Cracking the Digital Vault: A Study of Cyber Espionage

Petallides, Constantine J

Cracking the Digital Vault: A Study of Cyber Espionage

By Constantine J. Petallides
2012, Vol. 4 No. 04 | pg. 1/3 | »

IN THIS ARTICLE

KEYWORDS

Keywords:International Relations Cyber Security Cyber Terrorism Cyber Warfare Security Internet

Today, we live in the aftermath of the Internet revolution. Humanity has never before been more interconnected or had as much access to the same tools and information. As a driving force behind globalization and modern progress, the Internet enables instant communication and access to information while providing a new medium for cultural exchange. But the Internet also presents new risks that do not recognize the conventional power structure.

The usefulness of information technology (IT) for espionage cannot be ignored. After all, all warfare is based on deception.2 This paper examines how IT has changed the practices of espionage among states; it analyzeshow the availability of new technology makes it possible for corporations and private citizens to steal information and intellectual property from governments and each other; and finally, the paper concludes with an overview of the security situation as it currently stands and provides suggestions as to what can be done to improve it.

The Birth of the Internet

The Internet originated with research funding provided by the Department of Defense Advanced Research Projects Agency (DARPA) to establish a military network. As its use expanded, a civilian segment evolved with support from the National Science Foundation (NSF) and other science agencies.3 While wired connections between mainframes at certain bases existed as early as the late 1950s,4 these rudimentary links had very limited functionality. The connection was usually unreliable, and in some cases could only transmit small bundles of data in one direction. While it is true that these connections paved the way for modern networking, in their earliest forms, these networks were little more than expensive telegraphs.

One of the first networks (as we know them today) was AT&T's Switched Circuit Automatic Network designed for the US Army, which became AUTOVON in 1964.5 AUTOVON represented a technological leap forward, but was unable to address a fundamental problem with early networking, data delays caused by “queuing.” In the original network set up, data was transferred on a first-come-first-served basis and users found themselves waiting in virtual lines to transmit or receive information. As more users interacted across the network, the problem compounded and the wait-time at the back of the line got longer and longer. These delays would be potentially disastrous if a user needed to send data in an emergency, or if a commander were trying to gather real-time information from a battlefield.

Fortunately, the answer came in the mid 60s through the work of Larry Roberts, an ARPA engineer, and Paul Baran, a DoD computer consultant.6 These men designed and implemented a system called packet-switching to solve the “queuing” conundrum. Packet switching is a digital networking communications method that groups all transmitted data into suitably-sized blocks, called packets. These packets are then individually sent across the network and reassembled by the target computer. When traversing network adapters, switches, routers and other network nodes, packets are buffered and reordered, resulting in variable delay depending on the amount of traffic in the network. While there still remained a delay in data transmission, packet switching networks did away with the long line and took individual packets from different users and sent them instead of completing one job at a time.

Under heavy network traffic the processing and transmission speeds were slower than if single jobs were completed, but packet switching allowed for multiple simultaneous users to access the network and see their data transmitted without interruption. What was and is truly revolutionary about packet-switching is that the fundamental problem with data traffic was solved, and transmission speeds became a function of the networks themselves. With research and upgrades, our networks are growing constantly faster thanks to packet-switching. The firm Bolt Beraneck and Newman (BBN) designed the Interface Message Processor (IMP), which became the packet-switching node used to interconnect participant networks to the ARPANET from the late 1960s to 1989.7 It was the first generation of gateways, which are known today as routers. The first packets were successfully transmitted across ARPANet in 1969 and marked a true revolution in communication technology and the birth of the Internet as we know it today.

The precursor to the Internet, ARPANet, was launched in 1968 as a network for Universities to share and collaborate on research and for the government and military to transmit and store data, but almost immediately took on a life of its own. Within a few months, it became apparent that the original host-to-host set up of the network, which required mainframes to literally dial into each other to communicate,8 would not be sufficient for the dynamic needs and growing demands of users. The second major revolution in communication technology came in 1970, barely two years after the launch of ARPANet, in the form of the Network Control Protocol (NCP). Initially, if any packets were lost, the protocol (and presumably any applications it supported) would come to a grinding halt. In this model NCP had no end-to-end host error control, since the ARPANET was to be the only network in existence and it would be so reliable that no error control would be required on the part of the hosts.9 In layman’s terms, NCP stabilized the original host-to-host connections but could not prevent crashes in the event of data error. This added stability allowed more computers to dial into each other simultaneously, increasing network usage and efficiency. NCP was used for thirteen years until the major change that occurs in 1983.

The next communications revolution in the history of Internet development came in 1977 with the development of the Voiceover Internet Protocol (VoIP). As the name suggests, VoIP is used to transmit voice messages in real-time across the Internet and is what powers modern communication applications like Skype. Up to this point, the major objective of ARPA's Network Secure Communications (NSC) project had been to develop and demonstrate the feasibility of secure, high-quality, low-bandwidth, real-time, two-way digital voice communications over packet-switched computer communications networks.10 Given VoIP’s functionality and flexibility, it was highly desired by all levels of the military for its obvious command and control activities.11 VoIP is location independent; able to transmit multiple calls over a single broadband connection; and most importantly, it addresses most of the difficulties of creating a secure telephone connection over traditional phone lines.12 ARPA's NSC project supplied digitized speech secured by existing encryption devices and was quickly adopted into military communication systems in the following years.13

Finally we come to 1983, which brings with it the birth of the modern Internet. Up to this point, the military sphere of the Internet had existed in the same space as the research and civilian spheres. In response to an overload of traffic on the ARPANET, the Department of Defense split off the operation of its military traffic into a separate network called MILNET. The two networks collectively formed what was referred to as the 'Internet.14 The move was also motivated by security concerns. If problems developed on the ARPANET, the MILNET could be disconnected from it quickly by unplugging the small number of gateways that connected them. In fact, these gateways were designed to limit the interactions between the two networks to the exchange of electronic mail, a further safety feature.15 After the split, the Internet appeared as follows (circa 1985):

Internet Diagram

This split came at the same time as the transition from NCP to the new Transmission Control Protocol / Internet Protocol (TCP/IP). The ARPANet had migrated to the NCP network protocol in 1970; however, this protocol did have its limitations. It assumed end-to-end connectivity between the communicating hosts and did not handle interconnecting different networks well. It also did not tolerate packet loss, coming to a halt if a packet was lost. Bob Kahn and Vint Cerf had designed TCP/IP to overcome these limitations and permit interconnectivity between different networks and resend missing packets as necessary without crashing.16 17 With the new TCP/IP system in place, the Internet adopted the Internet Protocol version 4 (IPv4), believing that this would provide an inexhaustible number of addresses for servers and websites.18 TCP/IP was successfully used in 1977 to link together four networks, and IPv4 is still the platform used today across the Internet nearly twenty years later. Today, as the inexhaustible supply of addresses nears exhaustion, the Internet is once again migrating with the adoption of IPv6, which, as of 2011, is still in its infancy.

Given the Internet’s ubiquity and functionality, I found it necessary to expand on a brief history of its development. Every advancement in communication and data transmission used in military networks is directly related to the research surrounding the technological development of the Internet. Also, as a tool, the Internet has unquestionably changed our way of life. Looking at a graph of Internet usage, one can see that as more connections are made and more users join for the first time, the Internet is growing exponentially.

As the Internet becomes more prevalent, further research will lead to new technological breakthroughs, and networks all around the world will benefit.Continued on Next Page »

1 2 3

Abbate, Janet. Inventing the Internet. Cambridge, Mass: MIT, 1999. Print. Pg 15.

Adams, James. "Virtual Defense" Foreign Affairs Vol. 80, No. 3 (May - Jun., 2001), pp. 98

Alperovitch, Dmitri “Revealed Operation Shady Rat” McAfee White Paper

Capabilities and Related Policy Issues." Open CRS. Web. .

Chris Johnson, Naval War College Network, “Web Site Back Up Following Intrusion,” Inside the Navy, December 18, 2006.

“Dangerous Kitten” Encyclopedia Dramatica

Danny, Cohen. "Specifications For the Network Voice Protocol (NVP)." (1976): Pg 12. Internet Engineering Task Force. Web. .

DOJ Case Logs

Eriksson, Johan & Giacomello, Giampiero. “The Information Revolution, Security, and International Relations”. International Political Science Review Vol. 27, No. 3 (Jul., 2006), pp. 231

Fidler, Stephen "Steep Rise in Hacking Attacks from China," The Financial Times, December 5, 2007, at www.ft.com/cms/s/0/c93e3ba2-a361-11dc-b229-0000779fd2ac.html.

Ferrucci, David. "Building Watson: An Overview of the DeepQA Project." Association for the Advancement of Artificial Intelligence. 2010. Web. .

Grow, Brian, Keith Epstein, and Chi-Chu Tschang. "The New E-spionage Threat." Business Week. 10 Apr. 2008. Web. .

Gross, Michael “Exculsive: Operation Shady Rat” Vanity Fair 8/2/11

Hawke, Jack. “Internet Underground Takes on Iran”. MSN 9News. http://news.ninemsn.com.au/technology/827036/internet-underground-takes-on-iran

http://gigaom.com/cloud/the-real-costs-of-cyber-crime-infographic/

IMP -- Interface Message Processor, LivingInternet. http://www.livinginternet.com/i/ii_imp.htm

Keizer, Gregg. “'Shady RAT' hacking claims overblown, say security firms” Computer World 8/5/11

Dr. Kopp, Carlo. "Understanding Network Centric Warfare." Air Power Australia - Home Page. 10 Apr. 2011. Web. .

Kruger, Lennard G. "Internet Domain Names: Background and Policy Issues." Open CRS. Web. .

Lamont, Gary and Holloway, Eric. 2009. “Military network security using self organized multi-agent entangled hierarchies.” Proceedings of the 11th Annual Conference Companion on Genetic and Evolutionary Computation Conference: Late Breaking Papers (GECCO '09). ACM, New York, NY, USA, 2559-2566. DOI=10.1145/1570256.1570361 http://doi.acm.org/10.1145/1570256.1570361

Lee, Bartholomew. "Radio Spies – Episodes in the Ether Wars" http://www.trft.org/TRFTPix/spies9eR2006.pdf

Leffall, Jabulani "As cybercrime grows, so do the costs " MarketWatch.com October 13^th 2011.

Libicki, Martin, et al. “Influences on the Adoption of Multifactor Authentication” RAND Homeland Security and Defense Center

McClintock, Pamela (May 6, 2009). "'X-Men' takes hit in foreign markets". Variety.

McLure, Helen “The Wild, Wild Web: The Mythic American West and the Electronic Frontier” The Western Historical Quarterly, Vol. 31, No. 4 (Winter, 2000), pp. 457-476

Office of the United States Intellectual Property Enforcement Coordinator August 2010

Oldehoeft, Arthur Foundations of a Security Policy for Use of the National Research and Educational Network, NIST February 1992. Pg 12

"Pentagon warns of Internet incursion by Chinese cyber-terrorists," GCN, August 24, 2006.

Pershing, Genny. "Cybertelecom :: ARPANet (1960s)”.

Pershing, Genny. "Cybertelecom :: ARPANet (1960s)." Cybertelecom :: Federal Internet Law and Policy - An Educational Project. 1 Feb. 2011. Web. .

Pershing, Genny. "Cybertelecom :: ARPANet (1970s)."

Pershing, Genny. "Cybertelecom :: ARPANet (1970s)." Cybertelecom :: Federal Internet Law and Policy - An Educational Project. 1 Feb. 2011. .

Pershing, Genny. "Cybertelecom :: ARPANet to Internet 1980s."

Phister, Paul W. "CyberCraft: Concept Linking NCW Principles with the Cyber Domain in an Urban Operational Environment." Web. .

Postel, Jon. "DoD Standard Internet Protocol." Internet Engineering Task Force. Web. .

Rashid, Fahmida “Northrop Grumman, L-3 Communications Hacked via Cloned RSA SecurID Tokens” eWeek 6/2/2011

Rollins, John. "Terrorist Capabilities for Cyberattack: Overview and Policy Issues." Open CRS. Web. .

SEC Guidence on Reporting Cyber Security Incidents

Singel, Ryan and Poulsen, Kevin (June 29, 2006). "Your Own Personal Internet". 27B Stroke 6, Wired.com. Retrieved 2006-08-24.

“Top 10 Most Famous Hackers of All Time” – IT Security

Tzu, Sun. The Art of War. [S.l.]: Pax Librorum H, 2009. Print.

“What are some advantages of VOIP?” http://www.fcc.gov/voip/

Wilson, Clay. "Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress." Open CRS. Web. .

Yin, Sara “Report: U.S. Urges Japan to Prioritize Security After Contractor Hack” PCMagazine 9/21/2011

1.) Singel, Ryan and Poulsen, Kevin (June 29, 2006). "Your Own Personal Internet". 27B Stroke 6, Wired.com. Retrieved 2006-08-24.

2.) Tzu, Sun. The Art of War. [S.l.]: Pax Librorum H, 2009. Print.

3.) Kruger, Lennard G. "Internet Domain Names: Background and Policy Issues." Open CRS. Web. .

4.) Pershing, Genny. "Cybertelecom :: ARPANet (1960s)." Cybertelecom :: Federal Internet Law and Policy - An Educational Project. 1 Feb. 2011. Web. .

5.) Abbate, Janet. Inventing the Internet. Cambridge, Mass: MIT, 1999. Print. Pg 15.

6.) Pershing, Genny. "Cybertelecom :: ARPANet (1960s)”.

7.) IMP -- Interface Message Processor, LivingInternet. http://www.livinginternet.com/i/ii_imp.htm

8.) Pershing, Genny. "Cybertelecom :: ARPANet (1970s)." Cybertelecom :: Federal Internet Law and Policy - An Educational Project. 1 Feb. 2011. .

9.) Ibid

10.) Danny, Cohen. "Specifications For the Network Voice Protocol (NVP)." (1976): Pg 12. Internet Engineering Task Force. Web. .

11.) Pershing, Genny. "Cybertelecom :: ARPANet (1970s)."

12.) “What are some advantages of VOIP?” http://www.fcc.gov/voip/

13.) Pershing, Genny. "Cybertelecom :: ARPANet (1970s)”.

14.) Arthur Oldehoeft, Foundations of a Security Policy for Use of the National Research and Educational Network, NIST February 1992. Pg 12

15.) Pershing, Genny. "Cybertelecom :: ARPANet to Internet 1980s."

16.) Ibid

17.) Postel, Jon. "DoD Standard Internet Protocol." Internet Engineering Task Force. Web. .

18.) Pershing, Genny. "Cybertelecom :: ARPANet to Internet 1980s."

19.) Lee, Bartholomew. "Radio Spies – Episodes in the Ether Wars" http://www.trft.org/TRFTPix/spies9eR2006.pdf

20.) Ibid

21.) Wilson, Clay. "Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress." Open CRS. Web. .

22.) Ibid

23.) Ibid

24.) Ibid

25.) Ibid

26.) Chris Johnson, Naval War College Network, “Web Site Back Up Following Intrusion,” Inside the Navy, December 18, 2006.

27.) Wilson, Clay. "Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress."

28.) Stephen Fidler, "Steep Rise in Hacking Attacks from China," The Financial Times, December 5, 2007, at www.ft.com/cms/s/0/c93e3ba2-a361-11dc-b229-0000779fd2ac.html.

29.) Rollins, John. "Terrorist Capabilities for Cyberattack: Overview and Policy Issues." Open CRS. Web. .

30.) "Pentagon warns of Internet incursion by Chinese cyber-terrorists," GCN, August 24, 2006.

31.) Grow, Brian, Keith Epstein, and Chi-Chu Tschang. "The New E-spionage Threat." Business Week. 10 Apr. 2008. Web. .

32.) Wilson, Clay. "Information Operations, Electronic Warfare, and Cyberwar:

Capabilities and Related Policy Issues." Open CRS. Web. .

33.) Class Discussion 9/26/11

34.) Ibid

35.) Ibid

36.) Class Discussion 10/24/11

37.) Dr. Kopp, Carlo. "Understanding Network Centric Warfare." Air Power Australia - Home Page. 10 Apr. 2011. Web. .

38.) Class Discussion 10/24/11

39.) Adams, James. "Virtual Defense" Foreign Affairs Vol. 80, No. 3 (May - Jun., 2001), pp. 98

40.) “Top 10 Most Famous Hackers of All Time” – IT Security

41.) Ibid

42.) DOJ Case Logs

43.) “Top 10 Most Famous Hackers of All Time” – IT Security

44.) Ibid

45.) Leffall, Jabulani "As cybercrime grows, so do the costs " MarketWatch.com October 13^th 2011.

46.) Ibid

47.) McClintock, Pamela (May 6, 2009). "'X-Men' takes hit in foreign markets". Variety.

48.) Office of the United States Intellectual Property Enforcement Coordinator August 2010

49.) Ibid

50.) http://gigaom.com/cloud/the-real-costs-of-cyber-crime-infographic/

51.) Alperovitch, Dmitri “Revealed Operation Shady Rat” McAfee White Paper

52.) Rashid, Fahmida “Northrop Grumman, L-3 Communications Hacked via Cloned RSA SecurID Tokens” eWeek 6/2/2011

53.) Yin, Sara “Report: U.S. Urges Japan to Prioritize Security After Contractor Hack” PCMagazine 9/21/2011

54.) Alperovitch, Dmitri “Revealed Operation Shady Rat” McAfee White Paper

55.) Gross, Michael “Exculsive: Operation Shady Rat” Vanity Fair 8/2/11

56.) Keizer, Gregg. “'Shady RAT' hacking claims overblown, say security firms” Computer World 8/5/11

57.) Ibid

58.) Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity.

59.) “Dangerous Kitten” Encyclopedia Dramatica

60.) Ibid

61.) Ibid

62.) Hawke, Jack. “Internet Underground Takes on Iran”. MSN 9News. http://news.ninemsn.com.au/technology/827036/internet-underground-takes-on-iran

63.) Named after Andrey Markov, MDPs provide a mathematical framework for modeling decision-making in situations where outcomes are partly random and partly under the control of a decision maker. MDPs are useful for studying a wide range of optimization problems solved via dynamic programming and reinforcement learning.

64.) Lamont, Gary and Holloway, Eric. 2009. “Military network security using self organized multi-agent entangled hierarchies.” Proceedings of the 11th Annual Conference Companion on Genetic and Evolutionary Computation Conference: Late Breaking Papers (GECCO '09). ACM, New York, NY, USA, 2559-2566. DOI=10.1145/1570256.1570361 http://doi.acm.org/10.1145/1570256.1570361

65.) Ferrucci, David. "Building Watson: An Overview of the DeepQA Project." Association for the Advancement of Artificial Intelligence. 2010. Web. .

66.) Lamont, Gary and Holloway, Eric. “Military network security using self organized multi-agent entangled hierarchies.”

67.) Ibid

68.) Phister, Paul W. "CyberCraft: Concept Linking NCW Principles with the Cyber Domain in an Urban Operational Environment." Web. .

69.) Libicki, Martin, et al. “Influences on the Adoption of Multifactor Authentication” RAND Homeland Security and Defense Center

70.) SEC Guidence on Reporting Cyber Security Incidents

71.) Eriksson, Johan & Giacomello, Giampiero. “The Information Revolution, Security, and International Relations”. International Political Science Review Vol. 27, No. 3 (Jul., 2006), pp. 231

72.) McLure, Helen “The Wild, Wild Web: The Mythic American West and the Electronic Frontier” The Western Historical Quarterly, Vol. 31, No. 4 (Winter, 2000), pp. 457-476

73.) Ibid

74.) Ibid

75.) Eriksson, Johan & Giacomello, Giampiero. “The Information Revolution, Security, and International Relations”. International Political Science Review Vol. 27, No. 3 (Jul., 2006), pp. 236

76.) Ibid 237

Monthly Newsletter Signup

The newsletter highlights recent selections from the journal and useful tips from our blog.

Follow us to get updates from Inquiries Journal in your daily feed.

Follow @inquiriesjourn

Follow IJ

Latest in Computer Science

Cryptography

2009, Vol. 1 No. 11

A Brief History of Cryptography

By Tony M. Damico

The earliest form of cryptography was the simple writing of a message, as most people could not read (New World, 2007). In fact, the very word cryptography comes from the Greek words kryptos and graphein, which mean hidden and writing, respectively... Read Article »

Cryptography Cyber Security Codes Cipher Communication Encryption

Cyber Security

2015, Vol. 7 No. 10

An Overview of Essential Security Measures for Competitive Organizations

By Teodor Topalov Et. Al.

Considering information is the most valuable asset of any organization, information security is one of the most important areas for every business and individual. Looking at the big picture, approximately 86% of all websites had a serious vulnerability... Read Article »

Cyber Security Information Security Passwords Viruses Firewalls Network Monitoring

Trust Based Management

2009, Vol. 1 No. 11

Distributed Trust Based Management: Who's Getting In?

By Tony M. Damico

With the explosion of the use of the Internet for nearly all forms of negotiable instrument exchange, the constant transmission of time sensitive and vital corporate communications, and the ubiquitous presence of malicious software writers, verifying... Read Article »

Distributed Trust Based Management Access Granting Access Restricting Authentication Access Control List Security Problems Access Rights System Security Security Policy

Internet Security

2009, Vol. 1 No. 11

Cyber Attack Prevention for the Home User: How to Prevent a Cyber Attack

By Tony M. Damico

As the sophistication of cyber criminals continues to increase, their methods and targets have also evolved. Instead of building the large Internet worms that have become so familiar, these criminals are now spending more time concentrating on wealth... Read Article »

Cyber Terrorism Security Internet Internet Security

Internet

2009, Vol. 1 No. 11

A Vulnerable Network: Undersea Internet Cable Attacks

By Tony M. Damico

Multiple undersea internet cables were mysteriously severed and subsequently gained significant attention in the beginning of 2008. The attacks on those cables highlighted the enormous amount of internet traffic that uses the undersea cable system... Read Article »

Undersea Internet Cable Network Attack Internet Security Undersea Network Internet Network Attack

What are you looking for?

Tweets by @inquiriesjourn

FROM OUR BLOG

Writing a Graduate School Personal Statement

Inquiries Journal

Social Sciences

Humanities

Arts

Sciences