Pages

6 January 2015

HACK ATTACK!

Davinder Kumar
Dec 24 2014

The cyber-attack on Sony is a wake-up call not just for corporations but also for nation states to up the ante on cyber protection and treat it as national defence

The Stuxnet virus attack on the Iranian nuclear processing plant at Natanz that was discovered in 2010 displayed to the world for the first time, at least openly, the actual deployment of cyber weapons to interfere with critical infrastructure, in this case damaging nuclear centrifuges. It was a complex operation that changed global military strategy . This vulnerability of control systems and the possibility of intervention by cyber weapons, opened an absolutely new dimension of cyber security .Countries took notice and started to work seriously to devise means to protect their National Critical Infrastructure (NCI). Two important lessons emerged out of the Stuxnet attack: the immediate need of ‘trusted infrastructure’ and the fact that cyber weapons, once launched, cannot be controlled.

The recent cyber-attack on the Sony Entertainment Corporation has added yet another dimension to cyber security: for the first time, the hackers appear to have been driven by a desire to cause destruction in a corporate entity rather than in causing only financial loss or conduct technology theft.

WHAT HAPPENED?

On November 24, Sony employ ees came to work in Culver City, California, to find images of grinning red skulls on computer screens.

The hackers identified themselves as ‘GOP’, or the Guardians of Peace.

They made off with a vast amount of data (reports suggest up to 100 terabytes), wiped out company hard drives and began dumping sensitive documents on the Internet.

The hackers divulged salary and personal records of thousands of employees as well as of Hollywood actors, embarrassing email traffic between executives and movie moguls, along with several of the studio’s unreleased films. They got away with every employee’s emails from the last ten years. The attack has also affected other companies who were conducting business with Sony.

The attack came as Sony was preparing to release The Interview, a satirical comedy fiercely criticised by North Korea for depicting a fictional assassination attempt of the country’s leader, Kim Jong-un.

With a growing number of theatres reluctant to screen the film, amid threats of attacks, Sony cancelled the premiere of the film and its entire Christmas Day release. The actions show just how much power the attackers behind the Sony hack have amassed in short time.

BUT WHO ARE THEY?

Attribution is the most difficult aspect of a cyber-attack, as the attack can be carried out virtually by anyone who has an access to a computer and an Internet connection. It can be an individual, a state actor or a nation state and can be routed through a number of places and countries. Skilled hackers use proxy machines and false IP addresses to cover their tracks or plant false clues inside their malware to mislead the investigators. That also makes launching of a counter-attack very difficult.

The National Security Agency (NSA), the Department of Justice and the Federal Bureau of Investigation (FBI) are busy trying to find out the perpetrators of the attack. Media reports suggest that North Korea could be central to the attack and that more than one agency could be involved with motives of extortion and political interests.

Notwithstanding the claims made by the Guardian of Peace, investigators are also concentrating on the possible involvement of a nation state. The fingers are being pointed at North Korea, Iran, China and Russia with North Korea being the primary suspect.

Investigators have found some common codes and files with the 2012 attack on Saudi Arabia dubbed `Shamoon', and a similar destructive attack on South Korea in 2013, `Dark Seoul'. Regardless of whether the Sony , Saudi Arabia and South Korea attacks are related, the available evidence indicating possible involvement of a country is circumstantial.All of the evidence could easily point to hacktivists. The involvement of hacktivist groups like Anonymous and LulzSec, which thrive on targeting large corporations for ideological reasons, are also being examined.

While the US is investigating and evaluating a proportional response in accordance with its declared cyber doctrine, Sony would be busy for a long time repairing the damage, making up for the financial loss and the loss of credibility with its shareholders and attending to a flood of legal cases.

The US was perhaps slow to react to this threat as a destructive attack on a corporate entity was not foreseen.The pulling out of The Interview by Sony has also created an impression of `surrender' to the demands of the hackers. “With the Sony collapse, America has lost its first cyber war.This is a very dangerous precedent,“ noted former Speaker of House of Representatives, Newt Gingrich.

In order to maintain the credibility of its doctrine, the US needs to make an appropriate and visible response.That would require its intelligence agencies to work overtime and find the perpetrator with requisite certainty .

India, on its part, will have to factor in this new dimension of threat its overall policy framework on cyber security and ensure that the corporate world has solid cyber security measures incorporated in their systems and networks. Corporations must understand their responsibility with regard to protection of data and personal details of their customers, shareholders and partners. While ensuring implementation of these, the government must ascertain that suitable legal measures and enabling policies are in place. This is a national strategic imperative.

The writer is a former Signal Officer-in Chief, Indian Army

No comments:

Post a Comment