Tag: warfare

The importance of preparation

March 6, 2022 /

I started wondering how people can prepare themselves for such times, given the recent events. Military clashes are happening in the real world and the cyber one in modern times. The are many parallels between defending assets in both of these worlds. In this article, I shall try listing the different approaches one could use to harden their defenses. At the same time, I shall try giving a clear picture of the target goals of the defenders. 

So what is the ultimate goal of every defender? By default, it is to make the cost of the attack too high, and this way to diminish the gains of that attack. This kind of narrative is often seen in many books focused on the defensive side of cybersecurity. It is important to note that sometimes, people attack other people for personal reasons or even because of emotion. In these cases, attackers usually do not care how much it will cost them to perform the attack. As a defender, we should consider these reasons during the design phase of our defense.

You can see a sample architecture of an off-grid data center on the diagram. Such data centers have much better resilience during any events

There is one exciting proverb regarding the importance of preparation – more sweat in training, less blood in the fight. If we transfer this to the realm of cyber security – the more efforts we put into preparing the infrastructure, the less likely it is to be penetrated. So how we can prepare ourselves for an attack:

  • Buy quality equipment: Your equipment shouldn’t be the most expensive or cheapest. You need gear that can do the job and have a lifespan of at least five years. It is a good idea to buy multiple pieces, so you have hot swaps in case of failure. Items in the middle price range usually are good candidates. 
  • Plan and train: There is little sense in having great gear without using it. Regular training sharpens the skills and decreases the reaction time during the use of the equipment. At the same time, testing the items help check their limits and allows the designer to prepare a better defense. In the realm of cybersecurity, we could do regular red/blue team games where the red team will try to penetrate the infrastructure, and the blue team will defend it.
  • Be realistic: If your attacker has much more resources (money and time) than you, they will penetrate you. There is no great sense in making sure your electronic infrastructure survives an EMP wave coming after a detonation of a nuclear warhead. At the same time, it makes excellent sense to make sure your data is backed up into a protected vault and that you have replacement units if such an event happens.
  • Hack and Slash: Don’t be afraid to modify your equipment if it does not suit your needs. Many security units prefer buying cheaper equipment and rigging it for double or triple purposes. Play around with your gear, and don’t be afraid of breaking it. Sometimes you can find real gems by doing that.

In conclusion, preparation for any defense activity comes with a lot of research. The primary goal of every defender is to increase the cost of attack. The higher the price is, the less motivated the attacker will be. Often the resources of both sides are asymmetric, and thus, some defenders must think such as guerilla fighters or even as Start-Up owners. They have to squeeze the last piece of efficiency provided by their infrastructure.

Should countries hire hacker-privateers to engage other coutries in cyber wars?

January 22, 2022 /

Unfortunately, during the last two years, we saw quite a rise in the number of cybercrimes worldwide. Many attacks allegedly came from nation-state actors, and we observed much blame in the public media space supporting this statement. Life is indeed a challenge, and the strongest ones almost always win. Still, there is a subdue difference between being aggressive and attacking foreign countries and defending your interests and infrastructure. 

As a matter of fact, we could categorize the last couple of years as a series of standalone cyber battles, which could finally end in a fully-fledged cyberwar. And in such situations, some people start fantasizing about hiring hackers-privateers and starting a Cyber World War, where teams of the best hackers will fight each other. It sounds like an incredible plot for a sci-fi novel, but there are reasons why such actions could lead to disaster in reality:

On the diagram, you can see the standard military uses of electrical and communication equipment. Cyberwarfare privateers can use their skills to attack many targets without even going near the real battlefield
  • Global World: We live in a global village. The world is no more disconnected, and one crisis can quickly affect it. Check the COVID-19 situation, for instance. Despite its allegedly natural origin, it blocked the global economy and opened many old wounds. Now, believe me, if a worldwide cyberwar happens, we shall have much more complex problems, which could easily lead to conventional or even a nuclear, large-scale war.
  • Ethical Reasons: An old proverb states that one is to be able, another is to have the will, and the entirely different thing is to do it. Ethical hackers could start a fully-fledged cyberwar suitable for their businesses. However, I believe that cybersecurity must be more oriented to stopping criminals rather than achieving political agenda or starting conventional or nuclear wars. 
  • Willingness: Most white hat cybersecurity specialists will not act of aggression for any sum of money. As patriots, they care for the well-being of their country; however, one thing is being a patriot, another is doing destructive actions versus another country or organization. At the same time, most hackers are criminals. Working for state actors will reveal their personalities and end them in jail. These statements reduce the number of individuals willing to work, such as hacker-privateers, to a tiny number.

In conclusion, cybersecurity and hacking are not similar to conventional armies. Sure, we can use the same terminology and ever do “war” games. But essentially, the whole sector is more identical to the standard private security companies, which defend infrastructure perimeters and fight crime. The role of pentesting companies is to test these defenses acting like criminals. Everything other than that should be categorized as cyber warfare and be forbidden. 

How much damage can one hacker cause to a team of cyber security specialists?

June 17, 2021 /

Cybersecurity has an asymmetric nature. Usually, hacking groups do not have the resources of their targets, or the targets do not have the proper qualification to defend themselves. Now, let’s discuss the one compelling case of a hacker who managed to DDoS companies such as Microsoft and Sony.

He started hacking at the age of sixteen when he developed a Titanium Stresser program that was enough to carry out around 1.7 million attacks. With this program, he got the websites of Microsoft, Minecraft, TeamSpeak, and Xbox Live and earned £386,000 in US dollars. Along with that, he made some bitcoins by selling hacked programs on the Dark web.

The hacker turned 20 until the proceedings of the court continued. He received an accusation of causing losses to schools and colleges by hijacking their local networks. The initial investigation showed that he was also responsible for personally attacking 594 IP addresses through Distributed Denial of Service (DDOS) between 2013 and 2015.

On the diagram, you can see a standard DDoS attack system architecture. The hacker usually has a control server for orchestrating the whole botnet attack.

Later on, the court revealed that the hacker was not alone in his hacking. His program had around 112,000 registered users in a kind of vDoS service, and they collectively hacked over 660,000 IP addresses. He put some clever schemes for gaining users fast, like inviting a friend. Many of these attacks were based in the United Kingdom. One notorious attack was on Runescape. The owner of the company had to protect the website by spending around six million euros.

During the hearing, the hacker’s lawyer tried to justify his stance by saying that his medical condition (a form of autism) was not mild enough to understand between wrong and right. Additionally, the lawyer pled that the hacker was in the gaming community but was not good enough and wanted to make him higher.

Now, I see it quite interesting how a 16 years old kid managed to invent a vDoS service and make over 112,000 people register to this service to attack different services across the World. It is a beautiful case of how asymmetric is the nature of hacking. Despite his lack of resources, he managed to build a botnet network of over 112 000 machines. And all of this without any hacking activity towards the registered users. Let’s take that the average Internet speed is around 50 megabits. The total capacity of the botnet is about 600 gigabits of bandwidth. And all of this done by one single guy.

In conclusion, we have to be happy there are no more hackers such as this one. Most of the hackers are for the money. However, this boy managed to DDoS companies with millions of dollars for a cybersecurity budget. And all of this just for fun. Imagine what could happen in case most of the criminals have similar to his mind.

Cyber war for Natural Resources

June 10, 2021 /

Cyberwarfare is our new reality. There are many examples where state and non-state actors were involved in hacking government-based organizations. Reasons for these attacks are different, but essentially financial gains and personal vendetta are the two most common. However, we could add one more reason for a cyber attack – an attempt to take leverage. Sometimes these cyber-attacks can sabotage even natural resources. Let us see if we could find any example for it or not.

The GERD case:

One example of cyber warfare for natural resources is the one related to the Grand Ethiopian Renaissance Dam. The dam is a reason for a dispute for a long time. However, at the end of June, a hacker group executed many attacks on the Ethiopian government’s websites. The attacks targeted information technology infrastructure, communications, and websites of public service agencies, security organizations, and other public and private institutions. On June 18, the hacker group announced that they would strike six other websites in response to the Ethiopian government intransigence on the GERD issue. As with every cyberattack origin of the attack is unknown.

On the diagram, you can see a sample diagram of how a squad of cyber soldiers can execute their attack. Now think about what will happen with large-scale operations between different nations.

The Colonial Pipeline case:

Another exciting and relatively soon case is the one with the Colonial pipeline. Ransomware managed to block the entire infrastructure of the company. In response, Colonial Pipeline Company halted all of the pipeline’s operations to contain the attack. Colonial Pipeline paid the requested ransom (75 bitcoins or $4.4 million) within several hours after the attack. The hackers then sent Colonial Pipeline a software application to restore their network, but it operated very slowly. How the attackers reacted is a little bit suspicious because usually, attackers want you to receive your data immediately after you pay. In another case, no one will ever pay them again. And most of the cybercriminals are after the money. The origin of this attack is unknown. 

Florida water systems hack:

A plant operator for the city of about 15,000 on Florida’s west coast saw his cursor being moved around on his computer screen, opening various software functions that control the water being treated. The intruder boosted the level of sodium hydroxide—or lye—in the water supply to 100 times higher than normal.

Sodium hydroxide, the main ingredient in liquid drain cleaners, controls water acidity and removes metals from drinking water in treatment plants. Lye poisoning can cause burns, vomiting, severe pain, and bleeding. After the hacker exited the computer, the operator immediately reduced the sodium hydroxide back to its normal level and then notified his supervisor,

In conclusion, governments must treat their systems similar to what big corporates and organizations do. Critical infrastructure needs proper defenses, and a good security level is not achievable without appropriate resources and budget. With the coming of the Internet, the World is no longer a disconnected place with multiple local communities. Now we live in an era where everyone connects to everyone else up to a couple of milliseconds. And as we can see the cyberspace more and more can affect our real lives.

Are hackers used in guerilla warfare?

June 3, 2021 /

Once the top interest of the state was its national integrity and the protection of its borders, that no more seem like the top priority with the rise of globalization. The world has now turned into a global village, and everyone is interconnected. We no longer base the international policy on the principle of expansionism but more on soft and indirect interventions. Cyber-attacks have become very common these days to steal sensitive data or block a critical infrastructure of any country by targeting its vital computer systems. State governments sponsor part of these cyber-attacks to penetrate rival states. Criminals execute another piece for the sake of financial gains.

State-Sponsored Cyber Soldiers:

Despite having conventional solid militaries, many countries are putting efforts into arranging training programs for cyber soldiers who are getting themselves ready for cyber warfare. They are picking up the best people from network exploitation, malware, or firmware reverse engineering. It is essential to understand that cyber warfare usually has asymmetric nature. A small unit attacks a relatively bigger target in terms of resources. That’s the reason these people receive additional training in guerilla warfare by top military specialists.

On the diagram, you can see how different hacker cells secure themselves during different types of communication. Security during operations and internal group communications is with the highest guarantee.

Everyone is welcome to the party:

Almost every country now has a position regarding cybersecurity. And every country confirms that it has or wants to have highly developed cyber warfare systems. Although most countries are strictly against the use of military cyber systems to access the sensitive data of any other country, they keep on developing their cybersecurity platforms. An analysis of cyber capabilities of one relatively big country from 2009 to 2015 showed seven major cyberattacks origin from it. The hacker group tried to hack everything, starting from simple data theft from technological companies to hacking a Personnel Management office of a government agency.

Unofficial cyber attacks:

Not all cyber attacks are for getting to know the secrets of other nations. Sometimes cyber attacks are used to gain access to critical infrastructure and gain leverage during war actions. Cybersecurity is vital during these wartime operations, keeping in mind that now almost everything is digital and modern armies use more and more information systems to increase their efficiency on the battlefield. 

There are several other examples where unaffiliated groups were involved in violating cyberspace. Most cases even show that the state government is well aware of these groups but does not act against them. These attacks bring betterment for the state, so as long as they benefit the government, it does not interfere in their matters but even shields the hacker groups. If they use their skills to steal money, the money comes to the home state, which is beneficial for state economics. That is why governments often allow such hackings in their territory. 

Many unofficial and unethical cybercriminals are the silent pupils of state-sponsored cyber actors. They learn the tricks from the big boys but use them for other malicious reasons and financial gains. It is essential to understand that these days everyone is a target. Especially having in mind that many states manufacture and use military-grade malware. Later this malware can be recycled by criminals and used versus non-state level organizations or even small and medium businesses.