The Cyberwar Thread

Anonymous declares 'cyberwar' on Israel.

Some observers took this as a sign of an escalating digital battle:eek:.

"They've knocked down websites, deleted databases and have leaked e-mail addresses and passwords," Casey Chan wrote Friday for the tech site Gizmodo. "It's a whopping takedown."

Others said most of Anonymous' threats have been "hollow" so far:lol:.

"Today, Anon lacks the talent and semi-cohesion it once boasted across the net, and its most recent online crusade is an embarrassing reminder," Sam Biddle wrote for Gizmodo on Monday. "This is less a war than the hacker equivalent of egging someone's house and then smoking weed behind a Denny's."

So,
Spoiler :
If Anonymous has declared war on Israel, can or would Israel fight back?
Besides defending their networks, might Israeli hackers counter-cyber? Might the Mossad take action?
 
From Wiki;

A list of cyber attack threat trends is presented in the order of sophistication which generally corresponds to the chronology of computer network used between the 1990s and 2008.[1]

Internet social engineering attacks
Network sniffers
Packet spoofing
Session-hijacking
Cyber-threats & bullying (not illegal in all jurisdictions)
Automated probes and scans
GUI intrusion tools
Automated widespread attacks
Widespread, distributed denial-of-service attacks
Industrial espionage
Executable code attacks (against browsers)
Analysis of vulnerabilities in compiled software without source code
Widespread attacks on DNS infrastructure
Widespread attacks using NNTP to distribute attack
"Stealth" and other advanced scanning techniques
Windows-based remote access trojans (Back Orifice)
Email propagation of malicious code
Wide-scale trojan distribution
Distributed attack tools
Targeting of specific users
Anti-forensic techniques
Wide-scale use of worms
Sophisticated botnet command and control attacks
 
The Comprehensive National Cybersecurity Initiative

Taking the Cyberattack Threat Seriously

Protecting the Nation’s Electric Grid from Cyber Threats

We Can’t Wait: Obama Administration Calls for A Consumer Privacy Bill of Rights for the Digital Age

billofrights_wh.jpg
 
What a future cyberwar will look like;

Spoiler :
BBC News
Web War II: What a future cyberwar will look like
By Michael Gallagher 30 April 2012

How might the blitzkrieg of the future arrive? By air strike? An invading army? In a terrorist's suitcase? In fact it could be coming down the line to a computer near you.

Operation Locked Shields, an international military exercise held last month, was not exactly your usual game of soldiers. It involves no loud bangs or bullets, no tanks, aircraft or camouflage face-paint. Its troops rarely even left their control room, deep within a high security military base in Estonia.

These people represent a new kind of combatant - the cyber warrior.

One team of IT specialists taking part in Locked Shields, were detailed to attack nine other teams, located all over Europe. At their terminals in the Nato Co-operative Cyber Defence Centre of Excellence, they cooked up viruses, worms, Trojan Horses and other internet attacks, to hijack and extract data from the computers of their pretend enemies.

The idea was to learn valuable lessons in how to forestall such attacks on military and commercial networks. The cyber threat is one that the Western alliance is taking seriously.

It's no coincidence that Nato established its defence centre in Estonia. In 2007, the country's banking, media and government websites were bombarded with Distributed Denial of Service (DDOS) attacks over a three week period, in what's since become known as Web War I. The culprits are thought to have been pro-Russian hacktivists, angered by the removal of a Soviet-era statue from the centre of the capital, Tallinn.

DDOS attacks are quite straightforward. Networks of thousands of infected computers, known as botnets, simultaneously access the target website, which is overwhelmed by the volume of traffic, and so temporarily disabled. However, DDOS attacks are a mere blunderbuss by comparison with the latest digital weapons. Today, the fear is that Web War II - if and when it comes - could inflict physical damage, leading to massive disruption and even death.

"Sophisticated cyber attackers could do things like derail trains across the country," says Richard A Clarke, an adviser on counter-terrorism and cyber-security to presidents Clinton and Bush.

"They could cause power blackouts - not just by shutting off the power but by permanently damaging generators that would take months to replace. They could do things like cause [oil or gas] pipelines to explode. They could ground aircraft."

Clarke's worries are fuelled by the current tendency to put more of our lives online, and indeed, they appear to be borne out by experiments carried out in the United States.

At the heart of the problem are the interfaces between the digital and physical worlds known as Scada - or Supervisory Control And Data Acquisition - systems.

Today, these computerised controllers have taken over a myriad jobs once performed manually. They do everything from opening the valves on pipelines to monitoring traffic signals. Soon, they'll become commonplace in the home, controlling smart appliances like central heating.

And crucially, they use cyberspace to communicate with their masters, taking commands on what to do next, and reporting any problems back. Hack into these networks, and in theory you have control of national electricity grids, water supplies, distribution systems for manufacturers or supermarkets, and other critical infrastructure.

In 2007, the United States Department of Homeland Security (DHS) demonstrated the potential vulnerability of Scada systems. Using malicious software to feed in the wrong commands, they attacked a large diesel generator. Film of the experiment shows the machine shaking violently before black smoke engulfs the screen.

Although this took place under laboratory conditions, with the attackers given free rein to do their worst, the fear is that, one day, a belligerent state, terrorists, or even recreational hackers, might do the same in the real world.

"Over the past several months we've seen a variety of things," says Jenny Mena of the DHS. "There are now search engines that make it possible to find those devices that are vulnerable to an attack through the internet. In addition we've seen an increased interest in this area in the hacker and hacktivist community."

One reason why Scada systems may be prone to hacking is that engineers, rather than specialist programmers, are often likely to have designed their software. They are expert in their field, says German security consultant Ralph Langner, but not in cyber defence. "At some point they learned how to develop software," he adds, "but you can't compare them to professional software developers who probably spent a decade learning."

Moreover, critical infrastructure software can be surprisingly exposed. A power station, for example, might have less anti-virus protection than the average laptop. And when vulnerabilities are detected, it can be impossible to repair them immediately with a software patch. "It requires you to re-boot," Langner points out. "And a power plant has to run 24-7, with only a yearly power-down for maintenance." So until the power station has its annual stoppage, new software cannot be installed.

Langner is well-qualified to comment. In 2010 he, along with two employees, took it upon himself to investigate a mystery computer worm known as Stuxnet, that was puzzling the big anti-virus companies. What he discovered took his breath away.

Stuxnet appeared to target a specific type of Scada system doing a specific job, and it did little damage to any other applications it infected. It was clever enough to find its way from computer to computer, searching out its prey. And, containing over 15,000 lines of computer code, it exploited no fewer than four previously undiscovered software errors in Microsoft Windows. Such errors are extremely rare, suggesting that Stuxnet's creators were highly expert and very well-resourced.

It took Langner some six months to probe just a quarter of the virus. "If I'd wanted to do all of it I might have gone bust!" he jokes. But his research had already drawn startling results.

Stuxnet's target, it turned out, was the system controlling uranium centrifuges at Iran's Natanz nuclear facility. There is now widespread speculation that the attack was the work of American or Israeli agents, or both. Whatever the truth, Langner estimates that it delayed Iran's nuclear project by around two years - no less than any air strike was expected to achieve - at a relatively small cost of around $10 million. This success, he says, means cyber weapons are here to stay.

Optimists say Stuxnet does at least suggest a scrap of reassurance. Professor Peter Sommer, an international expert in cyber crime, points out that the amount of research and highly skilled programming it involved would put weapons of this calibre beyond anyone but an advanced nation state. And states, he point out, usually behave rationally, thus ruling out indiscriminate attacks on civilian targets.

"You don't necessarily want to cause total disruption. Because the results are likely to be unforeseen and uncontrollable. In other words, although one can conceive of attacks that might bring down the world financial system or bring down the internet, why would one want to do that? You would end up with something not that different from a nuclear winter."

But even this crumb of comfort is denied by Langner, who argues that, having now infected computers worldwide, Stuxnet's code is available to anyone clever enough to adapt it, including terrorists.

"The attack vectors and exploits used by Stuxnet - they can be copied and re-used reliably against completely different targets. Until a year ago no one was aware of such an aggressive and sophisticated threat. With Stuxnet that has changed. It is on the table. The technology is out there on the internet."

One thing is for sure, he adds: If cyber weapons do become widespread, their targets will lie mostly in the west, rather than in countries like Iran, which have relatively little internet dependence. This means that the old rules of military deterrence which favoured powerful, technologically advanced countries like the United States do not apply: Responding in kind to a cyber attack could be effectively impossible.

This asymmetry is likely to grow, as developed countries become ever more internet-dependent. So far, the Internet Protocol format allows only 4.3 billion IP addresses, most of which have now been used. But this year, a new version is rolling out, providing an inexhaustible supply of addresses and so allowing exponential growth in connectivity. Expect to see far more machines than people online in the future.

In the home, fridges will automatically replenish themselves by talking to food suppliers; ovens and heating systems will respond to commands from your smartphone. Cars may even drive themselves, sharing GPS data to find the best routes. For industry, commerce and infrastructure, there will be even more reliance on cyber networks that critics claim are potentially vulnerable to intrusion.
"There will be practically infinite number of IP addresses," says former hacker Jason Moon. "Everything can have an IP address. And everything will have one. Now, that's great. But think what that's going to do for the hacker!"

In fact, it has already become a challenge for even sensitive installations, let alone households, to remain offline. Although military and other critical networks are supposedly isolated from the public internet, attackers can target their contractors and suppliers, who plug into the "air-gapped" system at various times. Somewhere down the food chain, a vulnerable website or a rogue email will provide a way in.

According to Richard Clarke, the mighty American armed forces themselves are not immune, since their command & control, supplies, and even some weapons systems, also rely on digital systems.

"The US military ran headlong into the cyber age," he says. "And we became very dependent on cyber devices without thinking it through. Without thinking that if someone got control of our software, what would we be able to do? Do we have backup systems? Can we go back to the old days?"

The answer it seems is no. A new form of weapon appears to be emerging. And the world may have to learn to adapt.

A new form of weapon appears to be emerging. And the world may have to learn to adapt.
 
What a future cyberwar will look like;

Spoiler :
BBC News
Web War II: What a future cyberwar will look like
By Michael Gallagher 30 April 2012

How might the blitzkrieg of the future arrive? By air strike? An invading army? In a terrorist's suitcase? In fact it could be coming down the line to a computer near you.

Operation Locked Shields, an international military exercise held last month, was not exactly your usual game of soldiers. It involves no loud bangs or bullets, no tanks, aircraft or camouflage face-paint. Its troops rarely even left their control room, deep within a high security military base in Estonia.

These people represent a new kind of combatant - the cyber warrior.

One team of IT specialists taking part in Locked Shields, were detailed to attack nine other teams, located all over Europe. At their terminals in the Nato Co-operative Cyber Defence Centre of Excellence, they cooked up viruses, worms, Trojan Horses and other internet attacks, to hijack and extract data from the computers of their pretend enemies.

The idea was to learn valuable lessons in how to forestall such attacks on military and commercial networks. The cyber threat is one that the Western alliance is taking seriously.

It's no coincidence that Nato established its defence centre in Estonia. In 2007, the country's banking, media and government websites were bombarded with Distributed Denial of Service (DDOS) attacks over a three week period, in what's since become known as Web War I. The culprits are thought to have been pro-Russian hacktivists, angered by the removal of a Soviet-era statue from the centre of the capital, Tallinn.

DDOS attacks are quite straightforward. Networks of thousands of infected computers, known as botnets, simultaneously access the target website, which is overwhelmed by the volume of traffic, and so temporarily disabled. However, DDOS attacks are a mere blunderbuss by comparison with the latest digital weapons. Today, the fear is that Web War II - if and when it comes - could inflict physical damage, leading to massive disruption and even death.

"Sophisticated cyber attackers could do things like derail trains across the country," says Richard A Clarke, an adviser on counter-terrorism and cyber-security to presidents Clinton and Bush.

"They could cause power blackouts - not just by shutting off the power but by permanently damaging generators that would take months to replace. They could do things like cause [oil or gas] pipelines to explode. They could ground aircraft."

Clarke's worries are fuelled by the current tendency to put more of our lives online, and indeed, they appear to be borne out by experiments carried out in the United States.

At the heart of the problem are the interfaces between the digital and physical worlds known as Scada - or Supervisory Control And Data Acquisition - systems.

Today, these computerised controllers have taken over a myriad jobs once performed manually. They do everything from opening the valves on pipelines to monitoring traffic signals. Soon, they'll become commonplace in the home, controlling smart appliances like central heating.

And crucially, they use cyberspace to communicate with their masters, taking commands on what to do next, and reporting any problems back. Hack into these networks, and in theory you have control of national electricity grids, water supplies, distribution systems for manufacturers or supermarkets, and other critical infrastructure.

In 2007, the United States Department of Homeland Security (DHS) demonstrated the potential vulnerability of Scada systems. Using malicious software to feed in the wrong commands, they attacked a large diesel generator. Film of the experiment shows the machine shaking violently before black smoke engulfs the screen.

Although this took place under laboratory conditions, with the attackers given free rein to do their worst, the fear is that, one day, a belligerent state, terrorists, or even recreational hackers, might do the same in the real world.

"Over the past several months we've seen a variety of things," says Jenny Mena of the DHS. "There are now search engines that make it possible to find those devices that are vulnerable to an attack through the internet. In addition we've seen an increased interest in this area in the hacker and hacktivist community."

One reason why Scada systems may be prone to hacking is that engineers, rather than specialist programmers, are often likely to have designed their software. They are expert in their field, says German security consultant Ralph Langner, but not in cyber defence. "At some point they learned how to develop software," he adds, "but you can't compare them to professional software developers who probably spent a decade learning."

Moreover, critical infrastructure software can be surprisingly exposed. A power station, for example, might have less anti-virus protection than the average laptop. And when vulnerabilities are detected, it can be impossible to repair them immediately with a software patch. "It requires you to re-boot," Langner points out. "And a power plant has to run 24-7, with only a yearly power-down for maintenance." So until the power station has its annual stoppage, new software cannot be installed.

Langner is well-qualified to comment. In 2010 he, along with two employees, took it upon himself to investigate a mystery computer worm known as Stuxnet, that was puzzling the big anti-virus companies. What he discovered took his breath away.

Stuxnet appeared to target a specific type of Scada system doing a specific job, and it did little damage to any other applications it infected. It was clever enough to find its way from computer to computer, searching out its prey. And, containing over 15,000 lines of computer code, it exploited no fewer than four previously undiscovered software errors in Microsoft Windows. Such errors are extremely rare, suggesting that Stuxnet's creators were highly expert and very well-resourced.

It took Langner some six months to probe just a quarter of the virus. "If I'd wanted to do all of it I might have gone bust!" he jokes. But his research had already drawn startling results.

Stuxnet's target, it turned out, was the system controlling uranium centrifuges at Iran's Natanz nuclear facility. There is now widespread speculation that the attack was the work of American or Israeli agents, or both. Whatever the truth, Langner estimates that it delayed Iran's nuclear project by around two years - no less than any air strike was expected to achieve - at a relatively small cost of around $10 million. This success, he says, means cyber weapons are here to stay.

Optimists say Stuxnet does at least suggest a scrap of reassurance. Professor Peter Sommer, an international expert in cyber crime, points out that the amount of research and highly skilled programming it involved would put weapons of this calibre beyond anyone but an advanced nation state. And states, he point out, usually behave rationally, thus ruling out indiscriminate attacks on civilian targets.

"You don't necessarily want to cause total disruption. Because the results are likely to be unforeseen and uncontrollable. In other words, although one can conceive of attacks that might bring down the world financial system or bring down the internet, why would one want to do that? You would end up with something not that different from a nuclear winter."

But even this crumb of comfort is denied by Langner, who argues that, having now infected computers worldwide, Stuxnet's code is available to anyone clever enough to adapt it, including terrorists.

"The attack vectors and exploits used by Stuxnet - they can be copied and re-used reliably against completely different targets. Until a year ago no one was aware of such an aggressive and sophisticated threat. With Stuxnet that has changed. It is on the table. The technology is out there on the internet."

One thing is for sure, he adds: If cyber weapons do become widespread, their targets will lie mostly in the west, rather than in countries like Iran, which have relatively little internet dependence. This means that the old rules of military deterrence which favoured powerful, technologically advanced countries like the United States do not apply: Responding in kind to a cyber attack could be effectively impossible.

This asymmetry is likely to grow, as developed countries become ever more internet-dependent. So far, the Internet Protocol format allows only 4.3 billion IP addresses, most of which have now been used. But this year, a new version is rolling out, providing an inexhaustible supply of addresses and so allowing exponential growth in connectivity. Expect to see far more machines than people online in the future.

In the home, fridges will automatically replenish themselves by talking to food suppliers; ovens and heating systems will respond to commands from your smartphone. Cars may even drive themselves, sharing GPS data to find the best routes. For industry, commerce and infrastructure, there will be even more reliance on cyber networks that critics claim are potentially vulnerable to intrusion.
"There will be practically infinite number of IP addresses," says former hacker Jason Moon. "Everything can have an IP address. And everything will have one. Now, that's great. But think what that's going to do for the hacker!"

In fact, it has already become a challenge for even sensitive installations, let alone households, to remain offline. Although military and other critical networks are supposedly isolated from the public internet, attackers can target their contractors and suppliers, who plug into the "air-gapped" system at various times. Somewhere down the food chain, a vulnerable website or a rogue email will provide a way in.

According to Richard Clarke, the mighty American armed forces themselves are not immune, since their command & control, supplies, and even some weapons systems, also rely on digital systems.

"The US military ran headlong into the cyber age," he says. "And we became very dependent on cyber devices without thinking it through. Without thinking that if someone got control of our software, what would we be able to do? Do we have backup systems? Can we go back to the old days?"

The answer it seems is no. A new form of weapon appears to be emerging. And the world may have to learn to adapt.

A new form of weapon appears to be emerging. And the world may have to learn to adapt.

With a modified Stuxnet AL Qaeda could literally destroy 3/4 of the US power grid, society would go to hell without power
 
300px-Electrical_Substation.JPG


Indeed, it's the electrical substations, located in city and town neighborhoods all over America, that are the most vulnerable.

There are no power company personel present - the substations are remotely controlled by SCADAs over the Internet. A Stuxnet attack, especially in conjuntion with a DOS attack (preventing electrical engineers from monitoring or fixing) could be devastating.
 
300px-Electrical_Substation.JPG


Indeed, it's the electrical substations, located in city and town neighborhoods all over America, that are the most vulnerable.

There are no power company personel present - the substations are remotely controlled by SCADAs over the Internet. A Stuxnet attack, especially in conjuntion with a DOS attack (preventing electrical engineers from monitoring or fixing) could be devastating.

If the US went without power for a month how much damage do you think that would cause? (I'm think many billions of dollars and millions of lives)

I just noticed that sitting next to me is my copy of Cyber War: The Next Threat to National Security and What to Do About It that is autographed by Richard Clarke (he signed it Dick Clarke)
 
If the US went without power for a month how much damage do you think that would cause? (I'm think many billions of dollars and millions of lives)

I just noticed that sitting next to me is my copy of Cyber War: The Next Threat to National Security and What to Do About It that is autographed by Richard Clarke (he signed it Dick Clarke)

Ever read One Second After by William Forstchen? It's about what happens to America after an EMP attack wipes out the electric grid. Basically we're back to the 19th century (horse and buggy) - but without any extant 19th century technology to help us. Not billions but trillions of dollars damage - massive loss of life - collapse of infrastructure - economic failure - interruption of food delivery - breakdown of law and order - collapse of the welfare safety net - no money, no food, no medicine, no nothing - hoarding, rioting, murder and mahem. America breaks down and breaks up, with follow-on consequences for the rest of the world.

We are completely dependent on our technology and energy, and if that's taken away, it's difficult to overstate or exaggerate the severity of the consequences. Hurricane Sandy x1000.

Hopefully, steps taken to prevent such a catastrophic event are belatedly accelerating do to efforts by the White House, Homeland Security, CyberCom and private industry.
 
This thread seems rather barren so far. Here's something a little different for diversity's sake:

Cyberwar: how the americans broke into the Élysée

Cyberguerre: comment les Américains ont piraté l'Élysée

Par Charles Haquet et Emmanuel Paquette (L'Express) - publié le 20/11/2012 à 15:31

EXCLUSIF. En mai, l'équipe de Nicolas Sarkozy a été victime d'une opération d'espionnage informatique hypersophistiquée. Les sources de L'Express concordent : le coup vient de... l'ami américain. Révélations sur une attaque qui s'inscrit dans une bataille planétaire.
 

That's an interesting story, and is now spreading across the Web. While attribution is never a sure thing, I do find it credible. Certainly the allies have always spied on each other. It's usually intelligence gathering or industrial espionage,
Spoiler :
Between the early 1970s to the late 1980s, the DGSE had effectively planted agents in major U.S. companies, such as Texas Instruments, IBM and Corning. Some of the economic intelligence thus acquired was shared with French corporations, such as the Compagnie des Machines Bull. -wiki
- while sabotage is usually reserved for enemies. And there's certainly no denying that America is a player.

On the lighter side...
 
Who will control the Internet?

The U.N.'s Internet Sneak Attack

"Having the Internet rewired by bureaucrats would be like handing a Stradivarius to a gorilla."

"... the top job for the U.S. delegation at the ITU conference is to preach the virtues of the open Internet as forcefully as possible. Billions of online users are counting on America to make sure that their Internet is never handed over to authoritarian governments or to the U.N."
 
Taiwan's cyberwar prep

The Taiwanese government will be stepping up its spending on online defences as it expands its Communication Electronics and Information Bureau (CEIB) and creates an experimental facility for simulated cyberwarfare.

According to the Taipei Times on Monday, the country's Ministry of National Defense (MND) said there has been increasing numbers of cyberattacks targeting it which can be traced back to (Communist) China. It believes this will continue as China's defense strategy emphasizes superiority in cyberwarfare and its capability to launch countermeasures against a stronger enemy, the article added.
 
bomb thread Glassfan. I will be paying extra attention to your posts here on.
 
Looks like the Pentagon of the future....

what news have you about google and the secret meeting of the world's governments to serverly limit our freedoms....?????????????!?!?!!?!?!?!
 
Some reaction to Maude's speech.

"As to the challenge of creating a deeper security culture by educating the public and investing in the policing necessary to aid that, the Strategy had little to say. The sums earmarked for policing in particular was far below the scale of the problem,...

"At times Maude's statement sounded like a headmaster delivering a school report, full of aspiration and good intentions but light on defined progress, he added.

"The major focus seems to be on influencing the elite and developing intelligence. It is not enough and is out of step with how the management of society's information security risk must evolve."
 
Back
Top Bottom