October 27, 2016

When Perception is Not Reality: Perspectives on State-Sponsored Hacking and Retaliation

NBC News recently reported that the CIA is poised to launch a retaliatory cyber-attack against Russian computer systems. This comes in the wake of multiple hacking incidents that were almost certainly motivated by a desire to influence the upcoming presidential election. In a rare move, DHS and the ODNI have publicly attributed these attacks to Russian nation-state actors. Most experts agree that this type of attribution is not declared without some certainty on the part of intelligence officials.Regardless of who the finger is ultimately pointed at, retaliation seems either unlikely or (more than likely) has already been carried out in some way shape or form. Despite the declaration of retaliatory efforts from government officials, one question arises: Is it really necessary? The prevalence of seemingly rogue, pro-American, hacktivism is on the rise. Couple this with major news outlets misreporting on cyber events and we find ourselves on a slippery slope towards Cold War 2.0. For instance, The Jester, who some have called a modern-day vigilante and “Cyber Batman”, recently “defaced” the website of the Russian Foreign Ministry in retaliation to Russian interference with the US presidential election. Various news organizations quickly picked up the story after he boasted on his twitter page. Russian officials were heard to be scrambling to minimize damage.The only problem with The Jester’s hack? It didn’t actually happen (sort of). He simply used URL shorteners and took advantage of a cross-site scripting vulnerability in the website to make it appear he had hacked the site. In actuality, he did not alter anything. Other so called hacktivist groups continue to exert their alleged cyber dominance on entities as they feel so fit, whether it be a nation state, company, or even individual. In the end, the media spin put on these actions varies wildly, and the lack of understanding of information security from news outlets is at times astounding.Regarding the aforementioned article from NBC, the information security community was quick to key on the use of the phrase “opening cyber doors.”. The use of this term has been lampooned as one further example of media incompetence when reporting on cyber security issues. This follows the San Bernardino County DA’s puzzling use of the term “cyber pathogen” in appeals to compel Apple to unlock a terror suspect’s iPhone. Unremarkably, these criticisms have dominated the headlines within the InfoSec echo-chamber, as even the more established voices have dogpiled on the use of this phrase: InfoSec community might be too busy laughing at “cyber” jokes to provide meaningful insight. The term “opening cyber doors” appears to be a bad analogy for Computer Network Exploitation (CNE). The Department of Defense defines CNE as “enabling actions and intelligence collection via computer networks that exploit data gathered from target or enemy information systems or networks”.[1]The word “enabling” in this context is distinct from intelligence collection; it is its own separate mission. And while these actions are often taken to facilitate collection activities, they are also conducted to support another operation in the DoD lexicon: Computer Network Attack (CNA). CNA is defined as “actions taken through the use of computer networks to disrupt, deny, degrade, or destroy information resident in computers and computer networks, or the computers and networks themselves”.[2]It is, however, doubtful that the CIA is paving the way for significant cyber-attacks. If for no other reason, the intelligence community jealously guards the technical equity that allows it to conduct network exploitation, and these assets are typically “burned” during the course of an overt operation. It is unlikely that recent provocation would convince officials to spend any meaningful resources in retaliation, especially in an effort that is largely political.The article from NBC says as much – it describes an operation “designed to harass and ‘embarrass’ the Kremlin leadership.” Based on this criteria, it is possible that the technical work associated with this effort may already have been completed, and others have suggested the same or even that the outcome The Jester’s Jest (pardon the pun) served this exact purpose: to “harass and embarrass.” In all likelihood, any documents or revelations that appear as a result of state sponsored retaliation will come from under a “cyber paperweight” where they’ve been for some time.[1][2] ibid

Continue reading

cybersecurity newsletter
The MPG newsletter

Get great curated articles into your inbox.

Our semi-regular newletter is a great source of information.
No spam!