Cyberspace offers great
security to the perpetrator in cases involving insiders. Although audits or similar cyber security
measures may flag illegal information downloads from a corporate network, a
malicious actor can quickly and safely transfer a data set once it is copied. A
physical meeting is not necessary between the corrupted insider and the
persons’ or organizations the information is being collected for, reducing the
risk of detection. Cyberspace makes it near instantaneous to transfer enormous
quantities of economic or other sensitive information. Until recently, economic
espionage often required that insiders pass large volumes of physical documents
to their handlers, which on the down-side created a lengthy process of collection,
collation, transportation, and exploitation.
An example of physical
documents leading to the discovery and arrest of spies is the case of Chinese
born Dongfan Chung. Dongfan Chung was an engineer with Rockwell and Boeing who
worked on the B-1 bomber, space shuttle, and other projects. He was sentenced
in early 2010 to 15 years in prison for economic espionage on behalf of the
Chinese aviation industry. At the time of his arrest, over 250,000 pages of
sensitive documents were found in his house. This is suggestive of the volume
of information Chung could have passed to his handlers between 1979 and
2006.The logistics of handling the physical volume of these documents which
would fill nearly four 4-drawer filing cabinets would have required considerable
attention from Chung and his handlers. With current technology, all the data in
the documents hidden in Chung’s house would fit easily onto one inexpensive CD.
Offensive counterintelligence capabilities:
An example of offensive
counterintelligence using high-technology would be the recent deployment of the
sophisticated viruses known as “Flame and Stuxnet”. Stuxnet is a computer worm
discovered in June 2010. Stuxnet initially spreads via Microsoft Windows, and
targets Siemens industrial software and equipment. It is the first discovered
malware that spies on and subverts industrial systems, and the first to include
a programmable logic controller rootkit. The worm initially spreads
indiscriminately, but includes a highly specialized malware payload that is
designed to target only Siemens supervisory control and data acquisition
systems that are configured to control and monitor specific industrial
processes.
Different variants of
Stuxnet targeted five Iranian organizations, with the probable target widely
suspected to be uranium enrichment infrastructure in Iran; Symantec noted in
August 2010 that 60% of the infected computers worldwide were in Iran. Siemens stated on 29 November that the worm
has not caused any damage to its customers, but the Iran nuclear program, which
uses embargoed Siemens equipment procured secretly, has been damaged by
Stuxnet. Kaspersky Lab concluded that the sophisticated attack could only have
been conducted with nation-state support. This was further supported by the
F-Secure's chief researcher Mikko Hypponen. It has been speculated that Israel
and the United States may have been involved.
Eugene Kaspersky, the
founder of Europe’s largest antivirus company, is using his company’s integral
role in exposing or decrypting three computer viruses aimed at Iran to argue
for an international treaty banning computer warfare. When Mr. Kaspersky
discovered the Flame virus that is afflicting computers in Iran and the Middle
East, he recognized it as a -technologically sophisticated virus that only a
government could create. He also recognized that the virus adds weight to his
warnings of the grave dangers posed by governments that manufacture and release
viruses on the Internet.
“Cyber weapons are the
most dangerous innovation of this century”. It is alleged that the United
States and Israel are using the weapons to slow the nuclear bomb-making
abilities of Iran; experts claim that the viruses could also be used to disrupt
power grids and financial systems or even wreak havoc with military defenses. A
growing array of nations and other entities are using online weapons because
they are thousands of times cheaper than conventional armaments.
Dealing with the threat:
Today's spies practice
much more sophisticated methods and employ the latest technologies to gather
and transmit massive volumes of our most sensitive information on a much wider
variety of targets. FISS can and do leverage distributed cyber-attacks routed
through many countries using a wide variety of tactics and techniques, making
it nearly impossible to state with certainty that any particular attack
originated from a particular threat. Over time, computing power will completely
overwhelm our ability to comprehend, let alone protect against, the
exponentially expanding vulnerabilities created with new technologies. It is
imperative that CI stays ahead and avoids technological surprise.
The Army must quickly
define the role of CI in combating the cyber intelligence threat and implement
policies. Neither the U.S. Government nor its civilian experts alone can combat
the terrorist and FISS cyber threat. The task of protecting U.S. information
systems and other critical infrastructures requires the combined effort of the
best minds of civilian industry, military, government, think-tanks, and
academia. The National Infrastructure Protection Center has the responsibility
to protect critical infrastructure from all threats; the current reorganization
done by FBI Director Robert Mueller, is an excellent model for Department of
Defense CI assets to define and implement changes needed to thwart cyber
threat.
The U.S. Army Intelligence and Security
Command created the Land Information Warfare Agency (LIWA) now designated the
1st Information Operations Command to support the ground commander in
information operations and information warfare (IW). The mission of 1st IO
Command is broad and overarching, and often conflicts with that of other
agencies providing similar services. However, the creation of LIWA and now the
1st IO Command demonstrates the migration toward a more comprehensive
assessment and defense of our information systems, in which CI will play a
vital role. The 1st IO Command is still in the formative stage and requires
time to carve its niche in the much larger IW landscape.
References:
U.S.A. v. Dongfan
"Greg" Chung on Charges of Economic Espionage
Stuxnet
Flame virus discovered in
Middle East
http://en-maktoob.news.yahoo.com/-flame--virus-discovered-in-uae--saudi-arabia--report-20120605.html
Foreign Spies Stealing US
Economic Secrets In Cyberspace
Cyber Warfare: Techniques,
Tactics and Tools for Security Practitioners
The new
counterintelligence response to the cyber threat
Ten Tales of Betrayal: The
Threat to Corporate Infrastructures by Information Technology Insiders
Analysis and Observations
No comments:
Post a Comment