SMALL WARS COUNCIL
Go Back   Small Wars Council > Small Wars Participants & Stakeholders > Media, Information & Cyber Warriors

Media, Information & Cyber Warriors Getting the story, dealing with those who do, and operating in the information & cyber domains. Not the news itself, that's here.

Reply
 
Thread Tools Display Modes
Old 07-09-2009   #21
Rex Brynen
Council Member
 
Join Date: Aug 2007
Location: Montreal
Posts: 1,600
Default Lazy Hacker and Little Worm Set Off Cyberwar Frenzy

Quote:
Originally Posted by marct View Post
Dark Reading just published a report on the recent DDOS attacks on US and South Korean systems.
Unlike the unnamed South Korean intelligence official in the report who attributes this to sophisticated state action, the view in most of the tech community seems to be that this is pretty primitive stuff:

Lazy Hacker and Little Worm Set Off Cyberwar Frenzy
By Kim Zetter
Wired, July 8, 2009

Quote:
Talk of cyberwar is in the air after more than two dozen high-level websites in the United States and South Korea were hit by denial-of-service attacks this week. But cooler heads are pointing to a pilfered five-year-old worm as the source of the traffic, under control of an unsophisticated hacker who apparently did little to bolster his borrowed code against detection.

Nonetheless, the attacks have launched a thousand headlines (or thereabouts) and helped to throw kindling on some long-standing international political flames — with one sworn enemy blaming another for the aggression.

...

Security experts who examined code used in the attack say it appears to have been delivered to machines through the MyDoom worm, a piece of malware first discovered in January 2004 and appearing in numerous variants since. The Mytob virus might have been used, as well.

...

In the recent attack, experts say the malware used no sophisticated techniques to evade detection by anti-virus software and doesn’t appear to have been written by someone experienced in coding malware. The author’s use of a pre-written worm to deliver the code also suggests the attacker probably wasn’t thinking of a long-term attack.
That, of course, doesn't exclude an unsophisticated NORK recycling some stale hacker tools, but it does perhaps place it in context.

Sam, any thoughts on this one?
__________________
They mostly come at night. Mostly.
Rex Brynen is offline   Reply With Quote
Old 07-09-2009   #22
marct
Council Member
 
marct's Avatar
 
Join Date: Aug 2006
Location: Ottawa, Canada
Posts: 3,682
Default

Quote:
Originally Posted by Rex Brynen View Post
Unlike the unnamed South Korean intelligence official in the report who attributes this to sophisticated state action, the view in most of the tech community seems to be that this is pretty primitive stuff:

Quote:
In the recent attack, experts say the malware used no sophisticated techniques to evade detection by anti-virus software and doesn’t appear to have been written by someone experienced in coding malware. The author’s use of a pre-written worm to deliver the code also suggests the attacker probably wasn’t thinking of a long-term attack.
It does make one wonder about the "security" on the affected computers, doesn't it?
__________________
Sic Bisquitus Disintegrat...
Marc W.D. Tyrrell, Ph.D.
Institute of Interdisciplinary Studies,
Senior Research Fellow,
The Canadian Centre for Intelligence and Security Studies, NPSIA
Carleton University
http://marctyrrell.com/
marct is offline   Reply With Quote
Old 07-09-2009   #23
Stan
Council Member
 
Stan's Avatar
 
Join Date: Dec 2006
Location: Estonia
Posts: 3,817
Default I won't begin to pretend

to be of Sam's caliber and a bit hesitant when it comes to using "attack" for a DDoS. But, when the system is down, I'd call that a successful WHATEVER. If they managed to shut down Foggy Bottom, I would assume they done good (and may have done us a slight favor in the process
__________________
If you want to blend in, take the bus
Stan is offline   Reply With Quote
Old 07-09-2009   #24
selil
i pwnd ur ooda loop
 
selil's Avatar
 
Join Date: Sep 2006
Location: Belly of the beast
Posts: 2,112
Default

The DDOS is one of the lowest forms of disruption you can use. The worm code used was really old, the number of machines infected was really small, and the strategy used was really poor. Not to make light of this but knocking a few websites off the web really only takes an old pop-singer taking the long dirt nap.

The security service attacked by DDOS is availability but it only really matters in high performance, low latency systems, and web servers aren't that kind of animal. As to the strategy used by this adversary it really showed a low level of sophistication. Instead of targeting a few websites and possibly hiding a compromising exploit in the noise they attacked numerous websites with little hope of sustaining that kind of broad based attack.

In many ways attacking web servers is like painting mustaches on bill boards of super models. Web servers are not critical infrastructure, the attack is more annoying than dangerous, and the media response is likely going to be out of proportion to the attack.

As an aside most DDOS are actually user generated not any kind of cyber warfare. Users get all excited as they did in the Michael Jackson death and swarm to news websites crippling them instantly (like what happened to CNN). The second thing is that it is often the system admins who pull something down to keep sophisticated adversaries from hiding in the noise and using the web servers as jump off points to more tasty targets. And, finally AKAMI and other distributed systems vendors deal with DDOS as a business.

That doesn't mean it is nice, friendly, or isn't a probe to test responses. You must take these things seriously or the next one might be against the central power distribution grid telemetry computers in Chicago. A DDOS there would be catastrophic.
__________________
Sam Liles
Selil Blog
Don't forget to duck Secret Squirrel
The scholarship of teaching and learning results in equal hatred from latte leftists and cappuccino conservatives.
All opinions are mine and may or may not reflect those of my employer depending on the chance it might affect funding, politics, or the setting of the sun. As such these are my opinions you can get your own.
selil is offline   Reply With Quote
Old 08-03-2011   #25
AdamG
Council Member
 
AdamG's Avatar
 
Join Date: Dec 2005
Location: Hiding from the Dreaded Burrito Gang
Posts: 2,425
Default Biggest-ever series of cyber attacks uncovered, U.N. hit

Quote:
BOSTON (Reuters) - Security experts have discovered the biggest series of cyber attacks to date, involving the infiltration of the networks of 72 organizations including the United Nations, governments and companies around the world.
Security company McAfee, which uncovered the intrusions, said it believed there was one "state actor" behind the attacks but declined to name it, though one security expert who has been briefed on the hacking said the evidence points to China.
The long list of victims in the five-year campaign include the governments of the United States, Taiwan, India, South Korea, Vietnam and Canada; the Association of Southeast Asian Nations (ASEAN); the International Olympic Committee (IOC); the World Anti-Doping Agency; and an array of companies, from defense contractors to high-tech enterprises.

http://in.news.yahoo.com/biggest-eve...041202195.html


Exclusive: Operation Shady rat—Unprecedented Cyber-espionage Campaign and Intellectual-Property Bonanza

http://www.vanityfair.com/culture/fe...ady-rat-201109
__________________
A scrimmage in a Border Station
A canter down some dark defile
Two thousand pounds of education
Drops to a ten-rupee jezail


http://i.imgur.com/IPT1uLH.jpg
AdamG is offline   Reply With Quote
Old 08-03-2011   #26
carl
Council Member
 
carl's Avatar
 
Join Date: Nov 2005
Location: Denver on occasion
Posts: 2,460
Default

AdamG:

I figure it this way. The nation of China is doing this. They will not stop no matter how often they are asked to or how politely they are asked. So, will it eventually come to cyber-counterattacks to disable/destroy the control computers in China? Would that result in a free for all? Or will we eventually have de-internationalize the internet and physically cut connections with China (if that is even possible)?

I don't know much about this kind of thing which is why I ask.
__________________
"We fight, get beat, rise, and fight again." Gen. Nathanael Greene
carl is offline   Reply With Quote
Old 08-04-2011   #27
Dayuhan
Council Member
 
Dayuhan's Avatar
 
Join Date: May 2009
Location: Latitude 17° 5' 11N, Longitude 120° 54' 24E, altitude 1499m. Right where I want to be.
Posts: 3,136
Default

I'd have to assume this goes on in multiple directions. The Chinese won't issue a press release when they find out they've been hacked, but that doesn't mean it doesn't happen.

I pity the poor schmuck who has to read the take from the UN.

Noted this in the Vanity Fair piece:

Quote:
Forensic investigation revealed that the defense contractor had been hit by a species of malware that had never been seen before: a spear-phishing e-mail containing a link to a Web page that, when clicked, automatically loaded a malicious program—a remote-access tool, or rat—onto the victim’s computer.
What kind of idiot clicks on a link in an e-mail of unknown origin? Doesn't everyone over 8 years old know better? Ok, maybe not everyone... but anyone on a computer that holds even potential access to confidential information should certainly know better.
__________________
“The whole aim of practical politics is to keep the populace alarmed (and hence clamorous to be led to safety) by menacing it with an endless series of hobgoblins, all of them imaginary”

H.L. Mencken
Dayuhan is offline   Reply With Quote
Old 08-04-2011   #28
bourbon
Council Member
 
bourbon's Avatar
 
Join Date: Jun 2007
Location: Boston, MA
Posts: 902
Default

Quote:
Originally Posted by Dayuhan View Post
What kind of idiot clicks on a link in an e-mail of unknown origin? Doesn't everyone over 8 years old know better? Ok, maybe not everyone... but anyone on a computer that holds even potential access to confidential information should certainly know better.
Phishing attacks do not appear to come from an unknown origin, but instead are designed to appear to come from a trusted source.
bourbon is offline   Reply With Quote
Old 08-04-2011   #29
bourbon
Council Member
 
bourbon's Avatar
 
Join Date: Jun 2007
Location: Boston, MA
Posts: 902
Default

The above VF article is actually a web exclusive to a longer article for the print edition. The hacking of the UN and International Olympic Committee -which the web exclusive and media dwell upon- are marginal-issues next to what is revealed in the longer article.


Enter the Cyber-dragon
, by Michael Joseph Gross. Vanity Fair, September 2011.
Quote:
Hackers have attacked America’s defense establishment, as well as companies from Google to Morgan Stanley to security giant RSA, and fingers point to China as the culprit. The author gets an exclusive look at the raging cyber-war—Operation Aurora! Operation Shady rat!—and learns why Washington has been slow to fight back.
bourbon is offline   Reply With Quote
Old 08-04-2011   #30
Backwards Observer
Council Member
 
Backwards Observer's Avatar
 
Join Date: Jun 2008
Posts: 500
Default

Perhaps McAfee (and Intel) should immediately cease all business with China and shut down their operations there until all cyber-espionage ceases. That might be an appropriate first move considering the seriousness of this. People might also consider a boycott of Intel and McAfee until this is settled.

Quote:
Intel looks for security in $7.7 billion McAfee deal

NEW YORK (CNNMoney.com) -- Intel Corp., the world's largest chipmaker, said Thursday it has agreed to acquire security software maker McAfee for $7.68 billion.
Intel looks for security in $7.7 billion McAfee deal - CNN Money - August 19, 2010.

...

Quote:
Intel chips in with Chinese investment

BEIJING - Intel Capital, the global investment arm of the chipmaker Intel Corp, announced on Wednesday that it has invested $22 million in three Chinese technology companies this year. It will also invest in least six more in the coming five months.

The three companies are the Shanghai-based online e-commerce outfit, 6DX Change Inc, which operates the online fashion and lifestyle e-retailer website YaoDian100.com; high-definition smart TV and cable smart set top box provider Beijing JoySee Technology Co Ltd, a subsidiary of the US-listed China Digital TV holding Co Ltd; and a second Shanghai-based outfit, BOCOM Intelligent Network Technologies Co Ltd, a provider of intelligent sensing and networking technologies for digital security and surveillance
Intel chips in with Chinese investment - China Daily - August 4, 2011

...

Quote:
McAfee Inc. to Establish New Wholly-Owned Subsidiary in China


Forming New Chinese Subsidiary Part of Expanded McAfee Investment in China, Company Aims To Boost China Business

BEIJING & SANTA CLARA, Calif., December 15, 2009 - McAfee, Inc. (NYSE:MFE) today announced it is establishing a new wholly-owned subsidiary in China. The new subsidiary forms part of a new investment McAfee is making in China and the Chinese market.

“China offers compelling opportunities for McAfee,” said Dave DeWalt, McAfee president and chief executive officer, at a press event in Beijing today. “China has great potential as a center for manufacturing, research and development for McAfee and is also a significant burgeoning market for our products. McAfee has continuously strengthened its presence in China over the last decade and we are planning to expand our investment in the near term to take full advantage of the opportunities China presents.”

[...]

Current McAfee operations in China include sales, manufacturing of the McAfee Unified Threat Management Firewall and an R&D team focused on mobile security, localization and security research. With the establishment of a new local subsidiary and the planned increased investment, McAfee intends to significantly grow its China business over the next few years.
McAfee Inc. to Establish New Wholly-Owned Subsidiary in China - McAfee Newsroom - December 15, 2009.

McAfee China Website

Last edited by Backwards Observer; 08-04-2011 at 08:42 AM. Reason: add link
Backwards Observer is offline   Reply With Quote
Old 11-19-2011   #31
AdamG
Council Member
 
AdamG's Avatar
 
Join Date: Dec 2005
Location: Hiding from the Dreaded Burrito Gang
Posts: 2,425
Default U.S. water plant malfunction, not a cyber attack (amended title)

Quote:
Foreign hackers caused a pump at an Illinois water plant to fail last week, according to a preliminary state report. Experts said the cyber-attack, if confirmed, would be the first known to have damaged one of the systems that supply Americans with water, electricity and other essentials of modern life.

Companies and government agencies that rely on the Internet have for years been routine targets of hackers, but most incidents have resulted from attempts to steal information or interrupt the functioning of Web sites. The incident in Springfield, Ill., would mark a departure because it apparently caused physical destruction.
http://www.washingtonpost.com/blogs/...TZYN_blog.html
__________________
A scrimmage in a Border Station
A canter down some dark defile
Two thousand pounds of education
Drops to a ten-rupee jezail


http://i.imgur.com/IPT1uLH.jpg
AdamG is offline   Reply With Quote
Old 11-19-2011   #32
carl
Council Member
 
carl's Avatar
 
Join Date: Nov 2005
Location: Denver on occasion
Posts: 2,460
Default

For those who are knowledgeable about this kind of thing, do you think somebody was running some kind of test in preparation for bigger things? What was the purpose of the attack? Also, why does a local water utility have to be connected to the internet?
__________________
"We fight, get beat, rise, and fight again." Gen. Nathanael Greene
carl is offline   Reply With Quote
Old 11-20-2011   #33
bourbon
Council Member
 
bourbon's Avatar
 
Join Date: Jun 2007
Location: Boston, MA
Posts: 902
Default

Quote:
Originally Posted by carl View Post
For those who are knowledgeable about this kind of thing, do you think somebody was running some kind of test in preparation for bigger things? What was the purpose of the attack? Also, why does a local water utility have to be connected to the internet?
Carl,

I think the rules of the road for cyberwarfare are being written as we speak; but generally speaking, just as every weapon needs to be tested before it can see the battlefield – so too will every cyberwarfare capability.

The difference being there really isn’t cyberwar proving grounds. This means that enemy infrastructure networks need to be regularly penetrated and I imagine occasionally fooked with – just to ensure you still have the capability.

Why does a water utility need to be connected to the internet? Remote access brings efficiency and cost savings -- one group of SCADA engineers can control multiple sites remotely, instead of having to have SCADA engineers at every site 24/7.
__________________
“[S]omething in his tone now reminded her of his explanations of asymmetric warfare, a topic in which he had a keen and abiding interest. She remembered him telling her how terrorism was almost exclusively about branding, but only slightly less so about the psychology of lotteries…” - Zero History, William Gibson
bourbon is offline   Reply With Quote
Old 11-21-2011   #34
AdamG
Council Member
 
AdamG's Avatar
 
Join Date: Dec 2005
Location: Hiding from the Dreaded Burrito Gang
Posts: 2,425
Default

Quote:
Hacking is becoming a growing problem on Earth. It may seem strange to mention Earth, as there’s not much to hack outside of our planet’s atmosphere unless you count satellites. Even then, how feasible would it be to gain access to the systems running such devices?

Well, China not only has people working on such things, it has been discovered they actually managed to take control of two NASA satellites for more than 11 minutes.

The successful attacks occurred in 2007 and 2008. The more serious of the two happened in ’08 when NASA had control of the Terra EOS earth observation system satellite disrupted for 2 minutes in June, and then a further 9 minutes in October. During that time, whoever took control had full access to the satellites’ systems, but chose to do nothing with it.
http://www.geek.com/articles/geek-pi...utes-20111119/
__________________
A scrimmage in a Border Station
A canter down some dark defile
Two thousand pounds of education
Drops to a ten-rupee jezail


http://i.imgur.com/IPT1uLH.jpg
AdamG is offline   Reply With Quote
Old 11-21-2011   #35
Backwards Observer
Council Member
 
Backwards Observer's Avatar
 
Join Date: Jun 2008
Posts: 500
Default 'hacking' and chinese 'cuisine'

Quote:
UPDATE1-US commander cannot pin down satellite anomaly

The command responsible for U.S. military space operations lacks enough data to determine who interfered with two U.S. government satellites, anomalies behind perhaps the most explosive charge in a report on China sent to the U.S. Congress on Wednesday.

"What I have seen is inconclusive," General Robert Kehler, commander of the U.S. Strategic Command, said in a teleconference from Omaha, Nebraska, home to the military outfit that conducts U.S. space and cyberspace operations.

[...]

China's military is a prime suspect, the bipartisan, 12-member commission made clear, though it added that the events in question had not actually been traced to China.
US Commander cannot pin down satellite anomaly - Reuters - Nov 16, 2011.

How does the excerpt in bold translate to the geek.com headline of "Chinese hackers took control of NASA satellite for 11 minutes"? Are they saying that the USAF General in charge of US Strategic Command is engaging in 'political correctness', incompetent, or worse, lying? Or is geek.com part of the re-activated Grill Flame program?

I did enjoy this comment on the geek.com article, however:

Quote:
You have obviously never been to china...they will eat each other before they become a "super power"
Attached Images
File Type: jpg fatty-cow-menu.jpg (21.9 KB, 203 views)
File Type: jpg chicken-soup-confiscates-hand.jpg (21.4 KB, 200 views)
Backwards Observer is offline   Reply With Quote
Old 11-22-2011   #36
davidbfpo
Council Member
 
davidbfpo's Avatar
 
Join Date: Mar 2006
Location: UK
Posts: 11,483
Default May help with the water 'attack'?

Not my field, but I think some clues and understanding is found here:http://www.schneier.com/blog/archive....html#comments
__________________
davidbfpo
davidbfpo is offline   Reply With Quote
Old 11-23-2011   #37
carl
Council Member
 
carl's Avatar
 
Join Date: Nov 2005
Location: Denver on occasion
Posts: 2,460
Default

Quote:
Originally Posted by Backwards Observer View Post
Are they saying that the USAF General in charge of US Strategic Command is engaging in 'political correctness', incompetent, or worse, lying?
After watching other Generals and high ranking State and Defense Dept. people pretend that what is isn't for the past decade in various parts of the world, I think it very plausible that the USAF General in question is doing all three at the same time.
__________________
"We fight, get beat, rise, and fight again." Gen. Nathanael Greene
carl is offline   Reply With Quote
Old 11-23-2011   #38
Backwards Observer
Council Member
 
Backwards Observer's Avatar
 
Join Date: Jun 2008
Posts: 500
Default anything that lies on anything that moves

Quote:
Originally Posted by carl View Post
After watching other Generals and high ranking State and Defense Dept. people pretend that what is isn't for the past decade in various parts of the world, I think it very plausible that the USAF General in question is doing all three at the same time.
Dang, and I thought I was cynical.
Backwards Observer is offline   Reply With Quote
Old 11-23-2011   #39
carl
Council Member
 
carl's Avatar
 
Join Date: Nov 2005
Location: Denver on occasion
Posts: 2,460
Default

When you think about it, you would expect politically correct, incompetent and dishonest to all run together.
__________________
"We fight, get beat, rise, and fight again." Gen. Nathanael Greene
carl is offline   Reply With Quote
Old 11-23-2011   #40
Backwards Observer
Council Member
 
Backwards Observer's Avatar
 
Join Date: Jun 2008
Posts: 500
Default cold war humour redux

Quote:
Originally Posted by carl View Post
When you think about it, you would expect politically correct, incompetent and dishonest to all run together.
Yeah, but in China it's the other way round. (applause)


quote

John Kenneth Galbraith - Wikipedia
Backwards Observer is offline   Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Russo-Ukraine War 2016 (April-June) davidbfpo Europe 1088 07-01-2016 09:44 PM
The Threat from Swarm Attacks (catch all) davidbfpo Doctrine & TTPs 4 08-07-2012 12:42 PM
USAF Cyber Command (catch all) selil Media, Information & Cyber Warriors 150 03-15-2011 10:50 PM
Attacks in Iraq Down Considerably SWJED Blog Watch 1 01-23-2006 10:33 PM


All times are GMT. The time now is 10:21 AM.


Powered by vBulletin® Version 3.8.9. ©2000 - 2018, Jelsoft Enterprises Ltd.
Registered Users are solely responsible for their messages.
Operated by, and site design © 2005-2009, Small Wars Foundation