Monday, December 26, 2011

Cyber Security Part 2 - Future of Warfare - Challenges of Cyber Attacks

Cyber warfare poses a number of challenges that make fighting the war extremely difficult. This post will outline a number of these issues. If you missed part one follow the link to read about Stuxnet and the Future of Cyber Warfare.

Tracking a hacker?
Bouncing Attacks
Have you ever considered how this might work? In truth the difficulty varies a great deal. An inexperienced domestic hacker could be tracked down in minutes. However, veteran hackers can be nearly impossible to track domestically. Tracking an experienced hacker in a foreign nation is harder. Even if you could do it many nations do not have laws prohibiting cyber crimes. (for many nations it is not in their best interest to prohibit it.)

More specifically tracking a veteran hacker is difficult because they often bounce their attacks separating their computer and the target. There are a few different ways this can be accomplished but one thing is consistent throughout, the use of proxies. A proxy will allow a computer to send a request to a proxy, which will then send a request to the target. Quick Diagram: [Hacker's Computer] > [Proxy] > [Target] Now, experienced hackers will have their requests bounce between five to ten proxies before the request reaches the target. This makes it really difficult to track an attack to the originator.
(learn more about bouncing techniques)

It can also be difficult because experienced hackers also understand how to hide evidence of their path. They will edit weblogs that track IP addresses, removing their IP address altogether. The proxies take different forms from proxy servers, compromised systems with backdoors, or computers with open ports. The bottom line is proxying is a tactic that is simple to implement and a great way to attack anonymously.

Lack of Infrastructure
Most weapons have certain infrastructure signatures that give clues to intelligence agencies. Like biological weapons, cyber weapons have next to no signatures. For either biological or cyber no silos are required, reactor, refinery, fuel, mining, or missile. The only thing required for cyber attacks are a computer terminal, internet connection, and the knowledge. This makes it very hard to see developing cyber threats. The best indicator of a growing threat is fluctuations in both successful and unsuccessful attacks. Even this can be difficult to gauge because many organizations do not want to admit that they have had their networks compromised or attacked. This again however, does not provide a great deal of information about who an attacker is.

Worms / Viral Attacks
The Stuxnet virus took advantage of a viral element, it spread itself all over the place remaining dormant until it reached its targeted system. Tracking down the original source of a virus can be tricky, as many of them use spoofing techniques to again hide the true path of the virus. The number of machines infected by a virus and the rate of spread can make it really hard as well. For example a virus called SQL Slammer or Sapphire in 2003 infected nearly 50% of the major internet servers in its first fifteen minutes in the wild. It is estimated the Sapphire increased its infection base by double every "few seconds".  (read more about viruses)

This is interesting and informative, also pretty long. You don't need to watch this,
but I am providing it in case you would like  to learn more about viruses and 
worms. I recommend skipping the first six minutes of this video. 

Finally many attacks are designed as to be undetected. Many attacks are not designed to bring systems down, but use them for other nefarious reasons, like stealing data. If a virus designed for this means is noticed by the user it is likely to be eliminated. When viruses or other cyber attacks are performed with this design, they are designed to have small footprints, leave little to no traces, and hide their presence. This can make it very difficult to protect against. Also you cannot track a hacker that you don't know has attacked your system.

State Sponsored Attacks
I mentioned earlier in this post that some states do not have laws prohibiting cyber crimes. This is because many states have a net profit at the end of the day because of cyber criminal activity. This makes these states unlikely to crack down on cyber criminals operating in their states. This makes this war even more difficult. The enemies are protected by the sovereignty of the state in which the hackers reside.

The next post will deal with intention, what motivates a cyber attack?

    Saturday, December 24, 2011

    Cyber Security Part 1 - Future of Warfare - Stuxnet

    I have been meaning to write about Stuxnet for over a year now. The advent of guns, aircraft, chemical or biological weapons, and the atomic bomb caused paradigm shifts in how wars are fought and security viewed. Stuxnet is as significant in my opinion as these other developments. It represents a new kind of war, a new kind of threat, and a new necessary shift in security.  This new kind of threat can penetrate state boundaries, it is almost untraceable and undectable.

    What is Stuxnet?

    Stuxnet: Anatomy of a Computer Virus from Patrick Clair

    Now that you have additional context about Stuxnet you can see why it is significant. The fact that it uses a zero-day exploit is not surprising, but that it used 20 different zero-day exploits is. I digress, zero-day exploits will always exist. Although a lot can be done to improve the security of a network,  networked computer systems are never impervious to attack. Often encrypted systems have been touted as unbreakable and historically a young teenager has cracked them. Recently in the news it has been confirmed that one of the U.S. most advanced drones was brought down by an Iranian cyber attack. It is currently in their possession. Advanced missile systems were not required, merely a computer system. This reminds me back in 2009 when it was reported that terrorist insurgents in Afghanistan were able to hack into the drones to gain access to "secure" videofeeds requiring little more that some $26 dollar software.  (read more)  North Korea a mostly impovershed nation even has a very capable Cyber unit, they are suspected of bringing down a prominent South Korean bank for many days. We may think these countries too underdeveloped to be a threat using technology against us. However, I think the more each of us study the capabilities of other nations the faster first world citizens will come to conclusion that, we need to take security more seriously.

    The fact of the matter is I think that the first world governments and private sector needs to invest a great deal more in cyber security. Symantec a leading cyber security company found that directed cyber attacks are up 400% this year. This is the reality of our present and future, directed cyber attacks will continue to increase. If that doesn't scare you the Stuxnet virus is open source and can be downloaded and tweaked by any interested party. This has pretty scary implications.

    Download Stuxnet Source Code

    As I have been researching this topic in greater depth I found a number of very surprising things. I decided that in the interest of not having a post be to lengthy I will break up my findings into a couple of posts.