6 November 2016

The Usual Suspects and the Ignoble Art of State-sponsored Cyber-war


Globally, the state-sponsored cyber theft bureaucracy exists despite repeated denials by top government officials. In his latest interview to the Guardian, Mr. Andrew Parker, the head of MI5, Britain’s counter-intelligence and security agency highlighted the threat of Russian cyber attacks against Britain.

Mr. Parker said that the scale and potential consequences of the hacks have helped widen the rift of distrust between the two countries, in particular, evoking Cold War tensions between Russia and the Western world.

Security analysts have serious concerns about Russian cyber attacks that have generated multiple headlines over the past year, particularly after a self-styled hacker known as “Guccifer 2.0” claimed to be the source of the leaks. WikiLeaks did not reveal its source; however, cyber security experts and firms believe that the leak was part of a series of cyber attacks on the DNC committed by two Russian intelligence groups.

Later, the United States Department of Homeland Security and the Office of the Director of National Intelligence stated that the US intelligence community had a very strong reason to believe that the Russian government was behind this breach in an attempt to influence the outcome of the US presidential election.

Since the advent of the internet, espionage has moved beyond the physical to the digital world. According to David Emm, Principal Security Researcher, Global Research & Analysis Team, Kaspersky Lab, “The Global Research and Analysis Team has analyzed a number of attacks in the last six years that we believe are state-sponsored. They are Stuxnet, Duqu, Gauss, Flame (and miniFlame), Careto (aka The Mask), Regin, Duqu 2.0 and Equation. The length of time taken to develop these attacks, their sophistication and the intelligence required to carry out such focused attacks all suggest nation-state involvement.”

In early 2015, it was GReAT that reported the Equation attacks and the code in some modules dated back to 2001. In general, such attacks are designed to steal confidential data from their victims. However, this is not always the case. It is generally believed and accepted that Stuxnet was intended to sabotage a specific industrial process. In some cases, Kaspersky Lab has identified links between state-sponsored attacks. Also, there are clear connections between Stuxnet, Duqu, Gauss and Flame, indicating that they were developed from a common platform.

9/11 attacks

Post-9/11, the U.S. spy agencies have built an intelligence-gathering colossus to provide critical information to the president on a range of national security threats. While traditional HUMINT (Human Intelligence) relied on SADR — spotting, assessing, developing and recruiting for information, the SIGINT (Signals intelligence) collects information by gathering and analyzing the electronic signals and communications of a given target.

Driven by the rise of the internet and new forms of electronic communications intelligence gathering has grown for decades, and now it has the potential to gather and exploit the data on real-time basis.

The Chinese threat

According to the Commission on the Theft of American Intellectual Property, America’s largest trading partner – China – accounts for as much as 70 percent of the losses the United States incurs.

China’s successful growth strategy relies on acquiring science and technology at any costs both legally and illegally. Their national industrial policy goal encourages IP theft, and an extraordinary number of Chinese in business and government entities are engaged in this practice.

In July this year, a Chinese national was sentenced in Los Angeles to three years and 10 months in prison for hacking US defense contractors. The group managed to steal sensitive data by hacking into the computer networks of major defense contractors and sent the information to China. It’s a known fact that Chinese hackers have been spying on governments and businesses in Southeast Asia and India uninterrupted for a decade.

Internet as we know it 

The internet was actually designed to be a decentralized network. The predecessor of the modern internet, ARPANET, was developed during the Cold War by the US Defense Advanced Research Projects Agency (ARPA, later renamed DARPA) as a robust and decentralized alternative to existing communication platforms like the telephone system. So, it is also important to recognize that the internet didn’t come into being fully-formed. Rather, it grew and evolved over time. The internet as we understand and use today goes far beyond its original purpose. In particular, it wasn’t designed with security in mind, since this only became a need once it became an open system – especially once it came to underpin so many social transactions (banking, commerce, networking, etc.). And retro-fitting security is always a challenge, since it must be done without affecting the functions that have become an essential part of the system.

Threats have also evolved over time, taking advantage of new technology and exploiting the way we use this technology. For example, cybercrime was impossible before the web was used for a significant volume of financial transactions; this is why, before 2003, malware was essentially cyber-vandalism – designed to disrupt systems.

Security as an investment

In any area of human activity, development occurs unevenly, for a variety of reasons – economic, political or cultural. Countries don’t necessarily follow the same curve of development as those who break new ground first: they might continue to lag behind, catch up or even leap ahead of other regions – depending on the conditions they face. This is no less true in the field of IT security.

According to David Emm, “The widespread use of pirated software or content in some regions affects the cyber-security posture of a region. However, I would say that the fundamentals of cyber-security remain the same across countries. This includes securing systems, applying security updates to operating systems and applications and education.”

“It’s important to recognize that security is a process – so the strategy and the technologies used to secure systems must be reviewed regularly, to ensure that they are fit-for-purpose,” he added.

Attack on critical systems

In late 2014, a German steel mill was the target of a cyber attack when hackers took control of the production software and caused significant material damage to the site. This was the second such attack to be reported after an attack targeting a uranium enrichment centrifuge in Iran in 2010.

If cyber attacks are now able to cause damage to infrastructure, then populations can be impacted as well.

Noted American journalist and author Shane Harris in his book, @War – The Rise of Cyber Warfare states that the United States military currently views cyberspace as the ‘fifth domain’ of warfare (alongside land, air, sea, and space), and the US Department of Defense, the National Security Agency, and the CIA all field teams of hackers who can, and do, launch computer virus strikes against enemy targets. U.S. hackers have played a significant role in the recent war in Iraq.

Cyber criminals and activist groups most often act with the technical and financial support of state agencies. Some states proceed in this manner to disrupt an enemy state and digital infrastructure is the new battleground on which rules of engagement of present-day conflicts are re-written.

No comments: