China, as one of many alleged actors on the frontier of cyber espionage, is best understood by briefly examining the past century, how it influences contemporary cyber operations attributed to Chinese-based actors, and how they could be used against the Canadian Armed Forces in a potential Southeast Asian conflict.
Out of nowhere, here’s an article I wrote for the Canadian Military Journal. China, as one of many alleged actors on the frontier of cyber espionage, is best understood by briefly examining the past century, how it influences contemporary cyber operations attributed to Chinese-based actors, and how they could be used against the Canadian Armed Forces in a potential Southeast Asian conflict.
As the transition period leading to the new presidency is almost coming to an end, everyone will probably have multiple requests to the president, and of those is to increase cyber defence. In this optic, a new report created by the “CSIS Commission on Cybersecurity for the 44th Presidency” has release its recommendations on how to secure cyberspace. They consist of:
Create a Comprehensive National Security Strategy for Cyberspace
Organizing for Cybersecurity
Rebuilding Partnership with the Private Sector
Regulate for Cybersecurity
Identity Management for Cybersecurity
Build for the Future
This report comes 5 years after the “National Strategy to Secure Cyberspace” document released in 2003 by the National Advisory board which goal was to “engage and empower Americans to secure the portions of cyberspace that they own, operate, control, or with which they interact“. The CSIS’ document doesn’t mention the previous efforts by the National Advisory Board but declares the previous efforts of the Bush administration as “good but not sufficient“.
As usual, it remains difficult to see how much of this report is based on real facts or just a way to secure funds from the new president by linking potential damage to the cyberspace infrastructure to the economy . It states that “America’s failure to protect cyberspace is one of the most urgent national security problems facing the new administration that will take office in January 2009“. It uses the cyber attack that occurred on various American networks in 2007 as an example.
While they may be some part of fear mongering in this report, we should not completely put aside threats mentioned in this report. As cyber warfare is mostly a war happening without much fanfare and therefore happens in the shadows, it is hard to really determine what’s going on. Since there is no open war between modern countries, we won’t see any cyber warfare for the time being. For the moment, cyberspace will be used for spying mostly and this is what this document mostly addresses.
“The unclassified e-mail of the secretary of defense was hacked … A senior official at the Department of State told us the department had lost “terabytes” of information,” declares the report, also: “Senior representatives from the intelligence community told us that they had conclusive evidence, covertly obtained from foreign sources, that U.S. companies have lost billions in intellectual properties.“
Unfortunately, “senior representatives“, “conclusive evidence” and “foreign sources” are so vague that it’s impossible to validate the scope of the problem…or even believe it. Another document though, mentioned in the present reading give some examples of the uses of terrorists for cyberspace. It mentions among others the “Muslim Hackers Club” website and the information posted to it, and the use of stolen credit cards and bank account information to finance the Bali attack in 2002.
The authors are putting a lot of emphasis on treating cybersecurity as a priority on the same levels as WMD and any other subject that requires national attention therefore requiring that the federal government take charge of the national cybersecurity instead of IT departments. It proposes that:
1) Standards for computer security be enforce for to the industry such as manufacturing plants and power plants.
2) Cyberspace security be overlook by a cybersecurity chief and that security agencies such as the National Cyber Security Center (NCSC) and the Joint Inter-Agency Cyber Task Force (JIACTF) be merged into one.
A central office in charge of enforcing computer security standards will have to be formed later or sooner. Fortunately this will be sooner. Information Technology departments should not only have a national reference on the standards to achieve, but also have the opportunity to know how to implements those standards by having government-accredited security companies implementing those standards to networks of various industries. I also believe this new agency should periodically test the security of those networks, as I presume, should already be done. The reports propose that instead of a new agency, the Whitehouse be in charge of the national cybersecurity with an assistant to the president.
The difficulty in this resides in the fact that only one weak link is sufficient to be able to attack the entire system. Therefore, it is necessary to screen the entire critical infrastructure in order to be efficiently secured. And since this implies that systems are often connected internationally for large industries, it means an international consensus.
One thing is for sure, is that all the existing computer-security related need to be consolidated in order to focus on a common goal, and that is the protection of cyberspace. As the report states, it also need to be working hand-to-hand with the private sector in order to have a quick reaction to emergencies. Unfortunately this is only another report amongst other. Maybe a more tech-savvy president such as Barack Obama will catch on quicker to this threat. Until then, the battle still rages on in the shadows of the Internet…
San Antonio will be hosting the new data center of the National Security Agency reports the San Antonio Current. An old Sony factory on the West Military Drive, near San Antonio’s Loop 410 freeway, will be transformed to accommodate enormous size of data, which will mainly be electronic communications such as phone conversations and emails according to author James Bamford:
“No longer able to store all the intercepted phone calls and e-mail in its secret city, the agency has now built a new data warehouse in San Antonio, Texas.”
This city have been chosen for it’s cheap electricity, provided on an independent power grid since Texas as its own, unconnected to the other states’ grid, making it more reliable.
Another factor that played was the location of a similar size Microsoft datacenter a few miles away. This center will be the third largest data center of San Antonio.
As for the Sony plant, it’s made out of two connected buildings, offering offices and research areas and totals around 470 000 square feet. It is expected that 1500 employees will work there initially and may employ up to 4000 personnel.
The giant of retail merchandise, Luxottica Retail, distributor of brands such as Anne Klein, Bulgari, Chanel and Ralph Lauren has been hacked and information about 59 000 former employees have been stolen from the mainframe.
According to Lt. Jeff Braley from the Cyber Crimes Task Force of the Warren County Sheriff, the suspected hacker breached the mainframe without even hiding her IP address. The incredible omission let the police to a woman called Molly Burns, a 30 years old resident of Glendale, Arizona. The Burns’ apartment has been raided this summer during a heroin raid and a unspecified number of computers have been seized by the police.
“You not only see the criminal history this suspect has, but you see the ties that they have and that is much more worrisome,” Braley said.
According to News 5, the arrest record of the suspected hacker includes forgery, theft and drug abuse. Burns is now on the run and three different police departments in Arizona are also looking for her. The FBI will soon take over the case.
No details were given on how the attack was carried on. Any additional information would be appreciated. Luxottica Retail claimed that their systems have been secured since.
Not entirely cyber warfare related but still a very interesting read, but according to the Global Trends 2025 report by the National Intelligence Council, irregular warfare, which cyber warfare is part of, will play a determinant part into the future of the United States:
“… expanded adoption of irregular warfare tactics by both state and nonstate actors, proliferation of long-range precision weapons, and growing use of cyber warfare attacks increasingly will constrict US freedom of action.“
Unfortunately this is the only mention of cyber warfare in the report, which fails to go into further details. This shouldn’t come to a surprise to anyone though. We all know how reliant on technology everything is nowadays and the interconnection between every part of the modern society. Not only does the United States recognized that cyber warfare will be an important part of the upcoming conflicts, but also does China and Russia, which are stated to become heavyweights on the world stage:
“Few countries are poised to have more impact on the world over the next 15-20 years than China. If current trends persist, by 2025 China will have the world’s second largest economy and will be a leading military power.“
Right now, even with her very large armed forces of 2 million active personnel, China is trying to modernize its military to be more mobile and efficient. In order to accomplish that modernization, it has explored many new avenues that western societies are still trying to grasp. In 1999, two Chinese Air Forces colonels discussed new ways to conduct war in a guide titled “Unrestricted Warfare”, where they describe the use of computers as new weapons for future warfare:
“With technological developments being in the process of striving to increase the types of weapons, a breakthrough in our thinking can open up the domain of the weapons kingdom at one stroke. As we see it, a single man-made stock-market crash, a single computer virus invasion, or a single rumor or scandal that results in a fluctuation in the enemy country’s exchange rates or exposes the leaders of an enemy country on the Internet, all can be included in the ranks of new-concept weapons.“
Experts seem to agree that this kind of “new weapon” could do far more damage than one can imagine:
“If someone is able to attack information that is needed by decision makers, or that is crucial to organizing logistics and supply lines of an army on the ground, that means they can induce chaos in a nation“ said Sami Saydjari, who worked as a Pentagon cyber expert for 13 years and now runs a private company, Cyber Defence Agency.
We don’t know how much of the concepts explained in this book as been accepted by the People’s Liberation Army (PLA), but events from the last decade can gave us clues as how much China has developed cyber warfare capacities based on the text of the two colonels. .Concretes realizations of these ideas may have happened as soon as four years after the publication of the guide during Operation Titan Rain in 2003.With a computer network of more than 3.5 million computers spread across 65 countries, the Pentagon faces many challenges against a strong and sophisticated attack and Operation Titan Rain proved this. According to an article on ZDNet, 20 hackers, based or using proxies based in China, successfully attacked American networks in a coordinated attack:
At 10:23 p.m. PST, the Titan Rain hackers exploited vulnerabilities at the U.S. Army Information Systems Engineering Command at Fort Huachuca, Ariz.
At 1:19 a.m., they exploited the same hole in computers at the Defense Information Systems Agency in Arlington, Va.
At 3:25 a.m., they hit the Naval Ocean Systems Center, a Defense Department installation in San Diego, Calif.
At 4:46 a.m., they struck the U.S. Army Space and Strategic Defense installation in Huntsville, Ala.
The results from this operation were the theft of several classified information:
“From the Redstone Arsenal, home to the Army Aviation and Missile Command, the attackers grabbed specs for the aviation mission-planning system for Army helicopters, as well as Falconview 3.2, the flight-planning software used by the Army and Air Force,” according to Alan Paller, the director of the SANS Institute.
Many other attacks have been suspected to originate from China afterwards. Attacks against most of the G7 countries such as France, UK and Germany, New Zealand and India have been reported by many medias.
Although evidence gathered shows that China is aggressively pursuing irregular warfare, Russia is also gaining a strong cyber warfare reputation on the world scene. Its attack against Estonia has won world coverage and succeeding attacks on Georgia gave the country experience in that domain. It is again unclear though if attacks from Russia are actually coming from government agencies or from criminal behaviour.
The first incident concerning Russia goes back to 1999, before the Chinese cyber attacks. American networks went under siege in what is now called Operation Moonlight Maze. Back then, FBI officials were investigating a breach into the DOD satellite control systems. Again, while the first accusations for the source of this attack were Russian authorities, it was soon shown that they were not implied in this attack. The only certitude about this operation was that the attack went through a Russian proxy.
Nevertheless, Russia cyber warfare was displayed on Estonia in 2007. Once against, it was unclear if the government was involved or if Russian patriotism over the removal of the war memorial caused Russian script kiddies and botnets to answer with a massive DDoS attack. Moscow always denied any involvement in that case. It is also well known that major botnets that are lurking on the net are often controlled by Russian cyber-criminal gangs such as the Russian Business Network. It’s quite possible that those cyber-gangs ordered their botnets to retaliate against Estonia, especially since the attack consisted mostly of a denial-of-service attack, and wasn’t not as sophisticated as a coordinated hacking attack on networks. Another plausible option would be that Russia’s cyber army is a mercenary force.
A repetition of the Estonia cyber attack then took place against Georgia during the Russia-Georgian conflict. The same kind of attack occurred and took down various governmental and commercial websites: HTTP floods were send to www.parliament.ge and president.gov.ge. Some other sites were hi-jacked and displayed fake information. The Georgian government had to put up a temporary website on Blogspot. This time, the Russian Business Network was openly suspected by many analysts to be behind the attacks.
McAfee claims that 120 countries around the world are now developing cyber warfare strategies. It is inevitable that countries without cyber warfare capacities will be at great disadvantage in any arising conflict, as disruption of communications will be the first objective of any belligerent. It’s crucial that a strong offensive and defensive cyber war force be developed in order to not only defend against cyber threats, but also wage war in cyberspace.
A survey of 200 leaders from the critical infrastructure industries revealed that the energy sector is the most likely to be victim of a cyber attack. The survey was completed by IDC was conducted in August and October in Canada, the U.S and Europe.
The reasons to explain this phenomenon are the cost, apathy and government bureaucracy according to the survey. Also, industries are adding more and more possible access points to the internal network by connecting new sensors, meters and other equipment to their networks.
Of course, energy industries networks are valuable targets, and would probably be the first victims in a case of a full-scale cyber attack. And as the events of 2003 shown, only a few power plants need to go down in order to create chaos on a wide region.
If costs are the main factor to wait before securing networks, security is not likely to be in the priorities of managers during the economic crisis that’s coming on the horizon. Unfortunately, those who take the risk of not hardening their security now may pay the price later…And according to Rick Nicholson, research vice president for IDC’s Energy Insights:
“Most utility CIOs [chief information officers] believe that their companies will be compliant with relevant standards, but still have a long way to go before being adequately prepared for all cyber attacks.”
Victor Faur, a Romanian accused of hacking the U.S Navy, NASA and Department of Energy systems between 2005 and 2006 have been accused of illegally breaking into unauthorized computer systems.
At the end of a 10 months trial, the 28 years old computer programmer received a 16-month suspended prison sentence and will have to pay 230 000$ to the 3 organizations. Victor Faur will have to pay to NASA 214,200 dollars, to the US Department of Energy 15,032 dollars and to the US Navy some 8,856 dollars.
Faur told the audience that he hacked into the system to expose the flaw, as he was part of a group called the “White Hat” team.
It is still unknown if Faur will face the same fate as British hacker Gary McKinnon, who fights extraditions to the U.S. At the beginning of the trial, Thom Mrozek, the U.S attorney’s spokesman, said that the hacker would face a trial in Los Angeles after the Romanian trial. If convicted in a US court, he could end up in jail for 54 years.
An unnamed senior US official has declared to the Financial Times that the Whitehouse computer network was victim to numerous cyber attacks from China. According to the same official, the attackers had access to e-mails for short periods of time.
The unclassified network of the Whitehouse was breach numerous times by the attackers, which may have stole information. The sensibility of the information accessed is not specified, but since it was on the unclassified network, no data of value should have been viewed by the hackers. The attacks were detected by the National Cyber Investigative Joint Task Force, an agency created in 2007 and under the FBI.
No one from the American and Chinese sides commented on this event. This declaration comes amid many cyber attacks performed in previous years also and every time, blamed on the Chinese or Russians. In 2007, the Pentagon claimed to have been hacked by the cyber division of the People’s Liberation Army (PLA). It has been known for a while not that China has developed advanced cyber warfare capabilities and has gain a lot of experience.
The Department of Homeland Security seeks ideas on how to retrieve information in blogs and forums about the potential use and fabrication of Improvised Explosive Devices (IEDs). The DHS thinks that by analyzing information posted on blogs and forums in real time, it may be able to counter the use of IEDs on the field. They are therefore looking for “Indicators of Intent to Use Improvised Explosives (IEDs) available in Blogs to support the Counter-Improvised Explosive Devices (C-IED) Program.“
Any potential person interested would have to:
“2) developing objective, systematic data collection and retrieval techniques to gather data on a near real-time basis from blogs and message boards. Data will be collected at multiple, pre-determined times to evaluate the transmission of information over time, and should include metrics for determining the impact factor and usage patterns of the blogs and message boards. 3) identifying blogs and message boards utilized or favored by groups that engage in violent or terrorist activity to include in the study. Blogs and message boards must be representative of various characteristics of the larger populations of interest. and 4) collecting quantitative and qualitative data from the bloggers to evaluate such issues relating to knowledge of the preparation and execution of violent activities, including IED attacks.“
Now, I can think of so many ways to defeat this kind of surveillance. Encryption for one. Second, don’t use blogs or forums from the Internet to show where you will plan your next attack. Use a virtual private network (VPN). Maybe by looking for blogs or forums, they may find the stupidest insurgents/terrorists or teenagers that think they are cool, but the vast majority of them know how to use technology and have learned about encryption. A private web server would do the job also…Imagination is the limit!
As more and more of the infrastructure of modern societies gets inter networked, the more the authorities are taking notice of the possible disasters that ought to happen if those networks would be attacked and controlled by malicious individuals. Based on that, the U.S Secretary of the Air Force announced the creation of the AFCYBER, the Air Force Cyber Command, whose mission “will be to provide combat ready forces trained and equipped to conduct sustained global operations in and through cyberspace, fully integrated with air and space operations“. Let’s go deeper into that interesting new agency and try to see if it can actually matches the challenges of this century.
The United States government released in February 2003 a 76 pages document titled “The National Strategy to Secure Cyberspace”. This document recommended numerous solutions and actions to better protect the American cyberspace. Among these actions, one of them recommends to “Improve coordination for responding to cyber attacks within the U.S. national security community”. Based on that recommendation, the former U.S Secretary of the Air Force, Michael W. Wynne decided to establish a cyberspace command. He also stated:
“The aim is to develop a major command that stands alongside Air Force Space Command and Air Combat Command as the provider of forces that the President, combatant commanders and the American people can rely on for preserving the freedom of access and commerce, in air, space and now cyberspace“
It then has been decided that the 67th Network Warfare Wing and some elements of the 8th Air Force would serves as the core of the new command. It’s interesting to note that the goal of the 67th is “organizes, trains, and equips cyberspace forces to conduct network defense, attack, and exploitation.” Therefore, the Air Force already had an unit trained to conduct cyberspace operations, and more interestingly, this unit was also train to conduct attacks, not only defensive operations. Thus, in 2006 the Air Force Cyberspace Command (Provisional) unit was put into place. but faced many difficulties. The first came as to define the term “cyberspace”, define the command’s operations, find a location to base the unit, then find the personnel and define all their functions, train them and organize the unit. Those challenges were perfectly summarized when Maj. Gen. William T. Lord answered a Slashdot user about the location of the new command:
“I would hope that no matter where it was located, we would still be able to attract the talent needed to work in this exciting command and that all communities see the need to protect this domain.”
Attracting specialists and talented individuals is getting harder and harder. The private sector in technology is still offering, for now at least, good opportunities for graduated students. Maybe that’s why the AFCYBER touted is creation and development with TV ads and advertisement all over the web. A great mistake, as it opened it to greater scrutiny from the public and observers, which would now be able to witness the success or the failure of the new command…
And not only did it have difficulties organizing itself, it was in competition with other similar services of the military, with the Navy (Naval Network Warfare) and Army already having such organizations, without forgetting about organizations such as the National Security Agency (NSA).
Even with the fore mentioned difficulties, “We’ve figured all that out” said General Lord in October this year, “We’ve outlined how to organize cyber forces, i.e., what capabilities fall into, or not into, a cyber organization“.
The optimism expressed in Lord’s comment was hard to share. One month earlier, the establishment of the Cyber Command was suspended and the transfers of units were halted. In June, different actors were still discussing if the command should concentrate on defense and protection or if it should also conduct offensive operations. The ever growing size of the command and the confusion about which operations of the unit was to conduct were slowing any progress and all this amid numerous other Air Force scandals about nuclear management, which later caused Wynne to resign from his post.
As by October 8, 2008, the Air Force decided that the Cyber Command will finally be a numbered unit under the Air Force Space Command as told by Staff Gen. Norton A. Schwartz (see previous post “U.S Air Force Cyber Command is Working on a new Roadmap“, October 24, 2008). After 2 years, it seems that very little has been accomplish. We still have no idea of the structure, the size and not even the mission of the unit. Although Colorado Springs is apparently the preferred location, still no official location have been designated.
Will it work?
To be successful any cyber unit must first emphasize on constant research of new vulnerabilities in order to take the lead. It’s not just about looking at logs and waiting for an attack to occur. Any
serious cyber warfare unit must cooperate with every actor of the computer security field, not only corporations or universities, but also with hobbyist groups, hackers and phreakers in order to always have the initiative. As information is always distributed at blazing speed through out the net, and that nothing stays secret for long, constant research is needed to discover new vulnerabilities and detailed analysis. Yet, all those actors have been, as far as I know, ignored or forgotten.
Also, offensive is the best defense. Why should a military organization concentrate only on defensive operations? It even goes against American principles of war, as it ignores the “Offensive” principle, letting the initiative to the enemy. This is clearly not a sound decision. It ignores the basic concepts or warfare. I believe this is mostly due to a certain mentality in the military leadership, which still regards technology as support for troops instead of a fully fledge battlefield. This reasoning needs to change if we are to develop real cyber warfare operations. This is certainly something the Chinese understood.
I believe it will, if this unit becomes reality, become an administration bloated unit that will miss the point. Quantity is never a remedy to the lack of quality. A small but highly trained and skilled unit of hackers can do a lot more than a legion of technicians. The important part of cyber warfare is always to stay ahead, since that as soon as a hole or exploit is found, the enemy will patch it thus making it obsolete. and therefore, the need to find the next security vulnerability. Therefore, we don’t need a bigger bureaucracy, but more research, more cooperation with existing similar units and agencies and to develop a strong offensive capacity as the Chinese government seemed to have developed. The 67th Network Warfare unit and the Naval Network Warfare Command would be able to implement those capacities with the appropriate funding and support.
This command, which seemed like an important toward cyber warfare, now seems to have become a botched concept that will unlikely be of any use, except for other to look upon and learn from their mistakes. As the U.S Navy also has plans for a Naval Cyber Command, they have been a lot quieter about their project, maybe so they won’t suffer the same humiliation as their colleagues.
As governments are realizing the potential threats from a cyber war, agencies are organizing themselves to protect and defend their cyberspace. The U.S Air Force was based on this premise and would have been a good idea…if anyone had any idea of what they were talking about. Instead, it became or will become an administrative burden that failed and that will give no ror little results. In the end, the “Cyber Command” or what’s left of it, will be another organization which goals will be the same as the other agencies already in place, with no new value or innovative ideas…While western nations are struggling to grasp the concept of cyber warfare, others are developing a very well organized and effective effort to disrupt our systems. Cyber war is won by being a step ahead…and we’re not…