Category Archives: Cyberwar

Bitcoin, the deep web, & the big conflicts of the 21st C

Summary:  The e-conflicts have begun with the development of e-currencies, e-markets, and even e-wars. History tells us that people often don’t see the major trends of their time, either lacking perspective or distracted by more cool but less important phenomena. So it is today, as bitcoin gets the most attention while dark e-markets change the world. But governments and corporations see their challengers, and marshal their power to push back.

The deep web

Contents

  1. Dreams of freedom
  2. Bitcoin, the first e-currency
  3. Dark markets
  4. The corporate wars
  5. For More Information

(1)  Dreams or freedom

Fantasies of radical personal autonomy, an independence from governments, have been common in western civilization since Daedalus’ dreams of flight. Modern tech has given them new life, with dreams of independent suburbs in the sky — the L5 orbital habitat — and of seasteading — floating nations of makers and their servants, free of the takers.

Private currencies are another expression for this search for autonomy.  Currencies provide a storehouse of value and medium of exchange.  Gold served as a currency for millennia, providing a relatively good store of value but too cumbersome for a medium of exchange in the modern era, so people seek to create privately issued currencies.

In American history we had government-regulated privately issued currencies from the State-chartered banks which issued dollars during the 1837-1862 free banking era (more info here) and the Federally chartered banks that issued dollars after the National Banking Acts of 1863-66. These had many problems, most notably a tendency to fail from bad luck, mismanagement or theft (by insiders or outsiders) — making their currency worthless. The need for more a stable currency led to the Federal Reserve Act of 1913 that created our current currency.

Now we have a new era as tech makes possible private e-currencies, in theory perhaps beyond control of governments.

There are many types of non-State currencies, aka alternative currencies. Digital currencies are currencies based on the Internet. A virtual currency is an alternative digital currency. A cryptocurrency is a digital currency using cryptography to secure the transactions and create new units.

Bitcoin was the first major crypto-based virtual currency. Satoshi Nakamoto published his design in 2008, and released its open-source software in 2009. It got great attention but little commercial traction for two reasons: a weakness of implementation and a conceptual flaw.

Continue reading

Cybercrime: Now More Profitable Than The Drug Trade

Summary: Today we have a report from the front lines of the cyberwars. It’s an axiom of 4th generation war that crime and war increasingly use the same methods, and even merge at higher intensities (as seen in Mexico’s fight with its drug cartels). Today we hear about companies fight against cybercrime, still growing and already more profitable than drugs.  {2nd of 2 posts today.}

37% of respondents said they were not confident in their company’s ability even to detect a breach. … Only 45% were confident about the security of their Point of Sale devices.

Tripwire Online Survey , March 2015.

Cybercrime

Cybercrime: Now More Profitable Than The Drug Trade

By Irfahn Khimji and David Bisson
From tripwire, 30 March 2015.
Posted here with their generous permission.

 

Tripwire recently hosted a webcast entitled, “PCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan: Real World Cyber Attacks and Protecting Credit Card Data.” For our presentation we discussed the importance of the new Payment Card Industry Data Security Standard 3.0. Together, we also provided some insight into how companies can leverage this new compliance standard to protect themselves against a security breach.

As reported by the 2013 Europol Serious & Organized Threat Assessment, the “Total Global Impact of CyberCrime [has risen to] US $3 Trillion, making it more profitable than the global trade in marijuana, cocaine and heroin combined.”

Continue reading

Identifying the guilty: tying nation states to cyber espionage

Summary:  It’s the cycle of our time. Cyberattack on us. The government points a figure, without evidence and encumbered by their history of lies (and of committing similar deeds).  Today cyber intelligence analyst Emilio Iasiello explains why attribution is so important but difficult to do.  (2nd of 2 posts today.)

“Attempt the end and never stand to doubt;
Nothing’s so hard but search will find it out.”

— Robert Herrick, “Hesperides” (1648).

Lighthouse shining in a storm

Tying Nation States to Cyber Espionage

By Emilio Iasiello, 3 March 2015
From DarkMatters:
providing superior attack intelligence.

Posted with the their gracious permission

Introduction

Cyber espionage is a significant contributor to what then Director of the National Security Agency Keith Alexander termed “the greatest transfer of wealth in history.”

While 2014 marked some of the more sensationalized breaches committed by cyber criminals, espionage actors continued to demonstrate their prowess by targeting a wide variety of sectors in support of information theft. Yet, as more cyber espionage campaigns have come to light, there is a growing body of evidence to suggest that part of this actor set is composed of enterprising independent contractors looking to monetize their efforts, rather than being directed by or working directly for a foreign government.

The case of Su Bin articulates why this new “as-a-service” model could potentially provide an opportunity for miscalculation and error, thereby impacting governments from developing appropriate response actions.

Attribution in Cyberspace is Difficult at Best

Continue reading

The Best Defense Is a Strong Defense. Never Fight a Land War in Cyberspace.

Summary: Why defense experts obsess about the relative advantages of different military hardware (e.g., the A-10 vs the F-35), the US has unleashed the tools of cyberwar on Iran. We can expect more in the future, begun by friends and foes. So let’s learn the rules. Today Marcus Ranum explains the nature of attack and defense in cyberwar, and the advantages of each.  {@nd of 2 posts today.}

Cyber Warriors

Introduction

My 2014 presentation “Never Fight a Land War in Cyberspace” compared key elements of warfare in the real world with warfare in cyberspace, exploring the interchangeability of tactics and strategy in those domains. I expected that “cyberwar” would have similar underlying principles as regular war, but found that “cyberwar” bears no resemblance to warfare at all — tactically or strategically. Of course it fits in the overall grand strategy of conflct and power, but our tendency to reason by analogy breaks down quickly here.

In this series I will lift some of the main themes from that presentation and give them the more detailed explanation they deserve.

I will use two terms as shorthand.

Cyberwar“, which I do not think is a real thing, as shorthand for “conflict in cyberspace” — which I consider real. This series continues my attempt to explain why “cyberwar” is not a useful concept; unfortunately, the term has taken on a life of its own. Caveat Emptor.

Topological warfare” as shorthand for the idea of warfare that is bound to a real-world existence. The real-world-ness of topological warfare is the basis for what we know as military strategy and tactics; it’s an environment in which armies have to eat and cannot move at light speed, etc. The topological nature of warfare deeply penetrates virtually all of our thinking about strategy and tactics.

“The Best Defense is a Strong Offense”

Continue reading

“Countdown To Zero Day” describes the new era of war, preparing you for the next attack.

Summary:  Five years after Stuxnet first appeared we have a detailed analysis of its origin (at least, what’s known to the public) in Kim Zetter’s Countdown To Zero Day.  Here C. Thomas reviews it, explaining Stuxnet’s importance.

Stuxnet is another American triumph (with Israel’s help). We’re now the first to use both of the revolutionary tools of modern war: nukes and cyberweapons. Also, we’ve copied the fascist powers of WWII by not bothering with a declaration of war against Iran. American exceptionalism! How long until the next such cyberattack? Will we be the aggressor, or the victim?  {2nd of 2 posts today.}
Countdown to Zero

“Countdown to Zero Day” is a must-read!

By C. Thomas

This article originally appeared on the Tenable Blog. Reposted here with their generous permission.

Recently there have been several great books that illustrate the importance of information security in today’s world, including Kevin Mitnick’s Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker, Andy Greenberg’s This Machine Kills Secrets: How WikiLeakers, Cypherpunks, and Hacktivists Aim to Free the World’s Information and Brian Krebs’ Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door. Joining the list at the top is Kim Zetter’s Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon. The book tells the story (which you probably thought you already knew) of Stuxnet and the geopolitical maneuverings that brought it into existence.

The book is engaging to read and meticulously researched. Zetter not only examines the intricacies of this nation-state sponsored espionage tool but also delves deeply into the finer workings of uranium enrichment centrifuges and their industrial control systems. Along with these technical details, she adds the personal stories of the people who discovered Stuxnet and devoted countless hours in deciphering not just Stuxnet but also its relatives Duqu, Flame, and Gauss. Despite the highly technical subject matter, Zetter weaves an engaging narrative that succeeds in explaining complex systems in ways that can be easily understood without being condescending.

This book is an absolute must read for anyone even remotely involved in the information security industry because it looks at an adversary that is seldom seen: the nation-state. Unlike cyber criminals, “hacktivists” or bored teenagers whose online activities are somewhat easy to discover and decipher, the online operations and capabilities of nation-states have been shrouded in rumor, myth and superstition. It is amazing that Zetter was able to obtain this much detail about what was most likely a top secret government operation and that is arguably less than 5 years old. Thanks to Zetter and “Countdown to Zero Day,” we now have a baseline from which to forecast potential nation-state capabilities today and into the future.

Continue reading

The horror of cyberspace: we can’t easily identify our attackers.

Summary: In this last of Marcus Ranum’s 2 posts about identifying cyber-attackers, he explains why the usual methods we read in the news are quite fallible — no matter how confidently they’re stated. Our difficulty with this is a common if scary aspect of modern warfare and crime.  {2nd of 2 posts today.}

Attribution Is Hard - Part 2

Attribution is Hard, Part 2

By Marcus Ranum, Senior Strategist at Tenable Network Security

This article originally appeared on the Tenable Blog.
Reposted with their generous permission.

Yesterday’s part 1 described a classic hacking incident and discussed the challenges of establishing attribution. Today I explain what weak attribution is, and I conclude the discussion on the four requirements of establishing attribution.

Yesterday’s cliff hanger probably left you wondering what I mean by “weak attribution.” There are several forms of weak attribution that warrant discussion.

Attribution by tools

The first form of weak attribution is an argument based on tools used, if those tools are available in the wild to security researchers. Just because a tool is available and used by an attacker doesn’t mean that any other frequent user of the tool is your current perpetrator. There are plenty of hacking tools available for repurposing by other attackers. I hate to sound like a cynic, but apparently some people haven’t yet realized that there are security researchers who play both sides of the game-board; if I wanted to go rogue, I could assemble a state-of-the-art set of custom “state-sponsored” quality malware in about a week.

Tools are clues, not fingerprints.

Attribution by guessing about cui bono

Continue reading

How do we identify our attackers in cyberspace?

Summary: The news overflows with confident identification of cyberattackers. Today we have an account of hacking from a defender’s perspective, explaining the difficulty of attribution, written by our co-author Marcus Ranum. After reading this, you’ll regard the news about these things more skeptically. {2nd of 2 posts today.}

Attribution Is Hard - Part 1

By Marcus Ranum, Senior Strategist at Tenable Network Security

This article originally appeared on the Tenable Blog.
Reposted with their generous permission.

In 1995 I landed my first independent consulting project: an incident response for an important financial institution in New York City. That experience has informed my attitude about attribution ever since, because it was one of the rare incidents I’ve ever been involved in when we actually learned the identity and location of the attacker with a high degree of certainty.

The attacker was accessing an X.25 connection to the institution, had guessed an account/password pair on one of the Unix hosts, logged in and began looking around. He was first detected by one of the system administrators who noticed something unusual: a service account that normally didn’t log in was logged in, running the telnet command. An incident response team was assembled and we started charting out what was going on, what the attacker was doing, and when the break-in had occurred.

The financial institution was extremely lucky that the system administrator was so observant: the attack was discovered within the first 3 days of the initial break-in. As shown in this animation:

Continue reading