Cybersecurity – Balloon Juice

Cyber Warfare, Asymmetric Advantage, and Limiting Factors

by Adam L Silvermanat1:26 pm on October 10, 2017. It has 59 Comments.

According to The BBC the DPRK successfully hacked the Republic of Korea’s Ministry of Defense. This includes contingency plans developed with the US.

Hackers from North Korea are reported to have stolen a large cache of military documents from South Korea, including a plan to assassinate North Korea’s leader Kim Jong-un.

Rhee Cheol-hee, a South Korean lawmaker, said the information was from his country’s defence ministry.

The compromised documents include wartime contingency plans drawn up by the US and South Korea.

They also include reports to the allies’ senior commanders.

The South Korean defence ministry has so far refused to comment about the allegation.

Plans for the South’s special forces were reportedly accessed, along with information on significant power plants and military facilities in the South.

This type of cyber warfare, specifically an act of espionage in the cyber domain, provides the DPRK with an asymmetric informational advantage. This advantage creates a limiting factor for the ROK, the US, and their allies in attempting to deter the DPRK’s actions and activities. A limiting factor is defined in Joint Publication 1-2/Department of Defense Dictionary of Military and Associated Terms as:

A factor or condition that, either temporarily or permanently, impedes mission accomplishment. (from Joint Publication 5-0/Joint Operational Planning)

If the reports about this hack are correct, the US’s military options, which were already constrained by the physical and human geography of the Korean peninsula, have now been further narrowed by enemy action. While US military planning is continuously updated with plans and sequels being adjusted as needed, they are usually based on a consensus understanding of the potential operating environment. This includes an understanding of the challenges and opportunities that arise from everything from the political to infrastructure to the geography of where the US may have to deploy military forces. What the DOD planners will have to do now is go back and review the consensus that the contingency plans were based on to determine if they have the operational space to develop new plans for the same potential operating environment that both achieve the same strategic effects and are significantly different enough to neutralize the asymmetric information advantage that the DPRK now has.

This post is in America, Cybersecurity, Foreign Affairs, Military, Not Normal, Open Thread, Silverman on Security and has 59 Comments.

BlogCon 1: Global Ransomware Attack in Progress

by Adam L Silvermanat3:05 pm on June 27, 2017. It has 70 Comments.

Time to batten down the cyber hatches!

Firms around the globe are reporting a major cyber-attack https://t.co/lysGDBHwXd pic.twitter.com/LeXFYGOD0z

— BBC Breaking News (@BBCBreaking) June 27, 2017

Companies across the globe are reporting that they have been struck by a major ransomware cyber-attack.

British advertising agency WPP is among those to say its IT systems have been disrupted as a consequence.

Ukrainian firms, including the state power company and Kiev’s main airport, were among the first to report issues.

The Chernobyl nuclear power plant has also had to monitor radiation levels manually after its Windows-based sensors were shut down.

The international police organisation Interpol has said it is “closely monitoring” the situation and liaising with its member countries.

Experts suggest the malware is taking advantage of the same weaknesses used by the Wannacry attack last month.

“It initially appeared to be a variant of a piece of ransomware that emerged last year,” said computer scientist Prof Alan Woodward.

The NY Times has a break down of what is and is not known.

Known:

• Cybersecurity researchers first said that the new ransomware appeared to be a variation of a well-known ransomware strain called Petya. One researcher from the Moscow-based cybersecurity firm Kaspersky Lab reported the new ransomware was a strain of Petya first identified in March 2016. Kaspersky found evidence that the latest strain had been created on June 18, suggesting it has been hitting victims for more than a week. But Kaspersky also said it was still investigating the attack and that it could be a new type of ransomware that has never been seen before.

• Kaspersky reported that approximately 2,000 computer systems had been affected by the new ransomware so far.

• Symantec, a Silicon Valley cybersecurity firm, confirmed that the ransomware was infecting computers through at least one exploit, or vulnerability to computer systems, known as Eternal Blue.

Unkown:

• Who is behind the ransomware attack. The original Petya ransomware was developed and used by cybercriminals, and variations have been sold through dark web trading sites, which are accessible only by using browsers that mask a user’s identity, making it difficult for cybersecurity researchers to track.

• Why it is spreading as quickly as it is. Cybersecurity researchers believe that like WannaCry, the ransomware infects computers using vulnerabilities in the central nerve of a computer, called a kernel, making it difficult for antivirus firms to detect. It is not yet known if the new ransomware uses any new vulnerabilities, or variants of the vulnerabilities, made public by the group known as the Shadow Brokers.

• It’s unclear if systems protected against WannaCry can still be affected by the new ransomware attack.

This post is in Cybersecurity, Open Thread, Silverman on Security and has 70 Comments.

Cyber Strategy – Different From A Shooting War

by Cheryl Roferat9:29 am on June 27, 2017. It has 166 Comments.

Big hack of pretty much everything in Ukraine this morning: internet, power plants, government. I wrote this post before that happened, but it applies.

The Obama administration was in an extremely difficult position after learning about Russian hacking of last year’s election. Several factors came into play: the difficulty of dealing with international cyber attacks, intransigent Republican partisanship, and the decaying relationship with Russia. I’m going to break down those factors into at least two posts.

Cyber attacks present a national security problem different from any encountered before. Lumping them into a designation of “cyberwar” projects assumptions of conventional war onto them and distorts the difficulties and possibilities. I haven’t seen much analysis of these differences and how they affect strategy. Please point me to them, if they exist. Most punditry assumes that cyber attacks can be equated to war, and numerous opinion articles have referred to the Russian hacks as a form of war. In this post, I will consider only that part of last fall’s situation. A later post will consider the political ramifications. Read more

This post is in Cybersecurity, Election 2016, Russiagate, War and has 166 Comments.

Something Strange is Happening on Twitter

by Adam L Silvermanat6:24 pm on May 30, 2017. It has 174 Comments.

Or as we call it around here it is a day ending in day!

More seriously Twitter seems to be deluged by bots signing up to follow the President’s personal and/or official accounts and, at least for now doing nothing. There are also widespread reports of people who are not following the President being signed up to follow the President’s personal and/or official accounts without their permission. They are also apparently following other elites and notables like Secretary Clinton, President Obama, even Ellen Degeneres.

From the white hat hacker known as the Jester.

@realDonaldTrump #FLASH Multiple people now reporting their account followed @realdonaldtrump without them doing it. Check ur account.

— JΞSŦΞR ✪ ΔCŦUΔL³³º¹ (@th3j35t3r) May 30, 2017

@realDonaldTrump ^^^ PSA: I'm currently blocking Trump bots. You can auto-block them all now and in the future by subscribing here >> https://t.co/ivakWBbnja

— JΞSŦΞR ✪ ΔCŦUΔL³³º¹ (@th3j35t3r) May 30, 2017

@cheeseheadlucy @20committee @TheRickWilson Just found the same thing… pic.twitter.com/FYY16pKitf

— M.H. (@AmaniNaUpendo) May 30, 2017

@Sources_CloseTo @unitedMongrels Right. Obama's up at about 50/minute; Ellen DeGeneres about 40/minute. Someone tweeted new accounts automatically follow famous accounts

— Cheesehead Lucy (@cheeseheadlucy) May 30, 2017

@cheeseheadlucy @Sources_CloseTo @unitedMongrels These bots are all following DJT, HRC, BHO, Ellen, Kim K, etc. Explains the linear increase for everyone

— The Cold/Civil War (@donewithgopntx) May 30, 2017

No one is quite sure what it means or what is going on (after the jump). Read more

This post is in America, Cybersecurity, Domestic Affairs, Election 2016, Foreign Affairs, Media, Not Normal, Open Thread, Politics, Popular Culture, Silverman on Security, Tech News and Issues and has 174 Comments.

Breaking: Ongoing Ransomware Cyber Attack

by Adam L Silvermanat2:49 pm on May 12, 2017. It has 168 Comments.

There is an ongoing cyber attack, specifically a ransomware attack, ongoing across Europe, the US, and Asia.

Cyber attack reported in 74 countries with UK, US, China, Russia, Spain, Italy and Taiwan among those affected https://t.co/an8tfofXww

— BBC Breaking News (@BBCBreaking) May 12, 2017

NEW: Companies being told to close certain ports and install a Windows patch released in March to stop a growing global ransomware campaign.

— Tom Winter (@Tom_Winter) May 12, 2017

The BBC reports:

A massive ransomware campaign appears to have infected a number of organisations around the world.

Computers in thousands of locations have apparently been locked by a program that demands $300 (£230) in Bitcoin.

There have been reports of infections in as many as 74 countries, including the UK, US, China, Russia, Spain, Italy and Taiwan.

Many security researchers are linking the incidents together.

The UK’s National Health Service (NHS) was also hit by a ransomware outbreak on the same day and screenshots of the WannaCry program were shared by NHS staff.

One cyber-security researcher tweeted that he had detected many thousands of cases of the ransomware – known as WannaCry and variants of that name – around the world.

“This is huge,” said Jakub Kroustek at Avast.

Another, at cyber-security firm Kaspersky, said that the ransomware had been spotted cropping up in 74 countries and that the number was still growing.

Several experts monitoring the situation have linked the infections to vulnerabilities released by a group known as The Shadow Brokers, which recently claimed to have dumped hacking tools stolen from the US National Security Agency (NSA).

A patch for the vulnerability was released by Microsoft in March, but many systems may not have had the update installed.

This post is in Cybersecurity, Domestic Affairs, Foreign Affairs, Not Normal, Open Thread, Silverman on Security and has 168 Comments.

Google Docs Phishing

by Cheryl Roferat6:10 pm on May 3, 2017. It has 32 Comments.

If you get an email containing a link to a Google Doc, don’t click. Check with the person who sent it before opening. There’s a phishing scam going around that seems to be widespread.

Otherwise, open thread!

This post is in Cybersecurity, Open Thread and has 32 Comments.

Late Night Open Thread: Big Mouth, Tiny Thumbs

by Anne Laurieat12:37 am on April 12, 2017. It has 70 Comments.

It's like Trump insulted an old gypsy woman who cursed him to live out his tweets. https://t.co/vWgy6gzkld

— (((tedfrank))) (@tedfrank) April 9, 2017

One reliable constant stands out over these tumultuous weeks: for every Trump policy, there is an old Trump tweet calling it dumb pic.twitter.com/pwen0VeGo4

— Sulome Anderson (@SulomeAnderson) April 8, 2017

Trump has tweeted over 350 times as president.
Of his 10 most-engaged followers, 5 are confirmed robots. @polly https://t.co/UdV9WVnyO2

— Jennifer Jacobs (@JenniferJJacobs) April 10, 2017

… Trump’s 10 most-engaged Twitter followers over the past 30 days include five confirmed robots and three accounts that appear to be bots, according to audience data collected by Social Rank. Trump’s most prolific respondent, @Trump2016_Fan, has posted more than 18,000 times in the past year, mostly all-caps messages of support for the 45th president. The account appears to be automated and did not respond to a request for an interview.

But there are plenty of humans in the 20,000 or so replies generated by a typical Trump tweet. These are piled like building blocks beneath each tweet, a tower of typos, insults, and encouragement that stretches on and on. Scrolling through the replies to a single Trump message is enough to test the fortitude of any reader; getting to the last reply is the sort of task it’s hard to imagine any human doing voluntarily. Yet the replies bundled nearest to @realDonaldTrump—in a sorting determined by Twitter’s mysterious algorithm—are likely to be seen by hundreds of thousands of users. If Trump is the most powerful and visible user of Twitter, the replies appearing closest to his messages must occupy some of the most influential real estate on the internet.

… According to beta content-analysis software used by Social Rank, 19 percent of Trump’s followers are women. Among Trump’s 20 most-engaged followers, only two had traditionally female names—and both of those accounts appear to be automated…

This post is in Cybersecurity, Dolt 45, Foreign Affairs, Not Normal, Open Thread and has 70 Comments.