Cyber Attacks as a Form of Warfare

Author — Fri, 19 Feb 2010 21:27:27 +0000

Download this post – Cyber Warfare (34).

Imagine waking up in the morning and your electricity is out. No lights, no heat and no computers. You try to turn on your cell phone but the network is down and so is your access to the Internet. You suddenly feel alone and afraid with no contact to anyone.

An army of foreign computer hackers has brought down America’s power grid and government operations.

According to cyber security advisors this kind of scenario is very real and the U.S. is unprepared to defend itself.

Cyber sieges do happen and can have a crippling effect on national defense. In August of 2008, Russia launched a cyber attack on the national websites of Georgia, its neighboring country. These attacks coincided with Russia’s military campaign in the South Ossetia region. The attacks debilitated Georgian news and government websites and marked one of the first cyber/military wars in modern history.

The U.S. is anticipating the cyber wars of the future and is gearing up to respond and retaliate to the looming threats of both rogue states and powerful nations.

Today, at the Mandarin Oriental Hotel in Washington, DC, an independent group of former DHS, CIA and national security advisors launched a three hour cyber attack simulation.

The “Cyber ShockWave” event and was hosted by the Bipartisan Policy Center, a Washington based nonprofit organization. Their mission was to test the U.S. response to a coordinated, international attack on America’s technological infrastructure.

The group hired experts in cyber warfare to compose a simulated scenario where a virus attaches itself to a “March Madness” college basketball phone application. In the simulation, the virus replicated and spread through smart phone contact lists until it eventually brought down cellular service for most Americans. Included in the exercise were a number of private companies, such as PayPal and General Dynamics, which have a vested interest in bolstering U.S. cyber defense capabilities.

So how did America fare against a such a strike?

Epic Fail.

“The general consensus of the panel today was that we are not prepared to deal with these kinds of attacks,” said Eileen McMenamin, vice president of communications at the Bipartisan Policy Center. “Whether these threats come from individual hackers, state organizations or terrorist groups, they are very real and something we really need to be prepared for.”

Participants indicated that a large challenge in reacting to a cyber attack is identifying who the attackers are and how to find them. This concern has dogged U.S. cybersecurity experts throughout the modern era.

“It’s very easy for hackers to hide in other people’s computers and servers,” said Lou Von Thaer, a top security expert with General Dynamics, a defense firm based in Falls Church, Va. “We spent a lot of time today trying to figure out who did it and it created a lot of chaos.”

Von Thaer said that the biggest take away from the exercise was that the U.S. government needs to do more work on the policy side and pass better legislation to protect American interests.

“What we’re suggesting is the seat belt analogy,” said Von Thaer. “These days we wouldn’t imagine driving across town without wearing a seat belt. And that’s because now there are laws and regulations that have made seat belt use a standard way of life. We need to have similar standards in the cyber world.”

Article submitted by Alex Berta, Jedburgh Information Warfare Director.

Information Warfare

Author — Fri, 22 May 2009 16:34:55 +0000

There is a new battle. It does not take place on a battlefield and it affects everyone even if they don’t own a computer. Information Warfare can take place over days, weeks, or years. You may not even know that you’re in battle. The other combatant may be an unknown third party, a business competitor, or someone within your organization. By the time you realize that you’ve been targeted, the attack can be so well coordinated that there is little you can do about it. Each year there is an estimated loss of over 45 billion dollars due to information warfare, identity theft, or corporate espionage.

There is a common misconception that anti-virus and spyware programs will protect against online attacks and identity theft. It can help prevent some attacks, but many sophisticated attacks against your computer or network have the ability to disable these programs and some can mimic a legitimate file in your system. Anti-virus is poorly equipped to deal with these types of attacks.

There are more than 3 million computers infected with unknown programs everyday. Some of these programs record what internet sites you visit and collect data before facilitating pop ups and tons of spam in your inbox. There are more complex programs that record everything from keystrokes to internet use and even grant administrative rights on your computer to outsiders. This allows them to browse your computer, install programs, and download personal information while you are away. Most people think a firewall can prevent this but, unfortunately, it isn’t the case. Many of these intrusions can lead to numerous and far-reaching follow-on attacks. Once the host finds out where the main server is located they can upload a virus or trojan to it. This will allow them to either destroy or gain full access to everything on the server. Most servers are well protected and can guard against this, but well trained intruders are using special programs to defeat these practices.

Once a server or a network is infected it can be used as a bot. A bot will report to an attacker when it has successfully penetrated a target and is ready to begin. It serves as personal paging system. One example is the corruption of ICQ by computer hackers. ICQ was a popular chat program in the 1990’s and was widely used by computer hackers because they were able to modify the ICQ built in paging system. They used this otherwise useful program to set up and establish bots that would page the hacker and report the IP address, hostname, and password of vulnerable servers and networks. Attackers used the information to log in at will. Later, CGI scripts that were located primarily on 3^rd party webhosting accounts allowed attackers to share or even trade victims with each other. Once webhosting companies became aware of the problem, they began monitoring what files were uploaded to the site. Attackers simply moved on and began using Internet Relay Chat (IRC). They created bots enter chat rooms and begin trolling for victims. I have personally seen one room filled with over 5,000 bots.

Many employers use very strict policies to restrict access to third party sites and programs by their employees. These policies are largely ineffective because attackers are continuously updating and refining their methods. During an interview with a very “successful” computer hacker I learned that he had successfully infected a large company network. This access enabled him to log in to any computer on the network and do whatever he wanted without any red flags going off. I asked him how he managed to infiltrate the system and he said all it took was one email to a person at the company and some fishing attempts and he finally got them to open an email and download a simple picture that had a virus encoded into it. From this small opening, he infected the entire network.

Jedburgh Corporation’s information specialists have programs specifically designed to assist your organization’s information technology efforts or design turn-key solutions to protect your data and sensitive information. We have over 15 years in the computer security field and understand what information attackers seek, and where the information is headed if it is stolen. We are committed to ensuring that your intellectual property and personal information remain safeguarded. Contact info@jedburgh-usa.com to discuss your training needs.

Article written by Alex Berta, Technology/Identity Theft Specialist

Jedburgh Corporation » Information Warfare

Cyber Attacks as a Form of Warfare

Information Warfare