SECOND EDITION Inside Cyber Warfare Jeffrey Carr Beijing • Cambridge • Farnham • Köln • Sebastopol • Tokyo Inside Cyber Warfare, Second Edition by Jeffrey Carr Copyright © 2012 Jeffrey Carr. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (http://my.safaribooksonline.com). For more information, contact our corporate/institutional sales department: (800) 998-9938 or [email protected]. Editor: Mike Loukides Indexer: John Bickelhaupt Production Editor: Jasmine Perez Cover Designer: Karen Montgomery Copyeditor: Marlowe Shaeffer Interior Designer: David Futato Proofreader: Jasmine Perez Illustrator: Robert Romano December 2009: First Edition. December 2011: Second Edition. Revision History for the First Edition: 2011-12-07 First release See http://oreilly.com/catalog/errata.csp?isbn=9781449310042 for release details. Nutshell Handbook, the Nutshell Handbook logo, and the O’Reilly logo are registered trademarks of O’Reilly Media, Inc. Inside Cyber Warfare, the image of light cavalry, and related trade dress are trade- marks of O’Reilly Media, Inc. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and O’Reilly Media, Inc., was aware of a trademark claim, the designations have been printed in caps or initial caps. While every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions, or for damages resulting from the use of the information con- tained herein. ISBN: 978-1-449-31004-2 [LSI] 1323275105 Table of Contents Foreword ................................................................... xi Preface .................................................................... xiii 1. Assessing the Problem ................................................... 1 The Complex Domain of Cyberspace 1 Cyber Warfare in the 20th and 21st Centuries 2 Cyber Espionage 4 Cyber Crime 5 Future Threats 7 Increasing Awareness 7 Critical Infrastructure 8 The Conficker Worm: The Cyber Equivalent of an Extinction Event? 12 Africa: The Future Home of the World’s Largest Botnet? 13 The Way Forward 14 2. The Rise of the Nonstate Hacker .......................................... 15 The StopGeorgia.ru Project Forum 15 Counter-Surveillance Measures in Place 16 The Russian Information War 17 The Foundation for Effective Politics’ War on the Net (Day One) 17 The Gaza Cyber War between Israeli and Arabic Hackers during Operation Cast Lead 19 Impact 19 Overview of Perpetrators 21 Hackers’ Profiles 22 Methods of Attack 27 Israeli Retaliation 28 Control the Voice of the Opposition by Controlling the Content in Cyberspace: Nigeria 29 Are Nonstate Hackers a Protected Asset? 29 iii 3. The Legal Status of Cyber Warfare ........................................ 31 Nuclear Nonproliferation Treaties 32 The Antarctic Treaty System and Space Law 33 UNCLOS 34 MLAT 34 United States Versus Russian Federation: Two Different Approaches 34 The Law of Armed Conflict 35 Is This an Act of Cyber Warfare? 37 South Korea 37 Iran 37 Tatarstan 37 United States 38 Kyrgyzstan 38 Israel and the Palestinian National Authority 38 Zimbabwe 38 Myanmar 39 Cyber: The Chaotic Domain 39 4. Responding to International Cyber Attacks as Acts of War .................... 45 The Legal Dilemma 47 The Road Ahead: A Proposal to Use Active Defenses 48 The Law of War 48 General Prohibition on the Use of Force 49 The First Exception: UN Security Council Actions 49 The Second Exception: Self-Defense 50 A Subset of Self-Defense: Anticipatory Self-Defense 51 An Alternate Basis for Using Active Defenses: Reprisals 52 Nonstate Actors and the Law of War 52 Armed Attacks by Nonstate Actors 53 Duties between States 54 Imputing State Responsibility for Acts by Nonstate Actors 55 Cross-Border Operations 56 Analyzing Cyber Attacks under Jus ad Bellum 57 Cyber Attacks as Armed Attacks 58 Establishing State Responsibility for Cyber Attacks 61 The Duty to Prevent Cyber Attacks 62 Support from International Conventions 63 Support from State Practice 64 Support from the General Principles of Law 66 Support from Judicial Opinions 67 Fully Defining a State’s Duty to Prevent Cyber Attacks 67 Sanctuary States and the Practices That Lead to State Responsibility 68 The Choice to Use Active Defenses 68 iv | Table of Contents Technological Limitations and Jus ad Bellum Analysis 69 Jus in Bello Issues Related to the Use of Active Defenses 71 Conclusion 74 5. The Intelligence Component to Cyber Warfare .............................. 77 The Korean DDoS Attacks (July 2009) 78 The Botnet Versus the Malware 80 The DPRK’s Capabilities in Cyberspace 81 One Year After the RU-GE War, Social Networking Sites Fall to DDoS Attack 83 Ingushetia Conflict, August 2009 85 The Predictive Role of Intelligence 86 6. Nonstate Hackers and the Social Web ..................................... 89 Russia 89 China 90 The Middle East 91 Pakistani Hackers and Facebook 92 The Dark Side of Social Networks 93 The Cognitive Shield 94 TwitterGate: A Real-World Example of a Social Engineering Attack with Dire Consequences 97 Automating the Process 99 Catching More Spies with Robots 99 7. Follow the Money ..................................................... 103 False Identities 103 Components of a Bulletproof Network 105 ICANN 105 The Accredited Registrar 106 The Hosting Company 106 The Bulletproof Network of StopGeorgia.ru 106 StopGeorgia.ru 106 NAUNET.RU 108 SteadyHost.ru 109 Innovation IT Solutions Corp 110 Mirhosting.com 112 SoftLayer Technologies 112 SORM-2 114 The Kremlin and the Russian Internet 115 Nashi 115 The Kremlin Spy for Hire Program 117 Sergei Markov, Estonia, and Nashi 118 Table of Contents | v A Three-Tier Model of Command and Control 119 8. Organized Crime in Cyberspace .......................................... 121 A Subtle Threat 125 Atrivo/Intercage 126 ESTDomains 126 McColo: Bulletproof Hosting for the World’s Largest Botnets 127 Russian Organized Crime and the Kremlin 129 9. Investigating Attribution .............................................. 131 Using Open Source Internet Data 131 Background 134 What Is an Autonomous System Network? 135 Team Cymru and Its Darknet Report 138 Using WHOIS 139 Caveats to Using WHOIS 140 10. Weaponizing Malware ................................................. 141 A New Threat Landscape 141 StopGeorgia.ru Malware Discussions 141 Twitter as DDoS Command Post against Iran 144 Social Engineering 146 Channel Consolidation 148 An Adversary’s Look at LinkedIn 149 BIOS-Based Rootkit Attack 151 Malware for Hire 151 Anti-Virus Software Cannot Protect You 151 Targeted Attacks Against Military Brass and Government Executives 152 11. The Role of Cyber in Military Doctrine .................................... 161 The Russian Federation 161 The Foundation for Effective Politics (FEP) 163 “Wars of the Future Will Be Information Wars” 165 “RF Military Policy in International Information Security” 166 The Art of Misdirection 169 China Military Doctrine 171 Anti-Access Strategies 174 The 36 Stratagems 174 US Military Doctrine 176 12. A Cyber Early Warning Model ........................................... 179 The Challenge We Face 179 Cyber Early Warning Networks 180 vi | Table of Contents Building an Analytical Framework for Cyber Early Warning 180 Cases Studies of Previous Cyber Attacks 183 Lessons Learned 187 Defense Readiness Condition for Cyberspace 188 13. Advice for Policymakers from the Field ................................... 191 When It Comes to Cyber Warfare: Shoot the Hostage 191 The United States Should Use Active Defenses to Defend Its Critical Information Systems 194 Scenarios and Options to Responding to Cyber Attacks 196 Scenario 1 196 Scenario 2 197 Scenario 3 197 Scenario 4 198 In Summary 198 Whole-of-Nation Cyber Security 199 14. Conducting Operations in the Cyber-Space-Time Continuum ................. 203 Anarchist Clusters: Anonymous, LulzSec, and the Anti-Sec Movement 206 Social Networks: The Geopolitical Strategy of Russian Investment in Social Media 206 2005: A Turning Point 209 DST and the Kremlin 210 The Facebook Revolution 211 Globalization: How Huawei Bypassed US Monitoring by Partnering with Symantec 213 15. The Russian Federation: Information Warfare Framework ................... 217 Russia: The Information Security State 217 Russian Government Policy 217 New Laws and Amendments 218 Government Structures 220 Russian Ministry of Defense 222 Administrative Changes 222 Electronic Warfare Troops 222 The Federal Service for Technical and Export Control (FSTEC)— Military Unit (Vch) 96010 224 5th Central Research and Testing Institute of the Russian Defense Ministry (5th TSNIII)—Military Unit (Vch) 33872 225 18th Central Research Institute of the Russian Defense Ministry (18th CRI MOD)—Military Unit (Vch) 11135 228 27th Central Research Institute of the Russian Defense Ministry (27th CRI MOD)—Military Unit (Vch) 01168 228 Table of Contents | vii Internal Security Services: Federal Security Service (FSB), Ministry of Interior (MVD), and Federal Security Organization (FSO) 229 Federal Security Service Information Security Center (FSB ISC)— Military Unit (Vch) 64829 229 Russian Federal Security Service Center for Electronic Surveillance of Communications (FSB TSRRSS)—Military Unit (Vch)
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages316 Page
-
File Size-