Information Warfare CSH 6 Chapter 14 Information Warfare

  • Slides: 38
Download presentation
Information Warfare CSH 6 Chapter 14 “Information Warfare” Seymour Bosworth 1 Copyright © 2020

Information Warfare CSH 6 Chapter 14 “Information Warfare” Seymour Bosworth 1 Copyright © 2020 M. E. Kabay. All rights reserved.

Topics Ø Introduction Ø Vulnerabilities Ø Goals and Objectives Ø Sources of Threats and

Topics Ø Introduction Ø Vulnerabilities Ø Goals and Objectives Ø Sources of Threats and Attacks Ø Weapons of Cyberwar Ø Defenses CSH 6 Chapter 14: “Information Warfare” 2 Copyright © 2020 M. E. Kabay. All rights reserved.

Introduction Ø Definition* q. Offensive and defensive use of information & information systems q.

Introduction Ø Definition* q. Offensive and defensive use of information & information systems q. To deny, exploit, corrupt or destroy q. An adversary’s information, information-based processes, information systems, and computer-based networks q. While protecting one’s own. Used with permission of Robert Duffy, Avalon 5. com q. Designed to achieve advantages over military or business adversaries. _______ *Dr Ivan Goldberg, Institute for Advanced Study of Information Warfare 3 Copyright © 2020 M. E. Kabay. All rights reserved.

Vulnerabilities Ø Critical Infrastructure Ø COTS Software Ø Dissenting Views Ø Rebuttal 4 Copyright

Vulnerabilities Ø Critical Infrastructure Ø COTS Software Ø Dissenting Views Ø Rebuttal 4 Copyright © 2020 M. E. Kabay. All rights reserved.

Critical Infrastructure Ø Presidential Decision Directive 63 (PDD-63) q. President Clinton (1998) qhttp: //www.

Critical Infrastructure Ø Presidential Decision Directive 63 (PDD-63) q. President Clinton (1998) qhttp: //www. fas. org/irp/offdocs/pdd-63. htm q. Defined US critical infrastructure includes üTelecommunications üEnergy üBanking and finance üTransportation üWater systems üEmergency services Ø These systems are vulnerable to asymmetric warfare – effective attack by much weaker adversaries (e. g. , Mafia Boy vs AMAZON & e. BAY in 2000) 5 Copyright © 2020 M. E. Kabay. All rights reserved.

COTS Software Ø Military and civilian sectors both depend on COTS (commercial off-the-shelf )

COTS Software Ø Military and civilian sectors both depend on COTS (commercial off-the-shelf ) software q. Microsoft OS has become monoculture q. Continues to be vulnerable to subversion q. Allows study and exploitation by adversaries Ø Some hardware being manufactured in potentially hostile nations q. Much manufacturing in PRC q. Some claims of hardware Trojans (e. g. , keyboard equipped with keylogger) 6 Copyright © 2020 M. E. Kabay. All rights reserved.

Dissenting Views Ø Some critics dismiss discussion of cyberwar as FUD q. Fear, Uncertainty

Dissenting Views Ø Some critics dismiss discussion of cyberwar as FUD q. Fear, Uncertainty and Doubt q. Designed to increase sales of hardware, software and consulting services Ø Personal attacks on early promulgators of information warfare doctrine q. Controversial figure: Winn Schwartau q. Author of novel Terminal Compromise q. Nonfiction Information Warfare and Cybershock texts q. Lampooned as wild-eyed self-publicist q. Actually a committed security expert 7 Copyright © 2020 M. E. Kabay. All rights reserved.

Rebuttal to FUD claims Ø Growing evidence of asymmetric use of information systems in

Rebuttal to FUD claims Ø Growing evidence of asymmetric use of information systems in conflicts Ø Industrial espionage from PRC growing Ø Conflicts around world demonstrate role of Internet as tool and target q India/Pakistan q Bosnia q Koreas q Iranian unrest in June 2009 – role of Internet and Twitter crucial Ø Potential remains high – e. g. , PSYOP using flash crowds to obstruct emergency personnel or create targets for terrorists 8 Copyright © 2020 M. E. Kabay. All rights reserved.

Goals and Objectives Ø Military Ø Government Ø Transportation Ø Commerce Ø Financial Disruptions

Goals and Objectives Ø Military Ø Government Ø Transportation Ø Commerce Ø Financial Disruptions Ø Medical Security Ø Law Enforcement Ø International & Corporate Espionage Ø Communications Ø Economic Infrastructure 9 Copyright © 2020 M. E. Kabay. All rights reserved.

Military Perspective 10 Ø US Joint Doctrine for Operations Security (OPSEC) q Identifying critical

Military Perspective 10 Ø US Joint Doctrine for Operations Security (OPSEC) q Identifying critical information q Analyzing friendly actions in military ops q Identify which ops can be observed by adversaries q Determine what adversaries could learn q Select and apply measures to control vulnerabilities to minimize adversarial exploitation Ø Some discussion of potential offensive cyberoperations q US Air Force established AF Cyber Operations Command to be stood up June 2009 q US Army established 2009 Army Posture Statement on Cyber Operations Copyright © 2020 M. E. Kabay. All rights reserved.

Sources of Threats and Attacks Ø Nation-States Ø Cyberterrorists Ø Corporations Ø Activists Ø

Sources of Threats and Attacks Ø Nation-States Ø Cyberterrorists Ø Corporations Ø Activists Ø Criminals Ø Hobbyists Image © 2009 Beatrix Kiddoe. Used under terms of service of Photobucket. http: //media. photobucket. com/image/threats/Beatrix. Kiddoe/motivator 63931 0. jpg? o=19 11 Copyright © 2020 M. E. Kabay. All rights reserved.

Nation-States: China Ø People’s Republic of China major actor q. People’s Liberation Army doctrine

Nation-States: China Ø People’s Republic of China major actor q. People’s Liberation Army doctrine explicitly includes information warfare q. Widespread evidence of massive probes and attacks originating from China through state sponsorship q. Formal training for cadres Ø Other countries involved in information warfare q. ECHELON (SIGINT) organized by UK-USA Security Agreement (Australia, Canada, New Zealand, the United Kingdom, and the United States) 12 Copyright © 2020 M. E. Kabay. All rights reserved.

Nation-States: Stuxnet (2010) 13 Ø Written to subvert SCADA for Siemens centrifuge programmable logic

Nation-States: Stuxnet (2010) 13 Ø Written to subvert SCADA for Siemens centrifuge programmable logic controllers (PLCs) q. Damaged Uranium-enrichment centrifuges in Iran q. Spun too fast – crashed physically Ø 60% of Stuxnet infections were in Iran Ø Speculations that US & Israel wrote Stuxnet Worm q. No direct proof q. Circumstantial evidence includes codes and dates that might be related to Israel q. Documents supporting view that US involved were released by Edward Snowden in July 2013 Copyright © 2020 M. E. Kabay. All rights reserved.

Cyberterrorists Ø Remains a theoretical possibility Ø Individual criminal-hacker / hobbyist attacks raise concerns

Cyberterrorists Ø Remains a theoretical possibility Ø Individual criminal-hacker / hobbyist attacks raise concerns q Documented interference (mostly pranks) with üGround traffic üEmergency 911 systems üAir-traffic control üHospital systems…. Ø Pranksters have been spreading false news via Twitter (deaths of celebrities…. ) Ø Growing use of insecure wireless systems raises additional concerns for PSYOP 14 Copyright © 2020 M. E. Kabay. All rights reserved.

Corporations (1) Ø Potential for sabotage against rivals q Documented cases of interference using

Corporations (1) Ø Potential for sabotage against rivals q Documented cases of interference using computers and networks Ø 1999 – BUY. COM underpriced its $588 Hitachi monitors at $164 – perhaps through effects of competing knowbots Ø 2000 – Sun accused Microsoft of corrupting Java to interfere with platform independence Ø 2000 – Steptoe & Johnson employee accused of denial-of-service attack on Moore Publishing Ø 2000 – AOL accused of interfering with other ISPs by tampering with Internet settings 15 Copyright © 2020 M. E. Kabay. All rights reserved.

Corporations (2) Ø 2005 – FCC investigated phone company ISP interference with Vonage Vo.

Corporations (2) Ø 2005 – FCC investigated phone company ISP interference with Vonage Vo. IP Ø 2006 – Businessman selling t-shirts hired hacker to damage competitors using DDo. S q. Infected 2000 PCs with slave programs in botnet q. Disabled Websites and online sales q. Jason Arabo (19 years old) sentenced to 30 months prison & $500 K restitution q. Hacker (16 years old) sentenced to 5 years prison & $35 K restitution 16 Copyright © 2020 M. E. Kabay. All rights reserved.

Hacktivists (1) Ø Hacktivists use criminal hacking in support of politics or ideology Ø

Hacktivists (1) Ø Hacktivists use criminal hacking in support of politics or ideology Ø 1989: WANK (Worms Against Nuclear Killers) q. Infected DOE, HEPNET & NASA networks q“You talk of times of peace for all, and then prepare for war. ” Ø 1998: Electronic Disturbance Theater q. Indigenous peoples’ rights in Chiapas, Mexico 17 Copyright © 2020 M. E. Kabay. All rights reserved.

Hacktivists (2) Ø 1998: Free East Timor (Indonesian Web sites) Ø 1998: Legions of

Hacktivists (2) Ø 1998: Free East Timor (Indonesian Web sites) Ø 1998: Legions of the Underground declared cyberwar on Iraq and China Ø 1999: Jam Echelon Day: traffic with many keywords thought to spark capture by spy network Ø 2000: World Trade Organization q. Hackers probed Web sites 700 times q. Tried to penetrate barriers 54 times q. Electrohippies launched Do. S attack 18 Copyright © 2020 M. E. Kabay. All rights reserved.

Hacktivists (3) Ø 2004: Electronic Disturbance Theater launched Do. S on conservative Web sites

Hacktivists (3) Ø 2004: Electronic Disturbance Theater launched Do. S on conservative Web sites during Republican National Convention Ø 2008: Project Chanology launched against Church of Scientology Ø 2008: Chinese hackers attacked CNN Web sites to protest Western media bias Ø 2009: much Web-defacement activity during attack by Israel on Gaza 19 Copyright © 2020 M. E. Kabay. All rights reserved.

Hacktivists (4) Ø Anonymous (Anon) q 2003 – 4 chan board q. No leaders

Hacktivists (4) Ø Anonymous (Anon) q 2003 – 4 chan board q. No leaders q. Focus on defending Wikileaks in 2010 -2011 q. Attacked Church of Scientology q. QUESTION: doing good or not? 20 Copyright © 2020 M. E. Kabay. All rights reserved. Guy Fawkes Mask

Criminals (1) Ø Stock manipulation: pump ‘n’ dump schemes q. NEI Webworld pump-and-dump (Nov

Criminals (1) Ø Stock manipulation: pump ‘n’ dump schemes q. NEI Webworld pump-and-dump (Nov 1999) q 2 UCLA grad students & associate bought almost all shares of bankrupt NEI Webworld company q. Using many different pseudonyms, posted >500 messages praising company q. Also pretended to be company interested in acquisition q. Within 1 day stock value increased from $0. 13 to $15 per share q. Made ~$364 K profit 21 Copyright © 2020 M. E. Kabay. All rights reserved.

Criminals (2) Ø Los Angeles gasoline-pump fraud (1998) q New computer chips in gasoline

Criminals (2) Ø Los Angeles gasoline-pump fraud (1998) q New computer chips in gasoline pumps ü Cheated consumers ü Overstated amounts 7%-25% q Complaints about buying more gasoline than capacity of fuel tank ü Difficult to prove initially ü Programmed chips to spot 5 & 10 gallon tests by inspectors ü Delivered exactly right amount for them! Ø Organized crime (esp. Russian, Eastern European) involved in identity theft Ø Methods and targets could be used in organized statesponsored information warfare, especially if SCADA (supervisory control and data acquisition) systems targeted 22 Copyright © 2020 M. E. Kabay. All rights reserved.

Weapons of Cyberwar ØDenial of Service ØMalicious Code ØCryptography ØPSYOP ØPhysical Attacks ØBiological &

Weapons of Cyberwar ØDenial of Service ØMalicious Code ØCryptography ØPSYOP ØPhysical Attacks ØBiological & Chemical WMD ØWeapons Inadvertently Provided 23 Copyright © 2020 M. E. Kabay. All rights reserved.

Denial of Service Ø Attacks preventing systems from reaching normal levels of function or

Denial of Service Ø Attacks preventing systems from reaching normal levels of function or service Ø Terminology: q. Do. S – denial of service q. DDo. S – distributed denial of service üLaunching attacks from many sources üBotnets – compromised computers under control of master computer program Ø Excellent example of asymmetric warfare Ø Simple example: pressing key on HP 3000 computer console without ENTER → progressive hang due to saturation of system buffers Ø See CSH 6 Chapter 18 for ample details 24 Copyright © 2020 M. E. Kabay. All rights reserved.

Malicious Code Ø Terminology: q. Viruses, worms, Trojan horses üSee CSH 6 Chapter 16

Malicious Code Ø Terminology: q. Viruses, worms, Trojan horses üSee CSH 6 Chapter 16 q. Mobile code such as Java, Active. X, VBscript üSee CSH 6 Chapter 17 Ø Malware widespread q. In 1980 s & 1990 s used by individuals q. In 1990 s & 2000 s increasingly used by organized crime q. Significant evidence of state-run malware research and development 25 Copyright © 2020 M. E. Kabay. All rights reserved.

Cryptography Ø Cryptography used in military operations for millennia Ø Cracking ciphertext top priority

Cryptography Ø Cryptography used in military operations for millennia Ø Cracking ciphertext top priority for governments and criminals q. Parallel processing q. Ultra-high-speed computers (teraflops) Ø Debate about international traffic in strong cryptography q. International Traffic in Arms Regulation (ITAR) of US restricts export q. Critics regard ITAR application to cryptography as pointless 26 Copyright © 2020 M. E. Kabay. All rights reserved.

PSYOP (1) Ø Psychological operations = PSYOP q Planned psychological activities q Directed to

PSYOP (1) Ø Psychological operations = PSYOP q Planned psychological activities q Directed to enemy, friendly, neutral audiences q To influence emotions, motives, attitudes, objective reasoning & behaviors q In ways favorable to originator Ø Targets at all levels (individuals, groups, organizations, military, civilian) Ø Goals q Reduce morale & combat efficiency among enemy q Promote dissension & defection among enemy q Support deception operations by friendlies q Promote cooperation, unit, morale in friendlies 27 Copyright © 2020 M. E. Kabay. All rights reserved.

PSYOP (2) Ø Classic example of PSYOP: preparation for Normandy invasion q. Allies fabricated

PSYOP (2) Ø Classic example of PSYOP: preparation for Normandy invasion q. Allies fabricated & planted leaks about supposed invasion at Pas de Calais q. Nazis believed that General George S. Patton was leading invasion q Concentrated Nazi troops away from actual Normandy landing areas Ø Sep 11, 2001 WTC bombing & subsequent anthrax -spore scare illustrate effects similar to PSYOP – demoralization, economic consequences, changes in culture 28 Copyright © 2020 M. E. Kabay. All rights reserved.

Physical Attacks Ø Sep 11, 2001 attacks had noticeable effects on information infrastructure Ø

Physical Attacks Ø Sep 11, 2001 attacks had noticeable effects on information infrastructure Ø Backhoe attacks facilitated by warning signs about where not to dig – indicate communications trunks Ø Undersea cables susceptible to sabotage Ø International prevalence of car bombings, suicide bombings & IEDs (improvised explosive devices) causing rethinking about weapons of cyberwar Ø Increased attempts to secure civilian infrastructure Ø But much of public policy described as security theater (after Bruce Schneier) by critics 29 Copyright © 2020 M. E. Kabay. All rights reserved.

Biological & Chemical WMD Ø Weapons of Mass Destruction (WMD) q Direct effects can

Biological & Chemical WMD Ø Weapons of Mass Destruction (WMD) q Direct effects can be devastating q Fear (PSYOP) caused by such attacks a serious issue – causes damage through shutdown of critical infrastructure Ø Tokyo 1995 q Sarin nerve gas released in Tokyo subway system q Killed at least 6 people, sickened 1000 s q Released by members of Aum Shinrikyo cult Ø Anthrax in US mail 2001 q Sent to offices of 2 US Senators, various media HQ in NY & FL q Killed 5 people and infected more than dozen others 30 Copyright © 2020 M. E. Kabay. All rights reserved.

Weapons Inadvertently Provided Ø Vulnerabilities in software systems open nation to cyberwar q. Bad

Weapons Inadvertently Provided Ø Vulnerabilities in software systems open nation to cyberwar q. Bad software design (see RISKS FORUM DIGEST) q. Poor software quality assurance q. Rush to market of incompletely tested software Ø See CSH 6 Chapters q 38 Writing Secure Code q 39 Software Development & Quality Assurance q 40 Managing Software Patches & Vulnerabilities 31 Copyright © 2020 M. E. Kabay. All rights reserved.

Defenses Ø Legal Defenses Ø Forceful Defenses Ø Technical Defenses Ø In-Kind Counterattacks q.

Defenses Ø Legal Defenses Ø Forceful Defenses Ø Technical Defenses Ø In-Kind Counterattacks q. Problematic because of address spoofing q. Not certain where attacks originate q. Could attack wrong target Ø Cooperative Efforts 32 Copyright © 2020 M. E. Kabay. All rights reserved.

Legal Defenses Ø International legal system ineffective vs infowar q Information warfare not prohibited

Legal Defenses Ø International legal system ineffective vs infowar q Information warfare not prohibited under UN charter (except if it causes death or property damage) q Little or no police power to enforce few laws that exist governing infowar q Sovereignty trumps law in cross-border communications q No major powers have pressed to international laws or treaties to govern infowar q Politics may override legal judgement q Power of criminals supersedes legal systems q Identifying source of attacks difficult q Technology advances faster than laws Ø Not likely to see legal defenses used against cyberattack 33 Copyright © 2020 M. E. Kabay. All rights reserved.

Forceful Defenses Ø Barriers to the use of force q. US increasingly reluctant to

Forceful Defenses Ø Barriers to the use of force q. US increasingly reluctant to use force without international support q. Identity of attackers may be unclear q. Spoofing may lead to misidentification q. Difficult to characterize specific incident as cyberattack, error, accident, or malfunction q. Attackers may not be state actors – cannot launch war against criminals, activists, individuals q. UN doctrine limits reactions to proportional response Ø Thus unlikely to see forceful response to cyberattack 34 Copyright © 2020 M. E. Kabay. All rights reserved.

Technical Defenses Ø All the technical defenses used in protecting computers and networks against

Technical Defenses Ø All the technical defenses used in protecting computers and networks against individual attack can be used in cyberdefense Ø Entire contents of CSH 6 apply to cyberwarfare defense Ø Constant attention to evolving vulnerabilities and threats Ø Special value for INTEL and COINTEL activities q. Intelligence to track state and non-state actors; e. g. , infiltration, monitoring Internet chatter q. Counterintelligence to identify spies and saboteurs 35 Copyright © 2020 M. E. Kabay. All rights reserved.

In-Kind Counterattacks Ø Problematic because of address spoofing q. Not certain where attacks originate

In-Kind Counterattacks Ø Problematic because of address spoofing q. Not certain where attacks originate q. Could attack wrong target Ø Recent incidents have been inconclusive q. Israelis vs Arabs q. Taiwan vs PRC q. Kashmir vs India q. Serbs vs Albanians q. PRC vs USA Ø Fundamental asymmetry of attacker/defender makes counterattacks in kind futile 36 Copyright © 2020 M. E. Kabay. All rights reserved.

Cooperative Efforts Ø Little evidence of international cooperation to fight cyberterrorism or limit cyberwarfare

Cooperative Efforts Ø Little evidence of international cooperation to fight cyberterrorism or limit cyberwarfare Ø Strong efforts by US military to increase cyberwarfare capabilities 37 Copyright © 2020 M. E. Kabay. All rights reserved.

DISCUSSION 38 Copyright © 2020 M. E. Kabay. All rights reserved.

DISCUSSION 38 Copyright © 2020 M. E. Kabay. All rights reserved.