28 January 2014: David Aucsmith, Senior Director of Microsoft’s Institute for Advanced Technology in Governments, presented on “Cyber Security and Beyond.” In addition to providing a thorough evolution of the internet, technological devices and cyber threats, he focused on the complicated relationship between the government and private sector in identifying and managing the cyber threats from state and non-state actors that exist today. Mr. Aucsmith concluded by demonstrating the multitude of ways the private sector is able to assist government entities in managing this phenomenon.
Month: January 2014
The Syrian Electronic Army: Mediums of Disinformatics
The Syrian Electronic Army (SEA) most likely began at least in part as an outgrowth of the Syrian Computer Society (SCS), an internet and information science advocacy group founded by the late Basil Al-Assad in 1989, and later led by Bashar Al-Assad prior to his elevation to the presidency. In 1997 there were only 35,000 computers in the country, two for every thousand people. The early days of Syria’s acceptance of the internet were marked by significant bureaucratic trepidation, predominantly motivated by concerns of cultural penetration. The opposing camp was urged onward by a recognition that in the face of heavy usage of the internet by other nations, especially Israel, Syrian perspectives were being drowned out. Surveys conducted in 1998 by an early advocate, Dr. Imad Mustafa, found that of 1.5 million documents on the web dealing with Syrian aspects of the Arab-Israeli conflict, 56% had been written by Israeli organizations, 18% by Zionist groups outside of Israel and another 17% were written by US government organizations. On issues rich with nationalistic fervor such as the Golan Heights, the survey found that there were essentially no existing sources or documents on the internet which were benign to Syrian interests, and that 71% of the documents were absolutely hostile to Syrian perspectives. This preoccupation with “correcting” the established media narrative has fed directly into the ethos of the SEA, though they also engage in “punishing” media outlets by propagating false news events.
The personnel evolution of the group can be roughly split into two phases. In the early phase of the group their website from May of 2011, syrian-es.com was hosted by the SCS, and the domain registration pointed to the same group. A later site, sea.sy, was registered with the approval of the SCS. By May of 2013, however, the SCS cut all of these ties and disabled use of the sea.sy site. There may have been significant personnel changes later in the 2011 era, and it is entirely possible that the activists who shared membership in SCS and SEA left at that point. The second phase of the group was much more shadowy, international and varied in their technical aptitude.
The method of attacks has been multi-pronged, from website defacement and redirects, to propaganda posting on facebook, and in some cases campaigns distributing malware (intended to reveal the identity and activity of online actors) against the Syrian Opposition. Recent operations have been heavily focused on compromising social media accounts of news organizations and celebrities.
In April of 2013 SEA conducted spearphishing (directed emails designed to steal user credentials and other data) attacks which resulted in them obtaining control of the Associated Press twitter account, which they used to spread a false story about an explosion at the White House which injured the President.
The tweet caused a temporary drop in the Dow Jones Industrial Average of over a hundred points, but AP was quickly able to regain control of their twitter account and retract the false story.
This method of attack has proven to be both high profile and high impact, and the group seems to have generally shifted focus onto compromising social media accounts. These compromises have been varied in intent, from posting false information for shock value to pushing propaganda against perceived international enemies of Syria and Al-Assad. This week there has been a compromise of CNN’s twitter account and website, used both to spread propaganda in favor of Al-Assad and to plant a false news story apparently intended to disrupt financial markets. Increasing attempts to manipulate markets may indicate economic motives behind SEA operations, especially if these actions are combined with short-selling, though this connection would require further analysis for confirmation.
The Syrian Electronic army represents a new type of cyber actor, one which is both a hacktivist group in the vein of Anonymous, and a state sponsored group much like many in operation across the world. However, unlike many hacking groups with state sponsorship, SEA concentrates on propaganda operations instead of espionage for military or economic reasons. In this sense they bear some similarity to groups like the Chinese Honker Union, and Russian hacktivist movements which have surrounded military operations and international controversies in Estonia and Georgia. The funding for the group remains murky. There are allegations that Rami Makhlouf, a billionaire cousin of Bashar Al-Assad, supported the group in leaving Syria and basing their operations in other Arab states, and continues to provide accommodations for group members. There are also rumors that hackers are paid between five hundred and a thousand dollars for successful website compromises.
Dan Gifford – MCySec Media Manager
Russia Crowdsourcing It’s Cyber Security Strategy: Clever Experiment or Solicitation of Internet Restriction Freedoms?
On November 29, 2013 the Federation Council (CF) of the Russian Federation held parliamentary hearings on the draft of the Concept of Russia’s Cyber Security Strategy. Participants of the hearing, recognizing the significant security implications of the proposed cyber security strategy, offered to submit the draft online for public discussion. The main concerns of the draft concept were gaps in the overall cyber security posture for Russia, incorporation of both state and private-sector entities, and establishing clear incident response models for individuals, businesses and the state.
On January 10, 2014 the CF published a 10-page draft of the Concept of the Russian Federation Cyber Security Strategy and allowed commentators to personally email one of the lead senators overseeing the concept’s development. The senator, Ruslan Gattarov, is the head of the Federation Council Committee on Development of Information Society which established a working group of experts to work on the cyber security strategy a year ago. Several other Russian government organizations also contributed to the final draft, including the Security Council, the Ministry of Communications and Mass Media, the Federal Security Service (FSB), the Ministry of Internal Affairs and the Ministry of Foreign Affairs.
(Pictured Above: Senator Ruslan Gattarov)
However, the FSB criticized the draft strategy pointing out the use of incorrect terminology: the term “cyber security” as used in western countries primarily encompasses the protection of equipment and communication channels. The term “information security”, which the FSB insists on, has a broader meaning and includes Internet content.
On January 13 of this year, RBK-TV, (currently Russia’s only 24-hour business news television channel), aired a report on Cyber Security (2:32 – 9:28) in Russia and invited two subject matter experts to express their opinions about the subject. During this broadcast RBK-TV stated that the Concept of the Russian Federation Cyber Security Strategy offers seven key directions, in particular, the improvement of the legal framework in the field of information technology. The authors suggest that for crimes committed on the Internet, there should be harsher punishment, including criminal prosecution. Furthermore, among the general objectives of the strategy is to increase “digital literacy” of the population and improve the culture of information security. The strategy also proposes to abandon the need of foreign programs and computers and instead rely on domestic products. However, the strategy does concede that technical support and consultation from foreign experts is still necessary for the protection of strategic resources.
Yuriy Gatchin, Chair of the Computer Security Systems Department at the St. Petersburg National Research University of Information Technologies, Mechanics and Optics (St. Petersburg NRU ITMO) disagrees with the draft strategy’s proposal that Russia still needs outside technical support. Mr. Gatchin argues that there should be no such need of foreign experts since there are plenty of “competent and smart professionals” within Russia and that Russia “needs to rely on its own strength”. Another expert, Artem Kozlyuk, one of the leaders of the Pirate Party of Russia and also the head of the project “RosKomSvoboda“/RuBlackList.Net, sees this document as mostly “focused towards the domestic market”. Kozlyuk clearly identifies the Russian government’s recent trend of fostering fear and then responding with quick policy solutions issued through the State Duma.
According to Mr. Kozlyuk, cyber security responsibility should lie on private companies’ and structures’ self-regulation as well as individuals self-policing their online activities instead of relying on the government’s implementation of an information blocking directive. Although the draft strategy currently welcomes public suggestions, Mr. Kozlyuk is pessimistic about what influence the commentators will have since there is no legal framework to support any type of publicly determined policy.
In a separate interview with Systemnyi Administrator / System Administrator, Mr. Kozlyuk offers his outlook on the future of Russian Internet:
“The Future of the Internet – is blocking, censorship under the pretext, aggressive defense of copyright, widespread identification and criminal liability for the comments. In short, the state, with some delay, but still came to the Internet”.
.jpg)
(Picture Above: Artem Kozlyuk)
“Personally, I think that the next year will be a turning point for Runet (Russian Internet): either State will choose “Chinese version” of Internet regulation with the Ministry of censorship, total information control, burdensome sanctions for Internet business and the introduction of thousands of army pro-government bloggers to refute negative impact of censorship on civil society. Or perhaps our efforts will not be wasted, and the process of integrating adequate public interests and the leveling of the negative impact of laws to limit the information will begin. I’m not saying that everything will be decided within the next year, but I’m almost certain a vector will be given, and all of us will feel what it will be”.
It is difficult to predict if Russia’s idea will prove to be successful. The draft of the Concept will be accessible for discussion, comments and suggestions for approximately one month. We will have to wait until all the results are in to see whether the final product of this endeavor will become Russia’s first publicly inspired piece of legislation or simply sputter out of existence.
– by Olga Volcsko, graduate student at the Monterey Institute of International Studies
Flames of the Dragon: A Profile of the PRC’s Cyber Situation
Since February of last year when the Mandiant Report was released, China has been at the forefront of cyber security news. It has become apparent that the PRC is waging all-out economic warfare through the use of widespread cyber espionage, intellectual property theft and massive data-exfiltration operations. China has a long history of copy-cat behavior and convoluted laws regarding intellectual property rights which support their various motivations for engaging in cyber espionage. Although much of this activity has been attributed to the Comment Crew (also referred to as APT1 by Mandiant), there are several organizations within the PRC’s hierarchy that contribute to these cyber intelligence operations.
There is also a looming concern over the PRC’s rapid expansion of their cyber-warfare capabilities. China appears focused on using their advances in cyber to balance their disparity with the U.S.’s traditional military technology and to add an additional layer to their anti-access strategy. A more frightening prospect is a build-up of military strategy that supports preemptive cyber-attacks which could lead to a cyberwar between the U.S. and China. This scenario may seem unlikely, but the NSA claimes to have foiled several Chinese cyber-attack attempts and there are reports of other recent cyber-attacks against the U.S. power grid.
The U.S. is not the only country that is concerned with China’s cyber behavior. The U.K. has addressed the PRC’s cyber espionage and expressed concern over the intentions of China’s Huawei Telecommunications company. Other European countries have accused China of accessing their foreign ministries as well. Mongolia has managed to join China’s target list having received a recent barrage of attacks, most likely in response to Mongolia’s outreach to Western nations. However, China’s cyber-attacks are not focused entirely on foreign nations. One of China’s primary targets for offensive cyber action is it’s own Tibet Autonomous Region. Several reports state that Tibet has become ground-zero for Chinese hackers and cyber-attacks in the PRC’s hunt for political dissidents within the region.
The PRC is committed to denying allegations that their central government is behind these cyber-attack and cyber-espionage campaigns. Several authorities within the U.S. also have expressed doubts over the hype of cyber escalation between the U.S. and China. The Obama administration has taken steps to initiate talks between the U.S. and China for improving cyber security between the two nations. The mood remains tense, especially following the revelations of Edward Snowden, with China accusing the U.S. of maintaining a double-standard in its behavior. Despite a steep decline in Chinese cyber activity following the release of Mandiant Report, China is back on the offensive with a resurgence of cyber-espionage efforts. It will be interesting to see where things go from here.
– by Ben Volcsko, Research Assistant
Profile of Brazil’s Overall Cyber Security Situation
Brazil is often known for its coastal beauty but sadly it should also be recognized for its prolific cyber security concerns. According to Symantec, Brazil is listed as number 7 on their list of countries with the biggest cybercrime problems. Despite investing significant amounts of money into cyber start-ups and establishing cooperative cyber security agreements with Argentina, India and Russia, Brazil is still struggling to overcome the persisting challenge that cyber-criminals present. On top of this, Brazil has recently taken a hardliner stance against the U.S. following the revelations of Edward Snowden. Brazil has actively supported the U.N.’s Cyberprivacy Agreement and begun taking steps to bypass the U.S.-operated underwater cable systems in order to reduce their dependence on who they now perceive to be false friends. It appears that Brazil, however, is focused on the wrong issues as they still need to overcome large numbers of internal banking Trojans and substantial gaps within their cyber security dynamics. Some experts even claim that Brazil’s current security posture is so poor that they are wide open to cyber-invasion. Brazil has also taken steps to introduce cloud technology into their government networks which could magnify problems in their current state. On a positive note, Brazil is now realizing that effective policy and law for responding to cybercrime is necessary. Hopefully Brazil will follow-up these legislative acts with improvements in their cyber security practices to provide some teeth for their new resolve.
For another recent summary of Brazil’s cyber security situation, check out the National Center for Digital Government’s whitepaper Brazil and the Fog of (Cyber) War.
– by Ben Volcsko, Research Assistant
WHAT!!?! Single-Use Computer Passwords A Reality?
The National Institute of Standards and Technology just released an article about how Quantum Physics might allow us to start using secure, single-use computer passwords. There are a lot a wild claims that are circulating with our approach to full-scale quantum computing. Its hard to say if these claims will be realized or not, but one thing is for sure, we all need to prepare for the emergence of quantum.
– by Ben Volcsko, Research Assistant
One of Cyber’s Greats – Dr. John Arquilla
Here is a write-up for one of cyber security’s most important contributors, Dr. John Arquilla.
Dr. John Arquilla is professor of defense analysis at the U.S. Naval Postgraduate School, author of Insurgents, Raiders, and Bandits: How Masters of Irregular Warfare Have Shaped Our World, and co-editor of Afghan Endgames: Strategy and Policy Choices for America’s Longest War.
Dr. Arquilla’s work focuses primarily on the implications of the information revolution for military organization and doctrine. At the organizational level, his research identifies the network as the form most empowered by advances in information technology and explores the potential for redesigning hierarchies along more networked lines.
The policy relevance of this work can be seen in the growing emphasis on “network-centric” operations over the past decade, and in the emergence of two NETWARCOM entities, one within the Navy, the other a part of STRATCOM. At the doctrinal level, Arquilla’s research has identified the possibility of moving from more traditional forms of frontal and/or flanking attacks to omnidirectional assaults — i. e., “swarming.” A network comprised of many small cells and nodes is seen as being ideally suited to this doctrine — thus the connection between doctrinal innovation along these lines and organizational redesign.
Far from being limited to theory, swarming has been appearing in practice as a dominant doctrine in many conflicts over the past fifteen years — e.g., from the insurgent uses of swarms in the Russo-Chechen War of 1994-1996 to Iraq (especially in the 2004-2006 period), and in commando-style terrorist assaults like the one in Mumbai in the fall of 2008 and the more recent swarming attacks mounted in Kabul by Taliban teams.
Needless to say, both networks and swarming tactics have emerged in the virtual world as well, being on particular display in Estonia in 2007 and Georgia in 2008 — both cases apparently showcasing growing Russian expertise in cyberspace-based operations. In sum, Arquilla’s research invites and encourages careful reflection on the potential of“swarm networks” to become ever more salient in military and security affairs.
Selected list of Dr. Arquilla’s published articles:
- Cyber Fail
- In Defense of PRISM
- The Art of Snore
- The Last War Standing
- John Arquilla: Go on the Cyber Offensive
- Cyberwar is Coming!
You can follow Dr. Arquilla’s Foregin Policy “Voice” on FP online.
Chronology of Major Works:
- Afghan Endgames: Strategy and Policy Choices for America’s Longest War (2012).
- Insurgents, Raiders, and Bandits: How Masters of Irregular Warfare Have Shaped Our World (2011);
- Worst Enemy: The Reluctant Transformation of the American Military (2008)
- Information Strategy and Warfare (2007)
- The Reagan Imprint: Ideas in American Foreign Policy from the Collapse of Communism to the War on Terror(2006)
- Networks and Netwars: The Future of Terror, Crime, and Militancy (NDRI, 2001)
- In Athena’s Camp: Preparing for Conflict in the Information Age (RAND, 1997)
- From Troy to Entebbe: Special Operations in Ancient & Modern Times (1996)
- The Advent of Netwar (RAND, 1996)
- Dubious Battles: Aggression, Defeat and the International System (1992)
– by Ben Volcsko, Research Assistant
Highlands Group Recommended Reading List
Just in time for your holiday shopping, we are pleased to announce the Highlands Group 2013 Reading List.
Each year the Highlands Group present a list of books that we would like to call to your attention as being noteworthy. We hope that you will find a book on this list to enjoy and spend time with over the holidays or when you are on travel. This year we have a robust stocking full of twenty-one books, including two works of fiction, covering a wide range of topics.
Our panel of distinguished guest reviewers for 2013 includes Lawrence Wright, Pulitzer Prize-winning author for his book, The Looming Tower; Peter Ho, the former Singaporean Secretary of Defence and Secretary of Foreign Affairs; Melanie Greenberg, CEO of the Alliance for Peacebuilding; George Dyson, author and historian of technology; Richard Bookstaber, economist and author; Bob Belden, Grammy-winning jazz composer, arranger and musician; and Ann Pendleton-Jullian, author, architect, and designer.
Successor to Blackhole Exploit Kit May Take Years to Emerge
The arrest of Paunch shut off the flow of updates to the highly popular crimeware infastructure support tool, the Blackhole Kit. Since then there have been a number of contenders for the lucrative crown. A new article at Threatpost speaks with analysts at Kaspersky labs about the prospects for newcomers as they come into the market. Thus far, no single product has shown it can dominate. This may indicate that taking down people like Paunch may have a real and lasting impact on the cybercrime milieu.
DARPA is Trying to Turn Cyberwar Into Child’s Play
DARPA, as expected, is coming up with many new and inventive ways of trying to rethink the cyber security challenges that DOD is plagued with. First they have developed a series of free computer and mobile app based games that, while seemingly innocuous, are actually providing algorithms for solving basic programming vulnerabilities. DARPA is also looking to shift the established system of cyberwarfare practices residing predominantly in the hands of technical experts to a mass-production type operation. This transition project is detailed in Wired’s article This Pentagon Project Makes Cyberwar as Easy as Angry Birds. Bob Dylan was right, “the times they are a-changin”.
– by Ben Volcsko, Research Assistant
You must be logged in to post a comment.