Cyber Warfare (7 page)

Read Cyber Warfare Online

Authors: Bobby Akart

BOOK: Cyber Warfare
9.75Mb size Format: txt, pdf, ePub

Unsurprisingly China is believed to have carried out the hack, although it was not publically accused of doing so.

A senior research fellow for military influence at the Royal United Services Institute explained the sheer scale of the attack led to a serious debate in the West about how to deal with China and the growing cyber crisis.

Perhaps it is time to draw a
red line
about what is acceptable. Although many argue the U.S. must be cautious about the extent to which this might constrain its activities. There is a sense that the scale and frequency of attacks apparently emanating from China has reached a level where, even if the purpose is
traditional espionage
, it is no longer acceptable and requires a response in kind.

China has denied any involvement in the OPM hack and was able to make its accusations directed at the U.S. alleging state-sponsored spying. Chinese foreign ministry spokesman Lu Kang said, "maybe it is better to clarify one's matters before rushing to make unfounded accusations against others, so as to make oneself sound more convincing.”

Perhaps Lu was referring to the disclosures made by former NSA contractor Edward Snowden in 2013. The whistle-blower released a trove of classified documents detailing mass surveillance programs run by the US and UK governments.

The Snowden disclosure changed how the U.S. was perceived around the world and made it hard for the politicians in Washington to act with moral superiority. Much of the American moral high ground was lost through Snowden when the material demonstrated the extent to which the NSA was collecting enormous amounts of data.

As of this writing, President Obama and Chinese President Xi Jinping are meeting to amid growing tensions over Chinese cyber attacks. The President is attemptting to establish a red line—the nation’s infrastructure.

Has the President shown his hand as to the biggest threat this country faces?

RUSSIA

Russia is well known for its military mentality. Remember the cold war? It has taken nearly a decade for the world to realize the true threat of cyber war. Today, the world is dependent on computers and networks much more than we were eight years ago when we experienced the NATO-Serbia cyber war. Russia opened the eyes of the world to the looming threat of cyber warfare after the Estonia incident. Now Russia’s state-sponsored cyber forces opened up a new front in a cyber war.

Reports indicate Russian
Cyber Forces
unleashed a large-scale cyber attack on Radio Free Europe. Also, there is some evidence of the use of BotNets in politically motivated distributed denial-of-service (DDoS) attacks. This raises questions about Russia’s real cyber warfare ambitions Russia’s cyber warfare doctrine is designed to be a force multiplier along with more traditional military actions including potential weapons of mass destruction attacks. A force multiplier is a military term that describes a weapon or tactic that, when added to and employed along with other combat forces, significantly increases the combat potential of that force.

Like all offensive cyber strategies, it includes the capability to disruption the information infrastructure of their enemies. This doctrine includes plans that would disrupt financial markets, military, and civilian communications capabilities as well as other parts of the enemy’s critical infrastructure prior to the initiation of traditional military operations. They also are designed to weaken the economy of their adversary further decreasing their adversary’s ability to respond to the combined threat. Offensive cyber weapons receive considerable attention in the Russian cyber warfare doctrine. This coupled with advanced research and development puts them on the leader board behind China as a cyber threat.

Cyber attacks and cyber weapons are now recognized as strategic arms and in effect are useful offensive weapons. As the Russians have proven in Georgia, Estonia and Ukraine, cyber attacks can harm or even paralyze a country and, therefore, have equivalent implications as that of physical military strikes. Not all cyber attacks leave behind forensic evidence that can be used to assess the capabilities of the attacker. With all the attacks attributed to Russia, there has to be significant intelligence out there about techniques, cyber weapons, and strategies that have been used in these cyber assaults.

Cyber warfare capabilities have outpaced our legal and political systems. Russian President Vladimir Putin has blasted the U.S. for its militaristic approach to foreign policy, saying its actions were
nourishing an arms race
. Consider this evidence of Russia’s dedication to cyber capabilities. In 1998, Russia’s defense budget was less than $3 billion. Since that time, the Russian defense budget has been soaring, funded by substantial increases in their cyber warfare program, the budget jumped twenty-three percent in 2007 to $32.4 billion.

An interesting point to keep in mind is that Moscow does arms business with over seventy countries, including China, Iran, and Syria. Reports indicate Russian intelligence services have a history of employing hackers from these nations to be used against the United States. For example, in 1985, the KGB hired Markus Hess, an East German hacker, to attack U.S. defense agencies in the infamous case of the Cuckoo’s Egg.

The following is an estimate of Russia’s cyber capabilities.

Russia’s Cyber Army:

Military Budget: $40 Billion USD

Global Rating in Cyber Capabilities: Tied at Number 4

Cyber Warfare Budget: $127 Million USD

Offensive Cyber Capabilities: Significant

Cyber Weapons Arsenal in Order of Threat:

•Large, advanced BotNet for DDoS and espionage

•Electromagnetic pulse weapons (non-nuclear)

•Compromised counterfeit computer software

•Advanced dynamic exploitation capabilities

•Wireless data communications jammers

•Cyber Logic Bombs Computer viruses and worms

•Cyber data collection exploits Computer and networks reconnaissance tools

•Embedded Trojan time bombs (suspected)

Cyber Force size: 7,300 +

The government in Moscow has established close ties with the Russian Business Network, which is thought to own and operate the second largest BotNet in the world. Intelligence suggests there are organized groups of hackers tied to the Russian Federal Security Bureau. The FSB is the internal counterintelligence agency of the Russian Federation and successor to the Soviet KGB. Russia is often overlooked as a significant player in the global software industry although it produces two hundred thousand scientific and technology graduates each year. The number of graduates are as many as India, which has five times the population.

A study by the World Bank states that more than one million people are involved in software research and development. Russia has the potential to become one of the largest internet technology markets in Eurasia. The Russian hacker attack on Estonia in 2007 rang the alarm bell. Nations around the world can no longer ignore the advanced threat that Russia’s cyber warfare capabilities have today and the ones they aspire to have shortly.

From this information, one can only conclude that Russia has advanced capabilities and the intent and technological capabilities necessary to carry out cyber warfare anywhere in the world at any time.

IRAN

Iran has been steadily developing its cyber warfare capabilities for a number of years and now poses a significant threat to government agencies and critical infrastructure companies around the world, according to a report entitled
Operation Cleaver
released by U.S. cyber security firm Cylance. The title alludes to the custom software used in Iranian hacking operations, which frequently uses the word
cleaver
in its coding.

Operation Cleaver
has targeted the military, oil and gas, energy and utilities, transportation, airlines, airports, hospitals and aerospace industries of over fifty entities in sixteen countries. If the operation is left to continue unabated, it is only a matter of time before the Iranians impact the world’s physical safety, Cylance said in its eighty-seven page report.

Iran has officially denied involvement in the hacking campaigns. "This is a baseless and unfounded allegation fabricated to tarnish the Iranian government image, particularly aimed at hampering current nuclear talks," said Hamid Babaei, spokesman for Iran's mission to the United Nations, in an interview with Reuters.

In light of how ambitious Iran's hacking campaigns have become, the report makes a bold claim: Iran is the new China. While Iran's cyber capabilities aren't anywhere near those of Russia, China, or the United States, their program is advancing with the help of the Chinese and Russia.

Iran's hacking campaigns began in earnest in 2011, in retaliation for the cyber attacks that were launched against the country's nuclear program from 2009-2012 by the U.S. and Israel.

The Iranians have learned cyber warfare doesn't require a significant number of troops or a superior set of bombs. In the event of a conflict, Iran will be able to use its cyber technology to shut down critical infrastructure around the world. Following the Russian template, Iran is enhancing its cyber warfare capabilities more for military readiness.

Experts say during Operation Pillar of Defense, Israeli websites faced a larger, more coordinated, and more skilled series of cyber attacks than during similar conflicts. At the same time Hamas, with the assistance of its state sponsor Iran, was trading fire with the Israel Defense Forces, hackers from all over the world launched a string of coordinated attacks on electronic targets in Israel.

According to Gadi Aviran, CEO of the Netanya-based open-source intelligence analysis firm SenseCy/Terrogence, hackers have used the last two Israeli military operations in Gaza as an opportunity to strike at the country. But this time, their efforts revealed a greater level of capability and expertise.

"It was much more profound than previous operations," said Aviran. "The cyber attack was well-organized, had a lot of traction, and it used some more advanced techniques than we saw before. It was a logical step in their cyber-evolution."

This meant a greater frequency of typically unsuccessful or short-lived acts of web vandalism, like the replacement of a web page with a picture of Adolf Hitler or Hezbollah leader Hassan Nasrallah, or attempted data bombs or denial of service attacks. But hackers did manage to overwhelm and slow down an important Israeli internet service provider — a nearly unprecedented accomplishment. In total, almost three thousand Israeli websites were defaced during the attacks, while several databases were leaked online.

The vast majority of attacks didn't originate in Gaza or the West Bank. Many came from hundreds or even thousands of miles from Israel's borders, through surrogates like Morocco and Indonesia.

Iran seems especially determined to prove its cyber capabilities against Israel. With Iran building up its cyber-offensive capabilities during the past decade significantly, Israel now considers Russia, China, and Iran to be the sources of the most aggressive and worrying attacks against its online and electronic infrastructure.

Most Russian-based attacks are criminal in nature — attempts to steal credit card numbers or bank account information. China has a broad-based hacking strategy that involves efforts against ostensibly friendly or at least non-hostile countries, as when Chinese-based hackers attempted to steal information about Israel's Iron Dome missile interceptor system in 2011 and 2012.

Iranian-based hacking is different in nature. Unlike Russia or China, the Iranian government is politically and ideologically opposed not just to Israeli policy, but to the country's very existence. Hacking originating in Iran is aimed at directly undermining Israel in a way that Russian or Chinese hacking typically isn't.

Iran made cyber capabilities a top defense priority after the Stuxnet computer bug, a joint project of Israel and the U.S. that infiltrated and sabotaged Iran's nuclear program. The Iranian government realized that its enemies had brought the fight to a new battlefield and established a dedicated cyber command in 2011 as a result.

There is a precedent for Iran using online Palestinian front groups as a front for anti-Israel activities. In 2013, a group called Qods Freedom, which claimed to be Palestinian, was found responsible for the extensive denial of service attacks on Israeli sites in July and August of that year. But their online vandalism included Arabic mistakes that no native speaker would make, using a tile set that SenseCy determined could only have been produced by a Persian-language keyboard. Qods Freedom also used the same defacement signature as two Iranian groups.

According to the reports, the Hamas-linked Izz al-Din Al Qassam Cyber Fighters were also a product of the military strategy in Tehran.

Iranian hacking is a multi-faceted enterprise. It encompasses hidden proxies like Qods Freedom — but also government-backed, semi-independent groups, like the very proficient Ashiyane Digital Security Team, and internet based subsidiaries of Iranian-supported foreign militant groups, like Cyber Hezbollah.

Iranian-based hackers' capability seems to be catching up to their ambitions. In February of 2014, the Wall Street Journal reported that Iran-based hackers had so deeply infiltrated Navy and Marine Corps unclassified web systems that it would take four months to dislodge them fully.

In 2015, as Iran negotiates a nuclear agreement with the U.S. and its partners, it hasn't scaled back its asymmetrical ambitions — whether on Iraq's sectarian battlefields or on Israeli and American web servers.

NORTH KOREA

Two entities undertake North Korean cyber operations—the Korean People’s Army General Staff Department (GSD) and the Reconnaissance General Bureau (RGB). According to South Korean government analysis, the DPRK employs six thousand
cyber warriors
in North Korea.

In 2009, the RGB was formed as a consolidation of various intelligence and special ops units that previously existed throughout the North Korean government. This included portions of the North Korean military apparatus tasked with political warfare, foreign intelligence, propaganda, subversion, kidnapping, special operations, and assassinations. The RGB answers directly to the National Defense Commission and Kim Jong-un in his role as supreme commander of the Korean People’s Army.

Other books

Hanging Hill by Mo Hayder
A Jane Austen Encounter by Donna Fletcher Crow
Born of the Sun by Joan Wolf
Death in the Andes by Mario Vargas Llosa
Dark Debt by Chloe Neill
Scales of Justice by Ngaio Marsh
Living With No Regrets by Jayton Young