Cyber

This is the final part of the Paper. In this part the authors explains the reasons why Cyber War will not take place.

Non- state actors could also carry out cyber attacks that aim to control or disrupt system whether for ideological or criminal reasons. However, such groups do not have the same abilities as large states. As cyber attacks on a high- valued targets such as defense systems or military objects require both high level of knowledge of cyber space but also deep understanding of hacking highly encrypted codes.

Non- state actors could also carry out cyber attacks that aim to control or disrupt system whether for ideological or criminal reasons. However, such groups do not have the same abilities as large states.

Radicalization in Cyber Space 

And nowadays there is a rising threat of radicalization in cyber space as the growing usage of advanced technologies and computer skills not only among individuals and soldiers, but also including terrorist groups, creates the possibility for a cyber war with a special focus on civilian target such as airports, power stations, and military command structures (Gray 2007). Although the fact those radical groups do not have such capabilities in cyber war at the present time, there is a strong possibility that sooner or later they would achieve cyber superiority.

Furthermore, the information systems generate vulnerabilities for large and rich states due to the fact that it enhances profitability and easily disorders targets for terrorist groups. And it is almost impossible to make a modern IT system without some vulnerabilities waiting to be exposed. Therefore the growing concern of the importance of cyber security has impact on cyber space, and more significantly on the real life situations. However, “cyber attacks appear much less useful than physical attacks: they do not fill potential victims with terror, they are not photogenic, and they are not perceived by most people as highly emotional events” (Lachow 2009, p. 450). As a consequence, terrorist groups are not considering the cyber attacks as potential future events.

Cyber War and Clausewitz

On the other hand, with reference to Thomas Rid’s article ‘Cyber war will not take place’ (2011) the existence of an opinion that there is no cyber war in the past, in the present or future due to many facts. Initially, there is no clear explanation and no legal entity for what does ‘cyber war’ mean and how it should be understood. Therefore, the question arises, is there an actual existence of cyber war in the real world? According to Carl von Clausewitz (1832, 1980), there are three elements of war. The first component of war is violent character; the real war is always assumed as the act of physical violence and deaths of innocent citizens.

It should be mentioned that the actions of cyber attacks are usually anonymous and in general are hard to identify and detect. As a result, there is no clear evidence of the beginning of war or attack in the cyber space

Therefore, if there is no an actual act of violence, there is no war. Furthermore, the concept of cyber war is not providing a clear explanation what are the weapons of it, and how to respond to these arms. Which resulted in the non- existence of cyber war itself in the legal framework, “the only issue that has been defined by international agreement is a nation’s right to self defense when attacked, and that applies only to the traditional manner of attack, i.e., ‘armed’ attack” (Carr 2010, p. 39). The second element of Clausewitz explanation of war is instrumental character, he stated that the act of war is instrumental; it has a means and an end (Rid 2011). The actions of violence and threat are the means, and to reach the end of the war the opponent has to be a defenseless and accept the offender’s will (Clausewitz 1832, 1980).

It should be mentioned that the actions of cyber attacks are usually anonymous and in general are hard to identify and detect. As a result, there is no clear evidence of the beginning of war or attack in the cyber space, and no clear distinction of the offender and his will. The third element of Clausewitz meaning of war is its political nature, where in the real world the act of war is supposed to have a political purpose and use of force. Furthermore, in order to “be political, a political entity or a representative of a political entity, whatever its constitutional form, has to have an intention, a will” (Rid 2011, p. 8). To put it in another way, the “Cyber Warfare is the art of science of fighting without fighting; of defeating an opponent without spilling their blood” (Carr 2010).

Geography of Cyber Space

The cyber space is ideal fighting ground as the geography of cyber space is much more mutable than any other environment. For instance, as Gregory Rattray said mountains and oceans are difficult to move, whether the extents of cyber space could be turned on and off with the click of a switch (2009). What it basically means in international affair that in critical moments there is a possibility for a limitation of government’s ability to communicate internationally and control what is going to be heard in the global arena. As a matter of fact that is what happened in Georgia in 2008.

There was a cyber attack organized by Russian government against Georgian websites with a simultaneous military operations happening in South Ossetia

There was a cyber attack organized by Russian government against Georgian websites with a simultaneous military operations happening in South Ossetia (Nazario 2008). The cyber attack on Georgia covered three different types. The first on is attack on country’s website were defaced, for example Georgia’s national bank and the ministry of foreign affairs, one of the most notable defacement was a collage of portraits juxtaposing Adolf Hitler and Mikheil Saakashvili, the Georgian president (Rid 2011). The second type of cyber attack was on Georgian public and private sectors, including state websites, like the parliament, but also news media, the Georgian’s largest commercial bank, and others insignificant websites. And the third approach was on distribution of malicious software that intensified the degree of attack (Rid 2011). It should be mentioned that it was the first time in history on cyber space where there was a simultaneous military actions and cyber attacks.

Conclusion : A New Battlefield 

Russian Cyber Attack on Georgia in 2008. Source : NATO

In conclusion, it should be mentioned that at the present time the world is changing to the highly charged battlefield of the ideas. This is not the world where material resources are valued as the main subject of embittered competition between power states. It is the new emerging world where the strategic planning and management of the information capabilities and cyber resources is the key elements to the success in the global arena. The information resource became an important element in the world; the humankind has reached this stage of development where the regular laptop in the hands of professionals could become a weapon.

Furthermore, nowadays the world is depending on computers as many things are controlled by it: the pressure in the pipelines, the operation of the power systems, and the movement of aircrafts, hospitals and emergency services. These systems are operating under special software and therefore are vulnerable for viruses that could lead to phenomenal effects with the infliction of economic and physical damage comparable to the impact of conventional arms. This essay includes two main viewpoints of cyber war, the first one is supported by Jeffrey Carr, Singer and Friedman, and Rattray, who argued in favor of the existence of cyber war and second one is Thomas Rid who stated that there is no cyber war and it will not take place in the future. According to Thomas Rid there is no clear evidence that cyber war exist, only subversion, espionage and sabotage (2011). He argues that at the present time there is no known act of cyber war where clear explanation of war is defined.

And the political cyber offences, whether they are criminal or not, should not be defined as neither common crime nor common war. Therefore, nowadays there is no confirmation of cyber war that is going on in the global arena. On the other hand, the continuous cyber attacks and the circulation of the idea of possible cyber war are discomposing more and more individuals, military and state minds around the world. The CSIS, the Center of Strategic and International Studies, established many research papers about probability of cyber war and the importance of cyber security nowadays, they also declared that cyber warfare should be concerned as serious as a missile threat.

It should be mentioned that cyber war is the cheapest and effective way of disabling the civil and defensive facilities. Furthermore, the most technological advanced countries are the most vulnerable for the cyber attacks, as currently states, public organizations, and private companies are transferring their management activities to the Internet or a public data networks. To conclude, although there is no clear explanation of cyber war and legal framework of how governments are allowed to react to this kind of attack, and the fact that cyber war is not violent, there is still evidence of the continuous cyber war between states, like Georgia and Russia in 2008, and therefore there is an existence of cyber war in the real world.

 

 

Bibliography:

Carr, J. (2010) Inside Cyber Warfare. Sebastopol, O’Reilly Media, Inc.

Clausewitz, C. (1832, 1980) Vom Kriege. Berlin: Ullstein.

CSIS commission (2008)  Securing cyberspace for the 44th presidency: a report of the CSIS commission on cyber security for the 44th Presidency. [pdf] Washington: Center for Strategic and International Studies. Available at: http://csis.org/files/media/csis/pubs/081208_securingcyberspace_44.pdf. [Accessed 1 December 2014].

Dunlap, C.J. (1998) The Law of Cyber war: a case study from the future. In Campen A.D. & Dearth D.H. (Eds) Cyber war 2.0: Myth, Mysteries and Reality. Fairfax,  AFCEA International Press.

Gray, J. (2007) Al Qaeda and what it means to be modern. London, Faber and Faber Limited.

Lachow, I. (2009) Cyber terrorism: menace or myth. In Kramer F.D. & Starr S.H. & Wentz L.K. (Eds) Cyber power and National Security. Washington, Potomac Books, Inc.

Lewis, J. (2003) Interview in: Frontline: Cyber war. PBS. Available at: http://www.pbs.org/wgbh/pages/frontline/shows/cyberwar/interviews/lewis.html. [Accessed 1 December 2014].

Nazario, J. (2008) Georgia DDoS Attacks – A Quick

Summary of Observations. Available at: http://www.arbornetworks.com/asert/2008/08/georgia-ddos-attacks-a-quick-summary-of-observations/. [Accessed 1 December 2014]

Petersen, J.L. (1998) Living in a Wired World: Cyber Society 2020. In Campen A.D. & Dearth D.H. (Eds) Cyber war 2.0: Myth, Mysteries and Reality. Fairfax, AFCEA International Press.

Rattray, G.J. (2001) Strategic Warfare in cyberspace. Cambridge, Best-set Typesetter Ltd.

Rattray, G.J. (2009) An Environmental Approach to Understanding Cyber power. In Kramer F.D. & Starr S.H. & Wentz L.K. (Eds) Cyber power and National Security. Washington, Potomac Books, Inc.

Rid, T. (2011) Cyber War Will Not Take Place. Journal of Strategic Studies, 35:1, 5-32.

Singer, P.W. & A. Friedman (2014) Cyber security and Cyberwar: what everyone needs to know. New York, Oxford University Press.

Top 10 State Sponsored Hackers Organizations

by LANCE DAVID LECLAIRE

 

Hacker groups are the fastest-growing threat to nations today—not so much the “hacktivists” that we hear about but extremely professional groups working for governments that we don’t hear about. State-sponsored hacker groups have the ability to worm into the networks of the media, major corporations, defense departments, and—yes—governments and wreak havoc. Even security firms designed to stop them may be infiltrated.

The situation is so bad, it’s being described as another “cold war,” and this one is truly global and largely invisible. Even corporate brands are targeted by states seeking an economic edge over competing nations. Since computer defenses are laughably easy for hackers to compromise, offensive capabilities become more tempting, until eventually everyone is attacking each other. It’s only a matter of time before cyber attacks are considered an act of actual war (a stance that the US is already veering toward). Hacker groups like the ill-named “Guardians of Peace” have already threatened violent terror attacks and curtailed freedom of speech in Hollywood.

Here are 10 of the key players in this new cat-and-mouse game of espionage, sabotage, and warfare.

10The Syrian Electronic Army (SEA)
Syria

The Syrian Electronic Army (SEA) enjoyed fame and a sort of love–hate relationship with the media in 2011–2013. The group is mostly composed of university students in Syria or its allies who often deliver propaganda for Syrian President Bashar al-Assad. Their high-profile hacks of major media outlets included the New York Times, various Twitter accounts, and even the Onion (whose retort was rather memorable), which gained them a reluctant respect among security companies.

The SEA also orchestrated successful attacks on CNN, The Washington Post, and Time in 2013. Finally, the group once convinced the public that an explosion had gone off in the White House, injuring president Obama. This briefly upset the stock market, bringing the Dow Jones index down by a full percent.

The SEA hackers have also been known to engage in darker endeavors, such as targeting and intimidating individuals they don’t agree with or who do not support Assad. While they claim to be simple patriots, they also admit to relaying relevant information to the state, illustrating the murky line between hacktivists and state-sponsored hackers. The SEA works mainly through the use of “spear-phishing,” a partly socially engineered method where a user is tricked into giving out passwords or other sensitive information, often by being directed to a fake website set up for that purpose.

In November 2014, the SEA returned and “hacked” a number of sites using a content delivery network, displaying a pop-up that read: “You have been hacked by the Syrian Electronic Army.”

9Tarh Andishan
Iran

9_510901221

In 2009, Iran was left with a badly compromised and diminished computer infrastructure after the widely publicized Stuxnet worm attack. Iran responded by elevating its hacking capabilities from simple website defacement to full-blown cyber warfare. Thus, a state-sponsored hacker group dubbed “Tarh Andishan” (“Thinkers” or “Innovators” in Farsi) was born.

The group gained prominence with “Operation Cleaver,” a campaign that has been active since around 2012 and has targeted at least 50 organizations throughout the world in the military, commercial, educational, environmental, energy, and aerospace fields. Chillingly, they have also targeted major airlines and in some cases even gained “complete access” to airline gates and control systems, “potentially allowing them to spoof gate credentials.” Cyber security firm Cylance, who has yet to reach a conclusion as to the group’s long-term goals, released an early report on Tarh Andishan (which represents only a fraction of the group’s activities) because of fears that Operation Cleaver already poses a “grave risk to the physical safety of the world.”

The report presents evidence such as known hacker handles, Iranian domain names, infrastructure hosting, and other indicators. Cylance believes the infrastructure available to Tarh Andishan is too large to be the work of an individual or a small group. Tarh Andishan uses advanced techniques ranging from SQL injection, advanced exploits and automated worm-like propagation systems, backdoors, and more. They are thought to have about 20 members, mostly from Tehran with auxiliary members in Canada, the UK, and the Netherlands. Its victims include the US and Central America, parts of Europe, South Korea, Pakistan, Israel, and several other Middle Eastern regions.

 

8Dragonfly / Energetic Bear
Eastern Europe

A group that Symantec calls “the Dragonfly gang” and other security firms have called “Energetic Bear” has been operating out of Eastern Europe and targeting mostly energy companies since around 2011. Before that, it was targeting airline and defense sectors, usually in the US and Canada. Symantec says that the hacker group “bears the hallmarks of a state-sponsored operation, displaying a high degree of technical capability.” It was first discovered by the Russian-based security firm Kaspersky Labs.

Dragonfly uses remote access Trojans (RATs) such as their own Backdoor.Oldrea and Trojan.Karagany malware tools to spy on energy industry targets, although the methods could also be used for industrial sabotage. The malware is usually attached to phishing e-mails, although the hackers have recently upgraded to “watering hole” methods of targeting: compromising sites that a target is known to frequent. The targets are then sent on a series of redirects until Oldrea or Karagany can be introduced into a victim’s system. In the later stages of their campaign, they even managed to infect legitimate software, which would be downloaded and installed as usual along with unwanted malware.

Like Stuxnet before it, Dragonfly’s campaign was one of the first major efforts to directly target industrial control systems. Unlike Stuxnet, which targeted only Iran’s nuclear program, Dragonfly’s campaign was widespread, with long-term espionage and access as its primary goal and the ability to commit serious sabotage as an optional but terrifying capability.

7Tailored Access Operations, NSA
USA

In the aftermath of Stuxnet, the US wasn’t going to be left behind in the cyber warfare and espionage game. The country reserves the right “to use all necessary means—diplomatic, informational, military, and economic—as appropriate and consistent with applicable international law.” America’s state-sponsored hacking group is Tailored Access Operations (TAO) run by the National Security Agency. It’s the group responsible for making Edward Snowden famous after the German magazine Der Spiegel leaked details revealing TAO and the fact that the NSA had collected telephone data from thousands of Americans and overseas intelligence targets.

Since at least 2008, TAO was also able to intercept PC deliveries (where it would intercept the computer and place spying software inside), exploit hardware and software vulnerabilities, and hack corporations as sophisticated as Microsoft (which TAO allegedly did via Microsoft’s crash report dialogue boxes along with the usual range of ultra-sophisticated cyber warfare techniques).

The organization isn’t quite so secretive these days, and employees even list themselves on LinkedIn, but it’s just as busy—hopefully against foreign enemies this time. Their 600-employee-strong primary headquarters is housed in the main NSA complex in Fort Mead, Maryland. To get an idea of their current operations, just ask Dean Schyvincht, who claims to be a TAO Senior Computer Network Operator from the Texas office. He says that “over 54,000 Global Network Exploitation (GNE) operations in support of national intelligence agency requirements” have been carried out as of 2013 with a staff of just 14 people under his management. We can only imagine what Fort Mead is up to.

6Ajax Security Team / Flying Kitten
Iran

6_188141202

Ajax started out in 2010 as a group of “hacktivists” and website defacers from Iran, but they went from activism to cyber espionage and outing of political dissidents. They deny being state sponsored, but many believe that they were hired by the Iranian government—an increasingly common pattern where a group gains the attention of a government through its public activities in order to gain state sponsorship.

Ajax came to the attention of security firms and groups like CrowdStrike when a series of mistakes (one of which gave investigators a member’s real e-mail address) exposed attempts to target the US defense industry and Iranian dissidents. The firm FireEye believes that Ajax was responsible for “Operation Saffron Rose”—a series of phishing attacks and attempts to spoof Microsoft Outlook Web Access and VPN pages in order to gain information and credentials within the US defense industry. The group also exposed dissidents by luring them in with corrupt anti-censorship tools.

Groups like this demonstrate a growing “grey area between the cyber espionage capabilities of Iran’s hacker groups and any direct Iranian government or military involvement.” This blurring line between groups and governments will probably become more pronounced in the future.

 

5APT28
Russia

5_186156711

“APT” stands for “advanced persistent threat,” a designation used in reports on hacker groups by security firms. Sometimes—when there is little else to go on—such groups are named after these reports. Such is the case with a dangerous group called “APT28” and believed to be operating out of Russia. It has been engaging in advanced cyber espionage since at least 2007.

Russia is considered one of the world’s leaders in cyber warfare, but it’s hard to find conclusive evidence linking APT28 to Moscow. According to FireEye’s vice president of threat intelligence, their report shows that the malware and tools used and created by APT28 consistently indicate “Russian language speakers operating during business hours that are consistent with the time zone of Russia’s major cities, including Moscow and St. Petersburg.”

The group utilized an array of methods and attacks against military and political targets in the US and Eastern Europe, including specifically valuable targets for Russia such as Georgia. It’s even targeted NATO, and in a different report, a White House official has confirmed that the group hacked its way into unclassified White House networks and may have targeted Ukraine.

4Unit 61398 / Comment Crew / Putter Panda
China

In 2013, Mandiant released a report that claimed to have caught China with its hand right in the information cookie jar. Mandiant concluded that a group working for the Chinese military’s elite Unit 61398 stole hundreds of terabytes of data from at least 141 organizations in English-speaking nations. Mandiant based this allegation on evidence such as Shanghai IP addresses, computers using Simplified Chinese language settings, and indications that numerous individuals rather than automated systems were behind the attacks.

China rejected the claims, saying that the report “is not based on facts” and “lacks technical proof.” Brad Glosserman, executive director of the Center for Strategic and International Studies’ Pacific Forum refuted this, pointing out that the evidence—when taken together with the type of information stolen—doesn’t support a rejection. Mandiant even knew where most of the attacks were coming from: a 12-story building just outside of Shanghai where the hackers had access to high-powered fiber optic cables.

About 20 high-profile hacker groups are reported to come from China, and at least some of them are thought to report to the People’s Liberation Army (Chinese military). This includes Comment Crew and Putter Panda, a hacker group active since 2007 that has allegedly worked out of PLA-owned buildings. They helped trigger an ongoing US indictment against a group of five individuals in 2014.

3Axiom
China

3_476767919

A coalition of security-related groups including Bit9, Microsoft, Symantec, ThreatConnect, Volexity, and others have identified another dangerous group, which they have dubbed “Axiom.” The group specializes in corporate espionage and targeting of political dissidents, and it may have been behind the 2010 attack on Google. Axiom is believed to come out of China, but no one has yet been able to identify where in mainland China the group operates. A report from the coalition stated that Axiom’s activities overlapped with “the area of responsibility” attributed to the Chinese government’s intelligence agencies, a judgment also supported by an FBI flash released to Infragard.

The report goes on to describe Axiom as a possible subgroup of a larger unnamed group in operation for more than six years, targeting mostly private industries that are influential in the economic sphere. They use techniques ranging from generic malware attacks to sophisticated hacking exploits that can take years to manifest. Western governments, pro-Democracy institutions, and dissidents inside and outside of China have also been targeted. Chinese Embassy spokesman Geng Shuang stated that “judging from past experience, these kinds of reports or allegations are usually fictitious,” and that the government in Beijing “has done whatever it can to combat such activities.”

2Bureau 121
Pyongyang, North Korea

By now, most people have heard about the attacks on Sony Pictures by hackers calling themselves “Guardians of Peace” (GOP). The group claimed to be upset because of The Interview—an upcoming movie that depicts the graphic assassination of North Korea’s leader Kim Jong-un. Guardians of Peace even threatened 9/11–style terrorist attacks against Sony facilities and movie theaters if The Interview was released, along with attacks against the actors and executives involved. The GOP wrote: “Whatever comes in the coming days is called by the greed of Sony Pictures Entertainment. All the world will denounce the SONY.”

The ties to North Korea have led to accusations that the nation itself was responsible for at least some of the attacks. This has pushed a group known as Bureau 121 into the media. Bureau 121 is a cyber warfare cadre of North Korean hackers and computer experts. Defectors have claimed that the group belongs to the General Bureau of Reconnaissance, North Korea’s military spy agency. It engages in state-sponsored hacks and sabotage on behalf of the Pyongyang government against South Korea and perceived enemies like the US. In 2013, an attack on 30,000 PCs inside South Korean banks and broadcasting companies was attributed to the group. According to some, Bureau 121 comprises some 1,800 members who are treated as elites and provided with plentiful incentives such as rich salaries and the ability to bring their families with them when they are allocated living spaces in Pyongyang. Defector Jang Se-yul, who claims to have studied with the group at North Korea’s military college for computer science (University of Automation), told Reuters that overseas divisions of the group exist, embedded into legitimate businesses.

But is North Korea’s government really behind the attacks? A spokesperson refused to clarify it, only saying: “The hostile forces are relating everything to the DPRK (North Korea). I kindly advise you to just wait and see.” The White House told CNN that they “have found linkage to the North Korean government,” and were “considering a range of options in weighing a potential response.” Whatever the case, Sony caved in to the threats. After many theaters dropped the film’s Christmas opening, the corporation pulled it indefinitely—a move that doesn’t look good for freedom of speech in a world where any cyber bully with enough hacking skills can get away something like with this. Note: Since the time of writing, Sony has released the movie in a limited capacity.

1Hidden Lynx
China

“Hidden Lynx” (a name given by Symantec) is one of the newest active groups. A 2013 report describes them as an extremely organized and experienced team of hackers (about 50–100 of them) with a large amount of resources at their disposal and the patience to use them. They regularly make use of—if not create—the latest hacking techniques including their signature use of “watering holes.” This was one of the methods used in 2013 to infiltrate the cloud-based security firm Bit9 in an attempt to gain access to their clients.

These people don’t just engage in obtaining gaming credentials, targeting peer-to-peer users, or identity theft (although they do all of that, too). They go after some of the most secure targets in the world including defense industries, high-level corporations, and governments of major nations, with attacks concentrated on the US, China, Taiwan, and South Korea. They are the quintessential Hollywood-style mercenary hacker organization.

All indications seem to point to China as Hidden Lynx’s main base of operations, but it isn’t certain whether it is some sort of a state-sponsored entity or a powerful mercenary group. Their advanced skills and techniques—as well as the fact that their infrastructure and command and control servers all originate in China—make it highly unlikely that the group is unsupported.

Lance LeClaire is a freelance artist and writer. He writes on subjects ranging from science and skepticism, atheism, and religious history and issues, to unexplained mysteries and historical oddities, among other subjects. You can look him up on Facebook, or keep an eye out for his articles on Listverse. Now you can follow him at his satirical atheist blog, Christians and Atheists Against Creeping Agnosticism.