27 June 2015

The double-edged sword of cyber warfare

June 24, 2015

While Israel acknowledges ‘day-to-day’ use of offensive digital weapons, experts warn of its growing vulnerability 

One week after the Israeli army formally recognized cyber weapons as a fourth dimension of warfare, alongside land, air and sea, the defense minister on Wednesday sang the praises of digital weapons, saying that they can attack and conquer enemy assets without leaving a trace.

“Cyberspace enables the attack of another nation state in offensive action, even reaching victory without leaving any fingerprints, even if it is suspected,” Defense Minister Moshe Ya’alon said Wednesday at the fifth annual Cyber Security Conference at Tel Aviv University, according to a conference statement. “We are already there; we are not talking about some distant future. We have experienced this in Israel’s day-to-day actions against its enemies.”

The reference to offensive action was somewhat rare and it came just two weeks after Israel was fingered as a suspect in a cyberattack against participants in the nuclear negotiations with Iran.

On June 10 the Russian cybersecurity firm Kaspersky Lab ZAO asserted that it had been hacked and that the spyware smuggled into its own system had also been used to target three luxury European hotels, each of which hosted officials taking part in the international nuke talks.

The viruses, the Wall Street Journal reported, enabled the attackers to operate microphones in the hotels and compress and steal video feeds.

While the new virus bore no overt links to Israel, the Journal wrote, it was so complex and borrowed so heavily from Duqu – a program believed to be Israeli — that it “could not have been created by anyone without access to the original Duqu source code,” Kaspersky asserted in its report.

From right: Iron Dome developer Danny Gold; former Shin Bet head Carmi Gillon; R&D head at the Defense Ministry Brig. Gen. (res) Ophir Shoham; Brig. Gen. (res) Pinchas Buchris; Brig. Gen. (res) Yair Cohen; and moderator Or Heller (Mitch Ginsburg/Times of Israel)

Former heads of Unit 8200 — Israel’s NSA equivalent — and the Shin Bet shrugged at the accusation on Wednesday. Carmi Gillon, a former head of the Shin Bet security service, speaking at a panel on cyber and military affairs, described a Russian attempt to spy on Israel’s Moscow embassy in the 1950s. He said the KGB at the time dug a nearly mile-long tunnel under the building in order to insert listening devices.

“The policy is the same policy, the targets are the same targets, only the tools have changed,” he said.

Others suggested that the old code had been made public and could have been copied and pasted by anyone.

Brig. Gen. (res) Pinchas Buchris, a former head of Unit 8200, said that “cyber capability will change the world.”

He and Brig. Gen. (res) Yair Cohen, another former 8200 commander, touched on the offensive benefits of cyberwarfare. Cohen said Israel should strive to replicate with cyberweapons its opening salvo of the Six Day War, in which the IAF destroyed 180 enemy jets in three hours.

Buchris suggested, for instance, that while Hezbollah’s “stupid” or unguided rockets were immune to cyberattacks, its guided missiles could be targeted with cyberweapons. “Yes, you can deal with that,” he said.

Cadets in the IDF Cyber Defense Unit course on June 10, 2013 (photo credit: IDF Spokesperson’s Unit)

In general, though, Cohen said that cyberwarfare “favors the weak and not the strong.”

Buchris likened the situation to a balloon. He said cyberprotectors are forced to try to guard the balloon with their hands while the attackers need only to strike “with a pin.”

Gillon suggested that today a terror organization could take over a jet plane and “achieve something like 9-11″ without fielding any flesh and blood attackers.

In terms of 21st century military threats, he said that cyber “is second only to nuclear weapons.”

Ya’alon noted that criminal cyber activity is so prevalent today that it surpasses drug-related crimes internationally, but said that Israel has invested in protection and development to the point of being “a superpower.”

Cohen, though, said that even if one assumes that, say, the Israeli Air Force is nearly immune to attack, a strike against Israel’s national water authority would have implications for everyone, including the pilots of the IAF.

Quoting a former, unnamed head of the NSA, he said, “We’ve built a future based on a capability we have not yet learnt to protect.”

Last week, in a historic move indicative of the dangers and potency of the digital medium as a weapon, the commander of the Israeli army decided to establish a new IDF corps responsible for all cyber activity.Lt. Gen. Gadi Eisenkot called the establishment of the new corps, to be headed by a two-star general and on par with the Navy and the Air Force, a matter of supreme importance that is becoming “more significant with each passing day.”


Hacker hunt deepens amidst US-China cyberwar

A team from cybersecurity firm RSA, led by Jared Myers, is fighting back against attacks from the group known as Deep Panda or Shell Crew, reportedly responsible for the cyberattack on the US Office of Personnel Management

MANILA, Philippines – Following a cyberattack on the US Office of Personnel Management wherein hackers accessed the personal data of at least 4 million current and former federal employees, security researchers are stepping up efforts to find the culprits and defend against further attacks.

A team from cybersecurity firm RSA, led by Jared Myers, is working to push back against such attacks from the group known as Deep Panda or Shell Crew.

Myers explained that Shell Crew is "an extremely efficent and talented group,” though determining who Shell Crew really is remains a mystery.

Reuters reported on June 21 that researchers connected the breach of OPM, which was blamed on Deep Panda, to an earlier attack against US healthcare insurance company Anthem.

Despite a lack of evidence pointing to Shell Crew as the OPM attackers, Myers’ team believes Shell Crew and Deep Panda are one and the same.

How Shell Crew works

In one instance, Shell Crew reportedly used a spearphishing attack – an attack that tricks a user into infecting themselves with malware by clicking on a seemingly friendly email or link – to gain access to a US firm’s servers and data.

RSA was called in to check on an unrelated problem, but realized something was wrong. After a user fell for the attack, Shell Crew had created other means – backdoors – to access the firm’s information.

Myers' team had to go back and study Shell Crew's movements to detrmine where they had been in the networks and what had been stolen. Until they knew the extent of the breach, they couldn’t decisively act and kick out the intruders.

Two months after RSA found the security breach, they locked out Shell Crew. Shell Crew still assaults the fortifications put in place by RSA, but without success.

"If they're still trying to get back in, that lets you know you're successful in keeping them out,” Myers said. – Rappler.com

Military Branches Assemble to Break Ground on National Cybersecurity Strategy
The nation's best defense in cyberspace involves not only the military but private citizens and corporations, top security planners said in a closed-door meeting at the U.S. Army War College.

The nation's best defense in cyberspace involves not only the military but private citizens and corporations, top security planners said Tuesday in a closed-door meeting at the U.S. Army War College in Carlisle, Pa.

“You do not want this to be a military approach,” said speaker Mark Troutman, the director of the Center for Infrastructure Protection & Homeland Security at George Mason University. “We are Americans. We secure ourselves at the end of the day with an active and engaged citizenry.”

Participants at the event are working to break ground on a national cybersecurity strategy that would provide direction for the federal government in the event of a major computer attack, said William Waddell, director of mission command and the cyber division at the War College.

Sessions on the first of three days of planned talks included about two dozen planners representing multiple military branches, federal agencies such as Homeland Security, National Security Agency, Defense Department and Defense contractors, as well as security professors.

The Carlisle discussions are taking place as high-level talks between the United States and China play out at the Strategic and Economic Forum in Washington. U.S. Treasury Secretary Jack Lew opened the three-day forum Tuesday by saying Washington remains “deeply concerned about government-sponsored cyber theft from companies and commercial sectors.”

The comment reflected U.S. concerns that China might have been behind a massive computer hack on the federal Office of Personnel Management involving millions of government employee files. U.S.-China talks on cybersecurity issues were suspended last year when federal prosecutors in Pittsburgh filed criminal charges against several members of the Chinese military for allegedly stealing trade secrets.

Federal officials have said cybersecurity will be discussed during the Washington forum in an effort to smooth out problems before Chinese President Xi Jinping's scheduled first visit to the White House in December.

The Tribune-Review's Cyber Rattling series has reported the growing online threats from nation-states, criminals and others. The newspaper was invited to Carlisle to sit in on the unclassified but background discussions, involving many top policymakers who declined to comment for attribution because of security concerns.

One top military official suggested that the response from the United States to significant online attacks should not be limited to computers but include the potential for lethal force.

The session opened with an acknowledgement of the need to move quickly. Many active and retired military and government workers talked among themselves about the personnel management hack.

“The persistence and the size of the violation of people's integrity is concerning to me, along with the knowledge of the threat and our vulnerabilities and those pieces that affect basically all U.S. citizens,” Waddell said.

U.S. military discussions about cyber capabilities have been taking place for more than a decade, but have focused primarily on the country's offensive capabilities rather than defenses, said Anthony Shaffer, a retired Army lieutenant colonel who is a senior fellow at the London Center for Policy Research, a New York-based think-tank.

“We don't do (planning) to the level necessary now to understand that if we can do this to somebody else, for goodness sake, they're going to do it to us,” Shaffer said.

The first phase of the War College's cybersecurity focus in February laid out policy recommendations that included increasing the Defense Department's participation in cyber-response planning at the federal, state and local levels, as well as increased private-sector accountability for critical infrastructure such as power grids.

The War College events break down barriers that prevent groups from communicating about the cyber threat and what to do about it, said Thomas Arminio, a homeland security professor at Penn State University in Harrisburg.

“We have to avoid any notion of ‘my turf versus your turf,' ” Arminio said, “because the problem is only going to be solved by collaboration.”

©2015 The Pittsburgh Tribune-Review (Greensburg, Pa.) Distributed by Tribune Content Agency, LLC.

No comments: