Sunday, November 30, 2008

Rules of Engagement for Cyber Warfare

An interesting article calling for the development of rules of engagement for cyber warfare:
"Cyber attack and warfare rules of engagement will undoubtedly require hundreds of pages to establish a decision framework. That being said, there are a few critical areas that will pose the most significant challenge to policy makers. One of these areas will be the level of confidence in the identification of the entity behind an attack on a nation. Tracing and tracking cyber attacks back to those responsible is not an easy task. Usually this takes months or years not minutes and hours. Current intelligence and surveillance capabilities will provide only minimal assistance in this effort."

Cyber Attacks & Warfare - Rules of Engagement

Friday, November 28, 2008

More Indian-Pakistani Cyber Attacks

As an update to the previous post, further reports of tit-for-tat cyber attacks between Indian and Pakistani "hackers" are surfacing. From the Indian online business magazine, domain-b.com:

"Hostilities between India and Pakistan seem to have reached cyberspace even as the two neighbors strive to resolve differences through dialogue. The first casualty in the cyber war appears to be the Andhra Pradesh Crime Investigation Department (CID) website that was hacked by pro-Pakistan hackers.

"Ohter [sic] Indian web sites that have come in for similar treatment are web sites of Bank of Baroda and that of a news channel."

And from the Pakistani Daily website:

"In what seems to be an intensifying cyber war between hackers of Pakistan and India, Pakistani hackers managed to hack website of ONGC (Oil and Natural Gas Corporation) of India on Tuesday.

"A group named ‘Pakistan Cyber Army’ (PCA) said that it hacked Indian ONGC website in response to hacking of the website of Pakistan’s OGRA (Oil and Gas Regulatory Authority) by Indian hackers."

Andhra Police website hacked

Pakistani group hacks Indian websites

Ongoing Indian-Pakistani Cyber Attacks

Underneath the current terrorist attacks in Mumbai, a string of cyber attacks between Indian and Pakistani groups has been simmering for the last few weeks. At this point, the intrusions do not seem related to the ongoing physical attacks, however, with the potential for tensions between the two countries to intensify, cyber attacks will almost certainly increase as well.
"The cyber warfare began in mid-November when an Indian group of hackers known as HMG or "Guards of Hindustan" defaced the website of Pakistan's Oil and Gas Regulatory Authority and deleted all its data."

"Apparently acting in retaliation, a group calling itself the Pakistan Cyber Army (PCA) yesterday [25-Nov-2008] hacked five Indian websites, including those of ONGC, Indian Institute of Remote Sensing (IIRS), Indian Railways and the Kendriya Vidyalaya in Ratlam."

Indian, Pak hackers deface govt websites

Thursday, November 20, 2008

REVIEW: 2008 Report on US-China Economic and Security Review

The U.S.-China Economic and Security Review Commission has published its 2008 report to the U.S. Congress. As in previous years, the report discusses Chinese Cyber capabilities and initiatives. This year's report concludes:
"The Nature and Extent of China’s Space and Cyber Activities and their Implications for U.S. Security
  • Cyber space is a critical vulnerability of the U.S. government and economy, since both depend heavily on the use of computers and their connection to the Internet. The dependence on the Internet makes computers and information stored on those computers vulnerable.
  • China is likely to take advantage of the U.S. dependence on cyber space for four significant reasons. First, the costs of cyber operations are low in comparison with traditional espionage or military activities. Second, determining the origin of cyber operations and attributing them to the Chinese government or any other operator is difficult. Therefore, the United States would be hindered in responding conventionally to such an attack. Third, cyber attacks can confuse the enemy. Fourth, there is an underdeveloped legal framework to guide responses.
  • China is aggressively pursuing cyber warfare capabilities that may provide it with an asymmetric advantage against the United States. In a conflict situation, this advantage would reduce current U.S. conventional military dominance."
The report provides further details into U.S. perceptions of Chinese cyber capabilities and intentions including:
"China has an active cyber espionage program. Since China’s current cyber operations capability is so advanced, it can engage in forms of cyber warfare so sophisticated that the United States may be unable to counteract or even detect the efforts."

"By some estimates, there are 250 hacker groups in China that are tolerated and may even be encouraged by the government to enter and disrupt computer networks. The Chinese government closely monitors Internet activities and is likely aware of the hackers’ activities. While the exact number may never be known, these estimates suggest that the Chinese government devotes a tremendous amount of human resources to cyber activity for government purposes. Many individuals are being trained in cyber operations at Chinese military academies..."

"In the past two decades, China has observed how the U.S. military has operated successfully overseas and also has noted that the United States in many cases utilizes a deployment or buildup phase. Examples include the first Gulf War, Kosovo, and Operation Iraqi Freedom. Due to the great distances in the Pacific area of operations, were the United States to think a conflict near China was probable, the U.S. military would begin its preparations with a deployment or buildup phase. China is depending on this and believes that, by cyber attacking U.S. logistics functions in the early buildup stages of a conflict, it can delay or disrupt U.S. forces moving to the theater. This conceivably could alter the course of a conflict over Taiwan."

The report discusses China's motivation to develop cyber warfare capabilities:
"...authors of China’s military doctrine have articulated five key elements. These elements are the following:
  • Defense. Many Chinese authors believe the United States already is carrying out offensive cyber espionage and exploitation against China. China therefore must protect its own assets first in order to preserve the capability to go on the offensive.
  • Early use. PLA analysts believe that in many cases a vulnerable U.S. system could be unplugged in anticipation of a cyber attack. Therefore, for an attack to be truly effective, it must be launched early in a conflict before the adversary has time fully to protect itself.
  • Information operations. Cyber operations can be used to manipulate an adversary’s perception of the crisis, such as by planting misinformation. This could obviate the need for a conventional confrontation or advantageously shape an adversary’s response.
  • Attacking an enemy’s weaknesses. China’s strategists believe the United States is dependent on information technology and that this dependency constitutes an exploitable weakness.
  • Preemption. Many PLA strategists believe there is a first mover advantage in both conventional and cyber operations against the United States. Therefore, in order to succeed, they should strike first."
Finally, the report notes the vulnerabilities to telecommunication systems:
"The global supply chain for telecommunications items introduces another vulnerability to U.S. computers and networks. Components in these computers and networks are manufactured overseas— many of them in China. At least in theory, this equipment is vulnerable to tampering by Chinese security services, such as implanting malicious code that could be remotely activated on command and place U.S. systems or the data they contain at risk of destruction or manipulation. In a recent incident, hundreds of counterfeit routers made in China were discovered being used throughout the Department of Defense. This suggests that at least in part, Defense Department computer systems and networks may be vulnerable to malicious action that could destroy or manipulate information they contain."

The full report is available at:

2008 REPORT TO CONGRESS of the U.S.-CHINA ECONOMIC AND SECURITY REVIEW COMMISSION

ITU Passes Anti-Cyberwar Resolution

The International Telecommunication Union (ITU) has passed a resolution to attempt to curb cyber warfare between nation states. The core of the resolution states:
"resolves to invite Member States
  1. to refrain from taking any unilateral and/or discriminatory actions that could impede another Member State from accessing public Internet sites, within the spirit of Article 1 of the ITU Constitution and the WSIS principles;
  2. to report to the Director of the Telecommunication Standardization Bureau on any incident referred to in 1 above,"
"instructs the Director of the Telecommunication Standardization Bureau
  1. to integrate and analyse the information on incidents reported from Member States;
  2. to report this information to Member States, through an appropriate mechanism,"
"invites Member States and Sector Members

to submit contributions to the ITU-T study groups that contribute to the prevention and avoidance of such practices."
The full resolution is available here:

Resolution 69 – Non-discriminatory access and use of Internet resources

For a broader view of the political context this resolution is mired in and the international infighting between Internet governance organizations see:

Controversy Over Internet Governance: ITU Families And ICANN Cosmetics?

Wednesday, November 19, 2008

Israeli "Hackers" Penetrate Gaza Phone Network to Offer Reward

StrategyPage.com reports of an intrusion into the Gaza phone network to offer rewards for the return of an Israeli soldier:
"Israeli Cyber War troops again hacked into the cell phone networks in Gaza, and sent a message offering a $10,000 reward for anyone who could provide information that led to the rescue of kidnapped Israeli soldier Gilad Shalit."



Tuesday, November 18, 2008

Estonian Spy Passes NATO Cyber Defense Info to Russians

In September 2008, Herman Simm, an Estonian defense ministry official and Estonia's liaison with NATO, was arrested for allegedly passing NATO classified information to Russia. The U.K. Times is reporting that some of that information included NATO cyber security strategies:

"...Mr Simm was not some relic from the days of Kim Philby or other notorious deep-cover agents. He was at the cutting edge of one of Nato’s most important new strategic missions: to defend the alliance against cyber-attack.

"Mr Simm headed government delegations in bilateral talks on protecting secret data flow. And he was an important player in devising EU and Nato information protection systems."


Russian spy in Nato could have passed on missile defence and cyber-war secrets

Mauritanian Government Shuts Down Critics with Botnet Attacks

StrategyPage reports on use of bot nets by the Mauritanian government to censor online critics. No sources or technical details are given in the article:
"In the African nation of Mauritania, the military dictatorship has used Cyber War techniques to shut down two opposition web sites that provide the most information on what is going on inside the country. The generals apparently hired several botnets" to perform denial-of-service attacks.

Dictators Prefer Botnets

Saturday, November 15, 2008

IMF Systems Compromised

There are several reports of allegations that the International Monetary Fund (IMF) systems were penetrated last month with speculation that the source of the attacks was China. The Dark Visitor, a site that follows the Chinese computer underground, reports on why the Chinese might be interested in IMF communications.

Chinese hackers hit International Monetary Fund

Friday, November 14, 2008

U.S. Data Mining for Terrorist Activities Ineffective

Investor's Business Daily reviewed a report by the National Research Council on the U.S. Government's use of data mining to identify potential terrorists. The report, titled Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment, concludes that the data mining initiative "is ineffective and threatens the privacy of millions of law-abiding Americans".

"We were consistently concerned that data mining does not have demonstrated efficacy for fighting terrorists," said Ben Shneiderman, a University of Maryland computer science professor and one of the 21 committee members."

The report discusses the danger is relying on databases that are notorious for inaccuracies:

"The DHS has purchased at least parts of databases from ChoicePoint, LexisNexis and Axiom, says [Stephen] Fienberg, who also works in Carnegie Mellon's CyLab, the largest university-based cybersecurity institute in the U.S."

"Merging data from various databases inevitably leads to mistakes. But government counterterrorism programs don't always take into account where its information comes from or whether it might not be true.

"It's basically a problem where government programs really are not focused on the data sources and the correctness, but rather the use of the data they have at hand," Fienberg said."


Data Mining Failing To Hit Mother Lode In Finding Terrorists

Wednesday, November 12, 2008

German Lower House of Parliament Passes New Cyber Investigative Powers

The German lower house of parliament has passed a bill extending search and monitoring capabilities to police in terrorism cases:
"Under the new law, a judge can issue a warrant allowing police the right to spy on a suspect's computer or hard drive, tap their telephone conversations and watch and eavesdrop on their homes."

The upper house still needs to approve the legislation before it becomes law.

German parliament moves to increase police powers

Monday, November 10, 2008

Death Penalty for Cyber Terrorism

Pakistani President Asif Ali Zardari has issued a decree that any act of "cyber terrorism" resulting in death may merit the death penalty:

"Whoever commits the offence of cyber terrorism and causes death of any person shall be punishable with death or imprisonment for life," according to a copy of the ordinance, published by the state-run APP news agency.

"The law will apply to Pakistanis and foreigners whether living in Pakistan or abroad.

"The ordinance described cyber terrorism as accessing of a computer network or electronic system by someone who then "knowingly engages in or attempts to engage in a terroristic act."

"The ordinance listed several definitions of a "terroristic act" including stealing or copying, or attempting to steal or copy, classified information necessary to manufacture any form of chemical, biological or nuclear weapon."


Pakistan Sets Death Penalty For "Cyber Terrorism"

Friday, November 07, 2008

U.K. Interception Modernisation Programme

The U.K. government is reportedly considering requiring major ISPs to allow the gather Internet traffic data:

"At Monday's meeting in London representatives from BT, AOL Europe, O2 and BSkyB were given a presentation of the issues and the technology surrounding the Government's Interception Modernisation Programme (IMP), the name given by the Home Office to the database proposal.

"They were told that the security and intelligence agencies wanted to use the stored data to help fight serious crime and terrorism."

The Interception Modernisation Programme has received a lot of attention in the U.K. press lately including a proposal to invest billions of pounds in the programme:

"Detica will very likely be among the first to profit from the IMP bonanza. Based in Guildford, it might warrant the title of The Most Important IT Company Most People Have Never Heard Of. According to sources with knowledge of systems that have long allowed GCHQ to eavesdrop on phone calls, Detica owns and operates the current "black box" infrastructure under contracts funded by the secret intelligence budget.

"In contrast to that arrangement, the proposed central communications database would not target the content of calls, emails, texts and other communications; rather, MI6 and GCHQ want to retain the powerful, searchable data detailing who contacted whom."
As a side note, the keywords "interception modernisation programme" is a major driver of traffic to this blog...


Internet black boxes to record every email and website visit
Spy chiefs plot £12bn IT spree for comms überdatabase


Obama, McCain Systems Compromised?

Newsweek magazine is reporting that the computer systems of both candidates for U.S. president were compromised last summer. However, few details were provided and there seems to be some issues with the story such as why there would be senior level White House involvement in the investigation:
"The following day, Obama campaign chief David Plouffe heard from White House chief of staff Josh Bolten, to the same effect: "You have a real problem ... and you have to deal with it."

The Newsweek article alleges that the source of the intrusions were from outside of the U.S. (again, the article provides no details or supporting evidence):
"Officials at the FBI and the White House told the Obama campaign that they believed a foreign entity or organization sought to gather information on the evolution of both camps' policy positions—information that might be useful in negotiations with a future administration. The Feds assured the Obama team that it had not been hacked by its political opponents."

Hackers and Spending Sprees

Monday, November 03, 2008

China's Cyber Warfare Capabilities

International-Relations.com has published a report hypothesizing that China plans to leapfrog U.S. military capabilities using cyber warfare capabilities. This lengthy report begins by providing details on China's traditional military capability and then discusses the U.S. military's dependence on technology (and perceived weakness) including:
  1. Network-centric warfare - "Militarily, the information revolution has given rise to an increasing reliance on situational awareness, weather monitoring, surveillance, communication, and precision strikes. Chinese military strategists have made special note of the US reliance on, and dominance with, electronic means in the Kosovo, Afghanistan, and Iraqi conflicts"

  2. Information operations - "...activities include PSYOPS troops who try to manipulate the adversary’s thoughts and beliefs, military deception and disinformation, media warfare, electronic warfare (EW), and computer network operations (CNO). Thus Information Operations Roadmap stands as an another example of the US commitment to transform military capabilities to keep pace with emerging threats and to exploit new opportunities afforded by innovation and rapidly developing information technologies."

  3. Future combat systems - "...places a particular emphasis on advanced robotics, including Unmanned Ground Vehicles (UGVs), Unmanned Aerial Combat Vehicles (UCAVs), Non- Line of Sight Launch Systems, and Unattended Systems. This system of systems seeks to make warfare as networked as the internet, as mobile as a mobile phone, and as intuitive as a video game. "

The report summarizes the importance of military cyber capabilities within China:
"The information revolution has given more power to individuals and increased globalization through the interconnectedness of economies, rapid dissemination of news, and improved access to communication and information of all types. Any attempt to compete on a global level without the use of these technologies would place the PRC at a significant military and financial disadvantage. For this reason, the benefits of electronic reliance outweigh the risks involved. Further, it is impossible for a state to develop a defence against cyber warfare without simultaneously learning how to execute attacks themselves."

The report also discusses the linkage between "offensive" and "defensive" capabilities:
"To learn how to conduct cyber security, the Chinese must have a full understanding of how attacks are conducted; therefore they will learn offence along with the defence - the two are inseparable. China has repeatedly stated its goal of military modernization, and cyber warfare is where modern militaries are headed. However, cyber warfare would unlikely be used alone. It could be used simultaneously with a traditional attack, perhaps as a first blow to take an opponent off guard, or in tandem with multiple non-traditional attacks, such as PSYOPS and economic operations, or variants of each. Additional combined tactics that will be discussed in the following sections include cyber attack, cyber reconnaissance, and market dominance."

Based on this concept the report delves into several cyber capabilities including:
  1. Internet security
  2. Cyber reconnaissance and attack
  3. Security hacking
  4. Military applications of hacking

The paper concludes:
"This research has shown that China seeks to leapfrog in military competitiveness by utilizing cyber warfare. Chinese military doctrine places an emphasis on asymmetric attack. Cyber warfare epitomizes this a low cost means of levelling the playing field. Cyber attack strikes at a superior adversary’s weakness – in the case of the US, a heavy reliance on hi-tech computerized weaponry and a civilian population reliant on an unsecured computer infrastructure. Cyber reconnaissance follows China’s tradition of technology transfer and reverse engineering for domestic production as a means of leapfrogging. Cyber reconnaissance gives the added benefit of providing deniability, low cost, a lack of legal framework against it, and the removal of geographical distance."


How China Will Use Cyber Warfare to Leapfrog in Military Competitiveness

Hamas Offers Cash Reward for Israeli Cyber Attacks

The Iranian branch of Hamas has offered a $2,000 reward to attack Israeli websites.
"Observers noted that the contest gives a chance for Iran's many under-employed but tech-savvy computer geeks to earn some quick cash with their expertise."


IRAN: Hamas' office declares cyber-war on Israel