Chaos Program

According to the Wall Street Journal, up until recently the United States Air Force was too stupid to encrypt the video feed from attack drones such as the predators used in Afghanistan and Iraq.

I know that sounds harsh. Maybe it’s even too harsh. Let’s look at the story (original report here) and see how it develops. The short version is that sometime “late last year” (apparently December 2008) the computer of a captured Shiite fighter in Iraq was found to contain video from U.S. aerial drones. In July, more of these intercepted videos were found. The WSJ report claims that the interception was done with (or with something like – the writing is unclear) Skygrabber, software advertised as intercepting satellite transmissions of various file types. The price on the website is $45.95 (apparently was $26.95 a few days ago. Did they raise the price to capitalize on increased demand due to the publicity?).

According to the WSJ report, the Air Force has understood that these feeds were vulnerable to interception since the 1990s but did not do anything to encrypt them because a) It costs a lot of money and b) This kind of interception is too hard for the primitives we fight against anyway. (Okay, I’m paraphrasing, but the gist seems accurate.)

In their defense, Skygrabber probably did not exist in the 1990s. The Internet was less developed in those days too. According to Defense Tech the Global Information Grid used by the U.S. military to transfer data is 25 years old. One consequence of this is that security measures that are considered basic today are completely lacking. Defense Tech estimates that upgrades needed could run to $65 billion over the next three years.

Hackers work faster than that.

read more »

Cyberwar and related issues have been in the news lately. Since the cyber attacks on Estonia during the Russian invasion of 2007 (see here and here) the topic is popular. Maybe even almost sexy.

Since there are lots of news articles lately (mostly without much substance, but there are a few links at the bottom of this post if anyone’s interested) I’ve been giving the subject some thought. The first thing I think about it is that fears are somewhat overblown. To date, I am not aware of even one confirmed case of a cyber attack actually killing anyone. That’s what war is about, remember. Even in Estonia, the cyber attacks were much less of an issue than the Russian tanks.

This doesn’t mean cyberwar can’t cause problems, including problems for the military. Cyber attacks can be used to target communications, to block (or alter) global positioning systems (see this report) and possibly change the behavior of critical infrastructure items like dams and nuclear power plants. In the near future it may be able to cause traffic jams or accidents, make hospital systems go haywire, redirect ships and planes and many other potentially devastating things. At least those are some of the potentials. Fortunately, none of that potential has yet been reached.

Yet.
read more »

After I wrote the last post about problems with the upcoming CyberSecurity bill (see The Law of Unintended Cyber Consequences) – actually after I went to bed – I realized what bugged me about the whole idea of the president having a Real-Time CyberSecurity Dashboard. It’s an alarm system just begging for someone to mess with it. There are three possible scenarios that I can think of without trying very hard.

In the first scenario someone with a great many resources (maybe well-educated Russian youth groups (as described in my post Cyberwars Redux), launches a series of  “events” to gauge the workings of the dashboard. Maybe they do a virus one month, a severe denial of service attack on a high profile target another month and a serious attempt at penetration of a military target some other month. They monitor responses from the White House, particularly the CyberSecurity Advisory Panel. Maybe they go by press releases and rumors in the press. An actual intelligence operation (as all governments have and quite a few terrorist organizations as well) might have live humans they can pump for information. Anyway, after a time, they gather enough information to know how to make the dashboard show what they want it to show.

I’ve described this as an entire intel program but it doesn’t have to be. The dashboard will be something most security geeks will be interested in. Information about it will get out. Maybe it will show up in the trade press, or in casual conversations at conventions or on IRC. The trouble is, once people learn how to manipulate the system, worse scenarios become possible or even likely.

read more »

There’s already a new chapter in the story of the alleged confession that Russia was behind the cyber attacks on Estonia in 2007. (See http://www.chaosprg.com/blog/2009/03/the-coming-cyberwars/) for previous discussion. In that post I discussed the (improbable, I thought) claim of a Russian official that his assistant had started the attacks for purely patriotic reasons. Now there’s a new story that the previously unnamed assistant has come forward and said it’s true, and added some fascinating details.

In an article by Charles Clover in the Financial Times (Kremlin-backed group behind Estonia cyber blitz), the assistant in question, a Mr. Konstantin Goloskokov, is quoted as claiming not only that he started the attacks but – and this is the really interesting part – that he enlisted members of a group called Nashe to carry them out. He insists that the decision to do this was spontaneous, not something prompted by orders from the Russian government and that there was nothing illegal about it. It wasn’t a denial of service attack, it was just more service requests than the Estonian servers could handle. The article does not say if he used air quotes or an “end sarcasm” tag when explaining this.
read more »

What do you do if a foreign government attacks your country’s computer systems? In America we apparently throw a lot of money down a hole and then the guy theoretically in charge of defending our networks quits.

Anyone who has followed the news knows this is not a hypothetical question. For example, two years ago when Russia invaded Estonia there was a concurrent denial of service attack across the Internet on Estonian servers. This attack caused communications difficulties that may have affected the Estonia response to the invasion (not that there was ever very much they could do) and even reportedly disrupted such things as ATM transactions (See Russia’s Cyberwar on Estonia)

Recently, a story has been circulating that the Russians have admitted to being behind the Estonian attacks (See Russian politician: ‘My assistant started Estonian cyberwar’). There’s less to this story than meets the eye, though. Sergei Markov, a Russian government official, claimed recently that a deputy (who he conveniently refused to name) of his was outside Russia at the time the war began and started the cyber attacks entirely on his own, as a “reaction from civil society.” Apparently this was meant to indicate that the attacks had nothing to do with any official strategy but were a spontaneous uprising of the proletariat against the reactionary forces etc. etc.

In other words, it sounds like typical old-fashioned Soviet propaganda and just doesn’t pass the smell test. Unless the Russians really want the world to believe that low grade government functionaries often have access to destructive botnets that can be turned against any country that happens to annoy them?
read more »