DOCSLIB.ORG

The Air Force Can Learn a Lot from What It Has Already Seen in Cyberspace. Old Lessons

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

The Air Force can learn a lot from what it has already seen in cyberspace. Old Lessons, “New”By Rebecca Grant Domain Cape Cod radar tower in Massachusetts was a prototype for the SAGE air defense system. SAGE needed computers with memory, digital relays linking radar sites, and systems engineering to bring them together. 86 AIR FORCE Magazine / September 2013 ashington is once again strategic challenges, such as continental wrestling with how to tack- air defense in the 1950s and real-time le the military challenges command and control in the 1980s, of cyberspace. “The rise of fueled progress in the exploitation of Photos via MITRE Corp. cyber is the most striking cyberspace. development in the post-9/11 national In its infancy, the domain of cyber- Wsecurity landscape,” Chairman of the space did not look much like the clouds Joint Chiefs of Staff Army Gen. Martin and commons known around the globe E. Dempsey said in a June 27 speech at today. The special qualities of cyberspace the Brookings Institution. Dempsey said emerged only when computers gained about 4,000 new military cyber positions more memory and power and networks could be created. Perhaps 1,000 of those linked them together. may be within the Air Force. Responding to new growth in the In the (Cyber) Beginning cyber mission poses a challenge to the Back before social media, the World Air Force. Over the past decade, the Wide Web, the fi rst emails, and even USAF position has swung from taking before ARPAnet, the fi rst closed cy- a vigorous lead in the mission area to berspace system was the Air Force’s going slow on cyber—to avoid a po- Semi-automatic Ground Environment, tential “black hole” as Air Force Chief or SAGE. of Staff Gen. Mark A. Welsh III termed The Air Force bought and paid for it in late 2012. SAGE, which was arguably the fi rst true As the debate continues, it is important cyberspace environment. to recall that cyberspace is not new ter- SAGE’s intent was to direct continen- ritory for airmen. The Air Force made tal air defenses to intercept attacking its fi rst deliberate move to create a cyber Soviet bombers. From 1949 on, the entire force structure almost 20 years ago. United States was vulnerable to nuclear “The longer we think cyber confl ict is attack from Soviet bombers refueled near new, the more we will repeat the same the Arctic Circle. mistakes and relearn old lessons,” wrote The defensive problem had grown too Jason Healey, director of the Cyber State- complex and immense for the grease craft Initiative at the Atlantic Council, pencil and telephone line methods of in Air University’s Strategic Studies World War II to remain effective. Quarterly in fall 2012. MIT professor George E. Valley Jr. Cyber lessons mark out a heritage dove into the problem as a member of every bit as interesting as biplanes and the Air Force Scientifi c Advisory Board. bridge bombing. In fact, USAF can look Valley visited an air defense site in Mas- back at six decades of involvement in the sachusetts and was horrifi ed by the old domain now called cyberspace. Air Force equipment and procedures. An early “cyber warrior” in 1959 uses a light gun to target potential intercept coordinates. AIR FORCE Magazine / September 2013 87 Austin Mills photo via National Cryptologic Museum Museum of Science photo viaWikipedia Above: The disk containing the 99 lines of code comprising the Morris worm. Right: Frostburg, a supercomputer programmed to perform higher-level mathematical calculations for the National Security Agency, operated from 1991 to 1997. Valley briefed Air Force Chief Sci- receive radar data and entist Louis N. Ridenour, who then per- respond with an inter- suaded MIT President James R. Killian cept path in real-time, Jr. to establish a new laboratory at MIT thanks to its nascent and use Air Force money on air defense electrostatic random research. They also hoped to stimulate access memory and the information electronics industry. programmable read- SAGE was a unique step toward only memory. The Air Force took over line. This was one of the earliest work- cyberspace because the system was funding of the computer from the Offi ce able modems. conceived from the beginning as an in- of Naval Research. Airmen also got their fi rst taste of formation architecture. “SAGE was one Digital computer maturation in the working in a computer-driven, interactive of the fi rst systems to include immediate, SAGE project “laid the foundation for environment linking sites all over the interactive man-machine communication a revolution in digital computing, which country. This was an important early step via displays, light guns, and switches,” subsequently had a profound impact on in building up the cyberspace domain. noted a 1974 RAND report on future the modern world,” summed up MIT’s “The primary responsibility for humans USAF command and control software offi cial history. To boost performance, in the SAGE system would be their in- requirements. researchers developed magnetic core teraction with computers through the use To work, SAGE needed computers memory and bolted it on to Whirlwind. of keyboards and other devices in order with memory, digital relays linking radar Magnetic core memory became the to specify which of the airplanes picked sites to command and control nodes, industry standard for the next 20 years. up and followed by radar and shown and systems engineering to bring them SAGE also utilized primitive mo- on the computer cathode-ray monitors together. dems—the skeletal structure of cy- should be targeted,” summarized Thomas Air Force requisites for SAGE carved berspace. Scientists at the Air Force P. Hughes in Rescuing Prometheus, his out many of the tools for cyberspace. Cambridge Research Lab in Cambridge, landmark book on innovation. First was a fast computer with program- Mass., also fi gured out how to convert SAGE also stressed systems engineer- mable memory. The MIT campus had a analog radar into digital code and ing skills because of the diffi culty of computer known as Whirlwind that could transmit over a dedicated telephone developing and exploiting new computer 88 AIR FORCE Magazine / September 2013 and communications technology. Instead, Baran envisioned a series of The National Security Agency went off In retrospect, “the military require- backup centers with commanders. As and built its own version of the ARPAnet ments for SAGE sytem placed it long as they all had good information, called Platform. beyond the leading edge of soft- nearly any one of the senior military For the Air Force, this had two cyber ware technology,” noted a 1974 offi cers in charge of the set of centers implications. Cyberspace would grow in RAND report. could make a good decision on how deep secrecy at NSA as signals and intel- It took until 1958 for SAGE to to cope with incoming attacks. Baran ligence analysis became closer entwined become fully operational. By then, described potential non-hierarchical with the cyber world. Airmen would be it was also obsolete. Still, SAGE network formats starting with a simple closely involved in that work, too. marked the fi rst major commitment “round robin” network. The key was However, cyberspace would also grow of USAF dollars and expertise and “distributed computation, or totally from the worlds of education and business. provided components of the future independent apparatus at each node” With commercial companies producing cyberspace domain. providing such routing “without reliance faster, more capable computers, USAF One of SAGE’s fl aws was its upon a vulnerable central computer.” turned its focus to tactical applications hierarchical communications de- In Baran’s concept, the message would for information technology. sign. What if a Soviet attack wiped travel over the shortest path, carry a Air Force Systems Command com- out communications links and security tag, and have its geographical missioned a study in March 1971 titled blinded SAGE and its successor point of origin authenticated. The system “Information Processing/Data Automa- air defense systems? Survivability as a whole would be set up to identify tion Implications of Air Force Command of command and control in time malfunctions right away. Baran’s work and Control Requirements in the 1980s.” of nuclear attack was a big preoc- on Strategic Air Command’s nuclear Its purpose was to scope the information cupation in the 1960s as the Soviet command and control problem laid out processing technology anticipated for Union increased its bomber and a crucial turn in the roots of networking command and control of Air Force combat missile forces. and the Internet to come. units in the next decade. A RAND Project Air Force Software was becoming the problem of researcher named Paul Baran took Platform via ARPAnet the 1970s; USAF was already spending on the problem and ended up with By the 1970s, much of the ground- almost $1.25 billion per year on soft- another big push in the develop- breaking work in cyberspace was tucked ware—three times more than hardware ment of cyberspace—a theory of under the Pentagon’s Advanced Research spending for automatic data processing. distributed communications. Projects Agency. ARPAnet was not con- And software progress was already at- Baran saw right away that ac- ceived as a military communications tracting complaints. “Software has yet curate Soviet intercontinental bal- project. Instead, the main motivation to live up to its potential in [command listic missiles spelled big trouble was to facilitate time-sharing by linking and control] systems,” noted the 1974 for the current system. together powerful computers that were RAND report. “The proven development of geographically separated.
Recommended publications
  • A the Hacker

    A the Hacker

    A The Hacker Madame Curie once said “En science, nous devons nous int´eresser aux choses, non aux personnes [In science, we should be interested in things, not in people].” Things, however, have since changed, and today we have to be interested not just in the facts of computer security and crime, but in the people who perpetrate these acts. Hence this discussion of hackers. Over the centuries, the term “hacker” has referred to various activities. We are familiar with usages such as “a carpenter hacking wood with an ax” and “a butcher hacking meat with a cleaver,” but it seems that the modern, computer-related form of this term originated in the many pranks and practi- cal jokes perpetrated by students at MIT in the 1960s. As an example of the many meanings assigned to this term, see [Schneier 04] which, among much other information, explains why Galileo was a hacker but Aristotle wasn’t. A hack is a person lacking talent or ability, as in a “hack writer.” Hack as a verb is used in contexts such as “hack the media,” “hack your brain,” and “hack your reputation.” Recently, it has also come to mean either a kludge, or the opposite of a kludge, as in a clever or elegant solution to a difficult problem. A hack also means a simple but often inelegant solution or technique. The following tentative definitions are quoted from the jargon file ([jargon 04], edited by Eric S. Raymond): 1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary.
  • Jeffrey Heim, Marcel Hernandez, Maria Nunez,& Matthias Katerna Morris Worm on November 2, 1988, Robert Tappan Morris Releas

    Jeffrey Heim, Marcel Hernandez, Maria Nunez,& Matthias Katerna Morris Worm on November 2, 1988, Robert Tappan Morris Releas

    Jeffrey Heim, Marcel Hernandez, Maria Nunez,& Matthias Katerna Morris Worm On November 2, 1988, Robert Tappan Morris released a worm into the internet. The experimental worm was the first of its kind. It replicated itself and programmed itself, so it ended up spreading much faster than Morris expected. It self-programmed and self-replicated at an exponential rate in a manner that had never been seen before. Morris knew this worm was not necessarily ethical, for he released it out of MIT instead of his own Cornell University. In due course, many computers across the United States had crashed because of Morris. Once he discovered how much damage the worm had been causing, he reached out to a friend at Harvard looking for a solution to stop it. They attempted in sending an anonymous message to the network with directions that could kill the worm, but the message came through too late since they system was clogged. Many significant computers at colleges, businesses and the military became infected. The cost to fix each computer ranged from $200 to over $53,000. The worm exploited vulnerabilities in computer systems and in the UNIX email software. Within 24 hours of releasing the worm, thousands of people were aware something was unusual. Eventually, it would infect ten percent of all computers using the internet. The Morris Worm was the largest malware case ever to reach this percentage. However, the percentage was so high due to the fact that the number of computers was much less than today. The computers it impacted included significant systems, such as Stanford’s, Berkley’s and NASA’s.
  • Hacks, Leaks and Disruptions | Russian Cyber Strategies

    Hacks, Leaks and Disruptions | Russian Cyber Strategies

    CHAILLOT PAPER Nº 148 — October 2018 Hacks, leaks and disruptions Russian cyber strategies EDITED BY Nicu Popescu and Stanislav Secrieru WITH CONTRIBUTIONS FROM Siim Alatalu, Irina Borogan, Elena Chernenko, Sven Herpig, Oscar Jonsson, Xymena Kurowska, Jarno Limnell, Patryk Pawlak, Piret Pernik, Thomas Reinhold, Anatoly Reshetnikov, Andrei Soldatov and Jean-Baptiste Jeangène Vilmer Chaillot Papers HACKS, LEAKS AND DISRUPTIONS RUSSIAN CYBER STRATEGIES Edited by Nicu Popescu and Stanislav Secrieru CHAILLOT PAPERS October 2018 148 Disclaimer The views expressed in this Chaillot Paper are solely those of the authors and do not necessarily reflect the views of the Institute or of the European Union. European Union Institute for Security Studies Paris Director: Gustav Lindstrom © EU Institute for Security Studies, 2018. Reproduction is authorised, provided prior permission is sought from the Institute and the source is acknowledged, save where otherwise stated. Contents Executive summary 5 Introduction: Russia’s cyber prowess – where, how and what for? 9 Nicu Popescu and Stanislav Secrieru Russia’s cyber posture Russia’s approach to cyber: the best defence is a good offence 15 1 Andrei Soldatov and Irina Borogan Russia’s trolling complex at home and abroad 25 2 Xymena Kurowska and Anatoly Reshetnikov Spotting the bear: credible attribution and Russian 3 operations in cyberspace 33 Sven Herpig and Thomas Reinhold Russia’s cyber diplomacy 43 4 Elena Chernenko Case studies of Russian cyberattacks The early days of cyberattacks: 5 the cases of Estonia,
  • Combating Spyware in the Enterprise.Pdf

    Combating Spyware in the Enterprise.Pdf

    www.dbebooks.com - Free Books & magazines Visit us at www.syngress.com Syngress is committed to publishing high-quality books for IT Professionals and delivering those books in media and formats that fit the demands of our cus- tomers. We are also committed to extending the utility of the book you purchase via additional materials available from our Web site. SOLUTIONS WEB SITE To register your book, visit www.syngress.com/solutions. Once registered, you can access our [email protected] Web pages. There you will find an assortment of value-added features such as free e-booklets related to the topic of this book, URLs of related Web site, FAQs from the book, corrections, and any updates from the author(s). ULTIMATE CDs Our Ultimate CD product line offers our readers budget-conscious compilations of some of our best-selling backlist titles in Adobe PDF form. These CDs are the perfect way to extend your reference library on key topics pertaining to your area of exper- tise, including Cisco Engineering, Microsoft Windows System Administration, CyberCrime Investigation, Open Source Security, and Firewall Configuration, to name a few. DOWNLOADABLE EBOOKS For readers who can’t wait for hard copy, we offer most of our titles in download- able Adobe PDF form. These eBooks are often available weeks before hard copies, and are priced affordably. SYNGRESS OUTLET Our outlet store at syngress.com features overstocked, out-of-print, or slightly hurt books at significant savings. SITE LICENSING Syngress has a well-established program for site licensing our ebooks onto servers in corporations, educational institutions, and large organizations.
  • Lesson 6: Hacking Malware

    Lesson 6: Hacking Malware

    LESSON 6 HACKING MALWARE Lesson 6: Malware WARNING The Hacker Highschool Project is a learning tool and as with any learning tool there are dangers. Some lessons if abused may result in physical injury. Some additional dangers may also exist where there is not enough research on possible effects of emanations from particular technologies. Students using these lessons should be supervised yet encouraged to learn, try, and do. However ISECOM cannot accept responsibility for how any information herein is abused. The following lessons and workbooks are open and publicly available under the following terms and conditions of ISECOM: All works in the Hacker Highschool Project are provided for non-commercial use with elementary school students, junior high school students, and high school students whether in a public institution, private institution, or a part of home-schooling. These materials may not be reproduced for sale in any form. The provision of any class, course, training, or camp with these materials for which a fee is charged is expressly forbidden without a license including college classes, university classes, trade-school classes, summer or computer camps, and similar. To purchase a license, visit the LICENSE section of the HHS web page at http://www.hackerhighschool.org/licensing.html. The HHS Project is an open community effort and if you find value in this project we ask that you support us through the purchase of a license, a donation, or sponsorship. 2 Lesson 6: Malware Table of Contents WARNING....................................................................................................................................................2
  • IBM X-Force Threat Insight Quarterly 2 X-Force Threat Insight Quarterly IBM Security Solutions

    IBM X-Force Threat Insight Quarterly 2 X-Force Threat Insight Quarterly IBM Security Solutions

    IBM Security Solutions May 2011 IBM X-Force Threat Insight Quarterly 2 X-Force Threat Insight Quarterly IBM Security Solutions Contents About the report 2 About the Report The IBM X-Force® Threat Insight Quarterly is designed to highlight some of the most significant threats and challenges 3 Evolution: From Nuisance to Weapon facing security professionals today. This report is a product of IBM Managed Security Services and the IBM X-Force 8 Prolific and Impacting Issues of Q1 2011 research and development team. Each issue focuses on specific challenges and provides a recap of the most significant recent 16 References online threats. IBM Managed Security Services are designed to help an organization improve its information security, by outsourcing security operations or supplementing your existing security teams. The IBM protection on-demand platform helps deliver Managed Security Services and the expertise, knowledge and infrastructure an organization needs to secure its information assets from Internet attacks. The X-Force team provides the foundation for a preemptive approach to Internet security. The X-Force team is one of the best-known commercial security research groups in the world. This group of security experts researches and evaluates vulnerabilities and security issues, develops assessment and countermeasure technology for IBM security products, and educates the public about emerging Internet threats. We welcome your feedback. Questions or comments regarding the content of this report should be addressed to [email protected]. 3 X-Force Threat Insight Quarterly IBM Security Solutions Evolution: From Nuisance to Weapon One of the more notable examples here is Brain3, a boot sector infector which originated in Pakistan and released in 1986, was Creeper, Wabbit, Animal, Elk Cloner, Brain, Vienna, Lehigh, one of the first examples of malware that infected PC’s running Stoned, Jerusalem.
  • Using Deception to Enhance Security: a Taxonomy, Model, and Novel Uses Mohammed H

    Using Deception to Enhance Security: a Taxonomy, Model, and Novel Uses Mohammed H

    Purdue University Purdue e-Pubs Open Access Dissertations Theses and Dissertations January 2015 Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses Mohammed H. Almeshekah Purdue University Follow this and additional works at: https://docs.lib.purdue.edu/open_access_dissertations Recommended Citation Almeshekah, Mohammed H., "Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses" (2015). Open Access Dissertations. 1334. https://docs.lib.purdue.edu/open_access_dissertations/1334 This document has been made available through Purdue e-Pubs, a service of the Purdue University Libraries. Please contact [email protected] for additional information. Graduate School Form 30 Updated 1/15/2015 PURDUE UNIVERSITY GRADUATE SCHOOL Thesis/Dissertation Acceptance This is to certify that the thesis/dissertation prepared By Almeshekah, Mohammed Hamoud Entitled Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses For the degree of Doctor of Philosophy Is approved by the final examining committee: Eugene H. Spafford Co-chair Mikhail J. Atallah Co-chair Samuel S. Wagstaff, Jr Matt Bishop To the best of my knowledge and as understood by the student in the Thesis/Dissertation Agreement, Publication Delay, and Certification Disclaimer (Graduate School Form 32), this thesis/dissertation adheres to the provisions of Purdue University’s “Policy of Integrity in Research” and the use of copyright material. Eugene H. Spafford Approved by Major Professor(s): William Gorman July 20th, 2015 Approved by: Head of the Departmental
  • Hacking Techniques in Wired Networks

    Hacking Techniques in Wired Networks

    Hacking Techniques in Wired Networks Qijun Gu, Pennsylvania State University, University Park Peng Liu, Pennsylvania State University, University Park Chao-Hsien Chu, Pennsylvania State University, University Park Introduction Principles of Hacking Seven Steps of Hacking Overview of Hacking Toolkits Classifications of Hacking Toolkits Attacks against the Internet Infrastructure Attacks against DNS Attacks against TCP/IP Attacks against BGP Attacks against End Systems of the Internet Morris Worm Melissa Sadmind Code Red I and Code Red II Nimda SQL Slammer W32/Blaster Attacks against Enterprise Network Systems Attacks against Private Networks Attacks against Private Networks with Web Service Attacks against Firewalls and Virtual Private Networks Conclusion Keywords: Wired network, Security, Cyber attack, Vulnerability, Hack, Worm, Virus, Internet infrastructure, End system, Enterprise network Wired networks, especially the Internet, have already been indispensable in our daily activities. However, in the last 10 years, security “disasters” have challenged the design and development of networks and systems. Vulnerabilities in current systems are frequently exploited by hackers and attackers. Cyber attacks have become a more and more serious threat to our society. In order to better protect networks, this article gives an overview on a variety of hacking techniques. This article focuses on the objectives, principles, functionalities and characteristics of different types of hacking techniques in wired networks, and provides in-depth discussions on the common characteristics of cyber attacks, the structure and components of cyber attacks, and the relationships among cyber attacks. These discussions can help security professionals grasp the “soul” of a “new” cyber attack in an easier and quicker way. INTRODUCTION Nowadays, wired networks, especially the Internet, have already become a platform to support not only high-speed data communication, but also powerful distributed computing for a variety of personal and business processes every day.
  • Automating Cyber Attacks

    Automating Cyber Attacks

    Automating Cyber Attacks HYPE AND REALITY AUTHORS Ben Buchanan John Bansemer Dakota Cary Jack Lucas Micah Musser NOVEMBER 2020 Established in January 2019, the Center for Security and Emerging Technology (CSET) at Georgetown’s Walsh School of Foreign Service is a research organization fo- cused on studying the security impacts of emerging tech- nologies, supporting academic work in security and tech- nology studies, and delivering nonpartisan analysis to the policy community. CSET aims to prepare a generation of policymakers, analysts, and diplomats to address the chal- lenges and opportunities of emerging technologies. During its first two years, CSET will focus on the effects of progress in artificial intelligence and advanced computing. CSET.GEORGETOWN.EDU | [email protected] 2 Center for Security and Emerging Technology NOVEMBER 2020 Automating Cyber Attacks HYPE AND REALITY AUTHORS Ben Buchanan John Bansemer Dakota Cary Jack Lucas Micah Musser ACKNOWLEDGMENTS The authors would like to thank Perri Adams, Max Guise, Drew Lohn, Igor Mikolic-Torreira, Chris Rohlf, Lynne Weil, and Alexandra Vreeman for their comments on earlier versions of this manuscript. PRINT AND ELECTRONIC DISTRIBUTION RIGHTS © 2020 by the Center for Security and Emerging Technology. This work is licensed under a Creative Commons Attribution- NonCommercial 4.0 International License. To view a copy of this license, visit: https://creativecommons.org/licenses/by-nc/4.0/. Document Identifier: doi: 10.51593/2020CA002 Cover photo: KsanaGraphica/ShutterStock. Contents EXECUTIVE SUMMARY III INTRODUCTION V 1 | THE CYBER KILL CHAIN 1 2 | HOW MACHINE LEARNING CAN (AND CAN’T) 11 CHANGE OFFENSIVE OPERATIONS 3 | CONCLUSION: KEY JUDGMENTS 21 ENDNOTES 29 Center for Security and Emerging Technology i iv Center for Security and Emerging Technology Executive Summary acking is a well-established part of statecraft.
  • The Ultimate Cybersecurity Guide for the It Professional

    The Ultimate Cybersecurity Guide for the It Professional

    THE ULTIMATE CYBERSECURITY GUIDE FOR THE IT PROFESSIONAL { 01101000 01110100 01110100 01110000 01110011 00111010 00101111 00101111 01110111 01110111 01110111 00101110 01100011 01100001 01110010 01100010 01101111 01101110 01100010 01101100 01100001 01100011 01101011 00101110 01100011 01101111 01101101 } THE ULTIMATE CYBERSECURITY GUIDE FOR THE IT PROFESSIONAL 2019 Welcome to our comprehensive guide on the basics of cybersecurity. Whether you've been in IT for a long time or are just starting out, there is an expectation that everyone in IT should have some degree of expo- sure to InfoSec. A good way to do that is to learn from and get connected in the community. Cybersecurity is a fascinating and rapidly evolving area of IT. And those that are involved are friendly people who care passionately about keeping us all safe. With information from over 150 sourced references, and personal input from The Howler Hub community of security experts, this guide contains the key information to help you: • Understand key concepts that drive the security professional. • Learn a common language to engage with cybersecurity professionals. • Connect with sources to stay up-to-date on this evolving field. • Engage with cybersecurity experts and the threat hunting community at large. CONTENTS 01 02 03 History of Attackers + Common Cybersecurity Their Motives Attacks <pg num="001" /> <pg num="005" /> <pg num="007" /> 04 05 06 Terms to Know Experts to Blogs to Read <pg num="009" /> Follow <pg num="014" /> <pg num="013" /> 07 08 09 Events to Books to Read Movies + Shows Attend <pg num="017" /> to Watch <pg num="015" /> <pg num="019" /> 10 11 12 Communities Become a References to Engage Threat Hunter <pg num="023" /> <pg num="021" /> <pg num="022" /> 13 Appendices <pg num="024" /> <pg num="001" /> SEC.
  • Evolution of Cyber Security Invotra

    Evolution of Cyber Security Invotra

    Evolution of cyber security Invotra Digital Workplace, Intranet and Extranet 700 bc Scytale used by Greece and Rome to send messages And kids ever since.. Image Source: https://commons.wikimedia.org/wiki/File:Skytale.png 1467 Alberti Cipher was impossible to break without knowledge of the method. This was because the frequency distribution of the letters was masked and frequency analysis - the only known technique for attacking ciphers at that time was no help. Image Source: https://commons.wikimedia.org/wiki/File:Alberti_cipher_disk.JPG 1797 The Jefferson disk, or wheel cypher as Thomas Jefferson named it, also known as the Bazeries Cylinder. It is a cipher system using a set of wheels or disks, each with the 26 letters of the alphabet arranged around their edge. Image Source: https://en.wikipedia.org/wiki/Jefferson_disk#/media/File:Jefferson%27s_disk_cipher.jpg 1833 Augusta Ada King-Noel, Countess of Lovelace was an English mathematician and writer, chiefly known for her work on Charles Babbage's proposed mechanical general-purpose computer, the Analytical Engine. She is widely seen as the world's first programmer Image Source: https://commons.wikimedia.org/wiki/File:Ada_Lovelace_portrait.jpg 1903 Magician and inventor Nevil Maskelyne interrupted John Ambrose Fleming's public demonstration of Marconi's purportedly secure wireless telegraphy technology. He sent insulting Morse code messages through the auditorium's projector. Image Source: https://en.wikipedia.org/wiki/Nevil_Maskelyne_(magician)#/media/File:Nevil_Maskelyne_circa_190 3.jpg 1918 The Enigma Machine. It was developed by Arthur Scherbius in 1918 and adopted by the German government and the nazi party Image Source: https://commons.wikimedia.org/wiki/File:Kriegsmarine_Enigma.png 1932 Polish cryptologists Marian Rejewski, Henryk Zygalski and Jerzy Różycki broke the Enigma machine code.
  • Cyber Conflicts in International Relations: Framework and Case Studies

    Cyber Conflicts in International Relations: Framework and Case Studies

    Cyber Conflicts in International Relations: Framework and Case Studies Alexander Gamero-Garrido Engineering Systems Division Massachusetts Institute of Technology [email protected] | [email protected] Executive Summary Overview Although cyber conflict is no longer considered particularly unusual, significant uncertainties remain about the nature, scale, scope and other critical features of it. This study addresses a subset of these issues by developing an internally consistent framework and applying it to a series of 17 case studies. We present each case in terms of (a) its socio-political context, (b) technical features, (c) the outcome and inferences drawn in the sources examined. The profile of each case includes the actors, their actions, tools they used and power relationships, and the outcomes with inferences or observations. Our findings include: • Cyberspace has brought in a number of new players – activists, shady government contractors – to international conflict, and traditional actors (notably states) have increasingly recognized the importance of the domain. • The involvement of the private sector on cybersecurity (“cyber defense”) has been critical: 16 out of the 17 cases studied involved the private sector either in attack or defense. • All of the major international cyber conflicts presented here have been related to an ongoing conflict (“attack” or “war”) in the physical domain. • Rich industrialized countries with a highly developed ICT infrastructure are at a higher risk concerning cyber attacks. • Distributed Denial of Service (DDoS) is by far the most common type of cyber attack. • Air-gapped (not connected to the public Internet) networks have not been exempt from attacks. • A perpetrator does not need highly specialized technical knowledge to intrude computer networks.