22 May 2017

Cyber enemies of the United States


Cyberwarfare can knock out physical machines and the attack can come from anywhere on the planet, reports Doug Olenick.

There is no simply way to rank the nation-state or criminal entity that poses the greatest cybersecurity threat to the United States – and the world in general. 

There are simply too many variables and the tools are offensive available to all. A single person with a grudge sitting in their basement, to the head of the largest country on the planet or of the most populous nation all have access equally to some of the most destructive malware around. 

So, it's more a matter of what type of attack the bad actors are in the mood for that will determine which causes a catastrophic-level cyber event.

Russia

Russia is a powerhouse and a tremendous threat to the United States on several levels, but the latest revelations solidifying the idea that the Russian Bear likely attempted to influence the U.S. presidential election makes that country our biggest enemy.

While Russia's military is no longer the force it was during the Cold War, it is still nothing to be laughed at. The cyberwarriors that President Vladimir Putin employs, both in his government and those attached to shadowy criminal gangs, may be the biggest threat facing the United States. For sheer volume and breadth of attacks, Russia is a top pick for being one of the most dangerous nations facing off against the U. S. on the cyberwarfare front.

Russian actors, for example, are accused of kicking off the massive turmoil surrounding the 2016 presidential election. 

“It absolutely stretches credulity to think [Russians] were not involved,” FireEye CEO Kevin Mandia (right) said, a sentiment shared by former National Security Agency (NSA) Director Keith Alexander. 

“I believe they were involved,” Alexander said.

China

China, like Russia, is in the interesting position of not only being a supporter of nation-state cyberattacks, but also of backing external groups that conduct their own cyberoperations looking to obtain industrial secrets. The best known cybergroup in China is the China's People's Liberation Army Unit 61398 – five of its members were indicted in the United States on corporate espionage charges.

However, where China and Russia differ is there is a small amount of cooperation between China and the United States, including the two nations signing the U.S.-China Cyber Agreement in 2016. This negotiation has reportedly helped cut back on the number of cyber incursions originating from China. However, there is some disagreement over whether or not this deal has been effective.

“As Director of National Intelligence James Clapper mentioned in testimony on Jan. 5, China has not stopped conducting cyberespionage against the U.S. and our businesses,” Rep. Will Hurd (R-Texas, right) told SC Media.

Meanwhile, Ted Lieu (D-Calif.), called the agreement a success, citing a drop in hacking by China.

North Korea

The hermit kingdom spends most of its cyber efforts targeting South Korea with the occasional foray outside the Korean Peninsula to go after major movie studios that dare making a film satirizing its government.

The threat posed by North Korea's cyber capabilities is no joking matter. Unlike when it launches a missile or tests a nuclear weapon, pinning down the source of a cyberattack is imprecise at best as the country has plausible deniability. This enables it to launch a cyberattack without concern for additional sanctions being levied, says Donghui Park, in a recent academic paper. Park points out that while North Korea's attacks have not gained international prominence, that does not mean the country has not invested heavily in this area.

“North Korea currently operates about 6,000 cyber warfare troops and conducts cyber warfare, including the interruption of military operations and attacks against major national infrastructure, to cause psychological and physical paralysis in the South,” said a 2014 Defense White Paper from the Ministry of National Defense in South Korea.

Criminal enterprises

This is a tough group to pin down. It's often difficult, if not impossible, to discern whether an attack is a criminal endeavor or the act of a nation-state or perhaps conducted by a gang working for a government. 

One way this can be determined is by what the attack was attempting to accomplish. A ransomware attack, for instance, is most likely criminal in nature as those folks generally want money. But what about a DDoS attack that knocks down a portion of the internet? This could be done for money, as a power-projection maneuver or even just so a hacker can get a few giggles at someone else's expense.

Terrorist groups

Military forces have a term that describes when a device or tactic increases the firepower of a soldier, a unit or a weapons system. It's called a Force Multiplier.

That is what cyberwarfare is to a terrorist or non-state actor group. 

In the same way that handing a machine gun to a soldier greatly increases their ability to put bullets downrange, the huge number of tools available on the dark web enable a single terrorist, even those with just a modicum of computer knowledge, to potentially wreak havoc on a much stronger enemy. However, with that said, none of the world's major terror groups – ISIS/ISIL, Al Queda, Taliban, Hezbollah or Hamas – have conducted what can be considered a large-scale attack. 

That is not to say these groups do not often state their intention to do so, but due to many factors they may have the intent, but not the capability to do so.

“There are a number of factors that contribute to this low capability, but among the most prominent are resources and security,” says Ken Wolf, senior analyst at Flashpoint. “The hackers that have claimed attacks on behalf of ISIS have neither. These actors are not officially recognized by the group, so we can assume that they also do not have financial backing, which is a very limiting factor.”

Much terror group effort is spent attacking each other or trying to fend off attacks on their own site. Alex Kassirer, an analyst at Flashpoint, reported that in late March the website of ISIS-affiliated media unit A'maq Media was hit with a targeted attack that injected a trojan into the site that infected visitors. This led A'maq to warn its readers to not download anything from its own site and it also offered up a quick primer on cyber safety for its followers:

“It is always advised to refer to [official or specifically accredited] sites for downloading official Islamic State material. Downloading from elsewhere is dangerous and such content may include fake or infected material…”

In other news: Global hack attacks

The list of cyber enemies lined up against the United States is long and illustrious, but the five described here are not the only players in the field. And, when it comes to housing hackers, the United States is among the world leaders.

The U.S. houses more than its fair share of black hats, but the nation's best known hackers are employed by the federal government. Yes, the same organization that brought Stuxnet to Iran and has recently been credited with causing North Korean missiles to explode are, in fact, federal employees. A recent Cyware poll stated that 10 percent of all the world's attack traffic originates from the U.S.

Turkey is also a bonafide threat when it comes to hacking – it recently was credited with defacing dozens of Twitter pages. The attacks were allegedly Turkey's response to the refusal by The Netherlands to allow a government official to attend a rally in its country.

Taiwan is also home to a significant population of hackers – and with good reason. The nation, which is still claimed as a province by mainland China, often uses its diminutive neighbor for cyber target practice, so it needs defenders. FireEye reported last year that China targeted several Taiwanese political party websites as part of an ongoing cyberespionage plan. North Korea is also a frequent enemy, having attacked several Taiwanese banks in early April, according to Taiwan News.

Hardly a week goes by when Brazil is not mentioned in the news as either being a hacking victim or the home of the attackers. And, it's often the local hacker attacking domestic institutions. In early April, a Brazilian bank had its online presence pwned. While this attack has not be credited to a local, Brazilian hackers have little to fear from the local police who are overwhelmed with real, not virtual, crimes, according to a Trend Micro report.

No comments: