Tài liệu Inside Cyber Warfare ppt

SECOND EDITION

Inside Cyber Warfare

Jeffrey Carr

Beijing Cambridge Farnham Köln Sebastopol Tokyo Download from Wow! eBook <www.wowebook.com>

Inside Cyber Warfare, Second Edition

by Jeffrey Carr

Copyright © 2012 Jeffrey Carr. All rights reserved.

Printed in the United States of America.

Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472.

O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions

are also available for most titles (http://my.safaribooksonline.com). For more information, contact our

corporate/institutional sales department: (800) 998-9938 or [email protected].

Editor: Mike Loukides

Production Editor: Jasmine Perez

Copyeditor: Marlowe Shaeffer

Proofreader: Jasmine Perez

Indexer: John Bickelhaupt

Cover Designer: Karen Montgomery

Interior Designer: David Futato

Illustrator: Robert Romano

December 2009: First Edition.

December 2011: Second Edition.

Revision History for the First Edition:

2011-12-07 First release

See http://oreilly.com/catalog/errata.csp?isbn=9781449310042 for release details.

Nutshell Handbook, the Nutshell Handbook logo, and the O’Reilly logo are registered trademarks of

O’Reilly Media, Inc. Inside Cyber Warfare, the image of light cavalry, and related trade dress are trade￾marks of O’Reilly Media, Inc.

Many of the designations used by manufacturers and sellers to distinguish their products are claimed as

trademarks. Where those designations appear in this book, and O’Reilly Media, Inc., was aware of a

trademark claim, the designations have been printed in caps or initial caps.

While every precaution has been taken in the preparation of this book, the publisher and author assume

no responsibility for errors or omissions, or for damages resulting from the use of the information con￾tained herein.

ISBN: 978-1-449-31004-2

[LSI]

1323275105

Table of Contents

Foreword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi

Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii

1. Assessing the Problem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

The Complex Domain of Cyberspace 1

Cyber Warfare in the 20th and 21st Centuries 2

Cyber Espionage 4

Cyber Crime 5

Future Threats 7

Increasing Awareness 7

Critical Infrastructure 8

The Conficker Worm: The Cyber Equivalent of an Extinction Event? 12

Africa: The Future Home of the World’s Largest Botnet? 13

The Way Forward 14

2. The Rise of the Nonstate Hacker . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

The StopGeorgia.ru Project Forum 15

Counter-Surveillance Measures in Place 16

The Russian Information War 17

The Foundation for Effective Politics’ War on the Net (Day One) 17

The Gaza Cyber War between Israeli and Arabic Hackers during

Operation Cast Lead 19

Impact 19

Overview of Perpetrators 21

Hackers’ Profiles 22

Methods of Attack 27

Israeli Retaliation 28

Control the Voice of the Opposition by Controlling the Content in

Cyberspace: Nigeria 29

Are Nonstate Hackers a Protected Asset? 29

iii

3. The Legal Status of Cyber Warfare . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Nuclear Nonproliferation Treaties 32

The Antarctic Treaty System and Space Law 33

UNCLOS 34

MLAT 34

United States Versus Russian Federation: Two Different Approaches 34

The Law of Armed Conflict 35

Is This an Act of Cyber Warfare? 37

South Korea 37

Iran 37

Tatarstan 37

United States 38

Kyrgyzstan 38

Israel and the Palestinian National Authority 38

Zimbabwe 38

Myanmar 39

Cyber: The Chaotic Domain 39

4. Responding to International Cyber Attacks as Acts of War . . . . . . . . . . . . . . . . . . . . 45

The Legal Dilemma 47

The Road Ahead: A Proposal to Use Active Defenses 48

The Law of War 48

General Prohibition on the Use of Force 49

The First Exception: UN Security Council Actions 49

The Second Exception: Self-Defense 50

A Subset of Self-Defense: Anticipatory Self-Defense 51

An Alternate Basis for Using Active Defenses: Reprisals 52

Nonstate Actors and the Law of War 52

Armed Attacks by Nonstate Actors 53

Duties between States 54

Imputing State Responsibility for Acts by Nonstate Actors 55

Cross-Border Operations 56

Analyzing Cyber Attacks under Jus ad Bellum 57

Cyber Attacks as Armed Attacks 58

Establishing State Responsibility for Cyber Attacks 61

The Duty to Prevent Cyber Attacks 62

Support from International Conventions 63

Support from State Practice 64

Support from the General Principles of Law 66

Support from Judicial Opinions 67

Fully Defining a State’s Duty to Prevent Cyber Attacks 67

Sanctuary States and the Practices That Lead to State Responsibility 68

The Choice to Use Active Defenses 68

iv | Table of Contents

Technological Limitations and Jus ad Bellum Analysis 69

Jus in Bello Issues Related to the Use of Active Defenses 71

Conclusion 74

5. The Intelligence Component to Cyber Warfare . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

The Korean DDoS Attacks (July 2009) 78

The Botnet Versus the Malware 80

The DPRK’s Capabilities in Cyberspace 81

One Year After the RU-GE War, Social Networking Sites Fall to

DDoS Attack 83

Ingushetia Conflict, August 2009 85

The Predictive Role of Intelligence 86

6. Nonstate Hackers and the Social Web . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

Russia 89

China 90

The Middle East 91

Pakistani Hackers and Facebook 92

The Dark Side of Social Networks 93

The Cognitive Shield 94

TwitterGate: A Real-World Example of a Social Engineering Attack with

Dire Consequences 97

Automating the Process 99

Catching More Spies with Robots 99

7. Follow the Money . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

False Identities 103

Components of a Bulletproof Network 105

ICANN 105

The Accredited Registrar 106

The Hosting Company 106

The Bulletproof Network of StopGeorgia.ru 106

StopGeorgia.ru 106

NAUNET.RU 108

SteadyHost.ru 109

Innovation IT Solutions Corp 110

Mirhosting.com 112

SoftLayer Technologies 112

SORM-2 114

The Kremlin and the Russian Internet 115

Nashi 115

The Kremlin Spy for Hire Program 117

Sergei Markov, Estonia, and Nashi 118

Table of Contents | v

A Three-Tier Model of Command and Control 119

8. Organized Crime in Cyberspace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

A Subtle Threat 125

Atrivo/Intercage 126

ESTDomains 126

McColo: Bulletproof Hosting for the World’s Largest Botnets 127

Russian Organized Crime and the Kremlin 129

9. Investigating Attribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

Using Open Source Internet Data 131

Background 134

What Is an Autonomous System Network? 135

Team Cymru and Its Darknet Report 138

Using WHOIS 139

Caveats to Using WHOIS 140

10. Weaponizing Malware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

A New Threat Landscape 141

StopGeorgia.ru Malware Discussions 141

Twitter as DDoS Command Post against Iran 144

Social Engineering 146

Channel Consolidation 148

An Adversary’s Look at LinkedIn 149

BIOS-Based Rootkit Attack 151

Malware for Hire 151

Anti-Virus Software Cannot Protect You 151

Targeted Attacks Against Military Brass and Government Executives 152

11. The Role of Cyber in Military Doctrine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161

The Russian Federation 161

The Foundation for Effective Politics (FEP) 163

“Wars of the Future Will Be Information Wars” 165

“RF Military Policy in International Information Security” 166

The Art of Misdirection 169

China Military Doctrine 171

Anti-Access Strategies 174

The 36 Stratagems 174

US Military Doctrine 176

12. A Cyber Early Warning Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179

The Challenge We Face 179

Cyber Early Warning Networks 180

vi | Table of Contents

Building an Analytical Framework for Cyber Early Warning 180

Cases Studies of Previous Cyber Attacks 183

Lessons Learned 187

Defense Readiness Condition for Cyberspace 188

13. Advice for Policymakers from the Field . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191

When It Comes to Cyber Warfare: Shoot the Hostage 191

The United States Should Use Active Defenses to Defend Its Critical

Information Systems 194

Scenarios and Options to Responding to Cyber Attacks 196

Scenario 1 196

Scenario 2 197

Scenario 3 197

Scenario 4 198

In Summary 198

Whole-of-Nation Cyber Security 199

14. Conducting Operations in the Cyber-Space-Time Continuum . . . . . . . . . . . . . . . . . 203

Anarchist Clusters: Anonymous, LulzSec, and the Anti-Sec Movement 206

Social Networks: The Geopolitical Strategy of Russian Investment in

Social Media 206

2005: A Turning Point 209

DST and the Kremlin 210

The Facebook Revolution 211

Globalization: How Huawei Bypassed US Monitoring by Partnering with

Symantec 213

15. The Russian Federation: Information Warfare Framework . . . . . . . . . . . . . . . . . . . 217

Russia: The Information Security State 217

Russian Government Policy 217

New Laws and Amendments 218

Government Structures 220

Russian Ministry of Defense 222

Administrative Changes 222

Electronic Warfare Troops 222

The Federal Service for Technical and Export Control (FSTEC)—

Military Unit (Vch) 96010 224

5th Central Research and Testing Institute of the Russian Defense

Ministry (5th TSNIII)—Military Unit (Vch) 33872 225

18th Central Research Institute of the Russian Defense Ministry

(18th CRI MOD)—Military Unit (Vch) 11135 228

27th Central Research Institute of the Russian Defense Ministry

(27th CRI MOD)—Military Unit (Vch) 01168 228

Table of Contents | vii

Internal Security Services: Federal Security Service (FSB), Ministry of

Interior (MVD), and Federal Security Organization (FSO) 229

Federal Security Service Information Security Center (FSB ISC)—

Military Unit (Vch) 64829 229

Russian Federal Security Service Center for Electronic Surveillance of

Communications (FSB TSRRSS)—Military Unit (Vch) 71330 230

FSB Administrative Centers for Information Security 231

Russian Interior Ministry Center E (MVD Center E) 232

Russian Interior Ministry Cyber Crimes Directorate

(MVD Directorate K) 232

Russian Federal Security Organization (FSO)—Military Unit

(Vch) 32152 235

Russian Federation Ministry of Communications and

Mass Communications (Minsvyaz) 237

Roskomnadzor 238

Further Research Areas 241

16. Cyber Warfare Capabilities by Nation-State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243

Australia 243

Brazil 244

Canada 244

Czech Republic 245

Democratic People’s Republic of Korea 246

Estonia 247

European Union 248

France 248

Germany 249

India 250

Iran 250

Israel 251

Italy 252

Kenya 253

Myanmar 253

NATO 254

Netherlands 255

Nigeria 255

Pakistan 256

People’s Republic of China 257

Poland 258

Republic of Korea 258

Russian Federation 259

Singapore 259

South Africa 259

viii | Table of Contents

Sweden 260

Taiwan (Republic of China) 260

Turkey 261

United Kingdom 261

17. US Department of Defense Cyber Command and Organizational Structure . . . . . . 263

Summary 263

Organization 264

The Joint Staff 264

Office of the Secretary of Defense 266

US Strategic Command (USSTRATCOM) 268

18. Active Defense for Cyber: A Legal Framework for Covert Countermeasures . . . . . 273

Covert Action 276

Cyber Active Defense Under International Law 277

Cyber Active Defenses as Covert Action Under International Law 280

Cyber Attacks Under International Law: Nonstate Actors 281

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285

Table of Contents | ix

Download from Wow! eBook <www.wowebook.com>

Foreword

Since the first edition of Jeffrey Carr’s Inside Cyber Warfare: Mapping the Cyber

Underworld was published, cyber security has become an increasing strategic and

economic concern. Not only have major corporations and government agencies

continued to be victimized by massive data thefts, disruptive and destructive attacks

on both public and private entities continue and show no signs of abating. Among the

publicly disclosed targets of cyber attacks are major financial institutions, entertain￾ment companies, cyber security companies, and US and foreign government agencies,

including the US Department of Defense, the US Senate, and the Brazilian and the

Malaysian governments.

Many of these cyber penetrations are aimed at theft of identity or financial data for

purposes of criminal exploitation. These cannot simply be regarded as a “cost of doing

business” or tolerable losses; such episodes undermine the public trust, which is the

foundation for business transactions over the Internet. Even more significant is the

threat posed by cyber theft of intellectual property. Every year, economic competitors

of American businesses steal a quantity of intellectual property larger than all the data

in the Library of Congress. As a result, these rivals are gaining an unfair advantage in

the global economy.

Also gaining in seriousness are organized efforts to disrupt or even destroy cyber

systems. Anarchist and other extremist groups, such as Anonymous and LulzSec (and

their offspring), seek to punish those with whom they disagree by exposing confidential

data or disrupting operations. Recent breaches of cyber security firms such as HBGary

and EMC’s RSA SecurID division demonstrate a strategic effort to undermine the

security architecture on which many enterprises rely. And the multiplication of social

media and mobile devices will create many more opportunities for cyber espionage,

social engineering attacks, and open source intelligence collection by nation-states,

terrorists, and criminal groups.

Since the formation of the Comprehensive National Cybersecurity Initiative in 2008,

the US government has unveiled a series of security-related strategies, including

legislative proposals. These are useful and important steps, but they’re not enough to

keep pace with the growing and diversifying threats. The private sector in particular

must take ownership of much of the burden of defending the networks they own and

xi

operate. Moreover, while technology and tools are key to the solution, human beings

are at the heart of any security strategy. Unless those who use the Internet observe good

security practices, defensive technologies will merely be a bump in the road to those

who seek to exploit cyberspace.

Finally, while defense against cyber attacks is important, it is not enough. When cyber

attacks damage critical infrastructure or even threaten loss of life, sound strategy calls

for preventive and deterrent measures. While some downplay the idea of cyberspace

as a warfare domain, occurrences such as the 2008 Russia-Georgia conflict underscore

that information systems are very much part of the battlefield of the future. For this

reason, the US Department of Defense has issued its first official strategy for operating

in cyberspace. To be sure, difficulties in attribution and questions of legal authority

complicate the application of warfighting concepts to cyberspace. Nevertheless, we

must tackle these issues to determine what measures can be taken offensively to elim￾inate or deter critical cyber threats, when those measures should be triggered, and who

should carry them out. Without formulating a strategy that encompasses these meas￾ures, our cyber security doctrine will be, at best, disconnected and incomplete.

For policymakers and business leaders, cyber warfare and cyber security can no longer

be regarded simply as the province of experts and technicians. The leadership of any

public or private enterprise must consider the risks of and responses to cyber threats.

This latest edition of Jeffrey Carr’s volume is indispensable reading for senior executives

as well as savants.

—The Honorable Michael Chertoff,

former Homeland Security Secretary

and co-founder of The Chertoff Group

xii | Foreword

Preface

I was recently invited to participate in a cyber security dinner discussion by a few

members of a well-known Washington, DC, think tank. The idea was that we could

enjoy a fine wine and a delicious meal while allowing our hosts to pick our brains about

this “cyber warfare stuff.” It seems that the new threatscape emerging in cyberspace

has caught them unprepared and they were hoping we could help them grasp some of

the essentials in a couple of hours. By the time we had finished dinner and two bottles

of a wonderful 2003 red, one of the Fellows in attendance was holding his head in his

hands, and it wasn’t because of the wine.

International acts of cyber conflict (commonly but inaccurately referred to as cyber

warfare) are intricately enmeshed with cyber crime, cyber security, cyber terrorism, and

cyber espionage. That web of interconnections complicates finding solutions because

governments have assigned different areas of responsibility to different agencies that

historically do not play well with others. Then there is the matter of political will. When

I signed the contract to write this book, President Obama had committed to make cyber

security a top priority in his administration. Seven months later, as I write this intro￾duction, cyber security has been pushed down the priority ladder behind the economy

and health care, and the position of cyber coordinator, who originally was going to

report directly to the President, must now answer to multiple bosses with their own

agendas. A lot of highly qualified candidates have simply walked away from a position

that has become a shadow of its former self. Consequently, we all find ourselves holding

our heads in our hands more often than not.

Cyberspace as a warfighting domain is a very challenging concept. The temptation to

classify it as just another domain, like air, land, sea, and space, is frequently the first

mistake that’s made by our military and political leaders and policymakers.

I think that a more accurate analogy can be found in the realm of science fiction’s

parallel universes—mysterious, invisible realms existing in parallel to the physical

world, but able to influence it in countless ways. Although that’s more metaphor than

reality, we need to change the habit of thinking about cyberspace as if it’s the same

thing as “meat” space.

xiii