Wednesday, March 28, 2012

Weaponization of Cyberspace

The weaponization of cyberspace started with the advent of criminal enterprise, and over time has enabled cyber warfare for a mass audience. Some of the best exploitation technology was created for banking fraud. These tools include remote access botnets, multi-platform reliable exploits, command and control schemes, zero-day exploits, and blackhat-VPNs for anonymous access to the Internet.

Because the technology was developed in the underground it can be purchased by anyone - it's unclassified and not controlled by state security. As a result, very advanced attack technology has been disseminated to a greater population and non-state threat actors have emerged. Now individual citizens can access the same weaponized technology that was previously only used by the state-level efforts to conduct espionage that advances national interests. These same 'rogue hacking groups' have emerged with mixed ideological goals - many of them anti-state, religious extremist, and anti-corporate. There are hundreds of internationally organized groups that can be enumerated by anyone willing to do a little open-source intelligence research.

The weaponization of cyberspace is a key driving force that started with criminal enterprise, but has grown into a much larger context. Exploitation of systems can now be combined with the exploitation of online media. I predict that traditional terrorist methods will be replaced largely due to the immediate attention an amateur can bring to their cause by latching on to a brand name and posting their ideological views via the countless social outlets available to them. Because the press does not traditionally frequent cyber cafe's in remote parts of the world (where western ideology and freedom isn’t necessarily embraced), would-be terrorists will seek more effective means to distribute and influence from whatever rock they're hiding under. Cyberspace offers far less exposure and risk than carrying a cell phone detonator in a busy marketplace. No, it is far easier to tap out a few keystrokes and get your shot at trending, getting linked, liked, and retweeted. In terrorism the goal is messaging, and those with things to say have found their outlet. Whether highly sophisticated abroad, or in the deepest darkest caves, or down in the basement of their parent’s home, the Internet is their soap box.


Friday, March 9, 2012

The Changing Face Behind the Keyboard

At my recent RSA presentation, I talked about the evolution of cyber threats over the last decade and the slowly shifting goals and intent of the hacking groups behind them. Most of us remember the romantic hacker vision - the lone college student exploring systems for fun, not profit. Mostly harmless, this quest for learning at the center of the hacker ethic led to tremendous innovation in Silicon Valley and elsewhere. But the advent of online banking in the mid-2000's changed everything. The criminal goal became profit. This created a malware economy, and something I call the "weaponization of cyberspace" - a trend towards making cyber weapons easier and easier for non-programmers to use. Then, around 2005-ish, we started to see organized and wide-scale attacks into military and defense systems that seemed to originate from foreign intelligence. The malware behind these attacks were not altogether different from known toolkits (think Back Orifice 2000) - but far more interesting was the fact these toolkits were custom-made and each attack group seemed to compile their weapons from private source code. It didn't take long for these attackers to branch into commercial space - most specifically heavy industry and energy. This made sense from a national perspective as China's (and others') need to dominate the world energy market is critical to their expansion.

Now, with hactivism, non-state actors are targeting these very same systems. These rogue threats are focusing on manufacturing, defense, the financial sector, and more - organizations traditionally targeted by state-level espionage.

So, what is next?

While attitudes against the state are a common recurring theme in younger people in every nation, they rarely blossom into full-blown terrorism. Yet, that is exactly what is occurring right now. As cyber warfare shifts from a state-level coordinated espionage operation to unstructured personal action, the chance for attacks (both physical and cyber) on citizens and the livelihoods of innocent people increases dramatically. The Internet will play a big part in future terrorist attacks - not just because systems can be hacked, but also because of how the Internet has changed media and journalism. As I detailed in my post on Asymmetric Warfare and Cyber Terrorism last July, remember that terrorism is first and foremost about messaging. Exacerbating the lines of truth, the Internet mediasphere has surpassed all other forms of traditional journalism and has become an information weapon, disseminating propaganda in conjunction with social media campaigns far more effectively than a single actor detonating a car-bomb in Karachi could ever achieve.

I will be giving a webcast version of my RSA presentation next Wednesday (March 14th, 11AM PST) for those who are interested. The RSA registration link is here.