Cracking the Digital Vault: A Study of Cyber Espionage
2012, Vol. 4 No. 04 | pg. 3/3 | «
Securing the Networks
When it comes to cyber defense, many believe that the solution can be found in firewalls. While still a useful tool against unsophisticated attackers, firewalls are less effective in deterring even mediocre hackers. While there are always security upgrades applied to firewalls, they are based on civilian and commercial technologies (ie Windows and Linux) and can be fooled with various software tools freely available to any attacker.
The other problem with reliance on firewalls, is that is fosters an attitude of laziness toward security at the user-level. Users may begin to feel impervious behind their firewalls and take no further steps to protect their data or prevent intrusions. But as we know from history, even the greatest walls cannot protect against all intruders. As in Jericho and Troy, once an attacker breeches the walls, he/she is able to plunder and/or destroy everything inside. Be it through a hacking trick, or a good old-fashioned Trojan Horse, firewalls are no longer sufficient to defend the networks against cyber attackers.
Given the bleak security picture I have painted thus far, how can we hope to survive against the constant threat of cyber attack? The future of security lies not in building bigger and better walls, but in protecting data and connections at the individual computer level. Many contemporary military communication control structures are based on static, hierarchical designs, which generally lack flexibility due centralization. To get around this, some are developing self-organized multi-agent swarm (SOMAS) systems. This system uses the formal structure of a Markov decision process (MDP)63 as the design foundation. Automated security agents patrol the network like white blood cells, but what is interesting is that they are programmed in such a way as to be self-synchronizing. A decentralized intrusion detection system that uses two agent populations to detect and eliminate intrusions relies upon self-organization for the agents to work together without centralized control.64 While this may sound like science fiction, using technology similar to IBM’s Watson who competed on Jeopardy,65 these agents would be trained in simulations and actually learn through trial and error how to respond in different situations.66 Rather than traditional yes/no programming, the agents are able to make semi-conscious decisions based on the real situation, having learned from experience. Since these swarm programs can be trained thousands of times in simulations in the same amount of time it takes to train one human agent, automated swarms provide a more efficient second line of defense than their human counterparts. The Navy’s CYBERCRAFT project is currently experimenting with fielding this type of defense system through its networks.67 68Another aspect we must consider is the question of authentication of users. Authentication in cyberspace is the process of verifying user identity prior to granting access to specific computer, network, or Internet services and resources. While the user password is the form of authentication that remains the primary means of user identification, they are a notoriously weak form of authentication; and can be compromised at any point in the authentication process. Since passwords alone no longer provide adequate authentication for many types of information (especially in the face of new sniffers, keystroke loggers, and better cracking algorithms, coupled with faster machinery), the use of multiple factors for network access might be recommended.69 The benefits of multifactor authentication are that hackers (or insiders) have to break (that is, gain unauthorized access to systems protected by) not one but many authentication devices. Each tends to have different strengths and different weaknesses. NIST Special Publication 800-633 recommends MFA for remote authentication to achieve assurance levels 3 and 4. Nevertheless, its implementation is not widespread. Although MFA is mandated for federal agencies, as per Homeland Security Presidential Directive-12 (HSPD-12) coupled with Office of Management and Budget (OMB) Memorandum M-06-16, many private organizations tend to avoid its use for employees, much less for other associates and customers (e.g., account holders).
Advertisement
There is also room to explore the possibility of turning an attacker’s advantages against him/her. Since almost all cyber espionage falls under CNE and CNA1, security programs should be installed that actually lie to an attacker. When an intrusion is detected, the system should automatically place false information in the affected network before the attackers can realize. If they fall for this bait-and-switch approach, governments can trace the origins of an attack by studying where this false information is used, sold, or examined in the real world. For this method to be effective, we must first better incentivize companies to report the details of intrusions and reduce the penalties they may face for negligence or extra-legal business practices.70
Finally, there is the option of unplugging from the current network and moving to a private Internet space reminiscent of the set-up in 1983. The Internet is quickly running out of IP addresses and DARPA is using the transition to IPv6 as an opportunity to disconnect from the civilian Internet. They are currently sponsoring a contest among programmers and contractors to submit proposals for a Military Network Protocol system that would act as a separate Internet with little to no connection to the civilian side. While this is a drastic undertaking, much exploratory research is being done into the idea. As DARPA works on unplugging from the rest of the Internet, there is also a push to cut down on the number of networks in existence. Each government agency and branch of the military operates countless individual networks, which leads to a great deal of redundancy. In cutting down on the number of networks, there will be fewer vulnerable connections and intersections between networks themselves as well as between the military apparatus and the civilian Internet. Many in the defense community are working to integrate networks with similar functionalities and provide more umbrella access.
Conclusion
In their article “The Information Revolution, Security, and International Relations,” Eriksson and Giocomello stress the importance of cooperation to mitigate the threat of cyber attacks. They emphasize that “government alone cannot secure cyberspace,”71 but do not propose a real alternative. From a Neoliberal point of view, this security dilemma could potentially be resolved through the creation of international institutions. While it would be difficult to launch, an international organization composed of states and non-state actors alike devoted to the maintenance of cyber security would greatly diminish the uncertainty currently faced by each state. In theory, each member would reveal its capabilities, offer methods for members to identify its cyber activity, and share developed defensive technologies, fostering trust and creating transparency. In such a case, any attacks instigated by members would be easily identified and punished, and any attacks originating from outside the group would be investigated and sought out by a collective might rather than isolated actors. Unfortunately, such a group would require members to disseminate more information than they would likely be willing to, for fear of weakening their positions, and many of the larger powers would probably avoid joining so as not to be accountable for their already established cyber warfare activities.
This dog-eat-dog mentality led Helen McLure to draw the interesting parallel between cyberspace and the Wild West. Elements of the Old West survive in the gold rush mentality and lawlessness and crime that have accompanied the opening of the electronic frontier.72 Hackers stealing intellectual property and defense schematics is eerily similar to bandits robbing trains and banks and stealing arms from ambushed marshals. Like the Old West, cyberspace holds the promise of endless possibilities of freedom and wealth for each netizen, but its anarchic structure also gives rise to a dangerous Hobbesian system. McLure’s final parallel is the rise of vigilante justice. Because the electronic frontier is still generally a lawless territory, vigilantism is often the preferred-and sometimes the only effective response to what the people perceive as crimes against both property and users.73 Such groups have arisen to fight spammers, and also frequently organize against more traditionally disturbing criminal activities, such as hate groups and child pornography.74 Groups like Anonymous have caused immeasurable damage over the years through their cyber vandalism, but they too mobilized against an oppressive Iranian crackdown and ensured the Green Revolution was not stamped out by protecting the protestors’ access to communication channels.
As the Constructivist school emphasizes the importance of symbols, ideas, and their meaning, Eriksson and Giocomello see “symbolic politics as highly relevant for studying digital age security.”75 The Internet is a tool for sharing information, but it is a unique medium that has developed a life of its own and an ever-evolving identity. It is important to understand that in many cases, the information spread online and the actions taken by many users are in some way affected by the culture and identity of the Internet. Cyberspace is like nothing we have ever seen before and from a Constructivist point of view, interactions between states, other states, and non-state actors must evolve to fit the Internet age.76 Nothing has given an idea more potential to spread and develop a life of its own than the Internet.
While cyber espionage continues to be a grave threat, it can be mitigated by the implementation of new security technologies. But we cannot stop there. As cyberspace develops and takes shape, we have the unique opportunity to lay the groundwork for peace and prosperity on the cyber frontier. While the Old West was indeed a lawless land, the robberies and murders did eventually stop. In this case, we too can settle the cyber domain. Whether it is through new monitoring technologies coupled with international norms, understanding, and cooperation; or the employment of vigilantes to hunt cyber criminals and become the proverbial Dark Knights protecting our digital Gotham City, cyber security will improve in the long run.
References
Abbate, Janet. Inventing the Internet. Cambridge, Mass: MIT, 1999. Print. Pg 15.
Adams, James. "Virtual Defense" Foreign Affairs Vol. 80, No. 3 (May - Jun., 2001), pp. 98
Alperovitch, Dmitri “Revealed Operation Shady Rat” McAfee White Paper
Capabilities and Related Policy Issues." Open CRS. Web. .
Advertisement
Chris Johnson, Naval War College Network, “Web Site Back Up Following Intrusion,” Inside the Navy, December 18, 2006.
“Dangerous Kitten” Encyclopedia Dramatica
Danny, Cohen. "Specifications For the Network Voice Protocol (NVP)." (1976): Pg 12. Internet Engineering Task Force. Web. .
DOJ Case Logs
Eriksson, Johan & Giacomello, Giampiero. “The Information Revolution, Security, and International Relations”. International Political Science Review Vol. 27, No. 3 (Jul., 2006), pp. 231
Fidler, Stephen "Steep Rise in Hacking Attacks from China," The Financial Times, December 5, 2007, at www.ft.com/cms/s/0/c93e3ba2-a361-11dc-b229-0000779fd2ac.html.
Ferrucci, David. "Building Watson: An Overview of the DeepQA Project." Association for the Advancement of Artificial Intelligence. 2010. Web. .
Grow, Brian, Keith Epstein, and Chi-Chu Tschang. "The New E-spionage Threat." Business Week. 10 Apr. 2008. Web. .
Gross, Michael “Exculsive: Operation Shady Rat” Vanity Fair 8/2/11
Hawke, Jack. “Internet Underground Takes on Iran”. MSN 9News. http://news.ninemsn.com.au/technology/827036/internet-underground-takes-on-iran
http://gigaom.com/cloud/the-real-costs-of-cyber-crime-infographic/
IMP -- Interface Message Processor, LivingInternet. http://www.livinginternet.com/i/ii_imp.htm
Keizer, Gregg. “'Shady RAT' hacking claims overblown, say security firms” Computer World 8/5/11
Dr. Kopp, Carlo. "Understanding Network Centric Warfare." Air Power Australia - Home Page. 10 Apr. 2011. Web. .
Kruger, Lennard G. "Internet Domain Names: Background and Policy Issues." Open CRS. Web. .
Lamont, Gary and Holloway, Eric. 2009. “Military network security using self organized multi-agent entangled hierarchies.” Proceedings of the 11th Annual Conference Companion on Genetic and Evolutionary Computation Conference: Late Breaking Papers (GECCO '09). ACM, New York, NY, USA, 2559-2566. DOI=10.1145/1570256.1570361 http://doi.acm.org/10.1145/1570256.1570361
Lee, Bartholomew. "Radio Spies – Episodes in the Ether Wars" http://www.trft.org/TRFTPix/spies9eR2006.pdf
Leffall, Jabulani "As cybercrime grows, so do the costs " MarketWatch.com October 13th 2011.
Libicki, Martin, et al. “Influences on the Adoption of Multifactor Authentication” RAND Homeland Security and Defense Center
McClintock, Pamela (May 6, 2009). "'X-Men' takes hit in foreign markets". Variety.
McLure, Helen “The Wild, Wild Web: The Mythic American West and the Electronic Frontier” The Western Historical Quarterly, Vol. 31, No. 4 (Winter, 2000), pp. 457-476
Office of the United States Intellectual Property Enforcement Coordinator August 2010
Oldehoeft, Arthur Foundations of a Security Policy for Use of the National Research and Educational Network, NIST February 1992. Pg 12
"Pentagon warns of Internet incursion by Chinese cyber-terrorists," GCN, August 24, 2006.
Pershing, Genny. "Cybertelecom :: ARPANet (1960s)”.
Pershing, Genny. "Cybertelecom :: ARPANet (1960s)." Cybertelecom :: Federal Internet Law and Policy - An Educational Project. 1 Feb. 2011. Web. .
Pershing, Genny. "Cybertelecom :: ARPANet (1970s)."
Pershing, Genny. "Cybertelecom :: ARPANet (1970s)." Cybertelecom :: Federal Internet Law and Policy - An Educational Project. 1 Feb. 2011. .
Pershing, Genny. "Cybertelecom :: ARPANet to Internet 1980s."
Phister, Paul W. "CyberCraft: Concept Linking NCW Principles with the Cyber Domain in an Urban Operational Environment." Web. .
Postel, Jon. "DoD Standard Internet Protocol." Internet Engineering Task Force. Web. .
Rashid, Fahmida “Northrop Grumman, L-3 Communications Hacked via Cloned RSA SecurID Tokens” eWeek 6/2/2011
Rollins, John. "Terrorist Capabilities for Cyberattack: Overview and Policy Issues." Open CRS. Web. .
SEC Guidence on Reporting Cyber Security Incidents
Singel, Ryan and Poulsen, Kevin (June 29, 2006). "Your Own Personal Internet". 27B Stroke 6, Wired.com. Retrieved 2006-08-24.
“Top 10 Most Famous Hackers of All Time” – IT Security
Tzu, Sun. The Art of War. [S.l.]: Pax Librorum H, 2009. Print.
“What are some advantages of VOIP?” http://www.fcc.gov/voip/
Wilson, Clay. "Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress." Open CRS. Web. .
Yin, Sara “Report: U.S. Urges Japan to Prioritize Security After Contractor Hack” PCMagazine 9/21/2011
1.) Singel, Ryan and Poulsen, Kevin (June 29, 2006). "Your Own Personal Internet". 27B Stroke 6, Wired.com. Retrieved 2006-08-24.
2.) Tzu, Sun. The Art of War. [S.l.]: Pax Librorum H, 2009. Print.
3.) Kruger, Lennard G. "Internet Domain Names: Background and Policy Issues." Open CRS. Web. .
4.) Pershing, Genny. "Cybertelecom :: ARPANet (1960s)." Cybertelecom :: Federal Internet Law and Policy - An Educational Project. 1 Feb. 2011. Web. .
5.) Abbate, Janet. Inventing the Internet. Cambridge, Mass: MIT, 1999. Print. Pg 15.
6.) Pershing, Genny. "Cybertelecom :: ARPANet (1960s)”.
7.) IMP -- Interface Message Processor, LivingInternet. http://www.livinginternet.com/i/ii_imp.htm
8.) Pershing, Genny. "Cybertelecom :: ARPANet (1970s)." Cybertelecom :: Federal Internet Law and Policy - An Educational Project. 1 Feb. 2011. .
9.) Ibid
10.) Danny, Cohen. "Specifications For the Network Voice Protocol (NVP)." (1976): Pg 12. Internet Engineering Task Force. Web. .
11.) Pershing, Genny. "Cybertelecom :: ARPANet (1970s)."
12.) “What are some advantages of VOIP?” http://www.fcc.gov/voip/
13.) Pershing, Genny. "Cybertelecom :: ARPANet (1970s)”.
14.) Arthur Oldehoeft, Foundations of a Security Policy for Use of the National Research and Educational Network, NIST February 1992. Pg 12
15.) Pershing, Genny. "Cybertelecom :: ARPANet to Internet 1980s."
16.) Ibid
17.) Postel, Jon. "DoD Standard Internet Protocol." Internet Engineering Task Force. Web. .
18.) Pershing, Genny. "Cybertelecom :: ARPANet to Internet 1980s."
19.) Lee, Bartholomew. "Radio Spies – Episodes in the Ether Wars" http://www.trft.org/TRFTPix/spies9eR2006.pdf
20.) Ibid
21.) Wilson, Clay. "Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress." Open CRS. Web. .
22.) Ibid
23.) Ibid
24.) Ibid
25.) Ibid
26.) Chris Johnson, Naval War College Network, “Web Site Back Up Following Intrusion,” Inside the Navy, December 18, 2006.
27.) Wilson, Clay. "Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress."
28.) Stephen Fidler, "Steep Rise in Hacking Attacks from China," The Financial Times, December 5, 2007, at www.ft.com/cms/s/0/c93e3ba2-a361-11dc-b229-0000779fd2ac.html.
29.) Rollins, John. "Terrorist Capabilities for Cyberattack: Overview and Policy Issues." Open CRS. Web. .
30.) "Pentagon warns of Internet incursion by Chinese cyber-terrorists," GCN, August 24, 2006.
31.) Grow, Brian, Keith Epstein, and Chi-Chu Tschang. "The New E-spionage Threat." Business Week. 10 Apr. 2008. Web. .
32.) Wilson, Clay. "Information Operations, Electronic Warfare, and Cyberwar:
Capabilities and Related Policy Issues." Open CRS. Web. .
33.) Class Discussion 9/26/11
34.) Ibid
35.) Ibid
36.) Class Discussion 10/24/11
37.) Dr. Kopp, Carlo. "Understanding Network Centric Warfare." Air Power Australia - Home Page. 10 Apr. 2011. Web. .
38.) Class Discussion 10/24/11
39.) Adams, James. "Virtual Defense" Foreign Affairs Vol. 80, No. 3 (May - Jun., 2001), pp. 98
40.) “Top 10 Most Famous Hackers of All Time” – IT Security
41.) Ibid
42.) DOJ Case Logs
43.) “Top 10 Most Famous Hackers of All Time” – IT Security
44.) Ibid
45.) Leffall, Jabulani "As cybercrime grows, so do the costs " MarketWatch.com October 13th 2011.
46.) Ibid
47.) McClintock, Pamela (May 6, 2009). "'X-Men' takes hit in foreign markets". Variety.
48.) Office of the United States Intellectual Property Enforcement Coordinator August 2010
49.) Ibid
50.) http://gigaom.com/cloud/the-real-costs-of-cyber-crime-infographic/
51.) Alperovitch, Dmitri “Revealed Operation Shady Rat” McAfee White Paper
52.) Rashid, Fahmida “Northrop Grumman, L-3 Communications Hacked via Cloned RSA SecurID Tokens” eWeek 6/2/2011
53.) Yin, Sara “Report: U.S. Urges Japan to Prioritize Security After Contractor Hack” PCMagazine 9/21/2011
54.) Alperovitch, Dmitri “Revealed Operation Shady Rat” McAfee White Paper
55.) Gross, Michael “Exculsive: Operation Shady Rat” Vanity Fair 8/2/11
56.) Keizer, Gregg. “'Shady RAT' hacking claims overblown, say security firms” Computer World 8/5/11
57.) Ibid
58.) Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity.
59.) “Dangerous Kitten” Encyclopedia Dramatica
60.) Ibid
61.) Ibid
62.) Hawke, Jack. “Internet Underground Takes on Iran”. MSN 9News. http://news.ninemsn.com.au/technology/827036/internet-underground-takes-on-iran
63.) Named after Andrey Markov, MDPs provide a mathematical framework for modeling decision-making in situations where outcomes are partly random and partly under the control of a decision maker. MDPs are useful for studying a wide range of optimization problems solved via dynamic programming and reinforcement learning.
64.) Lamont, Gary and Holloway, Eric. 2009. “Military network security using self organized multi-agent entangled hierarchies.” Proceedings of the 11th Annual Conference Companion on Genetic and Evolutionary Computation Conference: Late Breaking Papers (GECCO '09). ACM, New York, NY, USA, 2559-2566. DOI=10.1145/1570256.1570361 http://doi.acm.org/10.1145/1570256.1570361
65.) Ferrucci, David. "Building Watson: An Overview of the DeepQA Project." Association for the Advancement of Artificial Intelligence. 2010. Web. .
66.) Lamont, Gary and Holloway, Eric. “Military network security using self organized multi-agent entangled hierarchies.”
67.) Ibid
68.) Phister, Paul W. "CyberCraft: Concept Linking NCW Principles with the Cyber Domain in an Urban Operational Environment." Web. .
69.) Libicki, Martin, et al. “Influences on the Adoption of Multifactor Authentication” RAND Homeland Security and Defense Center
70.) SEC Guidence on Reporting Cyber Security Incidents
71.) Eriksson, Johan & Giacomello, Giampiero. “The Information Revolution, Security, and International Relations”. International Political Science Review Vol. 27, No. 3 (Jul., 2006), pp. 231
72.) McLure, Helen “The Wild, Wild Web: The Mythic American West and the Electronic Frontier” The Western Historical Quarterly, Vol. 31, No. 4 (Winter, 2000), pp. 457-476
73.) Ibid
74.) Ibid
75.) Eriksson, Johan & Giacomello, Giampiero. “The Information Revolution, Security, and International Relations”. International Political Science Review Vol. 27, No. 3 (Jul., 2006), pp. 236
76.) Ibid 237