Overview: Cyber Risks

Read Article | Comments

Author: Paul Meyer

Chair, Canadian Pugwash Group | Senior Advisor, ICT4Peace

Cyberspace, the broad term for the system of networked computer systems for which the Internet is the chief embodiment, is a unique, human-created environment. The potential of information and communication technology to benefit humanity is vast and the growth in its use world-wide has been exponential. Today close to four billion people are connected to the Internet and a community of “netizens” has emerged.

Unfortunately, the growth of cyberspace has not been matched by a similar development of global governance for it. Even more worrisome, is the degree to which cyberspace has become “militarized” with states developing capabilities, not only for the defence of their own systems, but also offensive capabilities that threaten damage and destruction to entities beyond their borders. These trends within national security establishments of leading cyber powers have accelerated and the detrimental impact of cyber operations on civilian interests has grown. A narrative of “cyber war” has been espoused by major states, depicting this remarkable product of human ingenuity as just another “war-fighting domain”.

Read more

Video interview with Paul Meyer


Video credit: ICT4Peace Foundation. A longer interview is available on YouTube at https://youtu.be/BveJ3V1ADUo.

To Post a Comment

Please wait a few seconds for the comments to load at the bottom of this page. Then read the ideas other people have shared and reply or add your own knowledge. The space for comments is in a pale font. It’s good to give your comment a title by selecting it and clicking the “B” (for “boldface”). And you can italicize passages with the “I”, indent, add hyperlinks (with the chain symbol) or even attach a photo or graphic from your hard drive by clicking the paperclip at the right side of the space. Have fun with it!

Subscribe
Notify of

69 Comments
Newest
Oldest
Inline Feedbacks
View all comments

Protecting Society from Surveillance Spyware

Ron Delbert, the Director of “Citizen Lab” at the University of Toronto has published an article in “Issues of Science and Technology” outlining the threat posed by sophisticated spyware and making several recommendations for government action to counter the abuses carried out via this malware: context. Deibert has recently testified to a Parliamentary Committee on the use of such surveillance technology by Canadian law enforcement.

Disinformation and the use of inauthentic news sites

This report by the cyber security firm Mandiant
https://www.mandiant.com/resources/pro-prc-information-operations-campaign-haienergy
sheds light on an apparent PRC information operations campaign which exploited an established PR firm to support a wide ranging dissemination of pro-Beijing, anti-Western content via a network of some 72 inauthentic news sites. It is but one example of how technology has enabled an amplification of disinformation operations.

Cyber Security at the UNGA First Committee session

The General Assembly’s First Committee concluded its 2021 session November 3rd with the adoption of a consensual resolution to guide the UN’s work on international cyber security. This once again established a single forum after three years of parallel processes. While this consolidation is positive there are many issues crucial to non-governmental stakeholders which have not been properly addressed and doubts remain as to whether the new Open Ended Working Group will be able to make the transition from discussion to deeds going forward. 

My commentary on developments was published by ICT4Peace: here

Great post. Articles that have meaningful and insightful comments are more enjoyable, at least to me. It’s interesting to read what other people thought and how it relates to them or their clients, as their perspective could possibly help you in the future.

Putin Approves Ratification of CIS Agreement on Cyber Security Cooperation

TASS: Russian News Agency | 1 July 2021

MOSCOW, July 1. /TASS/. Russian President Vladimir Putin signed a bill on ratifying an agreement on cooperation between the Commonwealth of Independent States (CIS) countries in the fight against cyber crimes.
The document was published on the official portal of legal information.
The agreement was inked in September 2018 at the meeting of the CIS Heads of State Council in Dushanbe, Tajikistan. The document is aimed at establishing modern legal mechanisms for practical interaction of Russian competent authorities with colleagues from other CIS countries for effectively preventing, detecting, thwarting, investigating and solving cyber crimes.
This involves cooperation in the exchange of data on impending or committed crimes and persons behind them, responding to the calls for assistance in providing data that can facilitate the investigation as well as coordinated operations.”

Read more

Link: https://tass.com/politics/1309447

Defense Official Testifies About DOD Information Technology, Cybersecurity Efforts

Terri Moon Cronk | DOD News | 30 June 2021

President Joe Biden’s interim National Security Strategic Guidance and Secretary of Defense Lloyd J. Austin III’s priorities drive key areas on the Defense Department’s cloud, software network modernization, cybersecurity work, workforce, command-and-control communications and data, DOD’s acting chief information officer said.

John Sherman told the House Armed Services Committee’s panel on cyber, innovative technologies and information systems that cloud computing is a critical step for the enterprise. “We’ve made cloud computing a fundamental component of our global [information technology] infrastructure and modernization strategy,” he said yesterday. “With battlefield success increasingly reliant on digital capabilities, cloud computing satisfies the warfighters’ requirements for rapid access to data, innovative capabilities, and assured support.”

The DOD remains committed in its drive toward a multi-vendor, multi-cloud ecosystem with its fiscal year 2022 cloud investments, which represent more than 50 different commercial vendors, including commercial cloud service providers and system integrators, he added.
And the DOD’s ability to leverage that technology has matured over the last several years, and it’s driving hard to accelerate the momentum even more in that space, Sherman said.”

Read more

Link: https://www.defense.gov/Explore/News/Article/Article/2678059/defense-official-testifies-about-dod-information-technology-cybersecurity-effor/

House Panel Approves DHS Bill with ‘Historic’ Funding for Cybersecurity

Mariam Baksh | Nextgov | 30 June 2021

“A bill to fund the Department of Homeland Security now heads to the full Appropriations Committee in the House after passing unopposed through the related subcommittee with $2.42 billion for the Cybersecurity and Infrastructure Security Agency.

“As the nature of the threats facing the country changes, the missions and investments of the Department of Homeland Security must quickly adapt and respond. This bill makes historic investments in cyber and infrastructure security,” said Rep. Lucille Roybal-Allard, D-Calif., chairwoman of the Appropriations subcommittee on homeland security.

The bill approved Wednesday—which includes funding to deal with contentious immigration issues and a host of other things such as defending the U.S. against Russian aggression in the Arctic—makes $52.81 billion available to DHS in discretionary funding, $934 million more than for 2021. Roughly a third of that increase—$397.4 went to boosting CISA, DHS’ newest agency.

After the committee released a draft of the bill Tuesday, Rep. Jim Langevin, D-R.I., a member of the Cybersecurity Solarium Commission, thanked Roybal-Allard for CISA’s funding level in the bill, which is also $288 million more than President Joe Biden requested for the agency. 

“If we are going to stop the current wave of ransomware and prevent another SolarWinds-like hack, Congress must step up to the plate and adequately fund CISA,” Langevin said. “I’m thrilled that the Appropriations Committee is allocating $2.42 billion for CISA, our nation’s premier cybersecurity agency, in line with the Solarium Commission’s recommendation. For months, I’ve been calling for Congress to allot more resources for CISA, and I’m so grateful to Chairwoman Roybal-Allard for her abiding commitment to shoring up our nation’s cyber defenses.”

Read more

Link: https://www.nextgov.com/cybersecurity/2021/06/house-panel-approves-dhs-bill-historic-funding-cybersecurity/182690/

ASEAN Cyber Challenge in the Spotlight With New Center

Prashanth Parameswaran | The Diplomat | 30 June 2021

“One of the items of note to have come out of the recently concluded virtual ASEAN Defense Ministers Meeting (ADMM) on June 15 was the formalization of a cyber center of excellence based in Singapore. While the development itself was not surprising, it nonetheless spotlighted the continued significance of cyber security as a defense issue of importance for Southeast Asian states, as well as some of their key partners.
Cybersecurity has been an increasing focus for Southeast Asian states as well as ASEAN as a grouping in the context of the region’s attempts to balance the opportunities afforded by the digital economy with the challenges posed by the increasing sophistication of cyber threats in an increasingly networked world and their links to other challenges such as terrorism.
Specifically, these issues have been recently addressed by the ADMM, widely characterized as the premier defense institution within ASEAN. Recent years have seen the institutionalization of a new ADMM-Plus cyber security working group in 2016 and the establishment of new bodies like the ASEAN-Japan Cybersecurity Capacity Building Center, which was announced during Thailand’s 2019 ASEAN chairmanship.”

Read more

Link: https://thediplomat.com/2021/06/asean-cyber-challenge-in-the-spotlight-with-new-center/

UK Cyber Security Council Launches Opening Initiatives

James Coker | Infosecurity | 30 June 2021

“The UK Cyber Security Council has launched its first two initiatives as part of its remit to boost professional standards in the cyber industry.
The council, which started work as an independent body on March 31 2021, has invited 16 members of the Cyber Security Alliance to apply for a role in determining the terms of reference for two new committees: a Professional Standards & Ethics Committee and a Qualifications & Careers Committee. The Cyber Security Alliance is a group of organizations that the UK government established in 2019, from which the council was set up.
The two new committees will be involved in helping ensure a common set of standards are adopted throughout education and training interventions related to cybersecurity. This represents the first stage to provide a focal point through which industry and the professional landscape can advise, shape and inform national policy on cybersecurity professional standards.”

Read more

Link: https://www.infosecurity-magazine.com/news/uk-cyber-security-council-opening/

Incremental Progress or Circular Motion? – The UN Group of Governmental Experts (UNGGE) Report 2021

Making progress on complex issues in a forum like the United Nations with 193 state parties and a consensus decision-makingOne of the most difficult problems that the GGEs faced was the question of how the conduct of states in cyberspace related to international law, including international humanitarian law. A major accomplishment of the 2013 GGE was the affirmation that international law, including the UN Charter, applied to cyberspace. It was soon apparent however that this affirmation had not resolved underlying differences over the interpretation of how international law applied to the cyber conduct of states, particularly in the context of international security. Disagreement over this question had been the proximate reason for the failure of the previous GGE to reach a consensus outcome in 2017. The place of international humanitarian law (aka the law of armed conflict) in this new realm of military operations was especially contentious. Some states sought a confirmation that international humanitarian law would cover state cyber operations, whereas others resisted the notion arguing that this could sanction treating cyberspace as a legitimate domain for armed conflict., if the progress achieved appears more of a circular than linear nature.

This situation is evident in the final report of the UN Group of Governmental Experts (GGE) on “Advancing responsible State behaviour in cyberspace in the context of international security” adopted at the group’s fourth and final meeting May 28, 2021.i The GGE which operated in the 2019-2021 timeframe with 25 nationally appointed “experts” was the most recent in a series of six such GGEs that have been organized by the UN since the turn of the century.ii Two of these (2003-2004 and 2016-2017) failed to achieve consensus and didn’t produce a substantive report. Four were able to agree on consensus reports in 2010, 2013, 2015 and the most recent in 2021. The chief aim of all these GGEs was to develop “norms of responsible state behaviour in cyberspace” as part of the effort to determine how the potent technology of the Internet and related computer networks could be managed in light of the UN’s goal of maintaining international peace and security.

This dispute surfaced in the proceedings of the UN Open-Ended Working Group (OEWG) on “Developments in the field of Information and Telecommunication in the context of International Security” which ran in parallel with the GGE in the 2019-2021 timeframe and was able to arrive at a consensus report at its final meeting in March 2021.iii This result was only achieved by dividing the report into two sections: a section that had consensus approval and a “Chairman’s Summary” which contained elements that were not able to command consensus agreement and had to be issued in a non-binding manner under the Chairman’s own authority. The international humanitarian law issue fell victim to this cut being relegated to the Chairman’s Summary despite the support of many states and an energetic plea by the International Committee of the Red Cross to preserve a positive reference to it in the main report. The ICRC argued that acknowledging that international humanitarian law would apply to an armed conflict occurring in cyberspace should in no way be construed as condoning the militarization of cyberspace or legitimizing cyber warfare. In the event this construction was not sufficient to persuade skeptical states to accept the ICRC’s proposed text in the consensus report.

The fate of this issue in the OEWG is relevant to that of the GGE as observers had hoped that the latter forum (operating under a very similar mandate to that of the OEWG) might be able to provide “value added” to the OEWG proceedings by clarifying this crucial relationship between state conduct and international law. Part of this hope rested on the smaller grouping of the GGE and its more private deliberations. While the issue was addressed in the GGE report it was not resolved. Essentially the question was kicked down the road by the GGE. The key sentence reads: “The Group recognized the need for further study on how and when these principles [IHL] apply to the use of ICTs by States and underscored that recalling these principles by no means legitimizes or encourages conflict”. iv As much in the way of offensive cyber operations conducted by states, which the GGE refers to as “malicious activity”, happens below the threshold of armed conflict the international community is not really any further along in its understanding of what legal constraints apply to these operations. 

This gap is all the more worrisome when one considers the major growth in damaging and disruptive offensive cyber operations carried out by states and/or non-state actors in the past couple of years that the GGE and the OEWG have been functioning. This increased level of threat is acknowledged by the GGE at several points in its report: “Incidents involving the malicious use of ICTs by States and non-state actors have increased in scope, scale, severity and sophistication”; “The Group underlines the assessment of the 2015 [GGE] report that a number of States are developing ICT capabilities for military purposes and that the use of ICTs in future conflicts between States is becoming more likely”; “The Group notes a worrying increase in States’ malicious use of ICT-enabled covert information campaigns to influence the processes, systems and overall stability of States.”; “Harmful ICT activity against critical infrastructure that provides services domestically, regionally or globally…have become increasingly serious.”; “The COVID-19 pandemic has demonstrated the risks and consequences of malicious ICT activities that seek to exploit vulnerabilities in times when our societies are under enormous strain”; “New and emerging technologies expand the attack surface, creating new vectors and vulnerabilities that can be exploited for malicious ICT activity”. After such a litany of rising threats the Group’s conclusion that “Such activity can pose a significant risk to international security and stability, economic and social development, as well as the safety and well-being of individuals” comes across as understated and anticlimactic.

In the face of these burgeoning threats what defences has the GGE to offer? It basically can only revert to the eleven norms of responsible state behaviour agreed as part of the 2015 GGE. A rather limp injunction is directed at those responsible: “States are called upon to avoid and refrain from the use of ICTs not in line with the norms of responsible state behaviour”. vi The impression left in reviewing the chief body of the report, which consists of reproducing the 11 norms of the 2015 GGE with some annotation, is that matters have not progressed much beyond the norms agreed six years ago. While the GGE claims that it has “developed additional layers of understanding to these norms” these layers seem rather thin and even threadbare. Frequently, the report simply offers up a tentative recommendation for states to consider further action in realizing the normative goals. For example, in a section on the issue of attribution, the report “…recommends that future work at the UN could also consider how to foster common understandings and exchanges of practice on attribution”.vii The task is passed on to some unspecified body at some indeterminate future point in time.

Similarly, in a section devoted to cooperation to counter terrorist or criminal use, the report’s advice is that “States may need to consider whether new measures need to be developed in this respect”. viii The report notes the utility of common templates to facilitate requests for assistance and the response to them, but then merely states: “Such templates could be developed at the bilateral, multilateral or regional level”ix. On the sensitive issue of vulnerability disclosures (and the unmentioned black market in “zero-day” cyber exploits in which government buyers have driven prices up exponentially) the report again manages only a convoluted and theoretical response: “At the national, regional and international level, States could consider putting in place impartial legal frameworks, policies and programmes to guide decision making on the handling of ICT vulnerabilities and curb their commercial distribution as a means of protecting against misuse that may pose a risk to international peace and security or human rights and fundamental freedoms”.x Too often the report’s recommendations have a diffuse, aspirational quality of the “somebody might consider doing something about this at some point” variety.

The GGE like the OEWG before it, gives only a brief, ritual nod to the contribution that other stakeholders (“the private sector, civil society, and the technical community”) could make to inter-state dialogues.xi The GGE in its consideration of the existing norms also fails to recognize the positive role that accountability mechanisms for implementation could play in incentivizing states to align their cyber practices with the “norms of responsible behaviour” they have endorsed. As with the OEWG, the GGE has not really advanced tangible action to curb malicious cyber activity. Regrettably, the GGE efforts seem to have yielded more circular motion than real progress. Translating the 2015 norms from the status of declaration to one of implementation remains, six years after they were agreed, largely unfinished business for the UN. 

Link: https://ict4peace.org/wp-content/uploads/2021/06/GGECyber2021Circular-Motionf.pdf

Last edited 3 years ago by Paul Meyer

Cyberattacks Grind Hanford Nuclear Energy Workers’ Benefit Program to a Halt
Patrick Malone | The Seattle Times | 10 May 2021

“Cyber attacks on the U.S. government have abruptly paused processing of benefit applications for workers who were sickened while working on nuclear weapons programs at Hanford and other Department of Energy sites, delaying aid to some dying workers, according to advocates.
Without warning, advocates from the Alliance of Nuclear Workers Advocacy Group received notice late last Friday that effective Monday, a vital component of the Energy Employees Occupational Illness Compensation Program would be offline for two to four months.
The Radiation Dose Reconstruction Program databases’ sudden hiatus could delay approval of new benefits for groups of workers who believe they’ve been exposed to workplace hazards.
Among them are more than 550 workers from Hanford, a mothballed plutonium processing site in Richland, who were potentially exposed to radiation and toxins when they were provided leaky respirators, according to a Seattle Times investigation last year.
Those workers are seeking inclusion in the federal benefits program administered by the Department of Labor. The National Institute of Occupational Safety and Health plays an instrumental role in determining eligibility.”

Read more

Link: https://www.seattletimes.com/seattle-news/times-watchdog/cyberattacks-grind-hanford-nuclear-energy-workers-benefit-program-to-a-halt/

Why were they issued leaky respirators? For Covid treatment or because they have to stop breathing regular air when they are in a particularly dangerous area? This article mentions aid to dying workers. Are people still dying from jobs they performed decades ago or what?

The Cybersecurity 202: A Group of Industry, Government and Cyber Experts have a Big Plan to Disrupt the Ransomware Crisis
Tonya Riley with Aaron Schaffer | The Washington Post | 29 April 2021

“A task force of more than 60 experts from industry, government, nonprofits and academia is urging the U.S. government and global allies to take immediate steps to stem a growing global crisis of cyberattacks in which hackers seize computer systems and data in exchange for a ransom. 

The group, which issued a report today, says swift, coordinated action can disrupt and deter the growing threat of cyberattacks that use ransomware, a malicious software that locks up computer systems so that criminals can demand ransom in exchange for access.

“We’re seeing critical parts of the economy being hit by ransomware, including, for example, health care in particular,” says task force co-chair Megan Stifel, executive director of Americas at the Global Cyber Alliance. “When you start to see a broad scale of victims across multiple elements of the economy being hit there can ultimately, if not abated, be catastrophic consequences.”

Read more

Link: https://www.washingtonpost.com/politics/2021/04/29/cybersecurity-202-group-industry-government-cyber-experts-have-big-plan-disrupt-ransomware-crisis/

Last edited 3 years ago by Adam Wynne

Defense is a whole lot harder than offense in this game. And if you catch the hackers, what are the penalties? The heaviest weapon would be economic sanctions against another country, if you could prove that the hackers were government agents. And how far have economic sanctions worked in other cases? Not an impressive record of success. The Russians offered to negotiate treaties a while back but nobody took up their offer. It’s easy to understand why not, but look where things are headed now!

U.S. Nuclear Modernization: Security & Policy Implications of Integrating Digital Technology

8 December 2020 | NTI

“An expansive, complex undertaking to modernize the United States’ nuclear bombs and warheads, their delivery systems, and the command, control, and communications infrastructure around them is underway. It is a project that carries the potential for great benefits through an increase in digital systems and automation, as well as the addition of machine learning tools into the U.S. nuclear triad and the supporting nuclear weapons complex. But it also is one that carries significant risks, including some that are not fully understood. If it does not take the time to protect the new systems integrated with some of the deadliest weapons on earth from cyberattack, the U.S. government will be dangerously outpaced in its ability to deter aggressors.”

Given the stakes, why take on new risks at all? The reason to integrate digital technologies into U.S. nuclear weapons systems is clear: this is the first significant upgrade of U.S. nuclear weapons systems in nearly 40 years, and the old systems need replacing. The most efficient way to update the full nuclear triad of bombers, submarines, and ground-based missiles, as well as the bombs, warheads, and command, control, and communications network, is to use today’s technology, including digital tools. From digital displays on bomber aircraft to advanced early-warning sensors and machine-learning-enabled nuclear options planning tools, this U.S. nuclear weapons recapitalization, like past modernizations, will be a product of its time.Read more

Link: https://www.nti.org/analysis/reports/nti-modernization-report-2020

Last edited 3 years ago by Adam Wynne

This writer actually tells us that we will be better off with all these improvements in nuclear weapons. What a horrible thought! Just get rid of them, stupid.

Enough is enough. Here’s what we should do to defend against the next Russian cyberattacks

By Alex Stamos, Washington Post, Dec. 15, 2020

Alex Stamos is the director of the Stanford Internet Observatory and the former chief information security officer of Yahoo and Facebook.
The details are still trickling in, but it seems possible that the latest Russian cyberattacks against the Departments of Homeland Security, Treasury and State; the National Institutes of Health; and possibly dozens of companies and departments will turn out to be one of the most important hacking campaigns in history.

The current reporting suggests that the Russian Foreign Intelligence Service (SVR), long considered Russia’s most advanced intelligence agency in cyber operations, managed to compromise the servers of an important vendor of information technology software and implant a back door. This company, SolarWinds, services tens of thousands of corporate and government clients, and its products naturally have access to critical systems. Since March, we’ve now learned, the SVR has been able to use this toehold to jump into the networks of a variety of highly sensitive organizations. I expect the true impact of the overall campaign won’t be known for months or years as thousands of companies scramble to determine whether they were breached and what was stolen.
While we don’t have all the details, it is already clear that something is wrong with how our country protects itself against the hackers working for our adversaries in Russia, China, Iran and North Korea. As the Biden administration puts together its plan to secure the United States against these kinds of attacks, and Congress considers how to update the existing bipartisan cybersecurity consensus, I offer three initial fixes.

First, we need to build a cyberspace equivalent of the National Transportation Safety Board. Such an agency would track attacks, conduct investigations into the root causes of vulnerabilities and issue recommendations on how to prevent them in the future. As things stand now, our only public account of this latest attack will come from the class-action lawsuits filed by lawyers acting on behalf of affected companies and shareholders. When I worked for Yahoo, I saw myself what happened after the company was attacked by the Russians. Legal teams produced dozens of depositions and reviewed hundreds of thousands of documents; then they collected their million-dollar payouts, and that was that. No public documentation resulted; no useful lessons were learned.

We should create a mechanism to handle cyberattacks the same way we react to serious failures in other complex industries; the NTSB offers a useful model. While voluntary transparency from technology companies such as FireEye has been helpful, it won’t provide the kinds of detailed reporting across dozens of victims that will enable other security teams to learn from this attack and thereby make the SVR’s job a bit harder.
And while we’re at it, let’s make sure Congress passes a federal data breach law that covers the thousands of secret breaches that occur every year but aren’t publicly discussed. Such attacks have included attempts to acquire critical vaccine datarocket designs or trade secrets. But there’s no law requiring that they be disclosed unless they include the credit card numbers, email addresses and other bits of personal information covered by state breach laws. Our society can’t respond to the overall risk as long as we’re discussing only a fraction of the significant security failures.

Second, Congress and the new administration can work together to put defensive cybersecurity on the same level as offensive cyber operations and intelligence gathering. The Cybersecurity and Infrastructure Security Agency (CISA) was created only two years ago to coordinate defending both the public and private sectors. While CISA quickly established itself under director Chris Krebs, who was fired by President Trump for his truthful statements regarding election security, the size and technical competence of the agency does not yet match up to that of its offensive cousins.

CISA has about 2,200 employees spread across its cyber and infrastructure responsibilities. By comparison, the National Security Agency, only one of 17 members of the U.S. intelligence community, has more than 40,000. Patching routers at the Interior Department isn’t as sexy as destroying Iranian centrifuges or reading the correspondence of the Chinese Communist Party, but it is certainly just as important when you consider that the United States has the largest, most technologically advanced, and therefore most vulnerable, economy in the world.

Third, the Biden administration can appoint individuals with practical, hands-on defensive experience to key roles in the White House and critical agencies. Official Washington has long disrespected cybersecurity expertise in a way that would be unthinkable in other complex professions. The Senate would never confirm a malpractice attorney to be a surgeon general, and the president would never ask a Judge Advocate General Corps officer to serve as chairman of the Joint Chiefs of Staff.
But this, in effect, is just how Washington has treated cybersecurity — as something best understood by the lawyers who prosecute cybercrime and defend breached companies. This isn’t to dismiss the contributions made by members of the legal profession; there are many smart, dedicated lawyers working in the cybersecurity field. Even so, the Biden cybersecurity team should include the voices of people who have real experience preventing, detecting and responding to crises like the one our country is facing today. It’s long overdue that we started treating cyberthreats with the seriousness they deserve.

Six Russian GRU Officers Charged in Connection with Worldwide Deployment of Destructive Malware and Other Disruptive Actions in Cyberspace

19 October 2020 | Department of Justice, United States of America | https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and

“On Oct. 15, 2020, a federal grand jury in Pittsburgh returned an indictment charging six computer hackers, all of whom were residents and nationals of the Russian Federation (Russia) and officers in Unit 74455 of the Russian Main Intelligence Directorate (GRU), a military intelligence agency of the General Staff of the Armed Forces.

These GRU hackers and their co-conspirators engaged in computer intrusions and attacks intended to support Russian government efforts to undermine, retaliate against, or otherwise destabilize: (1) Ukraine; (2) Georgia; (3) elections in France; (4) efforts to hold Russia accountable for its use of a weapons-grade nerve agent, Novichok, on foreign soil; and (5) the 2018 PyeongChang Winter Olympic Games after Russian athletes were banned from participating under their nation’s flag, as a consequence of Russian government-sponsored doping effort. 

Their computer attacks used some of the world’s most destructive malware to date, including: KillDisk and Industroyer, which each caused blackouts in Ukraine; NotPetya, which caused nearly $1 billion in losses to the three victims identified in the indictment alone; and Olympic Destroyer, which disrupted thousands of computers used to support the 2018 PyeongChang Winter Olympics. The indictment charges the defendants with conspiracy, computer hacking, wire fraud, aggravated identity theft, and false registration of a domain name.

Read more

Last edited 4 years ago by Adam Wynne

“Democrats Push for More Transparency about Russian Election Interference”

By Joseph Marks

“Top Democrats are slamming the Trump administration for not sharing enough information with the public about Russian efforts to interfere in November’s election.”

“While intelligence officials have warned that U.S. adversaries are trying to hack into political campaigns and election systems – and cited Russia, China and Iran as the biggest threats — House Speaker Nancy Pelosi (D-Calif.) and Senate Minority Leader Chuck Schumer (D-N.Y.) say that’s not enough to help voters gird themselves against social media disinformation or the sort of hacking and leaking campaign that upended Hillary Clinton’s campaign in 2016.”

Read more

comment image

Beware Chinese Drones- They Might Be Spying on Us!

By: Joseph Marks

“Researchers are warning about cybersecurity vulnerabilities in an Android app that powers a popular Chinese-made drone they say could help the Chinese government scoop up reams of information. 
The accusation comes amid a diplomatic clash between Washington and Beijing over everything from trade to the search for a coronavirus vaccine and it’s sure to worsen U.S. distrust of a broad range of consumer technology.”

Read more

Clueless governments

With such fast-paced technological advancement, how will governments keep up with policies that protect its citizens?

We need more government regulation on software controlled components…

If they sell it, they should be responsible for making it work

We should hold all conglomerates responsible for their faulty technology! Since they’re selling us these products, they have to ensure our safety as the consumer!

Why Our Nuclear Weapons Can Be Hacked

By Bruce G. Blair
New York Times, 14 March 2017

Article Excerpt(s):

“It is tempting for the United States to exploit its superiority in cyberwarfare to hobble the nuclear forces of North Korea or other opponents. As a new form of missile defense, cyberwarfare seems to offer the possibility of preventing nuclear strikes without the firing of a single nuclear warhead.

But as with many things involving nuclear weaponry, escalation of this strategy has a downside: United States forces are also vulnerable to such attacks.

Imagine the panic if we had suddenly learned during the Cold War that a bulwark of America’s nuclear deterrence could not even get off the ground because of an exploitable deficiency in its control network.

We had such an Achilles’ heel not so long ago. Minuteman missiles were vulnerable to a disabling cyberattack, and no one realized it for many years. If not for a curious and persistent President Barack Obama, it might never have been discovered and rectified.

In 2010, 50 nuclear-armed Minuteman missiles sitting in underground silos in Wyoming mysteriously disappeared from their launching crews’ monitors for nearly an hour. The crews could not have fired the missiles on presidential orders or discerned whether an enemy was trying to launch them. Was this a technical malfunction or was it something sinister? Had a hacker discovered an electronic back door to cut the links? For all the crews knew, someone had put all 50 missiles into countdown to launch. The missiles were designed to fire instantly as soon as they received a short stream of computer code, and they are indifferent about the code’s source.

It was a harrowing scene, and apprehension rippled all the way to the White House. Hackers were constantly bombarding our nuclear networks, and it was considered possible that they had breached the firewalls. The Air Force quickly determined that an improperly installed circuit card in an underground computer was responsible for the lockout, and the problem was fixed.

But President Obama was not satisfied and ordered investigators to continue to look for similar vulnerabilities. Sure enough, they turned up deficiencies, according to officials involved in the investigation.

Read more

Censored Contagion: How Information on the Coronavirus is Managed on Chinese Social Media

By Lotus Ruan, Jeffrey Knockel, and Masashi Crete-Nishihata
The Citizen Lab (University of Toronto), 3 March 2020

Article Excerpt(s): From the Key Findings Section:

1) “YY, a live-streaming platform in China, began to censor keywords related to the coronavirus outbreak on December 31, 2019, a day after doctors (including the late Dr. Li Wenliang) tried to warn the public about the then unknown virus.

2) WeChat broadly censored coronavirus-related content (including critical and neutral information) and expanded the scope of censorship in February 2020. Censored content included criticism of government, rumours and speculative information on the epidemic, references to Dr. Li Wenliang, and neutral references to Chinese government efforts on handling the outbreak that had been reported on state media.

3) Many of the censorship rules are broad and effectively block messages that include names for the virus or sources for information about it. Such rules may restrict vital communication related to disease information and prevention.”

From the Article Itself:

(Regarding one of the methods of censorship):

“YY censors keywords client-side meaning that all of the rules to perform censorship are found inside of the application. YY has a built-in list of keywords that it uses to perform checks to determine if any of these keywords are present in a chat message before a message is sent. If a message contains a keyword from the list, then the message is not sent. The application downloads an updated keyword list each time it is run, which means the lists can change over time.

WeChat censors content server-side meaning that all the rules to perform censorship are on a remote server. When a message is sent from one WeChat user to another, it passes through a server managed by Tencent (WeChat’s parent company) that detects if the message includes blacklisted keywords before a message is sent to the recipient. Documenting censorship on a system with a server-side implementation requires devising a sample of keywords to test, running those keywords through the app, and recording the results. In previous work, we developed an automated system for testing content on WeChat to determine if it is censored.”

[…]

“On December 31, 2019, a day after Dr. Li Wenliang and seven others warned of the COVID-19 outbreak in WeChat groups, YY added 45 keywords to its blacklist, all of which made references to the then unknown virus that displayed symptoms similar to SARS (the deadly Severe Acute Respiratory Syndrome epidemic that started in southern China and spread globally in 2003).

Among the 45 censored keywords related to the COVID-19 outbreak, 40 are in simplified Chinese and five in traditional Chinese. These keywords include factual descriptions of the flu-like pneumonia disease, references to the name of the location considered as the source of the novel virus, local government agencies in Wuhan, and discussions of the similarity between the outbreak in Wuhan and SARS. Many of these keywords such as “沙士变异” (SARS variation) are very broad and effectively block general references to the virus.”

Read more

Six Reasons the Kremlin Spreads Disinformation About the Coronavirus [Analysis]

By Jakob Kalenský
Digital Forensic Research Lab (Atlantic Council), 24 March 2020

Article Excerpt(s):

“A recent internal report published by the European Union’s diplomatic service revealed that pro-Kremlin media have mounted a “significant disinformation campaign” about the COVID-19 pandemic aimed at Europe. Previous statements by Western officials, including acting U.S. Assistant Secretary of State for Europe and Eurasia Philip Reeker, warning of the campaign suggested that its contours were already visible by the end of February 2020.
The Kremlin’s long-term strategic goal in the information sphere is enduring and stable: undermining Western unity while strengthening Kremlin influence. Pro-Kremlin information operations employ six complementary tactics to achieve that goal, and the ongoing disinformation campaign on COVID-19 is no exception.

1. Spread anti-US, anti-Western, and anti-NATO messages to weaken them

Russian media started spreading false accusations that COVID-19 was a biological weapon manufactured by the United States in late January. The claim has appeared in other languages since then. This messaging is in line with decades of Soviet and Russian propaganda that has been fabricating stories about various diseases allegedly being a U.S. creation at least since 1949.
Read more

Cyberattacks on Our Wastewater?

I saw a video by Vice News about the vulnerability of water and wastewater (sewage) treatment plants. Apparently many of the systems are being digitized and monitored remotely. As such, they become increasingly vulnerable to cyberattacks. The video focused on some research in Israel around protecting these vital infrastructure locations and demonstrated how easy it is to hack the system. Alarming news to watch. What other infrastructure is vulnerable to cyber security threats?

Keeping your medical secrets

Wearable technology covers a broad area of devices. With its use becoming more common in the healthcare sector, the issue concerning privacy becomes more crucial. New devices can help physicians monitor patients’ vital signs; sleep patterns and heart rhythms remotely transforming the face of medicine as we know it. These developments in technology will help detect early signs of diseases and aid in diagnosing medical conditions. Essentially these devices are mini computers that send and receive data which can be used for further analysis.

This is a company that delivers iOT solutions…it might be worth investing in…
https://www.st.com/content/st_com/en.html

I don’t understand a word on their website except that they plan to hold a couple of open conferences soon — one in Barcelona and the other in Bengaluru, India.

Getting ahead of the Christchurch Call

By Alistair Knott, Newsroom, Oct 20, 2019
https://www.newsroom.co.nz/2019/10/10/850847/getting-ahead-of-the-christchurch-call

Instead of using what amounts to censorship, tech companies signed up to the Christchurch Call would be wise to adopt a more preventative tactic, writes the University of Otago’s Alistair Knott:

We have heard a lot recently from the world’s tech giants about what they are doing to implement the pledge they signed up to in the Christchurch Call. But one recent announcement may signal a particularly interesting development. As reported in the New Zealand Herald, the world’s social media giants ‘agreed to join forces to research how their business models can lead to radicalisation’. This marks an interesting change from a reactive approach to online extremism, to a preventative approach.

Until now, the tech companies’ focus has been on improving their methods for identifying video footage of terrorist attacks when it is uploaded, or as soon as possible afterwards. To this end, Facebook has improved its AI algorithm for automatically classifying video content, to make it better at recognising (and then blocking, or removing) footage of live shooting events. The algorithm in question is a classifier, which learns through a training process. In this case, the ‘training items’ are videos, showing a mixture of real shootings and other miscellaneous events.

The Christchurch Call basically commits tech companies to implementing some form of Internet censorship. The methods adopted so far have been quite heavy-handed: they either involve preventing content being uploaded, or removing content already online, or blocking content in user search queries. Such moves are always closely scrutinised by digital freedom advocates. Companies looking for ways to adhere to the Christchurch pledge are strongly incentivised to find methods that avoid heavy-handed censorship.

Read more

jd3NE4lym3nWkCzHAXVO.jpg

Solar Storms and Cyber-Security

What role would geomagnetic and solar storms have on cyber-security? In 1859, a large solar storm hit Earth – causing the electronics of the day (such as telegraphs) to go haywire. In more recent times (Cold War era, etc.) – atmospheric conditions and solar flares have almost sparked nuclear exchanges. Are current cyber systems shielded adequately from these phenomenon? Are operators able to identify these phenomenon vs. hostile attacks?

I think perhaps one of the earliest examples of cyber-warfare was the intercepted Zimmerman telegram in 1917 – between Germany and Mexico. Are there other examples of pre-internet “cyber” (electric, digital, etc.) warfare that should be considered within these contexts?

The NSA Must Share More Info (with YOU?)

Maybe the NSA is good for something. At least now they are intending to share more information. (With whom?) Here’s another piece in the Washington Post by Joseph Marks, who certainly is following these affairs closely. ]
“New NSA cyber lead says agency must share more info about digital threats,” Sept. 5.

THE KEY

The NSA is the U.S. government’s premier digital spying agency and it has a well-earned reputation for keeping secrets. But the agency needs to stop keeping so many things confidential and classified if it wants to protect the nation from cyberattacks.

That’s the assessment from Anne Neuberger, director of NSA’s first Cybersecurity Directorate, which will launch Oct. 1 and essentially combine the work of many disparate NSA divisions dealing with cybersecurity, including its offensive and defensive operations.

The directorate’s mission is to “prevent and eradicate” foreign hackers from attacking critical U.S. targets including election infrastructure and defense companies, Neuberger said yesterday during her first public address since being named to lead the directorate in July.

Read more

Hybrid Warfare

Excerpt:
“Misinformation poses the most serious risk, says Futter, to “those ICBMs in the US and Russia that only need a few minutes to go.” Simple interference in communications – Unal points to satellites as a potential weak point – could be enough to stop the most important military decisions being made with a cool head. “Keeping weapons on high alert in a cyber environment,” says Futter, “is an enormous risk.”

Beyza Unal recalls the story – related memorably in David E. Hoffman’s Pulitzer-winning investigation of automatic nuclear systems, Dead Hand – of the most cool-headed decisions of the Cold War. The Russian lieutenant-colonel Stanislav Petrov was in charge of the Serpukhov-15 early warning station on the night in September 1983 when the Soviet Union’s satellites, sending data to the country’s most powerful supercomputer, registered a nuclear attack by the US. Despite being warned that five ICBMs were on their way to the USSR, Petrov told the decision-makers above him that the signals were a false alarm. “And he was right,” says Unal. “But a cyberattack could look like that, a spoofing of the system. Some say that humans are the weakest link in cyber issues. I say humans are both the weakest link and the strongest link. It depends on how you train them.””

and

“In the spring of 2013, a Ukrainian army officer called Yaroslav Sherstuk developed an app to speed up the targeting process of the Ukrainian army’s Soviet-era artillery weapons, using an Android phone. The app reduced the time to fire a howitzer from a few minutes to 15 seconds. Distributed on Ukrainian military forums, the app was installed by over 9,000 military personnel.

“By late 2014, however, a new version of the app began circulating. The alternate version contained malware known as X-Agent, a remote access toolkit known to be used by Russian military intelligence. The cyber security firm Crowdstrike, which discovered the malware, said that X-Agent gave its users “access to contacts, SMS, call logs and internet data,” as well as “gross locational data”. In the critical battles in Donetsk and Debaltseve in early 2015, the app could have shown Russian forces where Ukraine’s artillery pieces were, who the soldiers operating them were talking to, and some of what they were saying. It may be, then, that Russia’s concern – Futter describes it as “panic” – about the risks of hybrid warfare is based on the knowledge that it has been used in battle, and it works.”

Spreading Political Misinformation

We’d better worry, not only about the military application of Internet skulduggery, but even the inadvertent consequences of its normal use. This research shows that Bolsonaro’s victory in Brazil may be largely caused by the spread of misinformation from YouTube through WhatsApp among Brazil’s poor. So what kind of action can be taken against this?

https://www.nytimes.com/column/the-interpreter/

From Paul Meyer:

ICT4Peace

This is the submission by ICT4Peace, written by Paul Meyer for the UN Open-Ended Working group on Cyber Security, which will begin its work in September. (The UN Office of Disarmament Affairs has now posted it to the official site for the OEWG: https://www.un.org/disarmament/open-ended-working-group/ .)
Here is the submission itself:

1ICT4Peace Submission to theUNOpen Ended Working Group (OEWG)on ICT and International Security

We commend the OEWG’s openness to input from civil society, academia and the private sector and ICT4Peace will look forward to contributing to its work through a sustained dialogue. The 2015 report of theUNGroup of Governmental Experts (GGE) noted that even as ICTs have grown in importance for the international community, “there are disturbing trends that create risks to international peace and security. Effective cooperation amongst states is essential to reduce these risks”. More recently, the Secretary General, in connection with his Agenda for Disarmament, has warned that malicious activity in cyberspace has already been directed at critical infrastructure with serious consequences for international peace and security.

It is incumbent on the international community to work to counter such threats and to ensure the “secure and peaceful ICT environment” that your authorizing resolution (A/RES/73/27) stipulates. The OEWG represents the latest installment of the 20-yearUN endeavour to address developments in ICTs in the context of international security. This effort has yielded some important results, notably the consensus GGE reports of 2010, 2013, 2015. Yet these positive findings have not been adequately reflected in the actual conduct of states in pursuit of a “militarization” of cyberspace. With increasing reports of state-conducted offensive cyber operations including the targeting of critical infrastructure in other countries, promoting adherence in practice to UN identified norms of responsible state behaviour is vital. If the international community is to foster digital human security alongside cybersecurity for states it will need to keep pace with these developments and ideally steer them towards cooperative ends.
2It is our hope and expectation that the OEWG will deliver results that tangibly contribute to conflict prevention and preserve cyberspace as a realm for peaceful purposes. In doing so it will need to build on the accomplishments of the past, while “further developing” these and promoting their implementation. ICT4Peace believes the following norms merit priority attention:

1.Non-targeting of critical infrastructure including devising common understandings as to what constitutes such infrastructure.
Read more

Canadian Security

I had only learned recently of the CSA(Canadian Security Agency) recently as my education in Information security demanded it. I did search on it and realized the agency’s name might have been miscommunicated or misinterpreted by me…and it was actually the CSE(Communications Security Establishment which I found the website for.

It has a very interesting site (https://www.cse-cst.gc.ca/en/careers-carrieres) which I briefly looked over. The gist of it all is I am happy to know we have such an agency to watch over our national boundaries and protect us from Cyber threats abroad from Russia and China and even some of our friendly neighbors whoever they may be. So many conflicting technical standards produce wide gaping holes in our technical information communication infrastructures not to mention software bugs and malicious virus activity. The average computer user is in a difficult position and has to make use of available protection software to keep themselves safe. That requires an awareness of what products are available and learning how they are used. Products like AVAST, AVGand McAfee are offering now not just antivirus but tool suites to cope with potential computer intrusions. And it seems like new tools are rolled out quickly and I find myself doing searches on browsers that have high security …like epic, brand and the like that don’t track my information. Connection through vpn’s seems to be encouraged but all these things if free usually cost the price of sales pitches and repeated upgrade offers. Choose your tools wisely and guard your IT footprint.

Bugs in the Plane

The Cybersecurity 202: Hackers just found serious vulnerabilities in a U.S. military fighter jet

By Joseph Marks (From Washington Post‘s The Cybersecurity 202) Aug 14.

And they did it with the Air Force’s blessing.

Read more

Building Ethics, Not Bombs

The Role of Scientists and Engineers in Humanitarian Disarmament

By E. Golding
So is a scientist responsible for the harms caused by the military uses of their discoveries and inventions? How about the medical principle: “Do no harm”?

Read more

Importance of Real-Time Reports and Traceability in Software Testing

In this rather technical article for coders, Somesh Roy discusses the factors that cannot be resolved unless there are good reports kept that can be traced. (Or: How are you going to fix it if you can’t find it?)

https://www.kovair.com/blog/importance-of-real-time-reports-and-traceability-in-testing/?fbclid=IwAR1s9kVGSyRFgf7Mk4p695_iB6ohT-6BAbjxnzu9ZR8ttxlJG3wKNY2lJzE

Software companies rush to get their products to market, buggy or not

Yes, accidents do happen, even to careful people. But careful programmers and their demanding bosses can greatly reduce the bugginess of software. They will do so only when the law holds them responsible for bad results.

Should Trump wage cyber war?

There have been several news stories reporting speculations or insider information that Trump had used a cyberattack against Iran.

They did not seem to get much press coverage and no outrage at all. Whether you like Iran’s government or not, it will pay to think carefully about this kind of quasi-warfare. It if gets to be considered normal, we will have a much harder time putting a stop to it.