Israelis, Saudis Talk Cyberhacking in War Terms

Posted on January 12, 2012 by Steve

On January 3, a Saudi hacker group claimed that it had stolen half a million Israeli credit cards. The Bank of Israel claims their exposure is information on only 15,000 credit cards, all of which were immediately blocked. The hacker group’s stated purpose was to see Israeli cards fall into disrepute, “like the Nigerian cards.” The cracker, “0xOmar” is identified as the individual performing the hack, and says he plans to publish information on an additional 200 cards per day.

In response to the Saudi hack release of user credit information, an Israeli hacker going by the name of “OxOmer” (“O” instead of zero, “e” instead of “a”), aka Omer Cohen, has published the information on hundreds of Saudi credit cards. Cohen, a soldier in the Israeli Defense Force (IDF), says he published the information as a “deterrent.” The card info was apparently used to purchase goods on Saudi websites, thereby ratcheting things up a little by not just releasing information, but stealing funds.

Cohen believes his government has not responded quickly nor strongly enough. This “deterrent” language, of course, mirrors the military language of providing overwhelming negative consequences to keep an opponent from acting in the future. The news of the world does indeed talk up electronic hacking and cracking though the use of military terms, but there are those who argue that cyberwar doesn’t really exist – at least not yet.

I would expect that none of the credit card information released belonged to either of the hackers, but rather to “innocent bystanders.” Cohen apologized if any innocent people were hurt by his actions.

In this sense, at least, this small conflict mirrors (however weakly) the world’s real wars with their “collateral damage.”

A columnist in the conservative Jerusalem Post says that the credit cards really belong to users living in the United States, but that in any case, this kind of cyber-fighting is better than fighting by using objects of the material world, such as bullets or missiles.

And really, who’s to say he doesn’t make a very good point?

Posted in Uncategorized | Leave a comment

What’s in a (Cyber) Name?

Posted on October 27, 2011 by Steve

As the United States (and the world) prepare for the possibility of Cyber War, it seems that there’s little agreement on what the term means. Merriam-Webster defines it as “of, relating to, or involving computers or computer networks (as the Internet).” Yet we have a government Cyber Command and reports are full of military metaphors. Plug the term into the DOD’s public website, and you will be treated to 1270 articles. One such article had 77 references and included the following: cyberwarfare, cyberattacks, cyberwarriors, cyberstrategy, cyberthreat, cyberdefense, cyberspace (of course), cybersecurity, Army Forces Cyber Command, Marine Forces Cyberspace Command, National Cyber Range (Really? You shoot electrons at targets, maybe?), cyberweapons, cybersecurity professionals.

The United States Government Accounting Office (GAO) issued the July 2011 report “DOD Faces Challenges in its Cyber Activities,” wherein it expresses the same concern: definitions and responsibilities are literally all over the map. Different organizations within Defense are not coordinating their efforts and don’t even agree on some basic definitions.

So perhaps it’s not surprising that Senator Kirsten Gillibrand of New York is demanding clarification about who or what “cyber” really means.
Gillibrand wrote to Defense Secretary Leon Panetta to say “I continue to be concerned that the lack of cross-cutting, clear definitions of cyber personnel throughout the Defense Department is a significant hindrance to your ability to carry out this significant mission.” Among her complaints are that the DOD has 90,000 people working on cyber issues, but many are basic computer maintenance workers, rather than actual military cyber experts. It’s not that “just IT guys fixing hard drives” (some of which the author does himself) aren’t important, but that they’d be there in a similar capacity whether there were concerns about military cyberthreats or not. These guys, she thinks, shouldn’t be classified under the “cyber” moniker.

The lack of a cohesive response and adequate security has resulted in multiple large-scale data breaches. According to Deputy Defense Secretary Willam J. Lynn, foreign crackers stole 24,000 military files in March 2011. Lynn said “It is a significant concern that, over the past decade, terabytes of data have been extracted by foreign intruders from corporate networks of defense companies.” The DOD believes that “more than 100 foreign intelligence organizations are trying to break into U.S. network.”

Given that there are about 195 countries in the world, that’s a significant number.

Continuing from the DOD document, “Whereas a missile comes with a return address, a computer virus generally does not. The forensic work necessary to identify an attacker may take months, if identification is possible at all. And even when the attacker is identified, if it is a nonstate actor, such as a terrorist group, it may have no assets against which the United States can retaliate. Furthermore, what constitutes an attack is not always clear. In fact, many of today’s intrusions are closer to espionage than to acts of war…Given these circumstances, deterrence will necessarily be based more on denying any benefit to attackers than on imposing costs through retaliation.”

Gillibrand believes the threat to be significant. Honoring the new tradition of using military terms for threats on government networks, Gillibrand in June called for the creation of a “Cyber ROTC.” She believes that government needs to draw off some of the talent in the private sector to become cyberwarriors and that a CyberROTC could become the farm team in developing new talent.

Did I say “CyberWarriors?” I did.

Are we jumping too fast and too far into the military classification of what until now has been largely the domain of Silicon Valley and Route 128? We seem to be calling for the creation of organizations and personnel based around concepts that are not yet fully defined. This author thinks it would behoove us to understand what we are doing before we do it. I echo Senator Gillibrand’s call for common definitions. But I do believe we need definitions and accountable responsibilities in place before we jump wholeheartedly into shoveling Treasury funds into amorphous plans – solutions for problems we don’t yet understand

Posted in Uncategorized | 5 Comments

Cyber War: Here Now or Hype?

Posted on October 25, 2011 by Steve
By some accounts, cyberwar is already occurring. There have been weekly reports of US systems being hacked from Chinese cyber addresses.  Chinese hacking supposedly ranges from U.S. government systems to Google mail to the very computer on which you read this article. The StuxNet worm invaded and disabled physical systems of Iran’s nuclear power program for a while. It is widely believed to be the collaborative work between the governments of United States and Israel. There have even been viruses inside the USAF drone command.

While advocating for the establishment of the new U.S. Cyber Command Headquarters in Maryland, Senator Barbara Mikulski (D-Md) stated, “We are at war, we are being attacked, and we are being hacked.”

Defense Secretary Robert Gates’s has been widely misquoted as saying that U.S. Armed Services will consider cyber attacks as an act of war. Addressing the Defense Information Technology Acquisition Summit, he said, “Fortunately, to this point cyber attacks on our military networks have not cost any lives … When exactly is a cyber attack an act of war?”

The clear implication is that there will eventually be a level of cyberattack not yet met that will generate a military response. Then addressing The 10th IISS Asia Security Summit in Singapore on June 4, 2011 he elaborated a little further with a question, “What would constitute an act of war in the cyber world that would require some kind of a response, either in kind or kinetically?”  That word, “kinetic” tends to imply bullets and bombs.

Reports of cyberwar seem to be everywhere. Is CyberWar happening and are we on the verge of armed military conflict as a result?

Well, hold on a minute…

The US State Department says that the likelihood of a cyberwar between the United States and China is minimal and isn’t currently occurring. According to an article in San Francisco’s Examiner, “US-Chinese cyber war dismissed by State Department’”

Christopher Painter, State Department Coordinator for Cyber Issues was specifically asked on October 18, 2011 whether there is a possibility that a large-scale cyber war could break out between China and the US, and what would cause such a war. Painter responded that “our job is to avoid any kind of cyber conflict…People talk a lot about cyber war. Frankly, I don’t think we’ve really seen it.” He said that the threats that do exist are exaggerated and the task at hand is to foster understanding and trust rather to than to expect such conflicts.

America’s Cyber-Security Coordinator (aka “Cybersecurity Czar”), Howard Schmidt said directly to a Wired magazine interviewer, “There is no CyberWar.”

Why then, do we hear an almost constant drumbeat about Cyber War?

Jerry Brito and Tate Watkins, in the pages of Reason Magazine claim it’s all about control – controlling the information world and perhaps (again) the very computer on which you are reading this article. They “noted that warnings from members of Congress and government officials about online threats almost unfailingly include rhetoric about war, doom, or catastrophe. But the evidence they offer almost unfailingly relates to things like espionage, crime, vandalism, or flooding websites with traffic via distributed denial of service (DDoS) attacks.” They go on to note that there’s little verified evidence that there’s a serious threat from such online behavior, but rather that talk about dire consequences (and us losing the race to battle cyber threats) is primarily an attempt to build and grow a “cybersecurity-industrial complex.”

As a result, billions of dollars are being funneled into organizations and companies to battle a threat that may be mostly in the imaginations of those would profit from taxpayer largesse.

To take the point further, Dr Thomas Rid, from the Department of War Studies at King’s College London, argues in the Journal of Strategic Studies that cyber war is not now happening and will never take place.  To be defined as Cyber War, Rid echoes Carl von Clausewitz in saying that an attack would have to be “a potentially lethal, instrumental, and political act of force conducted through malicious code,” but that the worst we are seeing and will see is “sabotage, espionage, and subversion.” These acts, he argues, do not constitute acts of war – cyber or otherwise.

So we’re left with questions: Is there Cyber War? Or is the term it only a metaphorical expression of cyber attacks that will never rise to the level of actual war? Are the ever-escalating rhetoric and media reports just a means of gaining more control over free self-expression, does it represent a well-meaning urge toward protecting the populace – or are they simultaneously both?

The answers will help us determine if we’re living a futuristic thriller, or if nations are safe enough with current levels of security and systems safe enough with current levels of redundancy. It’s not enough to sit idly by while billions of dollars are thrown at fantasy boogeymen, creating a self-fulfilling prophecy by designing and filling a cyber armory. But neither does it make sense to ignore an impending cyber-disaster, if such is on the horizon.

Tell me, dear reader, what is the accurate perspective?
Posted in Uncategorized | 1 Comment

Is there such a thing as CyberWar?

Posted on August 22, 2011 by Steve

Contrary to my earlier posting regarding what Cyberwar is, a recent article in Slate online magazine asserts that We don’t really know how to define an act of cyberwar. That’s “We,” the international community, We the U.S. Senate, We the Department of Defense.

Currently, NATO’s Cooperative Cyber Defence Centre, one of NATO’s fifteen Centers of Excellence says that cyber aggression rises to the level of an act of cyberwar only if it is done in conjunction with a physical attack AND can be attributed to a specific government AND if it can be shown that the attack caused injury. Otherwise, there is no legal basis on which to use force against an aggressor – that is, counterattack. This opinion dates from 2008, in the absence of other international treaties on the subject. Furthermore, in a 2010 Wired interview the US cyberczar, Howard Schmidt, famously said, “There is no Cyberwar.” Only online crime and espionage.

By both of these perspectives, the 2009/10 Stuxnet worm that damaged Iran’s nuclear centrifuges and set back that country’s uranium enrichment efforts was an act of sabotage, not cyberwar. The 2008 Russian military attack on Georgia that coincided with a seemingly Russian-coordinated cyber attack (for while there may not be an agreed-upon definition of cyberwar, there clearly are cyberattacks) wasn’t an act of cyberwar because it couldn’t be proved that Russia carried out the cyber portion of the attack, nor could it be shown that the cyber part cause injury.

The news has been full of stories about the many attacks and acts of espionage against targets in the USA originating from IP addresses in China. But apparently no one can adequately prove that the Chinese government was the entity that carried out these attacks.

So, what does what does describe an actionable act of War By Computer? If millions of dollars, hundreds of companies and governments can’t place the cyberfinger on a given government with the resources at their cybercommands, what will it take?

Could it be a good thing that no act of war is legally actionable against a cyberattack? Or does a lack of definition or agreement make damaging attacks by state actors more likely? What do you think, dear reader?

Posted in Uncategorized | 1 Comment

Internet in a Suitcase to Foil Censorship

Posted on June 15, 2011 by Steve

Internet in a Suitcase to Foil Censorship, by Steve Burgess

With Egypt’s government having shut down the Internet in that country in January, 2011, presumably to confound protesters’ communications, the U.S. government has been knocking together workarounds worldwide. In one sense, it’s a logical outgrowth of such longstanding efforts as the Voice of America radio broadcasts behind the Iron Curtain of the Cold War era. But to some countries and organizations, such as Iran’s Foreign Ministry, these efforts are nothing short of cyberwar.

According to investigative work and reports by the New York Times, the U.S. has been funding and creating tools for use by the liberation-technology movements such as tweets, blog postings, and other communications from protests in countries such as Iran and Egypt. Iran’s foreign minister, Ramin Mehmanparast, said that these efforts by the U.S. amount to military psyops and are  inviting attacks from savvy Muslims. He suggests that the U.S. might not be winners in such a conflict.

These efforts at a workaround include the establishment of an independent cellphone network in Afghanistan (which begs the question – what kind of cellphone network did Afghanistan have previously?) based on towers inside military bases.
Other tools include the building of software that ensures anonymity of posters in countries where government censorship is rife, such as in China.

But recent efforts include means of bypassing the installed (and censorable) existing Internet infrastructure in countries where communication may be stifled by the existing government(s). One of these is the drive to install satellite broadcast devices in normal-looking suitcases that can interact with other portable devices, such as cell phones, to create a “mesh network.” Such technology exists for mobile devices, such as Android-powered phones, in the U.S. already, to the apparent disdain of many service providers who might prefer to do away with them as they may be able circumvent network and usage charges here.

In a mesh network, each device could act as a kind of a mini tower, handing off the signal and data to the next one nearby, until it is able to be transmitted to a standard tower or satellite. Paired with the suitcases that can broadcast to satellites, they become a powerful, and possibly stealthed, tool in countries where the government decide for one reason or another to shut down communication access to the outside world.

Using such means, dissidents in countries under siege could get their messages and images out to a concerned and interested world. By the end of this year, the State Department will have spent more than $70 million on such efforts.
Posted in Uncategorized | Leave a comment

USA Susceptible to Cyberattacks

Posted on November 24, 2010 by Steve

Richard Clarke, advisor to multiple presidents and former National Coordinator for Security, Infrastructure Protection, and Counter-terrorism said both that the United States is able to black out other countries’ power grids, and that it does not have a plan that will keep the same from happening in America. Until this summer, the concern was academic – no one was known to have the capability to halt industrial capabilities through the use of malware. But this summer’s Stuxnet changed the equation. With the advent of a worm that is capable of sabotaging industrial facilities, Clarke advises that the U.S. needs to prioritize designing a defense against efforts to damage the infrastructure at home. More here.

Posted in Uncategorized | 1 Comment

What is Cyberwar?

Posted on November 24, 2010 by Steve

What is Cyberwar?

Richard Clarke, former Special Advisor to the President on cybersecurity defined cyberwarfare as “actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption.”

For the purpose of this blog, we wish to expand the discussion to include such cross-border attacks perpetrated by non-state actors. After all, we often can’t conclusively say if a given attack’s source was a government or an individual.
Wikipedia has several thousand words on the subject here.

In a highly networked/connected culture such as in the United States, cyberattacks on individual and corporate computers and networks are a matter of daily irritation that sometimes escalate into much lost work time. Imagine the disruption if control mechanisms for energy distribution, dams, water supplies or nuclear weapons were compromised, and you can see why such issues are of concern.

They are of concern to Cybercom, an entity set up to protect cyberspace operations of the United States. They are also of concern to business and to you and me, dependent as we are on an Internet that works, dependent as we are on many services such as water and power, and on the safety of facilities such as nuclear power plants and dams – facilities whose failures could cause widespread damage and death.

Posted in Uncategorized | 2 Comments

Opening words

Posted on September 27, 2010 by Steve

Cyberwar is a reality in the world. From low-end hacking and kiddiescripts to attacks and penetration  of actual facilities in the bricks-and-mortar world, we’re living in a time of cyberwar. We hope to bring together news, essays, comments regarding concerns, actions, and ethics of attacks in the cyberworld. We hope you join us.

Posted in Uncategorized | Leave a comment