The “Offensive Security” lecture at FSU continues with extensive analysis of advanced persistent threats of the last several years and an overview of hacker culture differences globally.So, while we were still in 2010, in June Stuxnet was discovered; at least Stuxnet v.1.01.1, and everyone in the room should be familiar with it (see right-hand image). It targeted Iranian nuclear weapons and enrichment centrifuges, and it got detected because it spread widely beyond the intended target. It infected basically non-SCADA systems and non-lab systems, escaped the network and hit other systems on the Internet. It is widely believed to be the work of US and Israel collaborating together, according to many news websites. GhostNET (see left-hand image) also was worth talking about in 2010, because the US government officially announced that it identified a wide-scale Chinese military cyber espionage attack or campaign at American companions and government agencies. This is significant, because it’s basically an official declaration of: “We’re a victim here and you are doing it and you need to stop,” basically. It’s all detailed here in a DоD report, it’s unclassified. However, some of the evidence, I guess, is classified and obviously was left out.
The reports indicate that they suspect there’s a heavy use of the Chinese government of using civilian computer experts in their clandestine cyber attacks. However, because their report essentially mounted more to: “Hey, US government, we are actually getting attacked, this is our official stance, so everyone is on the same page working in Washington,” there was no real smoking gun evidence at the time, however. So it is easily dismissed.Which brings us to 2011, and that was mostly marked by the Arab Spring (see right-hand image), and Anonymous had a lot of activity then. Anonymous may have a number of disagreements with the US government, but in this instance Anonymous and the US government actually agreed on many things; just happened that stars aligned in that way.
So, essentially, the Jasmine Revolution kicked off the whole Arab Spring, and the Tunisian state controlled Internet service provider AMMAR hacked the usernames and passwords to track down dissidents, basically, protesting civilians, and then they would assassinate them. And so Anonymous fought back and did it using DDoS attacks to bring down ISP to help prevent this. At the end of the revolution the corrupt government was overthrown.
Which brings us to Libya. The US debated – the reason I’m talking about this in cyber warfare is there’s an article here describing how the US debated whether or not to use the cyber warfare attacks, simultaneous cyber and kinetic attacks against Libyan anti-air defense systems prior to air strikes. It had been done before, but they declined to do so because they didn’t want to set the precedent for themselves. It’s global politics; politics is really interesting and very vague at the same time. If the big dog in the room does it, it’s ok for everyone else. But if the small guys in the room do it, it’s not ok for everyone else; it’s weird.So, still part of the Arab Spring, the Egyptian Revolution (see left-hand image): essentially, what started off as a peaceful revolution was met with force by the corrupt government and officials. The revolution was totally organized over Facebook, Twitter and social media, and so the government shut down the Internet. What happened as a result of that is the civilians shut down the government, and I’m sure everyone’s still aware of what’s going on there today, and there’s still hacking activity going on now. Still talking about 2011 – all the fun that we had with certificate authorities (see right-hand image). We talked about Comodo previously, by the way, .fsu.edu uses a Comodo certificate. DigiNotar got hacked. This is really relevant, because it compromised the Dutch government’s outer-facing websites and as a result DigiNotar was taken over completely by the Dutch government to basically defend themselves and figure out what had been compromised. In November of 2011 the US government declared that it has the right to meet cyber attacks with military force (see left-hand image). It is significant, because it is basically the first step towards a declaratory policy for cyber war, although this is just basically a rough statement: “We reserve our right to defend ourselves with bullets, missiles and bombs in the event that you hack us”, but that’s vague and doesn’t mean much – it’s kind of obvious, but doesn’t draw the line in the sand. In November that year the Honker Union was basically a set of hackers that had merged with the Red Hacker Alliance, declared war on, basically, Japan (see right-hand image). And if this happened in the US – a group of hackers declared war on some other country, they would be cracked down. So this is an interesting event. So, Japan announced, basically, plans to purchase a set of islands that were on the coast of China, and this group took great offence to that and decided to launch a campaign of DDoS, website defacing and disruptive activities against Japanese banks, both central and local small banks, universities and civilian companies. So, not so much really government related targets – these were all civilian targets. In 2013 through 2013 NY Times reported on how it detected a four-month-long campaign of hacking as a retaliation that they alleged for the NY Times investigating the wealth of the Chinese Communist Party’s leader (see left-hand image). And they published an article stating that he had massed fortune over 2 billion dollars while in power, and some groups around the world obviously took offence to that, allegedly these Chinese groups did, and they hacked NY Times systems for over four months, stole all the reporters’ passwords at NY Times and used the same credentials to access the reporters’ personal accounts in non-work systems. And they also hunted specifically for all files related to NY Times investigation. And the reason NY Times alleges that Chinese hackers are involved in this is because the malware or hacking tools used to perpetrate this attack were the same tools used in other attacks that targeted the US military. So, that was an interesting article. Before I go on, I want to wrap that up. A general note on world perception of hacking (see right-hand image). In general, hackers in the Western world are often anti-government and often get in trouble with government. They’re not usually patriotic, they’re not usually nationalistic, and often 99% of what they do is considered criminal. In the Eastern world there are books stating all this, so I’m not saying this is fact. There is this general perception that basically in the East hackers and groups of hackers are often actually pro-government and can be ignored by the government. There are cybercrime havens. And so, they can be patriotic and nationalistic, and countries are known for being havens for groups like that.
Read previous: The Modern History of Cyber Warfare