DOCSLIB.ORG

UC Irvine UC Irvine Electronic Theses and Dissertations

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
UC Irvine UC Irvine Electronic Theses and Dissertations UC Irvine UC Irvine Electronic Theses and Dissertations Title Regulating Cyber Space: An Examination of U.S.-China Relations Permalink https://escholarship.org/uc/item/9jb873k7 Author Ghazi-Tehrani, Adam Kavon Publication Date 2016 Peer reviewed|Thesis/dissertation eScholarship.org Powered by the California Digital Library University of California UNIVERSITY OF CALIFORNIA, IRVINE Regulating Cyber Space: An Examination of U.S.-China Relations DISSERTATION submitted in partial satisfaction of the requirements for the degree of DOCTOR IN PHILOSOPHY in Social Ecology by Adam Ghazi-Tehrani Dissertation Committee: Professor Emeritus Henry N. Pontell, Chair Professor John Dombrink Professor Elliott Currie 2016 © 2016 Adam KaVon Ghazi-Tehrani DEDICATION This dissertation is dedicated to: My dear, loVed family: my father, mother, sisters, and brother-in-law. I know I forgot birthdays, never called frequently enough, and have been generally “busy.” Hopefully, that’s all over. My extended family: the cherished aunts and uncles, cousins, and grandparents. To my grandparents, especially, I wish you could haVe seen this. My friends: Julie Gerlinger, who truly deserVes her own “thank you” page, nothing I say here could eVer be enough; Michael Ridino, my brother in arms, my fiercest companion; Tori Warwick, you’Ve supported me through thick and thin, eVen when others told you not to; Eric Parsons, Westley Nunn, Todd Gerlinger, and Tucker Biggs, I trust you each with my life, Virtual or otherwise; and Rashad Almomani, we’ve drifted apart, let’s fix that. ii TABLE OF CONTENTS ACKNOWLEDGEMENTS ......................................................................................................................... vi CURRICULUM VITAE .............................................................................................................................. vii ABSTRACT ................................................................................................................................................ xiii Chapter 1 ....................................................................................................................................................... 1 Introduction ............................................................................................................................................ 1 Defining Cyber Warfare ..................................................................................................................... 4 China’s History of Industrial Espionage ...................................................................................... 6 The U.S. History of Traditional Espionage ................................................................................. 7 Secret and Escalating Conflict ......................................................................................................... 8 Rationale for study ............................................................................................................................ 10 Dissertation Research ................................................................................................................. 10 Previous Research ........................................................................................................................ 11 Research Questions ........................................................................................................................... 11 Outline of Dissertation ..................................................................................................................... 15 Chapter 2 .................................................................................................................................................... 17 Literature Review .............................................................................................................................. 17 Cyber Criminology ........................................................................................................................ 17 Cyber War Theory ........................................................................................................................ 18 Cyber Nodal Governance ........................................................................................................... 19 The Insights of Traditional Criminology ............................................................................. 21 System capacity ............................................................................................................................. 21 Regulatory theories ...................................................................................................................... 23 Compliance theories .................................................................................................................... 25 Chapter 3 .................................................................................................................................................... 29 Research Methods ............................................................................................................................. 29 Case Selection ................................................................................................................................. 29 Data Collection ............................................................................................................................... 30 Data Analysis ................................................................................................................................... 31 Validation Strategy ....................................................................................................................... 32 Ethical Considerations ................................................................................................................ 33 Limitations ....................................................................................................................................... 33 Policy Implications ............................................................................................................................ 34 iii Chapter 4 .................................................................................................................................................... 36 AdVanced Persistent Threats ........................................................................................................ 36 The National Security Agency’s “Tailored Access Operations” ...................................... 37 AdVanced Persistent Threat 1: PLA Unit 61398 ................................................................... 39 The Problem with Attribution and the Tallinn Manual ..................................................... 43 The Attribution Checklist ............................................................................................................... 47 China on the Offensive ..................................................................................................................... 50 Titan Rain ......................................................................................................................................... 50 Shady RAT ........................................................................................................................................ 51 Operation Aurora .......................................................................................................................... 54 GhostNet ........................................................................................................................................... 57 Operation Night Dragon ............................................................................................................. 60 Pattern of the Global Cyber War and Crime: A Proposed Model ................................... 60 Characteristics of the source nation ..................................................................................... 62 MotiVation of attack ..................................................................................................................... 67 Profile of target organization ................................................................................................... 71 Chapter Summary .............................................................................................................................. 80 Chapter 5 .................................................................................................................................................... 81 An Expansion of the Nodal GoVernance Framework ......................................................... 81 Antagonistic Nodes ...................................................................................................................... 81 Analysis of American Nodes ..................................................................................................... 90 Super Nodes .................................................................................................................................. 101 Golden Shield Project ................................................................................................................ 113 Chapter Summary ............................................................................................................................ 119 Chapter 6 .................................................................................................................................................
Load more

Recommended publications
  • Internet Surveillance in China
    The Architecture of Control: Internet Su rveillance in China James A. Lewis , Center for Strategic and International Studies July 200 6 Security concerns shape China’s official internet and information technology strateg ies . Th ese include concerns shared by many cou nt ries: promoting a strong and growing economy , providing information assurance , and defending against foreign intrusions into China’s information space . Most importantly for the Chinese, information security include s a political element not foun d in many other nations – c ontrol by the party and the state over communications and the flow of informa tion . The rapid spread of internet access and mobile communications pose a serious challenge to this goal. In response, China’s security apparatus is reorienting its informational defenses. In the past, the emphasi s was on blocking access - the “great firewall.” In the future, the emphasis will be on the monitoring and surveillance of online activities. China’s primary objective in internet securi ty is political – preventing IT from eroding the regime’s authority. Information security is defined in China as “a comprehensive concept understood in a broad sense, and it involves political, economic, cultural, ideological, media, social and military l evel or field. ” It includes “data, system, network, infrastructure .”1 Chin ese officials worry about the potential of the Internet to contribute to the loss of state secrets , offer new avenues for organizing dissent and opposition , and spread “harmful inf ormation. ” This makes controlling access to "harmful network information” and the ability to monitor and intercept communications top priorities .2 For China’s leadership, one particular set of event s demonstrated the risks of not securing networks.
    [Show full text]
  • Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress
    Order Code RL32114 Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress Updated January 29, 2008 Clay Wilson Specialist in Technology and National Security Foreign Affairs, Defense, and Trade Division Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress Summary Cybercrime is becoming more organized and established as a transnational business. High technology online skills are now available for rent to a variety of customers, possibly including nation states, or individuals and groups that could secretly represent terrorist groups. The increased use of automated attack tools by cybercriminals has overwhelmed some current methodologies used for tracking Internet cyberattacks, and vulnerabilities of the U.S. critical infrastructure, which are acknowledged openly in publications, could possibly attract cyberattacks to extort money, or damage the U.S. economy to affect national security. In April and May 2007, NATO and the United States sent computer security experts to Estonia to help that nation recover from cyberattacks directed against government computer systems, and to analyze the methods used and determine the source of the attacks.1 Some security experts suspect that political protestors may have rented the services of cybercriminals, possibly a large network of infected PCs, called a “botnet,” to help disrupt the computer systems of the Estonian government. DOD officials have also indicated that similar cyberattacks from individuals and countries targeting economic,
    [Show full text]
  • Attribution and Response to Cybercrime/Terrorism/Warfare Susan W
    Journal of Criminal Law and Criminology Volume 97 Article 2 Issue 2 Winter Winter 2007 At Light Speed: Attribution and Response to Cybercrime/Terrorism/Warfare Susan W. Brenner Follow this and additional works at: https://scholarlycommons.law.northwestern.edu/jclc Part of the Criminal Law Commons, Criminology Commons, and the Criminology and Criminal Justice Commons Recommended Citation Susan W. Brenner, At Light Speed: Attribution and Response to Cybercrime/Terrorism/Warfare, 97 J. Crim. L. & Criminology 379 (2006-2007) This Symposium is brought to you for free and open access by Northwestern University School of Law Scholarly Commons. It has been accepted for inclusion in Journal of Criminal Law and Criminology by an authorized editor of Northwestern University School of Law Scholarly Commons. 0091-4169/07/9702-0379 THE JOURNALOF CRIMINAL LAW & CRIMINOLOGY Vol. 97. No. 2 Copyright 0 2007 by NorthwesternUniversity. Schoolof Low Printedin U.S.A. "AT LIGHT SPEED": ATTRIBUTION AND RESPONSE TO CYBERCRIME/TERRORISM/WARFARE SUSAN W. BRENNER* This Article explains why and how computer technology complicates the related processes of identifying internal (crime and terrorism) and external (war) threats to social order of respondingto those threats. First, it divides the process-attribution-intotwo categories: what-attribution (what kind of attack is this?) and who-attribution (who is responsiblefor this attack?). Then, it analyzes, in detail, how and why our adversaries' use of computer technology blurs the distinctions between what is now cybercrime, cyberterrorism, and cyberwarfare. The Article goes on to analyze how and why computer technology and the blurring of these distinctions erode our ability to mount an effective response to threats of either type.
    [Show full text]
  • Digital World Bug: Y2k38 an Integer Overflow Threat-Epoch
    International Journal of Computer Sciences and Engineering Open Access Review Paper Volume-5, Issue-3 E-ISSN: 2347-2693 Digital World Bug: Y2k38 an Integer Overflow Threat-Epoch S. Harshini1*, K.R. Kavyasri2 , P. Bhavishya3, T. Sethukkarasi4 1*Department of Computer Science and Engineering, R.M.K Engineering College, Chennai ,India 2Department of Computer Science and Engineering, R.M.K Engineering College, Chennai ,India 3Department of Computer Science and Engineering, R.M.K Engineering College, Chennai ,India 4Department of Computer Science and Engineering, R.M.K Engineering College Chennai ,India *Corresponding Author: [email protected] Available online at: www.ijcseonline.org Received:12/Feb/2017 Revised: 20/Feb/2017 Accepted: 10/Mar/2017 Published: 31/Mar/2017 Abstract-: Digital universe has been menaced by plenty of bugs but only a few seemed to pose a great hazard. Y2K,Y2K10 were the most prominent bugs which were blown away. And now we have Y2K38. The Y2K38 bug, if not resolved, it will get hold off the predictions that were made for the Y2K bug would come face reality this time. Y2K38 bug will affect all the system applications and most of the embedded systems which use signed 32 bit format for representing the internal time. The number of seconds which can be represented using this signed 32 bit format is 2,147,483,647 which will be equal to the time 19, January, 2038 at 03:14:07 UTC(Coordinated Universal Time),where the bug is expected to hit the web. After this moment the systems will stop working correctly.
    [Show full text]
  • Getting to Yes with China in Cyberspace
    Getting to Yes with China in Cyberspace Scott Warren Harold, Martin C. Libicki, Astrid Stuth Cevallos C O R P O R A T I O N For more information on this publication, visit www.rand.org/t/rr1335 Library of Congress Cataloging-in-Publication Data ISBN: 978-0-8330-9249-6 Published by the RAND Corporation, Santa Monica, Calif. © Copyright 2016 RAND Corporation R® is a registered trademark Cover Image: US President Barack Obama (R) checks hands with Chinese president Xi Jinping after a press conference in the Rose Garden of the White House September 25, 2015 in Washington, DC. President Obama is welcoming President Jinping during a state arrival ceremony. Photo by Olivier Douliery/ABACA (Sipa via AP Images). Limited Print and Electronic Distribution Rights This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited. Permission is given to duplicate this document for personal use only, as long as it is unaltered and complete. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial use. For information on reprint and linking permissions, please visit www.rand.org/pubs/permissions.html. The RAND Corporation is a research organization that develops solutions to public policy challenges to help make communities throughout the world safer and more secure, healthier and more prosperous. RAND is nonprofit, nonpartisan, and committed to the public interest. RAND’s publications do not necessarily reflect the opinions of its research clients and sponsors.
    [Show full text]
  • Effective Censorship: Maintaining Control in China
    University of Pennsylvania ScholarlyCommons CUREJ - College Undergraduate Research Electronic Journal College of Arts and Sciences 2010 Effective Censorship: Maintaining Control In China Michelle (Qian) Yang University of Pennsylvania, [email protected] Follow this and additional works at: https://repository.upenn.edu/curej Part of the Political Science Commons Recommended Citation Yang, Michelle (Qian), "Effective Censorship: Maintaining Control In China" 01 January 2010. CUREJ: College Undergraduate Research Electronic Journal, University of Pennsylvania, https://repository.upenn.edu/curej/118. This paper is posted at ScholarlyCommons. https://repository.upenn.edu/curej/118 For more information, please contact [email protected]. Effective Censorship: Maintaining Control In China Keywords censorship, china, incentives, Social Sciences, Political Science, Devesh Kapur, Kapur, Devesh Disciplines Political Science This article is available at ScholarlyCommons: https://repository.upenn.edu/curej/118 Effective Censorship: Maintaining Control in China Michelle Yang April 09, 2010 Acknowledgments My initial interest in this thesis topic was generated during the summer of 2009 when I was interning in Beijing. There, I had found myself unable to access a large portion of the websites I’ve grown so accustomed to in my everyday life. I knew from then that I wanted to write about censorship in China. Since that summer, the scope of the topic has changed greatly under the careful guidance of Professor Devesh Kapur. I am incredibly grateful for all the support he has given me during this entire process. This final thesis wouldn’t be what it is today without his guidance. Professor Kapur, thank you for believing in me and for pushing me to complete this thesis! I would also like to extend my gratitude to both Professor Doherty-Sil and Professor Goldstein for taking time out of their busy schedules to meet with me and for providing me with indispensible advice.
    [Show full text]
  • The Middle East Under Malware Attack Dissecting Cyber Weapons
    The Middle East under Malware Attack Dissecting Cyber Weapons Sami Zhioua Information and Computer Science Department King Fahd University of Petroleum and Minerals Dhahran, Saudi Arabia [email protected] Abstract—The Middle East is currently the target of an un- have been designed by the same unknown entity 1. The next precedented campaign of cyber attacks carried out by unknown malware of this lineage was Flame [7] which was discovered parties. The energy industry is praticularly targeted. The in May 2012 by Kaspersky Lab while investigating another attacks are carried out by deploying extremely sophisticated malware. The campaign opened by the Stuxnet malware in piece of malware called Wiper [8]. Flame features very 2010 and then continued through Duqu, Flame, Gauss, and unusual characteristics such as large size, large number of Shamoon malware. This paper is a technical survey of the modules, self adapting, etc. As Duqu, Flame’s objective is attacking vectors utilized by the three most famous malware, data collection and espionnage. Gauss [9] is another data namely, Stuxnet, Flame, and Shamoon. We describe their main stealing malware discovered in June 2012 by Kaspersky Lab modules, their sophisticated spreading capabilities, and we discuss what it sets them apart from typical malware. The focusing on banking information. Flame and Gauss exhibit main purpose of the paper is to point out the recent trends striking similarities and several technical evidences indicate infused by this new breed of malware into cyber attacks. that they come from the same “factories” that produced Stuxnet and Duqu [9]. The latest malware-based attack Keywords-Malwares; Information Security; Targeted At- tacks; Stuxnet; Duqu; Flame; Gauss; Shamoon targeting the middle east was the Shamoon attack on Saudi Aramco [10].
    [Show full text]
  • Long Cycles: a Bridge Between Past and Futures Professor Adrian Pop, Ph.D. Lecturer Răzvan Grigoras, Ph.D
    6th International Conference on Future-Oriented Technology Analysis (FTA) – Future in the Making Brussels, 4-5 June 2018 Long Cycles: A Bridge between Past and Futures Professor Adrian Pop, Ph.D. National University of Political Science and Public Administration, Bucharest, e-mail: [email protected] Lecturer R ăzvan Grigoras, Ph.D. National Defence University “Carol I”, Bucharest, e-mail: [email protected] Abstract Developing an anti-fragile behaviour by enhancing foresight capacity is a mandatory asset in the risk society. Cycles of continuity and change are preferred topics in the fields of history, economics, and international relations. Although centred on the past, the long cycles theory in general, and George Modelski's model in particular, might offer valuable insights into probable futures that might be involved in the planning practice of international actors. By identifying recurring historical patterns, one could extrapolate future developments. However, the key assumption of the paper is that possible novel developments are bound to be influenced by a series of drivers, both trends and wild cards. Therefore, it is necessary to increase the predictive capacity of the long cycle theory by using future study methodologies. The present paper attempts to suggest some ways for doing that in a two-step progressive method. The first step is to identify the most important drivers that could trigger deviations from the extrapolation of historical patterns identified by the long cycles theory and to quantify the expected shifts in the distribution power by using four indexes: the Foreign Bilateral Influence Capacity (FBIC) Index, the Global Power Index (GPI), the Gross Domestic Product (GDP), and the State of the Future Index (SOFI).
    [Show full text]
  • Duqu the Stuxnet Attackers Return
    Uncovering Duqu The Stuxnet Attackers Return Nicolas Falliere 4/24/2012 Usenix Leet - San Jose, CA 1 Agenda 1 Revisiting Stuxnet 2 Discovering Duqu 3 Inside Duqu 4 Weird, Wacky, and Unknown 5 Summary 2 Revisiting Stuxnet 3 Key Facts Windows worm discovered in July 2010 Uses 7 different self-propagation methods Uses 4 Microsoft 0-day exploits + 1 known vulnerability Leverages 2 Siemens security issues Contains a Windows rootkit Used 2 stolen digital certificates Modified code on Programmable Logic Controllers (PLCs) First known PLC rootkit 4 Cyber Sabotage 5 Discovering Duqu 6 Boldi Bencsath Announce (CrySyS) emails: discovery and “important publish 25 page malware Duqu” paper on Duqu Boldi emails: Hours later the “DUQU DROPPER 7 C&C is wiped FOUND MSWORD 0DAY INSIDE” Inside Duqu 8 Key Facts Duqu uses the same code as Stuxnet except payload is different Payload isn‟t sabotage, but espionage Highly targeted Used to distribute infostealer components Dropper used a 0-day (Word DOC w/ TTF kernel exploit) Driver uses a stolen digital certificate (C-Media) No self-replication, but can be instructed to copy itself to remote machines Multiple command and control servers that are simply proxies Infections can serve as peers in a peer-to-peer C&C system 9 Countries Infected Six organizations, in 8 countries confirmed infected 10 Architecture Main component A large DLL with 8 or 6 exports and 1 main resource block Resource= Command & Control module Copies itself as %WINDIR%\inf\xxx.pnf Injected into several processes Controlled by a Configuration Data file Lots of similarities with Stuxnet Organization Code Usual lifespan: 30 days Can be extended 11 Installation 12 Signed Drivers Some signed (C-Media certificate) Revoked on October 14 13 Command & Control Module Communication over TCP/80 and TCP/443 Embeds protocol under HTTP, but not HTTPS Includes small blank JPEG in all communications Basic proxy support Complex protocol TCP-like with fragments, sequence and ack.
    [Show full text]
  • View Final Report (PDF)
    TABLE OF CONTENTS TABLE OF CONTENTS I EXECUTIVE SUMMARY III INTRODUCTION 1 GENESIS OF THE PROJECT 1 RESEARCH QUESTIONS 1 INDUSTRY SITUATION 2 METHODOLOGY 3 GENERAL COMMENTS ON INTERVIEWS 5 APT1 (CHINA) 6 SUMMARY 7 THE GROUP 7 TIMELINE 7 TYPOLOGY OF ATTACKS 9 DISCLOSURE EVENTS 9 APT10 (CHINA) 13 INTRODUCTION 14 THE GROUP 14 TIMELINE 15 TYPOLOGY OF ATTACKS 16 DISCLOSURE EVENTS 18 COBALT (CRIMINAL GROUP) 22 INTRODUCTION 23 THE GROUP 23 TIMELINE 25 TYPOLOGY OF ATTACKS 27 DISCLOSURE EVENTS 30 APT33 (IRAN) 33 INTRODUCTION 34 THE GROUP 34 TIMELINE 35 TYPOLOGY OF ATTACKS 37 DISCLOSURE EVENTS 38 APT34 (IRAN) 41 INTRODUCTION 42 THE GROUP 42 SIPA Capstone 2020 i The Impact of Information Disclosures on APT Operations TIMELINE 43 TYPOLOGY OF ATTACKS 44 DISCLOSURE EVENTS 48 APT38 (NORTH KOREA) 52 INTRODUCTION 53 THE GROUP 53 TIMELINE 55 TYPOLOGY OF ATTACKS 59 DISCLOSURE EVENTS 61 APT28 (RUSSIA) 65 INTRODUCTION 66 THE GROUP 66 TIMELINE 66 TYPOLOGY OF ATTACKS 69 DISCLOSURE EVENTS 71 APT29 (RUSSIA) 74 INTRODUCTION 75 THE GROUP 75 TIMELINE 76 TYPOLOGY OF ATTACKS 79 DISCLOSURE EVENTS 81 COMPARISON AND ANALYSIS 84 DIFFERENCES BETWEEN ACTOR RESPONSE 84 CONTRIBUTING FACTORS TO SIMILARITIES AND DIFFERENCES 86 MEASURING THE SUCCESS OF DISCLOSURES 90 IMPLICATIONS OF OUR RESEARCH 92 FOR PERSISTENT ENGAGEMENT AND FORWARD DEFENSE 92 FOR PRIVATE CYBERSECURITY VENDORS 96 FOR THE FINANCIAL SECTOR 96 ROOM FOR FURTHER RESEARCH 97 ACKNOWLEDGEMENTS 98 ABOUT THE TEAM 99 SIPA Capstone 2020 ii The Impact of Information Disclosures on APT Operations EXECUTIVE SUMMARY This project was completed to fulfill the including the scope of the disclosure and capstone requirement for Columbia Uni- the disclosing actor.
    [Show full text]
  • The Internet Beyond Borderless Versus Balkanized
    POROUS TERRITORIES: THE INTERNET BEYOND BORDERLESS VERSUS BALKANIZED LUKE MUNN Western Sydney University (Australia) [email protected] Abstract: If the internet was once viewed as a borderless realm, critics now warn it is in danger of being “balkanized”, splintering into nationalized fragments. Certainly nation-states increasingly see the Internet as “their” internet, a national space to be regulated and actively shaped. The first half of this article charts the technologies that appear to place this vision within reach: data localization, internet shutdowns, and internet filtering. These moves promise to exert sovereign control, to make the inter- net an extension of national territory. Yet by drawing on two recent events in China, this article argues that these territories are messy and their borders are permeable. Pro-government activists jump across the firewall in order to attack individuals and organizations who threaten the stability and security of their motherland. Simultane- ously, individuals scale the firewall in order to question the party line and express solidarity with democratic movements, undermining the political and technical boundaries established by their nation. Internet architectures create a condition where territorialization is constantly being both amplified and undermined by “extra- territorial” activities. These practices demonstrate the everyday porosity of internet territories, providing a messier portrait that goes beyond the dichotomy of borderless vs balkanized. Keywords: territory, fragmentation, balkanization, internet, China. When nations speak of the internet today, they no longer use the language of the virtual, but of soil. At the dawn of the internet, cyberspace was framed as a new realm decoupled from the state. This digital sphere stretched across the globe, making it essentially ungovernable.
    [Show full text]
  • Advanced Persistent Threats
    Advanced Persistent Threats September 30, 2010 By: Ali Golshan ([email protected]) Agenda Page Current Threat Landscape 2 The Disconnect 10 The Risk 19 What now? 25 Section 1 Current Threat Landscape • Context • Common Targets for APTs • Recent Attacks • Shift in Purpose • Repercussions Section 1 - Current Threat Landscape Context Conventional Cyber Attacks • Conventional cyber attacks use known vulnerabilities to exploit the un-specific targets • Examples include malware (viruses, worms and Trojans), and traditional hacking and cracking methods Advanced Persistent Threats (APTs) • There is a new breed of attacks that is being referred to as Advanced Persistent Threats • APTs are targeted cyber based attacks using unknown vulnerabilities, customized to extract a specific set of data from a specific organization • APTs have the following characteristics that make them particularly dangerous: • Persistent: The persistent nature makes them difficult to be extracted • Updatable: The attacker can update the malware to be able to continuously evade security solutions even as they are upgraded Section 1 - Current Threat Landscape APTs target specific organizations to obtain specific information Since these are specialized attacks, they are customized for their targets, and are designed to extract very specific information based on the target. Most common targets are: Government agencies • Government agencies are targeted by Foreign Intelligence Services (FIS) • APTs can be used for theft of military level secrets and in cyber warfare for destabilization along with conventional warfare • 2007 McAfee report stated approximately 120 countries are trying to create weaponized internet capabilities • Example: The Russia-Georgia war of 2008 was the first example of a APT coinciding with conventional warfare.
    [Show full text]