DOCSLIB.ORG

Was Stuxnet an Act of War? Jânis Jansons

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

4. LESSONS LEARNED AND CONFLICTS HISTORY WAS STUXNET AN ACT OF WAR? JÂNIS JANSONS ABSTRACT DOI: 10.26410/SF 1/17/11 Modern societies live in the complex and fragile infor­ mation environment, in which data processing and ex­ change grow exponentially. Different digital computer­ ized systems support most of key infrastructures like financial systems, power and water supplies, air traffic management, public and military communications. To increase accessibility to those systems in the informa­ tion domain, it requires interoperability and interconnec­ tivity which makes them complex to maintain and vulner­ able to cyber-attacks/intrusions. The Internet is an own­ erless, ubiquitous and open to all information exchange domains which can shape the international relations through the cyber domain and there is no international entity that can control and affect the data flow. Each country has its own legislation to react and influence local users through Internet service providers and only close cooperation among the states can help to identify and prevent illegal activities against other states as well as support foreign countries during investigations. The JANIS JANSONS1 paper will uncover how cyber weapon was used to in­ [email protected] fluence state struggling, becoming a nuclear power for the first time. It is divided into two parts to explain the Baltic Defence College, essence of the act of war and cyberspace to understand Tartu. Estonia the environment where Stuxnet was applied. Next it will focus on impact and reaction of Stuxnet in order to ana­ Opinions expressed by the authoi lyse its utilization within cyberspace. are his own views and they do no1 reflect in any way the official policy or position of the Baltic Defence KEY WORDS College, or the governments of Cybersecurity, Internet, Stuxnet, act of war. Estonia, Latvia or Lithuania. Introduction Modern society lives in the complex and accessibility to those systems in the infor­ fragile information environment in which mation domain, it requires interoperability data processing and exchange grow ex­ and interconnectivity which makes them ponentially. Different digital computerized complex to maintain and vulnerable to cy­ systems support most of key infrastruc­ ber attacks/intrusions. Furthermore, this tures like financial systems, power and wa­ new reality of information exchange shows ter supplies, air traffic management, public that societies highly depend on information and military communications. To increase and communication technologies, which oftj 4.2. LESSONS LEARNED AND CONFLICTS HISTORY are interconnected in one global network action with possible future consequences. named the Internet. This addiction to the In­ To argue this statement, this paper is di­ ternet is a major source of vulnerability and vided into two parts, where the first part will full control over the information domain in explain the essence of two terms - an act of these conditions is almost impossible. So, war and cyberspace to understand the en­ somebody could use those vulnerabilities vironment where Stuxnet was applied. The to breach national security and influence second part will focus more on an impact an economic, political and social situation and reaction of Stuxnet in order to deter­ in other countries. mine it. The Internet is an ownerless, ubiquitous and open to all information exchange do­ An act of war and mains, which can shape the international cyberspace relations through the cyber field. The Inter­ The phrase 'Act of war' is characterised net is a computer network that uses stand­ as a political term rather than a military or ardized protocols to interconnect states, legal one (Nakashima E., 2012). This term organizations and individuals worldwide. is used in an international environment Neither states nor organizations, nor sin­ by politicians in situations where it was gle persons are the owners of the Internet. a violent and non-violent act. Terrorist at­ While there is one non-profit organization tacks (Cella M., 2015), key leader killings which simply manages Internet protocol (Strange H., 2013), shooting down airplane numbers and the Domain Name System during peace time (Vinogradov D., 2015), root, and the others provide a piece of in­ the blockade of sea lines of communication frastructure just to be part of the Internet. (Global Research, 2015), imposing eco­ There is no international entity that can con­ nomic sanctions (Saundersaug P.J., 2014), trol and affect the data flow. Each country cyber-attack (Gorman S., and Barnes E.J., has its own legislation to react and influ­ 2011) etc., have motivated politicians to ence local users through Internet service use the phrase 'an act of war'. This term providers. Only close cooperation among does not have a standard definition world­ the states can help to identify and prevent wide and its application to cyber incidence illegal activities against other states as well seems to be questionable. However, there as support foreign countries during investi­ is a country which defines them as 'acts of gations. So, the states' political willingness war'. For example, the United States (U.S.) to cooperate in the cyberspace shapes to prevent possible cyber Pearl Harbor (Sti- dialogue internationally. However, there ennon, R., 2015) came to the conclusion are some fuzzy cases where some cyber that cyber-attacks originating from another activities originating in one state that are country can be interpreted as an 'act of war' against another state critical infrastructure to counter using all kinds of military force could be interpreted as an act of war or (Gorman S., and Barnes E.J., 2011). How­ a covert action. ever, the international law avoids the term This paper will uncover how cyber weap­ 'an act of war' in favour of other phrases on was used to influence state struggling, like 'illegal intervention', 'the use of force', becoming a nuclear power for the first 'armed attack', or 'an act of aggression'. For time. Was the use of cyber weapon an act example, an act of aggression includes of war? This paper will claim that Stuxnet more serious uses of force and armed at­ was not an act of war, but rather a covert tack, whereas all uses of force are not only 110 W A S STUXNET AN ACT OF WAR? njbj armed attacks, but could also be illegal in­ ematician and philosopher Wiener (1985) terventions (Fidler D.P, 2011). Despite those introduced the first application of cyber as definitions, legal experts Charles Dunlap, 'cybernetic - the entire field of control and a retired Air Force Major General and pro­ communication theory, whether in the ma­ fessor at Duke University law school, or chine or in the animal'. In the initial stages retired Gen. James Cartwright, former vice of technology development, the term cyber chairman of the Joint Chiefs of Staff argue relates originally to data processing and that only the president and Congress in intercommunication activities or it can be the U.S. could decide that the social or fi­ called the 'Wiener component' of cyber­ nancial impairment is sufficient to consider space definition. However, in later years, a cyber-attack as an act of war (Nakashima a word cyber was used so to emphasize E., 2011). So, the use of this term depends another environment in networks and com­ on the leaders of the targeted country, who puters rather than physical appearance. would decide whether or not to respond Secondly, a prefix cyber is basically ex­ with military force to cyber-attacks. As ploited as the part of a composite word, a result, the phrase 'an act of war' becomes then it is used as a single term. A com­ more political. If it is so, then what could pound word, for instance cyberspace could be the trigger for politicians in cyberspace be considered in order to obtain a meta­ to respond militarily? For this reason, it is physical or meaningful definition. Without important to understand cyberspace. knowing about computers and the Internet, Cyberspace, like the term 'act of war' a speculative fiction novelist and essayist has no single internationally recognised Gibson (1984) in his novel Neuromancer in­ definition. Cyberspace is a revolution­ troduced for first time the word cyberspace ary human-made, ubiquitous, networked, as 'a consensual hallucination' on the com­ and virtual environment which seems to puterized network. That means its appear­ be driven by swift electronic communica­ ance provides any kind of physical medium. tion and progress in information technol­ This could lead to the feeling of outside of ogy. This is a possible way of explaining physical reality, which is more related to cyberspace in own words. In spite of this 'Gibson's component' of cyberspace defi­ innovative sketch, the overall definitions nition. Seamlessly using the advantages of of cyberspace are disputable (Ottis and new technologies, human beings tend to Lorents, 2010). Therefore, trying to find believe in the existence of such an environ­ an exact, perfectly expressed definition ment. This stimulates the search for a com­ of cyberspace seems to be impossible. It prehensive and coherent definition, where is therefore more prudent to stick to one actors are the key element to interact in this definition and to analyse step-by-step what environment. these separate components are. The lack of security in cyberspace offers Firstly, it is important to examine some an opportunity for a wide range of actors historical background of wording, which like in social -physical space, where per­ could be the main milestone of further sons have various reasons and capabilities definitions. The term cyber appears to be to challenge law enforcement. Originally, the Greek word kybernetes, which means unauthorized actors in cyberspace were steersman or the governor. So, in 1948, cyber criminals, whose strong intent was to appreciate the Maxwell control loop to gain financial benefits; blackmailers, feedback mechanism, the famous math­ who used evidence to intimate key leaders, 111 oftj 4.2.
Recommended publications
  • Recent Developments in Cybersecurity Melanie J

    Recent Developments in Cybersecurity Melanie J

    American University Business Law Review Volume 2 | Issue 2 Article 1 2013 Fiddling on the Roof: Recent Developments in Cybersecurity Melanie J. Teplinsky Follow this and additional works at: http://digitalcommons.wcl.american.edu/aublr Part of the Law Commons Recommended Citation Teplinsky, Melanie J. "Fiddling on the Roof: Recent Developments in Cybersecurity." American University Business Law Review 2, no. 2 (2013): 225-322. This Article is brought to you for free and open access by the Washington College of Law Journals & Law Reviews at Digital Commons @ American University Washington College of Law. It has been accepted for inclusion in American University Business Law Review by an authorized administrator of Digital Commons @ American University Washington College of Law. For more information, please contact [email protected]. ARTICLES FIDDLING ON THE ROOF: RECENT DEVELOPMENTS IN CYBERSECURITY MELANIE J. TEPLINSKY* TABLE OF CONTENTS Introduction .......................................... ..... 227 I. The Promise and Peril of Cyberspace .............. ........ 227 II. Self-Regulation and the Challenge of Critical Infrastructure ......... 232 III. The Changing Face of Cybersecurity: Technology Trends ............ 233 A. Mobile Technology ......................... 233 B. Cloud Computing ........................... ...... 237 C. Social Networking ................................. 241 IV. The Changing Face of Cybersecurity: Cyberthreat Trends ............ 244 A. Cybercrime ................................. ..... 249 1. Costs of Cybercrime
  • What Every CEO Needs to Know About Cybersecurity

    What Every CEO Needs to Know About Cybersecurity

    What Every CEO Needs to Know About Cybersecurity Decoding the Adversary AT&T Cybersecurity Insights Volume 1 AT&T Cybersecurity Insights: Decoding the Adversary 1 Contents 03 Letter from John Donovan Senior Executive Vice President AT&T Technology and Operations 04 Executive Summary 05 Introduction 07 Outsider Threats 15 Looking Ahead: Outsider Threats 16 Best Practices: Outsiders 18 Insider Threats 24 Looking Ahead: New Potential Threats 25 Looking Ahead: Emerging Risks 26 Best Practices: Malicious Insiders 27 Best Practices: Unintentional Insiders 28 Moving Forward 32 Conclusion 33 Know the Terms For more information: Follow us on Twitter @attsecurity 35 End Notes and Sources Visit us at: Securityresourcecenter.att.com © 2015 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T Globe logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. The information contained herein is not an offer, commitment, representation or warranty by AT&T and is subject to change. 2 ATT.com/network-security Business leader, Welcome to the inaugural issue of AT&T Cybersecurity Insights, a comprehensive look at our analysis and findings from deep inside AT&T’s network operations groups, outside research firms, and network partners. This first issue, “Decoding the Adversary,” focuses on whether or not you and your board of directors are doing enough to protect against cyber threats. Security is not simply a CIO, CSO, or IT department issue. Breaches, leaked documents, and cybersecurity attacks impact stock prices and competitive edge. It is a responsibility that must be shared amongst all employees, and CEOs and board members must proactively mitigate future challenges.
  • OASD Satellite Engagement Communications Plan (Feb

    OASD Satellite Engagement Communications Plan (Feb

    The University of Mississippi School of Law The National Center for Remote Sensing, Air, and Space Law Informational resources on the legal aspects of human activities using aerospace technologies USA-193: Selected Documents Compiled by P.J. Blount P.J. Blount, editor Joanne Irene Gabrynowicz, editor This page intentionally left blank. Disclaimer The information contained in this compilation represents information as of February 20, 2009. It does not constitute legal representation by the National Center for Remote Sensing, Air, and Space Law (Center), its faculty or staff. Before using any information in this publication, it is recommended that an attorney be consulted for specific legal advice. This publication is offered as a convenience to the Center's readership. The documents contained in this publication do not purport to be official copies. Some pages have sections blocked out. These blocked sections do not appear in the original documents. Blocked out sections contain information wholly unrelated to the space law materials intended to be compiled. The sections were blocked out by the Center's faculty and staff to facilitate focus on the relevant materials. i National Center for Remote Sensing, Air, and Space Law Founded in 1999, the National Center for Remote Sensing, Air, and Space Law is a reliable source for creating, gathering, and disseminating objective and timely remote sensing, space, and aviation legal research and materials. The Center serves the public good and the aerospace industry by addressing and conducting education and outreach activities related to the legal aspects of aerospace technologies to human activities. Faculty and Staff Prof. Joanne Irene Gabrynowicz, Director Prof.
  • Cyberattack Attribution

    Cyberattack Attribution

    CYBERATTACK ATTRIBUTION A BLUEPRINT FOR PRIVATE SECTOR LEADERSHIP RESEARCH FELLOWS SENIOR RESEARCH FELLOWS Justin Collins Allison Anderson Cameron Evans Stacia Lee Chris Kim Kayley Knopf FACULTY LEAD Selma Sadzak Jessica Beyer Nicholas Steele Julia Summers Alison Wendler This report is a product of the Applied Research Program in the Henry M. Jackson School of International Studies at the University of Washington. The Applied Research Program matches teams of top-achieving Jackson School students with private and public sector organizations seeking dynamic, impactful, and internationally-minded analyses to support their strategic and operational objectives. For more information about the Applied Research Program please contact us at [email protected]. Executive Summary After three decades of development, adoption, and innovation, the Internet stands at the core of modern society. The same network that connects family and friends across the world similarly ties together all aspects of daily life, from the functioning of the global economy to the operation of governments. The digitization of daily life is the defining feature of the 21st century. While the pervasiveness of Internet-enabled technology brings significant benefits, it also brings serious threats—not only to our economy and safety, but also to our trust in computer systems.1 The Internet is central to modern life, yet major state-sponsored cyberattacks persist in disrupting Internet access and function. These attacks undermine faith in government and public trust in democratic institutions. Attribution attempts to date have been unable to deter states from building malicious code for even greater destructive capabilities. In response, we propose the formation of an attribution organization based on international private sector coordination.
  • The 2014 Sony Hack and the Role of International Law

    The 2014 Sony Hack and the Role of International Law

    The 2014 Sony Hack and the Role of International Law Clare Sullivan* INTRODUCTION 2014 has been dubbed “the year of the hack” because of the number of hacks reported by the U.S. federal government and major U.S. corporations in busi- nesses ranging from retail to banking and communications. According to one report there were 1,541 incidents resulting in the breach of 1,023,108,267 records, a 78 percent increase in the number of personal data records compro- mised compared to 2013.1 However, the 2014 hack of Sony Pictures Entertain- ment Inc. (Sony) was unique in nature and in the way it was orchestrated and its effects. Based in Culver City, California, Sony is the movie making and entertain- ment unit of Sony Corporation of America,2 the U.S. arm of Japanese electron- ics company Sony Corporation.3 The hack, discovered in November 2014, did not follow the usual pattern of hackers attempting illicit activities against a business. It did not specifically target credit card and banking information, nor did the hackers appear to have the usual motive of personal financial gain. The nature of the wrong and the harm inflicted was more wide ranging and their motivation was apparently ideological. Identifying the source and nature of the wrong and harm is crucial for the allocation of legal consequences. Analysis of the wrong and the harm show that the 2014 Sony hack4 was more than a breach of privacy and a criminal act. If, as the United States maintains, the Democratic People’s Republic of Korea (herein- after North Korea) was behind the Sony hack, the incident is governed by international law.
  • Issue No. 486 AUGUST 2021

    Issue No. 486 AUGUST 2021

    Issue Brief ISSUE NO. 486 AUGUST 2021 © 2021 Observer Research Foundation. All rights reserved. No part of this publication may be reproduced, copied, archived, retained or transmitted through print, speech or electronic media without prior written approval from ORF. The Limits of Military Coercion in Halting Iran’s Nuclear Weapons Programme Kunal Singh Abstract Israel believes that the use of force is essential to stopping Iran from making the nuclear bomb. A vocal section of the strategic affairs community in the United States agrees with the proposition. This brief argues that military means are unlikely to sabotage the nuclear weapons programme of an advanced-stage bomb-seeker like Iran. Moreover, use of force could be counterproductive as it can incentivise Iran’s pursuit of the bomb, and it may erode the confidence required for diplomatic negotiations that can possibly help cease the weapons programme. Attribution: Kunal Singh, “The Limits of Military Coercion in Halting Iran’s Nuclear Weapons Programme,” ORF Issue Brief No. 486, August 2021, Observer Research Foundation. 01 n early April in Vienna, the Biden administration initiated efforts with Iran to reinstate the Joint Comprehensive Plan of Action (JCPOA), more commonly known as the Iran nuclear deal, from which the United States (US) had exited during the tenure of former US President Donald Trump. A week later, an explosion at Iran’s Natanz uranium enrichment Ifacility caused a power blackout. Israel, the state most vocally opposed to the JCPOA, is widely believed to have
  • Iran: Recent Incidents Likely a Coordinated String of Deliberate Attacks

    Iran: Recent Incidents Likely a Coordinated String of Deliberate Attacks

    The Cambridge Security Initiative IRAN: RECENT INCIDENTS LIKELY A COORDINATED STRING OF DELIBERATE ATTACKS JULY 2020 Richard C. Baffa Since early May, Iranian critical infrastructure and national security facilities have been subject to at least nine fires, explosions, and apparent cyberattacks; eight of these have taken place since 26 June. The nature of the targets and the short period of time in which they have occurred is unprecedented, strongly pointing to deliberate attacks and/or sabotage. Tehran has downplayed many of the incidents as accidents, but unofficially blamed the United States, Israel, and an unnamed Arab state (likely Saudi Arabia and/or the United Arab Emirates), and has vowed to retaliate. Two of the sites, the Natanz enrichment facility and Khojir military base, are highly secure national security facilities, harbouring sensitive nuclear and ballistic missile capabilities, including the IR-4 and IR-6 generation of modern centrifuges. At Natanz, an explosion and fire damaged a new, high-value centrifuge production/assembly plant on 2 July; the building is adjacent to underground fuel production facilities where the U.S. and Israel conducted the Stuxnet cyberattack a decade ago. An unnamed Middle Eastern intelligence official claimed Israel was responsible, using a powerful bomb. On 26 June, another explosion took place at Khojir missile production site, a highly secretive facility for missile engines and propellant development and testing near Tehran. In addition, on 10 July, local witnesses in Garmdarreh, west of Tehran, reported a series of explosions followed by widespread power outages. Multiple reports claimed the explosions occurred at Islamic Revolutionary Guard Corps (IRGC) missile depots, possibly the Islam IRGC Aerospace military base; there are also other military facilities, a chemical weapons research site, and power plants in the area.
  • Attack on Sony 2014 Sammy Lui

    Attack on Sony 2014 Sammy Lui

    Attack on Sony 2014 Sammy Lui 1 Index • Overview • Timeline • Tools • Wiper Malware • Implications • Need for physical security • Employees – Accomplices? • Dangers of Cyberterrorism • Danger to Other Companies • Damage and Repercussions • Dangers of Malware • Defense • Reparations • Aftermath • Similar Attacks • Sony Attack 2011 • Target Attack • NotPetya • Sources 2 Overview • Attack lead by the Guardians of Peace hacker group • Stole huge amounts of data from Sony’s network and leaked it online on Wikileaks • Data leaks spanned over a few weeks • Threatening Sony to not release The Interview with a terrorist attack 3 Timeline • 11/24/14 - Employees find Terabytes of data stolen from computers and threat messages • 11/26/14 - Hackers post 5 Sony movies to file sharing networks • 12/1/14 - Hackers leak emails and password protected files • 12/3/14 – Hackers leak files with plaintext credentials and internal and external account credentials • 12/5/14 – Hackers release invitation along with financial data from Sony 4 Timeline • 12/07/14 – Hackers threaten several employees to sign statement disassociating themselves with Sony • 12/08/14 - Hackers threaten Sony to not release The Interview • 12/16/14 – Hackers leaks personal emails from employees. Last day of data leaks. • 12/25/14 - Sony releases The Interview to select movie theaters and online • 12/26/14 –No further messages from the hackers 5 Tools • Targeted attack • Inside attack • Wikileaks to leak data • The hackers used a Wiper malware to infiltrate and steal data from Sony employee
  • The Iranian Cyber Threat

    The Iranian Cyber Threat

    The Iranian Cyber Threat May 2021 0 Contents Introduction .............................................................................................................................................. 2 Cyber Retaliation ..................................................................................................................................... 2 Iran’s National Security Strategy .............................................................................................................. 4 Laying the Groundwork ........................................................................................................................... 5 Structure ................................................................................................................................................... 5 Defense ................................................................................................................................................... 6 Offense .................................................................................................................................................... 6 History of Iranian Cyber Attacks and Incidents ........................................................................................... 7 The Attacks .............................................................................................................................................. 8 Iranian Cyber Army .................................................................................................................................
  • Duqu the Stuxnet Attackers Return

    Duqu the Stuxnet Attackers Return

    Uncovering Duqu The Stuxnet Attackers Return Nicolas Falliere 4/24/2012 Usenix Leet - San Jose, CA 1 Agenda 1 Revisiting Stuxnet 2 Discovering Duqu 3 Inside Duqu 4 Weird, Wacky, and Unknown 5 Summary 2 Revisiting Stuxnet 3 Key Facts Windows worm discovered in July 2010 Uses 7 different self-propagation methods Uses 4 Microsoft 0-day exploits + 1 known vulnerability Leverages 2 Siemens security issues Contains a Windows rootkit Used 2 stolen digital certificates Modified code on Programmable Logic Controllers (PLCs) First known PLC rootkit 4 Cyber Sabotage 5 Discovering Duqu 6 Boldi Bencsath Announce (CrySyS) emails: discovery and “important publish 25 page malware Duqu” paper on Duqu Boldi emails: Hours later the “DUQU DROPPER 7 C&C is wiped FOUND MSWORD 0DAY INSIDE” Inside Duqu 8 Key Facts Duqu uses the same code as Stuxnet except payload is different Payload isn‟t sabotage, but espionage Highly targeted Used to distribute infostealer components Dropper used a 0-day (Word DOC w/ TTF kernel exploit) Driver uses a stolen digital certificate (C-Media) No self-replication, but can be instructed to copy itself to remote machines Multiple command and control servers that are simply proxies Infections can serve as peers in a peer-to-peer C&C system 9 Countries Infected Six organizations, in 8 countries confirmed infected 10 Architecture Main component A large DLL with 8 or 6 exports and 1 main resource block Resource= Command & Control module Copies itself as %WINDIR%\inf\xxx.pnf Injected into several processes Controlled by a Configuration Data file Lots of similarities with Stuxnet Organization Code Usual lifespan: 30 days Can be extended 11 Installation 12 Signed Drivers Some signed (C-Media certificate) Revoked on October 14 13 Command & Control Module Communication over TCP/80 and TCP/443 Embeds protocol under HTTP, but not HTTPS Includes small blank JPEG in all communications Basic proxy support Complex protocol TCP-like with fragments, sequence and ack.
  • View Final Report (PDF)

    View Final Report (PDF)

    TABLE OF CONTENTS TABLE OF CONTENTS I EXECUTIVE SUMMARY III INTRODUCTION 1 GENESIS OF THE PROJECT 1 RESEARCH QUESTIONS 1 INDUSTRY SITUATION 2 METHODOLOGY 3 GENERAL COMMENTS ON INTERVIEWS 5 APT1 (CHINA) 6 SUMMARY 7 THE GROUP 7 TIMELINE 7 TYPOLOGY OF ATTACKS 9 DISCLOSURE EVENTS 9 APT10 (CHINA) 13 INTRODUCTION 14 THE GROUP 14 TIMELINE 15 TYPOLOGY OF ATTACKS 16 DISCLOSURE EVENTS 18 COBALT (CRIMINAL GROUP) 22 INTRODUCTION 23 THE GROUP 23 TIMELINE 25 TYPOLOGY OF ATTACKS 27 DISCLOSURE EVENTS 30 APT33 (IRAN) 33 INTRODUCTION 34 THE GROUP 34 TIMELINE 35 TYPOLOGY OF ATTACKS 37 DISCLOSURE EVENTS 38 APT34 (IRAN) 41 INTRODUCTION 42 THE GROUP 42 SIPA Capstone 2020 i The Impact of Information Disclosures on APT Operations TIMELINE 43 TYPOLOGY OF ATTACKS 44 DISCLOSURE EVENTS 48 APT38 (NORTH KOREA) 52 INTRODUCTION 53 THE GROUP 53 TIMELINE 55 TYPOLOGY OF ATTACKS 59 DISCLOSURE EVENTS 61 APT28 (RUSSIA) 65 INTRODUCTION 66 THE GROUP 66 TIMELINE 66 TYPOLOGY OF ATTACKS 69 DISCLOSURE EVENTS 71 APT29 (RUSSIA) 74 INTRODUCTION 75 THE GROUP 75 TIMELINE 76 TYPOLOGY OF ATTACKS 79 DISCLOSURE EVENTS 81 COMPARISON AND ANALYSIS 84 DIFFERENCES BETWEEN ACTOR RESPONSE 84 CONTRIBUTING FACTORS TO SIMILARITIES AND DIFFERENCES 86 MEASURING THE SUCCESS OF DISCLOSURES 90 IMPLICATIONS OF OUR RESEARCH 92 FOR PERSISTENT ENGAGEMENT AND FORWARD DEFENSE 92 FOR PRIVATE CYBERSECURITY VENDORS 96 FOR THE FINANCIAL SECTOR 96 ROOM FOR FURTHER RESEARCH 97 ACKNOWLEDGEMENTS 98 ABOUT THE TEAM 99 SIPA Capstone 2020 ii The Impact of Information Disclosures on APT Operations EXECUTIVE SUMMARY This project was completed to fulfill the including the scope of the disclosure and capstone requirement for Columbia Uni- the disclosing actor.
  • Reimagining US Strategy in the Middle East

    Reimagining US Strategy in the Middle East

    REIMAGININGR I A I I G U.S.S STRATEGYT A E Y IIN THET E MMIDDLED L EEASTS Sustainable Partnerships, Strategic Investments Dalia Dassa Kaye, Linda Robinson, Jeffrey Martini, Nathan Vest, Ashley L. Rhoades C O R P O R A T I O N For more information on this publication, visit www.rand.org/t/RRA958-1 Library of Congress Cataloging-in-Publication Data is available for this publication. ISBN: 978-1-9774-0662-0 Published by the RAND Corporation, Santa Monica, Calif. 2021 RAND Corporation R® is a registered trademark. Cover composite design: Jessica Arana Image: wael alreweie / Getty Images Limited Print and Electronic Distribution Rights This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited. Permission is given to duplicate this document for personal use only, as long as it is unaltered and complete. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial use. For information on reprint and linking permissions, please visit www.rand.org/pubs/permissions. The RAND Corporation is a research organization that develops solutions to public policy challenges to help make communities throughout the world safer and more secure, healthier and more prosperous. RAND is nonprofit, nonpartisan, and committed to the public interest. RAND’s publications do not necessarily reflect the opinions of its research clients and sponsors. Support RAND Make a tax-deductible charitable contribution at www.rand.org/giving/contribute www.rand.org Preface U.S.