mandiant estimates the number of personnel in the unit to be anywhere from hundreds to several thousand. [Continue reading...]
Noah Shachtman reports: The target computer is picked. The order to strike has been given. All it takes is a finger swipe and a few taps of the touchscreen, and the cyberattack is prepped to begin.
For the last year, the Pentagon’s top technologists have been working on a program that will make cyberwarfare relatively easy. It’s called Plan X. And if this demo looks like a videogame or sci-fi movie or a sleek Silicon Valley production, that’s no accident. It was built by the designers behind some of Apple’s most famous computers — with assistance from the illustrators who helped bring Transformers to the silver screen.
Today, destructive cyberattacks — ones that cause servers to fry, radars to go dark, or centrifuges to spin out of control — have been assembled by relatively small teams of hackers. They’re ordered at the highest levels of government. They take months to plan. Their effects can be uncertain, despite all the preparation. (Insiders believe, for example, that the biggest network intrusion in the Pentagon’s history may have been an accidental infection, not a deliberate hack.)
With Plan X, the Defense Advanced Research Projects Agency (DARPA) is looking to change all that. It wants munitions made of 1s and 0s to be as simple to launch as ones made of metal and explosives. It wants cyberattack stratagems to be as predictable as any war plan can be. It wants to move past the artisanal era of hacking, and turn cyberwarfare into an industrial effort. [Continue reading...]
The New York Times reports: The National Security Agency has implanted software in nearly 100,000 computers around the world that allows the United States to conduct surveillance on those machines and can also create a digital highway for launching cyberattacks.
While most of the software is inserted by gaining access to computer networks, the N.S.A. has increasingly made use of a secret technology that enables it to enter and alter data in computers even if they are not connected to the Internet, according to N.S.A. documents, computer experts and American officials.
The technology, which the agency has used since at least 2008, relies on a covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards inserted surreptitiously into the computers. In some cases, they are sent to a briefcase-size relay station that intelligence agencies can set up miles away from the target.
The radio frequency technology has helped solve one of the biggest problems facing American intelligence agencies for years: getting into computers that adversaries, and some American partners, have tried to make impervious to spying or cyberattack. In most cases, the radio frequency hardware must be physically inserted by a spy, a manufacturer or an unwitting user.
The N.S.A. calls its efforts more an act of “active defense” against foreign cyberattacks than a tool to go on the offensive. But when Chinese attackers place similar software on the computer systems of American companies or government agencies, American officials have protested, often at the presidential level. [Continue reading...]
Reuters reports: The White House is nearing a decision on splitting up the eavesdropping National Security Agency and U.S. Cyber Command, which conducts cyber warfare, a proposed reform prompted in part by revelations of NSA’s widespread snooping, individuals briefed on the matter said on Wednesday.
As part of the emerging plan, the NSA likely would get a civilian director for the first time in its 61-year history, the individuals said.
Both agencies are now headed by the same person, Army General Keith Alexander, who is retiring in March as NSA’s longest-serving director.
While Alexander is highly regarded in the intelligence community, critics have questioned the current arrangement. They say it concentrates too much power in one individual and that the two agencies have different missions. [Continue reading...]
Cyberdefense consultant, Ralph Langner, following a three-year investigation on Stuxnet, suggests that what was originally conceived as a stealth weapon designed to cause chronic instability in Iran’s nuclear enrichment process, may have undergone a strategic reconfiguration. The project took on an objective much wider in scope than its physical target: demonstrating the United State’s preeminent position in engaging in cyberwarfare.
Looking at the two major versions of Stuxnet in context leaves a final clue — a suggestion that during the operation, something big was going on behind the scenes. Operation Olympic Games — the multiyear online espionage and sabotage campaign against the Iranian nuclear program — obviously involved much more than developing and deploying a piece of malware, however sophisticated that malware was. It was a campaign rather than an attack, and it appears that the priorities of that campaign shifted significantly during its execution.
When my colleagues and I first analyzed both attacks in 2010, we first assumed that they were executed simultaneously, maybe with the idea to disable the cascade protection system during the rotor-speed attack. That turned out to be wrong; no coordination between the two attacks can be found in the code. Then we assumed that the attack against the centrifuge drive system was the simple and basic predecessor after which the big one was launched, the attack against the cascade protection system. The cascade protection system attack is a display of absolute cyberpower. It appeared logical to assume a development from simple to complex. Several years later, it turned out that the opposite was the case. Why would the attackers go back to basics?
The dramatic differences between both versions point to changing priorities that most likely were accompanied by a change in stakeholders. Technical analysis shows that the risk of discovery no longer was the attackers’ primary concern when starting to experiment with new ways to mess up operations at Natanz. The shift of attention may have been fueled by a simple insight: Nuclear proliferators come and go, but cyberwarfare is here to stay. Operation Olympic Games started as an experiment with an unpredictable outcome. Along the road, one result became clear: Digital weapons work. And different from their analog counterparts, they don’t put military forces in harm’s way, they produce less collateral damage, they can be deployed stealthily, and they are dirt cheap. The contents of this Pandora’s box have implications much beyond Iran; they have made analog warfare look low-tech, brutal, and so 20th century.
In other words, blowing the cover of this online sabotage campaign came with benefits. Uncovering Stuxnet was the end of the operation, but not necessarily the end of its utility. Unlike traditional Pentagon hardware, one cannot display USB drives at a military parade. The Stuxnet revelation showed the world what cyberweapons could do in the hands of a superpower. It also saved America from embarrassment. If another country — maybe even an adversary — had been first in demonstrating proficiency in the digital domain, it would have been nothing short of another Sputnik moment in U.S. history.
The Register reports: The infamous Stuxnet malware thought to have been developed by the US and Israel to disrupt Iran’s nuclear facilities, also managed to cause chaos at a Russian nuclear plant, according to Eugene Kaspersky.
The Kaspersky Lab founder claimed that a “friend” of his, working at the unnamed power plant, sent him a message that its internal network, which was disconnected from the internet, had been “badly infected by Stuxnet”.
Kaspersky didn’t reveal when exactly this happened, saying only that it was during the “Stuxnet time”.
The revelation came during a Q&A session after a speech at Australia’s National Press Club last week, in which he argued that those spooks responsible for “offensive technologies” don’t realise the unintended consequences of releasing malware into the wild.
“Everything you do is a boomerang,” he added. “It will get back to you.”
The allegation is mentioned just after the 27 minute mark in this video. Kaspersky indicates that Russian nuclear plants are not connected to the internet and appears to suggest they have an air gap between their networks and any outside source of data.
Although Stuxnet is widely understood to have infected various enterprises in the US and elsewhere, this is the first time a major nuclear facility outside Iran has been mentioned.
The Sydney Morning Herald reports: Cyber espionage between nations has reached such damaging levels it risks not only the trust between friendly countries, but the future of the internet itself.
That is the view of Eugene Kaspersky, the ebullient chief executive of Russian security firm Kaspersky Labs, who is in Canberra this week to deliver the message to politicians and business leaders.
Speaking ahead of his speech to the National Press Club on Thursday, Mr Kaspersky told Fairfax Media he was “very surprised” and concerned about the extent of espionage currently undertaken by Western countries. He also warned Australia to invest in educating a new generation of security engineers to future-proof its critical systems.
“Cyber espionage is not new,” he said. “We knew that from years ago, but I did not expect it in such a huge scale and coming from so many different nations.”
Mr Kaspersky said he feared governments would withdraw to their own parallel networks away from the prying eyes of others, and would cease investing in the development of the public internet, products and services.
“If governments and enterprises exit the public internet, there will be a lot less investment. If they emigrate to a separate zone, I’m afraid the internet will have a crisis”. [Continue reading...]
The Hill reports: Senior military officials are leaning toward removing the National Security Agency director’s authority over U.S. Cyber Command, according to a former high-ranking administration official familiar with internal discussions.
Keith Alexander, a four star general who leads both the NSA and Cyber Command, plans to step down in the spring.
No formal decision has been made yet, but the Pentagon has already drawn up a list of possible civilian candidates for the next NSA director, the former official told The Hill. A separate military officer would head up Cyber Command, a team of military hackers that trains for offensive cyberattacks and protects U.S. computer systems.
The administration might also decide to have two military officers lead the two agencies.
Researchers at Recorded Future, a firm that analyzes publicly available data to assess and predict cyberattacks, call the link a “remarkable correlation.”
To put it simply, the more Obama talks about Syria, the more the Syrian hackers strike American media targets. It’s a full-blown propaganda war.
In fact, when Obama discussed military action in retaliation against the alleged chemical attack in Damascus, the SEA ramped up its campaign against American media, hitting the New York Times, Twitter and others.
After the United States and Russia agreed on a diplomatic solution to the crisis, which requires Syria to destroy its chemical arsenal, the SEA backed off and remained relatively quiet. [Continue reading...]