Cyber Warfare a fantasy or an imminent threat? to some who are IT practitioners its a thought contained only to conflicting states, extremism and to some warfare can be indicated when a shot was fired in anger among combating troops. Little did they realize that warfare can be conducted in a different arena and now, being at the time of bauds and packets it is a real present danger to the Information Age.
Cyber Warfare & Terrorism is a prelude to overt and covert conflict, with the goal to isolate and silence the opposition. Defacing government sites has proven to be an effective way to spread disinformation and a means to propaganda. Cyber warfare is a very attractive means of accomplishing non-kinetic operation ( aimed at the heart and minds and the decision making process of the opposition ) which is not limited to government and state but as well as this open to all tiers of the society and private sector.
The Depth and Impact Ratio of Cyber Warfare/Terrorism
Cyber warfare categorized by methodology:
Cyber espionage & Gathering data :
act or practice of obtaining secrets (sensitive, proprietary or classified information) from individuals, competitors, rivals, groups, governments and enemies also for military, political, or economic advantage using illegal exploitation methods on internet, networks, software and or computers.
Web vandalism & Propaganda :
perpetrated on websites/mobile systems
Distributed Denial-of-Service Attacks:
Large numbers of computers controlled by one person launch a DoS attack against systems. The overwhelming number of attempted accesses crowds out legitimate users who need to access the service.
Equipment disruption:
Military activities that use computers and satellites for coordination are at risk from this type of attack. Orders and communications can be intercepted or replaced, putting soldiers at risk.Attacking critical infrastructure: Power, water, fuel, communications, commercial and transportation are all vulnerable to a cyber attack.
Compromised Counterfeit Hardware:
Common hardware used in computers and networks that have malicious software hidden inside the software, firmware or even the microprocessors.
Sighting the different level of conducting cyber warfare, here we point out the most prevalent and well used and easily ignored are the Cyber espionage and DDOS, both are thriving and are very successful means of Cyber warfare. Understanding the method now we tackle the key targets - countries and states are dependent to Economy, Communication and Services( transportation/medical/fuel/etc ) and the current trends are they are interconnected in one form or another via Internet or network big and small and with Cyber Warfare goal is to cause havoc and crisis from within any sovereign state and should the campaign proceed the goal is from the ashes of Information Warfare disruption of the 3 integral foundation of any state will cause internal concern to insurgency often result to anarchy. This done before any physical weapon is fired within the borderline of the said country or so prior to any invasion force. We have seen countless threats but not as aggressive as lately when state and groups like the one that happened in 2008 in Georgia/2007 Estonia and Russia where it almost brought down 2 countries to their knees on a separate occasion, and going further lets sight in more details about this occurences.
Overview on Cyber warfare Campaign in the European Theater - Some of the most wired nation in the world was deduced by a total of 128 unique DDOS Attacks on Country’s based URL Most lasted less than an hour with the longest lasting 10 hrs and 30 minutes. As the attack was measured by how many packets of information flooded the listed url to make it inaccessible ( 58 govt./financial infrastructure went down at once ) Collection of compromised home and office computer worldwide – simultaneous access to Certain url effectively overloading the site. Estonian computer security and effective emergency planning saved the tiny nation from Complete shutdown.
Then the campaign of the infamous Ghost (aka rouge IP from china) which was previously utilized to limited population of dissidents as indicated by key researchers in the security community then it moved to a higher notch in which this threat campaign waltz its way from 2009-to recent where in targeted number of government and private sectors in India primarily were subjected to cyber espionage where in sensitive and top secret information was pulled out of the compromised system. With 1,300 infected host in 103 countries with up to 30% of infected host are high value targets with host systems located at govt. foreign ministries, banks, telecommunication, embassies, International Organization, news media and others. Identified China’s cyber espionage to be progressive and persistent since march of 2009.
An overview of the Ghost - its backdoor behavior is particularly interested on files with the following extension names: txt, rtf, doc, pdf, docx, xls, xlsx, ppt, pptx that was recently accessed.It checks the folder C:\Documents and Settings\Administrator\Recent to locate files, when a file is found it saves it to the folder There is also a function that compresses the files using .CAB compression and moves it to c:\windows\temp\syslog\s, from here the malware will send those compress file to a specified the URL repository somewhere in china.
Methods of this threat vector primarily employed social engineering approach via e-mail and twitter to pilfer secrets from system. Ironic as it may seem but we can have all the security application and hardware available money can buy but at the end of the day are we really prepared at the dawn of the cyber warfare when you become a target in this information age we live in.
I have just cited some real life unconventional cyber threat, Now are you prepared for it?
Joseph Felix Pacamarra, CEH
Senior Security Analyst