It’s another normal day and without even thinking about the magic of it all, I start the usual activities over breakfast. A quick check to see if there are any urgent emails, followed by a quick look at a couple of websites to pick up the latest news headlines; a quick glance at my LinkedIn and Facebook pages; and finally, a quick scan to see if there has been any interesting Twitter activity overnight.
Has the NSA, GCHQ, People’s Liberation Army (PLA), the Federal Security Service of the Russian Federation (FSB), or any one of the other national intelligence agencies intercepted and read my correspondence? Doesn’t even cross my mind.
The Internet has changed our lives in so many ways, but with freedom of movement and expression comes responsibility. Whether Julian Assange or Edward Snowden or any other whistleblower, the question I ask myself is to what extent any of us have the right to use our freedom to expose what we believe to be wrong. The law does not allow me the right to publicly accuse anyone of a crime without allowing them due process in a court of law. The recent case of a Graham Smith, falsely accused of historical child abuse and who committed suicide as a result, is a case in point, as is the case of Neil Carr who in 2012 was falsely accused of molesting children. Parents set up a Facebook page to debate whether he was guilty or innocent.
Since releasing classified NSA information, Snowden has said that “For me, in terms of personal satisfaction, the mission’s already accomplished. I already won.” So all is OK because he’s happy. But on the other side of the argument is the constant reminders that we are in the middle of a war – A Cyber War in which the key players are not concerned about our personal satisfaction, about allowing us to change society, or in allowing us to decide how we are governed.
Are We At War?
There are several interesting books published on the topic of Cyber Warfare, and in an “Introduction to Cyber Warfare – A Multidisciplinary Approach” by Paulo Shakarian, Jana Shakarian, and Andrew Ruef, they define Cyber Warfare as “an extension of policy by actions taken in cyber space by state or nonstate actors that either constitute a serious threat to a nation’s security or are conducted in response to a perceived threat against a nation’s security.”
In a report published by the U.S. Department of Defense in 2009, they stated that DoD networks are probed roughly 250,000 times an hour”. In the same report they cited that by 2006, up to 20 terabytes of data had been remotely exfiltrated from NIPRNet. NIPRNet is the non-classified Internet Protocol (IP) Router Network which is used to exchange sensitive but unclassified information between Department of Defense “internal” users. It also provides users with access to the Internet.
There are many players in this game, and there is not sufficient space in this article to deal with each of them, so attention will be given to the one that we all seem to consider the biggest threat: China.
Cyber espionage is important to China because it is viewed as a method of leveling the playing field via neutralizing the enemy rather than directly confronting them. The theft of intellectual property from software vendors provides the means to identify vulnerabilities for later attacks. According to its publication “Unrestricted Warfare”, the PLA states that “Modern warfare includes political, scientific, and economic leaders in addition to military personnel. The notion of ‘unrestricted’ warfare extends not only the domains of war but also the time at which such actions of war can take place. ‘Military’ operations —that now include information, economic, and psychological aspects, can take place in peacetime in this perspective— further supporting the notion of ‘active offense.'” The PLA goes on to state that “against an information-centric society, a nation’s political system, economic potential, and strategic objectives will be high-value targets. The preferred method to attack such a society would be through the use of asymmetric warfare techniques. Asymmetric warfare refers to the ability of a combatant to defeat a superior force by using tactics that exploit a major weakness in their weapon systems, tactics, or information technology.”
In 2010, in an operation that became known as “Operation Aurora”, Google, Adobe and thirty two other companies had their corporate systems hacked with the purpose of accessing information about Chinese human rights activists but also stealing intellectual property— namely, source code of commercially developed software.
Who Is The Enemy?
While the media in general appears to be enjoying taking the moral high ground on issues such as the NSA, there is a need to raise awareness about the fact that the NSA and their allies are not the only protagonists in cyberspace. The large scale cyber spying ring known as GhostNet, which bases its command and control infrastructure mainly in the People’s Republic of China, has in the past infiltrated high-value political, economic and media locations in 103 countries. Computer systems belonging to embassies, foreign ministries and other government offices were compromised. Although the activity is mostly based in China, there is no conclusive evidence that the Chinese government was involved in its operation. However, given that most Chinese hackers are now employed by the government, one could suggest that the circumstantial evidence leaves little doubt.
As we’ve seen with the numerous leaks over the past few years, the insider threat still presents the greatest risk. But as we’ve seen in the recent past, this is a new type of threat. Whether in government or in industry, there are always people who are either disgruntled or who are simply criminals. These individuals may compromise their employer’s information, resulting in a breach of confidentiality that could have profound ramifications for political systems, financial systems and average companies . Additionally, the stark reality is that most of us are learning on the job how to deal with this type of threat.
Start at the beginning
Each and every organization is confronted with a myriad of hacking and penetration tools that are available both as open source and in commercial settings. Like nuclear power, these tools can be used for good or bad.
However many of these tools rely on the ability to discover weak passwords that provide high levels of privilege. As Snowden discovered, badly managed privileged passwords are the keys to the kingdom, and the frequent reuse of the same passwords on multiple systems make exploitation easy for the average administrator.
Additionally virtually all systems have vendor default accounts, and once you have the default account for a particular device, chances are you can gain access to most of these systems since their passwords are rarely changed. Additionally it doesn’t require much intelligence to access websites such as http://www.phenoelit-us.org/dpl/dpl.html and to work your way through a list! – “Cyber Warfare Techniques, Tactics and Tools for Security Practitioners” by Jason Andress and Steve Winterfield
So as a first step, every organization should initiate and enforce an effective defense against privileged access. You can begin by doing the following:
– Implement an effective password policy that covers privileged access, patching, and system hardening.
– Disable the ability of administrators to be able to create local accounts that allow them to have privileged access. Breaches such as TJX happened because when the TJX systems were penetrated, the attackers were able to install accounts on Internet accessible applications in order to access the information that they were looking for http://www.computerworld.com/s/article/9044321/TJX_violated_nine_of_12_PCI_controls_at_time_of_breach_court_filings_say.
– Deploy solutions that are constantly scanning for modifications to registries, service accounts, scheduled tasks, and new applications.
– Include your workstations in any solution. This is very often the soft underbelly of any organization and frequently the easiest place to launch an attack from.
There are many other points worthy of consideration that are beyond the scope of this article. Nevertheless, what we need to consider is that in our rush to applaud the likes of Snowden, we need to consider what the impact might be. Whether or not lessening the ability of those who are charged with protecting national security to act with impunity is good or bad, the reality is that responsive measures are to be expected. As a child, stealing too much from the cookie jar either meant that the cookies went under lock and key, and even worse, cookies just disappeared off the shopping list!
In 2010, a bill was introduced in the in the US called the “Protecting Cyberspace as a National Asset,” a bill that would have given the President the power to literally shut down the Internet. As one objector put it, “I do not feel comfortable with the federal government having broad power over disabling communication equipment used for internet communication…” Although this bill was not enacted, it would not be surprising to see a response that ultimately curbed the surveillance activities of the NSA activity as a result of the Snowden affair.
Let’s hope we don’t wake up tomorrow to no email, news, or whatever media we turn to at breakfast.
By Calum MacLeod, VP of EMEA at Lieberman Software
Lieberman Software pioneered the privileged identity management space by releasing the first product to this market in 2001. Since then, the company has regularly updated and expanded its privilege management solution set, while growing its customer base in this vibrant market. Lieberman Software also develops a line of long-standing Windows security management tools.
Lieberman Software now has more than 1,200 global customers, including more than 40 percent of the Fortune 50. The company is a Microsoft Gold Application Development Partner, an Oracle Gold Partner and an HP Silver Business Partner.