by Bobby Akart
It is widely known that North Korea has the highest percentage of military personnel in relation to population—roughly forty enlisted soldiers per thousand people.
In 2013, a defector declared that North Korea was increasing its cyber warfare unit to staff eight thousand people, and it was undertaking a massive training program for its young prodigies to become proficient in cyber warfare.
Last year, new revelations on the cyber capabilities of North Korea confirmed that the government of Pyongyang doubled the number of the units of its cyber army. According to reports, the number of cyber warriors of the North Korea has also established overseas bases for hacking attacks.
North Korea wants to demonstrate its cyber capabilities to the rest of the world. According to reports, a Stuxnet-style attack designed to destroy a city has been prepared by North Korea and is a feasible threat to the smart grids of the United States.
According to intelligence agencies, North Korean hackers are responsible for numerous cyber attacks worldwide, including the clamorous Sony hack and a targeted offensive on South Korea Hydro and Nuclear Power Plant. Although the nuclear plant was not compromised by the attack, if the computer system controlling the nuclear reactor were compromised, the consequences could be unimaginably severe and cause extensive casualties.
Clearly, if North Korea continues to escalate its cyber attacks on a critical infrastructure, it’s only a matter of time before significant loss of life occurs.
SYRIAN ELECTRONIC ARMY
The Syrian Electronic Army (commonly known as the "SEA") is a group of computer hackers which first surfaced online in 2011 to support the government of Syrian President Bashar al-Assad. Using spamming, website defacement, malware, phishing, and denial of service attacks, it has targeted political opposition groups, Western news organizations, human rights groups and websites that are seemingly neutral to the Syrian conflict. It has also hacked government websites in the Middle East and Europe, as well as US defense contractors. According to U.S. intelligence agencies, the SEA has become the first Arab country to have a state-sponsored internet army hosted on its national networks to openly launch cyber attacks on its enemies.
The SEA has focused its cyber activities in four key areas:
Use of website defacement and electronic surveillance against its adversaries—namely the Syrian rebels. The SEA has carried out surveillance to discover the identities and location of Syrian rebels, using malware, phishing, and denial of service attacks.
Defacement attacks against Western media websites based on the belief these sites spread news adverse to the interests of the Syrian government. Targeted companies include news websites such as BBC News, the Associated Press, National Public Radio, CBC News, Al Jazeera, Financial Times, The Daily Telegraph, The Washington Post, Syrian satellite broadcaster Orient TV, and Dubai-based al-Arabia TV, as well as rights organizations such as Human Rights Watch.
Spamming popular Facebook pages with pro-regime comments. The Facebook pages of President Barack Obama and former French President Nicolas Sarkozy have been targeted by SEA spam campaigns.
Global cyber espionage is another function of the SEA. Technology and media companies, allied military procurement officers, US defense contractors, and foreign attaches and embassies have all fallen victim to the SEA’s cyber vandalism.
The SEA's tone and style vary from the serious and openly political to ironic statements intended as critical or pointed humor. For example, the SEA tweeted from the Twitter account of 60 Minutes the following: Exclusive: Terror is striking the #USA and #Obama is Shamelessly in Bed with Al-Qaeda. In July 2012, the SEA posted from Al Jazeera's Twitter account: Do you think Saudi and Qatar should keep funding armed gangs in Syria in order to topple the government? In another attack, members of SEA used the BBC Weather Channel Twitter account to post the headline: Saudi weather station down due to head on-collision with a camel.
U.S. analysts rank Syria well behind the top four of China, Russia, Iran and North Korea in its cyber capabilities. They are considered at the vandalism level. But the recent interjection of Russia into the Syrian crisis in 2015 leads many to believe that the government of Bashar al-Assad will receive a boost in its cyber programs courtesy of advanced Russian technologies.
ISIS
Islamic terrorists have threatened an all-out cyber war against the United States, and experts say the warnings should be taken seriously.
Hackers claiming affiliation with the ISIS released a video in the spring of 2015 vowing an electronic war against the West and claiming access to American leadership online.
“Praise to Allah, today we extend on the land and on the Internet,” a faceless, hooded figure said in Arabic. “We send this message to America and Europe: We are the hackers of the Islamic State, and the electronic war has not yet begun.”
As hackers around the world become more sophisticated, terrorist groups are likely to emulate their activities. It’s only really a matter of time until terrorist organizations begin using cyber techniques in a more expanded way. As an organization like ISIS acquires more resources financially, they will be able to hire the talent they need or outsource to criminal organizations.
Military officials agree. Director of the National Security Agency, Admiral Michael Rogers, called the pending shift a great concern and something that the U.S. military and intelligence communities pay lots of attention to.
“At what point do they decide they need to move from viewing the Internet as a source of recruitment … [to] viewing it as a potential weapon system?” Rogers asked.
While ISIS has been widely recognized for its social media recruiting capabilities, the growing computer science talent of its recruits has mostly gone unnoticed. Some of the individuals that have recently joined the movement of ISIS are students of computer science in British schools and European universities. As a result, the cyber capabilities of ISIS are advancing dramatically. Even the man reportedly responsible for a number of the brutal ISIS beheadings, dubbed Jihadi John by his captives, has a computer science degree.
Part of the danger of the ISIS threat is the group’s ability to marshal attacks from its sympathizers, generating an unconnected network that is hard to track.
ISIS effectively uses the video threats as a call to arms meant to incite individuals to act on their own. It has added a new dimension to the terrorist threat that the U.S. counterterrorism approach is not intended or designed to pick up on. For example, ISIS supporters have focused on distributed denial-of-service attacks, spear phishing campaigns and the hijacking of legitimate websites to push malware, creating what are known as watering holes. In a watering hole attack, the attacker analyzes their victims browsing habits and affects those sites with malware. As the targeted victim frequents the site, their networks become infected.
For example, if you go to an ISIS friendly website and download their videos, you better recognize most of those websites are watering holes. ISIS installed malware will attack your network while you’re watching their video. Experts think radical hackers are likely to expand this tactic to mainstream websites and powerful companies’ websites as a way to gather information on targets.
ISIS is beginning to conduct more and more counterintelligence using this method. Their use of the internet has been described as unprecedented for a terrorist group, and lawmakers are growing increasingly concerned about U.S. attempts to counter its rhetoric online.
Most of ISIS’s current online power lies in its messaging; experts say, and not in its ability to hack real computer networks. But a handful of high-profile intrusions points toward its aspirations as a hacking group. The so-called Cyber Caliphate took over the Twitter and YouTube accounts for the U.S. Central Command in January 2015, and the Twitter account for Newsweek magazine in a month after that.
In March of 2015, the Islamic State Hacking Division of ISIS posted the personal details of hundreds of U.S. military personnel supposedly involved in attacks on ISIS in Iraq and Syria.
Within two months of the posting, a terrorist inspired gunman attacked military recruitment facilities in Chattanooga, Tennessee killing several service members.
In April of 2015, a French TV station was knocked offline in perhaps the best example of terrorists’ abilities. “It seemed to be on a broader scale than we had seen previously,” said a U. S. State Department official. “There were a number of facets to that attack, and they also took the station offline for quite a while. That seemed to me to be of a different magnitude.” The group managed to orchestrate a complete three-hour blackout of the French channel TV5Monde. They hacked into all 11 channels run by the company, along with its website and social media outlets. While the attack took place, the hackers placed documents on TV5Monde’s Facebook page, which they claimed were classified dossiers of relatives of French soldiers involved in fighting ISIS. The Islamic State Hacking Division again claimed responsibility.
As the cyber capabilities and successes of ISIS escalate, many analysts believe the next step is inevitable. There is evidence of an increase in ISIS activity on the cyber arms bazaar, the massive underground black hat web market based in Eastern Europe that traffics in almost every form of cyber sabotage imaginable. It is only a matter of time before we hear about significant attacks that were pulled off by sympathizers of ISIS.
The nature of ISIS’s online presence is intended to do three things. Firs, and most importantly for the longevity of its existence, it’s designed as a mechanism to attract and recruit members to its ranks. Second, it’s a means through which ISIS aims to strike fear into the hearts of all that come across its frequently gruesome propaganda. Both objectives are well documented. A third important dimension to the ISIS presence online is emerging. ISIS utilizes cyberspace for offensive purposes—to use the cyber domain to disrupt services, damage reputations and reveal sensitive data.
The cyber attacks of 2015 orchestrated by ISIS illustrate the group’s increased degree of sophistication. There had clearly been an amount of pre-attack planning, including a level of social engineering that had gone on to completely shut down the station's computer systems. ISIS, and those claiming to support the group are now looking to take their cyber offensive to the next level.
Should we be worried about the self-styled Cyber Caliphate and the potential for ISIS to launch highly sophisticated attacks against sensitive networks, similar to the STUXNET virus that was unleashed on Iran? At present, despite a clear elevation in capability, the answer may be soon, but not yet. Attacks of the magnitude of STUXNET require a level of financing, highly-skilled personnel and human intelligence gathering that an organization such as ISIS simply doesn’t possess. The more likely scenario is that websites will continue to be defaced and social media accounts hacked, to influence sympathetic supporters.
But that’s no reason to be complacent about ISIS’ capabilities and its intent. The cyber domain provides a group like ISIS with a low-cost means of harassing their adversaries and promoting their cause. They’ve demonstrated an ability to utilize modern technology and unleash effective propaganda, and they’ve proven attractive to tech-savvy youngsters. With their 2015 successes, confidence will have increased, and the next attack will be planned with greater ambition. There’s no reason that ISIS won’t work to mature what has so far been a successful strategy and capability. In many ways this reflects what we see in the broader cyber threat environment: the cyber domain is becoming an essential part of offensive operations for any group, be it a government, criminal organization or terrorist group. Over the last five months, ISIS has shown us that they are pushing to close the knowledge and capability gap when it comes to offensive cyber operations.
We’d be wise to keep a close watch.
PART FOUR
United States Policy, Problem of Attribution, Defense Department Preparations
Chapter Seven
United States Policy Stance; The Five Pillars
The United States, like many of its Western counterparts, has lost control of the technology upon which the power, as well as the threats to national security within our respective governments, rest. The cyber arena, and the technology upon which it is based, includes the science of cyber engineering. The safety aspects of this science have been evolved into the weapons that will be used as the primary offensive assets in the upcoming new age of cyber warfare.
The next major war will not be fought with tanks, vessels, and cruise missiles. The world will experience a cyber war with the potential for more damage and loss of human life than could be achieved by our combined nuclear arsenals. Some even say that when conventional weapons are used during this conflict, they are likely to be our own turned against ourselves.
Via complex cyber intrusions, hacktivists have demonstrated their ability, from halfway around the world, to hack into an automobile’s onboard computer, take control of the steering, brakes and acceleration, and run the car into a ditch, while the driver tried desperately to regain control in vain.
The same technological discoveries that created the framework of an automobile’s control system pervade every aspect of our military hardware. To expect our military to have some magic that the auto manufacturers do not have, especially in the light of the recent Office of Personnel Management cyber intrusion referenced earlier in which tens of millions of private, and sometimes classified, personnel files were easily stolen by the Chinese and Russians, is absurd.
The world, and America in particular is on the edge of a steep cliff, about to be pushed over by any number of bad actors who would do us harm. Many believe our government is naïve—largely in denial at the greatest threat to America that has ever existed. The ostrich theory clearly applies, and the nation is at significant risk.
Advanced nations of the world have placed a great emphasis on cyber technologies and have left Americans behind. This same illiteracy does not exist in Russia, India, China, and Japan where advanced sciences take a priority during a student’s formative years. Our lack of knowledge is also found in our nation’s political leadership. In America, the threat of cyber warfare takes a back seat to social issues. In countries like China, Japan, and Russia, it’s difficult to reach any level of political power without a vast knowledge of computer related technology.
To these countries, the concept of a government official who was not highly competent in the cyber sciences would be the equivalent of us having a president who could not read or write. This must drastically change and an increasing number of policy analysts believe we must accept cyber attacks from adversarial nation-states for what they are—acts of war—and respond accordingly.
Strides within the political hierarchy of this nation are being made in recent years. In November of 2011, the US government declared that it has the right to meet cyber attacks with military force. Although this is just a broad declaration, it’s significant because it takes the first step towards a declaratory policy for cyber war. The policy statement provided, in essence: We reserve our right to defend ourselves with bullets, missiles, and bombs in the event that you hack us. The statement was vague and didn’t mean much but fell short of drawing the line in the sand.
The Five Pillars
In 2010, United States Deputy Defense Secretary William Lynn introduced to the North Atlantic Treaty Organization (NATO) the framework for the United States military strategy for cyber warfare. Known as The Five Pillars, this cyber shield would extend a blanket of security over NATO member’s networks similar to the nuclear defense shield.
Article 5 of the NATO charter states an armed attacked on one of its members should be considered as an attack on all the members. After the September 11 attacks, this article was invoked in
dealing with global terrorism. With the rise in cyber terrorism and crimes, there might be a need to accommodate the cyber attacks in the enforcement of Article 5.
The first pillar is to recognize that the new domain for warfare is cyberspace similar to the other elements of the traditional battlefield.
The second pillar is the implementation of proactive defenses as opposed to relying on passive defenses. Two examples of passive defense are computer hygiene and firewalls. The balance of the attacks requires active defense using sensors to provide a rapid response in detecting and stopping a cyber attack on a computer network. This would provide military tactics to backtrace, hunt down and attack an offending enemy intruder.
The third pillar is critical infrastructure protection to ensure the security of power grids, transportation, communications, and financial sectors.
The fourth pillar is the use of collective defense involving both the public and private sectors, which would provide the ability of early detection and to incorporate them into the cyber warfare defense structure.
The fifth pillar is to actively maintain and enhance the advantage of technological change. This would include improved computer literacy and increasing artificial intelligence capabilities.
Are new Geneva conventions needed?
In 2015, members of the House Intelligence Committee urged fellow intelligence community leaders to help create international rules of engagement, similar to the Geneva Conventions, for cyber warfare.
“We don’t know what constitutes an act of war, what the appropriate response is, what the line is between crime and warfare,” said Connecticut Congressman Jim Himes at a committee hearing on global cyber threats. While Congressman Himes put the burden on Congress to push for such international norms, he suggested that the nation’s intelligence agencies have neglected to create a clear set of standards. Rep. Adam Schiff (Calif.), the ranking Democrat on the committee and Himes, have rung the clarion bell and argue some high-level policy questions about how the U.S. treats cyberspace are still unanswered.