gAtO wAs -reading my friend Pierluigi Paganini’s Security Affairs blog – http://securityaffairs.co - about “Google Used as Cyber Weapons and it got me thinking. To put it in todays terms, cyber Iran is in the news lately and they do control oil coming from the middle east. Their oil fields are controlled by the Internet (SCADA) and thus vulnerable to a cyber attack. So talking about cyber weapons is not far fetched.. so.. What are Cyber weapons and how do we use them in today’s digital infrastructure. Cyber weapons today are not just about security but also as a geo-political tool and it’s power to control the price of oil as well as an a attack vector.
We have targeted and un-targeted cyber weapons. If we look at Stuxnet and DuQu style of targeted attacks we have a cyber weapon that is guided to make sure it has the right target then uses unpublished certificates to give the software a trusted attack vector, then it goes about doing it’s dirty work. DuQu is different and these two codes do different things one is a computer to kinetic cause and effect like messing with their centrifuges in their enrichment plant and telling the monitoring stations that everything was cool and dandy and then deletes itself from the face of the earth after a self-kill date.
One lone person can with today’s tools develop, control and execute a massive cyber attack to any physical device that is connected to the Internet.
What is a Cyber Weapon? – http://hackmageddon.com/2012/04/22/what-is-a-cyber-weapon/
On the other hand DuQu goes and does recon and gathering of information to make an attack transmit it back to Command & Control, then sits back and waits quietly and undetected. What a dynamic dual these two are, why mention these two because, Stuxnet was the first and DuQu was the son of…stuxnet. We now have an evolving Code-Based warrior class of cyber weapons that using this framework other cyber weapons can be created.
The Internet was design as a weapons-class communication medium.
Spammers and phising criminals have got a new tool social engineering: it is used in:Advanced Persistent Threat (APT) style attacks just a simple email attachment and your their next victim. Then the Chinese did a clever legal plain overt in your face thing— they created an FACEBOOK account for “James Stavridis” who happens to be an American Admiral in the Minister of Defence in NATO and then other officials from NATO accepted his Friend request and gathered tons of personal information about high ranking NATO officials.
This is the plain in sight social engineering planning that goes into today’s complex cyber operations. It’s a numbers game. The question needs to be asked. How many dead unknown family relatives have died and left me billion of dollars from Nigeria? Like I said someone will click on the link, greed, stupidity or just drunk, they just created another zombie computer. This zombie can now be given a dictionary attack code to hack your site and the hack begins a new. The life-cycle of hacking botNet.
The bad guy’s are everywhere - The social engineer aspect in today’s social networks is so new that nobody has the rules.
Let’s go into a hackers mind. I’m a game player and we figure out the games and then find the weak spot and slide right in and killing that monster to that level 22 knight elf warrior. To make it more fun Google and Facebook are changing their security policy to allow more and more information about ourselves is available online. Make sure you know that anything you say online is stored, collected and examined until you go down the rabbit hole like ToR “Smile your on candid camera” – all the time.
In today’s digital matrix just about anything can be used to hack you.
We today have attacks like the LuckyCat attack from China that has a Chinese professor with a masters and PHD in computer science leading the team. The LuckyKat hack was very well though out and planned with “state-sponsored individuals in China”. Lucky Cat:
To avoid detection, the hackers used a diverse set of infrastructure and anonymity tools. Each attack used a unique campaign code to track which victims were compromised by which malware, illustrating that the attackers were both very aggressive and continually targeted intended victims with several waves of malware, according to Trend Micro’s report.
The security company was able to connect an email address used to register one of the group’s command-and-control servers to a hacker in the Chinese underground community.
The hacker has been using aliases “dang0102″ or “scuhkr” and has been linked to the Information Security Institute of the Sichuan University in Chengdu, China, where he was involved in a research project on network attack and defense.
The person behind the aliases and the email address is Gu Kaiyuan, who is now apparently an employee at Tencent, China’s leading Internet portal company, The New York Times reported on Thursday.
While we spend time on low hanging fruits like the Anonymous attack from the LulzSec crewz and Sabu. Come on this was an embarrassment and the FBI took it personal while the RSA (March 27, 2012 NSA Chief:China behind RSA Attacks: ( http://www.informationweek.com/news/government/security/232700341 ) and Locckheed Martin (May 31, 2011- Lockheed Martin Suffers Massive Cyber attack – http://www.informationweek.com/news/government/security/229700151 ) hacks from foreign nationalist hacking into our defense contractors was a much bigger deal but we ate up the LuLz and three months later we gave Loockheed Martin a National contract to protect our National electrical grid(July 27, 2011 – Lockheed Promised Electric Grid Security Contract – http://uscyberlabs.com/blog/2011/07/27/lockheed-promises-electric-grid-security/ ).
Now why is “gAtO going LoCo” over all this is because while all this madness is going on these professional hacks are being given to smaller countries and even smaller terrorist cells that can use these same tools professionaled managed and all in a box. How to Hack a Box going to your local nut case living in mama’s basement, another unemployed person with time on their hands and reading all about it. This is the bottom of the connect the dot contest. One lone person can with today’s tools develop, control and execute a massive cyber attack to any physical device that is connected to the Internet now that’s a cyber weapon
How many devices connected to the Internet that you know about??? -?— gAtO oUt. .