book

Inside Cyber Warfare, 2nd Edition

Name: Inside Cyber Warfare, 2nd Edition
Author: Jeffrey Carr
ISBN: 9781449325459

by Jeffrey Carr

December 2011

Beginner

318 pages

10h 44m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Inside Cyber Warfare
Foreword
Preface
How This Book Came to BeConventions Used in This BookAttributions and PermissionsHow to Contact UsSafari® Books OnlineAcknowledgments
1. Assessing the Problem
The Complex Domain of CyberspaceCyber Warfare in the 20th and 21st CenturiesChinaIsraelRussiaThe Second Russian-Chechen War (1997–2001)The Estonian cyber attacks (2007)The Russia-Georgia War (2008)IranNorth KoreaCyber EspionageTitan RainCyber CrimeFuture ThreatsIncreasing AwarenessCritical InfrastructureThe Conficker Worm: The Cyber Equivalent of an Extinction Event?Africa: The Future Home of the World’s Largest Botnet?The Way Forward
2. The Rise of the Nonstate Hacker
The StopGeorgia.ru Project ForumCounter-Surveillance Measures in PlaceThe Russian Information WarThe Foundation for Effective Politics’ War on the Net (Day One)The Gaza Cyber War between Israeli and Arabic Hackers during Operation Cast LeadImpactOverview of PerpetratorsMotivationsHackers’ ProfilesTeam EvilCold Zero (aka Cold Z3ro or Roma Burner)Team Hell (aka Team H3ll or Team Heil)Agd_Scorp/Peace Crew (aka Agd_Scorp/Terrorist Crew)Jurm TeamC-H Team (aka H-C Team)Hackers PalGaza Hacker TeamDNS Team!TeAm RaBaT-SaLe! (aka Team Rabat-Sale or Team Rabat-Sala)DZ TeamAshianeh Security GroupNimr al-Iraq (“The Tiger of Iraq”) and XX_Hacker_XXMethods of AttackDistributed denial of service (DDoS) capabilityWebsite defacementsViruses and TrojansIsraeli RetaliationControl the Voice of the Opposition by Controlling the Content in Cyberspace: NigeriaAre Nonstate Hackers a Protected Asset?
3. The Legal Status of Cyber Warfare
Nuclear Nonproliferation TreatiesThe Antarctic Treaty System and Space LawUNCLOSMLATUnited States Versus Russian Federation: Two Different ApproachesThe Law of Armed ConflictIs This an Act of Cyber Warfare?South KoreaIranTatarstanUnited StatesKyrgyzstanIsrael and the Palestinian National AuthorityZimbabweMyanmarCyber: The Chaotic Domain
4. Responding to International Cyber Attacks as Acts of War
The Legal DilemmaThe Road Ahead: A Proposal to Use Active DefensesThe Law of WarGeneral Prohibition on the Use of ForceThe First Exception: UN Security Council ActionsThe Second Exception: Self-DefenseA Subset of Self-Defense: Anticipatory Self-DefenseAn Alternate Basis for Using Active Defenses: ReprisalsNonstate Actors and the Law of WarArmed Attacks by Nonstate ActorsDuties between StatesImputing State Responsibility for Acts by Nonstate ActorsCross-Border OperationsAnalyzing Cyber Attacks under Jus ad BellumCyber Attacks as Armed AttacksEstablishing State Responsibility for Cyber AttacksThe Duty to Prevent Cyber AttacksSupport from International ConventionsSupport from State PracticeSupport from the General Principles of LawSupport from Judicial OpinionsFully Defining a State’s Duty to Prevent Cyber AttacksSanctuary States and the Practices That Lead to State ResponsibilityThe Choice to Use Active DefensesTechnological Limitations and Jus ad Bellum AnalysisLimitations on attack detectionLimitations on attack classificationLimitations on attack tracesJus in Bello Issues Related to the Use of Active DefensesActive defenses: The most appropriate forceful responseTechnological limitations and jus in bello analysisConclusion
5. The Intelligence Component to Cyber Warfare
The Korean DDoS Attacks (July 2009)The Botnet Versus the MalwareThe DPRK’s Capabilities in CyberspaceOne Year After the RU-GE War, Social Networking Sites Fall to DDoS AttackIngushetia Conflict, August 2009The Predictive Role of Intelligence
6. Nonstate Hackers and the Social Web
RussiaChinaThe Middle EastPakistani Hackers and FacebookThe Dark Side of Social NetworksThe Cognitive ShieldExamples of OPSEC violationsAdversary scenariosStudy findingsTwitterGate: A Real-World Example of a Social Engineering Attack with Dire ConsequencesAutomating the ProcessCatching More Spies with RobotsThe automation and virtualization of social network entitiesOwning social network users for a small budget of $300–$1,300Bringing down a social network from the inside
7. Follow the Money
False IdentitiesComponents of a Bulletproof NetworkICANNThe Accredited RegistrarThe Hosting CompanyThe Bulletproof Network of StopGeorgia.ruStopGeorgia.ruNAUNET.RUSteadyHost.ruInnovation IT Solutions CorpMirhosting.comSoftLayer TechnologiesSORM-2The Kremlin and the Russian InternetNashiThe Kremlin Spy for Hire ProgramSergei Markov, Estonia, and NashiA Three-Tier Model of Command and Control

8. Organized Crime in Cyberspace
A Subtle ThreatAtrivo/IntercageESTDomainsMcColo: Bulletproof Hosting for the World’s Largest BotnetsRussian Organized Crime and the Kremlin
9. Investigating Attribution
Using Open Source Internet DataBackgroundWhat Is an Autonomous System Network?Timeline of political eventsAnalysisAlternate viewsTeam Cymru and Its Darknet ReportUsing WHOISCaveats to Using WHOIS
10. Weaponizing Malware
A New Threat LandscapeStopGeorgia.ru Malware DiscussionsSQL injection, blind SQL injection, and using BENCHMARKTwitter as DDoS Command Post against IranSocial EngineeringThe Social Graph APIChannel ConsolidationAn Adversary’s Look at LinkedInBIOS-Based Rootkit AttackMalware for HireAnti-Virus Software Cannot Protect YouTargeted Attacks Against Military Brass and Government ExecutivesResearch is the key to offensive capabilitiesDelivery of targeted attacksCommand, control, and exfiltration of dataWhy client-side 0day vulnerabilities can be so devastatingProtecting against 0day exploitsDefense in DepthUsing technologies such as MOICE and virtualizationPhysical separation between data of varying sensitivity
11. The Role of Cyber in Military Doctrine
The Russian FederationThe Foundation for Effective Politics (FEP)Chronicles of Information WarfareAnalysis“Wars of the Future Will Be Information Wars”Who is Alexandr Burutin?The speechAnalysis“RF Military Policy in International Information Security”The paperCreating a legend for a cyber attackThe Art of MisdirectionChina Military DoctrineAnti-Access StrategiesThe 36 StratagemsUS Military Doctrine
12. A Cyber Early Warning Model
The Challenge We FaceCyber Early Warning NetworksBuilding an Analytical Framework for Cyber Early WarningLatent tensionsCyber reconnaissanceInitiating eventCyber mobilizationCyber attackCases Studies of Previous Cyber AttacksCase study: Cyber attacks against GeorgiaCase study: GhostNet cyber espionageCase study: Cyber attacks against DenmarkLessons LearnedDefense Readiness Condition for Cyberspace
13. Advice for Policymakers from the Field
When It Comes to Cyber Warfare: Shoot the HostageThe United States Should Use Active Defenses to Defend Its Critical Information SystemsScenarios and Options to Responding to Cyber AttacksScenario 1Option 1Option 2Option 3Option 4Scenario 2Option 1Option 2Scenario 3OptionScenario 4OptionIn SummaryWhole-of-Nation Cyber Security
14. Conducting Operations in the Cyber-Space-Time Continuum
Anarchist Clusters: Anonymous, LulzSec, and the Anti-Sec MovementSocial Networks: The Geopolitical Strategy of Russian Investment in Social Media2005: A Turning PointDST and the KremlinThe Facebook RevolutionGlobalization: How Huawei Bypassed US Monitoring by Partnering with Symantec
15. The Russian Federation: Information Warfare Framework
Russia: The Information Security StateRussian Government PolicyNew Laws and AmendmentsGovernment StructuresRussian Ministry of DefenseAdministrative ChangesElectronic Warfare TroopsThe Federal Service for Technical and Export Control (FSTEC)—Military Unit (Vch) 960105th Central Research and Testing Institute of the Russian Defense Ministry (5th TSNIII)—Military Unit (Vch) 3387218th Central Research Institute of the Russian Defense Ministry (18th CRI MOD)—Military Unit (Vch) 1113527th Central Research Institute of the Russian Defense Ministry (27th CRI MOD)—Military Unit (Vch) 01168Internal Security Services: Federal Security Service (FSB), Ministry of Interior (MVD), and Federal Security Organization (FSO)Federal Security Service Information Security Center (FSB ISC)—Military Unit (Vch) 64829Russian Federal Security Service Center for Electronic Surveillance of Communications (FSB TSRRSS)—Military Unit (Vch) 71330FSB Administrative Centers for Information SecurityRussian Interior Ministry Center E (MVD Center E)Russian Interior Ministry Cyber Crimes Directorate (MVD Directorate K)ImplicationsRussian Federal Security Organization (FSO)—Military Unit (Vch) 32152Russian Federation Ministry of Communications and Mass Communications (Minsvyaz)RoskomnadzorThe cyber vigilantesFurther Research Areas
16. Cyber Warfare Capabilities by Nation-State
AustraliaBrazilCanadaCzech RepublicDemocratic People’s Republic of KoreaEstoniaEuropean UnionFranceGermanyIndiaIranIsraelItalyKenyaMyanmarNATONetherlandsNigeriaPakistanPeople’s Republic of ChinaPolandRepublic of KoreaRussian FederationSingaporeSouth AfricaSwedenTaiwan (Republic of China)TurkeyUnited Kingdom
17. US Department of Defense Cyber Command and Organizational Structure
SummaryOrganizationThe Joint StaffOffice of the Secretary of DefenseUS Strategic Command (USSTRATCOM)
18. Active Defense for Cyber: A Legal Framework for Covert Countermeasures
Covert ActionCyber Active Defense Under International LawCyber Active Defenses as Covert Action Under International LawCyber Attacks Under International Law: Nonstate Actors
Index
About the Author
Colophon
Copyright

Content preview from Inside Cyber Warfare, 2nd Edition

Chapter 12. A Cyber Early Warning Model

By Ned Moran^[39]

The Challenge We Face

The United States currently faces the daunting challenge of identifying the actors responsible for launching politically motivated cyber attacks. According to Defense Secretary Robert Gates, the United States is “under cyber attack virtually all the time, every day.” It is estimated that more than 140 countries currently field cyber warfare capabilities. Additionally, sophisticated adversaries can route attacks through proxies and obfuscate their identities. These facts combine to make attribution of cyber attacks a difficult challenge.

During the Cold War, none of these challenges existed. Attacks between the United States and rival powers were few and far between. The pool of nuclear powers was limited to an exclusive club. Additionally, it was more difficult to route a nuclear attack through a proxy.

The heightened ability to detect and identify the source of nuclear or missile attack increased stability during the Cold War. Many policymakers fear that the current inability to quickly and accurately identify the source of a cyber attack leads to instability and increases the chances that cyber attacks will be carried out. In order to improve its defensive posture, the United States must develop a cyber attack early warning system.

Cyber Early Warning Networks

Although a number of private companies and nonprofit organizations have constructed a cyber infrastructure designed to detect cyber attacks, these ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781449318475Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design