Showing posts with label cyberwarfare. Show all posts
Showing posts with label cyberwarfare. Show all posts

Jun 4, 2010

Cyber Command chief says military computer networks are vulnerable to attack

Headquarters of the NSA at Fort Meade, Maryland.Image via Wikipedia

By Ellen Nakashima
Washington Post Staff Writer
Friday, June 4, 2010; A02

The U.S. government is seeing "hints" that adversaries are targeting military networks for "remote" sabotage, the head of the Pentagon's recently launched Cyber Command said in his first public remarks since being confirmed last month.

"The potential for sabotage and destruction is now possible and something we must treat seriously," said Gen. Keith B. Alexander, who also heads the National Security Agency, the nation's largest intelligence agency. "Our Department of Defense must be able to operate freely and defend its resources in cyberspace."

Alexander spoke Thursday before more than 300 people at the Center for Strategic and International Studies in Washington.

In remarks afterward, Alexander said he is concerned about the safety of computer systems used in war zones. "The concern I have is when you look at what could happen to a computer, clearly sabotage and destruction are things that are yet to come," he said. "If we don't defend our systems, people will be able to break them."

James A. Lewis, director of CSIS's Technology and Public Policy Program, said advanced militaries are capable of destroying U.S. computer systems. "That wasn't true four years ago, but it's true now and Cyber Command will have to deal with it," he said.

chinese cyberwarfareImage by s!znax via Flickr

The Cyber Command, launched last month at Fort Meade, was created by Defense Secretary Robert M. Gates to streamline the military's capabilities to attack and defend in cyberspace, supported by NSA's intelligence capabilities.

Alexander stressed that the Command will focus on protecting the U.S. military's 15,000 computer networks under oversight of the special Foreign Intelligence Surveillance Court, Congress and the administration. His remarks were aimed at assuaging concerns over the NSA's role in helping to protect civilian and private-sector networks, as well as fears of a "militarization" of cyberspace.

digital attackImage by Will Lion via Flickr

"We spend a lot of time with the court, with Congress, the administration, the oversight committees to ensure they know what we're doing and why we're doing it," Alexander said.

This is done in classified settings, he said, including before the surveillance court, set up as part of the effort to protect Americans from unwarranted government surveillance.

"The hard part is, we can't go out and tell everybody exactly what we did or we give up capability that may be extremely useful in protecting our country and our allies," he said.

Alexander's confirmation was delayed for months by congressional concerns over the command's role and scope of action, how its operations would affect Americans' privacy, and a lack of clarity over rules of the road in cyber warfare.

The rules are still being debated and formulated, he said. So are the rules of engagement for working with the Department of Homeland Security and private industry in protecting the private sector's systems, which is perhaps the most difficult challenge.

But Alexander has his hands full just hardening the military's systems. DOD systems are probed by unauthorized users more than 6 million times a day.

"While our front-line defenses are up to this challenge, we still have to devote too much of our time and resources to dealing with relatively mundane problems," such as poorly engineered software and missing patches, he said.

Reblog this post [with Zemanta]

Aug 17, 2009

Hackers Stole IDs for Attacks

WASHINGTON -- Russian hackers hijacked American identities and U.S. software tools and used them in an attack on Georgian government Web sites during the war between Russia and Georgia last year, according to new research to be released Monday by a nonprofit U.S. group.

In addition to refashioning common Microsoft Corp. software into a cyber-weapon, hackers collaborated on popular U.S.-based social-networking sites, including Twitter and Facebook Inc., to coordinate attacks on Georgian sites, the U.S. Cyber Consequences Unit found. While the cyberattacks on Georgia were examined shortly after the events last year, these U.S. connections weren't previously known.

The research shows how cyber-warfare has outpaced military and international agreements, which don't take into account the possibility of American resources and civilian technology being turned into weapons.

Identity theft, social networking, and modifying commercial software are all common means of attack, but combining them elevates the attack method to a new level, said Amit Yoran, a former cybersecurity chief at the Department of Homeland Security. "Each one of these things by itself is not all that new, but this combines them in ways we just haven't seen before," said Mr. Yoran, now CEO of computer-security company NetWitness Corp.

The five-day Russian-Georgian conflict in August 2008 left hundreds of people dead, crushed Georgia's army, and left two parts of its territory on the border with Russia -- Abkhazia and South Ossetia -- under Russian occupation.

The cyberattacks in August 2008 significantly disrupted Georgia's communications capabilities, disabling 20 Web sites for more than a week. Among the sites taken down last year were those of the Georgian president and defense minister, as well as the National Bank of Georgia and major news outlets.

Taking out communications systems at the onset of an attack is standard military practice, said John Bumgarner, chief technical officer at the USCCU and a former cyber-sleuth at the National Security Agency and the Central Intelligence Agency.

The USCCU assesses the economic and national-security implications of cybersecurity threats and briefs top U.S. officials, officials in key industries and international institutions.

"U.S. corporations and U.S. citizens need to understand that they can become pawns in a global cyberwar," said Mr. Bumgarner, who wrote the report.

The White House completed a review of cybersecurity policy in April. Among the issues Obama administration officials are now studying is how laws of war and international obligations need to be reworked to account for cyberattacks.

Homeland Security department spokeswoman Amy Kudwa said she couldn't comment on a report that she hadn't seen and hadn't been released yet.

Last year was the first time such cyberattacks were known to have coincided with a military campaign.

The Georgian attacks, according to the group's findings, were perpetrated by Russian criminal groups and had no clear link to the Russian government. However, the timing of the attacks, just hours after the Russian military incursion began, suggests the Russian government may have at least indirectly coordinated with the cyberattackers, Mr. Bumgarner's report concluded.

"Russian officials and the Russian military had nothing to do with the cyberattacks on the Georgian Web sites last year," said Yevgeniy Khorishko, a spokesman at the Russian Embassy in Washington.

The USCCU plans to release a nine-page report on the attacks to the public on Monday.

Mr. Bumgarner traced the attacks back to 10 Web sites registered in Russia and Turkey. Nine of the sites were registered using identification and credit-card information stolen from Americans; one site was registered with information stolen from a person in France.

The 10 sites were used to coordinate the "botnet" attacks, which harnessed the power of thousands of computers around the world to disable the Georgian government sites as well as those of large Georgian banks and media outlets. The botnet attack commandeered thousands of other computers and instructed them to try to access the target Web sites all at once, overwhelming them.

The Russian and Turkish computer servers used in the attacks had been previously used by cybercriminal organizations, according to the USCCU.

Early reports last year pinned the attacks on the cyber equivalent of the Russian mafia, known as the "Russian Business Network." Mr. Bumgarner said it wasn't possible to connect the attacks directly to that group. Security experts disagree on whether the group still exists.

Some of the software used to carry out the attacks was a modified version of Microsoft code commonly used by network administrators to test their computer systems, Mr. Bumgarner found. The code remains freely available on Microsoft's Web site, he said, declining to name it.

A Microsoft spokesman declined to comment on the finding because he hadn't seen the report.

Once the botnet attacks had launched, Mr. Bumgarner said, other would-be attackers noticed them and started to collaborate on various Web forums, including Twitter and Facebook.

Mr. Bumgarner used data-mining tools to review Facebook pages (which some people don't keep private) and Twitter for certain Russian words that indicated they were likely involved in the attack. He saw users on those sites and others swapping attack code and target lists, and encouraging others to join.

"It's a difficult problem to handle," said Facebook spokesman Barry Schnitt, because it is impossible to detect such collaboration without monitoring conversations. Facebook has mechanisms to verify user identities and users can report inappropriate activities on the site, he said, but it doesn't monitor communications of its users.

Twitter didn't respond to requests to comment.

—Jessica E. Vascellaro contributed to this article.

Write to Siobhan Gorman at siobhan.gorman@wsj.com