Archive

Posts Tagged ‘Cyber War’

A New Video About Cyber War

April 27, 2010 Leave a comment

Aljazeera English aired a report last week about Cyber War and tried to answer if  the US is contributing to the militarisation of cyberspace?

The Reporter interviewed many key figures including:

– Michael Chertoff – Former Hom Land Security Chief

– Enrique Salem – CEO Symantec

Advertisements

The Cyber Shockwave After Math

February 18, 2010 Leave a comment

My previous post was about the Cyber War simulation called (Shockwave), who organized it and who will participate, Today lets review what the press actually said about the simulation that lasted about 4 hours.

The Shockwave Scenario:
A Smart Phone application called ( March Madness ) becomes popular and millions download it, The APP has triggered a national security crisis and brought the country’s telecommunications and electronic infrastructure to a standstill.

Comment: A Good scenario if we consider and think about facts like ( 100 Million people are now actively using the Facebook’s Mobile App) , source : Techcrunch February 2010.

Imagine a malicious Facebook update that transforms those 100 Million mobile handsets into the biggest BotNet ever created, and with more muscle power everyday like (1GHz Processors ,3G Connectivity…etc) those sets can do a lot of damage if directed properly, and even more damage if directed haphazardly.

Another fact is that most handsets has no anti-malicious software installed (Probably because its useless), so its up to each mobile market to test apps before publishing, a cycle that is promised to be as fast as possible (<24 hours), with thousands of apps submitted daily !!.

As the scenario unfolded, those infected mobile sets, crippled key networks and systems and within hours — 40 million people without power in the eastern United States; more than 60 million cellphones out of service; Wall Street closed for a week; Capitol Hill leaders en route to the White House. (Washington Post)

As a conclusion the Washington Post headline read : War game reveals U.S. lacks cyber-crisis skills

An interesting conversation took place in the exercise as it shows what some officials have in mind.

“We don’t have the authority in this nation as a government to quarantine people’s cellphones.” The White House cyber coordinator was “shocked” and asserted: “If we don’t have the authority, the attorney general ought to find it.”

Mobile Attack

Mobile Attack

More:
Washington Post
Federal Computer Week

SCADA Stalkers and Cyber Borders

June 4, 2009 Leave a comment

I was reading a Team Cymru report called (Who is looking for your SCADA infrastructure) it reaffirms what every one in the field knows about certain countries / per region scanning certain SCADA infrastructures.

Its worrying that its practically very hard to point fingers or know for sure whether those scans from country “xyz” are deliberate or just a product of a major botnet.

So a question comes to my mind. Should a country be legally held responsible for scanning the SCADA infrastructure of another country ?

I believe that scanning SCADA systems transcends corporate espionage and profit oriented cyber crime for obvious reasons, and all due diligence should be exercised by countries to protect its infrastructure from being used to scan or infiltrate another country.

Automatically this leads to the debate about cyber borders, what should pass and what should pass with expectation of retaliations.

Most of the world is at a very early stage technologically to be able to police and enforce a cyber borders systems in which every country protects and is totally accountable for its cyber space exactly as we currently have controls over the ariel space for example.

Till we reach this level, a lot is happening and even more will happen with no one held undeniably accountable.

After Kylin-OS expect China’s very own Secure Hardware

May 18, 2009 1 comment

In today’s networked/cyber world, its perfectly normal for self-aware countries to invest in developing in-house cyber capabilities, even if you are a nation that is not mobilizing itself for cyber war, giving your critical infrastructures a good head start “security wise” by standardizing on a non-windows system is a justified and conscious decision.

Recently, Some media claims that the recent report by the washington times about the Kylin-OS (See my posts below ) is unsubstantiated and have contributed to a hype without proper researching. those claims are simply not true and misinformed.

According to this annual DoD report (Annual Report to Congress on the Military Power of the People’s Republic of China ) which has been issued every year since 2002. China is developing a secure OS and their very own secure Microprocessor among many other cyber capabilities.

according to the same DoD report, the PLA (People’s Liberation Army) is ” investing in electronic countermeasures, defenses against electronic attack (e.g., electronic and infrared decoys, angle reflectors, and false target generators), and Computer Network Operations (CNO). China’s CNO concepts include computer network attack (CNA), computer network exploitation (CNE), and computer network defense (CND). The PLA has established information warfare units to develop viruses to attack enemy computer systems and networks, and tactics and measures to protect friendly computer systems and networks. In 2005, the PLA began to incorporate offensive CNO into its exercises, primarily in first strikes against enemy networks.”

having said that, a chinese article published on May 15th claims that they are far from happy with what they have achieved over the past 5 years in terms of innovation :

“According to Ni Guangnan, China spends tens of millions of RMB each year on Linux development.
So far, five companies have been set up to develop Linux. The government invested millions of RMB to help establish them and has spent millions more supporting them. However, the only progress that seems to have been made by the Chinese companies is in product imitation, and this provides no return on such a huge investment” Full Article in English (HERE)

More DoD reports on china can be found at (http://www.dod.mil/pubs/china.html)

The Truth About Kylin OS – China’s new Cyber Great Wall

May 12, 2009 4 comments

China has started government-wide deployment of a home grown Secure OS called Kylin ” A mythical Creature in the Chinese history, that reflects Serenity” . The FreeBSD Based OS was developed back in 2002 by China’s University of Science and Technology for National Defense usage, it was approved by a panel of experts from the state 863 Hi-tech Research and Development Program office.

In a recent Article in Washington Times , the paper quoted an official stating that such a roll out makes the current US Offensive cyber capabilities ineffective!.

“We are in the early stages of a cyber arms race and need to respond
accordingly,” said Kevin G. Coleman, a private security specialist who
advises the government on cybersecurity. He discussed Kylin during a
hearing of the U.S. China Economic and Security Review Commission on
April 30.”

“This action also made our offensive cybercapabilities ineffective
against them, given the cyberweapons were designed to be used against
Linux, UNIX and Windows,” he said.

You can Read the article HERE
AND you can Download a copy of “Public” Kylin .ISO Here (480MB)
and the Manual from HERE