Category: Military

Continuing to look at significant cyber events

December 2016 hack of an electric grid

This from the Wired Magazine article: A Brilliant Plan

The hackers who struck the power centers in Ukraine—the first confirmed hack to take down a power grid—weren’t opportunists who just happened upon the networks and launched an attack to test their abilities; according to new details from an extensive investigation into the hack, they were skilled and stealthy strategists who carefully planned their assault over many months, first doing reconnaissance to study the networks and siphon operator credentials, then launching a synchronized assault in a well-choreographed dance.

https://www.wired.com/2016/03/inside-cunning-unprecedented-hack-ukraines-power-grid/

September 2013 Hack of the Marines.com Recruiting Website:

Pro-Syrian government hackers defaced a Marine Corps recruitment website Monday, posting a letter on Marines.com arguing that the Syrian government is “fighting a vile common enemy.”

Capt. Eric Flanagan, a spokesman for the Marine Corps, confirmed to the Wall Street Journal that the Marines site had been hacked. The Syrian Electronic Army claimed responsibility.

“The Syrian army should be your ally not your enemy,” the letter read. “Refuse your orders and concentrate on the real reason every soldier joins their military, to defend their homeland. You’re more than welcome to fight alongside our army rather than against it.”

https://www.usatoday.com/story/news/nation/2013/09/02/marines-hackers-syrian-electronic-army/2755265/

Compiling Significant Cyber Events

I’m at a cyber conference this week and applying for federal cyber security training, so I’m doing some homework. Here’s some snippets from books and articles I read recently.

 

Let’s consider a few recent examples to better illustrate the universe of cyber warfare. Perhaps the most famous is the Stuxnet worm, which was discovered in 2010 and was considered the most sophisticated piece of malware ever revealed, until a virus know as Flame, discovered in 2012, claimed that title. Designed to affect a particular type of industrial control system that ran on Windows operating system, Stuxnet was discovered to have infiltrated the monitoring systems of Iran’s Natanz nuclear-enrichment facility, causing centrifuges to abruptly speed up or slow down to the point of self-destruction while simultaneously disabling the alarm systems. Because the Iranian systems were not linked to the Internet, the worm must have been uploaded directly, perhaps unwittingly introduced by a Natanz employee on a USB flash drive. The vulnerabilities in the Windows systems were subsequently patched up, but not until after causing some damage to the Iranian nuclear effort, as the Iranian president, Mahmoud Ahmadinejad, admitted.
Initial efforts to locate the creators of the worm were inconclusive, though most believed that is target and the level of sophistication pointed to a state-backed effort. Among other reasons, security analysts unpacking the worm (their efforts made possible because Stuxnet had escaped “into the wild” — that is, beyond the Natanz plant) noticed specific references to dates and biblical stories in code that would be highly symbolic to Israelis. (Others argued that the indicators were far too obvious, and thus false flags.) The resources involved also suggested government production: Experts thought the worm was written by as many as 30 people over several months. And it used an unprecedented number of “zero-day” exploits, malicious computer attacks while exposing vulnerabilities in computer programs that were unknown to the program’s creator (in this case, the Windows OS) before the day of the attack, thus leaving zero days to prepare for it. The descovery of one zero-day exploit is considered a rare event– and exploited information can be sold for hundreds of thousands of dollars on the black market — so security analysts were stunned to discover that an early variant of Stuxnet took advantage of FIVE.
Sure enough, it was revealed in June 2012 that not one but two governments were behind the deployment of the Stuxnet worm. Unnamed Obama administration officials confirmed to the New York Times journalist David E. Sanger that Stuxnet was a joint U.S. and Israeli project design to stall and disrupt the suspected Iranian nuclear-weapons program.
In the book The New Digital Age: Transforming Nations, Businesses, and Our Lives
by Eric Schmidt and Jared Cohen | Apr 23, 2013

For example, when the CENTCOM (US Central Command)Twitter account was compromised for 40 minutes by the Islamic State in January 2015, the motive was not monetary; it was political. The objective was to create discomfort and a sense of insecurity by openly demonstrating a security gap and sending out political messages through it.
In the book Cybersecurity for Beginners by Raef Meeuwisse Second Edition published in March 2017

According to Norton Anti-virus website, the previous mentioned Flame doesn’t make the list of the 8 most amazing viruses ever. Norton’s website listed
1) CryptoLocker. Released in September 2013, CryptoLocker spread through email attachments and encrypted the user’s files so that they couldn’t access them.

The hackers then sent a decryption key in return for a sum of money, usually somewhere from a few hundred pounds up to a couple of grand.

2) ILOVEYOU. 2000. The malware was a worm that was downloaded by clicking on an attachment called ‘LOVE-LETTER-FOR-YOU.TXT.vbs’.

ILOVEYOU overwrote system files and personal files and spread itself over and over and over again. ILOVEYOU hit headlines around the world and still people clicked on the text—maybe to test if it really was as bad as it was supposed to be. Poking the bear with a stick, to use a metaphor.

ILOVEYOU was so effective it actually held the Guinness World Record as the most ‘virulent’ virus of all time. A viral virus, by all accounts. Two young Filipino programmers, Reonel Ramones and Onel de Guzman, were named as the perps but because there were no laws against writing malware, their case was dropped and they went free.

3) MyDoom 2004. MyDoom is considered to be the most damaging virus ever released—and with a name like MyDoom would you expect anything less?

MyDoom, like ILOVEYOU, is a record-holder and was the fastest-spreading email-based worm ever. MyDoom was an odd one, as it hit tech companies like SCO, Microsoft, and Google with a Distributed Denial of Service attack.

25% of infected hosts of the .A version of the virus allegedly hit the SCO website with a boatload of traffic in an attempt to crash its servers.

In 2004, roughly somewhere between 16-25% of all emails had been infected by MyDoom.

4)Storm Worm. 2006. Storm Worm was a particularly vicious virus that made the rounds in 2006 with a subject line of ‘230 dead as storm batters Europe’. Intrigued, people would open the email and click on a link to the news story and that’s when the problems started.

Storm Worm was a Trojan horse that infected computers, sometimes turning them into zombies or bots to continue the spread of the virus and to send a huge amount of spam mail.

5) Sasser & Netsky. 2004. Sasser spread through infected computers by scanning random IP addresses and instructing them to download the virus. Netsky was the more familiar email-based worm. Netsky was actually the more viral virus, and caused a huge amount of problems in 2004.

6) Anna Kournikova. 2001. Not sure why this one is on the list. The description says it didn’t cause much damage, was created as a joke the author turned himself over to the police. Jan De Wit, a 20-year-old Dutch man, wrote the virus as ‘a joke’. The subject was “Here you have, ;0)” with an attached file called AnnaKournikova.jpg.vbs. Anna was pretty harmless and didn’t do much actual damage, though.
7) Slammer. 2003. Slammer is the kind of virus that makes it into films, as only a few minutes after infecting its first victim, it was doubling itself every few seconds. 15 minutes in and Slammer had infected half of the servers that essentially ran the internet.

The Bank of America’s ATM service crashed, 911 services went down, and flights had to be cancelled because of online errors. Slammer, quite aptly, caused a huge panic as it had effectively managed to crash the internet in 15 quick minutes.

As described in a wired magazine article: An inside view of the worm that crashed the Internet in 15 minutes. “Gah!” Owen Maresh almost choked when the Priority 1 alert popped up on his panel of screens just after midnight on Saturday, January 25. Sitting inside Akamai’s Network Operations Control Center, the command room for 15,000 high-speed servers stationed around the globe, he had a God’s-eye view of the Internet, monitoring its health in real time. His job was to watch for trouble spots and keep Akamai’s servers – and the sites of its clients like Ticketmaster and MSNBC – open for business. This was big trouble.
The tiny worm hit its first victim at 12:30 am Eastern standard time. The machine – a server running Microsoft SQL – instantly started spewing millions of Slammer clones, targeting computers at random. By 12:33 am, the number of slave servers in Slammer’s replicant army was doubling every 8.5 seconds.
8) Stuxnet, described above by Cohen in the New Digital Age.

I’m going to dig up some data on the Marines.com hack as well. But what’s odd about most of these notable events is they are a decade or more old. What’s happened recently?

AFPIMS technology suite

Hi, I’m Charlotte Hu. I work for the Secretary of the Air Force, Public Affairs, Command Information. I handle digital publishing policy.

Today, I’d like to talk about the suite of technologies we use to tell the Air Force story. Specifically, I’d like to talk about AFPIMS, DVIDS, Akamai, Jira, Site Gauge, GovDelivery, RSS feeds and how they interact with apps like AF Connect and social media platforms as well as how all these technologies interact together. Let’s start with AFPIMS, the American Forces Public Information Management System is a content management system based on Dot Net Nuke, which is an open source software. This is what you probably use to upload content to your installation public website. Chances are, if you have an AFPIMS login, you probably also have a DVIDS login. The Defense Visual Information Distribution System is the default video solution for AFPIMS. So if you put a video on your AFPIMS website, you upload it to first to DVIDS and then pull it onto a DVIDS player on the AFPIMS public website. DVIDS can also auto-push any videos you put on the DVIDS website to any YouTube channel you might have pre-connected. You can also pull YouTube videos from your YouTube channel into AFPIMS if you have that connection setup. DVIDS is also the default distribution system for podcasts. So if your unit has or wants a podcast, those podcasts will be loaded into DVIDS.  From there, they can be auto-distributed to iTunes and pulled into a podcast player on AFPIMS.

I’d also like to talk about Akamai. Akamai is the system that serves the public information that is distributed through both AFPIMS and DVIDS. Akamai is a third-party contract. And it’s a company that has servers in 250,000 places in the world. Information that is uploaded to an Air Force public website is then pushed to mirror servers around the world, and the public will see your content from those servers. What this means to the website manager is if you’re going in to make a correction, that correction may not be immediately visible on your public website. This is because it must be cached on the mirror server, and it can take as much as 20 minutes for those changes to update. If it takes more than 20 minutes, please put in a trouble ticket.

Which brings me to the next technology we’re going to talk about, and that’s Jira. Jira is the trouble ticket system used by the Defense Media Activity for the entire suite of technologies. So if you have a problem with any of the technologies, you put in a Jira trouble ticket. If you don’t already have a Jira account, you can contact the defense media help desk to get set up. If you don’t know how to contact them, you can check the www.publicaffairs.af.mil website for contact information to both the defense media activity as well as to the AFPAA public web team. The Air Force Public Affairs Agency public web team can be a critical asset to you if you’re working with the suite of technologies you might use to tell the Air Force story.

The next item you’ll probably want to know something about is metrics. Site Gauge that is used on AFPIMS so you can track the information about who is seeing and how many people are seeing your content. DVIDS has its own metrics system, and as you are likely already aware, most social media platforms also have their own metrics systems. What this means is that you’ll be gathering data about who’s using your website, and how frequently and how many and from which country from a variety of sources.

Site Gauge Metricshttp://sitegauge.gryphontechnologies.com/

The other technology you might be using is GovDelivery, now called Granicus. GovDelivery is an email distribution that is connected to many of the APFIMS websites with a page watch technology. This gives customers the option to sign up for an email and receive a notice every time new content is added to one of the RSS feeds.

That leads us to RSS feeds. RSS feed is a classic website technology that is used to move content seamlessly and automatically from one platform to another. RSS feeds are what is used to bring your social media information feeds into your AFPIMS public website. It can also be used to move information from one AFPIMS website to another. For example, if you happen to be at a major command website and you want the news and information from you various subordinate wings to display on your website, you could do that by setting up an RSS feed. In this way, all new content from those sites will automatically appear on your site. RSS feeds are used to populate the information on AF Connect and other mobile apps. Additionally, online newspapers sometimes feed in information from official Air Force websites via RSS feeds. News reporters often use RSS feeds to help them keep aware of certain topics that they are monitoring.

This basic overview of the various technologies used in digital publishing is designed to help you as the public affairs professional decide which tools you might want to employ in your communications strategy. If any of these tools is something that you want to deploy, contact AFPAA or myself. You can get our information on the www.publicaffairs.af.mil website.

It’s been a pleasure talking with you. I look forward to hearing from you.

Let’s Talk About Contested Domains

Contrary to what the world thinks about domains, not all domains are URLs.

For the U.S. military, there is a DIME model as described by author R. Hillson on the Naval Research Lab website:

Click to access 09_Simulation_Hillson.pdf

Hillson says: By necessity and doctrine, the projection of “soft power” is becoming increasingly important to the U.S. Department of Defense. The elements of soft power are often abstracted as Diplomatic, Information, Military, and Economic (DIME) actions and
their Political, Military, Economic, Social, Information, and Infrastructure
(PMESII) effects.
Then during the Air Force Association speeches, the Air Force leadership introduced via excellent and simple explanation of what a domain is by using a classic historical reference, 1 if by land, 2 if by sea. Leadership went on to explain that in addition to the standard air, land and sea contested domains in which war has always been fought, we must add cyber and space.
The Deputy Sectary of Defense explained it well and portions of his speech were presented on traditional media outlets:
Let’s start to unpack this a bit. First, there’s nothing “soft power” about either a trade war or actions required when the U.S. department of defense is called into action. I’m a bit surprised by the NRL depiction of soft power. My concept of soft power is manga and anime in Japan and Hollywood for the U.S. DIME and air, land, sea, cyber and space are hard power issues, in my opinion.
Let’s take a closer look at DIME. Diplomacy, Information and Economy are all deeply contested areas. Of course, military is a deeply contested domain, but it covers the previously mentioned air, land, sea, space and cyber. My problem is with economy, diplomacy and information. Not only do I think we fight in these areas, I think we would be well served to develop strategy with a recognition that all of these areas are contested.
Additionally, the world according to Mao per On China by Kissinger indicated that two other areas of critical importance to strength were domestic and global public opinion.
Then, I haven’t yet seen where authors pair critical elements. Military and Economic, for example, are deeply interdependent. A large and powerful military requires a robust coffer to create and maintain.
Moreover, information as a contested space, is deeply related to public opinion, both foreign and domestic.
I’d like to see a new, more comprehensive domain evaluation that looks more like the 8 ways of Buddhism. I think the 8 domains we need to embrace and recognize as contested are air, land, sea, space, cyber, information, economy and public opinion. We need to seriously reexamine our view of domains.

New view on the Thucydides trap

Much discussion about whether the U.S. and China are destined for war ignores classical Chinese strategic texts about playing the barbarians against each other for the benefit of China. The Korean Conflict may be the Chinese greatest accomplishment with regard to the Chinese methodology for waging war. To truly accomplish one’s objectives with the least amount of loss to the home country is the ultimate Chinese military strategic accomplishment. If it’s true that Mao engineered the Korean Conflict, the U.S. and China have been at war since before my mom was born.

What if? Mao manufactured the Korean Conflict?

A close reading of Kissinger’s On China includes solid data regarding the Chinese deception of Moscow. The Chinese Army was already marching south on the peninsula when Mao cabled Moscow to tell them the Chinese would not interfere in the war between North and South Korea. Moscow and Beijing both blame the other for having originated the idea of North Korea invading South Korea.

Kissinger documents Chinese history, philosophy and tactics which include playing the barbarians against each other and using chess-like or Goban-like political moves to diminish an enemy’s national funds, national clout and domestic popularity. Kissinger notes clearly that the real winner in the Korean Conflict was China. At the end of WWII, the two most powerful global forces were Washington, DC and Moscow. At the end of the Korean Conflict, both had lost considerable domestic confidence, national financial reserves, human lives and global confidence.

However, Kissinger stops short of blaming the creation of the Korean Conflict on Mao. If Mao was able to manufacture a global event that cost, by some estimates 3 million lives both civilian and military, it was his crowning achievement as the ultimate political manipulator. It’s hard to imagine from a JudeoChristian ethic that someone could care so little for human lives as to use 3 million people as pawns in a political maneuver. However, in the military strategic view of classic Chinese texts, rather than be a horrific violation of ethics on a near genocidal level, it could be viewed as a master stroke of genius.

Terrifying to think of, really.41gbrddtfll-_sx324_bo1204203200_

Helotes Honors Veterans with Live Music

Landscapes of Freedom: A Tribute to our Veterans
AFROTC.JPG
AF ROTC patch

The Helotes Area Community Band played a free concert in the city’s fire station to celebrate Veteran’s Day, which was Nov. 11. Nearly 300 people enjoyed classic military tunes such as “Yankee Doodle Dandy” and “The Star-Spangled Banner” during the Sunday afternoon concert.

Samantha Mireya Parada, 17, a junior at Helotes High School, attended the event with her mother and a friend from high school. Parada said she participated in the color guard to open the concert as a member of the Air Force ROTC at her high school. She said she loves events like this one and noted that she just got back from an unarmed drill competition where the Helotes High School team performed well. “We’re hosting the potluck after the concert,” she added.

 

parada
Samantha Parada talks with a guest at the Helotes Community concert.

Like Parada, most of the spectators were locals. However, Mustafa Abdel Rahman, 43, a graduate of the American University in Cairo, came to San Antonio from Egypt to visit friends on his way to a university panel in the Midwest. Rahman also enjoyed the open air music on the breezy 75 degree day.

A Guest from Egypt

As is common in North Africa, Rahman is multilingual, so he chatted with Parada’s mother in Spanish. “It’s been a long time that I haven’t been able to use Spanish,” he said. In addition to his native language of Arabic, he also speaks his wife’s language, German as well as English and Spanish. Rahman traveled that evening to Austin, then on to Minnesota for the academic conference before returning to his work in Egypt.

According to the program, the official title of the concert was “Landscapes of Freedom: A Tribute to our Veterans.”

The 60-member band sat inside the garage of the fire station with the doors open and the fire engines parked outside. Families, retirees, children and students filled the folded chairs in the fire station to enjoy the music. A couple of on duty Helotes police officers stood outside the door of the station to enjoy the music and the community comraderie. They had to stay close to the police headquarters in the next building to be able to respond to any calls for assistance.

Kuentz Elementary School Choir Sings

The crowd seemed to enjoy the band’s rendition of “The Ballad of the Green Berets,” which was performed as an audience sing-along. The Kuentz Elementary School choir provided vocals for some of the music, including “You’re a Grand Old Flag” and “America, the Beautiful.”

The Helotes Area Community Band was formed in July 2008 as a vision of Mayor Tom Schoolcraft, according to the band website. A statement on the site announces: “We are proud that we now have over 60 members, and have advanced in ability to be able to play band literature that appeals to many different tastes.”

Membership in the band is free and open to anyone who plays a wind, brass or percussion instrument, reads music and is ready to commit to a great musical experience, according to the information in the program’s schedule of events.

The band will have a series of three performances in December to play holiday music. The next performance is Dec. 2 at 6 p.m. in the Helotes City Hall. The concerts are free to public.

Helotes is a city of 8,000 just outside the northwest side of San Antonio.

patriotic-pigtails
A member of the Kuentz Elementary School choir displays patriotic pig tails.