cyberwarfare
Latest
Toy drones don't stand a chance against a $3 million missile
A Patriot missile costs around $3 million. A commercial quadcopter? Let's say roughly $200. But which one would win on the battlefield? General David Perkins, Commander of the US Army Training and Doctrine Command, knows the answer to this hypothetical David and Goliath match-up -- because it's already happened. During a military symposium, he touched on a strike made by a US ally, where the consumer drone "did not stand a chance" against the twenty-year old missile. With all due respect, sir, we could have told you that.
US hopes cyberattacks will stall North Korea's missile program
The US might not have had much success with cyberattacks against North Korea's nuclear program, but that apparently hasn't stopped officials from further efforts... not that they're having much success. The New York Times has learned that then-President Obama ordered escalated cyberwarfare against North Korea in 2014 a bid to thwart its plans for intercontinental ballistic missiles. However, it's not clear that this strategy has worked -- and there may be problems if it does.
The consequences of the Trump presidency on cybersecurity
Hacking and cybersecurity played a huge role in the presidential election. So much so that Donald Trump, America's new president-elect, was helped greatly by the acts of criminal hackers in his journey to the White House, and is now an outspoken WikiLeaks fan.
US is ready to hack Russia if it interferes with the election
American officials are nervous that Russia's alleged attempt to influence the election could extend to the vote itself, and they aren't willing to take any chances. A senior intelligence source tells NBC News that US cyberwarfare agents are in a position to hack Russian critical infrastructure (including command systems, the electrical grid and telecoms) if there's evidence of an attack that disrupts the election in a "significant way." The US isn't expecting such a large breach, but the message is clear: we can hurt you if you meddle with the democratic process.
Reuters: White House to appoint first federal cyber security chief today (updated)
According to Reuters, the White House will appoint Retired Air Force Brigadier General Gregory Touhill as the nation's first federal cyber security chief, a position tasked with dictating cybersecurity policy for the entire federal government. It's an announcement that's been a long time coming. After watching US networks suffer a series of embarrassing attacks last year, President Obama pledged to shore up federal cybersecruity efforts, creating a Commission on Enhancing National Cybersecurity and announcing a Cybersecurity National Action Plan. The latter promised to create a Federal Chief Information Security Officer to help protect US systems from future threats. General Touhill, it seems, is our man.
Edward Snowden suspects NSA hack was a Russian warning
The National Security Agency (and the US itself) may have just received a shot across the bow. Hackers identifying as the Shadow Brokers claim to have breached the Equation Group, a hacking outfit widely linked to NSA activities, and the data they've posted leads Edward Snowden to suspect that it might have been a state-sponsored Russian operation. If the intruders really did publish the spoils of a NSA cyberweapon staging server as they say, it'd suggest that someone wanted to show that they can prove US involvement in any attacks that came from the server.
US reportedly elevates the role of Cyber Command
Now that the US treats cyberwarfare as a staple of its combat operations, it's ready to raise the prominence of its internet warriors. Reuters sources say that the Obama administration is planning to elevate Cyber Command, turning it into a "unified command" that's just as crucial as a major regional section like Pacific Command. The proposed shuffle would also detach Cyber Command from the NSA, giving it more input on the use of online weapons and defenses.
White House outlines how the US will respond to cyberattacks
The US government is understandably worried about cyberattacks as of late, and it's now setting some ground rules for how it responds to those digital intrusions. A newly approved Presidential Policy Directive details just how officials will coordinate responses to hacks and other "cyber incidents." including its basic principles, outlining procedures and creating mechanisms that link the actions that link government divisions. Provided everything goes according to plan, officials would not only learn to share responsibility and resources when fending off attacks, but better understand the risks associated with a given crisis.
The Pentagon is developing cyber warfare tools to fight ISIS
US Cyber Command chief Adm. Michael S. Rogers has created a dedicated unit tasked with developing a suite of malware and digital weapons that can be used to wage (a digital) war against ISIS. The Pentagon originally gave Cyber Command the daunting task of launching online attacks against the Islamic State earlier this year. Unfortunately, according to The Washington Post, Cybercom was ill-prepared for the role -- besides lacking the tools to get the job done, it didn't have the right people to pull it off. WP says the new team is called "Joint Task Force Ares," and some of their possible missions include disrupting the terrorist group's payment system and knocking their current chat app of choice offline.
Cyber 'bombs,' digital D-Days and other nonsense
Cybergeddon is coming. To the disappointment of many, it's just going to look like some dude sitting at a desk, typing, and probably farting into his Department of Defense office chair. Secretary of Defense Ash Carter was quoted recently as saying the United States was going to be "dropping cyber bombs" on ISIS, and the newly invented rhetoric produced its desired effect. In expressions of both eagerness and incomprehension, outlets wrote, "Pentagon hits ISIS with 'cyber bombs' in full-scale online campaign." Scientific American even went so far as to try and explain the skin-crawlingly crazy phrase in a piece titled "How U.S. 'Cyber Bombs' against Terrorists Really Work." India Times took it all quite literally, in an article titled "There's Something Called a Cyber Bomb and the US Is Planning to Drop It on ISIS." It explained, "The proper definition of a cyber-bomb is still a little convoluted and has been kept under wraps mainly because an operation of such magnitude is yet to be carried out."
US government wants cyber forces that think like the enemy
Lawmakers want mandatory training for US military cybersecurity to act as the enemy in war games tailored to test the country's cyber defenses. The suggestion was included in a recent defense bill. To ensure attacks aren't confused with real (well, cyber) ones, agreements would be made with the Defense Secretary Ash Carter. One official described the training like the enemy squadrons used by the US Air Force during Red Flag -- a flight exercise for fighter pilots.
US launches its first cyberattacks against ISIS
The US no longer thinks that it's enough to hurt ISIS through airstrikes and cutting off propaganda channels -- it's starting a full-on digital warfare campaign. Cyber Command is launching its first attacks against ISIS' digital infrastructure in a bid to disrupt its communications and other basic functions. According to New York Times sources, this includes everything from imitating commanders to interrupting payments to fighters. This, in turn, could slow down ISIS as it second-guesses its moves for fear of being led into an American trap.
NSA will unite divisions to better tackle online threats
The US' National Security Agency isn't as united as it looks at first glance. Its intelligence gathering division (the one that conducts mass surveillance and hacking) and cyberdefense groups are largely separate. And that creates real problems -- among other issues, the intel group might be exploiting security flaws that the defensive team doesn't even know about, leaving critical systems open to attack. Those walls are about to come down, however. The NSA is poised to unveil a reorganization that will merge its offensive and defensive capabilities, helping them coordinate the fight against digital threats.
Congress considers letting US companies hack Chinese attackers
Your parents probably told you that revenge solves nothing, but the US might be willing to make an exception to that rule when it comes to hacks. A Congressional commission's report suggests that the government should consider letting companies hack the Chinese hackers that break into their systems. Theoretically, firms could erase or recover any stolen data from the original hack. The study also suggests creating a court that would hear evidence from cyberattack victims and determine whether or not the US should launch counter-hacks on their behalf.
The Pentagon's plan to outsource lethal cyber-weapons
The Pentagon has quietly put out a call for vendors to bid on a contract to develop, execute and manage its new cyber weaponry and defense program. The scope of this nearly half-billion-dollar "help wanted" work order includes counterhacking, as well as developing and deploying lethal cyberattacks -- sanctioned hacking expected to cause real-life destruction and loss of human life. In June 2016, work begins under the Cyberspace Operations Support Services contract (pdf) under CYBERCOM (United States Cyber Command). The $460 million project recently came to light and details the Pentagon's plan to hand over its IT defense and the planning, development, execution, management, integration with the NSA, and various support functions of the U.S. military's cyberattacks to one vendor.
US, China have an 'understanding' to fight cyber economic espionage
Ahead of a state dinner in Washington D.C. attended by a number of notable tech CEOs (Tim Cook, Mark Zuckerberg and Satya Nadella, to name a few), President Obama and Chinese President Xi Jinping announced an unprecedented agreement on the topic of hacking. After a number of recent hacks on commercial and government targets in the US were blamed on Chinese hackers it was expected the two might try to reach a deal, and according to Obama, they now have an understanding.
The rate of Chinese hacking attempts is slowing down
There have been so many large China-based hacking attempts in recent memory that they've started to feel like daily occurrences. Mercifully, though, it appears as if the rate of intrusions is slowing down. Multiple security executives talking to Reuters believe that the rate of Chinese-origin data breaches in the US has been "tempering" in the past several months. This doesn't mean that the hacking frenzy is over by any stretch, but Trend Micro's Tom Kellermann says there's been a distinct "consolidation" in activity.
The US and China want to set ground rules for cyberwarfare
Arms control treaties already do a lot to prevent extreme abuses of real-world weaponry, so why shouldn't they apply to virtual conflicts? The US and China certainly think that makes sense. According to sources speaking to the New York Times, the two countries are negotiating a deal that would set limits on cyberwarfare attacks. It's not clear exactly what this agreement would entail, but it would offer a "generic embrace" of a UN code of conduct that, among other things, bars attacks on critical infrastructure like power grids and cellular networks. At the least, these nations wouldn't be the first to resort to these assaults.
Hackers used Google Drive to attack Tibetans
Tibetans and pro-democracy activists in China are often the victims of cyberattacks, but a public campaign to educate people against blindly opening email attachments has been a big success. Unfortunately, as Motherboard reports, this has had the knock-on effect of forcing hackers into being a lot smarter with their subterfuge. Since would-be victims are now wary of opening attachments, nefarious types are now using Google Drive as a trojan horse with which to breach targeted systems.
The US Navy wants to buy unpatched security flaws
It won't surprise you to hear that governments are eager to buy unpatched security exploits for the sake of cyberdefense or surveillance, but they're rarely overt about it. No one must have told that to the US Navy until this week, however. The Electronic Frontier Foundation caught the military branch soliciting for both zero-day exploits and recently discovered vulnerabilities (less than six months old) for relatively common software from the likes of Apple, Google and Microsoft. The Navy quickly took the posting down, but it was clear the organization wanted to turn these flaws into "exploit binaries" -- that is, finished software that would be useful for attacks.
