Cyber Warfare

Total Page:16

File Type:pdf, Size:1020Kb

Cyber Warfare Downloaded by [University of Defence] at 23:51 30 May 2016 Cyber Warfare This book is a multidisciplinary analysis of cyber warfare, featuring contribu- tions by leading experts from a mixture of academic and professional backgrounds. Cyber warfare, meaning interstate cyber aggression, is an increasingly important emerging phenomenon in international relations, with state- orchestrated (or apparently state- orchestrated) computer network attacks occur- ring in Estonia (2007), Georgia (2008) and Iran (2010). This method of waging warfare – given its potential to, for example, make planes fall from the sky or cause nuclear power plants to melt down – has the capacity to be as devastating as any conventional means of conducting armed conflict. Every state in the world now has a cyber- defence programme and over 120 states also have a cyber- attack programme. While the amount of literature on cyber warfare is growing within disciplines, our understanding of the subject has been limited by a lack of cross- disciplinary engagement. In response, this book, drawn from the fields of computer science, military strategy, international law, political science and military ethics, provides a critical overview of cyber warfare for those approaching the topic from what- ever angle. Chapters consider the emergence of the phenomena of cyber warfare in international affairs; what cyber- attacks are from a technological standpoint; the extent to which cyber- attacks can be attributed to state actors; the strategic value and danger posed by cyber conflict; the legal regulation of cyber- attacks, both as international uses of force and as part of an ongoing armed conflict, and the ethical implications of cyber warfare. Downloaded by [University of Defence] at 23:51 30 May 2016 This book will be of great interest to students of cyber warfare, cyber security, military ethics, international law, security studies and IR in general. James A. Green is Associate Professor of Public International Law at the Uni- versity of Reading. He is author of The International Court of Justice and self- defence in international law (2009), and co- editor of Conflict in the Caucasus: Implications for international order (with C.P.M. Waters, 2010) and Adjudicat- ing international human rights: Essays in honour of Sandy Ghandhi (with C.P.M. Waters, 2015). Routledge Studies in Conflict, Security and Technology Series Editors: Mark Lacy, Dan Prince, Sylvia Walby and Corinne May- Chalal Lancaster University The Routledge Studies in Conflict, Technology and Security series aims to publish challenging studies that map the terrain of technology and security from a range of disciplinary perspectives, offering critical perspectives on the issues that concern publics, business and policymakers in a time of rapid and disruptive technological change. Nonlinear Science and Warfare Chaos, complexity and the U.S. military in the information age Sean T. Lawson Terrorism Online Politics, law, technology Edited by Lee Jarvis, Stuart Macdonald and Thomas M. Chen Cyber Warfare Downloaded by [University of Defence] at 23:51 30 May 2016 A multidisciplinary analysis Edited by James A. Green Cyber Warfare A multidisciplinary analysis Edited by James A. Green Downloaded by [University of Defence] at 23:51 30 May 2016 First published 2015 by Routledge 2 Park Square, Milton Park, Abingdon, Oxon OX14 4RN and by Routledge 711 Third Avenue, New York, NY 10017 Routledge is an imprint of the Taylor & Francis Group, an informa business © 2015 selection and editorial matter James A. Green; individual chapters, the contributors The right of the editor to be identified as the author of the editorial matter, and of the authors for their individual chapters, has been asserted in accordance with sections 77 and 78 of the Copyright, Designs and Patents Act 1988. All rights reserved. No part of this book may be reprinted or reproduced or utilised in any form or by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying and recording, or in any information storage or retrieval system, without permission in writing from the publishers. Trademark notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation without intent to infringe. British Library Cataloguing-in-Publication Data A catalogue record for this book is available from the British Library Library of Congress Cataloging- in-Publication Data Cyber warfare : a multidisciplinary analysis / edited by James A. Green. pages cm. − (Routledge studies in conflict, security and technology) Includes bibliographical references and index. 1. Cyberspace operations (Military science) 2. Just war doctrine. I. Green, James A., 1981- editor of compilation. U163.C936 2015 355.4−dc23 2014043880 ISBN: 978-1-138-79307-1 (hbk) ISBN: 978-1-315-76156-5 (ebk) Downloaded by [University of Defence] at 23:51 30 May 2016 Typeset in Times New Roman by Wearset Ltd, Boldon, Tyne and Wear For my Dad, David Green, whom I love dearly (even if I rarely tell him), on the occasion of his sixtieth birthday. I vividly remember him helping me with a school project on bears by us looking them up together on a Microsoft Encarta CD- ROM, using the family’s first, brand new home computer. We marvelled together – father and son – at how far technology had come; he said something about the future having ‘arrived’ . Downloaded by [University of Defence] at 23:51 30 May 2016 7KLVSDJHLQWHQWLRQDOO\OHIWEODQN Downloaded by [University of Defence] at 23:51 30 May 2016 Contents List of illustrations viii Notes on contributors ix Acknowledgements xii List of abbreviations xiii Introduction 1 JAMES A. GREEN 1 A short history of cyber warfare 7 RICHARD STIENNON 2 Understanding cyber- attacks 33 DUNCAN HODGES AND SADIE CREESE 3 The attribution of cyber warfare 61 NEIL C. ROWE 4 The strategic implications of cyber warfare 73 DANNY STEED 5 The regulation of cyber warfare under the jus ad bellum 96 Downloaded by [University of Defence] at 23:51 30 May 2016 JAMES A. GREEN 6 The regulation of cyber warfare under the jus in bello 125 HEATHER A. HARRISON DINNISS 7 The relevance of the Just War Tradition to cyber warfare 160 DAVID WHETHAM AND GEORGE R. LUCAS, JR Index 174 Illustrations Figures 2.1 A request for a website broken down into the four layers of the Internet Protocol suite (TCP/IP) 37 2.2 A simplified model of attack steps 39 3.1 An example network 66 5.1 The relationship between the concepts of armed attack, force and intervention 111 Tables 2.1 The targetability characteristic 45 2.2 The controllability characteristic 46 2.3 The persistence characteristic 47 2.4 The effect characteristic 49 Downloaded by [University of Defence] at 23:51 30 May 2016 2.5 The covertness characteristic 50 2.6 The mitigatable characteristic 51 Contributors Sadie Creese is Professor of Cybersecurity in the Department of Computer Science at the University of Oxford. She is Director of Oxford’s Cyber Security Centre, Director of the Global Centre for Cyber Security Capacity Building and co- Director of the Institute for the Future of Computing at the Oxford Martin School. Her research experience spans time in academia, industry and government. She is engaged in a broad portfolio of cyber security research spanning situational awareness, visual analytics, risk propa- gation and communication, threat modelling and detection, network defence, dependability and resilience, and formal analysis. She has numerous research collaborations with other disciplines and has been leading interdisciplinary research projects since 2003. Prior to joining Oxford in October 2011 she was Professor and Director of e- Security at the University of Warwick’s Inter- national Digital Laboratory. Professor Creese joined Warwick in 2007 from QinetiQ, where she most recently served as Director of Strategic Programmes for QinetiQ’s Trusted Information Management Division. Heather A. Harrison Dinniss is a Senior Lecturer at the International Law Centre of the Swedish National Defence College. She is the author of Cyber war and the laws of war (Cambridge University Press, 2012). Her research focuses on the impact of modern warfare on international humanitarian law; in particular on cyber warfare, advanced and autonomous weapons systems and the legal aspects of enhancement techniques on members of the armed forces. She has previously taught at the London School of Economics and Political Science (LSE), the School of Oriental and African Studies (SOAS) at the Uni- Downloaded by [University of Defence] at 23:51 30 May 2016 versity of London, and Victoria University of Wellington (NZ). She was awarded her PhD from the LSE in 2009, and is also a graduate of Victoria University of Wellington (NZ), with a Masters of Law (Hons), an LLB, and a BA in Psychology. Heather is also a barrister and solicitor of New Zealand. James A. Green is Associate Professor of Public International Law at the Uni- versity of Reading, where he has been a member of staff since 2006. Previ- ously, he studied for his doctorate at the University of Nottingham and, in 2005, was a visiting research scholar at the University of Michigan. He is the author of The International Court of Justice and Self-defence in International x Contributors Law (Hart Publishing, 2009), which was the winner of the Francis Lieber Prize, awarded by the American Society of International Law’s Lieber Society, as well as the co- editor of Conflict in the Caucasus: Implications for international order (with C.P.M. Waters, Palgrave, 2010). He has published numerous articles on international law in leading journals. Dr Green is co- editor-in-chief of the Journal on the Use of Force and International Law and is a member of the International Law Association Committee on the Use of Force. His next monograph, The Persistent Objector Rule in International Law will be published in 2015 by Oxford University Press.
Recommended publications
  • Should the United States Develop and Employ Strategic Information Warfare Capabilities?
    Should the United States develop and employ strategic information warfare capabilities? Information technologies have transformed U.S. and, indeed, international society. The ways we socialize, educate and inform ourselves, engage in business and practice our religions have been changed, and in many cases now rely, on digital information and communication. Can warfare—the defense and promotion of our national security and interests—be exempt under any circumstances from developing and employing the latest information strategies? Is this even a choice in the 21st century, much less a hard choice? Information warfare has been variously defined by different analysts but a standard general definition, as provided by the U.S. Air Force is “any action to deny, exploit, corrupt, or destroy the enemy’s information and its functions; protecting ourselves against the actions and exploiting our own information operations.” The goal of information war is now frequently described as “information dominance.” (1) Major General Kenneth Minihan, stated, “information dominance is not ‘my pile of information is bigger than yours’…It is a way of increasing our capabilities by using that information to make right decisions, (and) apply them faster than the enemy can. It is a way to alter the enemy’s entire perception of reality. It is a method of using all the information at our disposal to predict (and affect) what happens tomorrow before the enemy even jumps out of bed and thinks about what to do today.” (2) Pro: Information warfare is not a new concept that arose with the Internet. Information has always been a decisive factor in deciding the victory or defeat of one military force over another.
    [Show full text]
  • Unlocking NATO's Amphibious Potential
    November 2020 Perspective EXPERT INSIGHTS ON A TIMELY POLICY ISSUE J.D. WILLIAMS, GENE GERMANOVICH, STEPHEN WEBBER, GABRIELLE TARINI Unlocking NATO’s Amphibious Potential Lessons from the Past, Insights for the Future orth Atlantic Treaty Organization (NATO) members maintain amphibious capabilities that provide versatile and responsive forces for crisis response and national defense. These forces are routinely employed in maritime Nsecurity, noncombatant evacuation operations (NEO), counterterrorism, stability operations, and other missions. In addition to U.S. Marine Corps (USMC) and U.S. Navy forces, the Alliance’s amphibious forces include large ships and associated landing forces from five nations: France, Italy, the Netherlands, Spain, and the United Kingdom (UK). Each of these European allies—soon to be joined by Turkey—can conduct brigade-level operations, and smaller elements typically are held at high readiness for immediate response.1 These forces have been busy. Recent exercises and operations have spanned the littorals of West and North Africa, the Levant, the Gulf of Aden and Arabian Sea, the Caribbean, and the Pacific. Given NATO’s ongoing concerns over Russia’s military posture and malign behavior, allies with amphibious capabilities have also been exploring how these forces could contribute to deterrence or, if needed, be employed as part of a C O R P O R A T I O N combined and joint force in a conflict against a highly some respects, NATO’s ongoing efforts harken back to the capable nation-state. Since 2018, NATO’s headquarters Cold War, when NATO’s amphibious forces routinely exer- and various commands have undertaken initiatives and cised in the Mediterranean and North Atlantic as part of a convened working groups to advance the political intent broader strategy to deter Soviet aggression.
    [Show full text]
  • 2015 Threat Report Provides a Comprehensive Overview of the Cyber Threat Landscape Facing Both Companies and Individuals
    THREAT REPORT 2015 AT A GLANCE 2015 HIGHLIGHTS A few of the major events in 2015 concerning security issues. 08 07/15: Hacking Team 07/15: Bugs prompt 02/15: Europol joint breached, data Ford, Range Rover, 08/15: Google patches op takes down Ramnit released online Prius, Chrysler recalls Android Stagefright botnet flaw 09/15: XcodeGhost 07/15: Android 07/15: FBI Darkode tainted apps prompts Stagefright flaw 08/15: Amazon, ENFORCEMENT bazaar shutdown ATTACKS AppStore cleanup VULNERABILITY reported SECURITYPRODUCT Chrome drop Flash ads TOP MALWARE BREACHING THE MEET THE DUKES FAMILIES WALLED GARDEN The Dukes are a well- 12 18 resourced, highly 20 Njw0rm was the most In late 2015, the Apple App prominent new malware family in 2015. Store saw a string of incidents where dedicated and organized developers had used compromised tools cyberespionage group believed to be to unwittingly create apps with malicious working for the Russian Federation since behavior. The apps were able to bypass at least 2008 to collect intelligence in Njw0rm Apple’s review procedures to gain entry support of foreign and security policy decision-making. Angler into the store, and from there into an ordinary user’s iOS device. Gamarue THE CHAIN OF THE CHAIN OF Dorkbot COMPROMISE COMPROMISE: 23 The Stages 28 The Chain of Compromise Nuclear is a user-centric model that illustrates Kilim how cyber attacks combine different Ippedo techniques and resources to compromise Dridex devices and networks. It is defined by 4 main phases: Inception, Intrusion, WormLink Infection, and Invasion. INCEPTION Redirectors wreak havoc on US, Europe (p.28) INTRUSION AnglerEK dominates Flash (p.29) INFECTION The rise of rypto-ransomware (p.31) THREATS BY REGION Europe was particularly affected by the Angler exploit kit.
    [Show full text]
  • Moonlight Maze,’ Perhaps the Oldest Publicly Acknowledged State Actor, Has Evaded Open Forensic Analysis
    PENQUIN’S MOONLIT MAZE The Dawn of Nation-State Digital Espionage Juan Andres Guerrero-Saade, Costin Raiu (GReAT) Daniel Moore, Thomas Rid (King’s College London) The origins of digital espionage remain hidden in the dark. In most cases, codenames and fragments of stories are all that remains of the ‘prehistoric’ actors that pioneered the now- ubiquitous practice of computer network exploitation. The origins of early operations, tools, and tradecraft are largely unknown: official documents will remain classified for years and decades to come; memories of investigators are eroding as time passes; and often precious forensic evidence is discarded, destroyed, or simply lost as storage devices age. Even ‘Moonlight Maze,’ perhaps the oldest publicly acknowledged state actor, has evaded open forensic analysis. Intrusions began as early as 1996. The early targets: a vast number of US military and government networks, including Wright Patterson and Kelly Air Force Bases, the Army Research Lab, the Naval Sea Systems Command in Indian Head, Maryland, NASA, and the Department of Energy labs. By mid-1998 the FBI and Department of Defense investigators had forensic evidence pointing to Russian ISPs. After a Congressional hearing in late February 1999, news of the FBI’s vast investigation leaked to the public.1 However, little detail ever surfaced regarding the actual means and procedures of this threat actor. Eventually the code name was replaced (with the attackers’ improved intrusion set dubbed Storm Cloud’, and later ‘Makers Mark’) and the original ‘MM’ faded into obscurity without proper technical forensic artefacts to tie these cyberespionage pioneers to the modern menagerie of APT actors we are now all too familiar with.
    [Show full text]
  • Cyber News for Counterintelligence / Information Technology / Security Professionals 13 November 2014
    Cyber News for Counterintelligence / Information Technology / Security Professionals 13 November 2014 Purpose Stuxnet worm entered Iran's nuclear facilities through hacked suppliers Educate recipients of cyber events to aid in protecting Engadget, 13 Nov 2014: You may have heard the common story of how Stuxnet electronically stored DoD, spread: the United States and Israel reportedly developed the worm in the mid- corporate proprietary, and/or Personally Identifiable 2000s to mess with Iran's nuclear program by damaging equipment, and first Information from theft, unleashed it on Iran's Natanz nuclear facility through infected USB drives. It got compromise, espionage out of control, however, and escaped into the wild (that is, the internet) sometime Source later. Relatively straightforward, right? Well, you'll have to toss that version of This publication incorporates open source news articles events aside -- a new book, Countdown to Zero Day, explains that this digital educate readers on security assault played out very differently. Researchers now know that the sabotage- matters in compliance with oriented code first attacked five component vendors that are key to Iran's nuclear USC Title 17, section 107, program, including one that makes the centrifuges Stuxnet was targeting. These Para a. All articles are truncated to avoid the companies were unwitting Trojan horses, security firm Kaspersky Lab says. Once appearance of copyright the malware hit their systems, it was just a matter of time before someone brought infringement compromised data into the Natanz plant (where there's no direct internet access) Publisher and sparked chaos. As you might suspect, there's also evidence that these first * SA Jeanette Greene Albuquerque FBI breaches didn't originate from USB drives.
    [Show full text]
  • Internet Security Threat Report VOLUME 21, APRIL 2016 TABLE of CONTENTS 2016 Internet Security Threat Report 2
    Internet Security Threat Report VOLUME 21, APRIL 2016 TABLE OF CONTENTS 2016 Internet Security Threat Report 2 CONTENTS 4 Introduction 21 Tech Support Scams Go Nuclear, 39 Infographic: A New Zero-Day Vulnerability Spreading Ransomware Discovered Every Week in 2015 5 Executive Summary 22 Malvertising 39 Infographic: A New Zero-Day Vulnerability Discovered Every Week in 2015 8 BIG NUMBERS 23 Cybersecurity Challenges For Website Owners 40 Spear Phishing 10 MOBILE DEVICES & THE 23 Put Your Money Where Your Mouse Is 43 Active Attack Groups in 2015 INTERNET OF THINGS 23 Websites Are Still Vulnerable to Attacks 44 Infographic: Attackers Target Both Large and Small Businesses 10 Smartphones Leading to Malware and Data Breaches and Mobile Devices 23 Moving to Stronger Authentication 45 Profiting from High-Level Corporate Attacks and the Butterfly Effect 10 One Phone Per Person 24 Accelerating to Always-On Encryption 45 Cybersecurity, Cybersabotage, and Coping 11 Cross-Over Threats 24 Reinforced Reassurance with Black Swan Events 11 Android Attacks Become More Stealthy 25 Websites Need to Become Harder to 46 Cybersabotage and 12 How Malicious Video Messages Could Attack the Threat of “Hybrid Warfare” Lead to Stagefright and Stagefright 2.0 25 SSL/TLS and The 46 Small Business and the Dirty Linen Attack Industry’s Response 13 Android Users under Fire with Phishing 47 Industrial Control Systems and Ransomware 25 The Evolution of Encryption Vulnerable to Attacks 13 Apple iOS Users Now More at Risk than 25 Strength in Numbers 47 Obscurity is No Defense
    [Show full text]
  • Appendix A. Navy Activity Descriptions
    Atlantic Fleet Training and Testing Draft EIS/OEIS June 2017 APPENDIX A Navy Activity Descriptions Appendix A Navy Activity Descriptions Atlantic Fleet Training and Testing Draft EIS/OEIS June 2017 This page intentionally left blank. Appendix A Navy Activity Descriptions Atlantic Fleet Training and Testing Draft EIS/OEIS June 2017 Draft Environmental Impact Statement/Overseas Environmental Impact Statement Atlantic Fleet Training and Testing TABLE OF CONTENTS A. NAVY ACTIVITY DESCRIPTIONS ................................................................................................ A-1 A.1 Description of Sonar, Munitions, Targets, and Other Systems Employed in Atlantic Fleet Training and Testing Events .................................................................. A-1 A.1.1 Sonar Systems and Other Acoustic Sources ......................................................... A-1 A.1.2 Munitions .............................................................................................................. A-7 A.1.3 Targets ................................................................................................................ A-11 A.1.4 Defensive Countermeasures ............................................................................... A-13 A.1.5 Mine Warfare Systems ........................................................................................ A-13 A.1.6 Military Expended Materials ............................................................................... A-16 A.2 Training Activities ..................................................................................................
    [Show full text]
  • Cyber-Terrorism
    Cyber-Terrorism: Finding a Common Starting Point By Jeffrey Thomas Biller B.A., March 1998, University of Washington M.H.R., June 2004, University of Oklahoma J.D., May 2007, University of Kansas A Thesis submitted to The Faculty of The George Washington University Law School in partial satisfaction of the requirements for the degree of Master of Laws May 20, 2012 Thesis directed by Gregory E. Maggs Professor of Law, Co-director, National Security and U.S. Foreign Relations Law Program UMI Number: 1515265 All rights reserved INFORMATION TO ALL USERS The quality of this reproduction is dependent on the quality of the copy submitted. In the unlikely event that the author did not send a complete manuscript and there are missing pages, these will be noted. Also, if material had to be removed, a note will indicate the deletion. UMI 1515265 Copyright 2012 by ProQuest LLC. All rights reserved. This edition of the work is protected against unauthorized copying under Title 17, United States Code. ProQuest LLC. 789 East Eisenhower Parkway P.O. Box 1346 Ann Arbor, MI 48106 - 1346 Acknowledgements The author appreciates the generous support of the United States Air Force Jag Corps, for the opportunity to study; Professor Gregory Maggs, for the excellent feedback and guidance; and the author’s family, for the time and occasional solitude to complete this paper. ii Disclaimer Major Jeffrey T. Biller serves in the U.S. Air Force Judge Advocate General’s Corps. This paper was submitted in partial satisfaction of the requirements for the degree of Master of Laws in National Security and Foreign Relations at The George Washington University Law School.
    [Show full text]
  • The Civil War and Early Submarine Warfare, 1863 Introduction
    1 The Civil War and early submarine warfare, 1863 Introduction Civil War combat foreshadowed modern warfare with the introduction of the machine gun, repeater rifles, and trench warfare, and the use of trains to quickly move troops. However, one of the most celebrated tactical innovations of the war was the use of submarines by the Confederate Navy. An early example of this type of naval ingenuity was the CSS Pioneer developed by Horace Lawson Hunley, James McClintock, and Baxter Watson. The Confederates were forced to abandon the Pioneer during testing for fear of capture but she eventually found her way into Union hands, where the submersible was examined and sketched by Ensign David Stauffer of the USS Alexandria. Following the war, the Pioneer was scrapped for metal. Most accounts of actual Civil War submarine combat focus on the sinking of the USS Housatonic by the CSS H. L. Hunley in February 1864, but few mention an earlier but unsuccessful attack by a cigar-shaped vessel, the CSS David, in October 1863. This letter from Union sailor Lewis H. West is a rare eyewitness account of that incident, one of the earliest submarine attacks in naval history. On his first night on board the USS New Ironsides, West experienced the David’s attack. Stealthily cutting through Charleston Bay almost entirely submerged, the David crew attempted to explode a torpedo (what we now refer to as a mine) and in the process nearly destroyed their own vessel. According to West, the “nondescript craft” barely damaged the New Ironsides, and divers found “that not a plate or bolt is started.” The CSS David survived the explosion and the small-arms fire that raked the hull.
    [Show full text]
  • The Importance of the War at Sea During WWI
    The Importance of The War At Sea During WWI By: Taylor Pressdee, Anna Ward, Nathan Urquidi What Was the Impact of ‘The War at Sea’? ● Opened a new kind of warfare: Submarine Warfare ● Involved civilians as well as sailors and soldiers ● One of the major reasons that the United States joined the Allies ● Influenced major events during the war: Battle of Jutland, the naval blockade, submarine warfare and the sinking of the Lusitania Who Was Affected By The War at Sea? ● “Total War” ● War At Sea affected civilians as well as soldiers ● Ship Liners, and Coastal cities were in danger of attack ● Starvation was prevalent in specifically Germany because supply ships were being sunk Timeline May 31st 1916 September 1915 Battle of Jutland Germans stop using U-boats February 1st 1916 Germans begin using U-boats again May 7th 1916 Lusitania Sinks Battle of Jutland Battle of Jutland ● Fought on May 31st 1916 ● Only major battle fought at sea ● Fought by the Jutland Peninsula between England and Germany ● Two Admirals in charge of both fleets: Vice Admiral Reinhard Scheer (Left) and Admiral Sir John Jellicoe (Right) The Battle ● British forces intercepted a German message containing a plan to attack them on May 28th ● However, Admiral Scheer postponed the attack due to bad weather ○ Attempted to plan another attack down by the Jutland Peninsula, however Britain intercepted this plan as well ● Vice Admiral Jellicoe moved his fleet down to the Jutland Peninsula, awaiting the attack Aftermath of the Battle ● The British suffered losses, but not nearly
    [Show full text]
  • View Final Report (PDF)
    TABLE OF CONTENTS TABLE OF CONTENTS I EXECUTIVE SUMMARY III INTRODUCTION 1 GENESIS OF THE PROJECT 1 RESEARCH QUESTIONS 1 INDUSTRY SITUATION 2 METHODOLOGY 3 GENERAL COMMENTS ON INTERVIEWS 5 APT1 (CHINA) 6 SUMMARY 7 THE GROUP 7 TIMELINE 7 TYPOLOGY OF ATTACKS 9 DISCLOSURE EVENTS 9 APT10 (CHINA) 13 INTRODUCTION 14 THE GROUP 14 TIMELINE 15 TYPOLOGY OF ATTACKS 16 DISCLOSURE EVENTS 18 COBALT (CRIMINAL GROUP) 22 INTRODUCTION 23 THE GROUP 23 TIMELINE 25 TYPOLOGY OF ATTACKS 27 DISCLOSURE EVENTS 30 APT33 (IRAN) 33 INTRODUCTION 34 THE GROUP 34 TIMELINE 35 TYPOLOGY OF ATTACKS 37 DISCLOSURE EVENTS 38 APT34 (IRAN) 41 INTRODUCTION 42 THE GROUP 42 SIPA Capstone 2020 i The Impact of Information Disclosures on APT Operations TIMELINE 43 TYPOLOGY OF ATTACKS 44 DISCLOSURE EVENTS 48 APT38 (NORTH KOREA) 52 INTRODUCTION 53 THE GROUP 53 TIMELINE 55 TYPOLOGY OF ATTACKS 59 DISCLOSURE EVENTS 61 APT28 (RUSSIA) 65 INTRODUCTION 66 THE GROUP 66 TIMELINE 66 TYPOLOGY OF ATTACKS 69 DISCLOSURE EVENTS 71 APT29 (RUSSIA) 74 INTRODUCTION 75 THE GROUP 75 TIMELINE 76 TYPOLOGY OF ATTACKS 79 DISCLOSURE EVENTS 81 COMPARISON AND ANALYSIS 84 DIFFERENCES BETWEEN ACTOR RESPONSE 84 CONTRIBUTING FACTORS TO SIMILARITIES AND DIFFERENCES 86 MEASURING THE SUCCESS OF DISCLOSURES 90 IMPLICATIONS OF OUR RESEARCH 92 FOR PERSISTENT ENGAGEMENT AND FORWARD DEFENSE 92 FOR PRIVATE CYBERSECURITY VENDORS 96 FOR THE FINANCIAL SECTOR 96 ROOM FOR FURTHER RESEARCH 97 ACKNOWLEDGEMENTS 98 ABOUT THE TEAM 99 SIPA Capstone 2020 ii The Impact of Information Disclosures on APT Operations EXECUTIVE SUMMARY This project was completed to fulfill the including the scope of the disclosure and capstone requirement for Columbia Uni- the disclosing actor.
    [Show full text]
  • A Retrospective on the So-Called Revolution in Military Affairs, 2000-2020
    SECURITY, STRATEGY, AND ORDER A RETROSPECTIVE ON THE SO-CALLED REVOLUTION IN MILITARY AFFAIRS, 2000-2020 MICHAEL O’HANLON A RESTROSPECTIVE ON THE SO-CALLED REVOLUTION IN MILITARY AFFAIRS, 2000-2020 MICHAEL O’HANLON EXECUTIVE SUMMARY1 This paper revisits the debate that raged in American defense circles in the 1990s over whether a revolution in military affairs was imminent in the early parts of the 21st century. It also seeks to establish a benchmark, and reaffirm as well as refine a methodology, for forecasting future changes in military-related technologies by examining what has transpired in the first two decades of the 21st century. Taking this approach helps improve and validate the methodology that is employed in my forthcoming book, The Senkaku Paradox: Risking Great Power War Over Small Stakes (2019). A subsequent paper seeks to extrapolate a similar analysis out to 2040, gauging the potential for major breakthroughs in military technology and associated operational concepts over the next two decades. Such analysis is of critical importance for evaluating American and allied military and strategic options relevant to great-power war and deterrence in the years ahead. The paper’s category-by-category examination of military technology mirrors the approach that I employed in a book published in 2000, Technological Change and the Future of Warfare (though it really should have been entitled, The So-Called Revolution in Military Affairs, because I was largely challenging the then-popular notion that a military revolution of historic importance was afoot). Much of the research foundation of that book was the study of a list of 29 different types of technologies in an attempt to gauge which might undergo revolutionary change by 2020.
    [Show full text]