Economic Warfare: The New World Threat Via Cyberspace
With the onset of the global economic meltdown I would like to take a bit of time to ponder the possible problems we are going to run into as a country in the near future. I have spouted off before about the issues we are already facing with the rising of the Dragon in the East, but, I would also like to add a few other nation states to that list. Those states are as follows:
The Baltic States: (Russia and Ukraine for now)
Russia: With the re-awakening of the Bear in Russia to their “Cold War” aims the Baltics have figured quietly but prominently in the geopolitical warfare in cyberspace. With the advent of a rather open cyber attack against Georgia by Russia, the Russians have come further our of the digital closet since the old “Moonlight Maze” days of the 90’s. The taking down of the infrastructure in Georgia in coordination of boots on the ground was the first real “application” of full on cyberwar while fighting a ground war. By taking out some of the infrastructure it was harder for Georgia to respond properly to the attack, but, by fuller measures, this attack was but a first try that did not altogether do the job.
However, this incident shows just how much Russia has invested in the idea of cyberwar to augment the usual propaganda and other types of warfare in their arsenal. Now, this new application comes only after they have honed their skills in the spook world of SIGINT and MASINT all the while adding the technological know how to gather more and more INTEL. The bear is armed now with hackers, cyber warriors lets say, who have cut their teeth on not only the US, but also the internet as a whole.
With the spate of new malware packages coming out of the Ukraine, I am suspecting that this satellite of Russia is one of the larger incubators for the Russian cyberwar forces now being used and yet to come. Conficker and it’s progeny (B++ being the latest as of last week) are morphing and gobbling up machines in huge numbers creating a potential competitor to “Storm Worm” for zombie network of the year.
These trojans are getting swifter and swifter at stealing data and beaconing it out to dynamic DNS addresses out there in the interstitial internet sphere. For all the black holing that a company can do, it is increasingly harder to deal with a bot that randomly generates site URL’s to beacon to. For that matter, the latest iteration of Conficker actually does not need to beacon at all, instead it opens up a port and receives a push from its master, in other words a harder target to stop.
Expect to see more out of Ukraine.. More than just another spate of ATM heists too…
The Asiatic States:
Ahh India, the wonderland of the Asiatic digital frontier. A wondrous place where the US has dumped way too much outsource of our important digital work and are only now beginning to wonder if that is a “good thing”… But it’s so CHEAP!
Yeah, cheap and increasingly turning out to be insecure as all get out. If the Satyam incidents don’t set off alarm bells for company’s in the US, I have no clue what will actually wake their dead asses up to the risks they are allowing with their company and client data. Never mind that it’s a country with a border to Pakistan, has some of the same issues of religious extremism, and happens to have a healthy dose of poverty that will enable theft and espionage.. Pay no never mind to that. Oh, and maybe perhaps the whole Mumbai attack thing might be a clue? Yeah..
India lately has become less palatable to the US as an outsource area because of the economic downturn, but only a small bit as the Indians are still so dang cheap! Also, given the recent story that I posted, they are still flavor of the day as H1B visas go. We are still importing many Indian workers like our friend (insert name) who did such a fine job with Fannie Mae’s network.
Where am I going here? Well, lets just ask this question: “How do you know that Pahud is actually Pahud from India and a good guy?“ Are we that trusting of their means of documenting their residents? Given the Mumbai thing, I think not so much. Of course the same case could be made for the US too.. How do I know that Jimmy is really Jimmy and not Bobby Rae, the southern Bible Belt anti abortion, right wing Christian whackadoo bent on destroying our data?
In essence, taking data out of the country that is deemed “sensitive” like personal data, or the creation of programs that handle sensitive data and giving it to places like India is a bad idea period. Alas, we have so many call centers out there don’t we….
Long a wild west of copyright infringement, Viet Nam is becoming more of a powerhouse in the area of cyber operations as well as economic warfare in both cyberspace as well as import/export. Even as I write, there are thousands upon thousands of stealth shops with farms of DVD burners cloning movies and software for consumption in the newly digital world.
Since the opening of Viet Nam to trade by the Clinton administration, they have been more and more on the rise economically. We are exporting some fabrication to them as well, bringing in new technologies for them to integrate and use to innovate their own. That’s a good thing, but also perhaps a bad one too. Definitely on the issue of the piracy, they are learning not only from us, but also Russia. Russia used to be the largest piracy spot… They still are, but only just…
An oldie but a goodie. Ni Hao overlords!
Ahh China, what can one say that one hasn’t already in many sundry ways huh? China is a hungry beast that has a plan. Economically they have been a powerhouse for so long. Slowly selling us all of our crap all the while buying our debt. Face it, we are a wholly owned subsidiary of the Chinese government kids.
Add to this that the whole time we have been suckling at the Chinese tit, they have been working toward infiltrating all of our networks and infrastructure. Why? Well, to 0wn us more of course! To be able to pull that plug and have us laying on the ground as they dictate what they desire from us. You see, they want our trade, but they want our trade their way.. Kinda like Walmart!
So, they have honed their cyber skills, built the great Chinese firewall, and taken up the economic and cyber swords to increase their global status. They are a force to be reckoned with but are only recently being noted by the US government and the corporate world here. Of course the corporate world here takes little notice of much because they are usually feeling their own navel instead of paying attention.. But that’s another tirade for another day.
In short, China has a billion people to feed and clothe.. They will do just about anything to compete…
So, what does it all mean? Why did I drag all these disparate countries together here? Because, they are all players in the great game of economics and world domination of course! Well, domination really only applies to China and Russia in this context, but then again, so does the USA huh? Given our last 8 years of empire building I can’t really discount us as a causal factor too.
All of these countries are emerging out of the third world category and into second with aspirations to first. They also have large swaths of populations that are rising. They are hungry, hungry for food, wealth, power, and just the things that we in the west take for granted. As they grow, so too do their needs and wants. All needs and wants that they will try to fulfill in any way they can.
It used to be just a two dimensional picture to many. That picture really consisted of “oil” like the premise of “Three Days Of The Condor” and of course that is a big player still. However, as the tipping point comes on the whole globe for so many types of natural resources, so too will the way wars are waged. No longer can we see one or two dimensionally.
As the economies globally slide further into failure as ours melts down, you will see a spike in cyber warfare, Intelligence Gathering, Industrial Espionage, and general crime from all of these countries and many more. We’ve gone global kids. We laid out the phiber between the continents. We are making inroads even further into new territories with the advent of WAP and One Laptop per Child and as we do so, the more countries will start to gain the technological abilities to wage economic, as well as real “cyber” war against us in a real way.
Yeah, so what? You say…
Well, just how tethered is our economy to our computing capacities? Ummm like two dogs unable to seperate during copulation, thats how…
Lets look at it this way.. How prepared are we? The answer can be found in the hiring on of Melissa Hathaway and her 6 month review of the state of the “Cyber Readiness” of the USA en toto. Not only the governments stance, but also our whole infrastructure. Take it from one on the inside of the trenches for so long..
“We aren’t so healthy”
So far much “Security Theater” has been in the news and played out on the stages of many companies in the states. However, after the theater tent comes down and the wonks have all left the building, the lackadaisical corporate behemoths go back to feeling their navels and taking ever bigger bonus’ home for being absolute failures at security.
We are ripe for the taking and no one is at the helm. No one has been at the helm for some time now in fact… I mean, can you name a cyber tsar that lasted in the position longer than just scant months? I can’t and I doubt many of you can. So, why did they all cut and run? Because they could not affect change. The government up until now has been unable to focus their attention never mind ours collectively on the dangers involved. Humans I have found, are generally unable to detect and deter long range danger so well. Fight or flight yes… Long term Chinese or Russian plans.. Not so much. Just look at all the machinations provided to us post 9/11 and you will see what I mean…
“What do you mean I can’t have a couple ounces of liquid or gel in my carry on!?”
OOOH that’s making me feel sooo secure!
So how do we fix it?
Well, really I don’t know that we can unless we have a “Cyber Pearl Harbor” really. Say those blackouts we had back in 03 were actually the doing of China, or for that matter a “home grown” threat, we would see some quick action! Ok upon reflection it would likely be a Chinese Fire Drill instead of substantive corrective action I think. Ya know, like taking off your shoes at the airport post one noodnick trying to light his shoe on fire. Yeah, that did a lot to make us safer DHS and TSA!
I think what I am trying to say here is this; We need to be able to admit we have a problem like we are at a collective AA meeting.
“Hi, I am America and I am terrible at information security”
They say it is the first step to a cure that admission. Well, we need to really have a mea culpa as a society and then start to work on fixing that issue. I believe that Melissa’s first job is to assess, and then she will need to impart in a most forceful way, that we are rather fucked where our infrastructure is concerned. Then, she needs to give Big O’ the marching orders to sign PDD’s to FORCE corporations, and the government to protect their data “with due diligence” AND to audit them with consequences for failure.
I have said it before at client sites and I will say it here. Security procedures and policies will only be effective and instituted when there is “buy in” from the top down. Unless we get some real direction and orders from the Prez, there will be no change. China and others will keep stealing us blind, and our economy will falter even further. Unless we take the necessary steps to protect our data we can expect to lose the economic Stratego game with or without the “stimulus”.