Sunday, January 20, 2008

The ghost in the machine

America has been under foreign cyber attack before. But the Washington Post reports that recent attacks have become serious enough to issue a "rare public warning to the power and utility industry ... a CIA analyst this week said cyber attackers have hacked into the computer systems of utility companies outside the United States and made demands, in at least one case causing a power outage that affected multiple cities." Although at least some of the reported intrusions were by "computers belonging to foreign governments or militaries", the targets this time were, significantly, commercial. "Cyber extortion is a growing threat in the United States, and attackers have radically increased their take from online gambling sites, e-commerce sites and banks, which pay the money to prevent sites from being shut down and to keep the public from knowing their sites have been penetrated, said Alan Paller, research director at the SANS Institute."



In the recent past, many cyber attacks have been directed at government information resources. For example, in mid-2005, a Washington Post blog noted that Britain, Canada and Australia had all been subjected to an attack. "Just hours after British cyber-security officials issued a highly unusual warning that hackers are launching targeted attacks against U.K. government agencies and high-profile British corporations, their counterparts in Canada and Australia issued similar alerts."

But coordinated multi-tier attacks, that is to say attacks directed against different levels of society, first came into prominence during Russia's cyber-attack on Estonia. "The Kremlin’s assault on Estonia is intensifying on four levels of varying sophistication. These include: cyber attacks from within Russia’s Presidential Administration against the Estonian presidency’s and government’s electronic communications; political demands, backed by economic sanctions threats, to change the Estonian government; siege laid by Kremlin-created organizations to the Estonian Embassy in Moscow; and instigatory coverage of the April 27-29 violent riots of Russian youth in Tallinn by Russia’s state television." Estonia marked the combined arms approach to cyberwarfare. To hacking were added the pressure of street gangs, coercive diplomacy and traditional media black propaganda. Cyber-attacks were no longer a standalone weapon conducted by some geeky misfit in a basement. Rather, cyber-attacks became part of a full spectrum of offensive weapons in which the distinction between the "virtual" and the "actual" was eliminated. In Estonia, not only could your database be wiped out, your teeth could also be knocked in by a well delivered Russian punch to your face.

The recent attacks on US "online gambling sites, e-commerce sites and banks" were a blow delivered at the soft-underbelly of its society. They interestingly combined cyber-attacks with traditional blackmail: the victims kept quiet about the penetration of their systems in order not to panic their customers. This prevented the target society from even being aware it was under attack. This also meant the targets could be defeated in detail as each faced the assault alone. Nor were the attacks delivered frontally, or blindly. They were customized to their individual weaknesses. Some attackers probably attempt to recruit employees or ex-employees from the system who know the weaknesses. In 2005, "Britain's National Infrastructure Security Co-ordination Centre said hackers were devising increasingly sophisticated attacks that appear to be custom-made for each target, focusing on individuals who work with sensitive data with e-mails that appear to originate from trusted contacts, news agencies or government departments." Attacks on information systems had been integrated into the traditional military cycle. No longer were they pranks conducted by some pimply teenage prodigy: they were now part of a process which included pre-attack reconnaissance, execution and exploitation.

In late 2007, France reported it was under attack by Chinese information assault forces, just after other Western governments had reported the same thing.

"French information systems fell prey to cyber attacks "involving China", similar to those reported by the US, British and German governments, a top French security offical told AFP on Saturday. "We have indications that our information systems were the object of attacks, like in the other countries," the Secretary-General of National Defence (SGDN) Francis Delon said, confirming a report published in French newspaper Le Monde.

"We have proof that there is involvement with China. But I am prudent. When I say China, this does not mean the Chinese government. We don't have any indication now that it it was done by the Chinese People's Liberation Army," he added.

If it was the Chinese government -- and the centralized control of computer resources in that country make it unlikely to be anything else -- then the attacks would have been the work of what the Strategy Page called the "Three Headed Monster": the "NET Force" corresponding to a general staff; the "Red Hackers Union" (RHU). These are several hundred thousand patriotic Chinese programmers and Internet engineers who wished to assist the motherland -- all behind the Golden Shield Project (also known as The Great Firewall of China) manned by 30,000 Ministry of Public Security employees to keep the targets from repaying Beijing in kind. But whether it was China's Three Headed Monster or the more shadowy, but presumably equally formidable Russians, the attacks on France and other Western countries represented the intrusion of a major force which the average denizen on the Internet would be hard-pressed to resist.

Terrorist organizations, Russia and China, to name but a few, have clearly grasped the potential for information warfare and have developed sophisticated doctrines for its employment. Unencumbered by legacy newspapers, huge television networks, and an entertainment industry still divided into guilds -- institutions used to wage "information war" in 20th century style -- China, Russia and Islamic radicalism were free to invent new modes of information combat. Both the "NET Force" and the cyber-Jihad come at a time when the American concept of public diplomacy still focused on scheduling interviews on talk shows. The true beneficiaries of revolutionary technology may be those who were free of the weight of the old.

One of most dangerous aspects of the new enemy information warfare strategy is its ability to attack the subsidiary and smaller units of Western social organization. Attackers don't need to take down a sophisticated and protected target like the NSA or a multi billion-dollar bank. Instead, they can focus on the medium-sized financial institution, online gambling site, adult movie rental service, credit card company, health fund or social networking site. Like the Blitzkrieg of the 1940s, enemy cyber-attack forces can concentrate on the weakest points of a society, avoid its Maginot Lines, and worm their way in, gaining more entry points and trusted identities with the passage of time. Equally disturbing is the apparent way in which computer attacks have been combined with the traditional methods of subversion like blackmail and possibly the recruitment of insiders to compromise the system. A company with the best computer defense systems may still be vulnerable to the application of old fashioned threats against its employees. In any contest between a small company and China's "Three Headed Monster" the odds are stacked agaisnt the company.

A stock blogger at the Washington Post wonders if the financial markets are next.

With the rising tide of cyber attacks on the infrastructure over the past year or so, and the vulnerability of the power grid, transportation systems, and big banks becoming increasingly clear, investors have to wonder how secure the exchanges are from extortion or efforts to manipulate the markets by individuals or organized groups. The London Stock Exchange suffered a cyber attack this past June. Such attacks frequently originate from overseas, sometimes supported by foreign governments, and perpetrators can be next to impossible to track down and bring to justice.

15 Comments:

Blogger Elijah said...

"Science sufficiently advanced always appears to be magic"

Information operations and computer network attack programs are now considered the military's most closely guarded projects, surpassing even new stealth advances.

Previously
slip past Syria's air defenses during the September 6th raid, describe a system that has been used in Iraq to detect transmissions from terrorist communications and zap IED detonation systems

A series of Suter programs explored the ability to pipe data streams--embedded with specialized algorithms--into enemy communications networks without being detected. The portals into the network are found by precisely locating antennas (as aiming points for the data streams) whether they are part of an air defense system or a hand-held communications device linked to others in an ad hoc tactical network for a small insurgent team.

1/20/2008 04:20:00 PM  
Blogger NahnCee said...

Do Russia, China, Nigeria and their ilk *really* want to get into a hacking war with the creme de la creme of humanity's hackers who reside in the West?

If these attacks are coming from the Russian and Chinese government, which I would think would be a fairly small, centrally-located and elite group, then how would they defend against multiple attacks directed at them by teenaged computer wizards in Southern California, Denmark, Sydney Australia, and elsewhere around the world.

If the West's governments could figure out how to harness our teenaged mutant nija's and aim them simltaneously at China and Russia (and all those lovely people in Nigeria just panting to send me money via my bank account), then I think THOSE governments would be tottering seriously very very quickly.

Hackers have been turned to the good side of the Force before. I see no reason why it can't happen again, if no other reason than for the thrill of the hunt.

And in the future, any free-lance cyber-terrorist should be warned in advance that the capital of the government where he makes his living will have its electricity turned off in retaliation. There. That should do it.

In a lot of places in the world, no electricity for their air conditioning is a MUCH worse threat than being nuked back to the Stone Age.

1/20/2008 05:22:00 PM  
Blogger James Kielland said...

We DO have the talent. But they are generally busy doing such things as going to school, working for companies, or planning on the next Trekkie convention.

This might not be a bad thing, actually. Cyber thuggery, while having the capacity to be rather disruptive is probably (hopefully) not as strategically valuable as the capability to build a corporation like Google or develop operating systems or significantly better applications.

The fact that many of these groups are coming out of the former soviet union or china is an indication that those economies do not have things in place to allow their homegrown talent to produce such products or to experience the subsequent economic benefits.

The worrisome thing is that so many of our military and strategic thinkers, if the published literature is any indication, have very little grasp of the significance of the internet and how it opens up completely new possibilities in warfare and competition/antagonism between collectives. Our military seems to look at it all as purely a means to increase the targeting of conventional weapon systems.

The internet changes everything, more so than the development of naval fleets or even the airplane. It opens up new vulnerabilities and opportunities that attack the idea of a nation state at its very core. The modern nation state was made possible by the ability of a government to secure centralized control over a large area and to have reasonable control over what occurs within its borders and what transverses its borders.

The US has essentially given up on this quaint idea, with the highest levels of our government regarding controlling our physical borders as completely trivial and writing off those who are concerned as xenophobic, at best. In the meantime, the internet allows foreign actors to attack resources and exercise influence deep inside of our borders in a way that Clausewitz or Sun Tzu would have found unimaginable. In the midst of all of this, our best efforts at exploiting these new developments seem to consist of strapping a hellfire missile on a multi-million dollar remote controlled airplane. Or giving a soldier a PDA.

It will be interesting to see what happens. Hopefully the inventiveness of our private sector will allow for increasing levels of economic performance that will allow us to survive the negligence of our own strategic establishment.

1/20/2008 06:38:00 PM  
Blogger putnam said...

Nahncee,

I would not underestimate the capabilities of the Russian or Chinese hackers.

Many of the software hacking and illegal download sites are located in Russia.

Linux comes from Torvalds, a Finn, and the open software movement is driven to a large degree by european programmers.

1/20/2008 10:32:00 PM  
Blogger j willie said...

Yes, Nancy's perspective is rather naive, idealistic or both from tactical and strategic points of view. Tactically, unless the Air Force (which has been officially tasked with the responsibility) has developed a correspondingly sufficient capacity for defensive and offensive cyber-warfare actions, then we will have lost the battle before it is joined. You would have to currently put that question in the unknown answer category.

Strategically, what good would Google (93% of its political donations go to Democrats) do a Republican administration? Microsoft might be a little more helpful, since the Dem's were the ones who brought the antitrust cases against them, but at the end of the day, they answer to shareholders. Even the telcos doing the govt's bidding with wiretaps are doing what's in their economic best interests (see here for what I find to be the only viable Occam Razor explanation for combined FCC/telco behavior since 2001 - http://gordoncook.net/wp/?p=219).

To strategically respond to government-led cyberwarfare actions from abroad, within the context of our policitical system, requires that our govt develop and manage that capacity its own command/control system. To think one could "nationalize" Google, or otherwise harness the highly independent, free spirited and mostly libertarian minded software coders/hackers is complete fantasy. Think about it - an "open source" cyberwarfare capability. It's either oxymoronic, moronic or both.

1/20/2008 11:36:00 PM  
Blogger James Kielland said...

J Willie,

I would not suggest that the government nationalize Google. My simple point was that an economy in which engineering talent can be contributing to the creation of strong economic growth is a strategic advantage. This would be more of a long-term, strategic view than a tactical response to an immediate cyberattack, of course.

1/21/2008 12:14:00 AM  
Blogger j willie said...

James, I agree with you and your post in its entirety, and most especially with the notion that "the Internet changes (and has changed) everything" and without which we would not even be having this discussion. My post was intended only to dispute Nancy's notion that coders/hackers could be harnessed by the government to work on its behalf. First, most of them see the govt as the "Empire", not the "Force". Second, coders/hackers for the most part loath centralized authority of any sort. Third, for the govt to use any cyberwarfare capacity effectively, it would have to come under its command/control/classified security system. Consequently, the govt must develop and "own" that function, and can't outsource it on an ad hoc basis.

1/21/2008 12:38:00 AM  
Blogger herb said...

I worry more about the burglar who enters, leaves something nasty and exits without a trace.

Such a series of cyberbombs could really be devastating and easily coordinated. The defender couldn't solve the problem by disconnecting from the network. His system would eat itself.

1/21/2008 07:24:00 AM  
Blogger Aristides said...

The Russians and Chinese may end up envying the Pakistanis and their kinetic Frankenstein monsters. A confluence of natural human melodramas -- hurt pride, jealousy, greed, revenge -- and these regimes may get their own direct experiences with emergency lighting and dial tones.

1/21/2008 10:21:00 AM  
Blogger Mad Fiddler said...

My own experience comes from working at several universities (computer graphics) and in Silicon Valley at a number of companies creating interactive games.

What I observed was that the programmers, "double-E" folks, system administrators, and suchlike tended more toward the Right / Libertarian end of the political spectrum. Many of the folks I met in the games industry had come over from Defense, to "decompress" for a while. Almost universally they described the tasks they faced in interactive games --- for instance, working out artificial intelligence for a game to be able to play at various different skill levels appropriate to novice, medium and advanced human players so as to challenge them without trouncing--- to be routine and relaxing after the work they'd done for Defense industry applications.

A few I met had participated in the initial development of ARPANET, the original internet, and are still involved in developing and evaluating internet security measures.

I was particularly surprised to find how so many computer geeks --- across the spectrum of industry and academia --- used their free weekends participating in so-called "historical re-creation" groups. They are a seethingly independent and contrarian group, but generous and fundamentally patriotic for the country that gives them the freedom and opportunities to pursue their idiosyncratic paths.

Genius springs up everywhere, and some kid born in a felt Yurt is as likely to have the gray matter to become a master hacker as is a kid raised up in a multi-million soul metropolis. But access counts, and possibly even trumps sheer gray matter. I suspect that kids who have grown up surrounded by high-tech have a distinct edge over those whose access has been strictly regulated and controlled by an intrusive authoritarian government.

And as much as some folks may feel oppressed by the U.S. government, it ain't no China, and it ain't no Venezuela, it ain't no Iran, it ain't no Sudan, it ain't no North Korea, and it ain't no Russia.

Look at the Olympics to get a sense of how things might go. For many decades in the last century the Soviet Bloc countries selected the best athletes by screening kids nationwide before they were ten years old, and placing them in year-round intensive training programs. By the time they were in their teens, they'd had thousands of hours of individual coaching, the best diets, health care, and more thousands of hours of individual practice.

By contrast, U.S. olympic teams until fairly recently were selected from athletes that had mostly learned and refined their skills as a hobby, with funding from their families, and no special treatment other than could be provided by that family's resources.

Of course, some U.S. family's could afford to indulge in years of private coaching, re-locating if the climate required year-round access to snow or water, and good health care.

But despite the massive government support and promotion of their own athletes, the U.S. amateurs usually matched them and often bested them.

Gives me some hope.

1/21/2008 12:15:00 PM  
Blogger Mad Fiddler said...

ooops.

to clarify:

"But despite the [Russian's] massive government support and promotion of their own athletes, the U.S. amateurs usually matched them and often bested them."

----- I strongly suspect that even a kid raised in economically "stressed" circumstances has markedly more open and regular access to high-tech systems than most kids living under authoritarian regimes.

1/21/2008 12:27:00 PM  
Blogger Doc99 said...

This puts the NYC blackout of 2002 in a whole new light.

1/21/2008 01:39:00 PM  
Blogger Peter Grynch said...

I used to work at a nuclear power plant. Many years ago we were tasked with ensuring that computer control systems were not in any way connected to computer systems capable of communicating with the outside world.

It makes a great plot for McGuyver episodes, but the threat was recognized and dealt with a long time ago.

1/22/2008 10:41:00 AM  
Blogger Peter Grynch said...

One problem with cyberwarfare is that when you attack an enemy with a computer virus, you are handing him a copy of that virus. Be sure that the Russians and Chi-Coms have copies of all the viruses we dropped into Saddam's networks.

Interestingly, the same problem occurs with germ warfare: release aplague and it will come back to attack your country at some time in the future.

I am amazed the terrorists didn't spread Mad Cow disease throughout the Western World. I hope they don't read this blog!

1/22/2008 10:48:00 AM  
Blogger BetaCygni said...

This reminds me of what nuclear subs do when on patrol. They test the enemy to see what his capabilities are. Hopefully we are doing the same things to other country's infrastructures.

1/23/2008 01:53:00 PM  

Post a Comment

Links to this post:

Create a Link

<< Home


Powered by Blogger