Skip to main content Skip to footer site map
Center for Cyber Security Studies

March 2014

Lots of news since our last "Cyber Currents." We start off the first current with a cyber retrospective in the context of the Russian-Ukraine conflict. There was and is a 'cyber' aspect to the conflict, evidenced by the "Snake" attacks on Ukraine's government, and counterattacks on the Kremlin website. But compared to the massive attacks on Georgia in 2008, cyber disruption is limited. Our third article speculates 'why' the Russians may be holding back... deterrence theory in action?

Current 2 is cyber Education and Training. UMD hacked again and UK accelerates and expands Cyber education. While not discussed in detail, UMD has been part of a pattern of cyber attacks against educational institutions, including UMD, Indiana, and North Dakota. We include a recent report of a new attack at UMD, but also an article from last year, with information from MI5, the UK intelligence arm, warning universities that they are likely targets. We wrap this current with another report from overseas: efforts to expand cyber education down to pre-school, highlighting how important this issue is for k-12 education.

Current 3 concerns government policy and legislation. In news from Capitol Hill it appears that the controversial cyber security information sharing bill may be headed to a vote, a key obstacle (limiting liability for businesses) being near resolution. However, the power of Congress to monitor cyber-related issues that pertain to American intelligence communities has come into the spotlight: the CIA and the US Senate are in a tussle over who can access what electronic records related to a senate investigation into interrogation techniques used at Guantanamo. Finally, we report on major moves in the international control of the internet. The US government plans to give up global control of the internet naming to International Commission of Assigned Names and Numbers (ICANN)... some debate such control is better kept in US hands. Lastly, Tim Berners-Lee, creator of the World Wide Web, calls for a "bill of rights" or "Magna Carta" for the internet, which he believes is at risk by both governments and large companies and their intrusions of free flow of information.

Current 4 is Cyber Commerce and Industry, starting with evidence that the Snowden revelations are now, visibly, damaging American internet company overseas customer base. For example, Microsoft admits that it has now lost a major Brazilian account to what some might consider a lesser qualified Brazilian company, and the trend wherein host nation governments turn to indigenous providers may be gathering steam. Such evidence may account for the recent, high level meetings between American internet companies and the Obama administration. We follow with an article that examines lessons from TARGET's massive penetration that argues retail companies are significantly lagging behind the sophistication of hackers who are now hunting for vulnerabilities in the retail industry.

Current 5 is Cyber Crime and Hacking, and starts off with a fascinating discussion of a new package of hacking tools available to lesser skilled cyber hackers, called ROOTKITS. The ROOTKITS provide a range of functions that once loaded on the target computer, run concealed for extended periods of time, complete with a range of functions to include the especially dangerous 'key logger". The second article examines Bitcoin software vulnerabilities, and the attempt to put a fix in place before this entirely virtual currency is destroyed by hackers.

Current 6 focuses on Software, Crypto, Technology, and Research. Two interesting articles forwarded from our team (among the many others out there), include a new computer programming language debuting from FACEBOOK, awkwardly called "Hack", which is to be "Open Source". For our computer language experts on CCSS interdisciplinary team, weigh in and let us know what you think of this new software? We follow with a report on the struggle by researchers and software engineers to get a better handle on BIOS (basic input output system) vulnerabilities, that may be exploited in the initial booting up process of a computer, before protective software has had time to initiative protective functions.

Current 7 is the ongoing debate of WHAT DOES ALL THIS MEAN in the realm of strategy, operations, and doctrine. How do we fight a cyber war? What kind of doctrine and supporting units should be built? Admiral Rogers, new CYBERCOM commander, talks opening about the creation of cyberwar units. We follow with two articles that take a look at the future: former SECDEF and CIA Director Panetta warns of future, massive, cyber wars as THE wars of the future. And, Peter Singer of Brookings and Allan Friedman of GWU CSPRI produce a gloomy picture of cyber attrition warfare, that will range from attacks on secure data bases such as credit cars to cyber physical battle for control of home appliances and large machine systems.

What is missing this week is a look at cyber physical systems... we will hope to do another deep dive in this issue area next week, perhaps with an emphasis on avionics and the security of commercial airlines and transportation infrastructure.

Current 1: Cyber and the Russian/Ukraine Situation... attacks... but limited. Why?

Suspicion Falls on Russia as "Snake" Cyberattacks Target Ukraine's Government

Since the first major protests in Kiev that triggered the current crisis with Moscow, American intelligence agencies have been on high alert for cyberattacks aimed at the new government in Ukraine. They were a bit late: the attacks started long before President Viktor F. Yanukovych was forced from office, and as might be expected, no one can quite pinpoint who is behind them, although some suspicion is falling on Russia. According to a report published by the British-based defense and security company BAE Systems, dozens of computer networks in Ukraine have been infected for years by a cyberespionage “tool kit” called Snake, which seems similar to a system that several years ago plagued the Pentagon, where it attacked classified systems. The malware appeared many more times this year in Ukraine, as the protests in Kiev picked up their pace. The protesters were angered by Mr. Yanukovych’s decision not to pursue closer trade and political ties with Europe, which has been vying with Russia for influence in Ukraine. Snake — also known as Ouroboros, for the serpent in Greek mythology — gives attackers “full remote access to the compromised system,” according to the BAE report released Friday. BAE cited circumstantial evidence that the attacks originated in Russia, saying that the malware developers operate in the Moscow time zone and that there is some Russian text in the code.

Kremlin website hit by 'powerful' cyber attack

Victories are hard to come by for Vladimir Putin's opponents, activists are jailed, protests draw dwindling crowds, but on Friday they celebrated a minor triumph by briefly knocking out the Kremlin website. To red faces in the Kremlin and government, the central bank's site was also brought down by a cyber attack and the Foreign Ministry suffered similar problems. "A powerful cyber attack is under way on the (Kremlin) site," a spokeswoman for the Russian president's press service said by telephone as security experts struggled to curtail disruption. All three sites were working later on Friday. A group calling itself Anonymous Russia highlighted the Kremlin website's crash on Twitter, signaling it may have been behind the attack. The same group said it brought down the website in May 2012 in solidarity with protests against Putin on his return for a third term as president. A Kremlin source told Itar-Tass news agency there was no link with "the events in Ukraine", referring to the standoff with the West over Crimea, which votes on Sunday on unification with Russia.

Cyber Peace Reigns as Russian-Ukraine tensions remain high.... Why?

There are a few possible explanations for why nothing like this (Russian cyber attack on Georgia) has happened yet between Russia and Ukraine, experts say. (some reasons):

Familiarity: First, since Russia and Ukraine use similar systems of legal intercept, known as System for Operative Investigative Activities, or SORM, they may have an interest in keeping the Internet and other electronic forms of communication humming along so as to potentially listen in. “Launching a cyber attack might be dumb,” said Christopher Ahlberg, founder of Recorded Future, a web intelligence company based in Cambridge, Mass., adding that because the web serves as an outlet for people to talk, “you can be 100 percent sure [Russians] can listen to the Ukrainians.” The Russian incursion into Crimea may have given them an advantage in that they could get access to Ukrainian SORM hardware, according to Recorded Future. There were recent reports that “unidentified people” took control of telecommunication nodes operated by Ukrtelecom, Ukraine’s landline provider, in Crimea, temporarily knocking out service there. According to a company blog post, “Russia has already exerted a measure of control over Ukrainian telecommunication systems” and has “intimate knowledge of Ukrainian lawful intercept systems which are modeled after Russian FSB SORM systems.” “I thought it to be a Russian advantage as they occupied Ukrainian land and had hard access to the Ukrainian installations, whereas the Ukrainians don't have the same physical access to Russian installations of the equipment,” said Scott Donnelly of Recorded Future.

Deterrence: Another reason for the relative cyber peace might be that the two sides are so adept at cyber attacks that they don’t want to incite the other side. "Some of the most adroit cyber criminal actors are from within the Ukraine, said Christopher Burgess, CEO of Prevendra, Inc.

Current 2: Education and Training: UMD hacked again and UK accelerates and Expands Cyber education

University of Maryland Victim of Another Cyber Attack

The University of Maryland has been the victim of another cyber attack. Anne G. Wylie, UMD's interim vice-president and chair of the president's newly-formed task force on cybersecurity, sent a letter to faculty Thursday reporting that a "cyber intrusion into the university's network" was detected this past Saturday morning, March 15. Wylie said the intrusion was detected and abated quickly. "Within 36 hours, the FBI, U.S. Secret Service and the university's police department, working with the university's IT security staff, successfully mitigated the intrusion," Wylie's letter read. "We thank these organizations for their expeditious and effective actions." Wylie said the FBI informed the university that the breach accessed the personal information of only one individual, reported to be "a senior university official," and that the individual has been notified. In response to the breach, Wylie said a number of university websites were taken offline over the weekend, and are in the process of being transferred to a different web host "to provide additional levels of security."

MI5 warns Universities on cyber spying

UK security services have warned universities to be more vigilant in protecting themselves against cyber attacks by foreign powers seeking to poach intellectual property at the frontier of science and technology. Vice-chancellors have been briefed by Sir Jonathan Evans, the outgoing head of MI5, while Universities UK, which represents the sector, is preparing to issue institutions guidance about how to ward off the cyber threat. Security chiefs have believed for some time that state-sponsored attacks by countries such as China and Russia, often aimed at acquiring industrial and commercial secrets from British companies, are becoming increasingly sophisticated.

Cyber-security Lessons could be Expanded in UK Schools

Plans to teach children as young as 11 about careers in cyber-security have been announced. New learning materials would be offered to UK schools to publicize jobs in the sector, the Department for Business, Innovations and Skills said. A recent report said limited awareness of cyber-security as a profession had created a skills shortage. One expert said the UK was at risk of being "left behind and at a disadvantage globally". "There's no doubt that as more and more of our lives rely upon the internet, the need for a capable, security-savvy workforce increases," security consultant Graham Cluley explained. "Of course, this goes beyond private enterprises. "The authorities, including the police and intelligence agencies, need experts in computer security to combat online criminals and thwart internet attacks. But he added: "My worry would be that public authorities will not have the budget to properly pay for cyber-security expertise, and the best talent will remain in silos in private enterprise instead." Last month the National Audit Office said a lack of skilled workers was hampering the UK's fight against cyber-crime. The spending watchdog heard from experts who believed it could take "up to 20 years to address the skills gap".

Current 3: Government Policy and Legislation

Senate Intel Panel "Close" on Cybersecurity Information-Sharing Bill

The leaders of the Senate Select Committee on Intelligence are "close" to reaching agreement on a cybersecurity information-sharing bill with liability protection for industry that is designed to win the support of 60 or more senators, according to Jack Livingston, the panel's minority counsel. Livingston spoke today at an American Bar Association breakfast, saying afterward that Chairman Dianne Feinstein (D-CA) and Vice Chairman Saxby Chambliss (R-GA) might agree on the bill within a month. A new effort by Feinstein and Chambliss to craft a "bipartisan approach" could succeed where previous legislative attempts have failed, he said. "We've been working on information sharing for years," Livingston said. "What's different this time, though, is the chairman and the vice chairman are trying to work together. There is a lot of interest on our committee right now about getting a bill done. We have some pretty key senators on our committee." He cited Sen. Susan Collins (R-ME), a "huge player in the cybersecurity arena," as well as Sen. Tom Coburn (R-OK); Sen. John Rockefeller (D-WV), who has previously spearheaded cybersecurity legislation; and relative newcomer Sen. Angus King (I-ME). Brian Weiss, a spokesman for Feinstein, confirmed that she and Chambliss have been working together "for a while" on an information-sharing bill that provides some liability protections. Weiss said he could not provide a firm timetable for when those negotiations might conclude.

Reid asks CIA to allow Senate Investigators to Examine Computers

The tussle between the Senate and the CIA escalated Thursday when Senate Majority Leader Harry M. Reid (D-Nev.) asked the Senate’s top law enforcement official to review computers used by Senate Intelligence Committee staffers to probe the spy agency’s controversial interrogation program. Reid has asked the Senate’s sergeant at arms, Terrance W. Gainer, who has oversight of the U.S. Capitol Police, to lead a review of an incident that prompted senators and the CIA to accuse each other of illegal activity and led both sides to ask the Justice Department to investigate the matter. Reid’s request for a Senate investigation was revealed in letters sent late Wednesday to CIA Director John O. Brennan and Attorney General Eric H. Holder Jr and comes as aides say Reid has grown convinced that the CIA overstepped its authority by attempting to interfere in the intelligence committee’s investigation into the CIA’s controversial interrogation program. The results of the years-long investigation may be released in the coming weeks. Sen. Dianne Feinstein (D-Calif.), who leads the intelligence panel, first publicly accused the CIA of interfering in her investigation during a dramatic Senate floor speech last week. Aides said that Reid had been directly conveying his own concerns about the situation to Brennan during their regular intelligence briefings.

US Government to Give up Key Internet Powers

Facing international pressure, the U.S. government has agreed to give up control over important technical aspects of the Internet. The Commerce Department will no longer oversee the Internet Corporation of Assigned Names and Numbers, a nonprofit group that manages the Internet's address system. Larry Strickling, the assistant secretary of Commerce for communications and information, said the "global Internet community" will have the final say over the database of names and addresses that allows computers around the world to communicate with each other. The Internet was invented in the United States, and the country has long maintained a central role. But as the Internet has grown, other countries have demanded a greater voice in its governance. Edward Snowden's leaks about the National Security Agency's mass-surveillance programs have exacerbated resentment over the central role of the United States in managing the Internet. But officials argued the transition is not a response to the international controversy over NSA spying. Strickling said the U.S. oversight of the Internet's domain system was always meant to be temporary.

An online Magna Carta: Berners-Lee calls for bill of rights for web

The inventor of the world wide web believes an online "Magna Carta" is needed to protect and enshrine the independence of the medium he created and the rights of its users worldwide. Sir Tim Berners-Lee told the Guardian the web had come under increasing attack from governments and corporate influence and that new rules were needed to protect the "open, neutral" system. Speaking exactly 25 years after he wrote the first draft of the first proposal for what would become the world wide web, the computer scientist said: "We need a global constitution – a bill of rights." Berners-Lee's Magna Carta plan is to be taken up as part of an initiative called "the web we want", which calls on people to generate a digital bill of rights in each country – a statement of principles he hopes will be supported by public institutions, government officials and corporations

Current 4: Cyber Commerce and Industry

Revelations of NSA Spying Cost US Tech Companies

Microsoft has lost customers, including the government of Brazil. IBM is spending more than a billion dollars to build data centers overseas to reassure foreign customers that their information is safe from prying eyes in the United States government. And tech companies abroad, from Europe to South America, say they are gaining customers that are shunning United States providers, suspicious because of the revelations by Edward J. Snowden that tied these providers to the National Security Agency’s vast surveillance program. Even as Washington grapples with the diplomatic and political fallout of Mr. Snowden’s leaks, the more urgent issue, companies and analysts say, is economic. Tech executives, including Eric E. Schmidt of Google and Mark Zuckerberg of Facebook, are expected to raise the issue when they return to the White House on Friday for a meeting with President Obama. It is impossible to see now the full economic ramifications of the spying disclosures — in part because most companies are locked in multiyear contracts — but the pieces are beginning to add up as businesses question the trustworthiness of American technology products.

When it comes to cybercrime, retailers are two steps behind the hackers

The massive cyberattack on Target last year unleashed efforts to protect consumers from crooks swiping credit card data from in-store transactions. But as retailers and regulators scramble to develop a solution, hackers have already moved on. Most hackers are focusing their efforts on online transactions — increasingly with an eye on those conducted over smartphones or other mobile devices. In other words, retailers are two steps behind the criminals. While cyberattacks on physical systems, such as registers, card readers and gas pumps, have garnered a lot of attention lately, shoppers' online transactions are much more likely to fall victim to hackers, security experts say. Mobile malware accounts for a small part of data breaches — Cisco estimates that malicious software targeted at mobile devices comprise only 1.2 percent of all Web malware — but security experts say it is growing at a frightening pace. MacAfee recently reported that the number of malware targeting Google’s Android operating system nearly tripled between 2012 and 2013, to 3.7 million.

Current 5: Crime and Hacking

The ROOTKITS: An Informative Nutshell Approach of Rootkit Forensics for Computer Forensics Experts

Rootkits (A.K.A – Administrator’s Nightmare) are rapidly fetching the tool of choice for the present day cyber-crimes and reconnaissance involving network interrelated computing equipment and data. Rootkit is a type of malicious (malcode) software application or malware that is installed by an invader afterward the target victim system has been compromised at the root or administrator’s level. For the reason that the Rootkits transports the stealth process and the facility to ex-filtrate data concealed from the network. The vital or confidential information is being saved in computers, the defective/vulnerable software and a deficiency of security reins render the valuable information to outbreak these forms of malware. The determination of a Rootkit is to deliver sustained and stalwart dense access to the negotiated victim system, to conceal information about the concession and its enduring events from authentic system supervisors or administrators.

Bitcoin Software gets fix for Weakness that helped bring down Mt. Gox

The software driving Bitcoin transactions on the Internet has been updated to fix a weakness that contributed to the downfall of Mt. Gox, once one of the biggest exchanges for the digital currency. Version 0.9.0 of the "Bitcoin Core" software, the Bitcoin infrastructure software previously known as Bitcoin-QT, contains five separate changes designed to make so-called transaction malleability attacks harder to pull off. As Ars explained last month, the attacks work by flooding exchanges with large numbers of malformed transactions that are similar, but not identical, to legitimate transactions that have already been made. Exchanges that trust one or more of the phantom records instead of the entries in the official Bitcoin blockchain can fall out of sync with the rest of the network and must recalculate their fund balances once the mistakes become apparent. Attacks that abused the weakness caused several exchanges to suspend cash withdrawals. Tokyo-based Mt. Gox never recovered. Three weeks ago, it filed for bankruptcy after claiming to lose $468 million, $412.5 million of which it said belonged to customers. In version 0.9.0, the transaction malleability weakness has been fixed by tightening transaction rules preventing “mutated transactions” from being relayed or mined. It also contains new functions that report wallet transactions that conflict with each other or that contain incorrect balances for double-spent (or mutated) transactions. It also includes an installation executable that works on 64-bit versions of Windows.

Current 6: Software, Crypto, Technology, and Research

Facebook Introduces ‘Hack,’ the Programming Language of the Future
Facebook engineers Bryan O’Sullivan, Julien Verlaguet, and Alok Menghrajani spent the last few years building a programming language unlike any other. Working alongside a handful of others inside the social networking giant, they fashioned a language that lets programmers build complex websites and other software at great speed while still ensuring that their software code is precisely organized and relatively free of flaws — a combination that few of today’s languages even approach. In typical Facebook fashion, the new language is called Hack, and it already drives almost all of the company’s website — a site that serves more than 1.2 billion people across the globe.“We can say with complete assurance that this has been as battle-tested as it can possibly be,” says O’Sullivan, a veteran of iconic tech companies Sun Microsystems and Linden Lab who has long played an important role in a popular language called Haskell. O’Sullivan and company publicly revealed their new language this morning, and at the same time, they “open sourced” it, sharing the technology with the world at large and encouraging others not only to use it, but to help improve it. The software world is littered with programming languages, and new ones appear all the time. But according to some who have used it or who know the past work of those who built it, Hack has a design and a pedigree that immediately set it apart. “If Bryan O’Sullivan built it,” says programming guru David Pollak, who only yesterday heard about the new language, “I would walk across hot coals to use it.”

Wide Gap between Attackers, BIOS Forensics Research

Vendors have made important strides in locking down operating systems, patching memory-related vulnerabilities and other bugs that could lead to remote code execution or give hackers a stealthy presence on a machine. As the hurdles get higher for the bad guys, the better ones will certainly look for other means onto a system. In some cases, that involves attacking hardware, specifically BIOS and other firmware that loads during boot-up. Successful exploits at that level can give an attacker not only root-level access to a computer, but persistence that survives most mitigation attempts. Admittedly, experts concede attackers are ahead of the research curve but there is a steady increase in security researchers looking at BIOS forensics with more than a passing curiosity. “I think we are seeing a renewed interest in this area as it’s becoming obvious that sophisticated adversaries (such as nation states) have the technical prowess to develop agents that live in this domain,” said Corey T. Kallenberg, a researcher with MITRE. Kallenberg, along with MITRE colleagues Xeno Kovah and John Butterworth, and Intel researchers Yuriy Bulygin and John Loucaides, spent close to four hours at the CanSecWest conference explaining the risks present in this security discipline and some of the tools—such as MITRE’s Copernicus—available to analyze BIOS and its successor UEFI to learn where the weak spots may be and what attackers are doing about it.

Current 7: Cyber Strategy, Theory, and Doctrine

NSA Nominee Promotes Cyberwar Units

All of the major combat commands in the United States military will soon have dedicated forces to conduct cyberattacks alongside their air, naval and ground capabilities, Vice Adm. Michael S. Rogers, President Obama’s nominee to run the National Security Agency, told the Senate on Tuesday. He said the activation of the long-discussed combat units would help counter the perception around the world that the United States is “an easier mark” for cyberattacks because it did not “have the will to respond.” Admiral Rogers’s comments, in written answers to the Senate Armed Services Committee, amounted to one of the most detailed public descriptions of how the United States is spending billions of dollars to develop an offensive military capability to use cyberweapons. The committee must approve his simultaneous appointment as the head of United States Cyber Command, a job he will hold in addition to overseeing the N.S.A. The retiring head of the Cyber Command, Gen. Keith B. Alexander, first announced the creation of offensive and defensive teams last year. During a two-hour appearance before the committee, Admiral Rogers also confirmed that the United States had seen evidence of cyberattacks on the new government in Ukraine, but declined to say whether the United States believed the Russian government was the source of the attacks, or how much damage was done.

Panetta: Cyberspace is the "battlefield of the future"

Former Central Intelligence Agency director Leon Panetta on Tuesday urged the federal government to take cyber threats more seriously and to invest more in cyber security. “I come back to this town and I get the sense that people have somehow given up,” Panetta said, addressing attendees at a government symposium organized by cybersecurity firm Symantec. Recent government shutdowns are an indication that policy makers are putting off a number of key decisions, said Panetta, who now serves as the chair for the Panetta Institute for Public Policy as part of the California State University System. Despite reductions, the defense budget must include funding for cybersecurity precautions to prevent large scale events, potentially launched by aggressive nations, he said. He noted that both the public and private sectors must cooperate to strengthen cyber security measures in the United States. “I think we’re kind of at a critical turning point in the 21st century,” he warned, noting policy makers could help the nation develop a more agile defensive force, “or we can be an America in decline, in constant crisis after crisis.”

The Sobering Cyber Future

From hacked credit card data to compromised state secrets to cyber terrorism, Internet security has moved to the forefront of public consciousness. In their new book Cybersecurity and Cyberwar (an entry in a “what everyone needs to know” series published by Oxford University Press), P. W. Singer and Allan Friedman address realities and prevalent fears surrounding use of the Internet. Singer is a Brookings Institution scholar, and Friedman is a visiting scholar at George Washington University. We asked them to pose six pertinent questions about the future of cyber threats to the public.

go to Top