WORLD WAR C : Understanding Nation-State Motives Behind Today’S Advanced Cyber Attacks

Total Page:16

File Type:pdf, Size:1020Kb

WORLD WAR C : Understanding Nation-State Motives Behind Today’S Advanced Cyber Attacks REPORT WORLD WAR C : Understanding Nation-State Motives Behind Today’s Advanced Cyber Attacks Authors: Kenneth Geers, Darien Kindlund, Ned Moran, Rob Rachwald SECURITY REIMAGINED World War C: Understanding Nation-State Motives Behind Today’s Advanced Cyber Attacks CONTENTS Executive Summary ............................................................................................................................................................................................................................................................................................................... 3 Introduction ............................................................................................................................................................................................................................................................................................................................................... 4 A Word of Warning ................................................................................................................................................................................................................................................................................................................. 5 The FireEye Perspective ............................................................................................................................................................................................................................................................................................ 5 Asia-Pacific ................................................................................................................................................................................................................................................................................................................................................... 6 Russia/Eastern Europe ............................................................................................................................................................................................................................................................................................ 12 Middle East ............................................................................................................................................................................................................................................................................................................................................. 14 The West ....................................................................................................................................................................................................................................................................................................................................................... 18 Conclusion ................................................................................................................................................................................................................................................................................................................................................ 21 About FireEye .................................................................................................................................................................................................................................................................................................................................. 22 2 www.fireeye.com World War C: Understanding Nation-State Motives Behind Today’s Advanced Cyber Attacks Executive Summary between the means chosen and their goals will Cyberspace has become a full-blown war zone as look rational and reasonable to them if not governments across the globe clash for digital necessarily to us.” supremacy in a new, mostly invisible theater of operations. Once limited to opportunistic criminals, Just as each country has a unique political cyber attacks are becoming a key weapon for system, history, and culture, state-sponsored governments seeking to defend national sovereignty attacks also have distinctive characteristics, and project national power. which include everything from motivation to target to type of attack. From strategic cyber espionage campaigns, such as Moonlight Maze and Titan Rain, to the destructive, This report describes the unique characteristics of such as military cyber strikes on Georgia and Iran, cyber attack campaigns waged by governments human and international conflicts are entering a new worldwide. We hope that, armed with this knowl- phase in their long histories. In this shadowy edge, security professionals can better identify their battlefield, victories are fought with bits instead of attackers and tailor their defenses accordingly. bullets, malware instead of militias, and botnets instead of bombs. Here is a quick overview: These covert assaults are largely unseen by the • Asia-Pacific. Home to large, bureaucratic public. Unlike the wars of yesteryear, this cyber hacker groups such as the “Comment Crew” war produces no dramatic images of exploding who pursue many goals and targets in warheads, crumbled buildings, or fleeing civilians. high-frequency, brute-force attacks. But the list of casualties—which already includes some of the biggest names in technology, financial • Russia/Eastern Europe. These cyber attacks services, defense, and government —is growing are more technically advanced and highly larger by the day. effective at evading detection. A cyber attack is best understood not as an end in • Middle East. These hackers are dynamic, itself, but as a potentially powerful means to a wide often using creativity, deception, and variety of political, military, and economic goals. social engineering to trick users into com- promising their own computers. “Serious cyber attacks are unlikely to be motiveless,” said Martin Libicki, Senior Scientist • United States. The most complex, targeted, at RAND Corp. “Countries carry them out to and rigorously engineered cyber attack achieve certain ends, which tend to reflect their campaigns to date. broader strategic goals. The relationship 3 www.fireeye.com World War C: Understanding Nation-State Motives Behind Today’s Advanced Cyber Attacks Introduction everything a user does on a computer. A software World War Z—a bestselling book and Holly- program that steals data from any nearby device wood movie—detailed a global pandemic in that has Bluetooth connectivity. Encrypted code which politics and culture deeply influenced that decrypts only on one specific, target device. how the public—and by extension, govern- Such sophistication speaks volumes about the ments—reacted to a zombie plague. In one maturity, size, and resources of the organizations passage, for example, an Arab boy refused to behind these attacks. With a few rare exceptions, believe that the disease was real, suspecting these attacks are now in the exclusive realm of that Israel had fabricated the story. The nations nation-states. described in World War Z—the United States, China, Russia, South Korea, Israel, and many “The international community has developed a others—are involved in a very different type of solid understanding of cyber technology,” said conflict, but one with real and growing national Prof. Michael N. Schmitt of the U.S. Naval War security impact: World War C, where “C” College, in an email interview. “What is missing stands for “Cyber”. However, the same rule is a grasp of the geopolitical context in which applies: each country has a unique political such technology operates. Attribution determi- system, history, language, culture, and under- nations made without sensitivity to the geopolit- standing of human and international conflict. ical surroundings are seldom reasonable.” Cyber conflict often mirrors traditional conflict. World War C, like any analogy, has its limits. For example, China uses high-volume cyber Cyber war has been compared to special attacks similar to how it used infantry during the operations forces, submarine warfare, missiles, Korean War. Many Chinese soldiers were sent assassins, nuclear weapons, Pearl Harbor, 9/11, into battle with only a handful of bullets. Given Katrina, and more. Even our zombie analogy is their strength in numbers, they were still able to not new. Often, any compromised computer, if achieve battlefield victories. On the other end of it is actively under the surreptitious control of a the spectrum lie Russia, the U.S., and Israel, whose cybercriminal, is called a zombie, and botnets cyber tactics are more surgical, reliant on are sometimes called zombie armies. Also, advanced technologies and the cutting-edge work compared to stockpiling tanks and artillery, of contractors who are driven by competition and writing cyber attack code, and compromising financial incentives. thousands if not millions of computers, is easy. Moreover, malware often spreads with the We are still at the dawn of the Internet Age. But exponential growth of an infectious disease. cyber attacks have already proven themselves as a low-cost, high-payoff way to defend national This report examines many publicly known sovereignty and to project national power. Many cyber attacks. By exploring some of the of today’s headlines seem to be pulled from the distinctive national or regional characteristics pages of a science fiction novel. Code so sophisti-
Recommended publications
  • Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress
    Order Code RL32114 Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress Updated January 29, 2008 Clay Wilson Specialist in Technology and National Security Foreign Affairs, Defense, and Trade Division Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress Summary Cybercrime is becoming more organized and established as a transnational business. High technology online skills are now available for rent to a variety of customers, possibly including nation states, or individuals and groups that could secretly represent terrorist groups. The increased use of automated attack tools by cybercriminals has overwhelmed some current methodologies used for tracking Internet cyberattacks, and vulnerabilities of the U.S. critical infrastructure, which are acknowledged openly in publications, could possibly attract cyberattacks to extort money, or damage the U.S. economy to affect national security. In April and May 2007, NATO and the United States sent computer security experts to Estonia to help that nation recover from cyberattacks directed against government computer systems, and to analyze the methods used and determine the source of the attacks.1 Some security experts suspect that political protestors may have rented the services of cybercriminals, possibly a large network of infected PCs, called a “botnet,” to help disrupt the computer systems of the Estonian government. DOD officials have also indicated that similar cyberattacks from individuals and countries targeting economic,
    [Show full text]
  • Attribution and Response to Cybercrime/Terrorism/Warfare Susan W
    Journal of Criminal Law and Criminology Volume 97 Article 2 Issue 2 Winter Winter 2007 At Light Speed: Attribution and Response to Cybercrime/Terrorism/Warfare Susan W. Brenner Follow this and additional works at: https://scholarlycommons.law.northwestern.edu/jclc Part of the Criminal Law Commons, Criminology Commons, and the Criminology and Criminal Justice Commons Recommended Citation Susan W. Brenner, At Light Speed: Attribution and Response to Cybercrime/Terrorism/Warfare, 97 J. Crim. L. & Criminology 379 (2006-2007) This Symposium is brought to you for free and open access by Northwestern University School of Law Scholarly Commons. It has been accepted for inclusion in Journal of Criminal Law and Criminology by an authorized editor of Northwestern University School of Law Scholarly Commons. 0091-4169/07/9702-0379 THE JOURNALOF CRIMINAL LAW & CRIMINOLOGY Vol. 97. No. 2 Copyright 0 2007 by NorthwesternUniversity. Schoolof Low Printedin U.S.A. "AT LIGHT SPEED": ATTRIBUTION AND RESPONSE TO CYBERCRIME/TERRORISM/WARFARE SUSAN W. BRENNER* This Article explains why and how computer technology complicates the related processes of identifying internal (crime and terrorism) and external (war) threats to social order of respondingto those threats. First, it divides the process-attribution-intotwo categories: what-attribution (what kind of attack is this?) and who-attribution (who is responsiblefor this attack?). Then, it analyzes, in detail, how and why our adversaries' use of computer technology blurs the distinctions between what is now cybercrime, cyberterrorism, and cyberwarfare. The Article goes on to analyze how and why computer technology and the blurring of these distinctions erode our ability to mount an effective response to threats of either type.
    [Show full text]
  • Nina Koennemann Bann They Come from Behind the Wall: the So-Called Smokers. Nina Koennemann Observes Them As If They Were the La
    Films & Windows I-IV 07.06. - 25.08. 2012 Films & Windows (IV) Nina Koennemann & Flame Opening Reception: 09.08.2012 / 19.00 - 22.00 CET Nina Koennemann Bann They come from behind the wall: the so-called smokers. Nina Koennemann observes them as if they were the last - or newly discovered - specimens of their kind. Their shoes, their lair, the way in which they separate ash from ember and how they dispose of waste. The traces that they leave behind in the cityscape; a cityscape in which they them- selves appear only in traces. A granite block and a film frame, in which visible and invisible dividing lines of the various quadrants, zones and outskirts overlap each other, forming the city as a semi-transparent area. The era of the cigarette, which began with the rise of industrial production and mass consumption, their ordering of time into brief intervals-the length of a smoke-is shown here entering its last phase. The semi-worldliness of smoking, last bound to bars and juke joints, finds the reverberation of a waking dream in the reflections of people, their body parts and passenger cars in the granite surface. This can mean the bisection of the world in the exact doubling of the material factors, or it's interpreted as a means of escape, an extension of space. -Katha Schulte Flame In May 2012 over a thousand computers in countries in the Middle East were infected by Flame malware. The virus is the latest in a series of cyberweapons (following Stuxnet in 2010, Duqu in 2011 and Mahdi in February 2012) and, because of its large and expensive scale, is speculated to be designed by governments for espionage purposes rather than hacker or cybercriminal activity.
    [Show full text]
  • Recent Developments in Cybersecurity Melanie J
    American University Business Law Review Volume 2 | Issue 2 Article 1 2013 Fiddling on the Roof: Recent Developments in Cybersecurity Melanie J. Teplinsky Follow this and additional works at: http://digitalcommons.wcl.american.edu/aublr Part of the Law Commons Recommended Citation Teplinsky, Melanie J. "Fiddling on the Roof: Recent Developments in Cybersecurity." American University Business Law Review 2, no. 2 (2013): 225-322. This Article is brought to you for free and open access by the Washington College of Law Journals & Law Reviews at Digital Commons @ American University Washington College of Law. It has been accepted for inclusion in American University Business Law Review by an authorized administrator of Digital Commons @ American University Washington College of Law. For more information, please contact [email protected]. ARTICLES FIDDLING ON THE ROOF: RECENT DEVELOPMENTS IN CYBERSECURITY MELANIE J. TEPLINSKY* TABLE OF CONTENTS Introduction .......................................... ..... 227 I. The Promise and Peril of Cyberspace .............. ........ 227 II. Self-Regulation and the Challenge of Critical Infrastructure ......... 232 III. The Changing Face of Cybersecurity: Technology Trends ............ 233 A. Mobile Technology ......................... 233 B. Cloud Computing ........................... ...... 237 C. Social Networking ................................. 241 IV. The Changing Face of Cybersecurity: Cyberthreat Trends ............ 244 A. Cybercrime ................................. ..... 249 1. Costs of Cybercrime
    [Show full text]
  • Administration of Barack Obama, 2013 Remarks at Camp Pendleton, California August 7, 2013
    Administration of Barack Obama, 2013 Remarks at Camp Pendleton, California August 7, 2013 The President. Hello, Marines! Audience members. Hooah! The President. Hello, Camp Pendleton! Audience members. Hooah! The President. Well, listen, it is great to be here, at the home of the 1st Marine Expeditionary Force—– Audience members. Hooah! The President.——and one of our Nation's oldest and most decorated military units, the legendary 1st Marine Division. Audience members. Hooah! The President. And I think I see some proud Navy folks here too. Audience members. Hooah! Let me thank General Nicholson for the introduction and for his outstanding leadership of our Marines in Iraq, in Afghanistan. And that includes your command of the 2nd Marine Expeditionary Brigade out of Camp Lejeune, which we recognized last year with the Presidential Unit Citation. Thank you, General Nicholson. I want to thank all of your commanders for welcoming me today, including General Coglianese and General Busby. And I want to recognize your incredible staff, noncommissioned officers, including Sergeant Majors Ronald Green, Scott Helms, and David Jobe. I want to salute Debbie Nicholson and all the spouses and military families who are here, because we understand they're the force behind the force. Just like Michelle is the force behind me. I want everyone to give a big round of applause to the amazing families who serve along with you. And I want to acknowledge Members of Congress who are here, including Susan Davis, Darrell Issa, and Dana Rohrabacher. Now, I've got to tell you the truth, I've been looking forward to this visit because—and this is a little tricky to say this—but my family and I, we've got a special place in our hearts for the Marine Corps.
    [Show full text]
  • Freedom Flyer Sep/Oct Celebrate Freedom Foundation Newsletter 2020
    Freedom Flyer Sep/Oct Celebrate Freedom Foundation Newsletter 2020 “HIDDEN WOUNDS”: The documentary Volume 3 Issue3 Is being filmed in part at the CFF hanger. It is being produced by Amelio Media LLC which received a series of national awards for their previous documentary, titled “The Journey Back to Normal”. Inside this Edition An overwhelming 20% of military veterans experience Post Traumatic Stress Disorder - PTSD. These veterans are wounded with injuries that we • Press Release pg. 1 cannot see, a tragic 20 veterans commit suicide every day. • Sponsor Highlight “Hidden Wounds” will chronicle the impetus behind creating impactful pg. 2 organizations like Celebrate Freedom Foundation, and how they have grown • Chairman's Corner and what they are accomplishing everyday. pg.3 CFF is recognized for it’s highly effective program for veterans to help • President’s Press heal from PTSD and TBI outside the four walls of a therapist’s office and pg. 3 several of our veteran members, individually and in a group setting, will be • Unit History Highlight interviewed for “The Hidden Wounds Documentary”. pg. 4 • STEM Team Report and schedule pg. 5 • Meet our staff pg. 6 • CFF Special News pg. 7—9 • CFF Contact Information pg. 10 • Sponsors pg. 11 Nicole Amelio-Casper at the Universal Film Festival,2019. Page 2 Sponsor Highlight Mid-Carolina Electric Cooperative THE MISSION OF MID-CAROLINA ELECTRIC COOPERATIVE, INC., A NOT-FOR-PROFIT MEMBER-OWNED ELECTRIC DISTRIBUTION UTILITY, IS TO IMPROVE THE QUALITY OF LIFE OF OUR MEMBERS BY PROVIDING QUALITY ELECTRIC SERVICES AT COMPETITIVE COSTS WITH A COMMITMENT TO MEMBER SATISFACTION.
    [Show full text]
  • Getting to Yes with China in Cyberspace
    Getting to Yes with China in Cyberspace Scott Warren Harold, Martin C. Libicki, Astrid Stuth Cevallos C O R P O R A T I O N For more information on this publication, visit www.rand.org/t/rr1335 Library of Congress Cataloging-in-Publication Data ISBN: 978-0-8330-9249-6 Published by the RAND Corporation, Santa Monica, Calif. © Copyright 2016 RAND Corporation R® is a registered trademark Cover Image: US President Barack Obama (R) checks hands with Chinese president Xi Jinping after a press conference in the Rose Garden of the White House September 25, 2015 in Washington, DC. President Obama is welcoming President Jinping during a state arrival ceremony. Photo by Olivier Douliery/ABACA (Sipa via AP Images). Limited Print and Electronic Distribution Rights This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited. Permission is given to duplicate this document for personal use only, as long as it is unaltered and complete. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial use. For information on reprint and linking permissions, please visit www.rand.org/pubs/permissions.html. The RAND Corporation is a research organization that develops solutions to public policy challenges to help make communities throughout the world safer and more secure, healthier and more prosperous. RAND is nonprofit, nonpartisan, and committed to the public interest. RAND’s publications do not necessarily reflect the opinions of its research clients and sponsors.
    [Show full text]
  • The Iranian Cyber Threat
    The Iranian Cyber Threat May 2021 0 Contents Introduction .............................................................................................................................................. 2 Cyber Retaliation ..................................................................................................................................... 2 Iran’s National Security Strategy .............................................................................................................. 4 Laying the Groundwork ........................................................................................................................... 5 Structure ................................................................................................................................................... 5 Defense ................................................................................................................................................... 6 Offense .................................................................................................................................................... 6 History of Iranian Cyber Attacks and Incidents ........................................................................................... 7 The Attacks .............................................................................................................................................. 8 Iranian Cyber Army .................................................................................................................................
    [Show full text]
  • THE PROTECTIVE STATE the PLANT FLOOR? the Evolving Role of Governments in Cybersecurity
    BROUGHT TO YOU BY THE VISIONEXPERTISE DELIVERED STRAIGHT FROM THE FRONTLINES OF CYBER ATTACKS PAGE 3 STATE OF THE NATIONS A global look at the rise in State sponsered cyber attacks in 2018 PAGE 4 A FINANCIAL STRONGHOLD How one bank is winning the war on cyber crime PAGE 6 WHAT ABOUT THE PROTECTIVE STATE THE PLANT FLOOR? The evolving role of Governments in cybersecurity different threats. With cybersecurity vital to a governments are not even the primary security POLITICAL properly functioning and prosperous economy, provider, such as when they don’t provide it is critical that governments take the lead, and close supervision of, or operational control The role of governments as their that this is recognized by its citizens. over, critical infrastructures operated by the nations’ primary provider of private sector. security against all threats is as So far, the 21st century has seen continued compelling as ever. Yet few still wide scale deregulation and privatisation, This changing global landscape shouldn’t Our six subversive concerns for with many nations’ critical infrastructure – in mean a lesser responsibility for governments industrial environments have difficulty in grasping the rapid increase in interconnectedness and sectors such as energy, transport, finance as legitimate providers of security, but rather and medicine – now in the hands of the that they should work to understand the interdependency to determine how private sector. These sectors are constantly changing world and their role within this new best to use a Regulate, Facilitate, under threat, not least because of increased environment of increasing interconnectedness. PAGE 8 FOLLOW Collaborate (RFC) model for the THE MONEY globalisation of societies and economies.
    [Show full text]
  • Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism
    Journal of Strategic Security Volume 6 Number 5 Volume 6, No. 3, Fall 2013 Supplement: Ninth Annual IAFIE Article 3 Conference: Expanding the Frontiers of Intelligence Education Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism Gary Adkins The University of Texas at El Paso Follow this and additional works at: https://scholarcommons.usf.edu/jss pp. 1-9 Recommended Citation Adkins, Gary. "Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism." Journal of Strategic Security 6, no. 3 Suppl. (2013): 1-9. This Papers is brought to you for free and open access by the Open Access Journals at Scholar Commons. It has been accepted for inclusion in Journal of Strategic Security by an authorized editor of Scholar Commons. For more information, please contact [email protected]. Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism This papers is available in Journal of Strategic Security: https://scholarcommons.usf.edu/jss/vol6/iss5/ 3 Adkins: Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism Gary Adkins Introduction The world has effectively exited the Industrial Age and is firmly planted in the Information Age. Global communication at the speed of light has become a great asset to both businesses and private citizens. However, there is a dark side to the age we live in as it allows terrorist groups to communicate, plan, fund, recruit, and spread their message to the world. Given the relative anonymity the Internet provides, many law enforcement and security agencies investigations are hindered in not only locating would be terrorists but also in disrupting their operations.
    [Show full text]
  • Ashley Deeks*
    ARTICLE An International Legal Framework for Surveillance ASHLEY DEEKS* Edward Snowden’s leaks laid bare the scope and breadth of the electronic surveillance that the U.S. National Security Agency and its foreign counterparts conduct. Suddenly, foreign surveillance is understood as personal and pervasive, capturing the communications not only of foreign leaders but also of private citizens. Yet to the chagrin of many state leaders, academics, and foreign citizens, international law has had little to say about foreign surveillance. Until recently, no court, treaty body, or government had suggested that international law, including basic privacy protections in human rights treaties, applied to purely foreign intelligence collection. This is now changing: Several UN bodies, judicial tribunals, U.S. corporations, and individuals subject to foreign surveillance are pressuring states to bring that surveillance under tighter legal control. This Article tackles three key, interrelated puzzles associated with this sudden transformation. First, it explores why international law has had so little to say about how, when, and where governments may spy on other states’ nationals. Second, it draws on international relations theory to argue that the development of new international norms regarding surveillance is both likely and essential. Third, it identifies six process-driven norms that states can and should adopt to ensure meaningful privacy restrictions on international surveillance without unduly harming their legitimate national security interests. These norms, which include limits on the use of collected data, periodic reviews of surveillance authorizations, and active oversight by neutral bodies, will increase the transparency, accountability, and legitimacy of foreign surveillance. This procedural approach challenges the limited emerging scholarship on surveillance, which urges states to apply existing — but vague and contested — substantive human rights norms to complicated, clandestine practices.
    [Show full text]
  • Potential Human Cost of Cyber Operations
    ICRC EXPERT MEETING 14–16 NOVEMBER 2018 – GENEVA THE POTENTIAL HUMAN COST OF CYBER OPERATIONS REPORT ICRC EXPERT MEETING 14–16 NOVEMBER 2018 – GENEVA THE POTENTIAL HUMAN COST OF CYBER OPERATIONS Report prepared and edited by Laurent Gisel, senior legal adviser, and Lukasz Olejnik, scientific adviser on cyber, ICRC THE POTENTIAL HUMAN COST OF CYBER OPERATIONS Table of Contents Foreword............................................................................................................................................. 3 Acknowledgements ............................................................................................................................. 4 Executive summary ............................................................................................................................. 5 Introduction....................................................................................................................................... 10 Session 1: Cyber operations in practice .………………………………………………………………………….….11 A. Understanding cyber operations with the cyber kill chain model ...................................................... 11 B. Operational purpose ................................................................................................................. 11 C. Trusted systems and software supply chain attacks ...................................................................... 13 D. Cyber capabilities and exploits ..................................................................................................
    [Show full text]