Noah Shachtman reports: The target computer is picked. The order to strike has been given. All it takes is a finger swipe and a few taps of the touchscreen, and the cyberattack is prepped to begin.
For the last year, the Pentagon’s top technologists have been working on a program that will make cyberwarfare relatively easy. It’s called Plan X. And if this demo looks like a videogame or sci-fi movie or a sleek Silicon Valley production, that’s no accident. It was built by the designers behind some of Apple’s most famous computers — with assistance from the illustrators who helped bring Transformers to the silver screen.
Today, destructive cyberattacks — ones that cause servers to fry, radars to go dark, or centrifuges to spin out of control — have been assembled by relatively small teams of hackers. They’re ordered at the highest levels of government. They take months to plan. Their effects can be uncertain, despite all the preparation. (Insiders believe, for example, that the biggest network intrusion in the Pentagon’s history may have been an accidental infection, not a deliberate hack.)
With Plan X, the Defense Advanced Research Projects Agency (DARPA) is looking to change all that. It wants munitions made of 1s and 0s to be as simple to launch as ones made of metal and explosives. It wants cyberattack stratagems to be as predictable as any war plan can be. It wants to move past the artisanal era of hacking, and turn cyberwarfare into an industrial effort. [Continue reading...]
The New York Times reports: The National Security Agency has implanted software in nearly 100,000 computers around the world that allows the United States to conduct surveillance on those machines and can also create a digital highway for launching cyberattacks.
While most of the software is inserted by gaining access to computer networks, the N.S.A. has increasingly made use of a secret technology that enables it to enter and alter data in computers even if they are not connected to the Internet, according to N.S.A. documents, computer experts and American officials.
The technology, which the agency has used since at least 2008, relies on a covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards inserted surreptitiously into the computers. In some cases, they are sent to a briefcase-size relay station that intelligence agencies can set up miles away from the target.
The radio frequency technology has helped solve one of the biggest problems facing American intelligence agencies for years: getting into computers that adversaries, and some American partners, have tried to make impervious to spying or cyberattack. In most cases, the radio frequency hardware must be physically inserted by a spy, a manufacturer or an unwitting user.
The N.S.A. calls its efforts more an act of “active defense” against foreign cyberattacks than a tool to go on the offensive. But when Chinese attackers place similar software on the computer systems of American companies or government agencies, American officials have protested, often at the presidential level. [Continue reading...]
Reuters reports: The White House is nearing a decision on splitting up the eavesdropping National Security Agency and U.S. Cyber Command, which conducts cyber warfare, a proposed reform prompted in part by revelations of NSA’s widespread snooping, individuals briefed on the matter said on Wednesday.
As part of the emerging plan, the NSA likely would get a civilian director for the first time in its 61-year history, the individuals said.
Both agencies are now headed by the same person, Army General Keith Alexander, who is retiring in March as NSA’s longest-serving director.
While Alexander is highly regarded in the intelligence community, critics have questioned the current arrangement. They say it concentrates too much power in one individual and that the two agencies have different missions. [Continue reading...]
Cyberdefense consultant, Ralph Langner, following a three-year investigation on Stuxnet, suggests that what was originally conceived as a stealth weapon designed to cause chronic instability in Iran’s nuclear enrichment process, may have undergone a strategic reconfiguration. The project took on an objective much wider in scope than its physical target: demonstrating the United State’s preeminent position in engaging in cyberwarfare.
Looking at the two major versions of Stuxnet in context leaves a final clue — a suggestion that during the operation, something big was going on behind the scenes. Operation Olympic Games — the multiyear online espionage and sabotage campaign against the Iranian nuclear program — obviously involved much more than developing and deploying a piece of malware, however sophisticated that malware was. It was a campaign rather than an attack, and it appears that the priorities of that campaign shifted significantly during its execution.
When my colleagues and I first analyzed both attacks in 2010, we first assumed that they were executed simultaneously, maybe with the idea to disable the cascade protection system during the rotor-speed attack. That turned out to be wrong; no coordination between the two attacks can be found in the code. Then we assumed that the attack against the centrifuge drive system was the simple and basic predecessor after which the big one was launched, the attack against the cascade protection system. The cascade protection system attack is a display of absolute cyberpower. It appeared logical to assume a development from simple to complex. Several years later, it turned out that the opposite was the case. Why would the attackers go back to basics?
The dramatic differences between both versions point to changing priorities that most likely were accompanied by a change in stakeholders. Technical analysis shows that the risk of discovery no longer was the attackers’ primary concern when starting to experiment with new ways to mess up operations at Natanz. The shift of attention may have been fueled by a simple insight: Nuclear proliferators come and go, but cyberwarfare is here to stay. Operation Olympic Games started as an experiment with an unpredictable outcome. Along the road, one result became clear: Digital weapons work. And different from their analog counterparts, they don’t put military forces in harm’s way, they produce less collateral damage, they can be deployed stealthily, and they are dirt cheap. The contents of this Pandora’s box have implications much beyond Iran; they have made analog warfare look low-tech, brutal, and so 20th century.
In other words, blowing the cover of this online sabotage campaign came with benefits. Uncovering Stuxnet was the end of the operation, but not necessarily the end of its utility. Unlike traditional Pentagon hardware, one cannot display USB drives at a military parade. The Stuxnet revelation showed the world what cyberweapons could do in the hands of a superpower. It also saved America from embarrassment. If another country — maybe even an adversary — had been first in demonstrating proficiency in the digital domain, it would have been nothing short of another Sputnik moment in U.S. history.
The Register reports: The infamous Stuxnet malware thought to have been developed by the US and Israel to disrupt Iran’s nuclear facilities, also managed to cause chaos at a Russian nuclear plant, according to Eugene Kaspersky.
The Kaspersky Lab founder claimed that a “friend” of his, working at the unnamed power plant, sent him a message that its internal network, which was disconnected from the internet, had been “badly infected by Stuxnet”.
Kaspersky didn’t reveal when exactly this happened, saying only that it was during the “Stuxnet time”.
The revelation came during a Q&A session after a speech at Australia’s National Press Club last week, in which he argued that those spooks responsible for “offensive technologies” don’t realise the unintended consequences of releasing malware into the wild.
“Everything you do is a boomerang,” he added. “It will get back to you.”
The allegation is mentioned just after the 27 minute mark in this video. Kaspersky indicates that Russian nuclear plants are not connected to the internet and appears to suggest they have an air gap between their networks and any outside source of data.
Although Stuxnet is widely understood to have infected various enterprises in the US and elsewhere, this is the first time a major nuclear facility outside Iran has been mentioned.
The Sydney Morning Herald reports: Cyber espionage between nations has reached such damaging levels it risks not only the trust between friendly countries, but the future of the internet itself.
That is the view of Eugene Kaspersky, the ebullient chief executive of Russian security firm Kaspersky Labs, who is in Canberra this week to deliver the message to politicians and business leaders.
Speaking ahead of his speech to the National Press Club on Thursday, Mr Kaspersky told Fairfax Media he was “very surprised” and concerned about the extent of espionage currently undertaken by Western countries. He also warned Australia to invest in educating a new generation of security engineers to future-proof its critical systems.
“Cyber espionage is not new,” he said. “We knew that from years ago, but I did not expect it in such a huge scale and coming from so many different nations.”
Mr Kaspersky said he feared governments would withdraw to their own parallel networks away from the prying eyes of others, and would cease investing in the development of the public internet, products and services.
“If governments and enterprises exit the public internet, there will be a lot less investment. If they emigrate to a separate zone, I’m afraid the internet will have a crisis”. [Continue reading...]
The Hill reports: Senior military officials are leaning toward removing the National Security Agency director’s authority over U.S. Cyber Command, according to a former high-ranking administration official familiar with internal discussions.
Keith Alexander, a four star general who leads both the NSA and Cyber Command, plans to step down in the spring.
No formal decision has been made yet, but the Pentagon has already drawn up a list of possible civilian candidates for the next NSA director, the former official told The Hill. A separate military officer would head up Cyber Command, a team of military hackers that trains for offensive cyberattacks and protects U.S. computer systems.
The administration might also decide to have two military officers lead the two agencies.
Researchers at Recorded Future, a firm that analyzes publicly available data to assess and predict cyberattacks, call the link a “remarkable correlation.”
To put it simply, the more Obama talks about Syria, the more the Syrian hackers strike American media targets. It’s a full-blown propaganda war.
In fact, when Obama discussed military action in retaliation against the alleged chemical attack in Damascus, the SEA ramped up its campaign against American media, hitting the New York Times, Twitter and others.
After the United States and Russia agreed on a diplomatic solution to the crisis, which requires Syria to destroy its chemical arsenal, the SEA backed off and remained relatively quiet. [Continue reading...]
Aviation Week (via Matthew Aid) reports: As it winds down its role in Afghanistan, where strategic rivalry in another era was called “The Great Game,” the U.S. Defense Department has been suiting up for the next big round of conflict: cyberwarfare.
The Pentagon has been racheting up the rhetoric gradually, with former Defense Secretary Leon Panetta warning of a cyber-Pearl Harbor and more and more officials publicly acknowledging cyberwarfare.
This year, the Pentagon has firmed up plans to skim approximately 4,000 operational and intelligence experts from the uniformed services to field the now more than 100 teams that will play both digital offense and defense against enemies seeking to attack the U.S. and its vital computer networks.
Some teams are already being fielded, although officials will not say exactly how many or where they are located. A Pentagon press officer said a number of teams are “prioritized” to be operational by the end of September. More will be added in the next few years.
In all, 13 National Mission Teams will conduct “full-spectrum cyber operations” to defend against threats to the nation and its critical infrastructure; 27 Combat Mission Teams will provide support to the nine combatant commands, “and when authorized,” will offer cyber options and capabilities to consider. Commanders then will determine how best to integrate them into contingency plans as targets are assessed and determinations made on how to best defeat or neutralize, said Air Force Lt. Col. Damien Pickart.
Additionally, 68 Cyber Protection Teams will focus on safeguarding Defense Department information networks, Pickart told Aviation Week in an e-mail. When directed, the Cyber Protection Teams, which officials had not previously discussed in public forums, may also support other U.S. government networks and the nation’s critical infrastructure, he added. [Continue reading...]
NBC News reports: Cybersecurity experts tell NBC News that the [Stuxnet] attack may not have done as much damage to the Iranian nuclear effort — which Tehran insists is geared toward developing nuclear energy, not weapons — as was initially reported in some media accounts.
And it has raised the stakes in the race to create online weaponry.
Iranian Ambassador Hossein Moussavian, in a Feb. 21 appearance at the Center for National Security at Fordham Law School, said the attack prompted Tehran to make development of its own cyberwar capability a priority.
“The U.S., or Israel, or the Europeans, or all of them together, started war against Iran,” he said. “Iran decided to have…to establish a cyberarmy, and today, after four or five years, Iran has one of the most powerful cyberarmies in the world.”
Scott Borg, a U.S.-based cybersecurity expert, said that while Iran may be exaggerating its offensive capabilities, there is no doubt that it has developed a “serious capability” to wage cyberwar.
“It’s exaggerating the present capabilities,” he said, “but it’s working toward the future.”
As an example, Borg and U.S. officials note that when the U.S. leveled new sanctions on Iranian banks last year, U.S. banks suddenly came under attack – apparently from Iran itself or its hired proxies.
The Guardian reports: Barack Obama has ordered his senior national security and intelligence officials to draw up a list of potential overseas targets for US cyber-attacks, a top secret presidential directive obtained by the Guardian reveals.
The 18-page Presidential Policy Directive 20, issued in October last year but never published, states that what it calls Offensive Cyber Effects Operations (OCEO) “can offer unique and unconventional capabilities to advance US national objectives around the world with little or no warning to the adversary or target and with potential effects ranging from subtle to severely damaging”.
It says the government will “identify potential targets of national importance where OCEO can offer a favorable balance of effectiveness and risk as compared with other instruments of national power”.
The directive also contemplates the possible use of cyber actions inside the US, though it specifies that no such domestic operations can be conducted without the prior order of the president, except in cases of emergency.
The aim of the document was “to put in place tools and a framework to enable government to make decisions” on cyber actions, a senior administration official told the Guardian.
The administration published some declassified talking points from the directive in January 2013, but those did not mention the stepping up of America’s offensive capability and the drawing up of a target list.
Obama’s move to establish a potentially aggressive cyber warfare doctrine will heighten fears over the increasing militarization of the internet.
The directive’s publication comes as the president plans to confront his Chinese counterpart Xi Jinping at a summit in California on Friday over alleged Chinese attacks on western targets.
Even before the publication of the directive, Beijing had hit back against US criticism, with a senior official claiming to have “mountains of data” on American cyber-attacks he claimed were every bit as serious as those China was accused of having carried out against the US. [Continue reading...]
Jeffrey T Richelson and Malcom Byrne write: At a time when Chinese malware is targeting America’s computer infrastructure and U.S.-Israeli worms (e.g., Stuxnet) have reportedly attacked Iranian centrifuges, a recently declassified item from the National Security Agency (NSA) offers a little history on how at least one part of the U.S. government foresaw its role in the growing field of “Information Warfare.”
This short item from a classified NSA publication reveals that as far back as 1997 the super-secret agency was tasked with finding ways not just to listen in on our enemies (the NSA’s usual stock-in-trade), but actually to attack hostile computer networks. The document proclaimed that “the future of warfare is warfare in cyberspace,” and it sketched out how tomorrow’s “Information Warriors” would think, act, and fight on the new digital battlefield.
The NSA’s involvement in cybersecurity is an outgrowth of its longtime role in ensuring communications and information security for various components of the government and private sector, in addition to its need to guarantee the security of the computers it has relied on heavily for decades. Its role in computer-network exploitation — of gathering electronic “data at rest” — is a natural extension of its decades-old role of gathering “data in motion” via signals intelligence. [Continue reading...]