Archive for the ‘CyberWar’ Category
Digital Jihad: The Great Irhabi Cyber War That Won’t Be.
Islamic State militants are planning the creation of a ‘cyber caliphate’ protected by their own encryption software – from behind which they will launch massive hacking attacks on the U.S. and the West.
Both Islamic State and Al Qaeda claim to be actively recruiting skilled hackers in a bid to create a team of jihadist computer experts capable of causing devastating cyber disruptions to Western institutions.
They are now boasting it is only a matter of time before their plan becomes a reality.
The Great Cyber Jihad
Since Junaid Hussain escaped over the border to the new lands of jihad (aka Syria) he has been vocal on Twitter showing off his great cyber manhood in classic irhabi bloviating online. That Junaid made some inroads by hacking into the prime minister’s email address at Gmail only lends him dubious credit to his hacking skills to a person involved in the security field. This however is not how the great unwashed within the media and certain quarters of the government and the military seem to perceive the threat posed by Junaid today now that he is an ISIL irhabi.
Islamic State militants are planning the creation of a ‘cyber caliphate’ protected by their own encryption software – from behind which they will launch massive hacking attacks on the U.S. and the West.
Both Islamic State and Al Qaeda claim to be actively recruiting skilled hackers in a bid to create a team of jihadist computer experts capable of causing devastating cyber disruptions to Western institutions.
They are now boasting it is only a matter of time before their plan becomes a reality.
The above text came from just one of the spate of recent reports on the great “Cyber Jihad” that is being touted to come from the likes of Junaid and ISIS/L as they attempt to expand their reach from the Middle East globally. This ls.particular commentary makes the bile rise within my gut on so many levels though. But that kind of pales in comparison to the one right below…
“We’re in a pre-9/11 moment with cyber,” John Carlin, assistant attorney in charge of the Justice Department’s National Security Division, warned at a July conference in Aspen. “It’s clear that the terrorists want to use cyber-enabled means to cause the maximum amount of destruction as they can to our infrastructure.”
PRE-9/11 OMG!!! Look you fuckwit if that were the case then China would have already put us out of our misery really. For that matter some half assed pot sodden kid who happened to hack into our grid would have taken us down years ago. There is just no need for this posturing and certainly above all coming from someone without a clue in their head about how things really work in the world of computer security. This kind of scare tactic aimed at getting people to respond in fear to allow for the government to do anything in the name of protecting us is vile.
Meanwhile you have other players such as the one below making statements of “ALL OUT CYBER WAR” while commenting on Anonymous’ operation against ISIS. I laughed and I laughed and I laughed until I just wanted to cry at the sheer stupidity of it all. Look, Anonymous can’t get their shit together enough to be both leaderless and effective so really, how much of an “ALL OUT CYBER WAR” can there be there huh? Do you even know what a cyber war really means? Cyber warfare is both digital and kinetic in it’s purest form and what kinetics did Anonymous really carry out in this operation to DoS ISIS offline?
Lemme give you a clue… None.
“Anonymous announced late last week a full scale cyber war against the Islamic State (Operation Ice ISIS), intended to attack ISIS supporters using social media for propaganda purposes”
So aside from the bloviating and the scare tactics coming out of ISIS itself we also have our responses from the government and the media with all their so called experts on cyber war and jihad. There is a lot of wankery going on here but finally this guy makes a little sense in the middle of his post on this mess…
ISIS’s main effort to date in cyberspace has focused on psychological warfare by generating fear through flooding the internet with video clips portraying the brutal acts of beheading and mass executions, as well as victory parades, as part of developing deterrence and creating an illusion of force in excess of the organization’s actual strength. The essence of its online activity, however, is broader. It enables its supporters to obtain operational information, including training in preparing explosives and car bombs, and religious rulings legitimizing massacres in regions under ISIS control. In tandem, it distributes indoctrination materials, such as a maagzine called Dabiq: The Return of Khilafah, which focuses mainly on topics relating to formation of the new Islamic state headed by ISIS leader Abu Bakr al-Baghdadi. However, ISIS’s technological expertise is not the only factor. Perhaps the public, which is revolted by the organization’s deeds but closely follows these clips and photos as a kind of reality show, is contributing a great deal to the organization’s popularity.
Yes, there it is.. ISIS has been carrying out a PROPAGANDA war primarily and with that comes from PSYOPS as well. This is the first true set of statements I have seen to date over this whole debacle. Ok, they are waging a propaganda war and a recruitment drive for sure but really, a cyber caliphate? I mean to date I have not seen this show up verbatim anywhere on the boards or on twitter so who’s leaping logic here? Seems to me that there’s a sucker born every minute and about 99% of them want to go into journalism nowadays.
A propaganda war using Twitter does not a cyber war make.
Cyber Warfare and Jihad
So let’s chat about the realities here about the capabilities of the Irhabi (ISIS/L or AQ or SEA) in a context of what we have seen so far. What have we seen you ask? Well, DoS, some data thievery, some malware use and phishing, but generally nothing spectacularly scary. Certainly nothing on the level of a nation state actor like China has been seen out of any of the loose groups that claim some jihadi notions online to date. So where do we get all this BOOGA BOOGA over the likes of Junaid Hussain and ISIS taking down our grids and things?
*squint*
Yeah, there’s no there there. I am sorry but even if ISIS/L used it’s monies that it has stolen over the last months to set up a “cyber team” they still would be LIGHT YEARS behind the likes of China.. Hell they would even be way behind Iran for that matter so really, there is nothing to fear here. Never mind that many of these guys like Junaid are working in countries that are actively being bombed and shooting is happening so really, how much longer does Juny have anyway before he gets a Hellfile missile up his ass?
Truly the cyber jihad is a non starter for me and it should be for you too. On the other end of that equation though is the fact that they are actively recruiting and getting their message out using social media and this is a problem. Now don’t get me wrong, it is not a clear and present danger kind of thing because really, 100 Americans out of how many people seeing their online drivel have actually left the country to go to jihad pretty much gives a sense of the threat. You have to be pretty unbalanced to want to do this shit to start with so if you get up and leave the country to join up you are a truly unbalanced person to start. One so easily swayed by the propaganda wing of ISIS needs help and what they will certainly get is a bullet instead while fighting. Even ISISL really doesn’t care about the Takfiri, you see kids, they are just bodies to be used… Nothing more. They may call you brother but under their breath they call you fodder.
Much Ado About Nothing
The reality is that ISIS is more a conventional force than anything else. They are not as well planned as AQ and they tend to be one dimensional thinkers. I will admit that their propaganda war has been interesting to watch but I don’t see that it is an existential threat. In fact, I concur with the assessment that AQ is still the real player here who can strike at the US and had a better track record thus far. Surely if ISIS continues to carry out the propaganda war they may garner more recruits but I just don’t see them being that inspirational to get lone wolves to activate/radicalize. I certainly don’t see them being able to put teams together to hack our infrastructure and take us down either. In fact I am not a proponent of that line of thinking anyway as a great threat. Our systems are too complex and fragmented to allow for such a spectacular attack.
So please news media… STFU.
K.
Robin Sage Has Taught Us Nothing It Seems…
Cutouts and LinkedIn
Recently I was sent an invite by the profile of “Emanuel Gomez” an alleged recruiter from Alaska asking to be added to my LinkedIn “friends” Some of you may have seen the event happen on LinkedIn as after I did a little due diligence OSINT it became clear that this account was a cutout for someone looking for entree to my list of connections using a rather obvious fake name and details. The first clue though was a quick search of the headshot used on Google image search which came up with the real person’s name and profile elsewhere. Once I got that hit it was all out OSINT time and here is what I found.
Real user profile of unsuspecting Richard Velazquez
The culprit behind this fake LI account is one Leon Jaimes, a techie in Alaska via Colorado. Leon had used an email address in his profile that led me right to him as he posted under his real name at various bulletin boards and had a flickr account attached to the same address. Within his data on the image upload site he had many personal details as well as an old registration with pertinent personal data on it that he had photographed and placed on the web… Yeah.. Sigh…
I made short work of Leon and dug up a lot on him including an arrest record for being drunk and trespassing in someone’s house. All I have to say is Leon, buddy, like I said in the email I sent to you, your OPSEC sucks! Leon actually emailed me back asking where he had gone wrong and admitting to the profile which I did not answer… I mean really? I am going to teach you better OPSEC? Two words FUCK. NO.
I had meanwhile begun a thread on LinkedIn about the incident (pic at top started the string) to alert others as to the ongoing ruse. I had seen others within my circle who had fallen for this as well as others he seemed to be aiming at. At the time of my initially getting the email to add him he had 23 people as connections. By 10 am he had 50. People were just click happy and adding him to their connections without really taking a closer look at his profile. Mind you, these were people in INFOSEC as well as MIL and Fed types! I checked the profile as of this writing though and it is now gone from LI so there is at least that and more than a few people have looked at my post and commented. Yet, it still bothers me that so many fell for such a poorly constructed profile.
FAIL.
Social Animals With Cognitive Issues
So what have we learned since the big hullabaloo over Robin Sage? It would seem not much really. Why is this? Why have people generally not learned from the event Tommy sparked back a few years ago? Are we just not teaching people about SE and the perils of cutout accounts and espionage being carried out by state actors and others via venues like LinkedIn? I actually believe that there are many concomitant issues at play here and I recently spoke at BsidesCT about the cognitive issues around security.
We are creatures of habit with lazy minds it seems with biological impediments cognitively as well as generally, as a species have adapted to being social animals. It’s this very social aspect that is being leveraged so well today as always in the espionage world. It is just that today you can reach people much easier via the net and social media and harvest much more data extremely quickly. There are of course a host of social mores that I could go into but perhaps that’s for another day. What I would really like to say here though is that if you are on LinkedIn and you are not at least trying to vet those people trying to get you to add them then you are likely adding cutout accounts as well who are spying on you.
OPSEC Lessons Learned
So I guess many people may not care at all who they connect to on LinkedIn. Perhaps some of those people are in INFOSEC or the Defense base as well. Maybe those users really have nothing in their profiles to protect and do not consider their connections to be of worth to some adversary somewhere. Perhaps those same people are idiots and have not been paying attention to the news for the last, oh, let’s say 3 years? Maybe there is just a general lack of education on the whole within companies about social engineering, phishing, and today’s common attacks? Is there actually a study out there showing just how much education is going on at a corporate and nationwide scale?
Here are the salient simple facts for you all to chew on:
- Everyone is a target and your information and your connections are important to an adversary looking to attack YOUR business.
- Social Media sites like LinkedIn are a goldmine for this intelligence gathering. Not only of your connections but also your personal information that you may leak there or other places that when mined, can lead to a fuller picture of who you are, your habits, and your weaknesses.
- Phishing and SPEAR-Phishing attacks start at this level with intelligence gathering on you and others in your circles. Plans are hatched leveraging who you know and who you work with to exploit yourself and others into clicking links or giving up intelligence to the adversary.
- All of the above happens every day to millions of people and the reality is you are the only one who can try to prevent it by being more aware of these things.
I should think that there would be more moratoriums on the use of LinkedIn and other places tagging where you work to your profile. This is a real harvest festival and has been for some time and yet no one has made a move here. LinkedIn also is a part of the problem too. They seem to be doing pretty much nothing to invent means of vetting people to insure they are who they say they are. Look at the recent case of Newscaster and their use of not only LI but also Facebook and Twitter. They had numerous people from the Aerospace community connected to them on LinkedIn and this was an Iranian operation (note** Amateurish and likely not state sponsored or run**) but still… You get the picture right?
I will leave you with these questions;
- What’s on your LinkedIn?
- Who are you connected to?
- What information is on your profile that could be used to tell what access you have, who you work for, who your friends are, what your preferences are etc…
- What secrets do you have that I can exploit from your social media accounts?
- What OPSEC precautions have you taken to protect your information?
- Are you even aware of these things?
Think before you click ADD USER.
K.
ASSESSMENT: Operation Rolling Thunder
Operation: ROLLING THUNDER:
It has come to light that the GCHQ (The UK’s NSA) took action against Anonymous by DDoS as well as the use of HUMINT and malware attacks to attempt to dissuade them from further actions. While this may be a surprise to some it is just a matter of action and reaction in the hive mind of the IC. Of course at one time there may have been more trepidation about carrying out direct action against quote unquote “dissidents” as some may call Anonymous but those days are long gone and one of the primary reasons such actions are easily rationalized now is because of terrorism. Terrorism used to mean blowing things up or taking hostages but now, with the 5th domain of cyber, that equation has changed greatly in the eyes of the worlds governments. Of course in this case it was the British carrying out the covert actions against the anonymous servers and users and as many know the Brits don’t have the most stellar first amendment record (D orders) and have a different perspective on what people have the right to do or say that may be considered civil disobedience. However, I should like to point out that it is highly likely that the UK did not act alone here and that it is probable that the NSA and the UKUSA agreements were in play here as well. I once sat on a panel at Defcon where I warned that these types of tactics as well as others would be used by the governments of the world against the Anon’s if push came to shove and it seems that I was not far off the mark. We have crossed the Rubicon and we are all in a new domain where the rules are fluid.
Civil Disobedience vs. Criminality In Anon Actions:
Some have written that these actions now revealed by Snowden show that we are all in danger of censorship and of direct action if we say or do things online that a government or agency doesn’t like and they are correct. It really is a matter of dystopian nightmare import when one stops to think that these were not state actors nor really terrorists by definition (yet) that GCHQ and the JTRIG were carrying out netwar on. The rationale I am sure is that the C&C of Anon needed to be taken out because they were “attacking” sites with DDoS or other actions (hacking in the case of LulzSec) and thus were a clear and present danger to… Well… Money really. While some consider DDoS a form of civil disobedience others see it as a threat to the lifeblood of commerce as well as portents of larger attacks against the infrastructure of the internet itself or perhaps the power grid as we keep hearing about from sources who really haven’t a clue on how these things work. Sure, there were criminal actions taken by Sabu and others within the collective as well as the splinter cell that was LulzSec/Antisec but most of the activity was not anything that I would consider grounds for covert action. That the JTRIG not only used malware but also HUMINT and SIGINT (all things used in nation state covert collections and actions) shows that they were genuinely afraid of the Anon’s and Lulzers and that their only solution was to reciprocate with nation state tools to deny and disrupt their cabal. I think though that most of the aegis that the IC had though was the fact that they “could” do it all without any sanction against them because it was all secret and they hold the keys to all of the data. Of course now that is not the case and they should be held accountable for the actions they took just as the CIA has been or should have been in the past over say the covert action in Nicaragua. I don’t think this will happen though so what will really only come out of this revelation is more distrust of governments and a warning to Anonymous and others about their operational security.
Cyber Warfare and Law:
What this release shows though most of all is that the government is above the law because in reality there is very little real law on the books covering the 5th domain of cyberspace. As we have seen in the last few years there has been a rapid outpace of any kind of lawfare over actions taken in cyberspace either on the nation state level (think APT tit for tat) and criminal actions such as the target hack and all the carding going on. In the case of the US government the military has far outstripped the government where this is concerned with warfare units actively being formed and skills honed. All the while the government(s) has/have failed to create or edit any of the current law out there concerning cyber warfare in any consistent manner. So this leaves us with warfare capabilities and actions being carried out on a global medium that is not nation state owned but globally owned by the people. Of course this is one of the core arguments over the internet, it’s being free and a place of expression whereas corporations want to commoditize it and governments want to control it and make war with it. This all is muddled as the people really do not truly own the infrastructure corporations do and well, who controls what then without solid laws? Increasingly this is all looking more and more like a plot from Ghost in the Shell SAC with government teams carrying out covert actions against alleged terrorists and plots behind every bit passing over the fiber. The upshot though is that as yet the capacity to carry out actions against anyone the government see’s as a threat far outstrips the laws concerning those actions as being illegal just as much as the illegalities of actors like Anonymous. The current law is weak or damaged and no one has really stepped up in the US yet to fix even the CFAA in a serious way as yet.
Covert Actions, HUMINT, and SIGINT:
When I was on the panel at DEFCON I spoke of the governments and agencies likely using disinformation and other covert actions against the digital insurgency that they perceived was being levied against them. Now with the perspective of the Snowden collection it is plain to me that not only will the easily make the call to carry out actions against those they fear but also those actions are myriad. If you are going against the nation state by attacking it’s power elite or its interests expect the actions to be taken against you to be swift and unstoppable. In the case of the DDoS this was just a tit for tat disruptive attack that seemed to have worked on some. The other more subtle attacks of hacking via insertion of malware through phishing and intelligence gathering my using spiked links and leverage against providers shows how willing they were to effect their goals. Now consider all that we have learned from Snowden and conjure up how easy it is today with NSL letters and obfuscated secret court rulings on the collection of data wholesale from the internet and infrastructure.. You should be scared. Add to this the effect of the over-classification of everything and you have a rich environment for abuses against whomever they choose no matter how many in the IC say that they are to be trusted. The base fact is this; The internet is the new battlefield for war as well as espionage not just criminality and law enforcement actions. If you are considered a threat by today’s crazy standards of terrorism is everywhere, then you too can have your data held in Utah where someday someone could make a case against you. Some of that data may in fact come from direct covert actions against you by your government or law enforcement per the rules today as they stand.
ANALYSIS:
The final analysis of this presentation that was leaked and the actions alleged to have been taken against Anonymous is that there is no real accountability and that secrecy is the blanket for covert action against non combatants in any war. We are in a new dystopian nightmare where cyberwar is concerned and there is a lot of fear on the governments part on attacks that could take down grids (misinformed ones really) as well as a ravening by some to be “in” on the ground level for carrying out such warfare. Without proper laws nationally and internationally as well as proper oversight there never will be an equitable solution to actions in cyberspace as either being criminal, grounds for war, or civil disobedience just as there will always be the high chance of reciprocity that far outstrips a common DoS. The crux here is that without the proper laws you as a participant of a DDoS could be sanctioned for attack and then over prosecuted for your actions as we have seen these last few years. Without a solid legal infrastructure and a Geneva Convention of sorts concerning cyber warfare, no one is safe. As an ancillary factor to this I would also say to all those in Anonymous and any other collectives that may rise you should be very careful and step up your OPSEC and technical security measures if you are going to play this game. As we have seen many of those key players in Anonymous and LulzSec were caught up with and are in legal trouble just as much as the guy who just decided to join a DoS for a minute and was fined a huge amount of money for his trouble. Remember, it’s all fun and games until the governments of the world decide that it’s not and want to squash you like a bug.
K.
So here’s my thing….
VQX HWMVCUSE JQJFASSNTG QV! X HQ JD ISIAVVE!
Face it.. We are all PWND six ways to Sunday
Every frigging day we hear more and more about how the NSA has been emptying our lives of privacy and subverting the laws of this land and others with their machinations. It’s true, and I have been saying as much since the day Mr. Klein came out of his telco closet and talked about how the NARUS system had been plugged into the MAE West back in the day. We are all well and truly fucked if we want any kind of privacy today kids and we all need to just sit back and think about that.
*ponder ponder ponder*
Ok, I have thought about it and I have tried to think of any way to protect myself from the encroachment of the NSA and all the big and little sisters out there. I am absolutely flummoxed to come up with any cogent means to really and truly protect my communications. Short of having access to the NSA supercloud and some cryptographers I don’t think that we will not truly have any privacy anymore. If you place it on the net, or in the air. We have reached in my opinion the very real possibility of the N-Dystopia I have talked about before in the Great Cyber Game post.
As the pundits like Schneier and others groan on and on about how the NSA is doing all of this to us all I have increasingly felt the 5 stages of grief. I had the disbelief (ok not completely as you all know but the scope was incredible at each revelation) Then the anger came and washed over me, waves and waves of it as I saw the breadth and scope of the abuse. Soon though that anger went away and I was then feeling the bargaining phase begin. I started to bargain in my head with ideas that I could in fact create my own privacy with crypto and other OPSEC means. I thought I could just deny the government the data. I soon though began to understand that no matter what I did with the tools out there that it was likely they had already been back door’d. This came to be more than the case once the stories came out around how the NSA had been pressuring all kinds of tech companies to weaken standards or even build full back doors into their products under the guise of “National Security”
Over time the revelations have all lead to the inescapable truth that there is nothing really anyone can do to stop the nation state from mining our communications on a technological level. Once that had fully set in my mind the depression kicked in. Of late I have been more quiet online and more depressed about our current state as well as our future state with regard to surveillance and the cyberwarz. I came to the conclusion that no matter the railing and screaming I might do it would mean nothing to the rapidly approaching cyberpocalypse of our own creation arriving. ….In short, we can’t stop it and thus the last of the five stages for me has set in. I accept that there is nothing I can do, nay, nothing “we” can do to stop this short of a bloody coup on the government at large.
I now luxuriate in my apathy and were I to really care any more I would lose my fucking mind.
OPSEC! OPSEC! OPSEC!
Speaking of losing one’s mind.. Lately people all have been yelling that OPSEC is the only way! One (the gruqq) has been touting this and all kinds of counterintelligence as the panacea for the masses on these issues. Well, why? Why should we all have to be spies to just have a little privacy in our lives huh? I mean it’s one thing to be a shithead and just share every fucking stupid idea you have on FriendFace and Tweeter but really, if you can’t shut yourself up that is your problem right? No, I speak of the every day email to your mom telling her about your health status or maybe your decision to come out etc. Why should the government have the eminent domain digitally to look at all that shit now or later?
If you take measures to protect these transactions and those measures are already compromised by the government why then should you even attempt to protect them with overburdened measures such as OPSEC huh? I mean, really if you are that worried about that shit then go talk to someone personally huh? I know, quite the defeatist attitude I have there huh? The reality is that even though I claim not to be caring about it (re: apathy above) I actually do but I realize that we no longer have privacy even if we try to create it for ourselves with technical means. If the gov wants to see your shit they will make a way to do so without your knowing about it. I fully expect someday that they will just claim eminent domain over the internet completely.
Fuck OPSEC.. I want my government to do the right thing and not try to hide all their skirting of the law by making it classified and sending me an NSL that threatens to put me in jail for breaking the law.
Fuck this shit.
CYBERWARZ
Then we have the CYBERWARZ!! Oh yeah, the gubment, the military, and the private sector all have the CYBERWARZ fever. I cannot tell you how sick of that bullshit I am really. I am tired of all the hype and misdirection. Let me clear this up for you all right here and right now. THERE IS NO CYBERWAR! There is only snake oil and espionage. UNTIL such time as there is a full out kinetic war going on where systems have been destroyed or compromised just before tanks roll in or nukes hit us there is no cyberwar to speak of. There is only TALK OF cyber war.. Well more like masturbatory fantasies by the likes of Beitlich et al in reality. So back the fuck off of this shit mmkay? We do not live in the world of William Gibson and NO you are not Johnny Mnemonic ok!
Sick. And. Tired.
I really feel like that Shatner skit where he tells the Trekkies to get a life…
Awaiting the DERPOCALYPSE
All that is left for us all now is the DERPOCALYPSE. This is the end state of INFOSEC to me. We are all going to be co-opted into the cyberwarz and the privacy wars and none of us have a snowball’s chance in hell of doing anything productive with our lives. Some of us are breaking things because we love it. Others are trying to protect “ALL THE THINGS” from the breakers and the people who take their ideas and technologies and begin breaking all those things. It’s a vicious cycle of derp that really has no end. It’s an ouroboros of fail.
RAGE! RAGE! AGAINST THE DYING OF THE PRIVACY! is a nice sentiment but in reality we have no way to completely stop the juggernaut of the NSA and the government kids. We are all just pawns in a larger geopolitical game and we have to accept this. If we choose not to, and many have, then I suggest you gird your loins for the inevitable kick in the balls that you will receive from the government eventually. The same applies for all those companies out there aiding the government in their quest for the panopticon or the cyberwarz. Money talks and there is so much of it in this industry now that there is little to stop it’s abuse as well.
We are well and truly fucked.
So, if you too are feeling burned out by all of this take heart gentle reader. All you need do is just not care anymore. Come, join me in the pool of acceptance. Would you care for a lotus blossom perhaps? It’s all good once you have accepted the truth that there is nothing you can do and that if you do things that might secure you then you are now more of a target. So, do nothing…
Derp.
K.
Book Review: An Introduction to Cyber-Warfare: A Multidisciplinary Approach
IJPFRH CPAGP EIIL!
CYBER CYBER CYBER!
CYBER CYBER CYBER! or “CRY HAVOC AND LET SLIP THE DIGITAL DOGS OD CYBER WAR!”” is often what you hear from me in a mocking tone as I scan the internet and the news for the usual cyber-douchery. Well this time kids I am actually going to review a book that for once was not full of douchery! Instead it was filled with mostly good information and aimed at people who are not necessarily versed at all in the cyberz. I personally was surprised to find myself thinking that I would approve this for a syllabus (as it has been placed into one by someone I know and asked me to read this and comment)
The book really is a primer on IW (Information Warfare) and Cyber-Warfare (for lack of a better nomenclature for it) which many of you reading my blog might be way below your desired literacy level on the subjects. However, for the novice I would happily recommend that they read the book and then spend more time using ALL of the footnotes to go and read even more on the subject to get a grasp of the complexities here. In fact, I would go as far as to say to all of you out there that IF you are teaching this subject at all then you SHOULD use this book as a starting point.
I would also like to say that I would LOVE to start a kickstarter and get this book into the hands of each and every moron in Congress and the House. I would sit there and MAKE them read it in front of me *surely watching their lips move as they do so* There are too many people in positions of power making stupid decisions about this stuff when they haven’t a single clue. I guess the same could be said about the military folks as well. We have plenty of generals who have no idea either.. That’s just one man’s opinion though.
As we move further and further down the cyber-war road I think that books like this should be mandatory reading for all military personnel as well as college level courses in not only IW/INFOSEC but also political and affairs of state majors as well. We will only continue down this road it seems and it would be best for us all if the next wave of digital natives had a real grasp of the technologies as well as the political, logical, and tactical aspects of “Cyber”
I have broken down the book into rough chapters and subject areas as it is within the book (mostly) It really does cover more of the overall issues of cyber-warfare and methods used (not overly technical) The modus operandi so to speak of the actual events that have taken place are laid out in the book and give you a picture of the evolving of IW to what we see today as “cyber-warfare” I will comment on those sections on what I thought was good and what I thought was derpy of course, I mean would you all have it any other way?
IW (INFORMATION WARFARE) RUSSIA
The authors cover early IW with the Russian saga’s over Georgia and Estonia. There is a lot in there that perhaps even you out there might not know about the specifics of the incidents where Russia is “alleged” to have attacked both countries at different times with different goals and effects. Much of this also touches on the ideas of proxy organizations that may or may not be state run that were a part of the action as well as a good overview of what happened.
In the case of Georgia it went kinetic and this is the first real “cyber-warfare” incident in my mind as cyber-war goes. I say this because in my mind unless there is an actual kinetic portion to the fighting there is no “war” it is instead an “action” or “espionage” so in the case of tanks rolling in on Georgia we have a warfare scenario outright that was in tandem with IW/CW actions.
OUR CHINESE OVERLORDS
Ah Chairman Meow… What book on Cyber would be complete without our friends at the MSS 3rd Directorate huh? Well in the case of this primer it gets it right. It gets across not only that China has been hacking the living shit out of us but also WHY they are doing it! The book gives a base of information (lots of footnotes and links) to ancillary documentation that will explain the nature of Chinese thought on warfare and more to the point Cyber-Warfare. The Chinese have been working this angle (The Thousand Grains of Sand etc) for a long time now and there are more than a few treatises on it for you to read after finishing this book.
The big cases are in there as well as mention of the malware used, goals of the attacks and some of the key players. If you are out to start teaching about Chinese electronic/cyber/IW then this is a good place to start. Not too heavy but it gets the point across to those who are not so up to speed on the politics, the tech, or the stratagems involved.
ANONYMOUS/SEA/LULZSEC
Anonymous, as someone on my Twitter feed was just asking me as I was writing this piece, is also a part of this picture as well. The idea of asymmetric online warfare is really embodied by these groups. The book focuses more on Lulzsec and their 50 days of sailing but it doesn’t go too in depth with the derp. Suffice to say that all of them are indeed important to cyber-warfare as we know it and may in fact be the end model for all cyber-warfare. How so? Well, how better to have plausible denyability than to get a non state group to carry out your dirty war? Hell, for that matter how about just blame them and make it look like one of their ops huh?
Oddly enough just days ago Hammond wrote a piece saying this very thing. He intoned that the FBI via Sabu were manipulating the Anon’s into going after government targets. This is not beyond comprehension especially for places like China as well. So this is something to pay attention to. However, this book really did not take that issue on and I really wished that they had. Perhaps in the next updated edition guys?
THE GRID
OY VEY, the “GRID” this is one of the most derpy subjects usually in the media as well as the books/talks/material on cyber-warfare out there. In this case though I will allow what they wrote stand as a “so so” because they make no real claim to an actual apocalypse. Instead the book talks about the possible scenarios of how one could attack the grid. This book makes no claim that it would work but it is something to think about especially if you have an army of trained squirrels with routers strapped to their backs.
It is my belief that the system is too complex to have a systematic fail of apocalypse proportions and it always has been so. If the book talked about maybe creating a series of EMP devices placed at strategic high volume transformers then I would say they’d be on to something. However, that said, the use of a topological attack model was a good one from a logical perspective. They base most of this off of the Chinese grad students paper back years ago so your mileage may vary. So on this chapter I give it a 40% derp.
WHAT’S MISSING?
All in all I would have liked to have seen more in the political area concerning different countries thought patterns on IW/CW but hey, what can ya do eh? Additionally I think more could have been done on the ideas of offense vs. defense. Today I see a lot of derp around how the US has a GREAT OFFENSIVE CAPABILITY! Which for me and many of you out there I assume, leads me to the logical thought conclusion of “GREAT! We are totally offensive but our defense SUCKS!” So much for CYBER-MAD huh?
I would have also like to have seen more in the way of some game theory involved in the book as well concerning cyber-warfare. Some thought experiments would be helpful to lay out the problems within actually carrying out cyber-war as well as potential outcomes from doing so more along the lines of what I saw in the Global Cyber-Game.
OVERALL TAKE
Well, in the end I think it is a good start point for people to use this in their syllabus for teaching IW/CW today. It is a primer though and I would love to see not only this end up on the list but also the Global Cyber Game as well to round out the ideas here. To me it is more about “should we do this?” as opposed to “LETS FUCKING DO THIS!” as the effects of doing so are not necessarily known. Much of this territory is new and all too much of it is hyped up to the point of utter nonsense. This is the biggest problem we have though, this nonsense level with regard to the leaders of the land not knowing anything about it and then voting on things.
We need a more informed populace as well as government and I think this book would be a good start. So to the person who asked me to review this..
K.
JIHADI’S HOLD LEGION OF DOOM CON CALL!! WOULD YOU LIKE TO KNOW MORE?
AZIJ XXRZ HMCKIDACVA GZ UZZW!
The Legion of DOOM!
Yesterday the camel’s back finally snapped in my head after reading a post on Harper’s Magazine entitled “Anatomy of an Al Qaeda Conference Call” which the author called into question the whole story that was put out by the Washington Times and their “anonymous sources” The paper claimed that Ayman Zawahiri and all the heads of the various jihadi splinter groups got onto their polycom phones and their SIP connections to have a “concall” as we say in business today.
You all may remember the heady headlines in the last couple weeks where the mass media picked up on this story and began scribbling away on how the so called jihadi “Legion of Doom” dialed in for a sooper sekret meeting to plan the end of our Western Civilization. Now, I am sure some of you out there have seen my screeds (140 chars at a time more so recently) on just how we get played too often by the media and the government on some things but this, this is just epic stupid here. If you or anyone you know believed any of this claptrap coming from the media please seek psychiatric attention post haste.
Let me tell you here and now and agreeing with the article cited above, that the “LOD” did not have a skype or asterisk call to plan our downfall. At the most they likely had a meeting of the minds in a chat room somewhere within the jihadist boards out there or had a server set up somewhere for them all to log into an encrypted chat. I lean towards the former and not the latter as they usually lack subtlety online. Though, given the revelations from Mssr “Snowman” I can see how the prudent Ayman would want this to be on it’s own server somewhere and for people to authenticate locally and encrypted on a system that does not keep logs… But I digress…
Suffice to say that a group of leaders and minions thereof got together for a chat on <REDACTED> and that they talked about plans and ideas (from hereon I am going to coin the term ideating) for the destruction of the West and the raising of a new global caliphate. Does that sound familiar to you all? Gee, I can’t seem to put my finger on where I have heard that one before. … So yeah, there was a meeting, there were minions, and there were plans but here’s the catch; NOTHING WAS SAID THAT ALLUDED TO A REAL PLAN! No, really, there wasn’t any solid evidence that prompted the closing of the embassies all over. It was a smoke and mirrors game and YOU all were the captive audience!
As you can see from the article cited there seems to be a lot amiss with all of this now that some reality has been injected into the media stream of derp. Why was this all brought to you in the way it was put out there by the media? Was it only the demented scribblings of one reporter seeking to make copy for his dying paper? Or was there more to it? Was there a greater plan at play here that would have the media be the shill to the duping of the public in order to make them see say, the NSA in a different light in these times of trouble for them?
Makes you wonder huh?
DISINFORMATON & OPSEC
So yeah, a story comes out and there are “sources” sooper sekret sources that are telling the reporter (exclusively *shudder with excitement*) that the Great Oz of the NSA has intercepted a LIVE call with the LOD and that it had scary scary portents for us all!
WE. ARE. DOOMED!
That the NSA had help prevent a major catastrophe from happening because they had the technology and the will to listen in on a conversation between some very bad dudes like Ayman and the new AQAP leaders plotting and planning our cumulative demise.
*SHUDDER*
The truth of the matter though is a bit different from the media spin and disinformation passed on by the so called “sources” however. The truth is this;
- The “con call” never happened. There was no set of polycoms and Ayman is not a CEO of AQ.
- The fact is that Ayman and many of the other “heads” of the LOD were not actually there typing. It was a series of minions!
- The contents of the “chat” were not captured live. There was a transcript captured on a courier that the Yemeni got their hands on and passed it on to the Western IC. (So I have heard, there may in fact be a chance they captured the stream using this guys acct) the Yemeni that is, not so sure it was us.
- As I understand it, there was nothing direct in this series of conversations that gave any solid INTEL/SIGINT that there was a credible threat to ANY embassies.
There you have it. This has been WHOLLY mis-represented to the Amurican people. The question I have is whether not there was an agenda here on the part of one of the three parties or more.
- Right wing nutbag Eli Lake
- The “anonymous sources of intel”
- The “anonymous sources handlers”
These are the key players here that I would really like to get into the box and sweat for a while. After the madness was over and sanity let it’s light creep into the dialog, we began to see that these so called sources were no more or less better than “CURVEBALL” was during the run up to the Iraq war. In fact, I guess you could say they were less effective than old curveball because we did not actually go into another half baked war on bad intelligence this time did we?
Another question that should be asked here is why was this information leaked in this way to the press on an ongoing operation that I would say might be pretty sensitive. I mean, you have a channel into a chat room (or *cough* con call as the case may be har har) that you could exploit further and yet you decide to close all the embassies and leak the fact that you have closed said embassies because you intercepted their sooper sekret lines of communication?
*blink blink*
Holy what the Hell? What are you thinking POTUS and IC community? Oh, wait … Let me ideate on this a bit….
- The intel community is in the dog house right now because of the SNOWMAN FILES yup yup
- So a WIN would be very very good for PR wouldn’t it? I mean you don’t have to hire a PR firm to figure this one out right?
- HOLY WIN WIN BATMAN! We tell them we foiled their plans using sooper sekret means that the public hates for infringing on their “so called” rights and we can win hearts and minds!
Could it be that simple?
All joking aside though, think about it. Why blow an operational means of watching how the bad guys are talking UNLESS it was never something you really had access to in the first place right? You could win all around here (though that seems to be backfiring) IF the Yemeni passed this along and it was after the fact then how better to make the AQ set abandon the channel by saying you had access to it?
Right…
How better also to try and get a PR win by alluding (ok lying lying lying with pantalones on fire!) that you had compromised (you being the NSA and IC here) said channel! I guess overall the government thinks that the old axiom of “A sucker born every minute” still applies to wide scale manipulations of stories in the media to sway thought huh? Oh and by the way, if any of you out there think this is just too Machiavellian I point you to all those cables dropped by Wikileaks. Take a look at the duplicity factor going on in international realpolitik ok?
Political Wag The Dog
It seems after all once all the dust has settled that either one of two things happened here;
- Eli Lake did this on his own and played the system for hits on his paper’s page
- Eli Lake was either a witting or un-witting dupe in this plan to put out some disinformation in a synergistic attempt to make the IC and the government look good on terrorism in a time where their overreach has been exposed.
It’s “Wag The Dog” to me. Well, less the war in Albania right? I suggest you all out there take a more jaundiced eye to the news and certainly question ANYTHING coming from “ANONYMOUS SOURCES” on NATSEC issues. It is likely either they are leakers and about to be prosecuted, or there is a cabal at work and DISINFORMATION is at play using the mass media as the megaphone.
Sorry to sound so Alex Jones here but hell, even a clock is right twice a day.
K.
The Global Cyber Game
bqrebnbtsinmpvcdro
The Global Cyber Game:
I had been meaning to write about this before when I had originally read the text but things got in the way as usual (work, more work, some more work after that, Defcon/Bsides) Now though I am in a space where I can reflect back on this paper and write about it here for you all to see. The Defence Academy (UK) put this together to describe how we might approach “cyberwar” on the level of game play or game theory. They constructed a board and began to set to the task of creating game play and tactics given certain scenarios in the cyber world. (see image of game board below) You can actually play this game if you create a board from this design and work within the rules of game theory but this is not why I find this treatise so important.
What I find most interesting is the actual scenario’s that play out within the game play as well as the end game status that the paper puts it all down to in the end of N-Utopia and N-Dystopia. As one can gather from the inherent meaning of the words, N-Utopia means that we all work out our problems globally and work on bettering society (which in the Nash equations is the best play) or we end up with N-Dystopia, a Balkanization of the net, and warfare that scales all levels up to kinetic and will be the death of us all. Can you guess where I think we are right now on the N-scale? Yes, you’d be right to lean toward the N-Dystopia area. In fact I would even like to see that idea rendered in a new way with an older iconography, that being the Doomsday Clock analogy. Perhaps someone can take that up online and create one for the cyebrwarz eh?
Power Dimensions:
What must be taken into account in the great cyber game is that all of this is centered around power plays. The use of information as power, the use of information to effect actions vis a vis “power” and the varying types of power that are being wielded by the players. This paper covers this idea pretty well and should be required reading for anyone looking to study cyber-warfare along side Clausewitz and other more well known pieces of doctrine. Some however may already be familiar with the ideas of hard and soft power but let’s take that into the electronic warfare arena which is a bit harder to scope today.
- Hard power
- Overt threats and rewards
- Kinetic action
- Coercion
- Soft power
- Cooperation
- Co-Option
Both of these types of dynamic play off of one another and work in tandem. There actually is a whole spectrum of power plays that can be derived from these basic premises but I will not go into all that here. To date I have seen an abundance of hard power tactics being employed on the game board and I fear that that seems to be what the governments of the world have locked on to as their aegis. I would love for more to try the soft power tactics and methods but I am too much of a realist to hope that it will ever really happen.
The game play today that we are all seeing unfold before us is the hard power of Stuxnet or the ramping up of every piece of malware and 0day conceivable being purchased by the US government or others in an effort to be superior when the battle comes. That is though when they are not using those said same exploits in the darker games of realpolitik that they are prosecuting now. As I see it now we are hurtling towards a massive cyberfail of our own making and the real cost of the bad play will be economies around the world and other collateral damage that may not be an apocalypse as we currently understand them to be.
The power dimensions portion of this paper is quite enlightening and you should broaden the scope of how those plays are made with information and the internet. One must understand the playing field as well as the weapon you wield. This is the main problem I have of late is that all too many people and governments are not understanding the game play, the field of play, nor the tools they are using (pieces) well enough to play the game well. This makes not only for bad play, but in this game there are real world consequences for us all when some government or actor does something immensely stupid.
Cyber Games Today:
So what are we seeing today that has me worried? Well, we have the cybergames with Stuxnet and other malware to start. I liken the release of Stuxnet as skin to the release of a biotoxin or virus that eventually will be re-worked or manipulated into a more fearsome weapon. These are not one use tools, they are in fact re-usable and re-tune-able. Once these things are out there is no controlling them and with the idea of Stuxnet you have something that was used against one target but could affect hundreds more in friendly countries if they had the same configuration.
Another cybergame being played today is the new surveillance state that we find ourselves in. It seems in the case of the US we have people who are interpreting our Constitution to suit their needs under the rubric of protecting the homeland. This cybergame is all about information and the power dimension of controlling it. I have been watching this Snowden affair unfold and frankly I am frightened of the capabilities that the NSA has but I am much more scared that they claim that they are protecting us while a Snowden subverts the very systems they are saying cannot be misused. This particular cybergame when looked at, show’s all of the hard and soft power dimensions at play with the media and the law. This should also be brought into the cyber game play as well.
Yet another cybergame going on is within the public/private sector and I call the “Patriot Games” What I mean by this is that we have non state actors playing rolls of asymmetric warriors online to effect whatever change they see fit. A certain un-named clown for one is a primary actor in this space and really started the trend in my opinion. The cybergamers here are vigilantes nothing more and nothing less and may or may not have an effect on the grander scheme of things on the net and in public policy. For the most part however, these players are on the hard power end of the spectrum and thus just mostly come off as thugs.
Lastly, the cybergame that seems to be the one with the most chance of playing in the larger space is that of Anonymous. Anonymous has been able to leverage many players into semi cogent action and could in the future have a real effect on policy and other dimensions within the cybergame play. The only reason that I place Anon into this game is because of that mobilizing force that they seem to carry. If motivated and able to be cohesive enough this group could affect the greater games being played and have on a microcosmic scale thus far in recent history.
In all, the games that are being played, and they are games, all serve as a means to an end for those paying attention to understand and perhaps help those in the seat of power how not to play the game at all. Our petty squabbling on the internet is just that. The reality is that the net is important and much of our lives today require it to run smoothly but if the net were to go down permanently our society would not utterly collapse. We would survive and we would re-build. The question then becomes would we have learned from it and do things better the next time around?
Cyber-Utopia and Cyber-Dystopia:
The idea of Cyber-Utopia is a far fetched one in my mind and probably many others out there. This would be a great thing if we could make it happen but given the petty nature of our.. well nature.. We will only see this ideal wash up on the rocks and sink into the ocean rather quickly. In the Cyber-Utopia we all work together, we cooperate, and we work towards a better day. … And I just don’t see this happening barring some kind of alien intervention frankly.
Cyber-Dystopia though I am afraid is already the case in many respects. We are seeing an almost Balkanization of the internet today as it is never mind the games being played in reality with Stuxnet and cyberwar. If the N-Dystopia comes to pass we will find ourselves at war with each other constantly in a “cyberworld” much like the episode of STOS “A Taste of Armageddon” where all warfare is carried out via computer simulations and only the casualties report to be disintegrated as a means to balance it all out. Today though we will see attacks on economies as well as infrastructures to effect “war” (economic, political, or other) on our enemies and the real world costs will have to be measured in profit loss or perhaps even actual loss of human life.
The cyber-dystopia though is more than just an outcome of war. It is the outcome from our own inabilities to work with each other and our ability to rationalize warfare through a non apocalyptic destruction of life. It will be a tit for tat war of attrition that will not lead to any clear victories and certainly not elevate our societies in any way and that is the sad truth of it. Ladies and gents we are already in the dystopia. We just may not understand that yet.
Understand the game:
So, I leave you with the paper: The Global Cyber Game pull it down and read it. Learn from it, play the game if you like, and spend some time thinking about it all. We are on the cusp of another evolution in our society that we have seen repeated in every other evolution we have had. We create something, then we weaponize it. Perhaps if more of us understand it and the pitfalls we can prevent the N-Dystopia from becoming any worse.
K.
Sun Tzu and The Art of Cyber-War
A mgbkf zugx sbw nrkl wqvrkvuj!
Sun Tzu and The Art of Cyber-War
A while back I decided to throw my hat in the ring for RSAC and Shmoo. I made neither’s list of presentations but I thought this still was worth putting out there for people to see. I had been talking with Jericho and Josh Corman about cyber war because of their presentation at Brucon and this idea popped up in my head because Jericho had pointed out too many people cite Sun Tzu poorly in these types of presentations. Well Jericho is right and often times not many of the tenets of Sun Tzu make it into the presentations. On average you will see maybe one or two and that’s it but The Art of War has many other chapters and quotes that map to general warfare and that includes Cyber-War (so called) Generally however the overall tactics put forth by the Art of War are applicable because this is warfare we are talking about no matter the landscape (electronic) that we are fighting it in. You still have adversaries looking to defeat one another using guile and force today just as in the day of Sun Tzu. The real issue comes down to reading between the lines of the old text and applying the ideas to the modern landscape of the electron, the malware, and the phishing attack.
All of these efforts though will lead to the age old means of kinetic warfare and this is what people seem to not understand so well today. War is war and eventually its all going to be about the guns and bombs and not so much just about the data being stolen or messed with. We have a problem today in the semantic of war in the digital age that needs to be cleared up for the general populace. I hope that this tutorial will not only be historical but also give the reader the tools needed to understand that cyber-war is not the end all be all, it is in fact just a precursor to the type of war that has been waged since man could pick up a rock and throw it.
China, Sun Tzu, & APT
On another level though, I find it amazing that more people have not had the light bulb go on about our situation today with regard to Chinese hacking and espionage. What we have seen is not cyber-war yet but the prelude, the reconnaissance to carry out war and that is all. The Chinese (and others) have begun mapping our networks, prodding our defenses, and assessing our overall readiness by using digital attacks on private and governmental networks and systems. Think of it all as spying and not just one for war footing alone. There is of course the industrial espionage as well but in the case of China in particular they are all means to an end. The “Thousand Grains of Sand” approach is doctrine in China as is the mindset they have always had having had masters like Sun Tzu as their teachers. Look at this slide deck and then take a step back and look at the APT-1 report as well as others. Note that the Chinese military is the state and that the PLA is just an arm of the military unlike in the US where the military is a little more separated and at the behest of POTUS.
Sun Tzu said it best in The Art of War;
“It is said that if you know your enemies and know yourself, you will not be imperiled in a hundred battles; if you do not know your enemies but do know yourself, you will win one and lose one; if you do not know your enemies nor yourself, you will be imperiled in every single battle.”
It’s time to be more introspective about ourselves as well as the adversary and Sun Tzu is a good way to get there.
K.
Counterintelligence, False Flags, Disinformation, and Network Defense
//B zrxr wwmpxjnp vf ygwyr jh kur gig vvbxv nf o “yinwf zcnt”. Ilmf xp vv lbi vwwpe grxr mhct sxh ubpifmpxt qzgu o izkruyi nar t tcqjhrgrf. Mpgwf xrlf hawwki, CU’f uoom oehhvgvq lbtmqm, ybywzzcqt, ueq vbyzcvfx nngsk ucvlm. Pbh bxmf e qlf.\\
Threat Intelligence, Counterintelligence, and Corporate | Nation State Espionage
“Threat Intelligence”, a term that is just behind the oft used “Cyber” and God forbid, “Cyber” is all too often put in front of it as well to add more oomph for sales people to sell their brand of security snake oil… “But wait there’s more!” We also have other spook terms being kluged into the INFOSEC world now because, well, it’s cool to those cyber warriors out there. I know, I sound jaded and angry, which, yes, yes, I am, but… Well, it’s just gone completely off the rails out there. I hear people talking about these topics as if they know what they are talking about even with the exceedingly limited scope of digital security matters (i.e. hacking/forensics/defense)
I would like to clear the air here a bit on these terms and how they do really apply to the world of INFOSEC that we in this business now find ourselves in, one littered with military and spook terms that you may not be really familiar with. First off, lets look at the terms that have been thrown around here:
Threat Intelligence: In the spook world, this is the gathering of intelligence (HUMINT/MASINT/SIGINT etc) to determine who has it in for you and perhaps how they plan on getting at you.
Counterintelligence: Spies who hunt other spies (Mole Hunts etc)
Espionage (Nation State and Other) The umbrella under which this whole rubric exists. Nation state and other have the component of “Industrial” as well (i.e. IP theft)
Ok, so, where once we used to only have people in three letter agencies worried about “ThreatIntel” we now have the INFOSEC community looking at “threats” to their environments and calling it “Threat Intelligence” now. While it’s a cool name, does it really apply? What was it before the whole APT thing broke as well as the cyberwar-palooza we have today? For the most part, I can see only half of the term applying to any non state entity or three letter agency and that is of what “threats” are out there today. This means what exploits and pieces of malware are out there that your environment would be susceptible to.
Nothing else.
That is unless you suddenly have a company that has decided to launch its own “Intelligence arm” and yes, this has happened, but usually only in larger companies with defense contracts in my experience. Others though, have set them up, like Law firms, who then hire out ex spooks to do the work of counterintelligence as well as intelligence gathering to have an edge over everyone else. Perhaps this is bleeding out into other areas as well in corporate America huh? The point here for me is that unless you have an intelligence arm (not just INFOSEC) you should not be using the term “Threat Intelligence” as an encompassing statement of “there’s malware out there and this is what it is” Point blank here, IF YOU AREN’T DETERMINING WHO YOUR ADVERSARY IS AND WHAT THEIR PLAN IS… IT”S NOT THREAT INTELLIGENCE.
Looking at IP’s on an SIEM and reacting to a triggered event is not threat intelligence. It’s INCIDENT RESPONSE. It’s AFTER THE GOD DAMN FACT OK?
So, stop trying to make it sound cooler than it really is people. To further this idea though, we still have “Counterintelligence” which FOR FUCKS SAKE I have personally seen in a title of a complete MORON at a large company. This fucker sits around all day looking at his stock quotes though, see, it’s just a cool title. It has no meaning. UNLESS you really have an operational INTELLIGENCE UNIT in your company.
*Look around you.. Do you? If not then STFU*
If you do have a real intelligence wing in your org that carries out not only COUNTERINTEL/INTEL/HUMINT/THREATINTEL then more power to you. If not, you’re deluding yourselves with militaristic terms and cyberdouchery… Just sayin.
However, the way things are going with regard to the world, I should think that you might see more of these kinds of intelligence arms springing up in some of the larger corporations of the world. It’s a rough world and the fact that everything is networked and global has primed the pump for these kinds of activities to be a daily operations tool. It’s now the blurring of the lines between what nation states solely had the control and aegis over to now its becoming privatized and incorporated.
William Gibson saw it.. Phramacombinats and all.
False Flags and Disinformation Campaigns
Which brings me to the next level of affairs here. When I was on the DEFCON “Fighting Monsters” panel, I made some statements that seem to have come to pass. I spoke about how Anonymous would have to worry about “False Flags” against their name as well as expand upon the idea that Pandora’s box had been opened. Nothing on the internet would really be the same because we all had moved into the “spook world” by the actions of Anonymous as well as things like Stuxnet. The lines had been blurred and all of us net denizens need to be aware that we are all pawns in a series of greater games being played by corporations and governments.
Since then, we have seen many disinformation campaigns (think sock puppets on social media, fake news stories, rumours, etc) as well as false flag actions where Anonymous may have been blamed or named for actions that the core did not carry out. So many times since then we have seen Anonymous attempt to set the record straight, but, like I said before, who’s gonna believe them because they are “anonymous” and disparate right? Could be anyone… Could be them… And with previous actions, are they to be trusted when they say they did not do it? See, the banner thing (hive mind) has a tremendous proclivity for severe blowback as they have learned.
What’s sauce for the goose though, is also good for the corporate, political, private gander right? How many Acorn operations do you need to see happening in the election cycle to realize that this has been going on for some time and that, now, with the internet, its easier to perform these kinds of operations with a very small group with minimal effort as well? Pandora’s box was not only opened, it was then smashed on the floor and what was once contained inside has been forever unleashed upon us all.
Yay.
Now, going back to you INFOSEC people, can you then foresee how your companies reputation or security could be damaged by false flag operations and disinformation? A recent example may in fact be the attack purported to be on against Josh Corman of Akamai because he said some things that “some” anonymous players did not like. Were they really out to get him? Were they doing this out of outrage or was there another goal here? What you have to ask yourselves is, what is my company and it’s employees susceptible to in this area? Just as well, this also applies to actual attacks (DDoS etc) they could be signal to noise attacks. While the big attack is going on, another team could be using the fog of war to sneak into the back door silently and un-noticed.
See where I am going there?
In the case of Josh, do they want to D0X him or do they want to force Akamai to maybe flinch and let him go because of bad press, and potential attacks on their infrastructure and management?
Ponder that…There are many aspects to this and you have to have a war mentality to grasp it at times. Not all attacks frontally are the real attack today. Nor are all attacks on players what they may seem to be in reality, the adversaries may in fact have a longer game in mind.
Network Defense and Network OFFENSE
Ok, so back to reality today with many orgs and their INFOSEC programs. You are looking to defend your network and frankly you need not have “cool” names for your program or its players. What you need is to be mindful of your environment and pay attention to the latest attacks available that would affect it. Given today’s pace though, this makes just about everything suspect. You can get yourself an IDS/IPS, an SIEM, Malware protection, and all kinds of things, but, unless you know where shit is and what it is, you lose the big game. So, really, threat intelligence is just a cool name for an SIEM jockey today.
Like I said, unless you are doing some real adversary profiling and deep inspection of attacks, players, motivations etc, you are not doing THREATINTEL. You are minding the store and performing network defense… i.e. your job.
Now, on the other end of the spectrum lately, there have been certain douchenozzles out there saying that they can sell you services to protect your org with “OFFENSE”
*blink blink*
Offense you say? Is this some new form of new SPECWAR we aren’t aware of? Firms like the more and more vaporware company “Crowdstrike” seem to be offering these kinds of services, basically mercenaries for hire, to stop those who would do you harm. What means are they going to employ here? Obviously performing what they see as intelligence gathering, but then what? Once you have attribution will there then be “retribution” now like so many Yakuza centric stories in Gibson novels? I’m sorry, but I just don’t see this as viable nor really any kind of a good idea whatsoever… Leave it to the three letter agencies.
Alas though, I fear that these companies and actions are already at work. You can see some of that in the link above to the book I reviewed on private intelligence and corporate espionage. Will your data be a part of a greater corporate or government conspiracy? Some black ops mumbo jumbo over your personal information perhaps? Part of some retribution for some attack perceived to have happened to company A by company B?
Welcome to the shadows and fog of espionage kids.
Going “Off The Reservation”
Overall, I guess I just wanted to lay some things out there and get people’s heads around the amount of douchery going on today. We collectively have gone off the reservation post 9/11 with PII, Privacy (lack thereof) and hacking. That entities like Anonymous came to be and now see the governments and corporations of the world as dark entities isn’t so hard to see when you look at the crap going on out there. What we saw in Team Themis was just one small spec in a larger “Cyber Beltway Banditry” going on today. Look to the other side where you have Fusion centers with private INTEL gathering capacities tossing out absolute crap yet spending BILLIONS of dollars and, well, there you have it.
Monkeys with digital guns.
We are off the reservation already and it’s every man (or woman) for him or herself.
In the end though… If you have a title that says something like “CHIEF INTELLIGENCE OFFICER” on it, you’d best be at a three letter agency.. If not, then you are deluding yourself with EPIC DOUCHERY.
K.
Cyberwar, Cyberdouchery, and Where The Rubber Meets The CyberRoad
BEGIN//
Uso Xqx gukk: Xyc cpu sw zol kz sw tkrbp zpditaeeag rp xyh Gncai.
Zr kq b qrwhyt vj cghc bru gsuvo, e imcb fmkksl vv wrdgrz si wc lwpr. Ycpaf mk lg u ubfacer pj zqeokyc nfkai grq ch pv etaqsox sh byisitrgb.
\\END
CYBER CYBER CYBER CYBER WAR! (A new song by Culture Club soon!)
I have been more quiet lately due to being a little burned out on the whole INFOSEC scene. The usual groups of factions are bellowing their usual bloviations and rutting like wild animals online, locking horns with others for dominance. It all frankly makes me just want to step back into my blind and clean my weapon, but, it also gives me pause to think and reflect on it all. It has been in this mode that I have sat and watched the “cyberwars” continue to amp up with the Kaspersky’s of the world finding more and more malware to write neat little papers on how they work and how “nation-statey” they are (oddly though never Russian in origin.. Gee I wonder why?)
Others out there are writing treatises on how “Cyberwar” will work all the while there has been no real definition put down and agreed upon by the masses as to what “cyberwar/Cyber-War/Cyber-Warfare” really is. It has not been codified really, even with the recent UN Tallinn document:
“A cyber attack is a cyber operation, whether offensive or defensive, that is reasonably expected to cause injury or death to persons or damage or destruction to objects.”
Tallinn Manual on The International Law Applicable to Cyber Warfare – Michael N. Shmitt
Without a common definition we are all left with a great amount of confusion and gray area to move forward and commit actions that may or may not be “war” because there is no set ground rules, law, or definitions. So, here we are, we have all these people making a great hue and cry, plans and deeds, all without really understanding perhaps the potentials for their actions, all eager to get in on the ground floor of the “new war” and yes, you gentle INFOSEC reader are also part and parcel, willing participants to it all as well. The “cyberdouchery” it seems cannot be washed from your hands as well, and this includes me I think.
Mea culpa.. Mea culpa…
While reflecting in my recently infected state (pre-con flu) I sat down with the laptop and watched “Cyberwar: Not what we were expecting” a BruCon presentation that I had a hand in with Josh and Brian. The presentation went well, and as I had seen and thought about the material before, having had discussions with both in the process of creation, I began to have a bit of a paradigm change in thought on this after the final presentation. I looked back at my own mind set and writings on the douchery and realized my own shortsightedness, I too had fallen prey to the “cyberwars” and the only conclusion I could have now is that they are upon us, no matter the definition and I had better think on that.
Let’s face facts here… No matter how many times we call douchery, it’s here…
For all of the high handed railing that I have done in the past, I perhaps had missed the salient fact that people are people, and that we as a society will always latch on to the new “thing” that is super cool, but may in fact be the worst thing for us (think of the iPhone madness) We as a species, tend to go, like many other creatures, say parrots or cockatiels, for the “shiny things” It’s just our nature. So how much more shiny than anything else is the notion of a clean “cyberwar” where we take out the enemy with a click of the button, no, not with kinetic explosions but instead with the lights just going out or a centrifuge breaking.
Yeah, sound familiar?
This neat idea though could in fact cause some dystopian scenarios to happen and yes, in the idea of “war” as we commonly know it, kinetic actions (i.e. tanks and planes and bombs) would likely be employed as well, but, this in fact may not be the end goal of “cyberwar” in the minds eye of those dreaming and plotting it. After all, I would say that we are in the era of the “cyberwars” now in fact, and the only use of kinetic force seems to be only taking place in the non declared wars in Afghanistan and now the Horn of Africa right?
The “cyberwars” though, have been playing out mostly quietly, bits and bytes doing their non kinetic (mostly) damage, stealing data for financial gain or other espionage goals. Both nation state as well as personal, group, non nation state, whatever you decide to name the actors as, they are doing it, right now.. You can almost hear the clicks of the hard drives now right?
It’s really just a war of packet attrition… But then again I hear you thinking,
“But, you said war.. and well, that’s not war.. That’s espionage and maybe sabotage”
Well, yes, but, then there’s this notion of “Cold War” to deal with.
“Christ, I miss the Cold War.” (Cold War vs. Hot War)
The above quote was one of my favorites from “Casino Royale”, the recent re-boot of the James Bond story line. I find it apropos to this discussion as even with Josh and Brian, the idea of the nomenclature of war has been somewhat nebulous really. The idea of a “cold war” seemed elusive to them and perhaps even to me in some way, though I lived through the cold war and was actually in East Germany briefly just before the wall fell. Seeing the “cold war” first hand kind of gives you a new perspective I guess, so I was a little more pliable to the idea that a cold war was in fact a war, just not one where we have outright battles being fought in the “open” and that’s the key here.
Cold War Noun:
A state of political hostility existing between countries, characterized by threats, violent propaganda, subversive activities, and…
The state of political hostility that existed between the Soviet bloc countries and the US-led Western powers from 1945 to 1990.
Cyberwar, is the new “black” of Cold War.
See what I am getting at here? Sure, there can be an all out war that employs a “digital aspect” to it, (i.e. disrupting comms and supply chains) but also, the mainstay thus far of digital warfare is “information war” and this is much closer to “cold warfare” as it has ever been as you can see from the standard definition. Case in point, we are trying to contain Iran from having its own nuclear weapons. What have we been doing? Well, sanctions, propaganda, espionage, and now, post Stuxnet, digital sabotage of their programs as well as great swaths of digital thievery of their data to see just how far along they are.
Now, look up at that definition again and think about it… See what I’m saying here? Of course this is one element though and there are others like the kinetic typical warfare also described. Actions in tandem (digital and physical/kinetic) like that of Estonia but you get the point. It’s mostly, at this point, about cold war tactics to manipulate an enemy without committing to all out warfare and that’s the rub. Of course there are many war planners out there looking at plans to do more than just manipulate an enemy politically, that’s more the bailiwick of the likes of the CIA and other three letter agencies.
Diplomacy it seems, has a new tool in it’s little black bag…. As does the military sector.. Truly “Dual use” technology here.
State vs. Non State, War vs. Non War (What’s in a name?)
In the rubric though of “cyberwar” lately, we have seen arguments made (some unqualified, some quite qualified) about just what it constitutes and one of those factors has been whether or not the actors are “state or non state” actors. I would put it to you right up front, who’s to say who is or is not state actors to start with? Have none of you ever heard about proxy wars? I mean come on people, we lived through the 80’s and the wars being fought by proxy and still you guys don’t get it?
Iran Contra
Afghanistan and the Mujahideen
The War on Drugs
The Current War on Drugs with boots on the ground in Mexico (CIA/MIL)
So, you are going to quibble over nation state and non nation state actors in cyber warfare? What’s more, you are going to do so when attribution is so damned hard? Wow, the hubris of it is just stunning on some people’s parts within this community. Talk about douchery, just take a look around people. Sure, there is a lot of douchery going around, but I just have to say look in the mirror here and take a good long look. I think we all could be blamed just as equally here.
Actions taken by entities, in this arena (cyber-warfare) no matter the attribution, which may be wholly wrong mind you, can always have a sliver of doubt attached to them as to whether they are a proxy of a nation. It’s as simple as that. So, in the case of say the Georgia DDoS that happened, who can be sure, unless they have a really solid HUMINT report in hand, that this attack was not in some way or shape condoned or sponsored by the Russian government or factions thereof?
*silence.. baleful stare*
All I’m really saying is that the world is grey and to make great pronouncements of “I know shit” isn’t going to cut it in reality, and that even goes for me. Like they say on the internets, photo’s or it never happened. What can be said though, is that it would seem, from all evidence within the media machine and the rhetoric of the governments of the world, that the Dr. Cyberlove’s of the world are beating the drums for “cyberwar” pretty damn hard… And that the governments are scurrying to get a piece of the action.
“A fool with a tool.. Is still a fool” (Or: Simians flinging digital poo)
Which brings me to my next diatribe. As the title above says, a fool with a tool.. Is still a fool. Folks, we have all kinds of work going on developing 0day’s and plans of action by various warfighting units new and old. It seems that whenever we, as a race, come up with a new way to get over on the other guy, we mass produce and refine it without really thinking about the ramifications of our actions. It’s just human nature it seems, but in cases like this we just rush headlong into it, like we did for so long with biological warfare.
“Surely digital warfare and code is nothing as bad as biological warfare” is what some of you are thinking out there now as you read these lines, and yes, you are right I think on the whole, but, there is always wiggle room for disaster right? The potentials for malware and unforeseen consequences are there and unlike Jericho’s take on the dangers of “cyberwar” now, I can give it a little more room for possible bad outcomes from what’s being created now. What will happen as we all reach the singularity that some are postulating as we network everything? Currently the grid is a big topic as we make the “smart grid”, a model that is already being attacked by hackers as well as perhaps nation states trying to gather intelligence on how it works/will work and how to manipulate it. This type of attack alone could be dual use, like the Stuxnet attack, it could be a way to manipulate a country and its policies, or the prelude to a further physical attack. Who’s to know until it happens right?
All in all, I just have to look on in wonder at the hubris of the whole affair. We truly are monkeys with digital guns. Unfortunately today we have political systems that are short sighted and, in the case of our own here in the US, groups of diametrically opposed morons in a political election cycle that looks much more like a high school election campaign for prom queen. These are the people in the political office that direct the policies and war plans for us, which now include the idealistic ideas of “clean cyber warfare, targeted and with little blowback or collateral damage”
Monkeys with digital guns…
Cyberwar and YOU
Well, so here we are, we are in the age of the “Cyberwars” as much as the term might stick in the craw of many in the community. I would put it to you that as a person with anything online, you are a target. Whether it be the cyberwarfare of the state, or the cyber machinations of the criminal gang seeking to steal your money or your data, we all are under the same threats. Infrastructure as well as your personal PC are targets within a larger game of digital Stratego. Face the fact, live with it a while, and then think about what you can do to insulate yourselves a bit better.
It seems that even if you do not have a computer (some don’t.. no, really!) you still have a digital presence online because the companies that you do business with have one. The governments have their records online and those records are your records! There is no escaping it really, you are a part of the picture and you should get used to the idea. The power that you suck up every day with your digital toys is somewhat vulnerable and a target, and even if the adversary cannot take out the whole country, let me tell you from experience, just take out one state and see the shit fly because people don’t have power. Where I live we had that big storm a year ago and when people could not get their gas to power their generators it started getting hairy, and that was with the power only being out a week or so. Imagine if it were in fact long term? It’s the people’s reactions (base and territorial) that worries me more than the power being off.
So, whether it’s your data, your power, or your money, you too are a cog in the vast cyberwar machine that is all the rage. Will bad things happen? Maybe. Will epic and tragically bad things happen? Maybe. I am not short sighted enough to say it won’t ever happen, nor can I say that these attacks will not be employed by some foreign power or Bondian villain. I’m just saying it is possible, not overly likely, but look at all the work going on at DARPA and other places looking into how to make it a reality.
The cyberwar is upon us and we had best start taking it seriously because people in power are making plans, and like biological warfare, it seems perhaps there could be unforeseen cirucmstances that could trigger bigger and worse things.
Plan accordingly and think a bit more cogently.
K.
Krypt3ia 