[Pops]

So this is on my nightstand
Cyber War by Richard Clark.
http://www.amazon.com/Cyber-War-Threat- ... 0061962244

Mostly the run of the mill doom, except real.

Daily Beast, 03.18.15
China Reveals Its Cyberwar Secrets
In an extraordinary official document, Beijing admits it has special units to wage cyberwar—and a lot of them. Is anybody safe?
A high-level Chinese military organization has for the first time formally acknowledged that the country’s military and its intelligence community have specialized units for waging war on computer networks.

China’s hacking exploits, particularly those aimed at stealing trade secrets from U.S. companies, have been well known for years, and a source of constant tension between Washington and Beijing. But Chinese officials have routinely dismissed allegations that they spy on American corporations or have the ability to damage critical infrastructure, such as electrical power grids and gas pipelines, via cyber attacks.

Now it appears that China has dropped the charade. “This is the first time we’ve seen an explicit acknowledgement of the existence of China’s secretive cyber-warfare forces from the Chinese side,” says Joe McReynolds, who researches the country’s network warfare strategy, doctrine, and capabilities at the Center for Intelligence Research and Analysis.

http://www.thedailybeast.com/articles/2 ... crets.html

So, how skeerd should I be?

.

[AgentR11]

That would depend on if we have plans for a color revolution in Hong Kong or Beijing. If we don't; then I wouldn't worry too much about it; it'll likely always be commercial stuff they are after. We're a huge customer; you don't go break your customers ability to buy stuff from you, though you might like to know lots of their nifty secrets before anyone else.

[vox_mundi]

Relax. Drug resistant bacteria or virus will probably get yah. Of course, the Chinese can do almost everything we can do.

Cyber Commander Expects Damaging Critical Infrastructure Attack

Adm. Michael Rogers, USN, who leads both the National Security Agency and U.S. Cyber Command, predicts a damaging attack to critical infrastructure networks within the coming years. If an attack happens, the agency and Cyber Command will coordinate a response along with other government agencies and potentially the private sector organizations that own many of the networks.

Critical infrastructure is the backbone of the nation’s economy, security and health, according to the Department of Homeland Security (DHS). It includes the systems and networks, whether physical or virtual, so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, the economy or national public health or safety. It also includes broadband and wireless networks and the massive power and communications grids.

“I fully expect that in my time as commander, someone—whether it’s a nation-state, group or individual—will attempt to engage in destructive activity against one of those, if not more than one,” Adm. Rogers says.

Targeting SCADA Systems

U.S. Cyber Command Presentation: Assessing Actions Along the Spectrum of Cyberspace Operations



Chinese Capabilities for Computer Network Operations and Cyber Espionage

... Chinese capabilities in computer network operations have advanced sufficiently to pose genuine risk to U.S. military operations in the event of a conflict. A defense of Taiwan against mainland aggression is the one contingency in the western Pacific Ocean in which success for the United States hinges upon the speed of its response and the ability of the military to arrive on station with sufficient force to defend Taiwan adequately. PLA analysts consistently identify logistics and C4ISR infrastructure as U.S. strategic centers of gravity suggesting that PLA commanders will almost certainly attempt to target these system with both electronic countermeasures weapons and network attack and exploitation tools, likely in advance of actual combat to delay U.S. entry or degrade capabilities in a conflict.

The effects of preemptive penetrations may not be readily observable or detected until after combat has begun or after Chinese computer network attack (CNA) teams have executed their tools against targeted networks. Even if circumstantial evidence points to China as the culprit, no policy currently exists to easily determine appropriate response options to a large scale attack on U.S. military or civilian networks in which definitive attribution is lacking. Beijing, understanding this, may seek to exploit this gray area in U.S. policymaking and legal frameworks to create delays in U.S. command decision making.

The decision to employ computer network operations and INEW capabilities rests with the senior political and military leadership and would be part of a larger issue of employing force during a crisis. Once that decision was made, however, the operational control for the military use of CNO rests with the PLA’s Third and Fourth Departments of the General Staff Department (GSD). The Third Department (3PLA), China’s primary signals intelligence collector is likely tasked with the network defense and possibly exploitation missions. The Fourth Department (4PLA), the traditional electronic warfare arm of the PLA, likely has the responsibility for conducting network attack missions.

[davep]

I really hate the term "cyber-war". When the Five Eyes do it, it's "bulk collection" or "targeted operations", when the Chinese do it it's "cyber-war".

It's hacking/surveillance etc. Not war. And the NSA "Equation Group" has been operating for at least 14 years and are the most capable in the world, so if we're going to be using the term, who are the cyber-warmongers?

[Pops]

I really hate the term "cyber-war". When the Five Eyes do it, it's "bulk collection" or "targeted operations", when the Chinese do it it's "cyber-war".

It's hacking/surveillance etc. Not war.

I'm not talking about stealing the secret formula for DaisyMae Feminine Deodorant Spray or my porn password or a hack on the PO.com homepage, that's just part of modern life — anything electronic should be seen as virtually publin knowledge IMHO.

I'm talking about an actual destructive attack on infrastructure.

[davep]

I really hate the term "cyber-war". When the Five Eyes do it, it's "bulk collection" or "targeted operations", when the Chinese do it it's "cyber-war".

It's hacking/surveillance etc. Not war.

I'm not talking about stealing the secret formula for DaisyMae Feminine Deodorant Spray or my porn password or a hack on the PO.com homepage, that's just part of modern life — anything electronic should be seen as virtually publin knowledge IMHO.

I'm talking about an actual destructive attack on infrastructure.

If I'm not mistaken, the first and most significant event in both scale and complexity of that sort was Stuxnet (perpetrated by, err, the USA). So if that's how you define cyber-war, then our guys started it.

[Pops]

I don't give a rats ass who "started" it, this ain't some playground shoving match. If it makes you feel better to self flagellate then more power to ya.

My question is how likely is an attack on MY infrastructure?

[vox_mundi]

I don't give a rats ass who "started" it, this ain't some playground shoving match. If it makes you feel better to self flagellate then more power to ya.

My question is how likely is an attack on MY infrastructure?

Try: https://publicintelligence.net/tag/crit ... structure/

Define "MY infrastructure", are we talking your power grid, or do you want a pipeline blown up or NO water or power for 10-20 Million people. Or crashing the port computers at Houston, Newark, and Long Beach. Or airline radar coverage. It's a target rich environment.

[Pops]

Define "MY infrastructure", are we talking your power grid, or do you want a pipeline blown up or NO water or power for 10-20 Million people. Or crashing the port computers at Houston, Newark, and Long Beach. Or airline radar coverage. It's a target rich environment.

Yeah, that's a start.

I'll check the link, thanks

[davep]

I think ICS (Industrial control systems)/SCADA (supervisory control and data acquisition) systems may be the computer-based infrastructure the most likely to be at risk. A few examples http://www.computerworld.com/article/2475789/cybercrime-hacking/hackers-exploit-scada-holes-to-take-full-control-of-critical-infrastructure.html

[MD]

I think ICS (Industrial control systems)/SCADA (supervisory control and data acquisition) systems may be the computer-based infrastructure the most likely to be at risk. A few examples http://www.computerworld.com/article/2475789/cybercrime-hacking/hackers-exploit-scada-holes-to-take-full-control-of-critical-infrastructure.html

Yes dave, and we are foolish to intermingle those systems with the internet. We increasingly do so in order to allow remote technical support. I have been advising my customers for years "Do not do that!". But it's a losing battle because faced with flying a guy in at a grand or two a day along with expense as opposed to a right-now-fix over the internet for a couple hundred bucks, almost all managers take the easy road...

One solution is to keep the control networks stand-alone except for one interconnect that has to be manually turned on when needed, and is turned off when service is complete. But that still doesn't stop malicious code from being inserted while the service is being done. Leaving a port open though, with a live connect, is the stupidest thing in the world for critical infrastructure control systems, and we are doing just that more and more every day.

We're hanging our collective asses out in the breeze, more so every day; and thus the risk of the entire system coming to a sudden and screeching halt is increasing exponentially, I think.

[davep]

One solution is to keep the control networks stand-alone except for one interconnect that has to be manually turned on when needed, and is turned off when service is complete. But that still doesn't stop malicious code from being inserted while the service is being done.

About the only thing you can do there to mitigate risk is keep the perimeter connection server patched and use SSH with key-based authentication only (and only keep the authorized_keys file up to date, and possibly IP-specific too). But that still doesn't address zero-day vulnerabilities. And, yes, only switch it on when you need it. I'd use OpenBSD for that specific task personally.

[davep]

Latest Snowden info on Canadian capabilities http://www.cbc.ca/news/canada/communication-security-establishment-s-cyberwarfare-toolbox-revealed-1.3002978

Including:

*destroying infrastructure, which could include electricity, transportation or banking systems;

*creating unrest by using false-flags — ie. making a target think another country conducted the operation;

*disrupting online traffic by such techniques as deleting emails, freezing internet connections, blocking websites and redirecting wire money transfers.

[Pops]

I'll take number 2, Dave. The thing that makes cyber seem a threat to me is the possibility that an attack could be untraceable, that would make it the ultimate asymmetric attack, and completely nullify superior military strength and nuke deterrence.

(Although I'm not all that convinced of our superior strength, merely our superior spending; but that's another thread)

[davep]

People in the InfoSec community have decided on the best method of attribution http://cyberattribution.com/#!/Dice/c/12550174/offset=0&sort=normal

[Pops]

LOL

Sorta. DPRK would have surprised me except the book (Cyber War) mentioned their iinterest.

This is from a few months ago, in relation to their involvement (or not) in the Sony hack
http://www.thedailybeast.com/articles/2 ... legal.html

[vox_mundi]

No. 1 vulnerability of crypto-security is the USER, 2nd passphrases, 3rd overconfidence, 4th trust in the (hardware/software) producer, 5th believing backdoors are No. 1

And little deeper into the rabbit hole ...

Mass surveillance is about control. It’s promulgators may well claim, and even believe, that it is about control for the greater good, a control that is needed to keep a cap on disorder, to be fully vigilant to the next threat. But in a context of rampant political corruption, widening economic inequalities, and escalating resource stress due to climate change and energy volatility, mass surveillance can become a tool of power to merely perpetuate itself, at the public’s expense.

A major function of mass surveillance that is often overlooked is that of knowing the adversary to such an extent that they can be manipulated into defeat. The problem is that the adversary is not just terrorists. It’s you and me. To this day, the role of information warfare as propaganda has been in full swing, though systematically ignored by much of the media.

How the CIA made Google

Why Google made the NSA

Internet privacy, funded by spooks: A brief history of the BBG

[vox_mundi]

Relax, they have us covered ...

House unveils cyber bill and signals bipartisan compromise

House intelligence committee leaders unveiled a bipartisan cybersecurity bill Tuesday amid signs of broad agreement on long-sought legislation that would allow private companies to share with the government details of how they are hacked, without fear of being sued.

The House bill would grant companies liability protection if they stripped out personal information from the data and shared it in real time through a civilian portal, most likely run by the Department of Homeland Security.

Similar efforts have foundered in previous years over concerns by privacy groups that personal information held by companies would end up in the hands of the National Security Agency, the digital spying agency that is the country's foremost repository of cyber expertise. The House bill would allow the NSA to get the data, but not until it had been stripped of private information. (they lie - see below)

Just four bits of credit card data can identify most anyone

In this week's issue of the journal Science, MIT researchers report that just four fairly vague pieces of information—the dates and locations of four purchases—are enough to identify 90 percent of the people in a data set recording three months of credit-card transactions by 1.1 million users.

When the researchers also considered coarse-grained information about the prices of purchases, just three data points were enough to identify an even larger percentage of people in the data set. That means that someone with copies of just three of your recent receipts—or one receipt, one Instagram photo of you having coffee with friends, and one tweet about the phone you just bought—would have a 94 percent chance of extracting your credit card records from those of a million other people. This is true, the researchers say, even in cases where no one in the data set is identified by name, address, credit card number, or anything else that we typically think of as personal information.

The paper comes roughly two years after an earlier analysis of mobile-phone records that yielded very similar results.

Cyber threats expanding, new US intelligence assessment says

The U.S. has elevated its appraisal of the cyber threat from Russia, the U.S. intelligence chief said Thursday, as he delivered the annual assessment by intelligence agencies of the top dangers facing the country.

"While I can't go into detail here, the Russian cyber threat is more severe than we had previously assessed," James Clapper, the director of national intelligence, told the Senate Armed Services Committee, as he presented the annual worldwide threats assessment.

As they have in recent years, U.S. intelligence agencies once again listed cyber attacks as the top danger to U.S. national security, ahead of terrorism. Saboteurs, spies and thieves are expanding their computer attacks against a vulnerable American internet infrastructure, chipping away at U.S. wealth and security over time, Clapper said.

If there is good news, he said, it is that a catastrophic destruction of infrastructure appears unlikely.

[Pops]

I saw something about this, didn't it also allow private companies to "counter attack" when they are attacked?