14 October 2014

Hackers Gather for Cyberwar in an Intense 48-Hour Sim

BY KIM ZETTER AND PETE BROOK 
10.10.14 

























ADVERTISEMENT



Locked Shields is in only its third year, but quickly established itself as the prime multinational cyber war-games event. The quality of competitors is high including, Locatelli says, the team that uncovered the Heartbleed virus. LUCA LOCATELLI 

Locked Shields is among the world’s preeminent cyber attack simulations. For two days, international teams of hackers and system admins play both sides of a war game, simultaneously attacking and defending critical infrastructure. The details are realistic, and the exercises reflect real-world geopolitics. It is a training ground for front-line operators in a rapidly evolving form of warfare in which network administrators at banks, electrical plants and government offices are as crucial to a country’s defense as uniformed troops. 

Luca Locatelli was the first cameraman allowed behind the scenes at Locked Shields. He’s been photographing military role-playing exercises for years. “From a visual point of view I was afraid that I wasn’t going to find anything,” says Locatelli. “There’s a lot of interesting stuff to say about cyber warfare but there’s nothing to shoot. Cyber warfare is, basically, invisible.” 

Locked Shields is organized by the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia. Although it is funded by NATO member, it is not directly affiliated with the organization. It plays a leading role in education and information sharing to bolster member nations’ digital defense capabilities. Last year, the Centre published the Tallinn Manual, which addresses the voluminous legal issues surrounding this new form of warfare. 

In just three years, Locked Shields has established itself as a premier multinational cyber wargaming events. This year’s exercise drew 300 people from 17 countries; among them were members of the Finnish security firm Codenomicon, which uncovered the Heartbleed vulnerability earlier this year. 

For years, Western powers like the US and United Kingdom have staged highly secretive exercises like Eligible Receiver 97. Locked Shields uses a more collaborative approach; the goal is to foster cooperation among European nations. Although the teams compete against each other, the gameplay encourages collaboration to shut down the attack more quickly. The exercise is not a war game in the traditional sense, because the people involved are largely civilians and the attacks targeted commercial, not military, systems. That reflects the growing reality that in cyber warfare, targets will include civilian computers operating critical infrastructure like banks and power plants. 

The event, held one weekend in May, was staged from the Hotel Euroopa on the outskirts of Tallinn’s medieval town center. The ancient perimeter wall and stone towers that once helped defend the town stood in stark contrast to the rows of glowing laptops that are the first line of defense in modern warfare. “It was a visual paradox,” says Locatelli. “Seventies carpet and Soviet architecture brimming with modern technology.” 


The old town of Tallinn, Estonia. Luca Locatelli 

The target was a drone manufacturer in the fictional nation of Berylia, an island in the North Atlantic. As the company prepared for a demonstration at the World Drone Expo in Dubai, “hacktivists” attacked its website and network. Meanwhile, a nation-state team used the attack as a cover to launch its own assault on Berylia’s defense networks. The Red Team, outfitted in red T-shirts, launched the attacks from within the hotel while 12 Blue Teams defended Berylia from their home countries. 

Teams earned points based on how long it took them to identify an attack, how effectively they defended against it and their ability to keep networks running during the assault. They also were scored based upon how they dealt with the media–which had inside information about the attack—and their adherence to the law while crafting their response to the attacks. To that end, each team had legal experts at their disposal. 

Locatelli drew mixed reactions from his subjects. Some on the Red Team avoided him and didn’t want to be photographed or identified. Others had no problem with his camera. But they all agreed that their monitors were off-limits. They didn’t want to give away their tricks and strategies. 

“I had to focus on the small things, the moments,” says Locatelli. When John McHugh, secretary of the US Army showed up for a visit during the exercise, Locatelli says for an instant “it felt like a real war.” 

The threat of such a war mounts as more nations develop cyber warfare units and digital weapons. The US leads the way with the US Cyber Command, whose budget this year was $447 million. Cyber Command reportedly helped develop and deploy the world’s first known digital weapon—the Stuxnet worm that targeted Iranian centrifuges used to enrich uranium. Stuxnet was a destructive digital attack, and the first of its kind in that it was designed to cause physical damage to infrastructure. Other attacks have focused on deleting data, like the Wiper malware that struck the Iranian Oil Ministry in 2012. 

The Cooperative Cyber Defence Centre of Excellence was born of similar aggression—a denial-of-service attack that hit computers in Estonia in 2007 after a diplomatic dispute with Russia. Neither Estonia nor NATO was prepared to defend against such an assault, which was widely believed to have been launched by Russia. The Centre was established to help NATO members prepare such defenses.

No comments: