Cybersecurity and Cyberwar (45 page)
Read Cybersecurity and Cyberwar Online
Authors: Peter W. Singer Allan Friedman,Allan Friedman
500 accounts in a single day
Symantec, “Highlights from Internet Security Threat Report, Volume 18,”
http://www.symantec.com/security_response/publications/threatreport.jsp
, accessed May 20, 2013.
defraud online advertisers
Zhaosheng Zhu, Guohan Lu, Yan Chen, et al., “Botnet Research Survey,” in
Computer Software and Applications, 2008. COMPSAC '08. 32nd Annual IEEE International
, July 28, 2008âAugust 1, 2008,
http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=4591703&url=http%3A%2F%2Fieeexplore.ieee.org%2Fxpls%2F.abs_all.jsp%3Farnumber%3D4591703
.
supporters of the Syrian regime
OpenNet Initiative, “Syrian Electronic Army,”
http://opennet.net/syrian-electronic-army-disruptive-attacks-and-hyped-targets
, accessed April 2013.
the adolescent Internet in the 1980s
C. Cowan, P. Wagle, C. Pu, et al., “Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade,” in
DARPA Information Survivability Conference and Exposition, 2000. DISCEX '00. Proceedings
, vol. 2, 2000,
http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=821514
.
a detailed how-to guide
Aleph One, “Smashing the Stack for Fun and Profit,”
Phrack Magazine
7, issue 49 (August 11, 1996),
http://www.phrack.org/issues.html?issue=49&id=14#article
.
OW
D
O
W
E
T
RUST IN
C
YBERSPACE?
tamper-resistant seals
J. Alex Halderman and Ariel J. Feldman, “PAC-MAN on the Sequoia AVC-Edge DRE Voting Machine,”
https://jhalderm.com/pacman/
, accessed March 15, 2013.
key building block in cryptography
Why did the cryptographer send his breakfast back? His hash wasn't salted.
a Dutch CA's keys
Kim Zetter, “Google Certificate Hackers May Have Stolen 200 Others,”
Threat Level
(blog),
Wired
, August 31, 2011,
http://www.wired.com/threatlevel/2011/08/diginotar-breach/
.
it may even be impossible
Sara Sinclair and Sean W. Smith, “What's Wrong with Access Control in the Real World?”
IEEE Security & Privacy
8, no. 4 (JulyâAugust 2010): pp. 74â77,
http://www.computer.org/csdl/mags/sp/2010/04/msp2010040074-abs.html
.
trade secret law
Evan Brown, “Password Protection Not Enough to Protect Trade Secrets,”
Internetcases
, April 8, 2005,
http://blog.internetcases.com/2005/04/08/password-protection-not-enough-to-protect-trade-secrets/
.
crucial dots unconnected
Stewart Baker,
Skating on Stilts: Why We Aren't Stopping Tomorrow's Terrorism
(Stanford, CA: Hoover Institution Press, 2010), PDF e-book,
http://www.hoover.org/publications/books/8128
, accessed April 2013.
OCUS
: W
HAT
H
APPENED IN
W
IKILEAKS?
“ive made a huge mess”
Evan Hansen, “Manning-Lamo Chat Logs Revealed,”
Threat Level
(blog),
Wired
, July 13, 2011,
http://www.wired.com/threatlevel/2011/07/manning-lamo-logs/
.
“exposing corruption and abuse”
Yochai Benkler, “A Free Irresponsible Press: Wikileaks and the Battle over the Soul of the Networked Fourth Estate,”
Harvard Civil RightsâCivil Liberties Law Review
46, no. 1 (2011): p. 315,
http://harvardcrcl.org/wp-content/uploads/2011/08/Benkler.pdf
.
evidence of their wrongdoing online
Alasdair Roberts, “WikiLeaks: The Illusion of Transparency,”
International Review of Administrative Sciences
78, no. 1 (March 2012): p. 116,
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1801343
.
“corruption, malfeasance, or ineptitude”
Benkler, “A Free Irresponsible Press,” p. 316.
“threat to the U.S. Army”
Stephanie Strom, “Pentagon Sees a Threat from Online Muckrackers,”
New York Times
, March 17, 2010,
http://www.nytimes.com/2010/03/8/us/18wiki.html
.
“gender identity disorder”
Hansen, “Manning-Lamo Chat Logs Revealed.”
“risk to himself and possibly others”
Kim Zetter, “Army Was Warned Not to Deploy Bradley Manning in Iraq,”
Threat Level
(blog),
Wired
, January 27, 2011,
http://www.wired.com/threatlevel/2011/01/army-warned-about-manning/
.
“everything that they were entitled to see”
Marc Ambinder, “WikiLeaks: One Analyst, So Many Documents,”
National Journal
, November 29, 2010,
http://www.nationaljournal.com/whitehouse/wikileaks-one-analyst-so-many-documents-20101129
.
“Information has to be free”
Hansen, “Manning-Lamo Chat Logs Revealed.”
overwrite the music with data
Kevin Poulsen and Kim Zetter, “U.S. Intelligence Analyst Arrested in WikiLeaks Video Probe,”
Threat Level
(blog),
Wired
, June 6, 2010,
http://www.wired.com/threatlevel/2010/06/leak/
.
“american history”
Hansen, “Manning-Lamo Chat Logs Revealed.”
“shutting the barn door”
Eric Lipton, “Don't Look, Don't Read: Government Warns Its Workers Away From WikiLeaks Documents,”
New York Times
, December 4, 2010,
http://www.nytimes.com/2010/12/05/world/05restrict.html?_r=1&
.
dissident listed in the cables
Mark MacKinnon, “Leaked Cables Spark Witch-Hunt for Chinese âRats,'”
Globe and Mail
, September 14, 2011,
http://www.theglobeandmail.com/news/world/asia-pacific/leaked-cables-spark-witch-hunt-for-chinese-rats/article2165339/
.
called for Assange to be tried
Dianne Feinstein, “Prosecute Assange under the Espionage Act,”
Wall Street Journal
, December 7, 2010,
http://online.wsj.com/article/SB10001424052748703989004575653280626335258.html
.
“I think fairly modest”
Secretary of Defense Robert M. Gates and Chairman, Joint Chiefs of Staff Adm. Mike Mullen, “DOD News Briefing with Secretary Gates and Adm. Mullen from the Pentagon,” remarks at the Pentagon, Washington, DC, November 30, 2010,
http://www.defense.gov/Transcripts/Transcript.aspx?TranscriptID=4728
.
prominent high school football players
Alexander Abad-Santos, “Local Leak Tipsters Allege Steubenville Victim Was Drugged,”
Atlantic Wire
, January 4, 2013,
http://www.theatlanticwire.com/national/2013/01/local-leaks-tipsters-allege-steubenville-victim-was-drugged/60597/
.
“modicum of legal protection”
Hansen, “Manning-Lamo Chat Logs Revealed.”
HAT
I
S AN
A
DVANCED
P
ERSISTENT
T
HREAT
(APT)?
“finding them once a day”
Cybersecurity CEO, interview with the authors, Washington DC, May 23, 2013.
“The most impressive tool”
Gary McGraw, private communications with authors, April 26, 2011.
Keep on trucking
Brian Grow and Mark Hosenball, “Special Report: In Cyberspy vs. Cyberspy, China has the Edge,” Reuters, April 14, 2011,
http://www.reuters.com/article/2011/04/14/us-china-usa-cyberespionage-idUSTRE73D24220110414
.
compromised with hidden instructions
Dmitri Alperovitch,
Revealed: Operation Shady RAT
(white paper, Santa Clara, CA: McAfee, 2011), p. 3.
Admiral James Stavridis
James Lewis, “How Spies Used Facebook to Steal NATO Chiefs' Details,”
Telegraph
, March 10, 2012,
http://www.telegraph.co.uk/technology/9136029/How-spies-used-Facebook-to-steal-Nato-chiefs-details.html
.
seek out sensitive information
Alperovitch,
Revealed
, p. 3.
eavesdrop on conversations
Grow and Hosenball, “In Cyberspy vs. Cyberspy, China Has the Edge.”
“phone home” phase
Ibid.
thermostat and printer
“Resisting Chaos,” Strategic News Service, February 4, 2013.
OW
D
O
W
E
K
EEP THE
B
AD
G
UYS
O
UT? THE
B
ASICS OF
C
OMPUTER
D
EFENSE
110 million different species
Pat Calhoun, “The Next Cyber War Is Already in Progress: Security Expert,”
Hacking America
(blog), CNBC, February 27, 2013,
http://www.cnbc.com/id/100501836
.
0.34 percent of signatures
Sang Kil Cha, Iulian Moraru, Jiyong Jang, et al., “SplitScreen: Enabling Efficient, Distributed Malware Detection,”
Journal of Communications and Networks
13, no. 2 (April 2011): pp. 187â200,
http://users.ece.cmu.edu/~sangkilc/papers/nsdi10-cha.pdf
.
12 new detections resulted
Ed Bott, “The Malware Numbers Game: How Many Viruses Are Out There?”
ZDNet
, April 15, 2012,
http://www.zdnet.com/blog/bott/the-malware-numbers-game-how-many-viruses-are-out-there/4783
.
rather snazzy paperweights
Katie Hafner, “Altered iPhones Freeze Up,”
New York Times
, September 29, 2007,
http://www.nytimes.com/2007/09/29/technology/29iphone.html
.
operations network successfully separated
House Committee on Oversight and Government Reform, Subcommittee on National Security, Homeland Defense, and Foreign Operations; Cybersecurity: Assessing the Immediate Threat to the United States, testimony of Sean McGurk, Director of the National Cybersecurity and Communications Integration Center, May 26, 2011,
http://oversight.house.gov/wp-content/uploads/2012/04/5-25-11-Subcommittee-on-National-Security-Homeland-Defense-and-Foreign-Operations-Hearing-Transcript.pdf
.
“skating on thin ice”
Center for a New American Security conference, June 13, 2013, Washington, DC.
“a couple of minutes of peace and quiet”
Dave Paresh, “Some Companies Looking at Retaliating against Cyber Attackers,”
Los Angeles Times
, May 31, 2013.
HO
I
S THE
W
EAKEST
L
INK?
H
UMAN
F
ACTORS
US presidential helicopter
Loren B. Thompson, “Cyber Remedies Likely to Limit Liberties,” Lexington Institute, April 27, 2010,
http://www.lexingtoninstitute.org/cyber-remedies-likely-to-limit-liberties?a=1&c=1129
.
lessons of proper caution
David A. Fulghum, “Cross-Training: Cyber-Recruiters Look for Specialists with Expertise in Many Fields,”
Aviation Week & Space Technology
173, no. 18 (May 23, 2011): p. 48.
ART
II: W
HY
I
T
M
ATTERS
W
HAT
I
S THE
M
EANING OF
C
YBERATTACK?
T
HE
I
MPORTANCE O
T
ERMS AND
F
RAMEWORKS
meeting of diplomats
Neil King, Jr. and Jason Dean, “Untranslatable Word in U.S. Aide's Speech Leaves Beijing Baffled,”
Wall Street Journal
, December 7, 2005.
“millions of cyber attacks”
Testimony before the House Armed Services Subcommittee, Cyberspace Operations Testimony, testimony of Keith Alexander, Commander of US Cyber Command, September 23, 2010.
Internet-related technology
See, for example, William Lynn, “Defending a New Domain,”
Foreign Affairs
89, no. 5 (October 2010),
http://www.foreignaffairs.com/articles/66552/william-j-lynn-iii/defending-a-new-domain
.
“alter, disrupt, deceive, degrade, or destroy”
William A. Owens, Kenneth W. Dam, and Herbert S. Lin, eds.,
Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities
, Committee on Offensive Information Warfare, National Research Council (Washington, DC: National Academies Press, 2009).
two fundamental differences
Ibid.
“scale and impact are absolutely key”
Dmitri Alperovitch, “Deterrence in Cyberspace: Debating the Right Strategy with Ralph Langner and Dmitri Alperovitch,” remarks at the Brookings Institution, Washington, DC, September 20, 2011,
http://www.brookings.edu/~/media/events/2011/9/20%20cyberspace%20deterrence/20110920_ cyber_defense
.
“something we want to try to deter”
Ibid.
designs of combat aircraft stolen
Christopher Drew, “Stolen Data Is Tracked to Hacking at Lockheed,”
New York Times
, June 3, 2011,
http://www.nytimes.com/2011/06/04/technology/04security.html
.
an essential human right
Hillary Rodham Clinton, “Remarks on Internet Freedom,” remarks at the Newseum, January 21, 2010,
http://www.state.gov/secretary/rm/2010/01/135519.htm
.
free flow
Joseph Menn, “Agreement on Cybersecurity âBadly Needed,'”
Financial Times
, October 12, 2011.
undermine state stability
Alperovitch, “Deterrence in Cyberspace.” Alperovitch references discussions with the Chinese Foreign Ministry, where they declared that rumor-spreading on Facebook that causes social unrest in China would be considered a cyberattack.
Western “information war”
Richard Fontaine and Will Rogers, “Internet Freedom and Its Discontents: Navigating the Tensions with Cyber Security,” in
America's Cyber Future: Security and Prosperity in the Information Age
, vol. 2, edited by Kristin M. Lord and Travis Shard (Washington, DC: Center for a New American Security, June 2011), p. 152.
