Cover image for Inside Cyber Warfare

Book description

You may have heard about "cyber warfare" in the news, but do you really know what it is? This book provides fascinating and disturbing details on how nations, groups, and individuals throughout the world are using the Internet as an attack platform to gain military, political, and economic advantages over their adversaries. You'll learn how sophisticated hackers working on behalf of states or organized crime patiently play a high-stakes game that could target anyone, regardless of affiliation or nationality.

Inside Cyber Warfare goes beyond the headlines of attention-grabbing DDoS attacks and takes a deep look inside multiple cyber-conflicts that occurred from 2002 through summer 2009.

  • Learn how cyber attacks are waged in open conflicts, including recent hostilities between Russia and Georgia, and Israel and Palestine

  • Discover why Twitter, Facebook, LiveJournal, Vkontakte, and other sites on the social web are mined by the intelligence services of many nations

  • Read about China's commitment to penetrate the networks of its technologically superior adversaries as a matter of national survival

  • Find out why many attacks originate from servers in the United States, and who's responsible

  • Learn how hackers are "weaponizing" malware to attack vulnerabilities at the application level

Table of Contents

  1. Special Upgrade Offer
  2. Foreword
  3. Preface
    1. How This Book Came to Be
    2. Conventions Used in This Book
    3. Using Code Examples
    4. How to Contact Us
    5. Safari® Books Online
    6. Acknowledgments
  4. 1. Assessing the Problem
    1. The Complex Domain of Cyberspace
      1. Cyber Warfare in the 20th and 21st Centuries
        1. China
        2. Israel
        3. Russia
          1. The Second Russian-Chechen War (1997–2001)
          2. The Estonian cyber war (2007)
          3. The Russia-Georgia War (2008)
        4. Iran
        5. North Korea
      2. Cyber Espionage
        1. Titan Rain
    2. Cyber Crime
    3. Future Threats
      1. Increasing Awareness
      2. Critical Infrastructure
    4. The Conficker Worm: The Cyber Equivalent of an Extinction Event?
    5. Africa: The Future Home of the World’s Largest Botnet?
    6. The Way Forward
  5. 2. The Rise of the Non-State Hacker
    1. The StopGeorgia.ru Project Forum
      1. Counter-Surveillance Measures in Place
    2. The Russian Information War
      1. The Foundation for Effective Politics’ War on the Net (Day One)
    3. The Gaza Cyber War Between Israeli and Arabic Hackers During Operation Cast Lead
      1. Impact
      2. Overview of Perpetrators
        1. Motivations
      3. Hackers’ Profiles
        1. Team Evil
        2. Cold Zero (aka Cold Z3ro aka Roma Burner)
        3. Team Hell (aka Team H3ll and Team Heil)
        4. Agd_Scorp/Peace Crew (aka Agd_Scorp/Terrorist Crew)
        5. Jurm Team
        6. C-H Team (aka H-C Team)
        7. Hackers Pal
        8. Gaza Hacker Team
        9. DNS Team
        10. !TeAm RaBaT-SaLe! (aka Team Rabat-Sale aka Team Rabat-Sala)
        11. DZ Team
        12. Ashianeh Security Group
        13. Nimr al-Iraq (“The Tiger of Iraq”) and XX_Hacker_XX
      4. Methods of Attack
        1. Distributed denial of service (DDoS) capability
        2. Website defacements
        3. Viruses and Trojans
      5. Israeli Retaliation
    4. Control the Voice of the Opposition by Controlling the Content in Cyberspace: Nigeria
    5. Are Non-State Hackers a Protected Asset?
  6. 3. The Legal Status of Cyber Warfare
    1. Nuclear Nonproliferation Treaties
    2. The Antarctic Treaty System and Space Law
    3. UNCLOS
    4. MALT
      1. U.S. Versus Russian Federation: Two Different Approaches
    5. The Law of Armed Conflict
    6. Is This an Act of Cyber Warfare?
      1. South Korea
      2. Iran
      3. Tatarstan
      4. United States
      5. Kyrgyzstan
      6. Israel and the Palestinian National Authority
      7. Zimbabwe
      8. Myanmar
    7. Cyber: The Chaotic Domain
  7. 4. Responding to International Cyber Attacks As Acts of War
    1. Introduction by Jeffrey Carr
    2. Introduction
    3. The Legal Dilemma
      1. The Road Ahead: A Proposal to Use Active Defenses
    4. The Law of War
      1. General Prohibition on the Use of Force
      2. The First Exception: UN Security Council Actions
      3. The Second Exception: Self-Defense
      4. A Subset of Self-Defense: Anticipatory Self-Defense
      5. An Alternate Basis for Using Active Defenses: Reprisals
    5. Non-State Actors and the Law of War
      1. Armed Attacks by Non-State Actors
      2. Duties Between States
      3. Imputing State Responsibility for Acts by Non-State Actors
      4. Cross-Border Operations
    6. Analyzing Cyber Attacks Under Jus ad Bellum
      1. Cyber Attacks As Armed Attacks
      2. Establishing State Responsibility for Cyber Attacks
      3. The Duty to Prevent Cyber Attacks
      4. Support from International Conventions
      5. Support from State Practice
      6. Support from the General Principles of Law
      7. Support from Judicial Opinions
      8. Fully Defining a State’s Duty to Prevent Cyber Attacks
      9. Sanctuary States and the Practices That Lead to State Responsibility
    7. The Choice to Use Active Defenses
      1. Technological Limitations and Jus ad Bellum Analysis
        1. Limitations on attack detection
        2. Limitations on attack classification
        3. Limitations on attack traces
      2. Jus in Bello Issues Related to the Use of Active Defenses
        1. Active defenses: The most appropriate forceful response
        2. Technological limitations and jus in bello analysis
    8. Conclusion
  8. 5. The Intelligence Component to Cyber Warfare
    1. The Korean DDoS Attacks (July 2009)
      1. The Botnet Versus the Malware
      2. The DPRK’s Capabilities in Cyberspace
    2. One Year After the RU-GE War, Social Networking Sites Fall to DDoS Attack
    3. Ingushetia Conflict, August 2009
    4. The Predictive Role of Intelligence
  9. 6. Non-State Hackers and the Social Web
    1. Russia
    2. China
    3. The Middle East
    4. Pakistani Hackers and Facebook
    5. The Dark Side of Social Networks
      1. The Cognitive Shield
        1. Examples of OPSEC violations
        2. Adversary scenarios
        3. Study findings
    6. TwitterGate: A Real-World Example of a Social Engineering Attack with Dire Consequences
    7. Automating the Process
      1. Catching More Spies with Robots
        1. The automation and virtualization of social network entities
        2. Owning social network users for a small budget of $300–$1,300
        3. Bringing down a social network from the inside
  10. 7. Follow the Money
    1. False Identities
    2. Components of a Bulletproof Network
      1. ICANN
      2. The Accredited Registrar
      3. The Hosting Company
    3. The Bulletproof Network of StopGeorgia.ru
      1. StopGeorgia.ru
      2. NAUNET.RU
      3. SteadyHost.ru
      4. Innovation IT Solutions Corp
      5. Mirhosting.com
      6. SoftLayer Technologies
    4. SORM-2
    5. The Kremlin and the Russian Internet
      1. Nashi
      2. The Kremlin Spy for Hire Program
      3. Sergei Markov, Estonia, and Nashi
    6. A Three-Tier Model of Command and Control
  11. 8. Organized Crime in Cyberspace
    1. A Subtle Threat
      1. Atrivo/Intercage
      2. ESTDomains
      3. McColo: Bulletproof Hosting for the World’s Largest Botnets
    2. Russian Organized Crime and the Kremlin
  12. 9. Investigating Attribution
    1. Using Open Source Internet Data
      1. Background
      2. What Is an Autonomous System Network?
        1. Timeline of political events
        2. Analysis
        3. Alternate views
    2. Team Cymru and Its Darknet Report
    3. Using WHOIS
      1. Caveats to Using WHOIS
  13. 10. Weaponizing Malware
    1. A New Threat Landscape
      1. StopGeorgia.ru Malware Discussions
        1. SQL injection, blind SQL injection, and using BENCHMARK
      2. Twitter As DDoS Command Post Against Iran
      3. Social Engineering
        1. The Social Graph API
      4. Channel Consolidation
      5. An Adversary’s Look at LinkedIn
      6. BIOS-Based Rootkit Attack
      7. Malware for Hire
      8. Anti-Virus Software Cannot Protect You
      9. Targeted Attacks Against Military Brass and Government Executives
        1. Research is the key to offensive capabilities
        2. Delivery of targeted attacks
        3. Command, control, and exfiltration of data
        4. Why client-side 0day vulnerabilities can be so devastating
        5. Protecting against 0day exploits
          1. Defense in Depth
          2. Using technologies such as MOICE and virtualization
          3. Physical separation between data of varying sensitivity
  14. 11. The Role of Cyber in Military Doctrine
    1. The Russian Federation
      1. The Foundation for Effective Politics (FEP)
        1. Chronicles of Information Warfare
        2. Analysis
      2. “Wars of the Future Will Be Information Wars”
        1. Who is Alexandr Burutin?
        2. The speech
          1. Analysis
      3. “RF Military Policy in International Information Security”
        1. The paper
        2. Creating a legend for a cyber attack
      4. The Art of Misdirection
    2. China Military Doctrine
      1. Anti-Access Strategies
      2. The 36 Stratagems
      3. U.S. Military Doctrine
  15. 12. A Cyber Early Warning Model
    1. Introduction by Jeffrey Carr
    2. The Challenge We Face
      1. Cyber Early Warning Networks
      2. Building an Analytical Framework for Cyber Early Warning
        1. Latent tensions
        2. Cyber reconnaissance
        3. Initiating event
        4. Cyber mobilization
        5. Cyber attack
      3. Cases Studies of Previous Cyber Attacks
        1. Case study: Cyber attacks against Georgia
        2. Case study: GhostNet cyber espionage
        3. Case study: Cyber attacks against Denmark
      4. Lessons Learned
      5. Defense Readiness Condition for Cyberspace
  16. 13. Advice for Policy Makers from the Field
    1. When It Comes to Cyber Warfare: Shoot the Hostage
    2. The United States Should Use Active Defenses to Defend Its Critical Information Systems
    3. Scenarios and Options to Responding to Cyber Attacks
      1. Scenario 1
        1. Option 1
        2. Option 2
        3. Option 3
        4. Option 4
      2. Scenario 2
        1. Option 1
        2. Option 2
      3. Scenario 3
        1. Option 1
      4. Scenario 4
        1. Option 1
    4. In Summary
    5. Whole-of-Nation Cyber Security
  17. A. Afterword
  18. Index
  19. About the Author
  20. Colophon
  21. Special Upgrade Offer
  22. Copyright