book

Inside Cyber Warfare, 2nd Edition

Name: Inside Cyber Warfare, 2nd Edition
Author: Jeffrey Carr
ISBN: 9781449325459

by Jeffrey Carr

December 2011

Beginner

318 pages

10h 44m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Inside Cyber Warfare
Foreword
Preface
How This Book Came to BeConventions Used in This BookAttributions and PermissionsHow to Contact UsSafari® Books OnlineAcknowledgments
1. Assessing the Problem
The Complex Domain of CyberspaceCyber Warfare in the 20th and 21st CenturiesChinaIsraelRussiaThe Second Russian-Chechen War (1997–2001)The Estonian cyber attacks (2007)The Russia-Georgia War (2008)IranNorth KoreaCyber EspionageTitan RainCyber CrimeFuture ThreatsIncreasing AwarenessCritical InfrastructureThe Conficker Worm: The Cyber Equivalent of an Extinction Event?Africa: The Future Home of the World’s Largest Botnet?The Way Forward
2. The Rise of the Nonstate Hacker
The StopGeorgia.ru Project ForumCounter-Surveillance Measures in PlaceThe Russian Information WarThe Foundation for Effective Politics’ War on the Net (Day One)The Gaza Cyber War between Israeli and Arabic Hackers during Operation Cast LeadImpactOverview of PerpetratorsMotivationsHackers’ ProfilesTeam EvilCold Zero (aka Cold Z3ro or Roma Burner)Team Hell (aka Team H3ll or Team Heil)Agd_Scorp/Peace Crew (aka Agd_Scorp/Terrorist Crew)Jurm TeamC-H Team (aka H-C Team)Hackers PalGaza Hacker TeamDNS Team!TeAm RaBaT-SaLe! (aka Team Rabat-Sale or Team Rabat-Sala)DZ TeamAshianeh Security GroupNimr al-Iraq (“The Tiger of Iraq”) and XX_Hacker_XXMethods of AttackDistributed denial of service (DDoS) capabilityWebsite defacementsViruses and TrojansIsraeli RetaliationControl the Voice of the Opposition by Controlling the Content in Cyberspace: NigeriaAre Nonstate Hackers a Protected Asset?
3. The Legal Status of Cyber Warfare
Nuclear Nonproliferation TreatiesThe Antarctic Treaty System and Space LawUNCLOSMLATUnited States Versus Russian Federation: Two Different ApproachesThe Law of Armed ConflictIs This an Act of Cyber Warfare?South KoreaIranTatarstanUnited StatesKyrgyzstanIsrael and the Palestinian National AuthorityZimbabweMyanmarCyber: The Chaotic Domain
4. Responding to International Cyber Attacks as Acts of War
The Legal DilemmaThe Road Ahead: A Proposal to Use Active DefensesThe Law of WarGeneral Prohibition on the Use of ForceThe First Exception: UN Security Council ActionsThe Second Exception: Self-DefenseA Subset of Self-Defense: Anticipatory Self-DefenseAn Alternate Basis for Using Active Defenses: ReprisalsNonstate Actors and the Law of WarArmed Attacks by Nonstate ActorsDuties between StatesImputing State Responsibility for Acts by Nonstate ActorsCross-Border OperationsAnalyzing Cyber Attacks under Jus ad BellumCyber Attacks as Armed AttacksEstablishing State Responsibility for Cyber AttacksThe Duty to Prevent Cyber AttacksSupport from International ConventionsSupport from State PracticeSupport from the General Principles of LawSupport from Judicial OpinionsFully Defining a State’s Duty to Prevent Cyber AttacksSanctuary States and the Practices That Lead to State ResponsibilityThe Choice to Use Active DefensesTechnological Limitations and Jus ad Bellum AnalysisLimitations on attack detectionLimitations on attack classificationLimitations on attack tracesJus in Bello Issues Related to the Use of Active DefensesActive defenses: The most appropriate forceful responseTechnological limitations and jus in bello analysisConclusion
5. The Intelligence Component to Cyber Warfare
The Korean DDoS Attacks (July 2009)The Botnet Versus the MalwareThe DPRK’s Capabilities in CyberspaceOne Year After the RU-GE War, Social Networking Sites Fall to DDoS AttackIngushetia Conflict, August 2009The Predictive Role of Intelligence
6. Nonstate Hackers and the Social Web
RussiaChinaThe Middle EastPakistani Hackers and FacebookThe Dark Side of Social NetworksThe Cognitive ShieldExamples of OPSEC violationsAdversary scenariosStudy findingsTwitterGate: A Real-World Example of a Social Engineering Attack with Dire ConsequencesAutomating the ProcessCatching More Spies with RobotsThe automation and virtualization of social network entitiesOwning social network users for a small budget of $300–$1,300Bringing down a social network from the inside
7. Follow the Money
False IdentitiesComponents of a Bulletproof NetworkICANNThe Accredited RegistrarThe Hosting CompanyThe Bulletproof Network of StopGeorgia.ruStopGeorgia.ruNAUNET.RUSteadyHost.ruInnovation IT Solutions CorpMirhosting.comSoftLayer TechnologiesSORM-2The Kremlin and the Russian InternetNashiThe Kremlin Spy for Hire ProgramSergei Markov, Estonia, and NashiA Three-Tier Model of Command and Control

8. Organized Crime in Cyberspace
A Subtle ThreatAtrivo/IntercageESTDomainsMcColo: Bulletproof Hosting for the World’s Largest BotnetsRussian Organized Crime and the Kremlin
9. Investigating Attribution
Using Open Source Internet DataBackgroundWhat Is an Autonomous System Network?Timeline of political eventsAnalysisAlternate viewsTeam Cymru and Its Darknet ReportUsing WHOISCaveats to Using WHOIS
10. Weaponizing Malware
A New Threat LandscapeStopGeorgia.ru Malware DiscussionsSQL injection, blind SQL injection, and using BENCHMARKTwitter as DDoS Command Post against IranSocial EngineeringThe Social Graph APIChannel ConsolidationAn Adversary’s Look at LinkedInBIOS-Based Rootkit AttackMalware for HireAnti-Virus Software Cannot Protect YouTargeted Attacks Against Military Brass and Government ExecutivesResearch is the key to offensive capabilitiesDelivery of targeted attacksCommand, control, and exfiltration of dataWhy client-side 0day vulnerabilities can be so devastatingProtecting against 0day exploitsDefense in DepthUsing technologies such as MOICE and virtualizationPhysical separation between data of varying sensitivity
11. The Role of Cyber in Military Doctrine
The Russian FederationThe Foundation for Effective Politics (FEP)Chronicles of Information WarfareAnalysis“Wars of the Future Will Be Information Wars”Who is Alexandr Burutin?The speechAnalysis“RF Military Policy in International Information Security”The paperCreating a legend for a cyber attackThe Art of MisdirectionChina Military DoctrineAnti-Access StrategiesThe 36 StratagemsUS Military Doctrine
12. A Cyber Early Warning Model
The Challenge We FaceCyber Early Warning NetworksBuilding an Analytical Framework for Cyber Early WarningLatent tensionsCyber reconnaissanceInitiating eventCyber mobilizationCyber attackCases Studies of Previous Cyber AttacksCase study: Cyber attacks against GeorgiaCase study: GhostNet cyber espionageCase study: Cyber attacks against DenmarkLessons LearnedDefense Readiness Condition for Cyberspace
13. Advice for Policymakers from the Field
When It Comes to Cyber Warfare: Shoot the HostageThe United States Should Use Active Defenses to Defend Its Critical Information SystemsScenarios and Options to Responding to Cyber AttacksScenario 1Option 1Option 2Option 3Option 4Scenario 2Option 1Option 2Scenario 3OptionScenario 4OptionIn SummaryWhole-of-Nation Cyber Security
14. Conducting Operations in the Cyber-Space-Time Continuum
Anarchist Clusters: Anonymous, LulzSec, and the Anti-Sec MovementSocial Networks: The Geopolitical Strategy of Russian Investment in Social Media2005: A Turning PointDST and the KremlinThe Facebook RevolutionGlobalization: How Huawei Bypassed US Monitoring by Partnering with Symantec
15. The Russian Federation: Information Warfare Framework
Russia: The Information Security StateRussian Government PolicyNew Laws and AmendmentsGovernment StructuresRussian Ministry of DefenseAdministrative ChangesElectronic Warfare TroopsThe Federal Service for Technical and Export Control (FSTEC)—Military Unit (Vch) 960105th Central Research and Testing Institute of the Russian Defense Ministry (5th TSNIII)—Military Unit (Vch) 3387218th Central Research Institute of the Russian Defense Ministry (18th CRI MOD)—Military Unit (Vch) 1113527th Central Research Institute of the Russian Defense Ministry (27th CRI MOD)—Military Unit (Vch) 01168Internal Security Services: Federal Security Service (FSB), Ministry of Interior (MVD), and Federal Security Organization (FSO)Federal Security Service Information Security Center (FSB ISC)—Military Unit (Vch) 64829Russian Federal Security Service Center for Electronic Surveillance of Communications (FSB TSRRSS)—Military Unit (Vch) 71330FSB Administrative Centers for Information SecurityRussian Interior Ministry Center E (MVD Center E)Russian Interior Ministry Cyber Crimes Directorate (MVD Directorate K)ImplicationsRussian Federal Security Organization (FSO)—Military Unit (Vch) 32152Russian Federation Ministry of Communications and Mass Communications (Minsvyaz)RoskomnadzorThe cyber vigilantesFurther Research Areas
16. Cyber Warfare Capabilities by Nation-State
AustraliaBrazilCanadaCzech RepublicDemocratic People’s Republic of KoreaEstoniaEuropean UnionFranceGermanyIndiaIranIsraelItalyKenyaMyanmarNATONetherlandsNigeriaPakistanPeople’s Republic of ChinaPolandRepublic of KoreaRussian FederationSingaporeSouth AfricaSwedenTaiwan (Republic of China)TurkeyUnited Kingdom
17. US Department of Defense Cyber Command and Organizational Structure
SummaryOrganizationThe Joint StaffOffice of the Secretary of DefenseUS Strategic Command (USSTRATCOM)
18. Active Defense for Cyber: A Legal Framework for Covert Countermeasures
Covert ActionCyber Active Defense Under International LawCyber Active Defenses as Covert Action Under International LawCyber Attacks Under International Law: Nonstate Actors
Index
About the Author
Colophon
Copyright

Content preview from Inside Cyber Warfare, 2nd Edition

Chapter 9. Investigating Attribution

A well-designed, defensible network should have a number of monitoring elements available for forensic analysis when it is attacked or compromised. For example, most networks will have deployed intrusion detection systems, firewall and router traffic logs, and access logs contained on the server itself. There exists a bevy of tools and techniques that can allow an investigator to gain further insight using open source data. This includes routing information from the border gateway protocol (BGP), ^[37] domain name system (DNS), darknet monitoring, blacklist services (such as those offered by Spamhaus, CBL, etc.), and, to a lesser degree, Internet registry information (e.g., ARIN, RIPE, APNIC, etc.).

Performing a traceroute on each IP will show an experienced computer security engineer where the attacks originated from and what path the packets took to get to the target.

This chapter takes a rudimentary look at these computer forensic tools by way of some real-world examples.

Using Open Source Internet Data

The following serves as an introduction to several key internetworking concepts. This is fairly complex subject matter, and will be discussed only at a very high level here.

The border gateway protocol (BGP) is widely characterized as the “glue of the Internet.” Every Internet service provider uses BGP to move packets between source and destination nodes. Essentially, each BGP “speaking” router will dynamically maintain a table of network addresses, ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781449318475Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Inside Cyber Warfare, 2nd Edition

by Jeffrey Carr

Chapter 9. Investigating Attribution

Using Open Source Internet Data

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.