Wednesday, June 01, 2011

Responses to a growing cyberwar

On Tuesday it emerged that Lockheed Martin, the defence contractor, had suffered a massive cyberattack. While the company insisted no sensitive data had been compromised, the incident has rattled governments and security firms around the globe. 

The attack comes on the back of other high profile attacks. Sony's reputation has suffered in recent weeks after its online gaming platform exposed users to fraud [BBC]. And PBS, the US television network, has also been the target of hacks [NYT].

Such attacks have brought several responses. Firms have increased their security, while governments have talked of responding with counter-attacks and even cutting themselves off from the Internet altogether.


The United States and Britain are about to up the anti with talk of possible retaliation. The Ministry of Defence (MoD) in Britain says it will recruit hundreds of cyber experts to shore up UK defences as part of a £650 million fund set aside by the government for dealing with cyber security.

"Our forces depend on computer networks, both in the UK and in operations around the world. But our adversaries present an advance and rapidly developing threat to these networks," said the MoD in a statement.

"Future conflict will see cyber operations conducted in parallel with more conventional actions the sea, land and air operations," it added [BBC]. 

Lockheed attacked

The "significant and tenacious attack" on the Pentagon's biggest IT and arms supplier has heightened concerns in military circles. China has generally emerged as a prime suspect when it comes to such attacks on US interests, although the Pentagon says more than 100 foreign intelligence groups have been trying to pierce their networks. Investigators also say they may never know who the culprits were [BBC / Reuters / Inquirer / Telegraph].     

Lockheed eventually admitted the breach following a report by Reuters. The report revealed that hackers had struck not only Lockheed, but that the attackers had learned how to copy the security keys with data stolen from RSA security division during a sophisticated attack that EMC disclosed in March.

Rising security concerns

RSA, the Security Division of EMC, provides Secure Data, Compliance, SIM, SEM, Consumer Identity, and Access solutions to over 90% of the Fortune 500. What is concerning is that the the attackers appear to have managed to break into the SecurID keys which are widely used in helping increase security for computer log-ins.

SecurIDs are electronic keys that work by applying a two-pronged approach to confirming the identity of the person trying to access a computer system. They are designed to thwart hackers who might use key-logging viruses to capture passwords by constantly generating new passwords to enter the system. Some financial institutions use the system in order to add a second layer of security for on-line banking.

The SecurID generates new strings of digits on a minute-by-minute basis that the user must enter along with a secret PIN (personal identification number) before they can access the network. If the user fails to enter the string before it expires, then access is denied.

The breaches raise serious concerns according to Australian IBRS security analyst James Turner. Speaking to SMH he said the hack threw up serious issues for Australian government organisations and companies.

"Smart attackers want to leave zero evidence of their attack, and this includes publicity," Turner said. "But these attacks have been accompanied by the equivalent of a klaxon and neon signs, and yet the attacker hasn't stopped."

This seemed to show either "ignorance, arrogance, or desperation" by the hackers, but given the targets of the attacks, the timing, the planning required and the outcomes, Turner said he would "rule out" ignorance.

Lockheed Martin not only supply the US, but also many of its allies such as the Australian Defence Force. The implications for the Australian Defence Force and institutions using SecurID systems is particularly significant, Turner says. The fact the hackers persevered with their attack despite setting off alarms was concerning "because someone that doesn't care if they are detected is immensely dangerous" Turner said.

Attacks growing

This year has seen a growth in cyberattacks analysts say. "2011 has really lit up the boards in terms of data breaches," says Josh Shaul, chief technology officer at Application Security, a New York-based company that is one of the largest database security software makers. "The list of targets just grows and grows."

The latest attack is likely to encourage rival defence contractors in the US like Northrop Grumman, Raytheon, General Dynamics and Boeing to take additional steps to safeguard their systems. "I guarantee you every major defence contractor is on double alert ... watching what's going on and making sure they're not the next to fall victim," Shaul said.

But within military circles, some want to go further.  A report in the Wall Street Journal suggests that an upcoming strategy may open the door for physical retaliation.

Military options

"If you shut down our power grid, maybe we will put a missile down one of your smokestacks," one military source told the WSJ. And the Pentagon said Tuesday that it would consider all options if the United States were hit by a cyberattack as it develops the first military guidelines for the age of Internet warfare.

President Barack Obama's administration has been formalizing rules on cyberspace amid growing concern about the reach of hackers. Om May 16 the White House unveiled an international strategy on cybersecurity which said the United States "will respond to hostile acts in cyberspace as we would to any other threat to our country."

"We reserve the right to use all necessary means -- diplomatic, informational, military, and economic -- as appropriate and consistent with applicable international law, in order to defend our nation, our allies, our partners and our interests," the strategy said.

And Pentagon spokesman Colonel Dave Lapan said Tuesday that the White House policy did not rule out a military response to a cyber-attack. "A response to a cyber incident or attack on the US would not necessarily be a cyber response," Lapan told reporters. "All appropriate options would be on the table if we were attacked, be it cyber."

Lapan said that the Pentagon was drawing up an accompanying cyber defence strategy which would be complete in two to three weeks. The Wall Street Journal said the Pentagon would likely decide whether to respond militarily to cyberattacks based on the notion of "equivalence", whether the attack was comparable in damage to a conventional military strike.

Deterrent to hackers

Such decisions would be dependent on identifying the source of the attack, which is notoriously difficult. But the threat of retaliation may stop some attacks. Wesley Clark, the retired US general who led NATO's campaign in Kosovo, said the announcement of guidelines for cyberconflict would serve as a deterrent to those who would consider such an attack.

"It may be that the best response is not to use force, but what this policy will say is that an attack is an attack and could be met by force. It is a matter first of deterrence," Clark told CNN.

While China, Russia and Iran are often cited as being the source of cyberattacks, they have persistently denied they are responsible. China dismisses such accusations and says it too has been the victim of hacking. Iran was the subject of a much publicised attack on its nuclear facilities last year which it blamed on the United States and Israel. The Stuxnet worm reportedly wreaked havoc on computers in the Islamic republic's controversial nuclear program.

Severing the Internet

In a controversial move that may affect business and free speech, Iran has even proposed cutting itself off from the Internet altogether [WSJ / ITProPortal].  

Reports have also emerged in the local press that Iran also intends to roll out its own computer operating system in the coming months to replace Microsoft's Windows. The development is attributed to Reza Taghipour, Iran's communication minister. Iran's national Internet will be "a genuinely halal network, aimed at Muslims on an ethical and moral level," Ali Aghamohammadi, Iran's head of economic affairs, said recently according to a state-run news service. Officials say the new system would be up and running by 2013.

Iranian government officials say they are adopting the changes to counter the "invasion" of Western ideas that could damage Islamic moral values. However, it is clear that security, both domestically and militarily, is behind the move. Some observers suggest the severing of links to the Internet would have a drastic effect on business. However it is likely that banks, ministries and large companies would be allowed special dispensation.

Internet restrictions may widen

Iran is not the only country which restricts the Internet. China's Internet has often been jokingly referred to as an Intranet due to the severe restrictions. While banking is usually unimpeded in China, access to many foreign websites is often difficult or impossible without specialist software. News websites and social networking sites are particularly targeted, but even communication portals are affected. Over the past few years there have been blocks on email services even if temporary. Gmail, Google's email service, has been severely disrupted over recent weeks, with users in China finding access either slow or impossible. And in the past few days some Skype users have talked about difficulty using the service in China.

With new regulations applied by China's Internet regulators last year, it has been widely perceived that China was creating a 'white list' of Internet sites. All websites wanting to operating in China were required to apply for an operating licence, those failing to do so would effectively be blocked. The wording in the document did not make it clear how foreign based websites would be affected, but there was speculation that access to outside sites might become more difficult.

In 2009 China Internet Network Information Center, known as CNNIC, a semi-official office that administers China's domain names, said it was to tighten the rules of Chinese domain-name registrations. New registrants of domain-names with China's ".cn" suffix are required to show proof they are a government-registered business or organization. It effectively makes it harder for individuals to set up domestic Web sites.

At the time the Beijing News gave a deeper insight to the new restrictions and how they might affect websites based outside of China. The 22nd December 2009 edition reported on the full notice released by the Ministry of Industry and Information Technology (MIIT), which was framed as a campaign against the proliferation of pornography on mobile devices.

The MIIT notice listed five measures for domain name management. The first measure suggests that a blacklist be drawn up "to prevent the owners of domain names found to be in violation from applying for additional domain names." The second calls for a tightening of the registration procedures "to ensure that all application documents are accurate." The third point is the most concerning however. It says that "Unregistered domain names will not be resolved."

"It will be regrettable if law-abiding overseas websites, part of the world-linking Internet, are inaccessible because they have not filed with MIIT," the paper said [WSJ / Shanghaiist / Globalvoicesonline / Danwei].

VOIP under threat

Recently China ruled that VOIP services such as Skype were operating illegally and could be blocked [Telegraph]. While that decision was made in December of last year, it remains unclear if China will follow through and block the popular Internet telephone service. In China such decisions are usually balanced around business and social stability issues.

For democracies the issue surrounding the cyber threat is one of national security and financial concerns. In countries where there are increasing calls for greater freedom, there are other worries, that of maintaining the status quo. As protests sweep across the Middle East, countries like Iran and China are already clamping down on dissent. Stopping the spread of information through the Internet may quell any rising disquiet, but it can also have an effect on commerce. Cutting off the Internet may stop both protests and even cyberattacks, but the economy will also be seriously disrupted. Leaders and institutions have difficult decisions to make as they walk the technological tightrope.

tvnewswatch, Beijing, China

No comments: