8:26 PM
Unknown
Emerging threats for…all data-driven!
Cyber Warfare
Consider the cyber attacks that occurred between Russia and Georgia earlier this year like a type for military
cyber engagements in 2009 and beyond.
Don Jackson, director of threat intelligence for SecureWorks, compiled the right after research to implicate direct Russian government involvement in cyber attacks against Georgia:
Physical and cyber attack targets and timing align:
• Logs of DDoS targeted visitors and changes in network routing indicate that Russian cyber warfare operations coincided virtually exactly in the final “all clear” for Russian Air Force attacks sometime between 0600 and 0700 on August 9, 2008.
• Both cyber attack targets (media outlets and local government communication systems) and air force targets were located within inside Georgian city of Gori.
• The exact timing of cyber attacks against new classes of targets in Gori and Russian Air Force attacks indicated coordination among known hacking groups and military operators.
Source of Russian cyber attacks against Georgia:
• The vast majority of Georgian Web traffic is routed throughTurkey and Russia. As of August 10, 2008, visitors routed through Turkey was almost completely blocked, and IP traffic through Russia (via Azerbaijan) was slow and efficiently unusable.
• Russian government-run Rostelecom conducted most of the routing changes that blocked site visitors to
Georgian IP address space.
• The Moscow-based COMSTAR network also cooperated with government demands to follow suit, as did other network operators that control routing from your ostensibly neutral Moscow Internet Exchange (MSK-IX).
• DDoS and cache poisoning attempts targeting DNS servers for major Georgian networks were also launched during the state-operated Rostelecom and Moscow-based COMSTAR networks.
These attempts used the same tools, tactics and target lists as attacks from portions of Turkish networks controlled by former associates of the Russian Organization Network (RBN).
The associates are believed to have connections to local St. Petersburg government, the former powerbase of Putin and those people now in charge of the FSB state security organization.
Attack types:
• Along with DDoS attacks against Georgian media outlets and federal government Internet sites, researchers observed:
— Route hijacking
— Brute force server compromise
— Information theft
— Multi-factor DDoS attacking network and computer software layers
— Defacement and hosting of fake Georgian Web pages containing misinformation and propaganda.
Some DDoS attacks, route hijacking, and system intrusions originated from sources not previously
affiliated with identified hacking groups and appear to have been coordinated inside a manner that would allow attackers to disable or intercept Georgian government communications according to Russian military and intelligence objectives.
Jon Ramsey, chief technology officer for SecureWorks attributes increasing cyber warfare exercising to the following:
• The low cost to launch cyber attacks compared with physical attacks
• The lack of cyber defenses
• The “plausible deniability” the internet affords
• The lack of “cyber rules of engagement” in conflicts among country states
George Heron, founder of BlueFin Security and former chief scientist for McAfee believes cyber warfare will play a significant role in between China and the U.S. “Cyber threats originating from China are incredibly real and growing,” said Heron.
“Other evidence supports this, just like the majority of bot masters being traced back to China, along with malware along with other disruptive threats.”
Heron pointed towards U.S. transportation system infrastructure, the telecommunications system, nuclear energy plant communications, the water provide IT infrastructure and other entities as prime cyber targets of enemy nations.
“We now know that it only takes infiltrating the DNS operator vulnerability to subvert an entire DNS sector,”
Heron continued. “Cyber warfare efforts could eat this approach to exploit vulnerable servers and gateways
controlling the power grid or water/dam flow control.”
Howard A. Schmidt, a GTISC professor of practice agrees.
“Our essential infrastructure systems are fundamentally dependent on the internet and IP-based technology,
and there are interdependencies between them that our enemies will seek to exploit,” stated Schmidt.
“Cyber warfare completely evens the playing field as developing nations and large countries with a formidable military presence can both launch both equally dangerous attacks more than the Web.”
“Cyber warfare completely evens the playing field as developing nations and large countries with a formidable military presence can both launch both equally dangerous attacks more than the Web.”
The U.S. federal government is already bracing for the inevitability of cyber warfare and hosted the second annual Cyber Storm activity in March 2008—involving nine states, four foreign governments, 18 federal agencies and 40 individual firms in a weeklong cyber attack scenario3.
“Cyber Storm II is really a successful example of public and private partnership to identify cyber warfare threats and plan powerful countermeasures,” said Heron.
“We need more information sharing and additional collaboration like this to defend our national interests against an onslaught of cyber terrorism.”
Schmidt advocates a three-step method to bolstering U.S. cyber defenses:
• Identify the Internet-enabled systems we depend on and the interdependencies between them.
• Develop a comprehensive plan to protect those systems, such as roles and responsibilities, vulnerability identification and remediation, threat mitigation and response.
• Model facts security for your future as software improvements, network enhancements and new echnologies like mobile communications accomplish traction.
“The future threat goes beyond what we think of as cyber-espionage and intellectual property theft,
although that certainly remains a factor,” said Heron. “I think we’re going to see more technologically savvy,
state-sponsored attacks to the IT systems that support foundational services here in the U.S.”
George Heron - Founder, BlueFin Security
See Also:
Cyber Crime:Threats to VoIP and Mobile Convergence...
“The future threat goes beyond what we think of as cyber-espionage and intellectual property theft,
although that certainly remains a factor,” said Heron. “I think we’re going to see more technologically savvy,
state-sponsored attacks to the IT systems that support foundational services here in the U.S.”
George Heron - Founder, BlueFin Security
See Also:
Cyber Crime:Threats to VoIP and Mobile Convergence...
Posted in: 
