DOCSLIB.ORG

Covert Action and Cyber Offensive Operations: Revisiting Traditional Approaches in Light of New Technology

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Covert Action and Cyber Offensive Operations: Revisiting Traditional Approaches in Light of New Technology Covert Action and Cyber Offensive Operations: Revisiting Traditional Approaches in Light of New Technology WILLIAM ROBERT CARRUTHERS Submitted in Partial Fulfilment of the Requirements of the Degree of Doctor of Philosophy University of Salford, School of Arts and Media 2018 TABLE OF CONTENTS FIGURE LIST ______________________________________________________ VI ACKNOWLEDGMENTS ____________________________________________ VII ABSTRACT ______________________________________________________ VIII INTRODUCTION ____________________________________________________ 1 RESEARCH AIMS ____________________________________________________ 8 LITERATURE REVIEW _________________________________________________ 9 METHODOLOGY AND SOURCES ________________________________________ 15 Interviews ______________________________________________________ 19 Newspaper Articles _______________________________________________ 21 Official Primary Documents: Contemporary and Archived ________________ 23 Leaks __________________________________________________________ 24 Cyber Security Reports ____________________________________________ 28 STRUCTURE OF THE THESIS ___________________________________________ 28 CYBER OFFENSIVE OPERATIONS AND COVERT ACTION ______________ 31 CYBER OFFENSIVE OPERATIONS ARE NOT CYBER WAR. _____________________ 32 UNDERSTANDING COVERT ACTION _____________________________________ 50 CYBER OFFENSIVE OPERATIONS AND COVERT ACTION: A COMPARISON ________ 54 CONCLUSION ______________________________________________________ 60 COVERT ACTION AND CYBER OFFENSIVE OPERATIONS: A COMPARISON BETWEEN PROPAGANDA ACTIVITIES. _______________________________ 61 TRADITIONAL COVERT ACTION: PROPAGANDA ____________________________ 66 CYBER OFFENSIVE OPERATIONS: PROPAGANDA ___________________________ 72 DIRECT COUNTER PROPAGANDA _______________________________________ 86 COMPARISON ______________________________________________________ 88 CONCLUSION ______________________________________________________ 90 ii COVERT ACTION AND CYBER OFFENSIVE OPERATIONS: A COMPARISON BETWEEN POLITICAL ACTIVITIES. __________________________________ 92 TRADITIONAL COVERT ACTION: POLITICAL ACTIVITIES _____________________ 93 CYBER OFFENSIVE OPERATIONS POLITICAL OPERATIONS ____________________ 98 Defacement _____________________________________________________ 99 Stopping websites from working ___________________________________ 100 Publication Operations ___________________________________________ 102 Target and Retaliation ____________________________________________ 104 Resentment Campaign and Misinformation Campaign __________________ 106 Voting Systems _________________________________________________ 109 Complete Operations ____________________________________________ 110 Other Elections _________________________________________________ 115 COMPARISON _____________________________________________________ 116 CONCLUSION _____________________________________________________ 117 COVERT ACTION AND CYBER OFFENSIVE OPERATIONS: A COMPARISON BETWEEN ECONOMIC AND PARAMILITARY OPERATIONS ___________ 119 TRADITIONAL COVERT ACTION: ECONOMIC ACTIVITIES ____________________ 120 CYBER OFFENSIVE OPERATIONS: ECONOMIC OPERATIONS __________________ 122 Denial of service ________________________________________________ 123 Targeting Individual or Group of Bank Accounts ______________________ 125 Targeting Business Accounts ______________________________________ 127 Stopping a business or banks from working ___________________________ 128 The Effects of Hacks _____________________________________________ 129 Cyber Heist ____________________________________________________ 130 Spreading of information _________________________________________ 131 TRADITIONAL COVERT ACTION: PARAMILITARY __________________________ 133 HIGH-END CYBER OFFENSIVE OPERATIONS _____________________________ 137 iii Individual Operations ____________________________________________ 137 Stopping Government or Organisations Systems from Working ___________ 139 Assassinations __________________________________________________ 140 Targeting Critical National Infrastructure ____________________________ 141 COMPARISON _____________________________________________________ 149 CONCLUSION _____________________________________________________ 150 COVERT ACTION, CYBER OFFENSIVE OPERATION, AND ORGANISATION __________________________________________________________________ 153 CYBER OFFENSIVE OPERATIONS ARE NOT A FORM OF COVERT ACTION ________ 153 ORGANISATION ___________________________________________________ 159 CONCLUSION _____________________________________________________ 175 ETHICS AND COVERT ACTION _____________________________________ 176 THE IMPORTANCE OF ETHICS _________________________________________ 179 JUST WAR THEORY AND COVERT ACTION _______________________________ 181 LADDER OF ESCALATION ____________________________________________ 198 OTHER ETHICAL ISSUES _____________________________________________ 199 CONCLUSION _____________________________________________________ 201 CONCLUSION _____________________________________________________ 203 FURTHER RESEARCH _______________________________________________ 214 BIBLIOGRAPHY ___________________________________________________ 216 PRIMARY SOURCES: THE EDWARD SNOWDEN DOCUMENTS (ALL ACCESSED VIA SNOWDEN SURVEILLANCE ARCHIVE, OR EDWARDSNOWDEN.COM) ____________ 216 PRIMARY SOURCES: LEAKED DOCUMENTS, OTHER THAN EDWARD SNOWDEN ___ 217 PRIMARY SOURCES: HEARINGS, DEBATES, PUBLIC INTERVIEWS, AND SPEECHES _ 217 PRIVATE ORGANISATION REPORTS ____________________________________ 218 PUBLISHED PRIMARY SOURCES: DIARIES, MEMOIRS, AND AUTOBIOGRAPHY ____ 218 PUBLISHED PRIMARY SOURCES: THE NATIONAL ARCHIVES (UK) _____________ 219 iv PUBLISHED PRIMARY SOURCES: THE NATIONAL SECURITY ARCHIVE (US) _____ 219 PUBLISHED PRIMARY SOURCES: OTHER ARCHIVES ________________________ 219 PUBLISHED PRIMARY SOURCES: TRANSNATIONAL ORGANISATIONS DOCUMENTS 219 PUBLISHED PRIMARY SOURCES: UNITED KINGDOM GOVERNMENT ____________ 220 PUBLISHED PRIMARY SOURCES: UNITED STATES OF AMERICA GOVERNMENT ___ 220 MEDIA SOURCES __________________________________________________ 222 SECONDARY WORKS: ARTICLES AND PAPERS ____________________________ 236 SECONDARY WORKS: BOOKS AND THESES ______________________________ 242 v Figure List Figure 1: Triangulation of Sources. ______________________________________ 19 Figure 3: Mark Lowenthal’s Covert Action Ladder. _________________________ 64 Figure 4: GCHQ’s Effects Hierarchy. ____________________________________ 65 Figure 4: Mark Lowenthal’s Covert Action Ladder. ________________________ 156 Figure 5: New Covert Action Ladder. ___________________________________ 157 vi Acknowledgments The author would like to thank his supervisory team Dr Samantha Newbery and Professor Alaric Searle without whom this would not have been possible. The author would also like to thank the Snowden Surveillance Archive, Edwardsnowden.com, and the National Security Archive for allowing people to access documents online free of charge. Finally the author would like to thank his family for helping him throughout the Ph.D, especially Andrea Carruthers who helped him so much to cross the finishing line with the thesis. vii Abstract Over the last three years a number of significant, alleged cyber offensive operations have taken place: the North Korean operations against Sony Pictures in 2014; the BlackEnergy3 Virus which targeted Ukrainian power substations in 2015; and the cyber offensive operations that were designed to influence recent presidential elections. This thesis will investigate whether these types of operations are new or similar to activities that took place in the twentieth century, especially during the Cold War, termed ‘covert action’. Focusing on the US and British experience, and using a comparative methodology, this study will compare covert action and cyber offensive operations. It will achieve this by addressing what covert action is and what forms it takes; this will then be employed in the analysis of cyber offensive operations. The thesis seeks to establish a clear relationship between these two forms of state tactics employed against state and non-state actors. It argues that although the two forms of behaviour are linked, there is a need to modify the existing understanding of covert action; this will allow, in turn, a clearer understanding of the nature of cyber offensive operations to be developed. It is concluded that there is a need to re-examine the organisational structures of covert action, including ethical dimensions, in relation to cyber operations. viii Introduction The aim of this thesis is to establish if there is a relationship between covert action and cyber operations. If such a relationship exists, the thesis will seek to understand it. Covert action is defined as ‘an activity or activities … to influence political, economic, or military conditions abroad where the role of the … government will not be apparent or acknowledged publicly’. 1 It has been argued that covert action is used outside of a war.2 ‘Cyber operations’ according to the United States of America (US) government is a collective term referring to cyber intelligence (cyber espionage), offensive use of cyber operations, and cyber defence (defence against intelligence gathering and cyber offensive operations).3 However this thesis will focus on the offensive use of cyber operations that the US defined as Offensive Cyber Effects Operations (OCEO). It was argued by the US that OCEO were operations
Load more

Recommended publications
  • Country of Origin Information Report Syria June 2021
    Country of origin information report Syria June 2021 Page 1 of 102 Country of origin information report Syria | June 2021 Publication details City The Hague Assembled by Country of Origin Information Reports Section (DAF/AB) Disclaimer: The Dutch version of this report is leading. The Ministry of Foreign Affairs of the Netherlands cannot be held accountable for misinterpretations based on the English version of the report. Page 2 of 102 Country of origin information report Syria | June 2021 Table of contents Publication details ............................................................................................2 Table of contents ..........................................................................................3 Introduction ....................................................................................................5 1 Political and security situation .................................................................... 6 1.1 Political and administrative developments ...........................................................6 1.1.1 Government-held areas ....................................................................................6 1.1.2 Areas not under government control. ............................................................... 11 1.1.3 COVID-19 ..................................................................................................... 13 1.2 Armed groups ............................................................................................... 13 1.2.1 Government forces .......................................................................................
    [Show full text]
  • Special Forces' Wear of Non-Standard Uniforms*
    Special Forces’ Wear of Non-Standard Uniforms* W. Hays Parks** In February 2002, newspapers in the United States and United Kingdom published complaints by some nongovernmental organizations (“NGOs”) about US and other Coalition special operations forces operating in Afghanistan in “civilian clothing.”1 The reports sparked debate within the NGO community and among military judge advocates about the legality of such actions.2 At the US Special Operations Command (“USSOCOM”) annual Legal Conference, May 13–17, 2002, the judge advocate debate became intense. While some attendees raised questions of “illegality” and the right or obligation of special operations forces to refuse an “illegal order” to wear “civilian clothing,” others urged caution.3 The discussion was unclassified, and many in the room were not * Copyright © 2003 W. Hays Parks. ** Law of War Chair, Office of General Counsel, Department of Defense; Special Assistant for Law of War Matters to The Judge Advocate General of the Army, 1979–2003; Stockton Chair of International Law, Naval War College, 1984–1985; Colonel, US Marine Corps Reserve (Retired); Adjunct Professor of International Law, Washington College of Law, American University, Washington, DC. The views expressed herein are the personal views of the author and do not necessarily reflect an official position of the Department of Defense or any other agency of the United States government. The author is indebted to Professor Jack L. Goldsmith for his advice and assistance during the research and writing of this article. 1 See, for example, Michelle Kelly and Morten Rostrup, Identify Yourselves: Coalition Soldiers in Afghanistan Are Endangering Aid Workers, Guardian (London) 19 (Feb 1, 2002).
    [Show full text]
  • Officials Say Flynn Discussed Sanctions
    Officials say Flynn discussed sanctions The Washington Post February 10, 2017 Friday, Met 2 Edition Copyright 2017 The Washington Post All Rights Reserved Distribution: Every Zone Section: A-SECTION; Pg. A08 Length: 1971 words Byline: Greg Miller;Adam Entous;Ellen Nakashima Body Talks with Russia envoy said to have occurred before Trump took office National security adviser Michael Flynn privately discussed U.S. sanctions against Russia with that country's ambassador to the United States during the month before President Trump took office, contrary to public assertions by Trump officials, current and former U.S. officials said. Flynn's communications with Russian Ambassador Sergey Kislyak were interpreted by some senior U.S. officials as an inappropriate and potentially illegal signal to the Kremlin that it could expect a reprieve from sanctions that were being imposed by the Obama administration in late December to punish Russia for its alleged interference in the 2016 election. Flynn on Wednesday denied that he had discussed sanctions with Kislyak. Asked in an interview whether he had ever done so, he twice said, "No." On Thursday, Flynn, through his spokesman, backed away from the denial. The spokesman said Flynn "indicated that while he had no recollection of discussing sanctions, he couldn't be certain that the topic never came up." Officials said this week that the FBI is continuing to examine Flynn's communications with Kislyak. Several officials emphasized that while sanctions were discussed, they did not see evidence that Flynn had an intent to convey an explicit promise to take action after the inauguration. Flynn's contacts with the ambassador attracted attention within the Obama administration because of the timing.
    [Show full text]
  • North Korean Cyber Capabilities: in Brief
    North Korean Cyber Capabilities: In Brief Emma Chanlett-Avery Specialist in Asian Affairs Liana W. Rosen Specialist in International Crime and Narcotics John W. Rollins Specialist in Terrorism and National Security Catherine A. Theohary Specialist in National Security Policy, Cyber and Information Operations August 3, 2017 Congressional Research Service 7-5700 www.crs.gov R44912 North Korean Cyber Capabilities: In Brief Overview As North Korea has accelerated its missile and nuclear programs in spite of international sanctions, Congress and the Trump Administration have elevated North Korea to a top U.S. foreign policy priority. Legislation such as the North Korea Sanctions and Policy Enhancement Act of 2016 (P.L. 114-122) and international sanctions imposed by the United Nations Security Council have focused on North Korea’s WMD and ballistic missile programs and human rights abuses. According to some experts, another threat is emerging from North Korea: an ambitious and well-resourced cyber program. North Korea’s cyberattacks have the potential not only to disrupt international commerce, but to direct resources to its clandestine weapons and delivery system programs, potentially enhancing its ability to evade international sanctions. As Congress addresses the multitude of threats emanating from North Korea, it may need to consider responses to the cyber aspect of North Korea’s repertoire. This would likely involve multiple committees, some of which operate in a classified setting. This report will provide a brief summary of what unclassified open-source reporting has revealed about the secretive program, introduce four case studies in which North Korean operators are suspected of having perpetrated malicious operations, and provide an overview of the international finance messaging service that these hackers may be exploiting.
    [Show full text]
  • What Every CEO Needs to Know About Cybersecurity
    What Every CEO Needs to Know About Cybersecurity Decoding the Adversary AT&T Cybersecurity Insights Volume 1 AT&T Cybersecurity Insights: Decoding the Adversary 1 Contents 03 Letter from John Donovan Senior Executive Vice President AT&T Technology and Operations 04 Executive Summary 05 Introduction 07 Outsider Threats 15 Looking Ahead: Outsider Threats 16 Best Practices: Outsiders 18 Insider Threats 24 Looking Ahead: New Potential Threats 25 Looking Ahead: Emerging Risks 26 Best Practices: Malicious Insiders 27 Best Practices: Unintentional Insiders 28 Moving Forward 32 Conclusion 33 Know the Terms For more information: Follow us on Twitter @attsecurity 35 End Notes and Sources Visit us at: Securityresourcecenter.att.com © 2015 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T Globe logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. The information contained herein is not an offer, commitment, representation or warranty by AT&T and is subject to change. 2 ATT.com/network-security Business leader, Welcome to the inaugural issue of AT&T Cybersecurity Insights, a comprehensive look at our analysis and findings from deep inside AT&T’s network operations groups, outside research firms, and network partners. This first issue, “Decoding the Adversary,” focuses on whether or not you and your board of directors are doing enough to protect against cyber threats. Security is not simply a CIO, CSO, or IT department issue. Breaches, leaked documents, and cybersecurity attacks impact stock prices and competitive edge. It is a responsibility that must be shared amongst all employees, and CEOs and board members must proactively mitigate future challenges.
    [Show full text]
  • Cyberattack Attribution
    CYBERATTACK ATTRIBUTION A BLUEPRINT FOR PRIVATE SECTOR LEADERSHIP RESEARCH FELLOWS SENIOR RESEARCH FELLOWS Justin Collins Allison Anderson Cameron Evans Stacia Lee Chris Kim Kayley Knopf FACULTY LEAD Selma Sadzak Jessica Beyer Nicholas Steele Julia Summers Alison Wendler This report is a product of the Applied Research Program in the Henry M. Jackson School of International Studies at the University of Washington. The Applied Research Program matches teams of top-achieving Jackson School students with private and public sector organizations seeking dynamic, impactful, and internationally-minded analyses to support their strategic and operational objectives. For more information about the Applied Research Program please contact us at [email protected]. Executive Summary After three decades of development, adoption, and innovation, the Internet stands at the core of modern society. The same network that connects family and friends across the world similarly ties together all aspects of daily life, from the functioning of the global economy to the operation of governments. The digitization of daily life is the defining feature of the 21st century. While the pervasiveness of Internet-enabled technology brings significant benefits, it also brings serious threats—not only to our economy and safety, but also to our trust in computer systems.1 The Internet is central to modern life, yet major state-sponsored cyberattacks persist in disrupting Internet access and function. These attacks undermine faith in government and public trust in democratic institutions. Attribution attempts to date have been unable to deter states from building malicious code for even greater destructive capabilities. In response, we propose the formation of an attribution organization based on international private sector coordination.
    [Show full text]
  • The 2014 Sony Hack and the Role of International Law
    The 2014 Sony Hack and the Role of International Law Clare Sullivan* INTRODUCTION 2014 has been dubbed “the year of the hack” because of the number of hacks reported by the U.S. federal government and major U.S. corporations in busi- nesses ranging from retail to banking and communications. According to one report there were 1,541 incidents resulting in the breach of 1,023,108,267 records, a 78 percent increase in the number of personal data records compro- mised compared to 2013.1 However, the 2014 hack of Sony Pictures Entertain- ment Inc. (Sony) was unique in nature and in the way it was orchestrated and its effects. Based in Culver City, California, Sony is the movie making and entertain- ment unit of Sony Corporation of America,2 the U.S. arm of Japanese electron- ics company Sony Corporation.3 The hack, discovered in November 2014, did not follow the usual pattern of hackers attempting illicit activities against a business. It did not specifically target credit card and banking information, nor did the hackers appear to have the usual motive of personal financial gain. The nature of the wrong and the harm inflicted was more wide ranging and their motivation was apparently ideological. Identifying the source and nature of the wrong and harm is crucial for the allocation of legal consequences. Analysis of the wrong and the harm show that the 2014 Sony hack4 was more than a breach of privacy and a criminal act. If, as the United States maintains, the Democratic People’s Republic of Korea (herein- after North Korea) was behind the Sony hack, the incident is governed by international law.
    [Show full text]
  • I Was Happy and Flattered to Be Invited to Deliver This Lecture Because Like So Many Others Who Knew Michael Quinlan I Was an Impassioned Admirer
    I was happy and flattered to be invited to deliver this lecture because like so many others who knew Michael Quinlan I was an impassioned admirer. Yet I cannot this evening avoid being a little daunted by the memory of an occasion twenty years ago, when we both attended a talk given by a general newly returned from the Balkans. Michael said to me afterwards: ‘Such a pity, isn’t it, when a soldier who has done really quite well on a battlefield simply lacks the intellectual firepower to explain coherently afterwards what he has been doing’. Few of us, alas, possess the ‘intellectual firepower’ to meet Michael’s supremely and superbly exacting standard. I am a hybrid, a journalist who has written much about war as a reporter and commentator; and also a historian. I am not a specialist in intelligence, either historic or contemporary. By the nature of my work, however, I am a student of the intelligence community’s impact upon the wars both of the 20th century and of our own times. I have recently researched and published a book about the role of intelligence in World War II, which confirmed my impression that while the trade employs some clever people, it also attracts some notably weird ones, though maybe they would say the same about historians. Among my favourite 1939-45 vignettes, there was a Japanese spy chief whose exploits caused him to be dubbed by his own men Lawrence of Manchuria. Meanwhile a German agent in Stockholm warned Berlin in September 1944 that the allies were about to stage a mass parachute drop to seize a Rhine bridge- the Arnhem operation.
    [Show full text]
  • View Final Report (PDF)
    TABLE OF CONTENTS TABLE OF CONTENTS I EXECUTIVE SUMMARY III INTRODUCTION 1 GENESIS OF THE PROJECT 1 RESEARCH QUESTIONS 1 INDUSTRY SITUATION 2 METHODOLOGY 3 GENERAL COMMENTS ON INTERVIEWS 5 APT1 (CHINA) 6 SUMMARY 7 THE GROUP 7 TIMELINE 7 TYPOLOGY OF ATTACKS 9 DISCLOSURE EVENTS 9 APT10 (CHINA) 13 INTRODUCTION 14 THE GROUP 14 TIMELINE 15 TYPOLOGY OF ATTACKS 16 DISCLOSURE EVENTS 18 COBALT (CRIMINAL GROUP) 22 INTRODUCTION 23 THE GROUP 23 TIMELINE 25 TYPOLOGY OF ATTACKS 27 DISCLOSURE EVENTS 30 APT33 (IRAN) 33 INTRODUCTION 34 THE GROUP 34 TIMELINE 35 TYPOLOGY OF ATTACKS 37 DISCLOSURE EVENTS 38 APT34 (IRAN) 41 INTRODUCTION 42 THE GROUP 42 SIPA Capstone 2020 i The Impact of Information Disclosures on APT Operations TIMELINE 43 TYPOLOGY OF ATTACKS 44 DISCLOSURE EVENTS 48 APT38 (NORTH KOREA) 52 INTRODUCTION 53 THE GROUP 53 TIMELINE 55 TYPOLOGY OF ATTACKS 59 DISCLOSURE EVENTS 61 APT28 (RUSSIA) 65 INTRODUCTION 66 THE GROUP 66 TIMELINE 66 TYPOLOGY OF ATTACKS 69 DISCLOSURE EVENTS 71 APT29 (RUSSIA) 74 INTRODUCTION 75 THE GROUP 75 TIMELINE 76 TYPOLOGY OF ATTACKS 79 DISCLOSURE EVENTS 81 COMPARISON AND ANALYSIS 84 DIFFERENCES BETWEEN ACTOR RESPONSE 84 CONTRIBUTING FACTORS TO SIMILARITIES AND DIFFERENCES 86 MEASURING THE SUCCESS OF DISCLOSURES 90 IMPLICATIONS OF OUR RESEARCH 92 FOR PERSISTENT ENGAGEMENT AND FORWARD DEFENSE 92 FOR PRIVATE CYBERSECURITY VENDORS 96 FOR THE FINANCIAL SECTOR 96 ROOM FOR FURTHER RESEARCH 97 ACKNOWLEDGEMENTS 98 ABOUT THE TEAM 99 SIPA Capstone 2020 ii The Impact of Information Disclosures on APT Operations EXECUTIVE SUMMARY This project was completed to fulfill the including the scope of the disclosure and capstone requirement for Columbia Uni- the disclosing actor.
    [Show full text]
  • I,St=-Rn Endorsedb~ Chief, Policy, Information, Performance, and Exports
    NATIONAL SECURITY AGENCY CENTRAL SECURITY SERVICE NSA/CSS POLICY 2-4 Issue Date: IO May 20 I 9 Revised: HANDLING OF REQUESTS FOR RELEASE OF U.S. IDENTITIES PURPOSE AND SCOPE This policy, developed in consultation with the Director of National Intelligence (DNI), the Attorney General, and the Secretary of Defense, implements Intelligence Community Policy Guidance I 07 .1 , "Requests for Identities of U.S. Persons in Disseminated Intelligence Reports" (Reference a), and prescribes the policy, procedures, and responsibilities for responding to a requesting entity, other than NSA/CSS, for post-publication release and dissemination of masked US person idenlity information in disseminated serialized NSA/CSS reporting. This policy applies exclusively to requests from a requesting entity, other than NSA/CSS, for post-publication release and dissemination of nonpublic US person identity information that was masked in a disseminated serialized NSA/CSS report. This policy does not apply in circumstances where a U.S. person has consented to the dissemination of communications to, from, or about the U.S. person. This policy applies to all NSA/CSS personnel and to all U.S. Cryptologic System Government personnel performing an NSA/CSS mission. \ This policy does not affect any minimization procedures established pursuant to the Foreign Intelligence Surveillance Act of 1978 (Reference b), Executive Order 12333 (Reference £), or other provisions of law. This policy does not affect the requirements established in Annex A, "Dissemination of Congressional Identity Information," of Intelligence Community Directive 112, "Congressional Notification" (Reference d). ~A General, U.S. Army Director, NSA/Chief, CSS i,st=-rn Endorsedb~ Chief, Policy, Information, Performance, and Exports NSA/CSS Policy 2-4 is approved for public release.
    [Show full text]
  • Utah Data Center, As Well As Any Search Results Pages
    This document is made available through the declassification efforts and research of John Greenewald, Jr., creator of: The Black Vault The Black Vault is the largest online Freedom of Information Act (FOIA) document clearinghouse in the world. The research efforts here are responsible for the declassification of hundreds of thousands of pages released by the U.S. Government & Military. Discover the Truth at: http://www.theblackvault.com NATIONAL SECURITY AGENCY CENTRAL SECURITY SERVICE FORT GEORGE G. MEADE, MARYLAND 20755-6000 FOIA Case: 84688A 2 May 2017 JOHN GREENEWALD Dear Mr. Greenewald : This responds to your Freedom of Information Act (FOIA) request of 14 June 2016 for Intellipedia pages on Boundless Information and/or BOUNDLESS INFORMANT and/or Bull Run and/or BULLRUN and/or Room 641A and/ or Stellar Wind and/ or Tailored Access Operations and/ or Utah Data Center, as well as any search results pages. A copy of your request is enclosed. As stated in our previous response, dated 15 June 2016, your request was assigned Case Number 84688. For purposes of this request and based on the information you provided in your letter, you are considered an "all other" requester. As such, you are allowed 2 hours of search and the duplication of 100 pages at no cost. There are no assessable fees for this request. Your request has been processed under the FOIA. For your information, NSA provides a service of common concern for the Intelligence Community (IC) by serving as the executive agent for Intelink. As such, NSA provides technical services that enable users to access and share information with peers and stakeholders across the IC and DoD.
    [Show full text]
  • A PRACTICAL METHOD of IDENTIFYING CYBERATTACKS February 2018 INDEX
    In Collaboration With A PRACTICAL METHOD OF IDENTIFYING CYBERATTACKS February 2018 INDEX TOPICS EXECUTIVE SUMMARY 4 OVERVIEW 5 THE RESPONSES TO A GROWING THREAT 7 DIFFERENT TYPES OF PERPETRATORS 10 THE SCOURGE OF CYBERCRIME 11 THE EVOLUTION OF CYBERWARFARE 12 CYBERACTIVISM: ACTIVE AS EVER 13 THE ATTRIBUTION PROBLEM 14 TRACKING THE ORIGINS OF CYBERATTACKS 17 CONCLUSION 20 APPENDIX: TIMELINE OF CYBERSECURITY 21 INCIDENTS 2 A Practical Method of Identifying Cyberattacks EXECUTIVE OVERVIEW SUMMARY The frequency and scope of cyberattacks Cyberattacks carried out by a range of entities are continue to grow, and yet despite the seriousness a growing threat to the security of governments of the problem, it remains extremely difficult to and their citizens. There are three main sources differentiate between the various sources of an of attacks; activists, criminals and governments, attack. This paper aims to shed light on the main and - based on the evidence - it is sometimes types of cyberattacks and provides examples hard to differentiate them. Indeed, they may of each. In particular, a high level framework sometimes work together when their interests for investigation is presented, aimed at helping are aligned. The increasing frequency and severity analysts in gaining a better understanding of the of the attacks makes it more important than ever origins of threats, the motive of the attacker, the to understand the source. Knowing who planned technical origin of the attack, the information an attack might make it easier to capture the contained in the coding of the malware and culprits or frame an appropriate response. the attacker’s modus operandi.
    [Show full text]