Module 1 & 2 Flashcards
Guiding military principle of cyber warfare
Ultimate goal of an offensive doctrine is the planning of and subsequent execution of an effective cyber “ first strike” against the enemy.
US Cyber Attacks
First Gulf War US eliminated Iraq’s ability to communicate. Sig. Due to other nation’s notice.
Cyber warfare motivations
Political Social Financial / economic Religious Act of self-preservation
4 roles of IT systems in cyber warfare
Medium
Source of information
Target of an attack
Source of an attack
IT systems as the medium
Disseminate information used in attacks and terrorist activities (kinetic or cyber)
Provide training
Tools (emails, forums, social networking)
IT systems as source of info
Steal sensitive information
Perform reconnaissance (cyber profiling)
Witness to an attack (logs)
Open source intelligence (osint)
IT Systems as target
Steal sensitive info (financial, trade secrets, government info, military info)
Attack other systems to disrupt communication
Take systems offline
Cyber vandalism / web site defacement
IT systems as attack source
Direct attacks from criminals
Bot nets
Infected websites used to drop payloads
Drive behind Russian programs
Response to an aggressive development of a US information warfare program.
Russia: Prior to “information strike” the following should occur:
Targets should be ID’d
Enemy access to external info should be denied
Credit and monetary circulation should be disrupted
Populace subjected to psychological operation – incl disinformation and propaganda
Russia: Doctrine of Information Security
09/2000
Objectives:
Protect strategically important info
Protect against deleterious foreign information
Inculcate in the people patriotism and values
First authoritative summary of Russia’s view on information security in the public, government, and military sectors and plan for future development.
Russia: Military doctrine
July 2000
Vladimir Putin
Discussed hostile information operations conducted through either technological or psychological means.
China attack 1998
3000 hackers
China Hacker Emergency Meeting Center
Against Indonesia government websites
Outrage at anti-Chinese riots in Indonesia
China attack - 1999
Chinese Red Hacker Alliance
NATO jet accidentally bombed Chinese embassy in Belgrade, Yugoslavia
Against US government websites
China - 2001
Chinese fighter jet collided with US military aircraft over South China Sea
80000 hackers
Self-defense cyber war against US aggression
Presidential Edict 1477
2 new defense ministries for automatic control systems and telecom and IT
Electronic Warfare Troops (first publicly announced); training from 2001
November 2007
Russia: capabilities housed under:
Federal Security Service (FSB)
Federal Guard Service
General Staff
Russia: infrastructure
Russia Institute for Public Networks (primary org responsible for iverseeing Internet development)
Rostelecom (nationally owned telecom)
Laws have been implemented to mandate I’d numbers for Internet registration. Require that operators provide authorities with registration and other data needed for an investigation. Laws prohibit operators from releasing data to an authority of a foreign state, person, or entity of a foreign state.
Public authorities, enterprises, institutions, and organizations required to provide assistance to FSB in carrying out their assigned duties.
2nd Russian-Chechen War
Sig: cyber attacks follow kinetic warfare (coordinated), cyber used to shape public opinion
When: 1997-2001 (battles 1999-2000)
What: www.kavkaz.org, www.chechenpress.com
After Moscow theater incident
Source: Russian Federal Security Service
Russian-Georgia War
August 2008
Sig: first synchronized cyber and kinetic attacks; same tools and commands as Russian business network
Target: communications systems, Georgia government, British and American embassies
Weapons: DDoS, SQL injection, xss
Source: Russian and Lithuanian and us ip (preattck stage)
Estonian Cyber Attacks
When: week of April 27, 2007
Why: Relocation of soviet statue: The Bronze Soldier of Tallinn
Target: financial, media, and government systems
PING floods from bonnets
Source: Russian Youth Groups (Nashi)
Russian Attacks Against US Targets
Illinois water control system
Traced to Russian computer
Was it proxied?
Russian Business Network:
Real Host, Ltd. out of Latvia
Physically in St. Petersburg, Russia
Originally ISP for illicit activities
2007 marketing techniques to provide method for organized crime to target victims internationally
Employs full-time people to develop zero day exploits and attack targets
Mack (PHP malware kit)
Storm bonnet
Shut Down in 2008
Russian Youth Groups:
Nashi (100k-120k members)
Attacked Kommersant Business Daily in 2008
Siege of Estonian embassy website in 2007
Anonymous published emails linking Nashi with Federal Agency for Youth Affairs
Eurasian Youth Movement
Attacked website of Ukranian president Viktor Yushchenko in 2007
Project Blitzkrieg
Threat of cyber attacks on 30 US financial institutions spring of 2013
International Code of Conduct
2012 - International Conference on Cyberspace, Budapest
1st time US has backed
Previously Moscow efforts rejected
Moscow had proposed rules for regulating cyber space with due account taken of military-political, criminal, and terror threats,
1) bans use of Internet for military purposes or regime change in foreign countries but
2) gives greater freedom of action within national segments of the Internet.
3) establishes hotline to be used in event of large scale cyber attack
Us was concerned was an attempt to increase censorship
North Korea
July 4, 2009
DDoS attacks against US governement sites, followed by South Korea
Titan Rain
Code name for ongoing acts of Chinese cyber espionage directed against the US DoD since 2002.
Operation DarkMarket
An FBI sting (cyber crime) that resulted in arrest of 56 individuals worldwide and recovery of 100,000 stolen credit cards.
Heartland Payment Systems
2009 - largest data breach in history - more than 130 million accounts.
Conficker Worm
Continues to propagate
Skilled programmers monitoring and adapting to attempts to thwart
Purpose is unknown
Moonlight Maze
Cyber espionage activities of Russia
Foundation for Effective Politics (FEP)
Part of official voice of Kremlin (not part of armed forces). Instrumental in designing strategies in public sector.
