Wednesday, February 27, 2013

Shanghai Hackers and The “Obscured” Cyber-War?




Technology deals with a huge part in our lives. Everyday we are consciously and unconsciously concerned about it mostly because we were grown into it and are very used to it because we all count with it everyday. Most consumers think technology is our friend, but what does the government think and use technology? You will be amazed in how different are the two perspectives. When regular consumers are anxiously waiting for the next “cool gadget” with built-in biometric technology to come out, the US government is fighting against huge power-outages, Denial of Service attacks, network traffic sniffing, unauthorized backdoor access and other hacking techniques coming mainly from China. This interesting contrast reflects how technology can be used for good and also bad.


Government DOSed, defaced websites taken down, oil rigs computers infected by malware, huge bot-nets managed by zombie university computers attacking government systems, spying wall-street journal newspaper and leaking national top-secret documents to the whole world, using SQL injection to share a whole governmental database (user credentials) to the web; even Google to obtain social-security numbers from Americans are all examples of a current “catastrophic cyber-war”; also known as the new “virtual pearl harbor”. (http://search.proquest.com.proxy.itt-tech.edu/docview/1284133751/abstract?source=fedsrch&accountid=27655). The news are making all of us afraid of a cyber war but who are attacking who? Who are the suspected victims? Who are the targets? What are the allegations? And the most important: Where are they located? All these questions are making people afraid, hiding the truth. The truth is plain and simple. We should not have more fear than to governments attacking governments all around the globe.


The US government is recruiting going from 800 to 5,000 security specialists and gray-hat hackers to help governments steal data, disrupting operations, and playing a cat-mouse game which never ends. “[Government fighting government with virtual weapons] is the most dangerous and concerning technological threat in our lives” -Bruce Schneier. We are all aware about the fact that China is attacking the US government. According with Syndigate.info, 16 percent of observed cyber attacks came from China in the second quarter of the year” 2013 (http://search.proquest.com.proxy.itt-tech.edu/docview/1283496982/citation?source=fedsrch&accountid=27655). While the government is tracking China (their suspected attacker) for as long as China started to see the U.S. as the arch-enemy due to the fact Bush started the war on the middle east. As far as proves, there are many. Several US government entities (NSA, Pentagon ,White House, etc), newspapers (Wall-street Journal), credit-card companies (Master-card, VISA); even really popular sites such as Google and Facebook (http://www.ehackingnews.com/2013/02/how-researcher-hacked-facebook-oauth-to.html).

While the U.S. is being attacked from China, the US is monitoring its more successful invention: Stuxnet. Stuxnet is a military worm which has been invented by US Government and Israelis to spy on “terrorists”. Stuxnet has been invented in 2006 to make the US aware of other government's plans, and spy on whoever they would like. It is being a success because it is really difficult to detect and is infecting thousand of worldwide computers acting stealthy and sneaky in order to have the less noticeable behavior possible. Other than Stuxnet which has been public, who knows what other “stuxnets” are out there that are being also unnoticeable from other governments...

According to Bruce Schneier on a Keynote at Internetdagarna 2011, the two things that are really difficult of knowing in regards of a cyber attack, are “who is attacking and why, and that is what makes cyber-defense so difficult”. Also he said that with today's technology, anybody (even a kid) can do serious damage to a computer connected to the internet, including government websites using SQL injection techniques, launching DOS attacks and even guessing (brute-force) a default password set on a router sitting elsewhere configured by a negligent system administrator. Even though the risk is out there and according to the attack vectors, new rules, protocols and procedures are being put in place by governments (Government urged to set cyber standards: http://search.proquest.com.proxy.itt-tech.edu/docview/1298835132/abstract?source=fedsrch&accountid=27655). Even though some regulations might seem OK to diminish (not prevent) cyber terrorism, little by little our freedoms are at stake. For that reason a good, solid standard procedure should be put in place which makes us feel safer and actually make us safer. Security is a trade-off. One has to risk something to get security back, but what you can never, and I mean NEVER trade for security is freedom. Just like Benjamin Franklin once said “One that trades security for freedom, does not deserve security nor freedom”. So what approach do we choose to be more secure not only from cyber-vandalists and script-kiddies but also from the governments?


According to Antone Gonsalves February 22nd, 2013 (http://readwrite.com/2013/02/22/no-cyberwar-with-china), cyber-war is not here yet because “Real cyberwar would start with an attack that destroys something valuable or vital, kills people, or both.” Does it really make killing people and vital resources a real cyber-war? I think it is a matter of perspective and with time we will realize that cyber-war will be more human-like wars.


I believe a way to prevent cyber terrorism is to stop being afraid of news and what the media and governments say. The main goal for a terrorist is to “make terror”. According to Webster-Merriam dictionary, terrorism is “the systematic use of terror especially as a means of coercion”(http://www.merriam-webster.com/dictionary/terrorism). I highly think reinforcing general policies in general such as: military control instead of focusing on every power-grid in the US skyrocketing their expenses for useless outcomes. Also, another example to protect society from cyber attack and also physical attack is to reinforce rules and regulations on schools instead of putting additional guards in every school in the country to prevent sad kids from shooting everybody during his/her class. The point is that it is mostly psychological. It is true everyday more and more websites, databases, organizations, governments and financial institutions are being breached and being posted at pastebin and their own sites for everyone to see (for example Anonymous and Wikileaks).


What is important is to realize that is more psychological than fact and to put into perspective general solutions and counter-measure the threats instead of being too specific and “micro-manage” things because we will fail most of the times. It is also important to note that security relies on two factors: feeling secure (psychological) and being secure (facts). It is totally useless to rely on the most expensive and best-configured firewalls if you don't train your employees from not divulging important
information and keep them happy so no one goes “to the other side of the road” and buy you out just like Bradley Manning. The most important is to be educated and to live a little bit more carefree.


Sources:

Hackers take down U.S. government website by Xinhua News Agency - CEIS [Woodside] 26 Jan 2013.
http://search.proquest.com.proxy.itt-tech.edu/docview/1284133751/abstract?source=fedsrch&accountid=27655
Chinese cyber attacks on Western firms, governments 'growing': Experts by Asian News International [New Delhi] 02 Feb 2013.
http://search.proquest.com.proxy.itt-tech.edu/docview/1283496982/citation?source=fedsrch&accountid=27655
Government urged to set cyber standards Press, Jordan. The Gazette [Montreal, Que] 22 Feb 2013
http://search.proquest.com.proxy.itt-tech.edu/docview/1298835132/abstract?source=fedsrch&accountid=27655

How researcher Hacked Facebook Oauth To Get Full Permission On Any Facebook Account
Reported by Sabari Selvan on Friday, February 22, 2013 |
http://www.ehackingnews.com/2013/02/how-researcher-hacked-facebook-oauth-to.html
U.S. presents plan against industrial cyber-espionage: US GOVERNMENT by EFE News Service [Madrid] 20 Feb 2013.
http://search.proquest.com.proxy.itt-tech.edu/docview/1289100384/abstract?source=fedsrch&accountid=27655

Why We're Not In A Cyberwar With China by Antone Gonsalves February 22nd, 2013
http://readwrite.com/2013/02/22/no-cyberwar-with-china

Bruce Schneier - Keynote at Internetdagarna 2011 http://www.youtube.com/watch?v=dhzk9ZDhObw

Webster Dictionary: Terrorism Definition

No comments:

Post a Comment

Your thoughts are a goldmine which flourishes within our ever-changing society. Please, post your ideas, constructive feedbacks and clarifications here: