DOCSLIB.ORG

Weaponized Malware, Physical Damage, Zero Casualties – What Informal Norms Are Emerging in Targeted State Sponsored Cyber-Attacks?

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Weaponized Malware, Physical Damage, Zero Casualties – What Informal Norms Are Emerging in Targeted State Sponsored Cyber-Attacks? Weaponized malware, physical damage, zero casualties – what informal norms are emerging in targeted state sponsored cyber-attacks? The dynamics beyond causation: an interpretivist-constructivist analysis of the US media discourse regarding offensive cyber operations and cyber weapons between 2010 and 2020 Margarita Sallinen Thesis, 30 ECTS (hp) War Studies Master’s Programme in Politics and War Autumn 2020 Supervisor: Jenny Hedström Word count: 17968 1 Abstract In 2010, the discovery of the malicious computer worm Stuxnet shocked the world by its sophistication and unpredictability. Stuxnet was deemed as the world’s first cyber weapon and started discussions concerning offensive cyber operations – often called “cyber warfare” – globally. Due to Stuxnet, rapid digitalisation and evolving technology, it became vital for decision makers in the US to consider formal norms such as laws, agreements, and policy decisions regarding cyber security. Yet, to obtain a holistic understanding of cyber security, this thesis uses constructivism as its theoretical framework to understand changing informal norms and social factors including the ideas and morals of the US society regarding offensive cyber operations. This thesis critically analyses the discourse of three of the largest US newspapers by circulation: the New York Times, the Washington Post and The Wall Street Journal. A significant shift was discovered in the US media’s publications and in informal norms regarding offensive cyber operations and the use of cyber weapons in just one decade, by comparing the discourses relating to Stuxnet in 2010 and the US presidential election in 2020. This thesis concludes that it is equally important to consider ideas and morals when researching a technical field such as cyber security by arguing that informal norms guide the choices actors make when developing formal norms at the international level. The findings of this thesis are intended to provoke a normative, urgent, and focused discussion about cyber security. The findings are also intended to shift attention to how language is used in discussions about the cyber sphere, offensive cyber operations and cyber weapons as components of the traditional battlefield. Key words: constructivism, critical discourse analysis, cyber operations, cyber security, cyber warfare, cyber weapons, interpretivism, informal norms, media, war studies 2 Acknowledgements I wish to extend my deepest gratitude to my supervisor Dr. Jenny Hedström for her helpful contributions and guidance throughout the writing process. I would also like to express my sincerest gratitude to Assistant Professor of War Studies Kristin Ljungkvist and Associate Professor Ilmari Käihkö for their helpful advice and practical suggestions. I wish to also gratefully acknowledge the help I received from Dr. Lars Nicander, the head of Center for Asymmetric Threat Studies (CATS) at the Swedish Defence University, for his constructive criticism, encouragement and invaluable insight into cyber security. I am also very grateful to my mother Larisa Sallinen for giving me the opportunity to study this master’s degree. Lastly, I want to thank my loving fiancé Michael Daw for his profound belief in my work and who supported me throughout this entire process. 3 Table of Contents 1 Introduction ...................................................................................................................... 6 1.1 Key words .................................................................................................................... 8 1.2 Research question and aim ........................................................................................ 11 1.3 Limitations of the study ............................................................................................. 13 1.4 Disposition ................................................................................................................. 14 2 Previous research ........................................................................................................... 15 2.1 Technical discourse ................................................................................................... 15 2.2 Cybercrime and cyber espionage ............................................................................... 15 2.3 National security and critical infrastructure protection ............................................. 16 2.3.1 Cyber war is real ................................................................................................ 16 2.3.2 Cyber war is a metaphor ..................................................................................... 18 2.4 Guidelines .................................................................................................................. 20 2.5 Summary previous research ....................................................................................... 21 3 Theory ............................................................................................................................. 23 3.1 Constructivism ........................................................................................................... 23 3.2 Five key features of constructivism ........................................................................... 24 4 Methodology ................................................................................................................... 25 4.1 Interpretivism ............................................................................................................. 25 4.2 Method ....................................................................................................................... 26 4.2.1 Critical discourse analysis .................................................................................. 26 4.2.2 Choice of material .............................................................................................. 27 4.2.3 Newspaper articles ............................................................................................. 28 4.2.4 Data collection .................................................................................................... 29 4.3 Reflexivity ................................................................................................................. 33 5 Empirics .......................................................................................................................... 34 5.1 News articles 2010 ..................................................................................................... 34 5.2 News articles 2020 ..................................................................................................... 35 5.3 Authors of the news articles ...................................................................................... 36 6 Analysis and results ........................................................................................................ 37 6.1 Ideas ........................................................................................................................... 37 6.1.1 Cyber warfare ..................................................................................................... 37 6.1.2 Cyber weapons ................................................................................................... 40 6.1.3 Objectives ........................................................................................................... 42 6.1.4 Future predictions ............................................................................................... 43 6.2 Morals ........................................................................................................................ 46 4 6.2.1 Actors – the Self and Others .............................................................................. 46 6.2.2 Retaliation .......................................................................................................... 49 6.3 What is not said? ........................................................................................................ 50 7 Conclusions ..................................................................................................................... 51 8 Discussion ........................................................................................................................ 53 9 Future research .............................................................................................................. 56 References ................................................................................................................................ 57 5 1 Introduction In 2010, Iran’s uranium enrichment facility at Natanz suffered from malfunctions that caused hundreds of the centrifuges to spin and burn out. The controls failed to signal to the scientists of the substantial damage sustained by the centrifuges. The damage inflicted was caused by one of the most prominent malwares known at the time called Stuxnet – a targeted weaponized malicious software. While the incident resulted in no casualties, Stuxnet inflicted significant physical damage to Iran’s nuclear facility and its nuclear program (Dunn-Cavelty, 2019, p. 420). It was concluded that the cyber-attack was state-sponsored due to the sophistication and aggressiveness of Stuxnet. However, no official statement has ever been made and it seems plausible that the state(s) involved in this attack was either the US or Israel, or both (Lindsay, 2013, pp. 365-366). The sophistication
Load more

Recommended publications
  • On Strategy: a Primer Edited by Nathan K. Finney
    Cover design by Dale E. Cordes, Army University Press On Strategy: A Primer Edited by Nathan K. Finney Combat Studies Institute Press Fort Leavenworth, Kansas An imprint of The Army University Press Library of Congress Cataloging-in-Publication Data Names: Finney, Nathan K., editor. | U.S. Army Combined Arms Cen- ter, issuing body. Title: On strategy : a primer / edited by Nathan K. Finney. Other titles: On strategy (U.S. Army Combined Arms Center) Description: Fort Leavenworth, Kansas : Combat Studies Institute Press, US Army Combined Arms Center, 2020. | “An imprint of The Army University Press.” | Includes bibliographical references. Identifiers: LCCN 2020020512 (print) | LCCN 2020020513 (ebook) | ISBN 9781940804811 (paperback) | ISBN 9781940804811 (Adobe PDF) Subjects: LCSH: Strategy. | Strategy--History. Classification: LCC U162 .O5 2020 (print) | LCC U162 (ebook) | DDC 355.02--dc23 | SUDOC D 110.2:ST 8. LC record available at https://lccn.loc.gov/2020020512. LC ebook record available at https://lccn.loc.gov/2020020513. 2020 Combat Studies Institute Press publications cover a wide variety of military topics. The views ex- pressed in this CSI Press publication are those of the author(s) and not necessarily those of the Depart- ment of the Army or the Department of Defense. A full list of digital CSI Press publications is available at https://www.armyu- press.army.mil/Books/combat-studies-institute. The seal of the Combat Studies Institute authenticates this document as an of- ficial publication of the CSI Press. It is prohibited to use the CSI’s official seal on any republication without the express written permission of the director. Editors Diane R.
    [Show full text]
  • Mcafee Potentially Unwanted Programs (PUP) Policy March, 2018
    POLICY McAfee Potentially Unwanted Programs (PUP) Policy March, 2018 McAfee recognizes that legitimate technologies such as commercial, shareware, freeware, or open source products may provide a value or benefit to a user. However, if these technologies also pose a risk to the user or their system, then users should consent to the behaviors exhibited by the software, understand the risks, and have adequate control over the technology. McAfee refers to technologies with these characteristics as “potentially unwanted program(s),” or “PUP(s).” The McAfee® PUP detection policy is based on the process includes assessing the risks to privacy, security, premise that users should understand what is being performance, and stability associated with the following: installed on their systems and be notified when a ■ Distribution: how users obtain the software including technology poses a risk to their system or privacy. advertisements, interstitials, landing-pages, linking, PUP detection and removal is intended to provide and bundling notification to our users when a software program or technology lacks sufficient notification or control over ■ Installation: whether the user can make an informed the software or fails to adequately gain user consent to decision about the software installation or add- the risks posed by the technology. McAfee Labs is the ons and can adequately back out of any undesired McAfee team responsible for researching and analyzing installations technologies for PUP characteristics. ■ Run-Time Behaviors: the behaviors exhibited by the technology including advertisements, deception, and McAfee Labs evaluates technologies to assess any impacts to privacy and security risks exhibited by the technology against the degree of user notification and control over the technology.
    [Show full text]
  • The Citadel, MA in Military History, CAAL, 05/15/2018 – Page 1 CAAL 05/15/2018 Agenda Item 5K
    CAAL 05/15/2018 Agenda Item 5k New Program Proposal Master of Arts in Military History The Citadel Executive Summary The Citadel requests approval to offer a program leading to the Master of Arts in Military History, to be implemented in Fall 2019. The proposed program is to be offered through online instruction. The chart below outlines the stages of approval for the proposed program. The Advisory Committee on Academic Programs (ACAP) voted to recommend approval of the proposal. The full program proposal is attached. Stages of Date Comments Consideration Program Proposal 2/1/18 Not Applicable Received ACAP Consideration 3/29/18 The Citadel representatives discussed the need for the program, explaining that the program is combined with leadership theory and targets military officers. The College of Charleston representative noted The Citadel and the College of Charleston offer a joint master’s degree in History and the proposed program is separate from that program. Members also commented on the financial support chart and inquired whether it accurately presents the costs and sources of financing of the program. The Citadel representative agreed to revise the chart. Following remaining discussion about the proposal, ACAP members voted to recommend the program proposal. Staff transmitted remaining questions for additional clarity. Comments, questions, 4/3/18 Staff requested revisions to address the following questions as and suggestions from discussed at ACAP or transmitted afterward: CHE staff sent to the • Explain why CIP Code 290201
    [Show full text]
  • The Strange Death of the Counter-Insurgency Era
    2 April 2015 The Strange Death of the Counter-insurgency Era What lessons can we learn from the counter-insurgency era that spanned the US-led interventions in Afghanistan and Iraq? As M L R Smith and D M Jones see it, COIN was more of a narrative than an empirical concept, it concealed ideologically-tainted modernization projects that worked at cross purposes with actual needs, and much more. By MLR Smith and David Martin Jones for ISN The notion of counter-insurgency is an elusive idea that in general terms simply denotes the attempt to confront a challenge to established authority, but which came to function as a synonym for long-term external armed interventions by Western states, most notably in Iraq and Afghanistan. In the mid-2000s, ‘COIN’ was elevated to a position of explicit importance in defence thinking and became a source of endless fascination in analytical circles. The ‘classical’ thinkers of counter-insurgency were resurrected from a largely forgotten past and became an object of reverence. COIN became the defining military practice of the age. Since 2011 Western forces have been withdrawn from major theatres of operation. In 2014 Western nations ended their major combat roles in Afghanistan. Once heralded as an almost universal formula for success in complex interventions, the costs, consequences, and controversies associated with the counter-insurgency era have left an ambiguous and unfulfilled legacy. Analytical opinion has already moved on. The occupations of Iraq and Afghanistan that once loomed large in political life have already begun to fade from view, displaced by new and different crises on the world stage.
    [Show full text]
  • Trojans and Malware on the Internet an Update
    Attitude Adjustment: Trojans and Malware on the Internet An Update Sarah Gordon and David Chess IBM Thomas J. Watson Research Center Yorktown Heights, NY Abstract This paper continues our examination of Trojan horses on the Internet; their prevalence, technical structure and impact. It explores the type and scope of threats encountered on the Internet - throughout history until today. It examines user attitudes and considers ways in which those attitudes can actively affect your organization’s vulnerability to Trojanizations of various types. It discusses the status of hostile active content on the Internet, including threats from Java and ActiveX, and re-examines the impact of these types of threats to Internet users in the real world. Observations related to the role of the antivirus industry in solving the problem are considered. Throughout the paper, technical and policy based strategies for minimizing the risk of damage from various types of Trojan horses on the Internet are presented This paper represents an update and summary of our research from Where There's Smoke There's Mirrors: The Truth About Trojan Horses on the Internet, presented at the Eighth International Virus Bulletin Conference in Munich Germany, October 1998, and Attitude Adjustment: Trojans and Malware on the Internet, presented at the European Institute for Computer Antivirus Research in Aalborg, Denmark, March 1999. Significant portions of those works are included here in original form. Descriptors: fidonet, internet, password stealing trojan, trojanized system, trojanized application, user behavior, java, activex, security policy, trojan horse, computer virus Attitude Adjustment: Trojans and Malware on the Internet Trojans On the Internet… Ever since the city of Troy was sacked by way of the apparently innocuous but ultimately deadly Trojan horse, the term has been used to talk about something that appears to be beneficial, but which hides an attack within.
    [Show full text]
  • War Studies Course Guide 2014/5
    FACULTY OF SOCIAL SCIENCES BA(Hons) WAR STUDIES COURSE GUIDE 2014/5 1 About this guide Welcome Course Management and Staff Involved with the Course Student Voice Student Charter Engagement The Wolverhampton Graduate About the Course Contact Hours External Examiners Academic Regulations Course information Academic Misconduct Anonymous Marking Support for Students Course Structure University Academic Calendar Timetables Where to Get Help with your Course Extensions, Extenuating Circumstances and Leave of Absence Health and Safety Issues Health and Wellbeing whilst using your computer Progression for Further Study Alumni 2 About this guide This Course Guide has been designed to help you plan your course. You are encouraged to read this Guide through now. It will be a considerable advantage to you to be familiar from the outset with the various aspects of your studies that are described. It may be that the relevance of some of the sections will not be immediately obvious. Keep it somewhere accessible, so that you can refer to it as needed. Obviously even in a document like this we have not covered every query and problem that you might have about the course. The Course Guide should be read in conjunction with the Undergraduate Student Guide / Postgraduate Student Guide; the Student Charter; the University’s Policies and Regulations and the University Assessment Handbook documents should provide you with all the basic information that we think you will need for your period of study here. If you find that there is something you need to know, please contact your Academic Faculty Office or local Student Centre on the details included below.
    [Show full text]
  • Master of Arts in Military History Commanding Officer Or Employer Will Be Accepted
    a former professor. A recommendation from a Master of Arts in Military History commanding officer or employer will be accepted. The letter should be as specific as possible in analyzing the Department of History applicant’s writing, research, and analytical skills and 843-953-5073 potential for success in the program. 5. Resume or C.V. www.citadel.edu/military-history Program Requirements Dr. David Preston Program Director In consultation with an advisor, each degree candidate will [email protected] develop a course of study, define a particular track for completion of the Capstone Experience, and establish a potential field or topic Mission Statement of interest if the student is writing a master’s thesis. Students pursuing a master’s thesis are encouraged to begin research and The Citadel’s Online Master of Arts in Military History discussion with their advisor at an early date. provides advanced historical study of the theory and practice of warfare, the institutions and operations of military forces, and GRADUATION REQUIREMENTS (non-credit bearing) the impact of militaries and warfare on societies. The degree • Darkness to Light Training equips graduates with a holistic understanding of the history • The Citadel Principled Leadership Seminar – LDRS 500 and evolution of warfare—from the strategic to the operational and tactical levels. The Citadel’s History Department and The distribution of course requirements follows affiliated fellows bring together award-winning and this general scheme: experienced scholars in the fields of war studies and military • Introduction to Military History (2 courses/6 hours) history. The M.A. in Military History advances The Citadel’s • Foundations in Military History (3 courses/9 hours) central institutional mission of educating and commissioning • Conflict Studies (2 courses/6 hours) officers into the United States Armed Forces.
    [Show full text]
  • The Ethics of Cyberwarfare Randall R
    This article was downloaded by: [University of Pennsylvania] On: 28 February 2013, At: 08:22 Publisher: Routledge Informa Ltd Registered in England and Wales Registered Number: 1072954 Registered office: Mortimer House, 37-41 Mortimer Street, London W1T 3JH, UK Journal of Military Ethics Publication details, including instructions for authors and subscription information: http://www.tandfonline.com/loi/smil20 The Ethics of Cyberwarfare Randall R. Dipert a a SUNY (State University of New York) at Buffalo, NY, USA Version of record first published: 16 Dec 2010. To cite this article: Randall R. Dipert (2010): The Ethics of Cyberwarfare, Journal of Military Ethics, 9:4, 384-410 To link to this article: http://dx.doi.org/10.1080/15027570.2010.536404 PLEASE SCROLL DOWN FOR ARTICLE Full terms and conditions of use: http://www.tandfonline.com/page/terms-and- conditions This article may be used for research, teaching, and private study purposes. Any substantial or systematic reproduction, redistribution, reselling, loan, sub-licensing, systematic supply, or distribution in any form to anyone is expressly forbidden. The publisher does not give any warranty express or implied or make any representation that the contents will be complete or accurate or up to date. The accuracy of any instructions, formulae, and drug doses should be independently verified with primary sources. The publisher shall not be liable for any loss, actions, claims, proceedings, demand, or costs or damages whatsoever or howsoever caused arising directly or indirectly in connection with or arising out of the use of this material. Journal of Military Ethics, Vol. 9, No. 4, 384Á410, 2010 The Ethics of Cyberwarfare RANDALL R.
    [Show full text]
  • (Malicious Software) Installed on Your Computer Without Your Consent to Monitor Or Control Your Computer Use
    Spyware is a type of malware (malicious software) installed on your computer without your consent to monitor or control your computer use. Clues that spyware is on a computer may include a barrage of pop-ups, a browser that takes you to sites you don't want, unexpected toolbars or icons on your computer screen, keys that don't work, random error messages, and sluggish performance when opening programs or saving files. In some cases, there may be no symptoms at all. While the term spyware suggests that software that secretly monitors the user's computing, the functions of spyware extend well beyond simple monitoring. Spyware programs can: Collect information stored on the computer or attached network drives, Collect various types of personal information, such as Internet surfing habits, sites that have been visited Collect user names and passwords stored on your computer as well as those entered from the keyboard. Interfere with user control of the computer Install additional software on the computer Redirect Web browser activity. Change computer settings, resulting in slow connection speeds, different home pages, and/or loss of Internet or functionality of other programs. The best defense against spyware and other unwanted software is not to download it in the first place. Here are a few helpful tips that can protect you from downloading software you don't want: Update your operating system and Web browser software, and set your browser security high enough to detect unauthorized downloads. Use anti-virus and anti-spyware, as well as a firewall software, and update them all regularly.
    [Show full text]
  • Power, Profit, Or Prudence? US Arms Sales Since 9/11 A
    STRATEGIC STUDIES QUARTERLY - PERSPECTIVE Power, Profit, or Prudence? US Arms Sales since 9/11 A. TREVOR THRALL JORDAN COHEN CAROLINE DORMINEY Abstract By law and executive branch policy, every decision to sell American weapons abroad must reflect an assessment of strategic interests, economic considerations, and risk. Little work, however, has been done to determine how much relative influence each of these factors has on such decisions. This article evaluates arms sales in the post-9/11 era and finds evidence that strategic interests and economic considerations significantly impact arms sales but no evidence that risk assessment does so. It concludes with suggestions about how to better incorporate risk assessment by making the cost/benefit trade- offs more explicit in the arms sales decision process.* ***** rom 2002 through 2018 the United States sold over $200 billion in major conventional weapons to 169 countries. Thirty-one of those countries purchased at least $1 billion in arms.1 By 2018 the United FStates extended its dominance as the leading exporter of weapons with a 36 percent share of the global market compared to 21 percent for Russia and 6.8 percent for France, the second- and third- ranked exporters.2 Previous research into US arms sales finds that they are driven mainly by strategic and economic factors.3 The conventional view among inter- national relations scholars is that strategic considerations loom largest. Writing about American decisions whether to provide alliance commit- ments or arms sales to client states, for example, Keren Yahri-Milo, Alex- ander Lanoszka, and Zack Cooper argue that “U.S.
    [Show full text]
  • Lesson 6: Hacking Malware
    LESSON 6 HACKING MALWARE Lesson 6: Malware WARNING The Hacker Highschool Project is a learning tool and as with any learning tool there are dangers. Some lessons if abused may result in physical injury. Some additional dangers may also exist where there is not enough research on possible effects of emanations from particular technologies. Students using these lessons should be supervised yet encouraged to learn, try, and do. However ISECOM cannot accept responsibility for how any information herein is abused. The following lessons and workbooks are open and publicly available under the following terms and conditions of ISECOM: All works in the Hacker Highschool Project are provided for non-commercial use with elementary school students, junior high school students, and high school students whether in a public institution, private institution, or a part of home-schooling. These materials may not be reproduced for sale in any form. The provision of any class, course, training, or camp with these materials for which a fee is charged is expressly forbidden without a license including college classes, university classes, trade-school classes, summer or computer camps, and similar. To purchase a license, visit the LICENSE section of the HHS web page at http://www.hackerhighschool.org/licensing.html. The HHS Project is an open community effort and if you find value in this project we ask that you support us through the purchase of a license, a donation, or sponsorship. 2 Lesson 6: Malware Table of Contents WARNING....................................................................................................................................................2
    [Show full text]
  • Detecting Malware in TLS Traffic
    IMPERIAL COLLEGE LONDON DEPARTMENT OF COMPUTING Detecting Malware in TLS Traffic Project Report Supervisor: Author: Sergio Maffeis Olivier Roques Co-Supervisor: Marco Cova Submitted in partial fulfillment of the requirements for the MSc degree in Computing Science / Security and Reliability of Imperial College London September 2019 Abstract The use of encryption on the Internet has spread rapidly these last years, a trend encouraged by the growing concerns about online privacy. TLS (Transport Layer Security), the standard protocol for packet encryption, is now implemented by every major websites to protect users’ messages, transactions and credentials. However cybercriminals have started to incorporate TLS into their activities. An increasing number of malware leverage TLS encryption to hide their communications and to exfiltrate data to their command server, effectively bypassing traditional detection platforms. The goal of this project is to design and implement an effective alternative to the unpractical method of decrypting TLS packets’ payload before looking for signs of malware activity. This work presents a highly accurate supervised classifier that can detect malicious TLS flows in a company’s network traffic based on a set of features related to TLS, certificates and flow metadata. The classifier was trained on curated datasets of benign and malware observations, which were extracted from capture files thanks to a set of tools specially developed for this purpose. We detail in this report the complete development process, from data collection and feature extraction to model selection and performance analysis. ii Acknowledgments I would like to particularly thank Marco Cova and Sergio Maffeis, my project su- pervisors, for their valuable and continuous suggestions and for their constructive feedbacks on this project.
    [Show full text]