cyberwarfare
Latest
Sophisticated malware has been spying on computers since 2008 (updated)
Highly sophisticated malware isn't limited to relatively high-profile sabotage code like Stuxnet -- sometimes, it's designed to fly well under the radar. Symantec has discovered Regin, a very complex trojan that has been spying on everyone from governments to individuals since at least 2008. The malware is highly modular, letting its users customize their attacks depending on whether they need to remote control a system, get screenshots or watch network traffic. More importantly, it's uncannily good at covering its tracks. Regin is encrypted in multiple stages, making it hard to know what's happening unless you capture every stage; it even has tools to fight forensics, and it can use alternative encryption in a pinch. Researchers at Symantec suspect that the trojan is a government-created surveillance tool, since it likely took "months, if not years" to create.
State Department shuts down unclassified email to cope with hack
The US government is no stranger to dealing with cyberattacks, but it just took a rare and relatively extreme step to keep itself safe. The State Department shut down its entire unclassified email system this weekend to bolster its defenses after spotting "activity of concern" (read: potential data breaches) that happened at the same time as an earlier hack that targeted the White House. Officials aren't naming culprits at this stage -- they've pinned some previous attacks on China and Russia, but it's not clear that there was digital warfare involved this time around. More details are expected to come once the security upgrades are in place, so you may get a better sense of what happened in the near future. [Image credit: AP Photo/J. Scott Applewhite]
Stuxnet worm entered Iran's nuclear facilities through hacked suppliers
You may have heard the common story of how Stuxnet spread: the United States and Israel reportedly developed the worm in the mid-2000s to mess with Iran's nuclear program by damaging equipment, and first unleashed it on Iran's Natanz nuclear facility through infected USB drives. It got out of control, however, and escaped into the wild (that is, the internet) sometime later. Relatively straightforward, right? Well, you'll have to toss that version of events aside -- a new book, Countdown to Zero Day, explains that this digital assault played out very differently.
Snowden: The NSA's building Skynet to fight wars online
More than a year after Edward Snowden first spilled the beans on the NSA's digital surveillance practices, you wouldn't think that he had much left to reveal. In an interview with Wired, however, the former spy has revealed that the agency is building an autonomous online defense system that will, not only crush digital attacks on the US, but could also launch digital retaliations in the blink of an eye. The in-no-way-ominously-named MonsterMind is designed to scour metadata databases, analyzing the traffic patterns in a way that'd make malicious traffic stand out. Foreign attackers launching DDoS or malware attacks against financial institutions, infrastructure or government systems could then be identified, and blocked.
Spying malware leaves countries' energy grids open to attack
Cyberwarfare campaigns against Western energy grids aren't just the stuff of action movies these days -- they're very, very real. Symantec has discovered a likely state-sponsored hacking group, nicknamed Dragonfly, that has been using phishing sites and trojans to compromise energy suppliers in the US and several other countries. Unlike targeted, destruction-focused malware like Stuxnet, this appears to be a broader spying effort bent on collecting information about national infrastructure. However, it still creates a back door that leaves companies vulnerable to full-fledged attacks if they don't spot the intrusions; it wouldn't take much to create real problems.
The White House explains why it keeps quiet on internet security flaws
We wouldn't blame you for worrying about the US government's willingness to remain silent on internet vulnerabilities in the name of national security; no one wants to be left open to a preventable attack. However, the White House sees these disclosures as a complicated issue, and has posted an explanation of its reasoning in an attempt to assuage fears. The administration argues that it has a "disciplined, rigorous and high-level" decision system that balances the risks to the public against the value of any intelligence. Agencies are more likely to share details of security flaws if there's a great potential for damage, or if it's likely that someone will use the exploits. At the same time, officials are more likely to stay hush-hush when there's a high-priority target, or if it's relatively safe to use an exploit for a short while.
UK cyber defense unit promises to 'strike back' at enemies
The UK government announced last December that it was building a "Cyber Reserve" to protect itself, and now it has a few more details to divulge. Crucially, rather than merely focusing on defending the country from attacks, it'll also have an "offensive capability" to help it act as a deterrent. Speaking to the Daily Mail, Defense Secretary Philip Hammond said Britain needs to be able to "strike back in cyber space against enemies who attack us, putting cyber alongside land, sea, air and space as a mainstream military activity." Although it's a fair guess to suspect that other countries are honing offensive cyber skills too, the Financial Times reckons that the UK is the first nation to admit it's doing so. According to Hammond, the strikes could be used to disable enemy chemical weapons, communications, planes, ships and hardware. As for the forces carrying them out, they could be given a budget of up to £500 million ($800 million). Work on the Joint Cyber Reserve is already underway, with reservist recruitment scheduled to start next month. If the required physical military test intimidates you, there's nothing to worry about: a less rigorous version will be used to let those of us with desk-bound physiques protect (and fight for) the Queen.
Washington Post report details how often security agencies break into other networks
The latest national security related revelation to come from the documents leaked by Edward Snowden is an account of how offensive computer operations work, and how many there are. The Washington Post reports that in 2011, 231 took place with about three quarters of them against "top-priority" targets, which its sources indicate include Iran, Russia, China and North Korea. Also interesting are details of software and hardware implants designed to infiltrate network hardware, persist through upgrades and access other connected devices or networks. The effort to break into networks is codenamed Genie, while the "Tailored Access Operations" group custom-builds tools to execute the attacks. One document references a new system "Turbine" that automates control of "potentially millions of implants" to gather data or execute an attack. All of this access isn't possible for free however, with a total cyber operations budget of $1.02 billion which includes $25.1 million spent this year to purchase software vulnerabilities from malware vendors. Get your fill of codenames and cloak-and-dagger from the article posted tonight, or check out the "Black Budget" breakdown of overall intelligence spending.
Banks brace for cyberwarfare drill Quantum Dawn 2
Come June 28th, Wall Street outfits including the likes of Citigroup and Bank of America will be under siege -- from fake hackers, that is. Representatives from a total of 40 companies along with the Federal Reserve, Securities and Exchange Commission, US departments of Treasury and Homeland Security will take part in Quantum Dawn 2: a simulated cyberattack on faux trading and information systems. Led by the Securities Industry and Financial Markets Association, the drill will test the ability of participants to cooperate via email and phone to suss out what's going on and hatch a plan. The exercise will momentarily pause so that those involved can decide on a course of action, and then it'll speed up and model the effects of the decision over a longer period of time. With the recent flurry of hacking incidents and international finger pointing, something tells us this won't be the last we hear of drills like Quantum Dawn. [Image credit: MoneyBlogNewz, Flickr]
Obama ordered cyber attack target list to be created, according to leaked document
President Obama hasn't been shy about engaging the public and other nations on digital issues, and that includes the idea of cyber warfare. While his administration has been pretty aggressive in building up our cyber defenses, our offensive capabilities have remained somewhat more mysterious. According to a leaked document obtained by the Guardian, the White House has made moves to seriously step up its digital arsenal. In fact, it appears that a Presidential Policy Directive issued in October (though, never released for public consumption) ordered that a list of over-seas targets be drawn up for potential future offensives. Offensive Cyber Effects Operations (or OCEOs) are cited in the directive as having "unique and unconventional capabilities to advance US national objectives around the world." It then goes on to say that the government will, "identify potential targets of national importance where OCEO can offer a favorable balance of effectiveness and risk as compared with other instruments of national power." The more aggressive approach to battling foreign nations through the internet is likely to raise concerns in certain circles about the weaponization of the web. Of course, such fears about militarization aren't completely unwarranted. But with countries like China posing serious digital threats, government officials will likely see the moves as necessary. The document also says that any operations must abide by US and international law, though, we doubt any suggestions that our government blatantly ignore such rules would ever be put down on paper. The leak of the document follows hot on the heels of the growing PRISM scandal, which has put the nations digital policies front and center in the public's mind.
South Korea defense ministry reportedly crafts cyber policy group to unify security
If you hadn't heard, South Korea's under a lot of pressure lately as a result of a spate of internet-based attacks against the country's banks and broadcasters on March 20th, which some worry (though can't confirm) was the result of a large-scale hacking campaign. The country won't simply stand idle and brace for another hit, according to the Yonhap News Agency. An unnamed senior official says that South Korea's Ministry of Defense is complementing its Cyber Command division with a policy group, not unlike its UK equivalent. The new group would coordinate online security across different military sections, refining a defensive cyberwarfare strategy and recruiting more people to bulk up the digital front lines. Provided the claim is accurate, the policy unit would ready before the first half of the year is over -- and likely not a moment too soon. [Image credit: John Pavelka, Flickr]
Tallinn Manual defines the legal groundwork for cyberwarfare
The advent of cyberwarfare raises any number of legal quandaries, let alone ethical ones: when it's possible to do serious damage without crossing a border or firing a shot, where do you stop? NATO's Cooperative Cyber Defence Centre of Excellence (CCDCOE) is publishing the finished version of a non-binding guide, the Tallinn Manual, that could settle at least the legal disputes. For the most part, it demands a measured, one-for-one response and attempts to minimize collateral damage. Digital retaliation is appropriate if the state is a victim of a hacking attack, but bombs and guns should only come into play if virtual combat leads to real casualties. Any attacks should likewise steer clear of civilians, and simply having the capacity or desire for a hacking campaign doesn't make someone a target -- there has to be an "imminent" threat to justify a preemptive strike. NATO isn't formally adopting the Tallinn Manual as policy, and it's difficult to know whether the organization's member nations (or any other country) would honor the guidelines when parties on all sides have been pushing the boundaries of cyberwarfare for years. Still, we'll have to start somewhere if we want to draw a line in the silicon. [Image credit: US Army, Flickr]
China claims its defense sites face constant US hacking attacks
China is routinely accused of launching concerted hacking campaigns against the US, many of them reportedly tied directly to the army's Unit 61398 in Shanghai. If you believe the Ministry of Defense's spokesman Geng Yansheng, however, just the opposite is true. Along with claiming that China would never hurt (or rather, hack) a fly, he asserts that the Ministry and China Military Online sites faced an average of 144,000 hacking attempts per month from foreign sources in 2012, 62.9 percent of which allegedly came from the US. The Ministry's man stops short of leveling cyberwarfare charges, although he notes the US' recent plans to expand and formally define its cyberwar strategy. There's some 'splainin to do, he argues. While there isn't a formal US response, we suspect that neither side is an innocent dove here -- China is just the most recent to cry foul.
Symantec: work on Stuxnet worm started two years earlier than first thought
Most of us think we know the tale of Stuxnet: it's a possibly government-sponsored worm that played havoc with Iranian centrifuges in 2009, setting back the country's uranium enrichment program without involving any traditional weapons. Researchers at Symantec, however, now claim there's an untold narrative. They've discovered a Stuxnet 0.5 version that may have been in development or active as soon as November 2005, two years before the commonly accepted timeline. It first surfaced on trackers in November 2007, and would have created wider-ranging chaos at Iran's Natanz nuclear facility by closing vital pressure valves instead of using the subtler centrifuge technique. Symantec also noticed that this pre-1.0 malware shares traits with the Flamer code base, putting it in the context of an even larger effort than seen so far. Moreover, it would have required extensive knowledge of the Natanz infrastructure -- this was no casual attack, according to the researchers. While we may never know exactly what prompted the revamp, IAEA evidence suggests that Stuxnet wasn't truly effective until the better-known version came into play. We mostly know that modern cyberwarfare had its fair share of growing pains -- and that it's not as fresh-faced as we assumed.
Kaspersky Labs preps its own OS to guard vital industry against cyberwarfare
Kaspersky Labs' namesake Eugene Kaspersky is worried that widely distributed and potentially state-sponsored malware like Flame and Stuxnet pose dire threats to often lightly protected infrastructure like communication and power plants -- whatever your nationality, it's clearly bad for the civilian population of a given country to suffer even collateral damage from cyberattacks. To minimize future chaos and literally keep the trains running, Kaspersky and his company are expanding their ambitions beyond mere antivirus software to build their own, extra-secure operating system just for large-scale industry. The platform depends on a custom, minimalist core that refuses to run any software that isn't baked in and has no code outside of its main purposes: there'll be no water supply shutdowns after the night watch plays Solitaire from an infected drive. Any information shared from one of these systems should be completely trustworthy, Kaspersky says. He doesn't have details as to when the OS will reach behind-the-scenes hardware, but he stresses that this is definitely not an open-source project: some parts of the OS will always remain confidential to keep ne'er-do-well terrorists (and governments) from undermining the technology we often take for granted.
Iran claims to have been hit by 'heavy' cyber attack, pins slowdowns on coordinated hacking campaign
Whatever you think of Iran's politics, it's hard to deny that the country has frequently been the target of internet-based attacks that sometimes go beyond the originator's plans. If you believe High Council of Cyberspace secretary Mehdi Akhavan Behabadi, the pressure is only getting worse. He tells Iranian media that the nation is under "constant" digital bombardment and was just hit with a major assault on Tuesday that bogged down local internet access. Behabadi unsurprisingly contends that the attacks are deliberate efforts to undermine Iran's data, nuclear and oil infrastructures, with a finger implicitly pointed westward. While it's no secret that the country's enemies want to slow down what they see as a rush towards nuclear weapons, it's difficult to know how much of the accusation is serious versus bluster: we've seen individual smartphone users who consume more than the "several gigabytes" of traffic that reportedly caused national chaos in the most recent incident. No matter the exact nature, it's likely that residents stand to lose as Iran fences off the internet to keep outside influences, hostile and otherwise, from getting in. [Image credit: Amir1140, Wikipedia]
Security researchers dissect Flame's handling program, find three new viruses 'at large'
It seems Stuxnet and Flame aren't the only out-of-control cyber-weapons roaming around the Middle East. Security researchers from Symantec and Kaspersky have found that the Flame malware had the electronic equivalent of a "handler," a program called NEWSFORYOU, which is also in charge of three further viruses that are code-named SP, SPE and IP. The trio have yet to be analyzed, because although a cache of data has been discovered on a command-and-control server, decoding it has proved "virtually impossible." While both security companies have declined to point a finger as to the viruses' origin, Reuters' sources suggest they're from the United States, while The Washington Post has been told that the project was a joint-enterprise with Israel -- in keeping with the existing narrative that this is the pair behind Stuxnet.
DARPA to hold one-day cyberwarfare workshop, attendance not mandatory
Oh, the fruits of the global village are many: connecting strangers with fetishes, fostering culture through memes and engendering cyber attacks via remote since the late 20th century. It's the advanced decomposition of that latter rotten apple, however, that has DARPA -- the government's far-out research arm -- taking a proactive stance and casting an agency-wide intelligence net to shore up on future defense protocol. To do this, the DoD offshoot's holding a one-time workshop next month, dubbed Plan X Proposers' Day, with the aim of bringing personnel together to brainstorm and implement infrastructure specifically centered around cyberwarfare analysis and research. One area the project, which just received $110 million in funding, will specifically avoid is the creation of actual cyberweapons. So, yeah, while this effort's less Goldeneye and more of a strategic think tank initiative, it still warms the heart to know our nation's best, brightest and most secretive are hard at work protecting our digital butts.
Japan working on powerful cyber weapon, knows best defense is a good offense
The Japanese government has been (relatively) quietly churning away on an advanced new cyber weapon. In the post Stuxnet age it's no surprise that a government would be working on powerful new tools to defend its digital borders, but this particular virus (developed with help from Fujitsu) is raising eyebrows with some over how it accomplishes its goals. Essentially, when it detects an intruding piece of malware, the program follows the virtual trail left behind back to the attack's source -- disabling every machine it encounters along the way. The goal, obviously, is to stop the spread of a malicious piece of code by finding and shutting down, not just the source, but all middleman PCs that are also now potential hosts. In some admittedly extreme scenarios this weapon could potentially spiral out of control, taking out far more computers than intended. Nightmarish hellscapes dominated by computers run amok aside, its definitely interesting and we understand how it might cause some concern. Check out the source for a few more details.
Robert Morris, man who helped develop Unix, dies at 78
We have some somber news to bring you this morning: Robert Morris, the cryptographer who helped create Unix, has died at the age of 78. Morris began his work on the groundbreaking OS back in 1970 at AT&T's Bell Laboratories, where he played a major role in developing Unix's math library, password structure and encryption functions. His cryptographic exploration continued into the late 1970s, when he began writing a paper on an early encryption tool from Germany. But the paper would never see the light of day, thanks to a request from the NSA, which was concerned about potential security ramifications. Instead, the agency brought Morris on board as a computer security expert in 1986. Much of what he did for Uncle Sam remains classified, though he was involved in internet surveillance projects and cyber warfare -- including what might have been America's first cyberattack in 1991, when the US crippled Saddam Hussein's control capabilities during the first Gulf War. Morris stayed with the NSA until 1994, when he retired to New Hampshire. He's survived by his wife, three children and one, massive digital fingerprint. [Image courtesy of the New York Times]
