We’ve attacked yet another nation. How long until somebody hits back?

Summary: We feel big and bold, waging one-sided cyber attacks on other nations.  Without warning. Shredding US and international law, including UN treaties signed and approved by the Senate. We are creating the precedents for this new form of war. Eventually we will become a target, vulnerable because of our extraordinary reliance on high-tech system. Probably we will whine afterwards about the unfairness of others doing to us as we did to them. (First of two posts today. A second on today’s job report will appear soon.)

Cyber Warriors

First there was Stuxnet, attacking Iran’s legal nuclear program (despite claims, we have not shown that they were enriching uranium in violation of their obligations). Now we learn about America’s secret cyberwar against North Korean’s missile program.

“Three years ago, President Barack Obama ordered Pentagon officials to step up their cyber and electronic strikes against North Korea’s missile program in hopes of sabotaging test launches in their opening seconds.

“Soon a large number of the North’s military rockets began to explode, veer off course, disintegrate in midair and plunge into the sea. Advocates of such efforts say they believe that targeted attacks have given American antimissile defenses a new edge and delayed by several years the day when North Korea will be able to threaten American cities with nuclear weapons launched atop intercontinental ballistic missiles.

“But other experts have grown increasingly skeptical of the new approach, arguing that manufacturing errors, disgruntled insiders and sheer incompetence can also send missiles awry. Over the past eight months, they note, the North has managed to successfully launch three medium-range rockets. And Kim Jong-un, the North Korean leader, now claims his country is in “the final stage in preparations” for the inaugural test of his intercontinental missiles — perhaps a bluff, perhaps not.

“An examination of the Pentagon’s disruption effort, based on interviews with officials of the Obama and Trump administrations as well as a review of extensive but obscure public records, found that the United States still does not have the ability to effectively counter the North Korean nuclear and missile programs …

“The approach taken in targeting the North Korean missiles has distinct echoes of the American- and Israeli-led sabotage of Iran’s nuclear program, the most sophisticated known use of a cyberweapon meant to cripple a nuclear threat. But even that use of the ‘Stuxnet’ worm in Iran quickly ran into limits. It was effective for several years, until the Iranians figured it out and recovered. And Iran posed a relatively easy target: an underground nuclear enrichment plant that could be attacked repeatedly. …

“The North, meanwhile, was developing its own exotic arsenal. It tried repeatedly to disrupt American and South Korean military exercises by jamming electronic signals for guided weapons, including missiles. And it demonstrated its cyberpower in the oddest of places — Hollywood. In 2014, it attacked Sony Pictures Entertainment with a strike that destroyed about 70% of the company’s computing systems, surprising experts with its technical savvy.

“Last month, a report on cybervulnerabilities by the Defense Science Board, commissioned by the Pentagon during the Obama administration, warned that North Korea might acquire the ability to cripple the American power grid, and cautioned that it could never be allowed to ‘hold vital U.S. strike systems at risk.’ …

“A decision to go after an adversary’s launch ability can have unintended consequences, experts warn. Once the United States uses cyberweapons against nuclear launch systems — even in a threatening state like North Korea — Russia and China may feel free to do the same, targeting fields of American missiles. Some strategists argue that all nuclear systems should be off limits for cyberattack. Otherwise, if a nuclear power thought it could secretly disable an adversary’s atomic controls, it might be more tempted to take the risk of launching a pre-emptive attack.

“’I understand the urgent threat,’ said Amy Zegart, a Stanford University intelligence and cybersecurity expert, who said she had no independent knowledge of the American effort. ‘But 30 years from now we may decide it was a very, very dangerous thing to do.’”

People who live in these shouldn’t throw stones.

The Glass House.
The Glass House in CT (1949).


This is another chapter in the century-long tradition of Americans regarding our actions as exceptional, held to different standards than the rest of the world. We overthrow governments — even elected ones, but consider it terrible when others do so. We invade and occupy nations (Iraq and Afghanistan) or intervene in their affairs and help reduce them to failed states (Libya). Now we (and our ally Israel) attack other nations. Assassination of Iranian atomic scientists. The Stuxnet cyberattack on Iran and the cyberattacks on North Korea’s missiles.

After WWII America lead a great alliance to build a new world order in which attacks on other nations were illegitimate unless authorized by the word community of nations. Now we have destroyed what we built, in careless pursuit of short-term goals headless of long-term consequences.

Now we have Team Trump. Their senior national defense leaders are mostly generals and executives of defense contractors. His lower level officials are inexperienced, picked for loyalty and ideology (see the mess at the State Department) — much like the people Bush Jr. chose for the Iraq occupation staff, who failed so completely. This crew has control of the most powerful military machinery in human history — belligerent, narrow-minded, disdainful of regime created by the Greatest Generation, governed by hubris.

We face high odds of serious mistakes by Trump and company during the next five years, perhaps with catastrophic results.  Our representatives in Congress, comfortable in their role as foreign policy critics, are unlikely to either restrain or advise Team Trump. We are along for the ride. I see no way to influence the course of events. We elected Trump and Congress, and must take the consequences.

For More Information

If you liked this post, like us on Facebook and follow us on Twitter. See all posts about Cyber-espionage and Cyber-war, and especially these by cyber-expert Marcus Ranum…

  1. Cyberwar: a Whole New Quagmire.  Part 1: The Pentagon Cyberstrategy.
  2. “Do as I say, not as I do” shall be the whole of the law.
  3. About Stuxnet‏, the next generation of warfare?
  4. You must Be >this< Tall To Play Cyberwar (has DoD grown enough yet?).
  5. Parsing Cyberwar – Part 1: The Battlefield.
  6. Parsing Cyberwar – Part 2: The Logistical Train.
  7. Parsing Cyberwar – Part 3: Synergies and Interference.
  8. Parsing Cyberwar – Part 4: The Best Defense is a Good Defense.
  9. Cyberwar, the Power of Nightmares.
  10. Also, this by Chet Richards: Advice from Sun Tzu and John Boyd on winning at cyberwar.

A books about the first cyberattack.

Kim Zetter’s Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon, describing the new era of war and preparing you for the next attack. See a review here. From the publisher…

Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon
Available at Amazon.

“In January 2010, inspectors with the International Atomic Energy Agency noticed that centrifuges at an Iranian uranium enrichment plant were failing at an unprecedented rate. The cause was a complete mystery — apparently as much to the technicians replacing the centrifuges as to the inspectors observing them.

“Then, five months later, a seemingly unrelated event occurred: A computer security firm in Belarus was called in to troubleshoot some computers in Iran that were crashing and rebooting repeatedly. At first, the firm’s programmers believed the malicious code on the machines was a simple, routine piece of malware. But as they and other experts around the world investigated, they discovered a mysterious virus of unparalleled complexity.

“They had, they soon learned, stumbled upon the world’s first digital weapon. For Stuxnet, as it came to be known, was unlike any other virus or worm built before: Rather than simply hijacking targeted computers or stealing information from them, it escaped the digital realm to wreak actual, physical destruction on a nuclear facility.

“In these pages, Wired journalist Kim Zetter draws on her extensive sources and expertise to tell the story behind Stuxnet’s planning, execution, and discovery, covering its genesis in the corridors of Bush’s White House and its unleashing on systems in Iran — and telling the spectacular, unlikely tale of the security geeks who managed to unravel a sabotage campaign years in the making.

“But Countdown to Zero Day ranges far beyond Stuxnet itself. Here, Zetter shows us how digital warfare developed in the US. She takes us inside today’s flourishing zero-day “grey markets,” in which intelligence agencies and militaries pay huge sums for the malicious code they need to carry out infiltrations and attacks. She reveals just how vulnerable many of our own critical systems are to Stuxnet-like strikes, from nation-state adversaries and anonymous hackers alike — and shows us just what might happen should our infrastructure be targeted by such an attack.

“Propelled by Zetter’s unique knowledge and access, and filled with eye-opening explanations of the technologies involved, Countdown to Zero Day is a comprehensive and prescient portrait of a world at the edge of a new kind of war.”


About Advanced Persistent Threats, a new frontier of cybercrime

Summary: While America marvels at the festival of trivia and miscellany that was Campaign 2016, we had the breakout year for cybercrime. It gets headlines, mostly about delusional stories which the media credulously accept (e.g., the March 2014 OPM hack was “a decisive instrument of warfare.”). Here is another in a series about this new form of crime and conflict, for those who wish to learn about this force shaping the 21st century.

Advanced persistent threats (APT) give an unauthorized user access to a system, often for an extended period of time, without being detected. This gives hackers access to sensitive data.

Shutterstock: cybersecurity

Are APT Reports Still Valuable or Have They Become Marketing Fluff?

By Emilio Iasiello.
From LookingGlass Cyber Solutions, transforming the art of threat intelligence.
19 December 2016. Posted with their gracious permission.

Now that APT reports have been exposed, the “thrill” of discovering and calling out suspected nation state actors engaged in clandestine cyber activity has become almost routine. Excitement over what was once considered a difficult thing to do (detecting “advanced” cyber adversaries) is now expected. And therein lies the problem. The rush to attribute and increase marketing visibility in the wake of such incidents has taken the place of adding value through the exchange of actionable information.

As a result, the cybersecurity community appears to be at an almost breakneck speed in producing APT reports. Certainly, the research that is offered to the public under the auspices of information sharing provides some proficient technical analysis and indicators of compromise that can help organizations detect if similar activity is occurring against their networks. But what is the real benefit of revealing to the world what is known? Does it capitalize on the business marketplace?

One security vendor intimated that there appears to be a direct correlation in the decline of suspected nation state hacking and private company earnings. This was perceived to be the case when a particular company’s decline in stock performance occurred at the same time a certain nation state was hacking less frequently. Then three months later, the same company noted a spike in stock value when another nation state’s alleged hacking efforts surfaced and became prominent in the news. While based on very limited evidence, the bottom line message appears to be clear: many of these reports seem to serve as more of a marketing resource – if not more – than information sharing.

According to a security researcher, one of the driving factors behind the growth in reporting is the inherent marketing value (they provide sound bites and quotes for computer security-related, cable, and even network news, particularly when they name “who” was behind such activities), which translates to sales. (“Do APT reports hurt more than they help?“)

Read more

Stratfor looks back at 2016, the breakout year for cybercrime

Summary:The media and military experts thrill to news about the A-10 and the latest nuclear submarine. Meanwhile new tools for cybercrime and cyberwar reshape the world. The FM website has covered these stories, puncturing the myths that fit them into a useful narrative for governments. Here Stratfor summarizes the events of 2016, the breakout year for cybercrime.


The Year in Cybercrime: Exploiting the Weakest Link.
By Threat Lens of Stratfor, 30 November 2016.


  • Hackers will continue to rely on social engineering tactics to exploit their victims.
  • State and state-sponsored actors will turn increasingly to cybercrime to advance their national interests.
  • Technological improvements to counter cybercrime will not protect against human vulnerability.


The rise of the internet and related technologies has transformed the world, revolutionizing nearly all aspects of everyday life, including crime. In September, the Global Cyber Security Leaders summit in Berlin highlighted the cyberattack tactics that pose the greatest concern to security professionals. Many of these coincide with the threats that we have covered over the past year on Threat Lens, Stratfor’s new security portal. Some transcend criminal activity and involve state or state-sponsored actors using tricks of the cybercriminal trade to advance their countries’ agendas.

Though the weapons used to conduct cyberattacks are relatively new — and rapidly evolving — the tactics have been around for centuries. Over the past year, several major crimes have combined the new platforms and greater access that the information age affords with the age-old art of social engineering. The tactics described below are by no means the most sophisticated of their kind, but they have proved to be some of the most successful and enduring.

Read more

The Internet of Things attacks. If we don’t do better, we will get hurt.

Summary: While America chattered about the soundbites and lies, one of the largest cyberattacks in history took place. Cybersecurity expert Emilio Iasiello discusses what happened and what it means. As so often happens, the big stories often get lost amidst the flotsam and jetsam of the news.

Watch the evolution of a historic attack on the United States…

DDOS attack - By Andrew Liszewski
DDOS attack – From iO9, by Andrew Liszewski.

The Internet of Things attacks. When Will We Learn?

By Emilio Iasiello.
Posted at Cyber DB, the Cyber Research Databank.
7 November 2016. Posted with his gracious permission.

In late September and late October 2016 two massive distributed denial-of-service (DDoS) attacks successfully targeted and impacted the operations of their targets. In the October DDoS against Dyn, a cloud-based Internet Performance Management company, several high profile organizational websites (Twitter, Pinterest, Reddit, GitHub, Etsy, Tumblr, Spotify, PayPal, Verizon, Comcast, to name a few ) for a substantial part of the day {details here}. While Dyn was ultimately able to mitigate the three-wave attack, it did impact users’ abilities to access these sites.

In both instances, attackers took advantage of generally insecure Internet of Things (IoT) devices and harnessed the volume to create large botnets able to launch substantial DDoS attacks. These are not the only two instances in which enterprising criminals sought to leverage IoT in fulfillment of their activities. Both in September and June 2016, IoT devices such as home routers and closed circuit television cameras were used to proliferate the attacks. This is very disconcerting given the fact that IoT as an industry is becoming a foregone conclusion and that more and more of these devices are being produced, marketed, and injected into our daily existences. Unsurprisingly, this is a market expected to continue to grow and is frequently cited as a top trend according to some sources.

Read more

Hidden but important truths from the presidential debate

Summary: The last debate was mostly chaff, like the campaign mostly entertaining demonstrations of the obvious. But there were moments revealing deep truths about our government and us. They were, of course, ignored. Here is the story of one such moment, a statement by Hillary Clinton that is rich with useful insights — if we dig into it.

“Fire destroys all sophistry, that is deceit; and maintains truth alone, that is gold.”
— Leonardo da Vinci, from his Notebooks. A bad solution for political structures built on lies.


More essential insights from Glenn Greenwald at The Intercept: “In the Democratic Echo Chamber, Inconvenient Truths Are Recast as Putin Plots”…

“Donald Trump, for reasons I’ve repeatedly pointed out, is an extremist, despicable, and dangerous candidate, and his almost-certain humiliating defeat is less than a month away. So I realize there is little appetite in certain circles for critiques of any of the tawdry and sometimes fraudulent journalistic claims and tactics being deployed to further that goal. In the face of an abusive, misogynistic, bigoted, scary, lawless authoritarian, what’s a little journalistic fraud or constant fearmongering about subversive Kremlin agents between friends if it helps to stop him?

“But come January, Democrats will continue to be the dominant political faction in the U.S. — more so than ever — and the tactics they are now embracing will endure past the election, making them worthy of scrutiny. Those tactics now most prominently include dismissing away any facts or documents that reflect negatively on their leaders as fake, and strongly insinuating that anyone who questions or opposes those leaders is a stooge or agent of the Kremlin, tasked with a subversive and dangerously un-American mission on behalf of hostile actors in Moscow.

“To see how extreme and damaging this behavior has become, let’s just quickly examine two utterly false claims that Democrats over the past four days — led by party-loyal journalists — have disseminated and induced thousands of people, if not more, to believe. …”

Both are straightforward lies by Team Hillary about the Wikileak emails of John Podesta, propagated by good liberals and her loyal journalists — allowing them to ignore the emails’ damaging content. His conclusion is spot-on.

Read more

U.S. Cyber Command Attacks ISIS. Slow Progress. Few Results.

Summary: Our war with ISIS is almost invisible to Americans. Only lightly reported by the press, visible mostly in the domestic terrorism it inspires. Even less visible is our cyberwar with ISIS. One of the most active fronts of the war, it is a harbinger of future conflicts. Here Emilio Iasiello briefs us on the US attacks by the lavishly-funded US Cyber Command. What are they doing? What successes?  Second of two posts today.

Screenshot: you have been hacked by ISIS.

Screenshot of an ISIS cyberattack
ISIS hacked the Argonne National Laboratory in July 2015. Details here. Click to enlarge.

U.S. Cyber Command’s ISIS Efforts. Slow Progress. Few Results.

By Emilio Iasiello from CyberDB.
Reposted with his generous permission.

Mid-July 2016 reporting reveals that U.S. cyber offensives against the Islamic State of Iraq and Syria (ISIS) online recruiting and propaganda activities has not yielded the types of results that were initially anticipated. According to the news article, the debut effort of the U.S. Cyber Command (CYBERCOM) has not been effective, despite officials declining to provide any specifics as to the types of operations being conducted.  What was revealed was that CYBERCOM’s commander Admiral Michael Rogers had created a unit charged with the mission of developing digital weapons to support this effort.  Joint Task Force Ares, a 100-person strong unit, will not only build tools, but may engaged in other possible missions such as disrupting the terrorist group’s payment system and denying access to their current chat application of choice.

Nevertheless, despite aspirations and being the first publicly declared online military operation by any nation state, success has been fleeting. This is certainly a disappointing turn of events for a country largely believed to be the most cyber capable in the world.  The recent slow progress is impeding the normalization of how cyber attacks can be used as a potential military tool.  Officials hoped that the ISIS campaign would help normalize how cyber attacks can be leveraged similarly as airstrikes to support military objectives, to take cyber out of the shadows and provide a bit more transparency, according to a senior Pentagon official.  As of now, there has been little anecdotal evidence showing this type of success.

Part of the problem may be that CYBERCOM, despite being an official sub-unified command for approximately seven years, is simply not ready.  Admiral Rogers conceded that the first dedicated cyber troops will be operational by early fall, and expected the command to be fully operational by September 30, 2018, calling into question the capability and talent of the current staffing levels.  Such speculation has been raised in a June 2016 article that highlighted CYBERCOM’s struggles with identifying, recruiting, and retaining top talent. The Command’s Cyber Mission Force will eventually have 6,200 people split into 133 teams, half of which will be assigned to protecting networks, 20 percent dedicated to combat missions, 10 percent assigned to national mission teams to protect critical infrastructure, and the remaining fifth assigned unspecified “support” functions.

Read more

Stratfor: it’s the breakout year for cybercrime! How do we fight it?

Summary: 2016 is the breakout year for cybercrime. Ransomware went global, the third major theft using the global banking SWIFT system, and a multi-million attack on Japan’s ATM’s network. Here Stratfor looks at the mechanics of crime-fighting against cyberthevies.


To Catch a Cyber Thief
Stratfor, 3 June 2016


  • South Africa’s Standard Bank, so far the only institution to come forward as a victim of fraudulent withdrawals by an organized network, will not be able to recoup all of its $12.7 million in losses.
  • Arresting the street criminals associated with unlimited operations will do little to stop future strikes, which will continue until the hackers behind the heist are found and detained.
  • Nevertheless, authorities will likely apprehend the hackers behind the latest unlimited operation in Japan, though it may take years.

Read more