Information Warfare Monitor

The US is not at cyberwar

gwalton — Wed, 10 Mar 2010 00:16:14 +0000

Comments by the new US cyber tsar Howard Schmidt are a welcome antidote to hysterical claims about online attacks

Source: Guardian: Tim Stevens

Last week, the Obama administration’s most senior official with responsibility for the internet and cyberspace made a significant intervention in the increasingly hysterical US debate over cyberwar.

Since Google announced in January that it had been the victim of a series of cyber attacks originating in China, the prospect of imminent threat from foreign states and terrorists has been repeated time and again by senior figures in the security establishment. Now, the man who is charged with shaping US policy in this field has shown that he at least will not be a vehicle for hyperbolic rhetoric and scaremongering.

On Wednesday, Howard Schmidt, appointed by President Obama in December 2009 to coordinate the development and delivery of national cybersecurity policy, stated baldly that the US is not in the midst of a cyberwar. This directly contradicts the statements last weekend of Mike McConnell, formerly director of national intelligence and currently vice-president of Booz Allen Hamilton, a major defence contractor.

In a national op-ed, McConnell claimed that the US is fighting a cyberwar today, one it is losing. Using a range of examples to make his case, including the recent Google China affair, McConnell proposed that the internet effectively be re-engineered to serve US national security interests. He went on to suggest that success in the Cold War would serve as a template for victory in the current cyberwar.

Schmidt debunked this flawed analogical reasoning, calling it both “a terrible metaphor” and “a terrible concept”. Moreover, “there are no winners in that environment”, he said.

CIA warns India of al-Qaida, cyber threats

gwalton — Tue, 09 Mar 2010 23:51:10 +0000

Source: PTI, Mar 9, 2010, 07.56pm IST

WASHINGTON: The CIA on Tuesday warned India and Brazil that they face "emerging threats" from al-Qaida and Taliban, though the terrorist outfits are "on the run" due to extreme pressure exerted on them in Afghanistan and Pakistan. CIA Director Leon Panetta, said that the US spy agency has a "fundamental duty to provide warning and prevent surprise," which also refers to "emerging threats" to nations like Brazil and India, indicating the need for growing cooperation between the US and India on intelligence sharing. [...] The CIA Director said the US is lagging behind in the cyber war and told the audience that he feared that the next Pearl Harbor might be a cyber attack.

Researchers Split Over Google’s Hackers

sahar — Tue, 09 Mar 2010 15:24:03 +0000

Source: Andy Greenberg, Forbes.

A cybersecurity showdown is in the works.

Late last week cybersecurity firm McAfee ( MFE – news – people ) and start-up Damballa both released new assessments of the high-profile hacking incident revealed by Google ( GOOG – news – people ) in January.

But while McAfee continues to describe the digital intruders as a sophisticated example of cyberespionage’s “advanced, persistent threat,” Damballa counters that the gang behind the so-called Aurora attacks were “amateurs” who used “old-school” techniques to create a run-of-mill collection of hijacked computers typically used for identity theft and spam. (See “Google Hackers’ Unexpected Backdoor” and “Researchers Call Google Hackers Amateurs.”)

One of those conclusions, it seems, must be wrong. But that doesn’t mean the facts from the two companies aren’t both accurate, says Nart Villeneuve, a researcher with the University of Toronto’s Citizen Lab. Given the complexity of a modern cybercriminal operation, he says, the two reports might be looking at opposite ends of the same animal.

Villeneuve points out that McAfee has been most vocal about how the hackers accessed their victims’ networks, moved between servers and planted hidden software. Damballa, meanwhile, says it has focused on the spyware samples themselves and the so-called “command and control” servers that the software communicated with to receive orders and steal data.

“When these researchers argue about whether the hackers are sophisticated or not sophisticated, they’re looking at different pieces of the puzzle,” says Villeneuve. “The truth is that no one’s providing enough detail to make any kind of complete comparison or analysis possible.”

McAfee, for its part, isn’t giving any ground. McAfee researcher Dmitri Alperovitch told Forbes that his cybersecurity firm is working directly with Google and other victims, and argues that Damballa doesn’t have enough access to the case for credible analysis.

In fact, Alperovitch claims that Damballa is dissecting the wrong piece of malicious software, or “malware,” altogether. “Their analysis is correct, but what they’re analyzing is something totally unrelated to Aurora,” he says. “As far as we’ve seen, the malware they’re looking at has nothing to do with this incident.”

Damballa’s vice president of research Gunter Ollman counters that its malware samples were taken from clients that were targeted by Aurora and from a public profile of the Hydraq Trojan–the spyware used by Aurora–published by security firm Symantec ( SYMC – news – people ). Ollman says Damballa traced those samples to five domains around the world that were used to control the so-called “botnet” of hijacked machines that infected Google, and he contends that McAfee is failing to examine those command and control servers. “It’s as if McAfee has been looking at the smoking gun and trying to analyze the bullets, while we’re following the driver of the getaway van,” Ollman says.

On some basic facts, the two accounts agree: Between July and December the Aurora hackers began infecting target networks with the Hydraq Trojan software, controlling the computers from servers outside the U.S. In at least some of those network infections, including the one that affected Google in December, the hackers used an e-mail laced with an attachment that exploited a security vulnerability in Internet Explorer 6, allowing the intruders to gain access to a piece of Google’s corporate network.

But that’s where the agreement ends. Damballa’s report points to several factors that indicate that Aurora was “just another botnet,” run by unsophisticated criminals: the Hydraq Trojan’s anatomy, which included some code that was five to eight years old; an older, more easily detected system of communication between hijacked computers known as dynamic domain name system or DDNS; and evidence that the same command and control computers were used to control earlier samples of malicious software used for routine cybercrime.

Whether Damballa’s analysis is based on faulty software samples–as McAfee claims–is tough to prove, given that neither company has published all of the details of their samples, including the domain names of the command and control servers they’ve analyzed.

But McAfee’s Alperovitch says that at least 40 versions of Hydraq were customized for different targets–not a single, antiquated piece of software, as Damballa says. And he disputes the idea that employing DDNS reveals a lack of sophistication. Although the method isn’t often used by modern, high-volume cybercriminal operations, it’s often still a tool for smaller targeted attacks.

Regardless, he says the discussion of whether certain tactics were amateurish isn’t the point. “The attack was successful,” says Alperovitch. “If it works, why use something more sophisticated?”

Citizen Lab’s Nart Villeneuve points out that both companies may be right about the respective piece of the operation they’re scrutinizing. McAfee may have analyzed the actions of sophisticated cyberspies that bought their malicious software and communications system from a less-sophisticated cybercrime group–the botnet controllers that Damballa has focused on.

Given that cybercrime and cyberespionage has become such a segmented and specialized industry, he points out that no single piece of a scheme can be used to describe the whole. “It’s not uncommon for botnet operators to sell or rent their botnet or simply use portions to install other peoples’ malware,” says Villeneuve.

Even so, independent security researcher and consultant Dancho Danchev argues that truly sophisticated cyberspies would have contracted more professional services. “Personally, I’m not impressed. Not at all,” Danchev wrote in an e-mail. “The tools and techniques used in the attacks can be easily outsourced to much more quality assurance-centered vendors of custom-build malware and cybercrime-friendly services than the ones used in the attack.”

Danchev says Aurora’s success stems from its combination of simple tactics with persistence and tricks like customizing spoof emails based on data pulled from social networking sites. Even so, that set of tactics doesn’t necessarily support McAfee’s portrait of ultra-advanced cyberspies. “That’s not ‘highly sophisticated,’ ” Danchev says. “It’s what makes every successful malware attack or botnet campaign successful in general.”

http://www.forbes.com/2010/03/08/google-damballa-mcafee-technology-security10-hackers_2.html

Cyberwar declared as China hunts for the West’s intelligence secrets

gwalton — Mon, 08 Mar 2010 20:48:29 +0000

Source: Michael Evans, Giles Whittell, The Times:

Urgent warnings have been circulated throughout Nato and the European Union for secret intelligence material to be protected from a recent surge in cyberwar attacks originating in China.

The attacks have also hit government and military institutions in the United States, where analysts said that the West had no effective response and that EU systems were especially vulnerable because most cyber security efforts were left to member states.

Nato diplomatic sources told The Times: “Everyone has been made aware that the Chinese have become very active with cyber-attacks and we’re now getting regular warnings from the office for internal security.” The sources said that the number of attacks had increased significantly over the past 12 months, with China among the most active players.

In the US, an official report released on Friday said the number of attacks on Congress and other government agencies had risen exponentially in the past year to an estimated 1.6 billion every month.

Sources at the Office for Cyber Security at the Cabinet Office in London, set up last year, said there were two forms of attack: those focusing on disrupting computer systems and others involving “fishing trips” for sensitive information. A special team has been set up at GCHQ, the government communications headquarters in Gloucestershire, to counter the growing cyber-threat affecting intelligence material. The team becomes operational this month.

British and American cyber defences are among the most sophisticated in the world, but “the EU is less competent”, James Lewis, of the Centre for Strategic and International Studies, said. “The porousness of the European institutions makes them a good target for penetration. They are of interest to the Chinese on issues from arms sales and nuclear non-proliferation to Tibet and energy.”

The lack of routine intelligence sharing between the US and the EU also contributes to the vulnerability of European systems, another analyst said. “Because of Britain’s intelligence-sharing relationship with America our systems have to be up to their standards in a way that some of the European systems don’t,” he explained.

Jonathan Evans, Director-General of MI5, warned in 2007 that several states were actively involved in large-scale cyber-attacks. Although he did not specify which states were involved, security officials have indicated that China now poses the gravest threat. Beijing has denied making such attacks.

Robert Mueller, FBI Director, has warned that, in addition to the danger of foreign states making cyber-attacks, al-Qaeda could in the future pose a similar threat. In a speech to a security conference last week, Mr Mueller said terrorist groups had used the internet to recruit members and to plan attacks, but added: “Terrorists have \ shown a clear interest in pursuing hacking skills and they will either train their own recruits or hire outsiders with an eye towards combining physical attacks with cyber-attacks.”

He said that a cyber-attack could have the same impact as a “well-placed bomb”. Mr Mueller also accused “nation-state hackers” of seeking out US technology, intelligence, intellectual property and even military weapons and strategies.To help to fight the growing threat, the Office of Cyber Security, set up last year as part of the Government’s national security strategy, liaises with America’s so-called cyber czar, Howard Schmidt, who was appointed by President Obama to protect sensitive government computers.

British officials said that everyone in sensitive jobs had been warned to be especially cautious about disseminating intelligence and other classified information. Whether British intelligence is involved in retaliatory attacks is never confirmed. However, officials said that there was a significant difference between being part of an information war and indulging in aggressive attacks to disrupt another country’s computer systems.

Dr Lewis said that neither the US nor any of its Western allies had formed an effective response to the Chinese threat, which has its origins in a massive boost to Chinese technology ordered by Deng Xiaoping, the late Chinese leader, in 1986. The West’s own cyber offensives have so far been directed largely at terrorists rather than nation states, giving China virtually free rein to penetrate Western systems with its own world-class hackers and increasingly popular Chinese-made components. “You almost have to admire them,” Dr Lewis said. “They have been very consistent in their goals.”

Indian Govt thwarted all hacking attempts: Sachin Pilot

gwalton — Mon, 08 Mar 2010 20:38:26 +0000

Source: OneIndia: All hacking attempts on government computers unsuccessful: Sachin Pilot

New Delhi, Mar 6: Dispelling fears on hackers penetrating into important informations, Minister of State for Communication and Information Technology Sachin Pilot said that the government has been successful averting such attempts. "Yes, there have been attempts but I can categorically say that not one attempt has been successful," the minister said. "The government's computer network system, maintained by the National Informatics Centre, is highly efficient," Pilot said in a news agency report. Lauding officials efficiency in preventing such attempts, Pilot said that hackers in are search of a weak spot. "But our people are very efficient and well trained. Safeguards have ensured that national security has not been breached." Pilot's statement came amidst report on hackers trying to penetrate government computers in vital ministries like office of the National Security Adviser (NSA).

Britain fends off flood of foreign cyber-attacks

gwalton — Mon, 08 Mar 2010 20:30:59 +0000

“There is no doubt some state actors have sucked out huge amounts of intellectual copyright, designs to whole aero engines, things that have taken years and years of development,” West said.

“The moment you mention a particular state, they will deny it,” West added. “The problem with cyberspace is that attribution is extremely difficult. It’s almost impossible to do it in terms of evidence that would be necessary in a court of law.”

However, he said the UK government had sufficient intelligence to be confident that it knew who the main perpetrators were. Russia has been widely blamed for launching debilitating cyber-attacks on Estonia and Georgia. West said such actions prompted new questions.

“If I went and bombed a power station in France, that would be an act of war,” he said. “If I went on to the net and took out a power station, is that an act of war? One could argue that it was.”

And he warned that there might come a time when the UK would feel compelled to retaliate. “If some state sponsor keeps trying to get into your systems, probably for industrial espionage, are you going to go back into their system and bugger it up? We’re all capable of doing these things. At the moment we wouldn’t do that, but maybe this is where we need to have discussions.”

He suggested that the UK needed to be prepared to tackle a spectrum of threats in cyberspace, including those posed by criminal gangs and terrorists. “I’m very worried they [terrorists] may start becoming cuter and try to use our connectivity to have a go at our critical infrastructure, things [that control] our services, our food [distribution] and water supply,” he said. Terrorists were currently “not brilliant” at attempting this sort of attack on infrastructure, he added, but they would learn fast and “we’ve got to be ahead of them”.

As an example of the potential effects, he talked about what would happen if time signals from global positioning system satellites were disabled. “Not a single cash machine would work, the Docklands Light Railway wouldn’t work, you wouldn’t be able to berth oil tankers, great chunks of our transport infrastructure would stop,” West said.

He drew comparisons with ice storms in the Canadian capital, Ottawa, several years ago. “All the power went down; there were riots with people smashing into stores,” he said.

The government is so concerned at the evolving threats in cyberspace that this month it launched the Office of Cyber Security, which draws on expertise from organisations such as GCHQ, the Ministry of Defence, the Home Office and the Serious and Organised Crime Agency.

The OCS is engaged in planning exercises looking at warfare in 2015 and 2040. Another part of its remit will be tackling online fraud. West described the rise of “malicious” computer code as “exponential” and “mindboggling”. “The more you realise the malicious elements that are out there trying things, the more horrifying it becomes,” he said.

Last week Spanish investigators arrested three alleged ringleaders of the so-called “Mariposa” botnet, which had infected and controlled up to 12.7m PCs. West acknowledged that the 2012 Olympics would be a target for cyber-attacks. “People will be trying to get into the Olympics [ticketing] site to see what they can do,” he said.

His comments come days after the director of the FBI, Robert Mueller, warned that militant groups, foreign states and criminal organisations posed a growing threat to US security as they targeted government and private computer networks. “Apart from the terrorist threat, nation states may use the internet as a means of attack,” Mueller said. “They seek our technology, our intelligence, our intellectual property, even our military weapons and strategies.”

UK’s cyber warriors go into battle in March

gwalton — Mon, 08 Mar 2010 20:24:47 +0000

Source: Chris Williams, Register

The UK’s new cyberwarfare unit will be ready for action on 10 March, according to the government.

The Cyber Security Operations Centre (CSOC), located at GCHQ in Cheltenham, will have an initial staff of 19, said Baroness Crawley.

CSOC will monitor the internet for threats to UK infrastrucutre and counter-attack when necessary.

The staffing figure, released in response to a Parliamentary question, puts paid to recent hyperbole suggesting the intelligence agencies were recruiting a 50-strong “army” of teenage hackers.

CSOC was announced in June as the operational centrepiece of the UK’s first cybersecurity strategy. Funding for the unit hasn’t been revealed, but it will come from the GCHQ’s budget, which stretches into hundreds of millions.

The Office of Cyber Security, a new unit in the Cabinet Office set up to coordinate policy, is also currently being set up, to be led by senior civil servant Neil Thompson. Crawley said it will have 18 staff and a budget of £130,000 for the remainder of this financial year. ®

Britain applies military thinking to the growing spectre of cyberwar

gwalton — Mon, 08 Mar 2010 20:09:54 +0000

Antony Loyd, The Times:

Harry was a Russian secret service agent who spoke perfect English and wore cowboy boots with his uniform. I never knew what his face looked like because he wore a mask during the lengthy interrogation sessions he put me through during five days of captivity in Federal Security Service (FSB) hands in Chechnya in 1999. The first item taken from me by Harry and his friends was my laptop. I was as much unnerved as relieved when it was returned on my release. “I can have it back?” “Yeah, have it back,” the FSB agent replied, and laughed.

Within 24 hours of arriving home in London the laptop was deluged with spam, pornography and Russian hate mail, eventually crashing completely. The act was more a digital slap on the wrist than the attacks that the Russians would allegedly inflict on entire countries several years later, but it was my first experience of cyberwar.

The incident came to mind eight years later on a February morning in Helmand, southern Afghanistan, when I heard a Royal Marines colonel briefing his officers. He mentioned, almost as an aside, that one of the men’s e-mail accounts had been closed after being compromised by a “hostile intelligence agency”. In other words, someone hacked into a soldier’s computer to see what might be found there. Last December, in Sri Lanka, a senior UN official confided to me that his e-mails were being intercepted by a “key log” program that allowed everything he wrote and received to be read by an intelligence agency.

Today barely a week passes without the phrase “cyberattack” in the news. It is a loose term, incorporating everything from criminal hacking and commercial espionage to attempts to seize control of weapon systems or sabotage national infrastructures. Britain is treating the surge of hostile computer activity seriously enough to have established two organisations last year to co-ordinate, assess and expand its cyber strategy. The Office for Cyber Security (OCS), established by the Cabinet Office, was created in the autumn after a warning by intelligence chiefs that China may have acquired the ability to cripple key points of infrastructure such as telecommunications.

Whitehall departments were allegedly first targeted by Chinese hackers in 2007. Later that year Jonathan Evans, director-general of MI5, wrote to 300 chief executives warning of potential Chinese hacking attacks and data theft. In the year up to November 2009 Britain suffered 300 cyber intrusions — defined as a sophisticated attempt, successful or not, to steal data or sabotage systems — on government and military networks.

The OCS, at present staffed by 14 people, including personnel from the security services and military, is to be fully operational with a strength of 20 later this year. It works closely with a second organisation, the secretive Cyber Security Operations Centre, located within Government Communications Headquarters in Cheltenham. A key part of the approach is establishing rules of engagement for retaliatory cyberstrikes should critical infrastructure be attacked and crippled.

“If I go and bomb someone’s power station, that is an act of war,” Baron West of Spithead, the Permanent Under Secretary of State for Security and Counterterrorism, told The Times. “But if I use a computer to make that power station effectively not work, is that an act of war? That is a simple stark example. There are much more complex examples. These were issues that hadn’t been addressed before, and we are now at the forefront of doing so.”

The majority of attacks have been to obtain funds from commercial organisations, and a full assault on a country’s banks, stock market, energy grid, telecommunications and health systems is more likely if countries are already in a “hot” war. There are several other potential triggers, however. In 2007 Estonian ministries, banks and newspapers were bombarded with denial-of-service attacks — mass requests for information that cause systems to crash — for several days after the Government moved a Soviet war memorial in the capital, Tallinn.

In 2008 Georgia complained of similar attacks during its brief conflict with Russia over the breakaway province of South Ossetia. The Russians were blamed in both cases, although they denied involvement.

The threats and scenarios of cyberwar require some sideways thinking. British assessments conclude, for example, that the risk of a serious attack in this country is still lower than that of a flu pandemic — but that a flu pandemic would be a lot worse if combined with an attack on NHS computer systems involved in vaccine distribution. American academics have predicted that the physical damage from a country shutting the US power grid for three months would be several times greater than the damage done by Hurricane Katrina in Louisiana.

The strategy being developed by Lord West is not limited to risk assessment; retaliation is part of the package. “We could do what these people do [to us] if we wanted to,” he said. “We’re looking at … the ethics of all of this. If someone dropped a bomb on us, I would have no hesitation in shooting their bloody plane down and giving them a slapping … So we need to think through how we react to these ‘other things’ and the implications.”

The murky world of cyberwar is inhabited by small-time hackers, criminal syndicates and people operating with the support of their government.

“Everything that happens to us is called an ‘attack’,” said a senior official with a lead role in British cyber operations, “[but] most of what we see on a large scale … is about the exfiltration of data — theft, not an attack.” There exists, however, an overlap between the interests of hostile state intelligence agencies and cybercriminal syndicates seeking to steal intellectual data for profit. Russian cybercrime syndicates, better known as partnerka, lead commercial espionage in Europe and are known to have links with Harry and his comrades in the FSB. China has its own dedicated cyber operations headquarters within the People’s Liberation Army but also holds top rank in the league of cyberhostile countries — the list used by Western security companies to warn business clients of cyber-threat.

The West’s nuclear strategy was based on deterrence — the assurance that a guaranteed second strike would prevent a first strike from coming. Yet cyberwar is more complex because the attacks have certain things in common: they are fast, cheap and hard to trace.

“Attribution is unbelievably difficult,” admitted Lord West. “These guys could attack [as if it was from] your site — the attacks would come in from different nodes in a strange way that you can’t even identify. Follow the attack back and it gets to you — but it wasn’t you.”

The sophistication of commercial and state-sponsored activity has developed immensely since the attacks on Estonia and Georgia, with denial-of-service operations now considered relatively low-grade. More worrying is “zero-day malware” — an unidentifiable new generation of Trojan programs that are implanted into a host computer and lie dormant until activated.

“Let’s say that someone has received an e-mail that looks like it’s from someone they know, about a subject they feel comfortable with,” said Ian McGurk, associate director for information security at Control Risks, a security consultancy. “As a consequence they trust the material. If there’s an attachment — a photograph, a Word document, whatever — embedded within that attachment is some sort of malicious code that is going to install itself on the machine. That machine is then compromised, and a Trojan is installed that can search for information.”

As well as transmitting information back to its handler, zero-day malware can also hand a computer to outside control before going on to infect an entire system.

Raimund Genes, the chief technical officer of Trend Micro, said: “We grew up fearing the mushroom cloud, now we should fear a roomful of hackers with their electricity and internet bills paid for by a government.”

China’s Golden Cyber-Shield

gwalton — Mon, 08 Mar 2010 19:56:11 +0000

“China has powerful controls over content going out and coming in at every gateway,” says Jody Westby, chief executive of security consultancy Global Cyber Risk. She argues that the tight relationship between China’s government and its Internet service providers–originally established to stop Web users reading about censored topics like Tiananmen and Taiwan–also means the country could better coordinate a defense against online attacks.

In the U.S., by contrast, the autonomy of the Internet may leave it vulnerable to state-sponsored enemies trying to steal classified data or shut down servers controlling energy or telecommunications. “They have a decided defensive advantage,” says Westby. “China simply doesn’t have the same issues of coordination [the U.S.] would face in the case of information warfare.”

Sizing up threats in a hypothetical cyber-war is still based on educated guesswork and speculation, but no longer mere science-fiction: A political dispute in May over a U.S.S.R. memorial in Estonia led to massive attacks on the country’s government Web sites; state servers were paralyzed with “distributed denial of service” attacks, which use tens of thousands of simultaneous requests for information to overwhelm Web-connected computers. Estonia initially accused the Russian government of launching the blitzkrieg, though the use of “botnets”–herds of PCs hijacked with malicious software–made tracing its origin difficult.

The threat of an information-based war with China is particularly real. A Department of Defense report earlier this year warned that China’s military is putting more resources into “electromagnetic warfare,” focusing on attacking and defending computer networks.
The first shots may have already been fired: In August and September 2006, Chinese computers penetrated the State Department and the U.S. Department of Commerce’s Bureau of Industry and Security. The attack, known as “Titan Rain,” forced the government to replace hundreds of computers and take others offline for a month. While that attack couldn’t be traced to any official source, the U.S.-China Economic and Security Review commission subsequently claimed that China is developing computer viruses intended to disable military defense systems.

If China did turn computer viruses into a military tool, the Golden Shield could be used to prevent collateral damage, says Jayson Street, a member of the Netragard SNOsoft Research Team and consultant for Stratagem 1 Solutions. “The firewall would protect China from whatever it releases,” says Street. “When a worm goes out, it’s not a gun, it’s a bomb. It affects everyone. That’s why the Golden Shield could be so effective.”

Chinese cyber-attacks might take the same form as the denial of service attacks that rattled Estonia, using botnets to overwhelm foreign servers and depending on the Golden Shield to block attempts at retaliation.

The exact anatomy of the shield is known only to the Chinese government, but most security professionals believe it’s capable of not only filtering for certain politically charged keywords, but also examining the structure and origin of information moving into and out of the country’s networks. That means botnet attacks could be deflected more easily than in the U.S., where there are virtually no checks on international Internet traffic.

Still, the shield’s effectiveness as a defense in cyber-warfare is far from clear: Bruce Schneier, the founder and chief technology officer of security firm BT Counterpane, argues that no single strategy can stop determined hackers.

“It’s a pipe dream to think that a country can secure its cyber-borders,” says Schneier. He points out that in general, security vulnerabilities are much easier to find than they are to patch. “If you look at what’s happening now in the computer security field, the bad guys are winning, and they’re just criminals,” says Schneier. “Imagine if militaries got involved.”

If China did face all-out digital war, it might have at least one resource that the U.S. wouldn’t: an Internet kill switch.

“It’s true that it’s impossible to completely defend against denial of service attacks and still be accessible,” says Marcus Ranum, chief security officer of Tenable Security. “But if you’re willing to go off the air completely, you could disrupt the enemy’s command and control.” Ranum suggests that China’s worst-case strategy in a cyber-war would simply be to “pull the plug,” temporarily isolating the Chinese Internet. That’s not an option in the U.S., where the Web is less regulated and considered a basic freedom.

If China made itself immune from outside attack, it could still be vulnerable to botnets run from within the country, says Allan Paller, director of research at the SANS Institute. “Installing malware on computers within the country would be the real key to an Internet Cold War,” he says. Military enemies could launch denial of service attacks that begin and end within China’s own network.

To grab control of those computers, Paller imagines CIA agents working in Chinese Internet cafes or other domestic access points. Timed botnet attacks could also be organized to launch automatically, without an external go-ahead.

At the end of 2006, China had 26% of the world’s malware-infected computers, more than any other country, according to a report from Symantec (nasdaq: SYMC – news – people ). But most of those PCs are likely controlled by spam-sending cyber-criminals, not foreign militaries.

Whether of note the U.S. military has caught on to these nuances of the digital arms race, it will soon, Paller argues. “This is going to be an area of huge investment for the military for the next hundred years,” he says. “It isn’t just the future of information warfare. It’s the future of warfare.”

Google gripe shows Ottawa’s cybersecurity ‘vacuum’

gwalton — Sun, 07 Mar 2010 19:09:19 +0000

The Internet giant announced in January it was reassessing whether to continue its operations in China, where 384 million people surf the Web under tight government controls.

Google discovered that hackers had broken into its popular Gmail application. The attacks appeared to originate from mainland China. The culprits were looking for information about Chinese human rights activists and that suggested government involvement, Google alleged.

Citing concerns over security, human rights and freedom of speech, the California-based company said it would either find a way to stop censoring its search results in China or leave.

Whether Google and Beijing are in negotiations is unclear, but the company has made no public decision on the matter. Meanwhile the cyber attacks, which Google said hit at least 20 other firms, have reverberated through Washington.

The U.S. National Security Agency probed where the hackers were based, tracing the attacks to servers in Taiwan, then reportedly to a pair of Chinese schools. U.S. Secretary of State Hillary Clinton also demanded that Chinese authorities conduct a thorough and transparent investigation.

“The Google attacks were taken extremely seriously — more than just an incident of potential industrial espionage but a major body blow to the American political system,” said Ronald Deibert, a cybersecurity expert at the University of Toronto.

Deibert is one of the people Google has been soliciting advice from in its dealings with China. He delivered a presentation about the rise of cyberspace control at Google’s headquarters a week before the company uncovered the hack. And officials informed him of their discovery before they went public.

Deibert told CTV.ca the hackers went one step further than was widely reported, ostensibly trying to access directories of data that Google collects, as required by U.S. national security laws.

The company tapped Deibert’s expertise after he co-wrote a 2009 study into cyber attacks against the office of the Dalai Lama. Researchers uncovered an extensive online spy network dubbed GhostNet that they traced back to China. It had compromised 1,295 computers across 103 countries — including some in Canada.

Domestic appeal

Deibert says Canada needs to confront the issues of censorship and government intrigue on the Web that incidents like the Google hack raise.

In a paper published on Feb. 22 by the Canadian International Council think-tank, he called on Ottawa to develop a cyberspace strategy that includes:

- Fixing Canadian laws that foreign governments could use to justify controlling the Web, such as with content filtering or online surveillance

- Scrutinizing whether Canadian technology exports are being used by foreign governments to restrict Internet access

- Encouraging “arms control in cyberspace” by, for example, proposing a UN treaty to make the Web more open and peaceful

The idea of “arms control” may seem extreme, but governments have started using the Internet to help them wage war.

During the 2008 conflict in Georgia, hackers took down key government websites in the capital of Tbilisi while Russian tanks rolled across the border. Military powers including France, Israel and the U.S. have adopted such cyberwar tactics as part of their defence policies.

The Internet is “entering a dangerous and chaotic phase, essentially a cyber-arms race,” Deibert said, and that’s led to spiralling computer espionage and computer network attacks.

“We need at least some government to stand up and say ‘how are we going to restrain this?’”

Policy ‘vacuum’

Stephen Harper’s Conservative government pledged, in this week’s throne speech, to create a cybersecurity strategy that would protect Canada’s “digital infrastructure.”

So far, however, there has been a “surprising vacuum in Canadian policy around cyberspace generally,” Deibert says.

Ottawa has been considering legislation on the issue. “The Investigative Powers of the 21st Century Act” was tabled last June. It proposed that Internet service providers be required to hand over data and personal information about their customers to police. But the bill hadn’t become law by the time Parliament was prorogued.

The federal government’s existing cybersecurity efforts are organized around Public Safety Canada. For example, CSIS and the RCMP’s technological crime unit probe Web-based threats or attacks and report to Public Safety.

The department is also “leading cross-government efforts to produce a cybersecurity strategy,” David Charbonneau, a spokesperson for Public Safety Canada, told CTV.ca by email.

The strategy will incorporate input from private companies and foreign governments, Charbonneau wrote, “and will build on significant efforts that have been underway.”

Meanwhile south of the border, U.S. President Barack Obama appointed a White House cybersecurity co-ordinator in January. The U.S. Department of Homeland Security created a similar position in 2005, and Washington unveiled a national cybersecurity plan in 2008.

As governments in North America and elsewhere develop policies on cyberspace, they’re influencing how the Internet will evolve.

“The dominant trend right now is the growing militarization of cyberspace,” Deibert said. “That leads down a path towards islands of territorialized Internet that are not connected to each other.”

“Another path I’d prefer to see is one where there’s perhaps a treaty articulated by countries of the world that lays out basic principles for how cyberspace should be governed,” he added. “Hopefully that would be in an open, public way.”

For the time being, efforts to keep the World Wide Web peaceful and open are centring on China, which passed a new round of Internet controls last week.

Without an international cyberspace treaty, the U.S. government is considering whether to lodge a complaint about China’s online censorship with the World Trade Organization.

But China isn’t alone. The list of countries where Internet censorship has become a hot-button issue has grown to include democracies like Germany, France and Australia.