Cyberwar 27 Sep 2020
Total Page:16
File Type:pdf, Size:1020Kb
Geostrategy and Geopolitics Department 1 49069 Osnabrueck Cyber war Methods and Practice 27 Sep 2020 Summary Cyberwar (Cyber war, Cyber Warfare) is the military confrontation with the means of information technology. This paper presents the current state and deals with the theoretical and practical problems. In practice, cyberwar is an integral part of military action, but cannot be completely separated from espionage, since the intrusion into and reconnaissance of target systems is essential for further action. After an overview of attack methods, attackers (Advanced Persistent Threats), spy tools, cyber weapons and cyber defense, a particular focus is on the attribution of cyber-attacks and the Smart Industry (Industry 4.0). Afterwards, the cyberwar strategies of the US, China, Russia and further leading actors will be discussed. Further chapters present Artificial Intelligence, Smart Industry, smart devices and biological applications. Cyber war 27 Sep 2020_English 1 apl. Prof. Dr. Dr. K. Saalbach Table of Contents 1. Fundamentals ....................................................................................................... 7 1.1 Introduction ............................................................................................................... 7 1.2 Background ............................................................................................................... 7 1.3 Cyberwar Definition ................................................................................................. 9 1.4 Cyberwar and Espionage ........................................................................................ 11 1.5 Terminology ............................................................................................................ 11 1.6 Cyber warfare and International Law ..................................................................... 13 1.7 The Geostrategy of Cyberspace .............................................................................. 15 1.7.1 Physical control of data exchange .................................................................... 15 1.7.2 Control of critical elements .............................................................................. 17 1.7.2.1 Rare Metals ................................................................................................... 17 1.7.2.2 Relation USA - China ................................................................................... 18 1.7.2.3 The Huawei Conflict ..................................................................................... 18 1.7.2.4 Clean Network versus 3-5-2 ......................................................................... 19 1.7.3 The centralization trend ................................................................................... 20 2. Methods .............................................................................................................. 21 2.1 General issues ......................................................................................................... 21 2.1.1 Physical damage of computers and communication lines ............................... 21 2.1.2 Electromagnetic Pulse EMP ............................................................................ 21 2.1.3 The attack on and manipulation of computers and networks .......................... 21 2.2 Attack on Computers .............................................................................................. 21 2.2.1 Basic principles of cyber attacks...................................................................... 21 2.2.2 Communication lines of cyber attacks ............................................................. 22 2.2.3 Strategy ............................................................................................................ 23 2.2.3.1 Introduction ................................................................................................... 24 2.2.3.2 Gain access.................................................................................................... 26 2.2.3.3 Install malware and start manipulation ......................................................... 36 2.2.3.4 Cyber espionage tools ................................................................................... 36 2.2.3.5 Offensive Cyber Weapons ............................................................................ 37 2.2.4 Cyber war ......................................................................................................... 39 2.2.5 Insider Threats ................................................................................................. 41 2.2.6 Information warfare ......................................................................................... 42 3. The Practice of Cyber war ................................................................................. 45 3.1 Introduction ............................................................................................................. 45 3.2 Cyber war from 1998-today .................................................................................... 45 3.2.0 Cold war: Pipeline explosion in the Soviet Union ........................................... 45 3.2.1 Moonlight Maze 1998-2000 ............................................................................ 45 3.2.2 Yugoslavian war 1999 ..................................................................................... 45 3.2.3 The Hainan- or EP3-incident 2001 .................................................................. 46 3.2.4 Massive attacks on Western government and industry computers 2000-2011 46 3.2.5 The attack on Estonia in 2007 .......................................................................... 47 3.2.6 The attack on Syria 2007 ................................................................................. 47 3.2.7 The attack on Georgia 2008 ............................................................................. 48 3.2.8 Intrusion of US drones 2009/2011 ................................................................... 48 3.2.9 Attacks in the Ukraine ..................................................................................... 48 Cyber war 27 Sep 2020_English 2 apl. Prof. Dr. Dr. K. Saalbach 3.2.10 North Korea ................................................................................................... 49 3.2.11 Local cyber conflicts ...................................................................................... 50 3.2.12 Cyber warfare against Islamic State (‘IS’)..................................................... 50 3.2.13 Cyber conflicts in 2019/2020 ......................................................................... 53 3.2.14 Impact of Corona Crisis ................................................................................. 54 4. Attribution .......................................................................................................... 55 4.1 Introduction ............................................................................................................. 55 4.2 Cyber-attack attribution .......................................................................................... 55 4.3 Hackers ................................................................................................................... 58 4.4 Cyber War Attribution ............................................................................................ 61 5. Malware and Advanced Persistent Threats ........................................................ 62 5.1 Sophisticated malware ............................................................................................ 62 5.2 Advanced Persistent Threats (APTs) ...................................................................... 64 5.3 United States ........................................................................................................... 68 5.3.1 The Equation group.......................................................................................... 68 5.3.1.1 Detection history - The ‚digital first strike’ .................................................. 68 5.3.1.2 Equation group cyber tools ........................................................................... 72 5.3.1.3 The Shadow Brokers incident ....................................................................... 74 5.3.2 The Longhorn Group/Lamberts/Vault 7 incident ............................................ 77 5.3.3 Sauron/Strider and Slingshot ........................................................................... 79 5.4 Russia ...................................................................................................................... 79 5.4.1 APT28 and APT29 ........................................................................................... 79 5.4.1.1 APT28 (aka Sofacy, Pawn Strom, Csar Team, Sednit, Fancy Bear, Strontium) ................................................................................................................. 79 5.4.1.2 APT29 (aka Cozy Duke/Cozy Bear)............................................................. 80 5.4.1.3 The German Parliament Bundestag hack ...................................................... 81 5.4.1.4 The DNC hack/Attacks on voting systems ................................................... 83 5.4.1.5 The WADA hack .......................................................................................... 84 5.4.1.6 The Macron hacks ........................................................................................