Module 1 & 2

Question 0

Guiding military principle of cyber warfare

Answer 0

Ultimate goal of an offensive doctrine is the planning of and subsequent execution of an effective cyber “ first strike” against the enemy.

Question 1

US Cyber Attacks

Answer 1

First Gulf War US eliminated Iraq’s ability to communicate. Sig. Due to other nation’s notice.

Question 2

Cyber warfare motivations

Answer 2

Political
Social 
Financial / economic
Religious
Act of self-preservation

Question 3

4 roles of IT systems in cyber warfare

Answer 3

Medium
Source of information
Target of an attack
Source of an attack

Question 4

IT systems as the medium

Answer 4

Disseminate information used in attacks and terrorist activities (kinetic or cyber)
Provide training
Tools (emails, forums, social networking)

Question 5

IT systems as source of info

Answer 5

Steal sensitive information
Perform reconnaissance (cyber profiling)
Witness to an attack (logs)
Open source intelligence (osint)

Question 6

IT Systems as target

Answer 6

Steal sensitive info (financial, trade secrets, government info, military info)
Attack other systems to disrupt communication
Take systems offline
Cyber vandalism / web site defacement

Question 7

IT systems as attack source

Answer 7

Direct attacks from criminals
Bot nets
Infected websites used to drop payloads

Question 8

Drive behind Russian programs

Answer 8

Response to an aggressive development of a US information warfare program.

Question 9

Russia: Prior to “information strike” the following should occur:

Answer 9

Targets should be ID’d
Enemy access to external info should be denied
Credit and monetary circulation should be disrupted
Populace subjected to psychological operation – incl disinformation and propaganda

Question 10

Russia: Doctrine of Information Security

Answer 10

09/2000
Objectives:
Protect strategically important info
Protect against deleterious foreign information
Inculcate in the people patriotism and values

First authoritative summary of Russia’s view on information security in the public, government, and military sectors and plan for future development.

Question 11

Russia: Military doctrine

Answer 11

July 2000
Vladimir Putin

Discussed hostile information operations conducted through either technological or psychological means.

Question 12

China attack 1998

Answer 12

3000 hackers
China Hacker Emergency Meeting Center
Against Indonesia government websites
Outrage at anti-Chinese riots in Indonesia

Question 13

China attack - 1999

Answer 13

Chinese Red Hacker Alliance
NATO jet accidentally bombed Chinese embassy in Belgrade, Yugoslavia
Against US government websites

Question 14

China - 2001

Answer 14

Chinese fighter jet collided with US military aircraft over South China Sea
80000 hackers
Self-defense cyber war against US aggression

Question 15

Presidential Edict 1477

Answer 15

2 new defense ministries for automatic control systems and telecom and IT

Electronic Warfare Troops (first publicly announced); training from 2001

November 2007

Question 16

Russia: capabilities housed under:

Answer 16

Federal Security Service (FSB)

Federal Guard Service

General Staff

Question 17

Russia: infrastructure

Answer 17

Russia Institute for Public Networks (primary org responsible for iverseeing Internet development)

Rostelecom (nationally owned telecom)

Laws have been implemented to mandate I’d numbers for Internet registration. Require that operators provide authorities with registration and other data needed for an investigation. Laws prohibit operators from releasing data to an authority of a foreign state, person, or entity of a foreign state.

Public authorities, enterprises, institutions, and organizations required to provide assistance to FSB in carrying out their assigned duties.

Question 18

2nd Russian-Chechen War

Answer 18

Sig: cyber attacks follow kinetic warfare (coordinated), cyber used to shape public opinion

When: 1997-2001 (battles 1999-2000)

What: www.kavkaz.org, www.chechenpress.com

After Moscow theater incident

Source: Russian Federal Security Service

Question 19

Russian-Georgia War

Answer 19

August 2008

Sig: first synchronized cyber and kinetic attacks; same tools and commands as Russian business network

Target: communications systems, Georgia government, British and American embassies

Weapons: DDoS, SQL injection, xss

Source: Russian and Lithuanian and us ip (preattck stage)

Question 20

Estonian Cyber Attacks

Answer 20

When: week of April 27, 2007

Why: Relocation of soviet statue: The Bronze Soldier of Tallinn

Target: financial, media, and government systems

PING floods from bonnets

Source: Russian Youth Groups (Nashi)

Question 21

Russian Attacks Against US Targets

Answer 21

Illinois water control system

Traced to Russian computer

Was it proxied?

Question 22

Russian Business Network:

Answer 22

Real Host, Ltd. out of Latvia

Physically in St. Petersburg, Russia

Originally ISP for illicit activities

2007 marketing techniques to provide method for organized crime to target victims internationally

Employs full-time people to develop zero day exploits and attack targets

Mack (PHP malware kit)
Storm bonnet
Shut Down in 2008

Question 23

Russian Youth Groups:

Answer 23

Nashi (100k-120k members)

Attacked Kommersant Business Daily in 2008
Siege of Estonian embassy website in 2007
Anonymous published emails linking Nashi with Federal Agency for Youth Affairs

Eurasian Youth Movement
Attacked website of Ukranian president Viktor Yushchenko in 2007

Question 24

Project Blitzkrieg

Answer 24

Threat of cyber attacks on 30 US financial institutions spring of 2013

Question 25

International Code of Conduct

Answer 25

2012 - International Conference on Cyberspace, Budapest

1st time US has backed

Previously Moscow efforts rejected
Moscow had proposed rules for regulating cyber space with due account taken of military-political, criminal, and terror threats,
1) bans use of Internet for military purposes or regime change in foreign countries but
2) gives greater freedom of action within national segments of the Internet.
3) establishes hotline to be used in event of large scale cyber attack

Us was concerned was an attempt to increase censorship

Question 26

North Korea

Answer 26

July 4, 2009

DDoS attacks against US governement sites, followed by South Korea

Question 27

Titan Rain

Answer 27

Code name for ongoing acts of Chinese cyber espionage directed against the US DoD since 2002.

Question 28

Operation DarkMarket

Answer 28

An FBI sting (cyber crime) that resulted in arrest of 56 individuals worldwide and recovery of 100,000 stolen credit cards.

Question 29

Heartland Payment Systems

Answer 29

2009 - largest data breach in history - more than 130 million accounts.

Question 30

Conficker Worm

Answer 30

Continues to propagate
Skilled programmers monitoring and adapting to attempts to thwart
Purpose is unknown

Question 31

Moonlight Maze

Answer 31

Cyber espionage activities of Russia

Question 32

Foundation for Effective Politics (FEP)

Answer 32

Part of official voice of Kremlin (not part of armed forces). Instrumental in designing strategies in public sector.