Intelligence Analysis, the threat monitor for Recorded Future, detailed recent attacks and events linked back to The European Cyber Army (ECA) in a recent article. The group has also been linked to several campaigns against U.S. banks in recent months. Additionally, large-scale Syrian web outages have also been traced back to the ECA as of March.
For those interested in seeing what other groups remain active in Europe, outside of Crimea, be sure to follow this group.
HackSurfer just released a summary on malware development for 2013 based on the formal report from Panda Labs. Here are some of the key points from the summary:
2014 Prediction about Imminent Threats:
On November 29, 2013 the Federation Council (CF) of the Russian Federation held parliamentary hearings on the draft of the Concept of Russia’s Cyber Security Strategy. Participants of the hearing, recognizing the significant security implications of the proposed cyber security strategy, offered to submit the draft online for public discussion. The main concerns of the draft concept were gaps in the overall cyber security posture for Russia, incorporation of both state and private-sector entities, and establishing clear incident response models for individuals, businesses and the state.
On January 10, 2014 the CF published a 10-page draft of the Concept of the Russian Federation Cyber Security Strategy and allowed commentators to personally email one of the lead senators overseeing the concept’s development. The senator, Ruslan Gattarov, is the head of the Federation Council Committee on Development of Information Society which established a working group of experts to work on the cyber security strategy a year ago. Several other Russian government organizations also contributed to the final draft, including the Security Council, the Ministry of Communications and Mass Media, the Federal Security Service (FSB), the Ministry of Internal Affairs and the Ministry of Foreign Affairs.
(Pictured Above: Senator Ruslan Gattarov)
However, the FSB criticized the draft strategy pointing out the use of incorrect terminology: the term “cyber security” as used in western countries primarily encompasses the protection of equipment and communication channels. The term “information security”, which the FSB insists on, has a broader meaning and includes Internet content.
On January 13 of this year, RBK-TV, (currently Russia’s only 24-hour business news television channel), aired a report on Cyber Security (2:32 – 9:28) in Russia and invited two subject matter experts to express their opinions about the subject. During this broadcast RBK-TV stated that the Concept of the Russian Federation Cyber Security Strategy offers seven key directions, in particular, the improvement of the legal framework in the field of information technology. The authors suggest that for crimes committed on the Internet, there should be harsher punishment, including criminal prosecution. Furthermore, among the general objectives of the strategy is to increase “digital literacy” of the population and improve the culture of information security. The strategy also proposes to abandon the need of foreign programs and computers and instead rely on domestic products. However, the strategy does concede that technical support and consultation from foreign experts is still necessary for the protection of strategic resources.
Yuriy Gatchin, Chair of the Computer Security Systems Department at the St. Petersburg National Research University of Information Technologies, Mechanics and Optics (St. Petersburg NRU ITMO) disagrees with the draft strategy’s proposal that Russia still needs outside technical support. Mr. Gatchin argues that there should be no such need of foreign experts since there are plenty of “competent and smart professionals” within Russia and that Russia “needs to rely on its own strength”. Another expert, Artem Kozlyuk, one of the leaders of the Pirate Party of Russia and also the head of the project “RosKomSvoboda“/RuBlackList.Net, sees this document as mostly “focused towards the domestic market”. Kozlyuk clearly identifies the Russian government’s recent trend of fostering fear and then responding with quick policy solutions issued through the State Duma.
According to Mr. Kozlyuk, cyber security responsibility should lie on private companies’ and structures’ self-regulation as well as individuals self-policing their online activities instead of relying on the government’s implementation of an information blocking directive. Although the draft strategy currently welcomes public suggestions, Mr. Kozlyuk is pessimistic about what influence the commentators will have since there is no legal framework to support any type of publicly determined policy.
In a separate interview with Systemnyi Administrator / System Administrator, Mr. Kozlyuk offers his outlook on the future of Russian Internet:
“The Future of the Internet – is blocking, censorship under the pretext, aggressive defense of copyright, widespread identification and criminal liability for the comments. In short, the state, with some delay, but still came to the Internet”.
.jpg)
(Picture Above: Artem Kozlyuk)
“Personally, I think that the next year will be a turning point for Runet (Russian Internet): either State will choose “Chinese version” of Internet regulation with the Ministry of censorship, total information control, burdensome sanctions for Internet business and the introduction of thousands of army pro-government bloggers to refute negative impact of censorship on civil society. Or perhaps our efforts will not be wasted, and the process of integrating adequate public interests and the leveling of the negative impact of laws to limit the information will begin. I’m not saying that everything will be decided within the next year, but I’m almost certain a vector will be given, and all of us will feel what it will be”.
It is difficult to predict if Russia’s idea will prove to be successful. The draft of the Concept will be accessible for discussion, comments and suggestions for approximately one month. We will have to wait until all the results are in to see whether the final product of this endeavor will become Russia’s first publicly inspired piece of legislation or simply sputter out of existence.
– by Olga Volcsko, graduate student at the Monterey Institute of International Studies
Since February of last year when the Mandiant Report was released, China has been at the forefront of cyber security news. It has become apparent that the PRC is waging all-out economic warfare through the use of widespread cyber espionage, intellectual property theft and massive data-exfiltration operations. China has a long history of copy-cat behavior and convoluted laws regarding intellectual property rights which support their various motivations for engaging in cyber espionage. Although much of this activity has been attributed to the Comment Crew (also referred to as APT1 by Mandiant), there are several organizations within the PRC’s hierarchy that contribute to these cyber intelligence operations.
There is also a looming concern over the PRC’s rapid expansion of their cyber-warfare capabilities. China appears focused on using their advances in cyber to balance their disparity with the U.S.’s traditional military technology and to add an additional layer to their anti-access strategy. A more frightening prospect is a build-up of military strategy that supports preemptive cyber-attacks which could lead to a cyberwar between the U.S. and China. This scenario may seem unlikely, but the NSA claimes to have foiled several Chinese cyber-attack attempts and there are reports of other recent cyber-attacks against the U.S. power grid.
The U.S. is not the only country that is concerned with China’s cyber behavior. The U.K. has addressed the PRC’s cyber espionage and expressed concern over the intentions of China’s Huawei Telecommunications company. Other European countries have accused China of accessing their foreign ministries as well. Mongolia has managed to join China’s target list having received a recent barrage of attacks, most likely in response to Mongolia’s outreach to Western nations. However, China’s cyber-attacks are not focused entirely on foreign nations. One of China’s primary targets for offensive cyber action is it’s own Tibet Autonomous Region. Several reports state that Tibet has become ground-zero for Chinese hackers and cyber-attacks in the PRC’s hunt for political dissidents within the region.
The PRC is committed to denying allegations that their central government is behind these cyber-attack and cyber-espionage campaigns. Several authorities within the U.S. also have expressed doubts over the hype of cyber escalation between the U.S. and China. The Obama administration has taken steps to initiate talks between the U.S. and China for improving cyber security between the two nations. The mood remains tense, especially following the revelations of Edward Snowden, with China accusing the U.S. of maintaining a double-standard in its behavior. Despite a steep decline in Chinese cyber activity following the release of Mandiant Report, China is back on the offensive with a resurgence of cyber-espionage efforts. It will be interesting to see where things go from here.
– by Ben Volcsko, Research Assistant
Brazil is often known for its coastal beauty but sadly it should also be recognized for its prolific cyber security concerns. According to Symantec, Brazil is listed as number 7 on their list of countries with the biggest cybercrime problems. Despite investing significant amounts of money into cyber start-ups and establishing cooperative cyber security agreements with Argentina, India and Russia, Brazil is still struggling to overcome the persisting challenge that cyber-criminals present. On top of this, Brazil has recently taken a hardliner stance against the U.S. following the revelations of Edward Snowden. Brazil has actively supported the U.N.’s Cyberprivacy Agreement and begun taking steps to bypass the U.S.-operated underwater cable systems in order to reduce their dependence on who they now perceive to be false friends. It appears that Brazil, however, is focused on the wrong issues as they still need to overcome large numbers of internal banking Trojans and substantial gaps within their cyber security dynamics. Some experts even claim that Brazil’s current security posture is so poor that they are wide open to cyber-invasion. Brazil has also taken steps to introduce cloud technology into their government networks which could magnify problems in their current state. On a positive note, Brazil is now realizing that effective policy and law for responding to cybercrime is necessary. Hopefully Brazil will follow-up these legislative acts with improvements in their cyber security practices to provide some teeth for their new resolve.
For another recent summary of Brazil’s cyber security situation, check out the National Center for Digital Government’s whitepaper Brazil and the Fog of (Cyber) War.
– by Ben Volcsko, Research Assistant
The National Institute of Standards and Technology just released an article about how Quantum Physics might allow us to start using secure, single-use computer passwords. There are a lot a wild claims that are circulating with our approach to full-scale quantum computing. Its hard to say if these claims will be realized or not, but one thing is for sure, we all need to prepare for the emergence of quantum.
– by Ben Volcsko, Research Assistant
Here is a write-up for one of cyber security’s most important contributors, Dr. John Arquilla.
Dr. John Arquilla is professor of defense analysis at the U.S. Naval Postgraduate School, author of Insurgents, Raiders, and Bandits: How Masters of Irregular Warfare Have Shaped Our World, and co-editor of Afghan Endgames: Strategy and Policy Choices for America’s Longest War.
Dr. Arquilla’s work focuses primarily on the implications of the information revolution for military organization and doctrine. At the organizational level, his research identifies the network as the form most empowered by advances in information technology and explores the potential for redesigning hierarchies along more networked lines.
The policy relevance of this work can be seen in the growing emphasis on “network-centric” operations over the past decade, and in the emergence of two NETWARCOM entities, one within the Navy, the other a part of STRATCOM. At the doctrinal level, Arquilla’s research has identified the possibility of moving from more traditional forms of frontal and/or flanking attacks to omnidirectional assaults — i. e., “swarming.” A network comprised of many small cells and nodes is seen as being ideally suited to this doctrine — thus the connection between doctrinal innovation along these lines and organizational redesign.
Far from being limited to theory, swarming has been appearing in practice as a dominant doctrine in many conflicts over the past fifteen years — e.g., from the insurgent uses of swarms in the Russo-Chechen War of 1994-1996 to Iraq (especially in the 2004-2006 period), and in commando-style terrorist assaults like the one in Mumbai in the fall of 2008 and the more recent swarming attacks mounted in Kabul by Taliban teams.
Needless to say, both networks and swarming tactics have emerged in the virtual world as well, being on particular display in Estonia in 2007 and Georgia in 2008 — both cases apparently showcasing growing Russian expertise in cyberspace-based operations. In sum, Arquilla’s research invites and encourages careful reflection on the potential of“swarm networks” to become ever more salient in military and security affairs.
Selected list of Dr. Arquilla’s published articles:
You can follow Dr. Arquilla’s Foregin Policy “Voice” on FP online.
Chronology of Major Works:
– by Ben Volcsko, Research Assistant
Just in time for your holiday shopping, we are pleased to announce the Highlands Group 2013 Reading List.
Each year the Highlands Group present a list of books that we would like to call to your attention as being noteworthy. We hope that you will find a book on this list to enjoy and spend time with over the holidays or when you are on travel. This year we have a robust stocking full of twenty-one books, including two works of fiction, covering a wide range of topics.
Our panel of distinguished guest reviewers for 2013 includes Lawrence Wright, Pulitzer Prize-winning author for his book, The Looming Tower; Peter Ho, the former Singaporean Secretary of Defence and Secretary of Foreign Affairs; Melanie Greenberg, CEO of the Alliance for Peacebuilding; George Dyson, author and historian of technology; Richard Bookstaber, economist and author; Bob Belden, Grammy-winning jazz composer, arranger and musician; and Ann Pendleton-Jullian, author, architect, and designer.
DARPA, as expected, is coming up with many new and inventive ways of trying to rethink the cyber security challenges that DOD is plagued with. First they have developed a series of free computer and mobile app based games that, while seemingly innocuous, are actually providing algorithms for solving basic programming vulnerabilities. DARPA is also looking to shift the established system of cyberwarfare practices residing predominantly in the hands of technical experts to a mass-production type operation. This transition project is detailed in Wired’s article This Pentagon Project Makes Cyberwar as Easy as Angry Birds. Bob Dylan was right, “the times they are a-changin”.
– by Ben Volcsko, Research Assistant
NASA developed an advanced robot known as Valkyrie that competed in DARPA’s 2013 Robotics Challenge Trial. DARPA hosted the robot challenge at the Florida’s Homestead Miami Speedway this past December. Eight teams were selected to participate in a series of trials that were focused on displaying whether each team’s robot could react to common disaster response situations. Sadly, NASA’s Valkyrie performed poorly compared to its peers, being blown out of the water by the Japanese designed robot SCHAFT. The end goal of DARPA is to promote the advancement of robotics technology and lead interested companies to produce functional automatons that can serve the public good. While this goal is worthy of praise, is this new frontier of technology not also rifled with potential vulnerabilities? Not to wear out my Terminator references, but its seems like Skynet is a definite possibility…
– by Ben Volcsko, Research Assistant
As Unmanned Aerial Vehicles (UAVs) continue to advance and play an ever growing role in modern warfare, could cyber vulnerabilities pose a potential pitfall? With drone technology rapidly advancing and allowing for the production of truly autonomous UAVs, concerns over these flying terminators being hacked become more legitimate. Here are a couple of articles to give you a little flavor on the topic. 1) Flying Hacker Contraption Hunts Other Drones, Turns Them Into Zombies, an article by Dan Gooding for Ars Technica released in December, discusses how “hacker drones” are being developed and tested to target and gain control of other UAVs. 2) Hacking the Drone War’s Secret History by Wired details how rudimentary programming and hacking skills can allow access to drone’s communication feeds. Having friendly drones falling into the control of opposition forces is a scary thought.
– by Ben Volcsko, Research Assistant
The U.S.’s International Strategy for Cyberspace, released in 2011.
Russia’s Information Security Doctrine, released in 2000.
Spain’s Cyber Security Strategy, released in 2013.
There has been much discussion about 3-D printers lately. Although 3-D printer technology is still in the early stages, many security experts believe that advanced, large-scale 3-D printers will likely revolutionize the battlefield, if not the world. Robert Beckhusen of Wired’s Danger Room offers a perspective on some of the possibilities that 3-D printers might have on the modern-day warfare in his article In Tomorrow’s Wars, Battles Will Be Fought With a 3-D Printer. If you are unfamiliar with the subject of 3-D printers, this is a good place to start.
-by Ben Volcsko, Research Assistant
Bruce Schneier, the Chief Technology Officer of Co3 Systems and well-known security blogger, offers his two-cents on modern day security concerns for today’s interconnected world of computers. His article raises a lot of good questions and identifies some of the key concerns that we should be considering for big-data going into the new year.
– by Ben Volcsko, Research Assistant
Techday IT news published this article on their predictions for cyber trends to look for in 2014. We will see how good their crystal ball skills really are.
– by Ben Volcsko, Research Assistant
If you were curious about how to take on an APT, check out this summary by Gartner, Inc., a private information technology research company. Released in September 2013, this report’s recommendations are short, sweet and informative.
– by Ben Volcsko, Research Assistant
The Australian Strategic Policy Institute (ASPI) produced a great report on the People’s Republic of China’s cyber intelligence capabilities. Titled Enter the Cyber Dragon: Understanding Chinese Intelligence Agencies, this report is a great starting point for getting a grip on what the PRC is up to in the world of cyber espionage.
– by Ben Volcsko, Research Assistant
An excellent article by Michael J. Holt, a Professor of Criminal Justice at Michigan State University, detailing the intersection of cybercrime and terrorism. As we know, criminals and terrorist share many commonalities, differing primarily in their motivation. However when it comes to the application of cyber means, both groups of actors have much overlap. Within Exploring the Intersections of Technology, Crime, and Terror, author Micheal Holt identifies the crossings of these groups and their overall impact upon cyber security.
– by Ben Volcsko, Research Assistant