Embed on your site!



Source: CyberSecurityDegrees.com

The Cyber Cold War

International Intrigue and cyber exploits for political gains

Welcome to cyber warfare

Definition: use and targetting of computers and networks in manuevers of war.

The three wings of cyber warfare:

Espionage: [optional text: “see U.S. Hacking of Tsinghua University”]

Sabotage: [optional text: “see North Korea’s Sony Pictures Hack “]

Propeganda: [optional text: “see Russian Black Lives Matter propeganda”]

—

And the nearly unlimited resources of states make these more than your run-of-the-mill cyber attacks

—

Differences and Similarities between state and non-state sponsored cyber attacks[2]

Non-State Sponsored Cyber Attacks:

Motivated by wide range of initiatives

Potentially after vandalism/”making a splash”

Often seeking quick pay offs

Often performed from a distance

Seek low hanging fruit

Solo work or loosely affiliated teams

State-Sponsored Cyber Attacks:

[potentially a good way to characterize this section could be an image of a large political statue being toppled, some more substantial aim than vandalism]

Motivated by state-specific initiatives

Potentially after control of infrastructure

Can perform longer-term attacks

Often accompanied with a physical meeting

Aided by more expansive survaillence

Seek targets most critical to larger plans

Large well-organized teams

Can create new zero-day exploits for specific targets

Can afford all types of existing attacks

Are you ready for a state-sponsored cyber attack?

The DNC and DCCC weren’t

Timeline of U.S. Presidential Election Cyber Attacks[11]

[the many-pronged nature of this attack makes me think of a hydra-headed illustration if that’s any inspiration]

March 2016: A spear-phishing email is sent to John Podesta, chairman of Hillary Clinton’s campaign

March 2016: FBI notifies DNC that their infrastructure has been breached

April 2016: DNC identifies malware, affected files, and alleges two Russian hacker networks.

May 2016: Spear-phishing emails reach private accounts of other members of the DNC

June 2016: First batch of emails from DNC server leaked via BitTorrent

June 2016: Potential misinformation circulates on social media, steering focus towards hacker known as Guccifer 2.0 and away from Russians.

June 2016: DNC claims to have secured networks

July 2016: Democratic Congressional Campaign Committee comprimised by same hacking groups

August 2016: Numerous political think tanks and political NGOs start to surface, all targetted by the same spear-phishing campaigns

October 2016: US Intelligence agencies release statements detailing certeinty of attackers’ nationality.

Novermber 2016: Spear phishing campaign continues against high-level targets in US politics

This many-headed attack involved:[11, this citation has one way this could be visualized]

Two Targets:

Hilary Clinton’s Campaign

A dozen other Democratic candidates running for positions in the House of Representatives

Two networks of hackers:

Federal Security Service (Main successor of the K.G.B)

G.R.U. Military Intelligence (Russian state-sponsored group)

Two Leakers:

Guccifer 2.0 (potentially a creaation of G.R.U)

DCLeaks.com

Many Publishers:

Wikileaks (released 50,000+ Podesta emails on their website)

Mainstream media (released elements of emails pertinent to their reporting)

The result:

Compromised Democratic campaigns for the presidency and congressional races in Pennsylvania, New Hampshire, Ohio, Illinois, New Mexico and North Carolina

But it’s not just old Cold War shenanigans.

Today more than 30 nations have designated significant funds for developing or enhancing national offensive and defensive cyber war capabilities.

The major players:

–America

Objectives: 1.) Directly assist in geopolitical conquest 2.) Obtain military and diplomatic information

–Russia

Objectives: 1.) Obtain military and diplomatic information 2.) Obtain trade and business secrets to promote competitivness of enterprise 3.) Directly assist in geopolitical conquest

–China

Objectives: 1.) Obtain trade and busines secrets to enable state-owned enterprises

–Israel

Objectives: 1.) Obtain military and diplomatic information 2.) Promote security ecosystem as a driver of economic growth

–Germany

Objectives: 1.) Obtain military and diplomatic information

–Cyber Security Mercenaries

Objectives: 1.) Whatever’s good for business

Spotlight: Strider[10]

Since 2011 (Potentially a nation-state in disguise)

Tool of Choice: RemSec Trojan

Characteristics:

-Components of Remsec are largely held in executable blobs unattached to the rest of the program

-Functionality is largely deployed over networks, not living in disk space

Techniques:

High technical sophistication, used sparingly to stay under the radar.

Targets:

36 computers across 7 organizations from 2011-2016.

High profile targets in Russia, China, Belgium, and Sweden

—

Did you know?

In 2016

1 in 2329 emails sent to those working in public administration were phishing attempts

and

1,198,971 identities of those working in public administration were stolen in data breaches

—

But in the end innocents always get hurt

Number of online identities* stolen by nation in 2016

United States: 791 million

France: 85 Million

Russia: 83.5 Million

Canada: 72 Million

Taiwan: 30 Million

China: 11 Million

South Korea: 10 Million

Japan: 8 Million

Netherlands: 6.5 Million

Sweden: 6 Million

*An online identity includes access to one online service

Major Battles of Global Cyber War

—

Russia in Germany:

Date: 2015-2017

Method: Spear Fishing, Trojan

Summary: Several month long acquisition of data from the German Bundestag. Spear phishing, or sending official seeming emails to targetted individuals was employed to deliver trojans. Trojans are pieces of malware disguised as non-malicious code.

Damages: Replacement of computer systems comprised in initial attack (20,000+ computers). Potentially ongoing offensive retalliation to destroy servers housing stolen information.

—

Germany in Russia:

Russia in US: [5]

Date: 2016-2017

Method: Propeganda, Social Engineering

Summary: Fake Facebook and Twitter Accounts, as well as marketing of YouTube videos sought to provoke racial tensions during the 2017 presidential election. Hundreds of fake Russian-led social media accounts helped to promote the Black Lives Matter hashtag #DontShootUs. Fake activists went so far as to schedule events and market them online. Contests utilized Pokemon Go, getting users to take screenshots at certain locations. Information from screenshots was later used as content for propeganda.

Damages: Hijacking of an American cause against police brutality to polarize political conversations.

—

Russia on International Space Station: [6]

Date: 2008

Method: Viruses

Summary: Multiple rounds of viruses have been reported on the International Space Station, allegedly brough on board via a USB drive provided by a Russian Cosmonaut. While the IIS is an international project, NASA is routinelly targetted by cyber attacks, with over 1,500 against the space agency reported in 2016.

Damages: Damaged computer systems are particularly dangerous at 220 miles above Earth. Potential loss of scientific data. Unclear whether placement of infected USBs was purposeful.

—

US/Israel in Iran:

Date: 2008-2010

Method: Malware

Summary: In a potentially unprecedented outcome, Stuxnet — a cyber weapon jointly made between Israel and the US — infiltrated the computer system of an Iranian uranium enricment facility. Unlike many forms of malware that just steal information or wreak havoc on information systems, Stuxnet gained control of the plants centrifuges and caused them to rotate at speeds they were unfit for, breaking physical infrastructure in the plant in the proces.

Damages: Desctruction of hundreds of centrifuges used to enrich uranium for weapons and research.

—

US in China:

Date: ?-2013

Method: Physical infiltration or infiltration of internet service providers

Summary: In a series of leaks by Edward Snowden it was revealed that the NSA had for years infiltrated internet service providers related to the Chinese University in Hong Kong and Tsinghua University in Beijing, two of the premier research universities in China. It is unclear what information was comprimised by the NSA, and what was done with it. But by working through ISPs the NSA is thought to have had the ability to massively mine Chinese internet activity as well as attempt to procure research and trade secrets. The same revelations offered explanations of the NSA hacking Chinese cellular providers and gaining massive access to SMS mesages of account holders as well.

Damages: Potential loss of trade secrets and research. Cost of reconfiguring internet infrastructure and information systems at infiltrated institutions.

—

Iran in US: DDoS of financial sector 2012-2013

Date: 2013

Method: Encrypted DDoS Attacks

Summary: Though a group called Izz ad-Din al-Qassam (Freedom Fighters) claimed this attack as retaliation for a video that mocked Muhammad, US officials believe that is only a front for Iran. In this attack numerous clouds — groups of thousands of networked servers — were hijacked using malware called Itsoknoproblembro. These clouds and public internet providers from around the world were then pointed towards large banking sites to make encryption requests. Different from traditional DDoS attacks, encryption requests consume more networking power and thus were harder to mitigate.

Damages: Major disruptions to online banking capabilities of Bank of America, Citigroup, Wells Fargo, U.S. Bancorp, PNC, Capital One, Fifth Third Bank, BB&T and HSBC.

—

North Korea in US: Sony Pictures 2014[9]

Date: 2013-2014

Method: Server Message Block Worm

Summary: This attack that US officials allege was perpetrated by North Korea involved prolonged access to Sony Pictures’ computing systems. Elements of the server message block included a listening implant, backdoor, proxy tool, destructive hard drive tool, and destructive target cleaning tool. After an initial attack that rendered some employee’s computers inoperable the group responsible emailed executives at Sony demanding payment in exchange for not upping the ante. Probably regarded as spam, the attack continued leading to up to 10 terabytes of stolen data as well as a number of destroyed databases.

Damages: Sony Pictures set aside $15 million in the Q1 of 2015 to deal with damages. Though some damages are harder to calculate. An un-released motion picture (the Interview) was leaked, and 47,000 Social Security Numbers along with personal information about employees.

—

Citations:

[1]https://tech.newstatesman.com/guest-opinion/nation-state-cyber-attacks-come-shadows

[2]https://www.csoonline.com/article/2852855/advanced-persistent-threats/10-deadliest-differences-of-state-sponsored-attacks.html

[3]https://www.pbs.org/wgbh/nova/next/military/snowden-transcript/

[4]https://www.armed-services.senate.gov/imo/media/doc/Clapper-Lettre-Rogers_01-05-16.pdf

[5]https://hotforsecurity.bitdefender.com/blog/kremlin-uses-social-media-pokemon-go-to-stir-up-racial-tension-in-us-19076.html

[6]https://www.bloomberg.com/news/articles/2017-04-12/outer-space-hacking-a-top-concern-for-nasa-s-cybersecurity-chief

[7]https://www.forbes.com/sites/kenrapoza/2013/06/22/u-s-hacked-china-universities-mobile-phones-snowden-tells-china-press/#3ef4813f5340

[8]https://www.nytimes.com/2013/01/09/technology/online-banking-attacks-were-work-of-iran-us-officials-say.html

[9]https://www.inss.org.il/wp-content/uploads/sites/2/systemfiles/SystemFiles/No.%20646%20-%20Gabi%20and%20Dudi%20for%20web.pdf

[10]https://www.symantec.com/security-center/threat-report

[11]https://www.nytimes.com/interactive/2016/07/27/us/politics/trail-of-dnc-emails-russia-hacking.html

[12]https://www.dw.com/en/signs-point-to-russia-in-cyberattacks-on-germany/a-19566439

[13]https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/

[14]https://www.wired.com/2008/08/virus-infects-s/

[15]https://mashable.com/2017/05/05/cyber-war-russia-germany/#1asN5NjWpkqh