Category Archives: Cyberwar

Cybercrime: Now More Profitable Than The Drug Trade

Summary: Today we have a report from the front lines of the cyberwars. It’s an axiom of 4th generation war that crime and war increasingly use the same methods, and even merge at higher intensities (as seen in Mexico’s fight with its drug cartels). Today we hear about companies fight against cybercrime, still growing and already more profitable than drugs.  {2nd of 2 posts today.}

37% of respondents said they were not confident in their company’s ability even to detect a breach. … Only 45% were confident about the security of their Point of Sale devices.

Tripwire Online Survey , March 2015.

Cybercrime

Cybercrime: Now More Profitable Than The Drug Trade

By Irfahn Khimji and David Bisson
From tripwire, 30 March 2015.
Posted here with their generous permission.

 

Tripwire recently hosted a webcast entitled, “PCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan: Real World Cyber Attacks and Protecting Credit Card Data.” For our presentation we discussed the importance of the new Payment Card Industry Data Security Standard 3.0. Together, we also provided some insight into how companies can leverage this new compliance standard to protect themselves against a security breach.

As reported by the 2013 Europol Serious & Organized Threat Assessment, the “Total Global Impact of CyberCrime [has risen to] US $3 Trillion, making it more profitable than the global trade in marijuana, cocaine and heroin combined.”

Continue reading

Identifying the guilty: tying nation states to cyber espionage

Summary:  It’s the cycle of our time. Cyberattack on us. The government points a figure, without evidence and encumbered by their history of lies (and of committing similar deeds).  Today cyber intelligence analyst Emilio Iasiello explains why attribution is so important but difficult to do.  (2nd of 2 posts today.)

“Attempt the end and never stand to doubt;
Nothing’s so hard but search will find it out.”

— Robert Herrick, “Hesperides” (1648).

Lighthouse shining in a storm

Tying Nation States to Cyber Espionage

By Emilio Iasiello, 3 March 2015
From DarkMatters:
providing superior attack intelligence.

Posted with the their gracious permission

Introduction

Cyber espionage is a significant contributor to what then Director of the National Security Agency Keith Alexander termed “the greatest transfer of wealth in history.”

While 2014 marked some of the more sensationalized breaches committed by cyber criminals, espionage actors continued to demonstrate their prowess by targeting a wide variety of sectors in support of information theft. Yet, as more cyber espionage campaigns have come to light, there is a growing body of evidence to suggest that part of this actor set is composed of enterprising independent contractors looking to monetize their efforts, rather than being directed by or working directly for a foreign government.

The case of Su Bin articulates why this new “as-a-service” model could potentially provide an opportunity for miscalculation and error, thereby impacting governments from developing appropriate response actions.

Attribution in Cyberspace is Difficult at Best

Continue reading

The Best Defense Is a Strong Defense. Never Fight a Land War in Cyberspace.

Summary: Why defense experts obsess about the relative advantages of different military hardware (e.g., the A-10 vs the F-35), the US has unleashed the tools of cyberwar on Iran. We can expect more in the future, begun by friends and foes. So let’s learn the rules. Today Marcus Ranum explains the nature of attack and defense in cyberwar, and the advantages of each.  {@nd of 2 posts today.}

Cyber Warriors

Introduction

My 2014 presentation “Never Fight a Land War in Cyberspace” compared key elements of warfare in the real world with warfare in cyberspace, exploring the interchangeability of tactics and strategy in those domains. I expected that “cyberwar” would have similar underlying principles as regular war, but found that “cyberwar” bears no resemblance to warfare at all — tactically or strategically. Of course it fits in the overall grand strategy of conflct and power, but our tendency to reason by analogy breaks down quickly here.

In this series I will lift some of the main themes from that presentation and give them the more detailed explanation they deserve.

I will use two terms as shorthand.

Cyberwar“, which I do not think is a real thing, as shorthand for “conflict in cyberspace” — which I consider real. This series continues my attempt to explain why “cyberwar” is not a useful concept; unfortunately, the term has taken on a life of its own. Caveat Emptor.

Topological warfare” as shorthand for the idea of warfare that is bound to a real-world existence. The real-world-ness of topological warfare is the basis for what we know as military strategy and tactics; it’s an environment in which armies have to eat and cannot move at light speed, etc. The topological nature of warfare deeply penetrates virtually all of our thinking about strategy and tactics.

“The Best Defense is a Strong Offense”

Continue reading

“Countdown To Zero Day” describes the new era of war, preparing you for the next attack.

Summary:  Five years after Stuxnet first appeared we have a detailed analysis of its origin (at least, what’s known to the public) in Kim Zetter’s Countdown To Zero Day.  Here C. Thomas reviews it, explaining Stuxnet’s importance.

Stuxnet is another American triumph (with Israel’s help). We’re now the first to use both of the revolutionary tools of modern war: nukes and cyberweapons. Also, we’ve copied the fascist powers of WWII by not bothering with a declaration of war against Iran. American exceptionalism! How long until the next such cyberattack? Will we be the aggressor, or the victim?  {2nd of 2 posts today.}
Countdown to Zero

“Countdown to Zero Day” is a must-read!

By C. Thomas

This article originally appeared on the Tenable Blog. Reposted here with their generous permission.

Recently there have been several great books that illustrate the importance of information security in today’s world, including Kevin Mitnick’s Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker, Andy Greenberg’s This Machine Kills Secrets: How WikiLeakers, Cypherpunks, and Hacktivists Aim to Free the World’s Information and Brian Krebs’ Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door. Joining the list at the top is Kim Zetter’s Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon. The book tells the story (which you probably thought you already knew) of Stuxnet and the geopolitical maneuverings that brought it into existence.

The book is engaging to read and meticulously researched. Zetter not only examines the intricacies of this nation-state sponsored espionage tool but also delves deeply into the finer workings of uranium enrichment centrifuges and their industrial control systems. Along with these technical details, she adds the personal stories of the people who discovered Stuxnet and devoted countless hours in deciphering not just Stuxnet but also its relatives Duqu, Flame, and Gauss. Despite the highly technical subject matter, Zetter weaves an engaging narrative that succeeds in explaining complex systems in ways that can be easily understood without being condescending.

This book is an absolute must read for anyone even remotely involved in the information security industry because it looks at an adversary that is seldom seen: the nation-state. Unlike cyber criminals, “hacktivists” or bored teenagers whose online activities are somewhat easy to discover and decipher, the online operations and capabilities of nation-states have been shrouded in rumor, myth and superstition. It is amazing that Zetter was able to obtain this much detail about what was most likely a top secret government operation and that is arguably less than 5 years old. Thanks to Zetter and “Countdown to Zero Day,” we now have a baseline from which to forecast potential nation-state capabilities today and into the future.

Continue reading

The horror of cyberspace: we can’t easily identify our attackers.

Summary: In this last of Marcus Ranum’s 2 posts about identifying cyber-attackers, he explains why the usual methods we read in the news are quite fallible — no matter how confidently they’re stated. Our difficulty with this is a common if scary aspect of modern warfare and crime.  {2nd of 2 posts today.}

Attribution Is Hard - Part 2

Attribution is Hard, Part 2

By Marcus Ranum, Senior Strategist at Tenable Network Security

This article originally appeared on the Tenable Blog.
Reposted with their generous permission.

Yesterday’s part 1 described a classic hacking incident and discussed the challenges of establishing attribution. Today I explain what weak attribution is, and I conclude the discussion on the four requirements of establishing attribution.

Yesterday’s cliff hanger probably left you wondering what I mean by “weak attribution.” There are several forms of weak attribution that warrant discussion.

Attribution by tools

The first form of weak attribution is an argument based on tools used, if those tools are available in the wild to security researchers. Just because a tool is available and used by an attacker doesn’t mean that any other frequent user of the tool is your current perpetrator. There are plenty of hacking tools available for repurposing by other attackers. I hate to sound like a cynic, but apparently some people haven’t yet realized that there are security researchers who play both sides of the game-board; if I wanted to go rogue, I could assemble a state-of-the-art set of custom “state-sponsored” quality malware in about a week.

Tools are clues, not fingerprints.

Attribution by guessing about cui bono

Continue reading

How do we identify our attackers in cyberspace?

Summary: The news overflows with confident identification of cyberattackers. Today we have an account of hacking from a defender’s perspective, explaining the difficulty of attribution, written by our co-author Marcus Ranum. After reading this, you’ll regard the news about these things more skeptically. {2nd of 2 posts today.}

Attribution Is Hard - Part 1

By Marcus Ranum, Senior Strategist at Tenable Network Security

This article originally appeared on the Tenable Blog.
Reposted with their generous permission.

In 1995 I landed my first independent consulting project: an incident response for an important financial institution in New York City. That experience has informed my attitude about attribution ever since, because it was one of the rare incidents I’ve ever been involved in when we actually learned the identity and location of the attacker with a high degree of certainty.

The attacker was accessing an X.25 connection to the institution, had guessed an account/password pair on one of the Unix hosts, logged in and began looking around. He was first detected by one of the system administrators who noticed something unusual: a service account that normally didn’t log in was logged in, running the telnet command. An incident response team was assembled and we started charting out what was going on, what the attacker was doing, and when the break-in had occurred.

The financial institution was extremely lucky that the system administrator was so observant: the attack was discovered within the first 3 days of the initial break-in. As shown in this animation:

Continue reading

Consequences of Overstating the Cyber Terrorism Threat

Summary:  Chapter 4 of Edwin Covert’s series about cyberterrorism explains the severe penalties enacted since 9/11, their potential for misuse (accidental or deliberate), and how these poorly crafted laws and the public fear that created them both make us less safe. (1st of 2 posts today)

CyberWarrior Obama

.

Consequences of Overstating the Cyber Terrorism Threat

By Edwin Covert

From DarkMatters

16 December 2014

Posted with the author’s gracious permission

.

In the first installment of this series we examined the concepts behind cyberterrorism as a strategy, and the second article looked deeper into how cyberterrorism is being portrayed by the media, government and academia. The third part of the series examined why cyberterrorism is much more complex than most realize, and this last article in the series takes a look at the potential consequences of overstating the cyberterrorism threat.

There are side effects of the mischaracterization of cyberterrorism by the media and popular culture. In the United States, the Uniting (and) Strengthening America (by) Providing Appropriate Tools Required (to) Intercept (and) Obstruct Terrorism Act of 2001, or PATRIOT Act, was passed in the immediate aftermath of the September 11, 2001 attacks. It has two key provisions designed to counter potential cyberterrorist activity and increase the punishment for computer crimes (US Government, 2001). Section 814 of the PATRIOT Act enumerated specifically the goals of deterring and preventing cyberterrorism.

First, it increased the minimum prison terms for unauthorized access to a computer system, regardless of activity once in the system i.e. mixing criminal activity and cyberterrorism under a cyberterrorism section heading (§ 814.a.4).

Second, the law amended “the Federal sentencing guidelines to ensure that any individual convicted of a violation of section 1030 of title 18, United States Code, can be subjected to appropriate penalties, without regard to any mandatory minimum term of imprisonment” (§ 814.f).

In other words, simply being convicted of unauthorized access to a computer system allowed a federal judge (who most likely was not familiar with the nuances of cyber threats and threat + actors) to assume the worst and lock someone up for a very long time. Outside of the United States, others have made similar decisions regarding cyber threats and the law.

In the United Kingdom, Parliament changed its Terrorism Act so that using a computer system or threatening to use a computer system that interferes or disrupts another computer system is now considered terrorism (Conway, Cyberterrorism: Hype and Reality, 2007, p. 91).

Of concern of course is who makes the determination as to what constitutes disruption. Right now, that falls to Scotland Yard. That leaves a sour taste and no small amount of anxiety for human rights workers and other civil libertarians (p. 91).

Since the advent of the Internet, life has changed remarkable for citizens of the United States and the world. Unfortunately, this pace of change brings fear.

Continue reading