The Cyber Cold War
International Intrigue and cyber exploits for political gains
Welcome to cyber warfare
Definition: use and targetting of computers and networks in manuevers of war.
The three wings of cyber warfare:
Espionage: [optional text: “see U.S. Hacking of Tsinghua University”]
Sabotage: [optional text: “see North Korea’s Sony Pictures Hack “]
Propeganda: [optional text: “see Russian Black Lives Matter propeganda”]
—
And the nearly unlimited resources of states make these more than your run-of-the-mill cyber attacks
—
Differences and Similarities between state and non-state sponsored cyber attacks[2]
Non-State Sponsored Cyber Attacks:
Motivated by wide range of initiatives
Potentially after vandalism/”making a splash”
Often seeking quick pay offs
Often performed from a distance
Seek low hanging fruit
Solo work or loosely affiliated teams
State-Sponsored Cyber Attacks:
[potentially a good way to characterize this section could be an image of a large political statue being toppled, some more substantial aim than vandalism]
Motivated by state-specific initiatives
Potentially after control of infrastructure
Can perform longer-term attacks
Often accompanied with a physical meeting
Aided by more expansive survaillence
Seek targets most critical to larger plans
Large well-organized teams
Can create new zero-day exploits for specific targets
Can afford all types of existing attacks
Are you ready for a state-sponsored cyber attack?
The DNC and DCCC weren’t
Timeline of U.S. Presidential Election Cyber Attacks[11]
[the many-pronged nature of this attack makes me think of a hydra-headed illustration if that’s any inspiration]
March 2016: A spear-phishing email is sent to John Podesta, chairman of Hillary Clinton’s campaign
March 2016: FBI notifies DNC that their infrastructure has been breached
April 2016: DNC identifies malware, affected files, and alleges two Russian hacker networks.
May 2016: Spear-phishing emails reach private accounts of other members of the DNC
June 2016: First batch of emails from DNC server leaked via BitTorrent
June 2016: Potential misinformation circulates on social media, steering focus towards hacker known as Guccifer 2.0 and away from Russians.
June 2016: DNC claims to have secured networks
July 2016: Democratic Congressional Campaign Committee comprimised by same hacking groups
August 2016: Numerous political think tanks and political NGOs start to surface, all targetted by the same spear-phishing campaigns
October 2016: US Intelligence agencies release statements detailing certeinty of attackers’ nationality.
Novermber 2016: Spear phishing campaign continues against high-level targets in US politics
This many-headed attack involved:[11, this citation has one way this could be visualized]
Two Targets:
Hilary Clinton’s Campaign
A dozen other Democratic candidates running for positions in the House of Representatives
Two networks of hackers:
Federal Security Service (Main successor of the K.G.B)
G.R.U. Military Intelligence (Russian state-sponsored group)
Two Leakers:
Guccifer 2.0 (potentially a creaation of G.R.U)
DCLeaks.com
Many Publishers:
Wikileaks (released 50,000+ Podesta emails on their website)
Mainstream media (released elements of emails pertinent to their reporting)
The result:
Compromised Democratic campaigns for the presidency and congressional races in Pennsylvania, New Hampshire, Ohio, Illinois, New Mexico and North Carolina
But it’s not just old Cold War shenanigans.
Today more than 30 nations have designated significant funds for developing or enhancing national offensive and defensive cyber war capabilities.
The major players:
–America
Objectives: 1.) Directly assist in geopolitical conquest 2.) Obtain military and diplomatic information
–Russia
Objectives: 1.) Obtain military and diplomatic information 2.) Obtain trade and business secrets to promote competitivness of enterprise 3.) Directly assist in geopolitical conquest
–China
Objectives: 1.) Obtain trade and busines secrets to enable state-owned enterprises
–Israel
Objectives: 1.) Obtain military and diplomatic information 2.) Promote security ecosystem as a driver of economic growth
–Germany
Objectives: 1.) Obtain military and diplomatic information
–Cyber Security Mercenaries
Objectives: 1.) Whatever’s good for business
Spotlight: Strider[10]
Since 2011 (Potentially a nation-state in disguise)
Tool of Choice: RemSec Trojan
Characteristics:
-Components of Remsec are largely held in executable blobs unattached to the rest of the program
-Functionality is largely deployed over networks, not living in disk space
Techniques:
High technical sophistication, used sparingly to stay under the radar.
Targets:
36 computers across 7 organizations from 2011-2016.
High profile targets in Russia, China, Belgium, and Sweden
—
Did you know?
In 2016
1 in 2329 emails sent to those working in public administration were phishing attempts
and
1,198,971 identities of those working in public administration were stolen in data breaches
—
But in the end innocents always get hurt
Number of online identities* stolen by nation in 2016
United States: 791 million
France: 85 Million
Russia: 83.5 Million
Canada: 72 Million
Taiwan: 30 Million
China: 11 Million
South Korea: 10 Million
Japan: 8 Million
Netherlands: 6.5 Million
Sweden: 6 Million
*An online identity includes access to one online service
Major Battles of Global Cyber War
—
Russia in Germany:
Date: 2015-2017
Method: Spear Fishing, Trojan
Summary: Several month long acquisition of data from the German Bundestag. Spear phishing, or sending official seeming emails to targetted individuals was employed to deliver trojans. Trojans are pieces of malware disguised as non-malicious code.
Damages: Replacement of computer systems comprised in initial attack (20,000+ computers). Potentially ongoing offensive retalliation to destroy servers housing stolen information.
—
Germany in Russia:
Russia in US: [5]
Date: 2016-2017
Method: Propeganda, Social Engineering
Summary: Fake Facebook and Twitter Accounts, as well as marketing of YouTube videos sought to provoke racial tensions during the 2017 presidential election. Hundreds of fake Russian-led social media accounts helped to promote the Black Lives Matter hashtag #DontShootUs. Fake activists went so far as to schedule events and market them online. Contests utilized Pokemon Go, getting users to take screenshots at certain locations. Information from screenshots was later used as content for propeganda.
Damages: Hijacking of an American cause against police brutality to polarize political conversations.
—
Russia on International Space Station: [6]
Date: 2008
Method: Viruses
Summary: Multiple rounds of viruses have been reported on the International Space Station, allegedly brough on board via a USB drive provided by a Russian Cosmonaut. While the IIS is an international project, NASA is routinelly targetted by cyber attacks, with over 1,500 against the space agency reported in 2016.
Damages: Damaged computer systems are particularly dangerous at 220 miles above Earth. Potential loss of scientific data. Unclear whether placement of infected USBs was purposeful.
—
US/Israel in Iran:
Date: 2008-2010
Method: Malware
Summary: In a potentially unprecedented outcome, Stuxnet — a cyber weapon jointly made between Israel and the US — infiltrated the computer system of an Iranian uranium enricment facility. Unlike many forms of malware that just steal information or wreak havoc on information systems, Stuxnet gained control of the plants centrifuges and caused them to rotate at speeds they were unfit for, breaking physical infrastructure in the plant in the proces.
Damages: Desctruction of hundreds of centrifuges used to enrich uranium for weapons and research.
—
US in China:
Date: ?-2013
Method: Physical infiltration or infiltration of internet service providers
Summary: In a series of leaks by Edward Snowden it was revealed that the NSA had for years infiltrated internet service providers related to the Chinese University in Hong Kong and Tsinghua University in Beijing, two of the premier research universities in China. It is unclear what information was comprimised by the NSA, and what was done with it. But by working through ISPs the NSA is thought to have had the ability to massively mine Chinese internet activity as well as attempt to procure research and trade secrets. The same revelations offered explanations of the NSA hacking Chinese cellular providers and gaining massive access to SMS mesages of account holders as well.
Damages: Potential loss of trade secrets and research. Cost of reconfiguring internet infrastructure and information systems at infiltrated institutions.
—
Iran in US: DDoS of financial sector 2012-2013
Date: 2013
Method: Encrypted DDoS Attacks
Summary: Though a group called Izz ad-Din al-Qassam (Freedom Fighters) claimed this attack as retaliation for a video that mocked Muhammad, US officials believe that is only a front for Iran. In this attack numerous clouds — groups of thousands of networked servers — were hijacked using malware called Itsoknoproblembro. These clouds and public internet providers from around the world were then pointed towards large banking sites to make encryption requests. Different from traditional DDoS attacks, encryption requests consume more networking power and thus were harder to mitigate.
Damages: Major disruptions to online banking capabilities of Bank of America, Citigroup, Wells Fargo, U.S. Bancorp, PNC, Capital One, Fifth Third Bank, BB&T and HSBC.
—
North Korea in US: Sony Pictures 2014[9]
Date: 2013-2014
Method: Server Message Block Worm
Summary: This attack that US officials allege was perpetrated by North Korea involved prolonged access to Sony Pictures’ computing systems. Elements of the server message block included a listening implant, backdoor, proxy tool, destructive hard drive tool, and destructive target cleaning tool. After an initial attack that rendered some employee’s computers inoperable the group responsible emailed executives at Sony demanding payment in exchange for not upping the ante. Probably regarded as spam, the attack continued leading to up to 10 terabytes of stolen data as well as a number of destroyed databases.
Damages: Sony Pictures set aside $15 million in the Q1 of 2015 to deal with damages. Though some damages are harder to calculate. An un-released motion picture (the Interview) was leaked, and 47,000 Social Security Numbers along with personal information about employees.
—
Citations:
[1]https://tech.newstatesman.com/guest-opinion/nation-state-cyber-attacks-come-shadows
[2]https://www.csoonline.com/article/2852855/advanced-persistent-threats/10-deadliest-differences-of-state-sponsored-attacks.html
[3]https://www.pbs.org/wgbh/nova/next/military/snowden-transcript/
[4]https://www.armed-services.senate.gov/imo/media/doc/Clapper-Lettre-Rogers_01-05-16.pdf
[5]https://hotforsecurity.bitdefender.com/blog/kremlin-uses-social-media-pokemon-go-to-stir-up-racial-tension-in-us-19076.html
[6]https://www.bloomberg.com/news/articles/2017-04-12/outer-space-hacking-a-top-concern-for-nasa-s-cybersecurity-chief
[7]https://www.forbes.com/sites/kenrapoza/2013/06/22/u-s-hacked-china-universities-mobile-phones-snowden-tells-china-press/#3ef4813f5340
[8]https://www.nytimes.com/2013/01/09/technology/online-banking-attacks-were-work-of-iran-us-officials-say.html
[9]https://www.inss.org.il/wp-content/uploads/sites/2/systemfiles/SystemFiles/No.%20646%20-%20Gabi%20and%20Dudi%20for%20web.pdf
[10]https://www.symantec.com/security-center/threat-report
[11]https://www.nytimes.com/interactive/2016/07/27/us/politics/trail-of-dnc-emails-russia-hacking.html
[12]https://www.dw.com/en/signs-point-to-russia-in-cyberattacks-on-germany/a-19566439
[13]https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/
[14]https://www.wired.com/2008/08/virus-infects-s/
[15]https://mashable.com/2017/05/05/cyber-war-russia-germany/#1asN5NjWpkqh