Module 1 & 2 Flashcards
(33 cards)
Guiding military principle of cyber warfare
Ultimate goal of an offensive doctrine is the planning of and subsequent execution of an effective cyber “ first strike” against the enemy.
US Cyber Attacks
First Gulf War US eliminated Iraq’s ability to communicate. Sig. Due to other nation’s notice.
Cyber warfare motivations
Political Social Financial / economic Religious Act of self-preservation
4 roles of IT systems in cyber warfare
Medium
Source of information
Target of an attack
Source of an attack
IT systems as the medium
Disseminate information used in attacks and terrorist activities (kinetic or cyber)
Provide training
Tools (emails, forums, social networking)
IT systems as source of info
Steal sensitive information
Perform reconnaissance (cyber profiling)
Witness to an attack (logs)
Open source intelligence (osint)
IT Systems as target
Steal sensitive info (financial, trade secrets, government info, military info)
Attack other systems to disrupt communication
Take systems offline
Cyber vandalism / web site defacement
IT systems as attack source
Direct attacks from criminals
Bot nets
Infected websites used to drop payloads
Drive behind Russian programs
Response to an aggressive development of a US information warfare program.
Russia: Prior to “information strike” the following should occur:
Targets should be ID’d
Enemy access to external info should be denied
Credit and monetary circulation should be disrupted
Populace subjected to psychological operation – incl disinformation and propaganda
Russia: Doctrine of Information Security
09/2000
Objectives:
Protect strategically important info
Protect against deleterious foreign information
Inculcate in the people patriotism and values
First authoritative summary of Russia’s view on information security in the public, government, and military sectors and plan for future development.
Russia: Military doctrine
July 2000
Vladimir Putin
Discussed hostile information operations conducted through either technological or psychological means.
China attack 1998
3000 hackers
China Hacker Emergency Meeting Center
Against Indonesia government websites
Outrage at anti-Chinese riots in Indonesia
China attack - 1999
Chinese Red Hacker Alliance
NATO jet accidentally bombed Chinese embassy in Belgrade, Yugoslavia
Against US government websites
China - 2001
Chinese fighter jet collided with US military aircraft over South China Sea
80000 hackers
Self-defense cyber war against US aggression
Presidential Edict 1477
2 new defense ministries for automatic control systems and telecom and IT
Electronic Warfare Troops (first publicly announced); training from 2001
November 2007
Russia: capabilities housed under:
Federal Security Service (FSB)
Federal Guard Service
General Staff
Russia: infrastructure
Russia Institute for Public Networks (primary org responsible for iverseeing Internet development)
Rostelecom (nationally owned telecom)
Laws have been implemented to mandate I’d numbers for Internet registration. Require that operators provide authorities with registration and other data needed for an investigation. Laws prohibit operators from releasing data to an authority of a foreign state, person, or entity of a foreign state.
Public authorities, enterprises, institutions, and organizations required to provide assistance to FSB in carrying out their assigned duties.
2nd Russian-Chechen War
Sig: cyber attacks follow kinetic warfare (coordinated), cyber used to shape public opinion
When: 1997-2001 (battles 1999-2000)
What: www.kavkaz.org, www.chechenpress.com
After Moscow theater incident
Source: Russian Federal Security Service
Russian-Georgia War
August 2008
Sig: first synchronized cyber and kinetic attacks; same tools and commands as Russian business network
Target: communications systems, Georgia government, British and American embassies
Weapons: DDoS, SQL injection, xss
Source: Russian and Lithuanian and us ip (preattck stage)
Estonian Cyber Attacks
When: week of April 27, 2007
Why: Relocation of soviet statue: The Bronze Soldier of Tallinn
Target: financial, media, and government systems
PING floods from bonnets
Source: Russian Youth Groups (Nashi)
Russian Attacks Against US Targets
Illinois water control system
Traced to Russian computer
Was it proxied?
Russian Business Network:
Real Host, Ltd. out of Latvia
Physically in St. Petersburg, Russia
Originally ISP for illicit activities
2007 marketing techniques to provide method for organized crime to target victims internationally
Employs full-time people to develop zero day exploits and attack targets
Mack (PHP malware kit)
Storm bonnet
Shut Down in 2008
Russian Youth Groups:
Nashi (100k-120k members)
Attacked Kommersant Business Daily in 2008
Siege of Estonian embassy website in 2007
Anonymous published emails linking Nashi with Federal Agency for Youth Affairs
Eurasian Youth Movement
Attacked website of Ukranian president Viktor Yushchenko in 2007
