728x90 AdSpace

Latest News
October 24, 2016

The Internet and The New Digial Warfare

By David Dittman, Wall Street Daily

Literally everything is a weapon in the Digital Age.

Yesterday, we talked about what may be the earliest days of an all-out cyberwar with Russia and Vladimir Putin.
Today, we’re going to talk about some things that may be even more frightening.
During a compelling sit-down with Establishment conversationalist Charlie Rose, former Assistant Attorney General and chief of the U.S. Department of Justice National Security Division John Carlin talked about threats emerging in this new era of constant interconnection.
The internet is a wonderful thing. It could also lead to our doom.
There are nation-states — including Russia, China, North Korea, and Iran — that can and will penetrate government and corporate networks to do us harm.
We’ve already revamped policies and procedures to address these relatively symmetric threats, as Carlin explained with regard to Chinese attempts at economic espionage, the North Koreans’ comical attack on Sony, and Russia’s ongoing effort to muck up the current presidential election.

Motivations here are easy to define and understand, whether it be China’s profit hunger, North Korea’s vengeance for slighting Dear Leader, or Russia’s and Putin’s antipathy toward democracy.
More troubling — and perhaps more dangerous — are the asymmetric threats lying among terrorist groups operating via social media and in the “dark web.”
These malefactors will hack private networks “in order to steal names to create kill lists, which is an actual case,” according to Carlin.

The internet is a wonderful thing. It could also lead to our doom.

Carlin describes what appeared to be a “routine criminal hack” of a company’s network — a run-of-the-mill theft of names and addresses in order to “make a buck” via ransom.
In the case Carlin cites, the hacker stole a relatively small number of names — an amount of information so insignificant that a company would ordinarily not report it.
The hacker demanded a payment of $500 for the names — who happened to be U.S. government and military officials — via Bitcoin. Typically, companies would just pay the money or otherwise handle the problem on their own.
But this company — “a trusted U.S. retail company” — did report this particular hack, which was actually not some low-level shakedown. Behind it was an extremist from Kosovo who had moved to Malaysia and hooked up with British-born Pakistani “black hat hacker” Junaid Hussain.
Hussain was operating out of Syria “at the heart of” the Islamic State of the Levant terrorist organization, better known as ISIL or ISIS. Hussain “culled through that list of names to make a kill list.”
Hussain used Twitter to “publish” that kill list in the United States — basically soliciting adherents/assassins here at home to finish the work.
Despite the fact that its targets were far-flung and moving “at the speed of cyber,” the U.S. government was able to disrupt the plot.
Ardit Ferizi, the Kosovo hacker, was arrested in Malaysia and in June 2016 pleaded guilty in U.S. federal court and faces 25 years in prison.
Junaid Hussain was, says a statement from the U.S. Central Command, “killed in a military strike.”
We’re talking now about the “blended threat,” the overlap of what appears to be criminal activity with a national security situation involving a nation-state or a terrorist operation run by militant groups.
When it comes to cyberwarfare, it’s not always so easy to identify threats. At the same time, Carlin notes that we’re “much better at investigation and attribution than people thought.”
That conclusion is supported by the China economic espionage case, where the government was able to pinpoint a 9-to-5 working schedule (including a lunch break) for the hacker(s). That it was a “day job” provides “a hint as to who’s involved.”

We’re talking now about the “blended threat,” the overlap of what appears to be criminal activity with a national security situation involving a nation-state or a terrorist operation run by militant groups.

The government used behavioral analysts from the FBI — “profilers” you see on so many procedurals on TV — to help solve the North Korea/Sony case. The FBI now has expect cyberprofilers.
It’s a sophisticated approach incorporating behavior analysis with technical understanding of malware that helps the feds reach “high-confidence conclusions” about who’s responsible for hacking activity.
We’re still extremely vulnerable, based on the pace of advancement of digital culture over the past several decades and the potential for where we’re headed.
“It’s not only electronic; it’s digital, and we’ve connected almost all of it to the internet,” as Carlin notes. “And the internet was not designed with security in mind.”
Spies, crooks, and terrorists are well aware of this profound vulnerability. “The whole world’s playing catch-up now,” says Carlin.
In this world of “blended threats,” options for retaliation aren’t limited to cyberspace. The U.S. government response kit includes not just computers but economic; diplomatic; and, yes, military tools as well.
And as did the perpetrators of the September 11, 2001, terrorist attacks, those who would do us harm via the internet have made their aspirations clear.
ISIL/ISIS, for example, has appealed to its followers around the world to participate in “cyber-Jihad” to create “as much fear and inflict as much damage as they can.”
“We have right now a well-funded ecosystem of crime,” explains Carlin, establishing a capability context through which terrorists’ intent can be actualized.
What’s commonly referred to as the “dark web” comprises sites with IP addresses that can’t be seen. It’s not mapped in the way that the internet you and I search with Google is.
“In that dark web, you have things like criminal groups who create, essentially, cyberweapons of mass destruction,” says Carlin, “like a bot-net — this is hundreds and hundreds of thousands of compromised computers that a bad guy can turn into a weapon by hitting a command.”
Iran used a bot-net on 46 global financial institutions via a “digital denial of service” (DDoS) attack.
Hackers can also use “cryptolockers” to encrypt your personal computer and lock all your files. They can then demand a ransom payment.
“It’s not only electronic; it’s digital, and we’ve connected almost all of it to the internet. And the internet was not designed with security in mind.”
They can also coordinate attacks on hospitals and encrypt its records, resulting in “a matter of life or death.”
On the dark web, you can “literally shop” for stolen credit cards or a bot-net to launch a DDoS attack. There are actually customer reviews for such products and services, a la Amazon.com.
“We’re on the cusp of a major societal transformation,” notes Carlin. “As big of a change as it was when we digitalized information, now we’re moving to the Internet of Things.”
That includes driverless cars run by computers. And, as Charlie interjects, “If you can hack that computer, you can send that car anywhere you want to.”
“Think about what one terrorist did with one truck in Nice,” responds Carlin. “What happens when you have a fleet of trucks?”
The key now is to learn from the mistakes we made when the move from paper to digital happened: We have to consider security first.
“When it comes to things like cars and trucks and missiles, planes, drones, this internet of things, or pacemakers, we have to build security in on the front end by design.”
Carlin explains an odd dilemma at the heart of this rapidly emerging future: “security versus security,” and it’s a question of privacy:
When we think through some of the hard issues, like “Is there certain information you ought to be able to obtain via a court order?” and “What should a company’s responsibility be in making its information accessible?”
We strongly believe in encryption. Because we want to keep information secure. And we wouldn’t want even the government to get it without proper legal process.
But designing a system so that it is both secure from the bad guys who want to steal or destroy your information and secure as in “a safe place” to prevent terrorists from committing attacks…
I’m optimistic that we’ll be able to innovate our way out of this situation.
Carlin — if you can muster some trust in a decades-long Justice Department official — provides solid foundation for the case that Putin himself is behind Russia’s and WikiLeaks’ U.S. presidential election mischief.
But that’s all part of an emerging “great game.” It’s not a deadly conflict, not yet at least.
The asymmetric threats are the real killers.

Courtesy of David Dittman, Editorial Director, Wall Street Daily (More from Wall Street Daily Here)  
The views and opinions expressed herein are the author's own, and do not necessarily reflect those of EconMatters.

© EconMatters All Rights Reserved | Facebook | Twitter | YouTube | Email Digest | Kindle

  • Blogger Comments
  • Facebook Comments
Item Reviewed: The Internet and The New Digial Warfare Rating: 5 Reviewed By: EconMatters