"The risk is real for a malicious and intentional disruption of basic infrastructure but, unfortunately, the problem is poorly understood and too often the subject of hyperbole by both the media and security professionals with a "solution" to sell."
"In the case of Ukraine we observed that, due to the two–step nature of the information communication process, the provision of alternative information to even a relatively small number of dissenters was apparently sufficient to initiate a network–related effect, when the information spreads exponentially, like an epidemic. We can therefore conclude that the Internet does not need to have a mass penetration rate in order to effectively help in the promotion of a major socio–political change. "The authors go on to discuss some of the attributes required for successful online opposition:
"[An] important finding was the necessity of locating the oppositional Web sites beyond the reach of the repressive authorities by hosting them on servers located in strong democratic countries. Moreover, in order to protect them relatively robustly from the cyberattacks initiated by authoritarian regimes, the servers should be situated in countries with relatively strong technical defenses and a highly ramified Internet network..."and...
"Additional strength is achievable by the creation of several mirror sites situated at different servers in physically different parts of the Internet. It is also essential that the national Internet domain name registrars remain free from control by the non–democratic authorities to prevent the authorities from suspending registration of the oppositional Internet resources and thus switching them off."The report also discusses how both traditional media (television, print and radio) as well as online information sources were used by both sides in the conflict to control messages, counter-messages and disinformation.
"In the days after the fast-moving, widespread attack, analysis pointed to North Korea as the likely starting point because code used in the attack included Korean language and other indicators."But according to unnamed "cybersecurity experts" in the article this no longer appears to be the case. Of course, with the same type of flawed analysis, the "experts" can now speculate who else might be involved:
"These officials point suspicions at South Koreans, possibly activists, who are concerned about the threat from North Korea and would be looking to ramp up antagonism toward their neighbor."The article, as usual, provides little to no details that can be independently analyzed and appears to be confused about the exact nature of the attack, The article first describes the attacks as "...crippling strikes, known as "denial of service" attacks" but later says "...the attacks were largely restricted to vandalizing the public Web pages..." of the victims.
"...international law requires anyone receiving an SOS signal to "proceed with all possible speed" to render assistance. Today, similar legal duties abound -- what we might call "duties to assist" -- whether in response to a pilot's mayday call, distress signals, or emergency numbers."However, this duty does not currently extend to the Internet. The article argues (rightly) that existing efforts (more technology and the militarization of cyber space) will not prevent large scale international cyber attacks:
"Technological prevention measures -- thicker security firewalls and better mechanisms to detect and repel attacks -- will undoubtedly be part of any effective counterattack strategy. Similar progress may come from efforts to reach agreement on how militaries should operate in cyberspace and increased transnational coordination among law enforcement agencies.The authors give a brief description of how this duty might work to improve the situation:
"But these measures will not be enough to solve the problem. Open networks will always be vulnerable to malicious attack as new security measures generate improved hacking techniques in an endless game of cat and mouse. The laws of war that govern military uses of force do not translate easily into cyberspace. Criminal laws, similarly, are a blunt instrument for protection. The difficulties inherent in trying to identify the precise location from which attacks arise and the identities of anonymous attackers stem from the basic structure of the global internet. Those difficulties make enforcement of criminal penalties (or the laws of war) difficult and at times impossible."
"A duty to assist can work without identifying the attackers. It focuses instead on minimizing the attack's effects. A victim would send out a distress call... and all those in a position to provide assistance -- whether governments or private actors -- would have an obligation to respond. Help could come in many forms. If attackers denied service to a computer resource, internet service providers could provide additional bandwidth. If an attack crossed through a nation's territory, that nation's government would have to deny attackers further use of its information networks and help trace the attack to its true origins."
"Suspicious Internet activity with IP addresses originating in the East Asia and the Pacific region represented 79 percent of the regional cyber collection effort, a significant increase over last year’s 52 percent. These apparent cyber operations mainly targeted cleared defense contractor networks used for research and development documentation, especially those related to information systems technology."The report noted an interesting trend between Asian and Near East activity and that of Europe and Eurasia [emphasis added]:
"Europe and Eurasia collectors do not need to use high-profile collection techniques because their covert collection methodologies are already efficient and effective as to render the more blatant, overt requests largely supplemental to other collection competencies. It is noteworthy that even though their overt collection efforts have declined, European and Eurasian cyber actors remain some of the most active targeters of United States technology."The report contains in-depth analysis of the types of information targets and regional statistics and analysis of activity. The report forecasts increased cyber activity in the future:
"Government and commercial collection entities worldwide are highly likely to continue the use of cyber collection activities against United States government and its CDCs. Cyber intrusion offers a relatively low-risk, high-gain technique giving illicit collectors the opportunity to acquire sensitive and proprietary information stored on United States computer networks. Cyber targeting may also be utilized as a collection planning tool to identify targets of opportunity not readily apparent to traditional collectors. This cyber reconnaissance allows foreign elements to design targeting plans employing the full range of collection techniques on focused targets."
"...documents a complex ecosystem of cyber espionage that systematically compromised government, business, academic, and other computer network systems in India, the Offices of the Dalai Lama, the United Nations, and several other countries. The report also contains an analysis of data which were stolen from politically sensitive targets and recovered during the course of the investigation. These include documents from the Offices of the Dalai Lama and agencies of the Indian national security establishment. Data containing sensitive information on citizens of numerous third-party countries, as well as personal, financial, and business information."The analysis shows strong links to the People's Republic of China as the origin of the attacks.
"Attribution concerning cyber espionage networks is a complex task, given the inherently obscure modus operandi of the agents or groups under investigation. Cyber criminals aim to mask their identities, and the networks investigated in this report are dispersed across multiple platforms and national jurisdictions. Complicating matters further is the politicization of attribution questions, particularly concerning Chinese intentions around information warfare. Clearly this investigation and our analysis tracks back directly to the PRC, and to known entities within the criminal underground of the PRC. There is also an obvious correlation to be drawn between the victims, the nature of the documents stolen, and the strategic interests of the Chinese state. But correlations do not equal causation. It is certainly possible that the attackers were directed in some manner — either by sub-contract or privateering — by agents of the Chinese state, but we have no evidence to prove that assertion. It is also possible that the agents behind the Shadow network are operating for motives other than political espionage, as our investigation and analysis only uncovered a slice of what is undoubtedly a larger set of networks. Even more remote, but still at least within the realm of possibility, is the false flag scenario, that another government altogether is masking a political espionage operation to appear as if it is coming from within the PRC. Drawing these different scenarios and alternative explanations together, the most plausible explanation, and the one supported by the evidence, is that the Shadow network is based out of the PRC by one or more individuals with strong connections to the Chinese criminal underground. Given the often murky relationships that can exist between this underground and elements of the state, the information collected by the Shadow network may end up in the possession of some entity of the Chinese government."
"North Korea has launched a cyber-war unit that targets sites in South Korea and the US"but no further details were provided in the BBC article.
"The difference between cybercrime, cyber-espionage, and cyberwar is a couple of keystrokes," says [Richard] Clarke [former Presidential cyber security adviser]. "The same technique that gets you in to steal money, patented blueprint information or chemical formulas is the same technique that a nation-state would use to get in and destroy things."
"The new initiative involves getting internet cafe owners to monitor the websites their customers view and to pass on any worries over suspicious activity to the police."and additionally,
"The police want internet cafe owners to check the hard drives of their computers to help spot any suspicious activity."It should probably go without having to say, there are critics of the program(me). One commentator is quoted::
"What is dangerous about this initiative is that it does not just focus on preventing access to illegal material but also material that is defined as 'extremist' without offering an objective definition of what that is.
"It thus potentially criminalises people for accessing material that is legal but which expresses religious and political opinions that police officers find unacceptable."
"From charismatic clerics who spout hate online, to thousands of extremist websites, chat rooms and social networking pages that raise money and spread radical propaganda, the Internet has become a crucial front in the ever-shifting war on terrorism."The article also discusses using the Internet for terrorist training activities:
"The new militancy is driven by the Web," agreed Fawaz A. Gerges, a terrorism expert at the London School of Economics. "The terror training camps in Afghanistan and Pakistan are being replaced by virtual camps on the Web."
"2009 also was a year in which more people gained greater access than ever before to more information about human rights through the Internet, cell phones, and other forms of connective technologies. Yet at the same time it was a year in which governments spent more time, money, and attention finding regulatory and technical means to curtail freedom of expression on the Internet and the flow of critical information and to infringe on the personal privacy rights of those who used these rapidly evolving technologies."Most notable in the report were China and Iran:
"The government of China increased its efforts to monitor Internet use, control content, restrict information, block access to foreign and domestic Web sites, encourage self-censorship, and punish those who violated regulations. The government employed thousands of persons at the national, provincial, and local levels to monitor electronic communication ... The government at times blocked access to selected sites operated by major foreign news outlets, health organizations, foreign governments, educational institutions, and social networking sites, as well as search engines, that allow rapid communication or organization of users... The government also automatically censored e-mail and Web chats based on an ever-changing list of sensitive key words."The report also notes that government interference is not always effective:
"Despite official monitoring and censorship, dissidents and political activists continued to use the Internet to advocate and call attention to political causes such as prisoner advocacy, political reform, ethnic discrimination, corruption, and foreign policy concerns."The report cites Iran for cracking down on Internet access in the run-up to the June presidential election:
"...the government blocked access to Facebook, Twitter, and other social networking sites. After the June election, there was a major drop in bandwidth, which experts posited the government caused to prevent activists involved in the protests from accessing the Internet and uploading large video files."Receiving honorable mentions were North Korea because:
"Internet access was limited to high-ranking officials and other elites..."and Vietnam where:
"Bloggers were detained and arrested under vague national security provisions for criticizing the government and were prohibited from posting material the government saw as sensitive or critical. The government also monitored e-mail and regulated or suppressed Internet content, such as Facebook and other Web sites operated by overseas Vietnamese political groups."
"Law firms are attractive targets for cyberattackers because they maintain sensitive client information on their systems, according to attorneys and technology consultants. Perpetrators may be digging for litigation strategies, negotiation tactics, details on pending deals, or other specific information that could aid governments, competitors, or other entities. The bulk of cyberattacks originate overseas, with China leading the pack..."Law firms are at high risk because of both the sensitive nature of the information they possess and because they don't understand the threat or how to protect themselves. From an adversaries perspective, they are high value targets with a high potential for a successful attack and low risk of being caught.
"Often, law firms never figure out on their own that their networks have sustained serious breaches, largely because... attacks are designed to be difficult to detect. Most firms learn of network security problems from third parties, often law enforcement authorities..."
"Law firms often fear that disclosing such a breach may prompt their clients to take their business to a competing firm, even though that competing firm likely has no better capacity to protect the client's information..."
