|
Cyber Defense Weekly July 27, 2009 |
 |
 |
 |
|
Thursday, 14 January 2010 01:14 |
| Cyber Defense Weekly
Update on tools, technologies, and strategies for cyber defense
July 27, 2009
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
Is it cyber war?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In times of rapid change much discussion turns to terminology instead of focusing on the underlying substance of that change. Over the years threat levels have climbed from experimental hacking to cyber vandalism to cyber crime and finally cyber warfare. When in time can you stake a flag and say "here was cyber war, and here not"? Was it the hack attacks of May 2001 when Chinese hackers exploited a Windows ISS vulnerability to deface hundreds of US government web sites? Was it the wide spread use of custom Trojans by China to engage in industrial espionage against the UK in 2003? Was it Titan Rain, the Chinese cyber infiltration of US research labs such as Sandia? Was it the mythical Israeli attacks against Syria just prior to taking out a nuclear research facility? Or the equally mythical delivery of infected printers to Iraq before the first Gulf War?
While some pundits bristle at the idea of a war in cyber space to the point of calling it BS, at some point you have to have a term for using viruses, worms, bot armies, SYN floods, and network infiltration by one nation or group against another. Why not cyber war?
It pays to look at the titles of published materials over the years in China:
Wang Qingsong, Modern Military-Use High Technology, 1993
Zhu Youwen, Feng Yi,and Xu Dechi, Information War Under High Tech Conditions1994
Li Qingshan, New Military Revolution and High Tech War, 1995
Wang Pufeng, InformationWarfare and the Revolution in Military Affairs, Beijing: 1995
Zhu Xiaoli and Zhao Xiaozhuo, The United States and Russia in the New Military Revolution,1996
Li Qingshan, New Military Revolution and High Tech War, 1995
Dai Shenglong and Shen Fuzhen, Information Warfare and Information Security Strategy, 1996
Shen Weiguang, On New War 1997
Note the transition between "High Technology" and "Information Warfare". Winn Schwartau published Information Warfare: Chaos on the Electronic Superhighway in 1994 when the Internet was in its infancy.
Read this excerpt from Zhu Wenguan and Chen Taiyi's Information War, published in 1999:
To conduct computer surveillance, we can use computer information networks set up in peacetime and enter networks as different users to do the surveillance in an area broader than the battlefield. We can borrow the power of computer experts, especially hackers, to finish computer surveillance tasks . . . it can be seen that using hackers to obtain military information from computer networks is a very effective method. We should be familiar with network protocols and accumulate network intelligence.
The US Army Field Manual 100-6 Information Operations, August1996 states that the goal of Information Warfare is Information Dominance which it defines as:
The degree of information superiority that allows the possessor to use information systems and capabilities to achieve an operational advantage in a conflict or to control the situation in operations short of war, while denying those capabilities to the adversary.
There is no question that the military branches of the Great Powers (as Winston Churchill terms them) have turned to studying cyber war. It is time that the media, analysts, and IT security practitioners do the same.
My own assertion was always that cyber war would have to entail the use of computer assaults that were coincident with tanks rolling across the borders. That happened when Russia sent 150 tanks into South Ossetia, a part of Georgia. It was August 8, 2008.
Cyber war is with us. Countering cyber attacks, surviving cyber war, and avoiding becoming collateral damage is now added to the responsibility of IT security
Read on...
|
Israel's enemies are a strong match in cyber realm
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
It's no secret that if Iran gets close to acquiring nuclear weapons, Israel could launch a preemptive attack. And Israel, with the highest per capita defense spending in the world, probably has the right hardware for the job; indeed, its arsenal far outstrips Iran's. But it's a different story in cyberspace, where Israel's superiority is more in question. In recent years, cyber-attacks by Iran and its allies have become a major risk to Israeli computer systems. One notable example: the sophisticated cyber-operation during Israel's military incursion into Gaza earlier this year. At the peak of the attack, Israeli government sites received 15 million junk-mail deliveries per second from at least half a million computers. The Web site for the Home Front Command, which instructs citizens how to protect themselves from rocket attacks, temporarily went dark, as did dozens of other government sites, including one for Israel's secret service.
Read on...
|
DDoS attacks boon for security equipment firms
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The powerful Internet attack that recently crippled scores of South Korean computers in homes and offices may have been the best thing to ever happen to security equipment firms. As companies and government organizations looking to up their guard against possible online assaults in the future, computer networking firms such as Nowcom, Cisco Korea, Arbor Networks and Radware Korea are finding a quickly-expanding market for their distributed denial of service (DDoS) defense solutions. A DDoS attack occurs when multiple systems are flooded with traffic that overwhelms the bandwidth or resources of targeted systems. The recent cyber attacks affected nearly 80,000 computers in Korea, while also hurting the United States and China to a lesser degree.
Read on...
|
Hack attacks testing anti-virus firm
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
It would be hard for anyone to sense what kind of chaos has gone on inside the AhnLab building in Yeouido, Seoul, just by just looking at the building's sleek and elegant exterior. "Except for going to the bathroom, no one was able to leave a phone unattended," said Jin Hwa-joung, manager of the solution support team at AhnLab, a top local computer security solutions firm, last Thursday. Jin, who is in charge of the division responsible for individual customers' calls, was referring to their days in the wake of the recent distributed denial-of-service attacks that swept the nation from July 7 to 9. Sitting inside the female employee lounge, her interview-ready attire and manner was contradicted by the untidiness of the lounge, with blankets clumped up on top of the sofas and drink cans lying around randomly. "During the week of the attacks, we had up to 300 calls per operator, almost eight times the usual," she said as she smiled wearily.
Read on...
|
Cyber Command is crucial step toward protecting military network
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The premise for - and the promise of - dedicated military cyber defense reached a crucial milestone in late June when Defense Secretary Robert Gates issued an order that establishes the new Cyber Command. Although the decision was widely anticipated - and some believe long overdue - it nevertheless heralded a historic transition in the evolution of U.S. military services. It also speaks to our reliance on digital networks and the severity of the threats that routinely emanate from cyberspace. On the surface, the secretary's two-and-a-half page memo to senior Defense Department officials reads like a typical reorganization notice rather than the initiation of a new military era. In the memo, Gates directs the commander of Strategic Command to establish a new subordinate, unified command for military cyberspace operations, to be commanded by the director of the National Security Agency, Army Lt. Gen. Keith Alexander. The command needs to reach initial operating capability by October and begin developing a new military strategy for cybersecurity.
Read on...
|
Ottawa MIA in cyberwarfare?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
A Canadian anti-Internet censorship organization which recently exposed the activities of a China-based computer spy network says the Canadian government is dropping the ball in taking a pivotal role in leading a global effort against cybercrime such as the distributed-denial-of-service (DDoS) attacks now crippling major U.S. and South Korean Websites. In March this year, the Internet research group Citizen Lab based at the Munk Centre for International Studies at the University of Toronto and SecDev Group, a research organization based in Ottawa, made public the existence of Ghost-Net , a cyber spy network using servers based in China to hack into and control computers in foreign embassies, International organizations, news media and even the office of the Dalai Lama.
Read on...
|
Can cloud defend against DDoS attacks?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If you've been thinking about moving your applications into the cloud but weren't sure how to best justify the investment, you can probably thank the North Koreans for helping to write your business case. The distributed denial of service (DDoS) attacks - allegedly instigated by North Korea or its backers - that disrupted service for many federal agencies this month were successful because most of these agencies still publish web content on small, easily-saturated network links. Take a look at the two federal offices that were able to sustain the attack for the duration without loss of service - the websites for the White House and the Defense Department. It's no mystery that the White House site sits on servers hosted by Akamai, a distributed content delivery network that provides geo-centric services for content delivery. This means that a person accessing whitehouse.gov from San Francisco will talk to different servers than someone in Washington. The Akamai content network effectively load balances traffic, and this design was likely a key reason the White House wasn't affected by the attacks.
Read on...
|
The mysterious matriculates of Mirim and Moranbong
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
For the last five years, one of the enduring questions among computer security people was, "where are the mysterious, elite North Korean hackers?" For nearly two decades, the South Korean media has been reporting on the cyberwar capabilities of North Korea. Initially, this revolved around activity at Mirim College, a North Korean school that, since the early 1990s, has been training, for want of a better term, computer hackers. In 1997, North Korea established Moranbong University, to produce even more elite Internet espionage experts. This school is small, accepting only 30 students each year, for a five year program of computer and military subjects. About a hundred cyberwar experts, all military officers, are graduated from Mirim College each year.
Read on...
|
Click, click ... counting down to Cyber 9/11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
When it comes to national security, our leaders are overly focused on nuclear weapons of mass destruction; more thought should be given to the looming threat of cyber "mass disruption."
Read on...
|
China's Green Dam and the cyberwar implications
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Chinese military leaders have always been aware of the military advantage the US has over the People's Liberation Army. Reading through their published assessments of Sino-US war possibilities confirm our belief that we would dominate them in the air, land and sea. However the PLA was born of asymmetric warfare and this remains a core part of their strategies against any possible wars with the US. Specifically the PLA writes about the use of cyberwarfare as a means of countering this imbalance.
Read on...
|
Cyber-tactics gain growing importance in Israel's warfare
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From the war against the Iranian-and Syrian-backed Hezbollah three years ago, to the recent reports of a plan to recruit "Internet warfare" team, Israel has been seemingly attached growing importance to cyber-tactics in its warfare. Reports from Jerusalem suggest the country's Foreign Ministry has unveiled plans for an "Internet warfare" team. The program recruits members from the public to write on websites in defense of Israel. The successful candidates need to be students of law or politics who speak foreign languages. Others will have a military background. Much of what they will do is to write talkbacks on news sites -- the area usually beneath a news story that allows for public comments. Back to 2006, the Israeli war with the Lebanese armed group Hezbollah could form the basis of a cyber-warfare ABC textbook. Israel adopted a series of low-key methods for trying to win the war physically and psychologically.
Read on...
|
Report: Shortage of cyber experts may hinder govt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Federal agencies are facing a severe shortage of computer specialists, even as a growing wave of coordinated cyberattacks against the government poses potential national security risks, a private study found. The study describes a fragmented federal cyber force, where no one is in charge of overall planning and government agencies are "on their own and sometimes working at cross purposes or in competition with one another. "The report, scheduled to be released Wednesday, arrives in the wake of a series of cyberattacks this month that shut down some U.S. and South Korean government and financial Web sites. The recruiting and retention of cyber workers is hampered by a cumbersome hiring process, the failure to devise government-wide certification standards, insufficient training and salaries, and a lack of an overall strategy for recruiting and retaining cyber workers, the study said.
Read on...
|
Cyber Wars: Experts say Armenia IT sector vulnerable to attack
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
A cyber security expert has predicted a rise in the number of hacker attacks against Armenian web resources pointing an accusatory finger at "network hooligans" recruited by Azerbaijani special services. At a press conference Thursday, independent analyst Samvel Martirosyan further argued that the impact of 'cyber terrorism' on Armenia will become more appreciable with the country's development and growing dependence on information technologies."It is one thing in the case with network hooligans, and it is quite a different thing when Azerbaijani special services use hacker groups," said Martirosyan. Martirosyan echoed the widespread concerns and speculations among cyber experts in Armenia that Azerbaijani special services may have been behind the recent attacks against several government and media websites in Armenia resulting in their temporary disruptions.
Read on...
|
A contest to train cyber combatants
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In the 1950s, shocked by the Russians' launch of Sputnik, the United States embarked on an initiative to boost its numbers of scientists and engineers. Now, private industry, academics, and government agencies are banding together to create a similar push to educate and train at least 10,000 students to become the future defenders of cyberspace. On Monday, the Center for Strategic and International Studies, the SANS Institute, the U.S. Department of Defense (DoD), and several university and private-industry partners plan to announce the U.S. Cyber Challenge, a triathlon of competitions designed to inspire students to learn the technical skills needed to defend--and, in some cases, attack--computer networks. Alan Paller, director of research for the SANS Institute, an organization that educates and trains system administrators and computer engineers, says that schools aren't turning out enough students with the technical know-how to defend critical networks.
Read on...
|
| |
|
|
|
Cyber Defense Weekly July 20, 2009 |
|
|
|
|
Thursday, 14 January 2010 00:14 |
| Cyber Defense Weekly
Update on tools, technologies, and strategies for cyber defense
July 20, 2009
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
New Coverage: Cyber Defense
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Why cyber defense? How is this different than "security"? The difference is in motivation, purpose, and risks. In this post I hope to spell out the argument for creating a new category. I also provide a definition. First semantics. While much reviled by the security community outside the US government the use of the term "cyber" has recently gained both relevance and acceptance thanks to high level attention given to it by first the Bush administration and now the Obama presidency. The Bush era saw the inauguration of the Comprehensive Cyber Security Initiative which spelled out, albeit cryptically, twelve components of a government program that could entail over $7 billion in new spending annually.
Mellissa Hathaway firmly established the use of "cyber" in both her address to RSA 2009 and her published Cyberspace Policy Review document.
So "cyber" is now used to refer to those parts of IT infrastructure and the threat environment that deal with countering attacks and "cyberspace" refers to the global network of computers, networks, and people who use them.
Cyber defense defined:
Cyber defense is that category of products, methodologies and strategies used to counter targeted attacks.
How is this different from what has gone before? The primary difference is the motivation, purpose and methodologies of the attackers. Their concerted effort to infiltrate, steal, sabotage, and attack is a much more serious scenario than the random attacks that have been the norm since the birth of the security industry and the first firewalls and anti-virus products. The attackers now include cyber criminals looking for credit card databases, account access, and executing elaborate pump and dump schemes using compromised stock trading accounts. They include insiders stealing information for sale to those cyber criminals or seeking their own path to riches or revenge against their employers. And yes, cyber defense is the category that addresses the threat posed by nation states, terrorists, and fanatics as they engage in cyber espionage and targeted denial of service attacks.
With the level of spending projected by the United States , the UK, India, Pakistan, Israel, and most modern nations, there will be new players entering the IT security sector. Military contractors such as Raytheon, Booz Allen, and Lockheed Martin have already announced plans for cyber initiatives in order to win a piece of that spending. In the meantime existing vendors of defense security measures are seeing a banner year thanks to that spending. Over time there will develop a class of tools and systems that will address an expressed need for offensive measures as well. IT-Harvest will cover the cyber defense category by writing about these cyber defense tools. They include many existing categories like:
Perimeter security. Firewalls, IPS, Web Application Firewalls, and URL content filtering.
Identity and access management as it pertains to preventing unauthorized access to critical information and assets.
Secure Network Fabric. Using network security capabilities to prevent internal attacks.
Managed Security Service Providers.
DDoS defense, recently high-lighted by the Defense Department's announcement of a Request For Information ion DDoS defense capabilities.
Security Event and Information Management, SEIM, as it pertains to identifying and tracking down intruders.
Threatchaos will continue to cover the global incidents that pertain to cyber defense: Iranian protesters' use of Twitter to promulgate DDoS, Israeli and Chinese use of paid bloggers and commentators for psyops, Chinese cyber espionage, Russian crowd sourced attacks against its neighbors, and the cyber defense buildup occurring within the military operations of most nations.
We are also announcing the birth of Cyber Defense Weekly, a newsletter created to give participants in this new category a comprehensive summary of the week's news, product announcements, and escalations in cyber threats. Simply provide your email address here to become a subscriber.
|
Gates creates Cyber-Defense Command
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Defense Secretary Robert M. Gates issued an order yesterday establishing a command that will defend military networks against computer attacks and develop offensive cyber-weapons, but he also directed that the structure be ready to help safeguard civilian systems. In a memo to senior military leaders, Gates said he will recommend that President Obama designate that the new command be led by the director of the National Security Agency, the world's largest electronic intelligence-gathering agency. The current NSA director, Lt. Gen. Keith B. Alexander, is expected to be awarded a fourth star and to lead the cyber-command.
Read on...
|
Norwich University is on front lines of cyber defense
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
A research arm of Norwich University is manning the frontlines of the nation's cyber-defense system. U.S. Sen. Patrick Leahy on Friday announced two grants totaling $7.7 million for the Norwich University Applied Research Institutes. The money, he said, will fund the development of cyber-defense initiatives to ward off one of the country's most imposing national-security threats. "(Computers) run our power grids, they run large dams which, if attacked could flood whole communities," Leahy said during an afternoon press conference at the university's Northfield campus. "All of these things, if they're attacked, could do far more damage than someone sitting there with a couple bombs somewhere in the United States."
Read on...
|
Barret Lyon and Richard Stiennon discuss the US-KR attacks
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This first ever live broadcast on Twit.tv was recorded and posted here.
Read on...
|
The Israeli Foreign Ministry presents: Talkbackers in the service of the State
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
After they became an inseparable part of the service provided by public-relations companies and advertising agencies, paid Internet talkbackers are being mobilized in the service of the State. The Foreign Ministry is in the process of setting up a team of students and demobilized soldiers who will work around the clock writing pro-Israeli responses on Internet websites all over the world, and on services like Facebook, Twitter and Youtube.
Read on...
|
Richard Clarke addresses US intelligence issues
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Not since 1975 when the Church Commission investigated Nixon-era abuses in intelligence agencies, have such unusual things occurred in the world of Washington intelligence agencies as in these past few weeks. The Democratic House of Representatives threatened to pass an intelligence authorization bill which the Democratic White House has promised to veto. The former Democratic congressman who now heads the Central Intelligence Agency has been having a public disagreement with leading House Democrats about whether the CIA lies to Congress. There is a controversy about a secret CIA program to do something most Americans presumably want the CIA to do, to kill al Qaeda terrorists.
Read on...
|
Cyber warfare and attribution
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Stories like the July 4th cyber attack are raising our awareness of the cyber battlefield. Given the media focus on bots, rootkits, and malware, it is easy to overlook the core of these attacks - human conflict. In the Art of War, Sun Tzu stressed the understanding of those who wield the weapons of war. Security expert Richard Stiennon of IT-Harvest applauds this perspective. Below are highlights from the SecureLexicon Art of War podcast with Mr. Stiennon.
Read on...
|
So-called cyber attack was overblown
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To hear the media tell it, the United States suffered a major cyberattack last week. Stories were everywhere. "Cyber Blitz hits U.S., Korea" was the headline in Thursday's Wall Street Journal. North Korea was blamed.
Read on...
|
Quick stats around the US-KR DDoS attacks
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
It's been a busy week here in the office, between investigating, helping customers and the operator community, investigating some more, and of course talking to the press. Here's some quick stats I have been running this afternoon on the attack using ATLAS data. This data comes from our monitors used in the backbone monitoring live traffic rates and actual DDoS attacks. We didn't see all of the attacks against all of the victims (some 47 unique victims counted by ShadowServer by analyzing all of the configuration files) but this, we think, may be representative of the attacks. The peak attack size we measured was about 182Mbps, or about 428Kpps. The average size of an attack was about 39Mbps. Earlier investigations a couple of days ago showed smaller attacks but I would still classify these as "garden variety" in their intensity (most things below a couple hundred Mbps are pretty easily filtered).
Read on...
|
DHS cyber initiative announced RFI for DDoS defense
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
DHS holds an immediate requirement to issue an RFI (Request for information) to industry to gather interest for the DHS Cyber Initiative. Due to the expansive scope of the Cyber requirement, DHS wishes to involve as many sectors of industry as possible, to include small and "very small" solutions providers. In addition, due to the inherent security requirements, large and very large integrators will most likely play a prominent role in providing the necessary capabilities.
Read on...
|
| |
|
|
Last Updated on Thursday, 14 January 2010 01:03 |
|
Cyber Defense News Daily Digest 2009-12-30 |
|
|
|
|
Cyber Defense News Daily Digest 2009-12-27 |
|
|
|
|
Sunday, 27 December 2009 23:59 |
|
- Wow search Linkedin jobs for “cyber.” Arcsight is in a major expansion phase. #
- Finally. Details on the explosive device. It contained pentaerythritol. #
- Pentaerythritol tetranitrate (PETN, also known as corpent, pentrite), is one of the most powerful high explosives known, #
- PETN is also one of the ingredients in Semtex plastic explosive. #
- In December 2001, PETN was the explosive used by Richard Reid in his unsuccessful attempt to blow up American Airlines Flight 63 #
- Would 80 grams of PETN “blow up” an airplane? I don’t think so. #
Post from: ThreatChaos
Cyber Defense News Daily Digest 2009-12-27
|
|
Cyber Defense News Daily Digest 2009-12-24 |
|
|
|
|
|
|
|
<< Start < Prev 1 2 3 Next > End >>
|
|
Page 1 of 3 |
