by Jeffrey Carr
Mapping the Cyber Underworld
Second Edition
 |
| Inside Cyber Warfare Second Edition |
Since the first edition of Jeffrey Carr’s Inside Cyber Warfare: Mapping the Cyber
Underworld was published, cyber security has become an increasing strategic and
economic concern. Not only have major corporations and government agencies
continued to be victimized by massive data thefts, disruptive and destructive attacks
on both public and private entities continue and show no signs of abating. Among the
publicly disclosed targets of cyber attacks are major financial institutions, entertainment
companies, cyber security companies, and US and foreign government agencies,
including the US Department of Defense, the US Senate, and the Brazilian and the
Malaysian governments.
Many of these cyber penetrations are aimed at theft of identity or financial data for
purposes of criminal exploitation. These cannot simply be regarded as a “cost of doing
business” or tolerable losses; such episodes undermine the public trust, which is the
foundation for business transactions over the Internet. Even more significant is the
threat posed by cyber theft of intellectual property. Every year, economic competitors
of American businesses steal a quantity of intellectual property larger than all the data
in the Library of Congress. As a result, these rivals are gaining an unfair advantage in
the global economy.
Also gaining in seriousness are organized efforts to disrupt or even destroy cyber
systems. Anarchist and other extremist groups, such as Anonymous and LulzSec (and
their offspring), seek to punish those with whom they disagree by exposing confidential
data or disrupting operations. Recent breaches of cyber security firms such as HBGary
and EMC’s RSA SecurID division demonstrate a strategic effort to undermine the
security architecture on which many enterprises rely. And the multiplication of social
media and mobile devices will create many more opportunities for cyber espionage,
social engineering attacks, and open source intelligence collection by nation-states,
terrorists, and criminal groups.
Since the formation of the Comprehensive National Cybersecurity Initiative in 2008,
the US government has unveiled a series of security-related strategies, including
legislative proposals. These are useful and important steps, but they’re not enough to
keep pace with the growing and diversifying threats. The private sector in particular
must take ownership of much of the burden of defending the networks they own and
operate. Moreover, while technology and tools are key to the solution, human beings
are at the heart of any security strategy. Unless those who use the Internet observe good
security practices, defensive technologies will merely be a bump in the road to those
who seek to exploit cyberspace.
Finally, while defense against cyber attacks is important, it is not enough. When cyber
attacks damage critical infrastructure or even threaten loss of life, sound strategy calls
for preventive and deterrent measures. While some downplay the idea of cyberspace
as a warfare domain, occurrences such as the 2008 Russia-Georgia conflict underscore
that information systems are very much part of the battlefield of the future. For this
reason, the US Department of Defense has issued its first official strategy for operating
in cyberspace. To be sure, difficulties in attribution and questions of legal authority
complicate the application of warfighting concepts to cyberspace. Nevertheless, we
must tackle these issues to determine what measures can be taken offensively to eliminate
or deter critical cyber threats, when those measures should be triggered, and who
should carry them out. Without formulating a strategy that encompasses these measures,
our cyber security doctrine will be, at best, disconnected and incomplete.
For policymakers and business leaders, cyber warfare and cyber security can no longer
be regarded simply as the province of experts and technicians. The leadership of any
public or private enterprise must consider the risks of and responses to cyber threats.
This latest edition of Jeffrey Carr’s volume is indispensable reading for senior executives
as well as savants.
—The Honorable Michael Chertoff,
former Homeland Security Secretary
and co-founder of The Chertoff Group
Preface
I was recently invited to participate in a cyber security dinner discussion by a few
members of a well-known Washington, DC, think tank. The idea was that we could
enjoy a fine wine and a delicious meal while allowing our hosts to pick our brains about
this “cyber warfare stuff.” It seems that the new threatscape emerging in cyberspace
has caught them unprepared and they were hoping we could help them grasp some of
the essentials in a couple of hours. By the time we had finished dinner and two bottles
of a wonderful 2003 red, one of the Fellows in attendance was holding his head in his
hands, and it wasn’t because of the wine.
International acts of cyber conflict (commonly but inaccurately referred to as cyber
warfare) are intricately enmeshed with cyber crime, cyber security, cyber terrorism, and
cyber espionage. That web of interconnections complicates finding solutions because
governments have assigned different areas of responsibility to different agencies that
historically do not play well with others. Then there is the matter of political will. When
I signed the contract to write this book, President Obama had committed to make cyber
security a top priority in his administration. Seven months later, as I write this introduction,
cyber security has been pushed down the priority ladder behind the economy
and health care, and the position of cyber coordinator, who originally was going to
report directly to the President, must now answer to multiple bosses with their own
agendas. A lot of highly qualified candidates have simply walked away from a position
that has become a shadow of its former self. Consequently, we all find ourselves holding
our heads in our hands more often than not.
Cyberspace as a warfighting domain is a very challenging concept. The temptation to
classify it as just another domain, like air, land, sea, and space, is frequently the first
mistake that’s made by our military and political leaders and policymakers.
I think that a more accurate analogy can be found in the realm of science fiction’s
parallel universes—mysterious, invisible realms existing in parallel to the physical
world, but able to influence it in countless ways. Although that’s more metaphor than
reality, we need to change the habit of thinking about cyberspace as if it’s the same
thing as “meat” space.
After all, the term “cyberspace” was first coined by a science fiction writer. My own
childhood love affair with science fiction predated William Gibson’s 1984 novel
Neuromancer, going all the way back to The New Tom Swift Jr. Adventures series, which
was the follow-up to the original series of the early 1900s. By some quirk of fate, the
first Tom Swift Jr. book was published in 1954 (the year that I was born) and ceased
publication in 1971 (the year that I left home for college). Although the young inventor
didn’t have cyberspace to contend with, he did have the “Atomic Earth Blaster” and
the “Diving Sea Copter.” In an otherwise awful childhood, the adventures of Tom Swift
Jr. kept me feeling sane, safe, and excited about the future until I was old enough to
leave home and embark on my own adventures.
Now, 38 years later, I find myself investigating a realm that remains a sci-fi mystery to
many leaders and policymakers of my generation, while younger people who have
grown up with computers, virtual reality, and online interactions of all kinds are perfectly
comfortable with it. For this reason, I predict that the warfighting domain of
cyberspace won’t truly find its own for another five to eight years, when military officers
who have grown up with a foot in both worlds rise to senior leadership roles within the
Department of Defense.
How This Book Came to Be
This book exists because of an open source intelligence (OSINT) experiment that I
launched on August 22, 2008, named Project Grey Goose (Figure P-1). On August 8,
2008, while the world was tuning in to the Beijing Olympics, elements of the Russian
Federation (RF) Armed Forces invaded the nation of Georgia in a purported self-defense
action against Georgian aggression. What made this interesting to me was the fact that
a cyber component preceded the invasion by a few weeks, and then a second, much
larger wave of cyber attacks was launched against Georgian government websites
within 24 hours of the invasion date. These cyber attacks gave the appearance of being
entirely spontaneous, an act of support by Russian “hacktivists” who were not part of
the RF military. Other bloggers and press reports supported that view, and pointed to
the Estonian cyber attacks in 2007 as an example. In fact, that was not only untrue, but
it demonstrated such shallow historical analysis of comparable events that I found
myself becoming more and more intrigued by the pattern that was emerging. There
were at least four other examples of cyber attacks timed with RF military actions dating
back to 2002. Why wasn’t anyone exploring that, I wondered?
I began posting what I discovered to my blog IntelFusion.net, and eventually it caught
the attention of a forward deployed intelligence analyst working at one of the threeletter
agencies. By “forward deployed” I refer to those analysts who are under contract
to private firms but working inside the agencies. In this case, his employer was Palantir
Technologies. “Adam” (not his real name) had been a long-time subscriber to my blog
and was as interested in the goings-on in Georgia as I was. He offered me the free use
of the Palantir analytic platform for my analysis.
After several emails and a bunch of questions on my part, along with my growing
frustration at the overall coverage of what was being played out in real time in the North
Caucasus, I flashed on a solution. What would happen if I could engage some of the
best people inside and outside of government to work on this issue without any
restrictions, department politics, or bureaucratic red tape? Provide some basic guidance,
a collaborative work space, and an analytic platform, and let experienced professionals
do what they do best? I loved the idea. Adam loved it. His boss loved it.
On August 22, 2008, I announced via my blog and Twitter an open call for volunteers
for an OSINT experiment that I had named Project Grey Goose. Prospective volunteers
were asked to show their interest by following a temporary Twitter alias that I had
created just for this enrollment. Within 24 hours, I had almost 100 respondents consisting
of college students, software engineers, active duty military officers, intelligence
analysts, members of law enforcement, hackers, and a small percentage of Internetcreated
personas who seemed to have been invented just to see if they could get in (they
didn’t). It was an astounding display of interest, and it took a week for a few colleagues
and I to make the selections. We settled on 15 people, Palantir provided us with some
training on their platform, and the project was underway. Our Phase I report was produced
about 45 days later. A follow-up report was produced in April 2009. This book
pulls from some of the data that we collected and reported on, plus it contains quite a
bit of new data that has not been published before.
A lot happened between April 2009 and September 2009, when the bulk of my writing
for this book was done. As more and more data is moved to the cloud and the popularity
of social networks continues to grow, the accompanying risks of espionage and adversary
targeting grow as well. While our increasingly connected world does manage to
break down barriers and increase cross-border friendships and new understandings,
the same geopolitics and national self interests that breed conflicts and wars remain.
Conflict continues to be an extension of political will, and now conflict has a new domain on which its many forms can engage (espionage, terrorism, attacks, extortion, disruption).
This book attempts to cover a very broad topic with sufficient depth to be informative
and interesting without becoming too technically challenging. In fact, there is no
shortage of technical books written about hackers, Internet architecture, website
vulnerabilities, traffic routing, and so on. My goal with this book is to demonstrate how
much more there is to know about a cyber attack than simply what comprises its payload.
Welcome to the new world of cyber warfare.
Screenshot
Purchase Now !
Just with Paypal
Just with Paypal
Product details
Price
|
|
|---|---|
File Size
| 14,066 KB |
Pages
|
316 p |
File Type
|
PDF format |
ISBN
| 978-1-449-31004-2 |
Copyright
| 2012 Jeffrey Carr |
Table of Contents
Foreword . . . . . . xi
Preface . . . . . . . . . xiii
1. Assessing the Problem
The Complex Domain of Cyberspace 1
Cyber Warfare in the 20th and 21st Centuries 2
Cyber Espionage 4
Cyber Crime 5
Future Threats 7
Increasing Awareness 7
Critical Infrastructure 8
The Conficker Worm: The Cyber Equivalent of an Extinction Event? 12
Africa: The Future Home of the World’s Largest Botnet? 13
The Way Forward 14
2. The Rise of the Nonstate Hacker
The StopGeorgia.ru Project Forum 15
Counter-Surveillance Measures in Place 16
The Russian Information War 17
The Foundation for Effective Politics’ War on the Net (Day One) 17
The Gaza Cyber War between Israeli and Arabic Hackers during
Operation Cast Lead 19
Impact 19
Overview of Perpetrators 21
Hackers’ Profiles 22
Methods of Attack 27
Israeli Retaliation 28
Control the Voice of the Opposition by Controlling the Content in
Cyberspace: Nigeria 29
Are Nonstate Hackers a Protected Asset? 29
3. The Legal Status of Cyber Warfare
Nuclear Nonproliferation Treaties 32
The Antarctic Treaty System and Space Law 33
UNCLOS 34
MLAT 34
United States Versus Russian Federation: Two Different Approaches 34
The Law of Armed Conflict 35
Is This an Act of Cyber Warfare? 37
South Korea 37
Iran 37
Tatarstan 37
United States 38
Kyrgyzstan 38
Israel and the Palestinian National Authority 38
Zimbabwe 38
Myanmar 39
Cyber: The Chaotic Domain 39
4. Responding to International
Cyber Attacks as Acts of War
The Legal Dilemma 47
The Road Ahead: A Proposal to Use Active Defenses 48
The Law of War 48
General Prohibition on the Use of Force 49
The First Exception: UN Security Council Actions 49
The Second Exception: Self-Defense 50
A Subset of Self-Defense: Anticipatory Self-Defense 51
An Alternate Basis for Using Active Defenses: Reprisals 52
Nonstate Actors and the Law of War 52
Armed Attacks by Nonstate Actors 53
Duties between States 54
Imputing State Responsibility for Acts by Nonstate Actors 55
Cross-Border Operations 56
Analyzing Cyber Attacks under Jus ad Bellum 57
Cyber Attacks as Armed Attacks 58
Establishing State Responsibility for Cyber Attacks 61
The Duty to Prevent Cyber Attacks 62
Support from International Conventions 63
Support from State Practice 64
Support from the General Principles of Law 66
Support from Judicial Opinions 67
Fully Defining a State’s Duty to Prevent Cyber Attacks 67
Sanctuary States and the Practices That Lead to State Responsibility 68
The Choice to Use Active Defenses 68
Technological Limitations and Jus ad Bellum Analysis 69
Jus in Bello Issues Related to the Use of Active Defenses 71
Conclusion 74
5. The Intelligence Component to Cyber Warfare
The Korean DDoS Attacks (July 2009) 78
The Botnet Versus the Malware 80
The DPRK’s Capabilities in Cyberspace 81
One Year After the RU-GE War, Social Networking Sites Fall to
DDoS Attack 83
Ingushetia Conflict, August 2009 85
The Predictive Role of Intelligence 86
6. Nonstate Hackers and the Social Web
Russia 89
China 90
The Middle East 91
Pakistani Hackers and Facebook 92
The Dark Side of Social Networks 93
The Cognitive Shield 94
TwitterGate: A Real-World Example of a Social Engineering Attack with
Dire Consequences 97
Automating the Process 99
Catching More Spies with Robots 99
7. Follow the Money
False Identities 103
Components of a Bulletproof Network 105
ICANN 105
The Accredited Registrar 106
The Hosting Company 106
The Bulletproof Network of StopGeorgia.ru 106
StopGeorgia.ru 106
NAUNET.RU 108
SteadyHost.ru 109
Innovation IT Solutions Corp 110
Mirhosting.com 112
SoftLayer Technologies 112
SORM-2 114
The Kremlin and the Russian Internet 115
Nashi 115
The Kremlin Spy for Hire Program 117
Sergei Markov, Estonia, and Nashi 118
A Three-Tier Model of Command and Control 119
8. Organized Crime in Cyberspace
A Subtle Threat 125
Atrivo/Intercage 126
ESTDomains 126
McColo: Bulletproof Hosting for the World’s Largest Botnets 127
Russian Organized Crime and the Kremlin 129
9. Investigating Attribution
Using Open Source Internet Data 131
Background 134
What Is an Autonomous System Network? 135
Team Cymru and Its Darknet Report 138
Using WHOIS 139
Caveats to Using WHOIS 140
10. Weaponizing Malware
A New Threat Landscape 141
StopGeorgia.ru Malware Discussions 141
Twitter as DDoS Command Post against Iran 144
Social Engineering 146
Channel Consolidation 148
An Adversary’s Look at LinkedIn 149
BIOS-Based Rootkit Attack 151
Malware for Hire 151
Anti-Virus Software Cannot Protect You 151
Targeted Attacks Against Military Brass and Government Executives 152
11. The Role of Cyber in Military Doctrine
The Russian Federation 161
The Foundation for Effective Politics (FEP) 163
“Wars of the Future Will Be Information Wars” 165
“RF Military Policy in International Information Security” 166
The Art of Misdirection 169
China Military Doctrine 171
Anti-Access Strategies 174
The 36 Stratagems 174
US Military Doctrine 176
12. A Cyber Early Warning Model
The Challenge We Face 179
Cyber Early Warning Networks 180
Building an Analytical Framework for Cyber Early Warning 180
Cases Studies of Previous Cyber Attacks 183
Lessons Learned 187
Defense Readiness Condition for Cyberspace 188
13. Advice for Policymakers from the Field
When It Comes to Cyber Warfare: Shoot the Hostage 191
The United States Should Use Active Defenses to Defend Its Critical
Information Systems 194
Scenarios and Options to Responding to Cyber Attacks 196
Scenario 1 196
Scenario 2 197
Scenario 3 197
Scenario 4 198
In Summary 198
Whole-of-Nation Cyber Security 199
14. Conducting Operations in the
Cyber-Space-Time Continuum
Anarchist Clusters: Anonymous, LulzSec, and the Anti-Sec Movement 206
Social Networks: The Geopolitical Strategy of Russian Investment in
Social Media 206
2005: A Turning Point 209
DST and the Kremlin 210
The Facebook Revolution 211
Globalization: How Huawei Bypassed US Monitoring by Partnering with
Symantec 213
15. The Russian Federation:
Information Warfare Framework
Russia: The Information Security State 217
Russian Government Policy 217
New Laws and Amendments 218
Government Structures 220
Russian Ministry of Defense 222
Administrative Changes 222
Electronic Warfare Troops 222
The Federal Service for Technical and Export Control (FSTEC)—
Military Unit (Vch) 96010 224
5th Central Research and Testing Institute of the Russian Defense
Ministry (5th TSNIII)—Military Unit (Vch) 33872 225
18th Central Research Institute of the Russian Defense Ministry
(18th CRI MOD)—Military Unit (Vch) 11135 228
27th Central Research Institute of the Russian Defense Ministry
(27th CRI MOD)—Military Unit (Vch) 01168 228
Internal Security Services: Federal Security Service (FSB), Ministry of
Interior (MVD), and Federal Security Organization (FSO) 229
Federal Security Service Information Security Center (FSB ISC)—
Military Unit (Vch) 64829 229
Russian Federal Security Service Center for Electronic Surveillance of
Communications (FSB TSRRSS)—Military Unit (Vch) 71330 230
FSB Administrative Centers for Information Security 231
Russian Interior Ministry Center E (MVD Center E) 232
Russian Interior Ministry Cyber Crimes Directorate
(MVD Directorate K) 232
Russian Federal Security Organization (FSO)—Military Unit
(Vch) 32152 235
Russian Federation Ministry of Communications and
Mass Communications (Minsvyaz) 237
Roskomnadzor 238
Further Research Areas 241
16. Cyber Warfare Capabilities by Nation-State
Australia 243
Brazil 244
Canada 244
Czech Republic 245
Democratic People’s Republic of Korea 246
Estonia 247
European Union 248
France 248
Germany 249
India 250
Iran 250
Israel 251
Italy 252
Kenya 253
Myanmar 253
NATO 254
Netherlands 255
Nigeria 255
Pakistan 256
People’s Republic of China 257
Poland 258
Republic of Korea 258
Russian Federation 259
Singapore 259
South Africa 259
Sweden 260
Taiwan (Republic of China) 260
Turkey 261
United Kingdom 261
17. US Department of Defense
Cyber Command and Organizational Structure
Summary 263
Organization 264
The Joint Staff 264
Office of the Secretary of Defense 266
US Strategic Command (USSTRATCOM) 268
18. Active Defense for Cyber:
A Legal Framework for Covert Countermeasures
Covert Action 276
Cyber Active Defense Under International Law 277
Cyber Active Defenses as Covert Action Under International Law 280
Cyber Attacks Under International Law: Nonstate Actors 281
Index . . . . . . . . 285
●▬▬▬▬▬❂❂❂▬▬▬▬▬●
●▬▬❂❂▬▬●
●▬❂▬●
●❂●
═════● ●═════
