Monday, December 26, 2011

Cyber Security Part 2 - Future of Warfare - Challenges of Cyber Attacks

Cyber warfare poses a number of challenges that make fighting the war extremely difficult. This post will outline a number of these issues. If you missed part one follow the link to read about Stuxnet and the Future of Cyber Warfare.

Tracking a hacker?
Bouncing Attacks
Have you ever considered how this might work? In truth the difficulty varies a great deal. An inexperienced domestic hacker could be tracked down in minutes. However, veteran hackers can be nearly impossible to track domestically. Tracking an experienced hacker in a foreign nation is harder. Even if you could do it many nations do not have laws prohibiting cyber crimes. (for many nations it is not in their best interest to prohibit it.)

More specifically tracking a veteran hacker is difficult because they often bounce their attacks separating their computer and the target. There are a few different ways this can be accomplished but one thing is consistent throughout, the use of proxies. A proxy will allow a computer to send a request to a proxy, which will then send a request to the target. Quick Diagram: [Hacker's Computer] > [Proxy] > [Target] Now, experienced hackers will have their requests bounce between five to ten proxies before the request reaches the target. This makes it really difficult to track an attack to the originator.
(learn more about bouncing techniques)

It can also be difficult because experienced hackers also understand how to hide evidence of their path. They will edit weblogs that track IP addresses, removing their IP address altogether. The proxies take different forms from proxy servers, compromised systems with backdoors, or computers with open ports. The bottom line is proxying is a tactic that is simple to implement and a great way to attack anonymously.

Lack of Infrastructure
Most weapons have certain infrastructure signatures that give clues to intelligence agencies. Like biological weapons, cyber weapons have next to no signatures. For either biological or cyber no silos are required, reactor, refinery, fuel, mining, or missile. The only thing required for cyber attacks are a computer terminal, internet connection, and the knowledge. This makes it very hard to see developing cyber threats. The best indicator of a growing threat is fluctuations in both successful and unsuccessful attacks. Even this can be difficult to gauge because many organizations do not want to admit that they have had their networks compromised or attacked. This again however, does not provide a great deal of information about who an attacker is.

Worms / Viral Attacks
The Stuxnet virus took advantage of a viral element, it spread itself all over the place remaining dormant until it reached its targeted system. Tracking down the original source of a virus can be tricky, as many of them use spoofing techniques to again hide the true path of the virus. The number of machines infected by a virus and the rate of spread can make it really hard as well. For example a virus called SQL Slammer or Sapphire in 2003 infected nearly 50% of the major internet servers in its first fifteen minutes in the wild. It is estimated the Sapphire increased its infection base by double every "few seconds".  (read more about viruses)

This is interesting and informative, also pretty long. You don't need to watch this,
but I am providing it in case you would like  to learn more about viruses and 
worms. I recommend skipping the first six minutes of this video. 

Finally many attacks are designed as to be undetected. Many attacks are not designed to bring systems down, but use them for other nefarious reasons, like stealing data. If a virus designed for this means is noticed by the user it is likely to be eliminated. When viruses or other cyber attacks are performed with this design, they are designed to have small footprints, leave little to no traces, and hide their presence. This can make it very difficult to protect against. Also you cannot track a hacker that you don't know has attacked your system.

State Sponsored Attacks
I mentioned earlier in this post that some states do not have laws prohibiting cyber crimes. This is because many states have a net profit at the end of the day because of cyber criminal activity. This makes these states unlikely to crack down on cyber criminals operating in their states. This makes this war even more difficult. The enemies are protected by the sovereignty of the state in which the hackers reside.

The next post will deal with intention, what motivates a cyber attack?


    Mike and Emily said...

    Would you mind expounding on how nations benefit from cyber criminals? Also, are there any documented instances of this? I am loving this information and your thoughts. Keep it coming.

    Britton Stanfill said...

    Thanks for your encouraging words and your questions, I plan to address this is either the next post or the following post. For some reason part 3 has been kind of a hard write.