News reports of foreign countries hacking other foreign country’s web sites and networks has been reported as far back as 2000. It seems the frequency of these attacks has been increasing over time and I am inclined to agree with an article in the Brisbane Times suggesting China willing participates or looks the other way when these attacks are happening. I say this because China reportedly has a tremendous Internet filtering infrastructure in place, they make the covert filtering mechanisms active in the US look like the efforts of a feeble script kiddie. They know who you are, where you surf, and what you’re surfing. They don’t allow certain protocols to enter/exit the country and often times traveling users’ VPN and SSH sessions fail to operate from China.
At any rate, the Briabane Times article is here. It also makes reference to the Estonia attack and points out the damage sustained in one of these cyber attacks is more efficiently obtained and is more discreet at the onset than amassing a network of spies or deploying a battalion of tanks. The article goes on to say:
“States are starting to figure out how cyberwarfare can help them achieve their goals, espionage, economic embargo, or coercion — to cause pain to your enemies so they change their behavior,” Moran said.
Cyber warfare is now a common pursuit among most states, said Bruce Schneier, who has written books on the subject. “Everybody does it,” he said.
Moreover, government networks are plagued with “lousy security” arrangements, he said. And as government information networks become more complex, the networks become increasingly vulnerable.
“Complexity is the worst enemy of security,” Schneier said.
I know this is dated, but I found it too funny given other recent articles like the article suggesting Israel hacked Syrian Air Defenses. I watched Wired Science’s report on the Estonia attacks this week, as well.
Command and Control systems are definitely lacking in user-friendliness, but my concern here is the unlikeliness of a more secure, robust version of Windows available for Warships. I get nervous at the thought of combat systems on destroyers and submarines running Windows and suffering from the same fate as my desktop when something goes awry.
The notion of hacking Command & Control systems gets a lot more plausible when one considers the Operating System on the other side of the radar array or sensor grid. The news story on the radar hack gets a little more plausible, when you consider an aircraft spewing electronic garbage at a radar array or sensor grid running Windows. It even makes for a great cartoon, given that Syrian air defenses are suggested to have been supplied by Russia and Russia is alleged to be awash with software piracy. It amounts to an electronic equivalent of a DOS attack or fuzzing at the least, on these nodes.
In fact, it is down right scary to think that an information attack can be more destructive than a conventional attack with no notice, little cost, and possible anonymity. Consider the Internet attacks on Estonia that practically cut off the country from the outside world: warfare in the 21st Century has evolved to include the Internet. It makes perfect sense, it can be taken right out of SunTzu’s Art of War or Clausewitz’s Principles of War.
There are similarities in the radar hacking and the attacks on Estonia. Estoniawas blanketed by a remote controlled army of PC’s set to cripple servers and services over the Internet by overwhelming Estonia’s servers and communications links. The Israeli aircraft are reported to have potentially used erroneous RF signals and commands to overwhelm the Syrian Air Defenses from the outside of their perimeter. In effect, these attacks are making use of Internet-based attack techniques from the late 1990’s and early 2000. Warships running Windows software, would make these warships vulnerable to similar threats my home PC is vulnerable to. I pray that the Windows Firewall is enabled by default!!!
Alas, these DoS-style attacks are nothing new. I’m inclined to agree with Kevin Poulsen’s blog on the Estonia attacks, these attacks are nothing like what other nations have done in the past. The Isreali aircraft story is more interesting because of the notion of specialized hardware attempting to subvert the defenses by use of hacking techniques purposely deployed on the aircraft. I imagine, if the story is true, Russia, China, or North Korea are all hardening their systems as we speak.
As for the Warships and Windows, counter-intelligence agencies can just start creating 0-Day Windows exploits and hacking warships instead of having spies conduct clandestine operations to steal technology. It could even be the makings of a new installment in the Wang/No Starch Press Steal This book series, with: Steal This Warship.