Re: The CyberWar in real time.

Nice eye candy, but what does it mean, besides the US getting pasted? Can the type of attack inform us if it's a prank or something more serious like data theft?

Re: The CyberWar in real time.

It tells us that all software is broken. Proceed at your own risk.

Re: The CyberWar in real time.

I've posted this before:

https://www.ccdcoe.org/

NATO's centre of excellence for cyber defense.

More than coincidentally located in Estonia, the location of the first generally acknowledged "cyberwar" in the last decade.

The story of Estonia's defense is quite an interesting one as it relied on the existing national militia framework(sort of like a poorly funded and resourced national guard with a strong social component) that has existed in Estonia for quite some time, where Estonians in the civilian IT sector took it upon themselves to quickly self organize into a cyber arm of the existing militia framework.

The founder went on to work as a senior advisor to the Estonian President/PM.

Re: The CyberWar in real time.

Well, doesn't seem to be a problem here in MD. But sooner or later someone's gonna create a hostile AI and set it loose in the wild. Once it starts to reproduce things will get interesting.

Re: The CyberWar in real time.

Next time Brian Williams or his carefully coiffed successor assigns blame to some foreign actor for a cyberoutrage, I expect the "Cyber Threats Intelligence Integration Center" (CTIIC) to figure prominently in the coverage.

According to AP (actually, according to AP’s Ken Dilanian, the notoriously obliging amanuensis to the US security establishment ):
Hmmm.

On the issue of prevention, I am rather skeptical of the "we will gather all the hay in the world in one gigantic stack and sift through it in real time to find the needle" assumption, though I remain optimistic that it will fund tuition payments for intel bureaucrats and contractors for many years into the future.

And, unless hackers are hopelessly stupid, I wonder if the vaunted private sector input - "gathering threat signatures, and profiling hacker groups" - will, instead of identifying gormless hackers, simply assemble a larger pile of bullsh*t innuendo to be mined when a forensically weak case needs some additional fragrance.

On the other hand, I believe that the CTIIC (or "Stick" as I hope they are already calling it) will perform yeoman service on the key matter of promptly and effectively documenting and evangelizing the US government's case in the attribution of cyberattacks that have already occurred.

As I argued in various venues recently with reference to the Sony hack, for purposes of semiotics (clear messaging, positioning, blame avoidance, and signaling of US government intentions) if not forensics (proving whodunit), painting a convincing, action-worthy cyber-bullseye on the back of some foreign enemy is a major challenge for governments these days.

When some high-profile outrage like Sony occurs, the US government has to make a prompt show of control, capability, and resolve. Letting a bunch of data nerds chew over the data for a few weeks and spit up an equivocal conclusion like "It looks like the same guys who did this did that, and maybe the guys who did that were … " doesn’t quite fill the bill.

Which is pretty much what happened on Sony. Various private-sector and government actors all stuck their oar in, contradictory opinions emerged, messaging was all over the map.

"Stick" fixes that. By establishing a central clearing house for relevant information, the US government is on the right side of the information symmetry equation. "You say you think this, but you don’t know this, this, and this, or the stuff we can’t tell you because it’s classified above your clearance."

And even if the real takeaway from the investigatory process still is "It looks like the same guys who did this did that, and maybe the guys who did that were … " it comes out as "The Cyber Threats Intelligence Integration Center has attributed this cyberattack to North Korea with a high degree of confidence. By Executive Order, the President has already commanded CyberCommand to make a proportional response."

You get the picture.

So I expect jobs one and two and three for CTIIC will be to generate persuasive dossiers for backgrounding, leaking, whatever on the People's Republic of China, North Korea, and the Russian Federation, to be deployed when some mysterious alchemy of evidence, circumstance, and strategy dictate that one of them has to get tagged as The Bad Guy for some cyberoutrage.

Especially if the cyberoutrage has the American government’s own fingerprints all over it - which is apparently not a remote contingency.

A document from the Snowden trove reveals that the NSA posited that the high-profile Shamoon attack on Aramco in August 2012, which was attributed to Iran, was retaliation for the "Wiper" virus unleashed on the Iranian oil industry a few months before. Wiper, according to Kaspersky, a security software company, bore a distinct resemblance to acknowledged US/Israeli jointly developed anti-Iran malware like Stuxnet.

Just as a reminder, in a speech to business bigwigs, the CIA director at the time, Leon Panetta, characterized Shamoon as an unprovoked attack - indeed a "Cyber Pearl Harbor" - against a private corporation, apparently in an effort to persuade corporations they had a lot of skin in the national cybersecurity game.

The inference that Shamoon was plausibly 1) retaliation for US/Israeli dirty tricks and 2) using US/Israel's own dirty trickbag, casts an interesting sidelight on Panetta's remarks. Maybe the true significance of his speech was that the US government now realized US interests were vulnerable to effective cyber-retaliation, and it was time to play the "foreign menace" card in order to inoculate the US security establishment against rather well-founded suspicions that its own cyber-shenanigans might result in heightened threats and gigantic costs for US corporations that otherwise might not have a dog in the global cyberfight. You know, like Sony.

But there was more to the story than PO'd Iranians fighting back. The rapid Iranian counterattack had itself incorporated elements of the Wiper software. As Wired reports:
And there’s more. Lots more.

Wiper is also believed to have inspired a
In other words, the Sony hack: Made in America!

Unsurprisingly, the theme of the NSA document was anxiety that America’s enemies were turning its own weapons against it. The immediate focus was Iran, but the NSA could and should be more anxious that it unwittingly augmented China’s cyber arsenal.

I find it likely that Iran invited the PRC to have a look at Stuxnet and Wiper and maybe even exchanged some ideas with Iran’s hackers.

But maybe the PRC didn’t even need to visit Tehran. One of the embarrassing secrets of Stuxnet, marketed to the public as a zero-collateral-damage super precision cyberweapon targeting Iran’s air-gapped computer network at its nasty uranium centrifuge facility, was more cyber-Ebola, escaping into the cybersphere and infecting about 100,000 hosts.

Looking at the NSA memo and the Sony hack, it is pretty plausible that the US state-of-the-art malware capabilities are not just in the hands of Iran and, maybe the PRC and North Korea. So perhaps the underlying and unspoken NSA anxiety is that the Stuxnet/Wiper suite of nasties is not only held by state actors, albeit antagonistic ones, with whom the United States can engage.

Maybe the NSA (or Israel, which may have mischievously released Stuxnet just to bedevil anybody else who was controlling banks of uranium centrifuges with Siemens PLCs) also committed the cyber equivalent of proliferating WMDs to terrorists: putting the world’s most powerful cyberweapon in the hands of the black-hat hacking community.

No wonder the US needs CTIIC. Gotta control that story, channel outrage against the necessary enemy, and short-circuit those embarrassing blowback accusations.

In other words, Talk Loudly and Carry a Big CTIIC.

Peter Lee writes on East and South Asian affairs and their intersection with US foreign policy. His articles can be found on his blog site ChinaMatters.

Re: The CyberWar in real time.

The eye candy is pretty for sure, but the info is pretty meaningless. For one, this org is highly unlikely to be capturing all data through all trans-ocean fibre pipes interconnecting all the continents and parsing it in real time to really be able to provide a global map of attacks. Likely only the NSA has the skill, funding and (illegal) access to make such a nightmare a reality. Further, identification of source country by translating IP address and in the background doing a "WHOIS" check against RIPE.NET, APNIC, ARIN.NET etc is highly misleading for tracking even any mediocre hacker. More than likely any hacker with 1/2 a clue would be attacking from behind at least a few VPN/Proxy's obfuscating his real geographical location. At most the source IP reveals where the attack is being launched from , but not where the hacker actually is attacking from. Further, these days the vast majority of attacks aren't actually by somebody sitting at a computer typing away on a black screen with scrolling green text. The reality is that a tiny minority of expert hackers create a sophisticated piece of software that can scan huge amounts of global IP addresses to check if a particularly new vulnerability exists at each IP address. Said software then parses through all the data in real time and exports attack targets to a second piece of software that actually does the attacking - all automatically. In other words, a real hacker these days just creates a piece of software, and launches it... then the software does all the work for days on end while the hacker is probably not even at his computer. The other 97% of hackers just buy or copy the software and if they have some skill might make minor modifications and use it for their own purposes. Sadly, this would make for a pretty boring hollywood hacker movie scene. In extremely few cases is a hacker actually targetting a very specific destination, and I'd argue those that do are probably government funded.