Tag Archives: cyberwar

We Must Stop The Race to Attribution After Each Cyberattack

Summary: Cybersecurity expert Emilio Iasiello discusses one of the key issues in cybersecurity — how do we determine who attacked us? Each attack brings forth rapid declarations by the government that the attacker is one of their favorite foes. Should we believe them?

businessman working with new modern computer show social network structure

The Race to Attribution Needs to Stop

By Emilio Iasiello
Posted at Dead Drop (of the LookingGlass Cyber Threat Intelligence Group)
30 March 2016. Posted with his gracious permission.

It has become almost systemic for people to immediately question, “Who did it?” when a major breach occurs in the public and/or private sectors. Understandably, the victimized have a keen interest in identifying their faceless attackers especially when they have been publicly exposed. There is also a competitive aspect, as the first person to make attribution can add credibility to his or her name. However, while providing information for public consumption is important, it’s equally as important to provide accurate information.

In the cyber security industry, a commonly heard mantra is that attribution in cyberspace is difficult. Cyber security experts and organizations, and even some government officials, have emphasized this point. If most agree that attribution is difficult and time consuming, why is there invariably a need to immediately attribute hostile activity that may end up being incorrect and misleading?

This is perplexing especially when one considers that some state actors are considered to be sophisticated and stealthy, yet once their operations are exposed, attribution appears relatively easy to assign. This contradicts the general premise of the attribution challenges that cyberspace presents and discounts the anonymization and obfuscation techniques employed by savvy actors to avoid those very identification efforts. Furthermore, reliance on technical evidence as indicators of attribution may become less important as actors may alter timestamps, use different keyboard languages, and change compile times to point blame in a different direction.

Continue reading

About Anonymous – an emerging cyberpower

Summary: Our defense experts obsess over obsolete weapons while non-state groups perfect 4GW and cyberwar, one reason their forecasts for our wars are so often wrong. Unlike supercarriers and stealth fighters, these new forces will shape the 21st century. This post by cybersecurity expert Emilio Iasiello looks at Anonymous, a growing cyber-power.

Anonymous

“Anonymous” –
Balancing Social Consciousness with Civil Disobedience

By Emilio Iasiello
Posted at Dead Drop (of the LookingGlass Cyber Threat Intelligence Group)
28 January 2015. Posted with his gracious permission.

The decentralized hacking enclave “Anonymous” is known for undertaking numerous campaigns that target perceived injustice, as well as cause general digital civil disobedience.  Regardless, the group’s extensive membership is varied and widespread, gaining global attention for its various activities.  The diversity of their campaigns adds to their mystique and further complicates public perception of their motives.

While Anonymous has received significant press from its recent efforts against the Islamic State of Iraq and Syria (ISIS) via the now-splintered offshoot the Ghost Security Group, there are several other campaigns that have slipped under the media’s radar.  A recent article has surfaced highlighting some of these efforts that span across a variety of social issues.  While some of their activities are not looked favorably upon by some, the enigmatic group’s recent engagements potentially demonstrate a maturing evolution into an issues-orientated movement that both thinks and acts globally.

The attention garnered by Anonymous has been important in drawing attention to those issues that may escape the public spotlight.  Some of these include but are not limited to…

Continue reading

Prepare for cyberwar: today’s are small compared to what’s coming

Summary: Here’s a brief look at the state of cyber-conflicts. The first ones have run their course; from them we can guess at the outlines of the larger ones to come. As with nukes and drones, America has laid a path for others to follow. We’ve been bold and innovative, but lawless. We might regret this when others imitate us.  {2nd of 2 posts.}

Cyberspace: a global dynamic environment created by interlocking networks linking people and computers for communication, control, and trade. Like other human domains, it consists of multiple levels — from purely conceptual (e.g., laws, designs) down to the hardware and people that are its material substrate. The term coined by William Gibson in his 1982 story “Burning Chrome“.

cyber war

Contents

  1. Battlefields of the future.
  2. The first cyber conflict.
  3. Playing defense.
  4. Are we beleaguered in cyberspace?
  5. For More Information.

(1)  Battlefields of the future

We have entered a transitional period in the art of war much like that between WWI and WWII, when a new form of war (the 3rd generation) slowly emerged, but military institutions kept their eyes turned to the past. Many armies were slow to develop innovative tactics for their new internal combustion driven engines. Their cavalry units were symbols of this retrovision. Navies lavished their greatest attention on battleships, not the submarines, escorts, and carrier-borne aircraft that would dominate WWII (e.g., aircraft were the “eyes of the fleet”, not its teeth). Communications technology rapidly improved, but the senior officers paid relatively little attention to cryptography and signals intelligence.

Today war-as-usual continues in the emerging nations, but in the developed world it has moved into new realms — with the cutting edge in cyberspace. It’s the age of 4th generation war, waged among state and non-state actors in shifting coalitions, taking many forms…

  • Hacking: probes and parries by people exploring the nature and uses of cyberspace, rapidly expanding in scale, sophistication, and consequences.
  • Raids: the Sony hack and Stuxnet.
  • Conflicts for control: Pirate Bay and the Silk Road.

Continue reading