Cracking the Digital Vault: A Study of Cyber Espionage

By Constantine J. Petallides
2012, Vol. 4 No. 04 | pg. 3/3 |

Securing the Networks

When it comes to cyber defense, many believe that the solution can be found in firewalls. While still a useful tool against unsophisticated attackers, firewalls are less effective in deterring even mediocre hackers. While there are always security upgrades applied to firewalls, they are based on civilian and commercial technologies (ie Windows and Linux) and can be fooled with various software tools freely available to any attacker.

The other problem with reliance on firewalls, is that is fosters an attitude of laziness toward security at the user-level. Users may begin to feel impervious behind their firewalls and take no further steps to protect their data or prevent intrusions. But as we know from history, even the greatest walls cannot protect against all intruders. As in Jericho and Troy, once an attacker breeches the walls, he/she is able to plunder and/or destroy everything inside. Be it through a hacking trick, or a good old-fashioned Trojan Horse, firewalls are no longer sufficient to defend the networks against cyber attackers.

Given the bleak security picture I have painted thus far, how can we hope to survive against the constant threat of cyber attack? The future of security lies not in building bigger and better walls, but in protecting data and connections at the individual computer level. Many contemporary military communication control structures are based on static, hierarchical designs, which generally lack flexibility due centralization. To get around this, some are developing self-organized multi-agent swarm (SOMAS) systems. This system uses the formal structure of a Markov decision process (MDP)63 as the design foundation. Automated security agents patrol the network like white blood cells, but what is interesting is that they are programmed in such a way as to be self-synchronizing. A decentralized intrusion detection system that uses two agent populations to detect and eliminate intrusions relies upon self-organization for the agents to work together without centralized control.64 While this may sound like science fiction, using technology similar to IBM’s Watson who competed on Jeopardy,65 these agents would be trained in simulations and actually learn through trial and error how to respond in different situations.66 Rather than traditional yes/no programming, the agents are able to make semi-conscious decisions based on the real situation, having learned from experience. Since these swarm programs can be trained thousands of times in simulations in the same amount of time it takes to train one human agent, automated swarms provide a more efficient second line of defense than their human counterparts. The Navy’s CYBERCRAFT project is currently experimenting with fielding this type of defense system through its networks.67 68

Another aspect we must consider is the question of authentication of users. Authentication in cyberspace is the process of verifying user identity prior to granting access to specific computer, network, or Internet services and resources. While the user password is the form of authentication that remains the primary means of user identification, they are a notoriously weak form of authentication; and can be compromised at any point in the authentication process. Since passwords alone no longer provide adequate authentication for many types of information (especially in the face of new sniffers, keystroke loggers, and better cracking algorithms, coupled with faster machinery), the use of multiple factors for network access might be recommended.69 The benefits of multifactor authentication are that hackers (or insiders) have to break (that is, gain unauthorized access to systems protected by) not one but many authentication devices. Each tends to have different strengths and different weaknesses. NIST Special Publication 800-633 recommends MFA for remote authentication to achieve assurance levels 3 and 4. Nevertheless, its implementation is not widespread. Although MFA is mandated for federal agencies, as per Homeland Security Presidential Directive-12 (HSPD-12) coupled with Office of Management and Budget (OMB) Memorandum M-06-16, many private organizations tend to avoid its use for employees, much less for other associates and customers (e.g., account holders).

There is also room to explore the possibility of turning an attacker’s advantages against him/her. Since almost all cyber espionage falls under CNE and CNA1, security programs should be installed that actually lie to an attacker. When an intrusion is detected, the system should automatically place false information in the affected network before the attackers can realize. If they fall for this bait-and-switch approach, governments can trace the origins of an attack by studying where this false information is used, sold, or examined in the real world. For this method to be effective, we must first better incentivize companies to report the details of intrusions and reduce the penalties they may face for negligence or extra-legal business practices.70

Finally, there is the option of unplugging from the current network and moving to a private Internet space reminiscent of the set-up in 1983. The Internet is quickly running out of IP addresses and DARPA is using the transition to IPv6 as an opportunity to disconnect from the civilian Internet. They are currently sponsoring a contest among programmers and contractors to submit proposals for a Military Network Protocol system that would act as a separate Internet with little to no connection to the civilian side. While this is a drastic undertaking, much exploratory research is being done into the idea. As DARPA works on unplugging from the rest of the Internet, there is also a push to cut down on the number of networks in existence. Each government agency and branch of the military operates countless individual networks, which leads to a great deal of redundancy. In cutting down on the number of networks, there will be fewer vulnerable connections and intersections between networks themselves as well as between the military apparatus and the civilian Internet. Many in the defense community are working to integrate networks with similar functionalities and provide more umbrella access.

Conclusion

In their article “The Information Revolution, Security, and International Relations,” Eriksson and Giocomello stress the importance of cooperation to mitigate the threat of cyber attacks. They emphasize that “government alone cannot secure cyberspace,”71 but do not propose a real alternative. From a Neoliberal point of view, this security dilemma could potentially be resolved through the creation of international institutions. While it would be difficult to launch, an international organization composed of states and non-state actors alike devoted to the maintenance of cyber security would greatly diminish the uncertainty currently faced by each state. In theory, each member would reveal its capabilities, offer methods for members to identify its cyber activity, and share developed defensive technologies, fostering trust and creating transparency. In such a case, any attacks instigated by members would be easily identified and punished, and any attacks originating from outside the group would be investigated and sought out by a collective might rather than isolated actors. Unfortunately, such a group would require members to disseminate more information than they would likely be willing to, for fear of weakening their positions, and many of the larger powers would probably avoid joining so as not to be accountable for their already established cyber warfare activities.

This dog-eat-dog mentality led Helen McLure to draw the interesting parallel between cyberspace and the Wild West. Elements of the Old West survive in the gold rush mentality and lawlessness and crime that have accompanied the opening of the electronic frontier.72 Hackers stealing intellectual property and defense schematics is eerily similar to bandits robbing trains and banks and stealing arms from ambushed marshals. Like the Old West, cyberspace holds the promise of endless possibilities of freedom and wealth for each netizen, but its anarchic structure also gives rise to a dangerous Hobbesian system. McLure’s final parallel is the rise of vigilante justice. Because the electronic frontier is still generally a lawless territory, vigilantism is often the preferred-and sometimes the only effective response to what the people perceive as crimes against both property and users.73 Such groups have arisen to fight spammers, and also frequently organize against more traditionally disturbing criminal activities, such as hate groups and child pornography.74 Groups like Anonymous have caused immeasurable damage over the years through their cyber vandalism, but they too mobilized against an oppressive Iranian crackdown and ensured the Green Revolution was not stamped out by protecting the protestors’ access to communication channels.

As the Constructivist school emphasizes the importance of symbols, ideas, and their meaning, Eriksson and Giocomello see “symbolic politics as highly relevant for studying digital age security.”75 The Internet is a tool for sharing information, but it is a unique medium that has developed a life of its own and an ever-evolving identity. It is important to understand that in many cases, the information spread online and the actions taken by many users are in some way affected by the culture and identity of the Internet. Cyberspace is like nothing we have ever seen before and from a Constructivist point of view, interactions between states, other states, and non-state actors must evolve to fit the Internet age.76 Nothing has given an idea more potential to spread and develop a life of its own than the Internet.

While cyber espionage continues to be a grave threat, it can be mitigated by the implementation of new security technologies. But we cannot stop there. As cyberspace develops and takes shape, we have the unique opportunity to lay the groundwork for peace and prosperity on the cyber frontier. While the Old West was indeed a lawless land, the robberies and murders did eventually stop. In this case, we too can settle the cyber domain. Whether it is through new monitoring technologies coupled with international norms, understanding, and cooperation; or the employment of vigilantes to hunt cyber criminals and become the proverbial Dark Knights protecting our digital Gotham City, cyber security will improve in the long run.


References

Abbate, Janet. Inventing the Internet. Cambridge, Mass: MIT, 1999. Print. Pg 15.

Adams, James. "Virtual Defense" Foreign Affairs Vol. 80, No. 3 (May - Jun., 2001), pp. 98

Alperovitch, Dmitri “Revealed Operation Shady Rat” McAfee White Paper

Capabilities and Related Policy Issues." Open CRS. Web. .

Chris Johnson, Naval War College Network, “Web Site Back Up Following Intrusion,” Inside the Navy, December 18, 2006.

“Dangerous Kitten” Encyclopedia Dramatica

Danny, Cohen. "Specifications For the Network Voice Protocol (NVP)." (1976): Pg 12. Internet Engineering Task Force. Web. .

DOJ Case Logs

Eriksson, Johan & Giacomello, Giampiero. “The Information Revolution, Security, and International Relations”. International Political Science Review Vol. 27, No. 3 (Jul., 2006), pp. 231

Fidler, Stephen "Steep Rise in Hacking Attacks from China," The Financial Times, December 5, 2007, at www.ft.com/cms/s/0/c93e3ba2-a361-11dc-b229-0000779fd2ac.html.

Ferrucci, David. "Building Watson: An Overview of the DeepQA Project." Association for the Advancement of Artificial Intelligence. 2010. Web. .

Grow, Brian, Keith Epstein, and Chi-Chu Tschang. "The New E-spionage Threat." Business Week. 10 Apr. 2008. Web. .

Gross, Michael “Exculsive: Operation Shady Rat” Vanity Fair 8/2/11

Hawke, Jack. “Internet Underground Takes on Iran”. MSN 9News. http://news.ninemsn.com.au/technology/827036/internet-underground-takes-on-iran

http://gigaom.com/cloud/the-real-costs-of-cyber-crime-infographic/

IMP -- Interface Message Processor, LivingInternet. http://www.livinginternet.com/i/ii_imp.htm

Keizer, Gregg. “'Shady RAT' hacking claims overblown, say security firms” Computer World 8/5/11

Dr. Kopp, Carlo. "Understanding Network Centric Warfare." Air Power Australia - Home Page. 10 Apr. 2011. Web. .

Kruger, Lennard G. "Internet Domain Names: Background and Policy Issues." Open CRS. Web. .

Lamont, Gary and Holloway, Eric. 2009. “Military network security using self organized multi-agent entangled hierarchies.” Proceedings of the 11th Annual Conference Companion on Genetic and Evolutionary Computation Conference: Late Breaking Papers (GECCO '09). ACM, New York, NY, USA, 2559-2566. DOI=10.1145/1570256.1570361 http://doi.acm.org/10.1145/1570256.1570361

Lee, Bartholomew. "Radio Spies – Episodes in the Ether Wars" http://www.trft.org/TRFTPix/spies9eR2006.pdf

Leffall, Jabulani "As cybercrime grows, so do the costs " MarketWatch.com October 13th 2011.

Libicki, Martin, et al. “Influences on the Adoption of Multifactor Authentication” RAND Homeland Security and Defense Center

McClintock, Pamela (May 6, 2009). "'X-Men' takes hit in foreign markets". Variety.

McLure, Helen “The Wild, Wild Web: The Mythic American West and the Electronic Frontier” The Western Historical Quarterly, Vol. 31, No. 4 (Winter, 2000), pp. 457-476

 

Office of the United States Intellectual Property Enforcement Coordinator August 2010

Oldehoeft, Arthur Foundations of a Security Policy for Use of the National Research and Educational Network, NIST February 1992. Pg 12

"Pentagon warns of Internet incursion by Chinese cyber-terrorists," GCN, August 24, 2006.

Pershing, Genny. "Cybertelecom :: ARPANet (1960s)”.

Pershing, Genny. "Cybertelecom :: ARPANet (1960s)." Cybertelecom :: Federal Internet Law and Policy - An Educational Project. 1 Feb. 2011. Web. .

Pershing, Genny. "Cybertelecom :: ARPANet (1970s)."

Pershing, Genny. "Cybertelecom :: ARPANet (1970s)." Cybertelecom :: Federal Internet Law and Policy - An Educational Project. 1 Feb. 2011. .

Pershing, Genny. "Cybertelecom :: ARPANet to Internet 1980s."

Phister, Paul W. "CyberCraft: Concept Linking NCW Principles with the Cyber Domain in an Urban Operational Environment." Web. .

Postel, Jon. "DoD Standard Internet Protocol." Internet Engineering Task Force. Web. .

Rashid, Fahmida “Northrop Grumman, L-3 Communications Hacked via Cloned RSA SecurID Tokens” eWeek 6/2/2011

Rollins, John. "Terrorist Capabilities for Cyberattack: Overview and Policy Issues." Open CRS. Web. .

SEC Guidence on Reporting Cyber Security Incidents

Singel, Ryan and Poulsen, Kevin (June 29, 2006). "Your Own Personal Internet". 27B Stroke 6, Wired.com. Retrieved 2006-08-24.

“Top 10 Most Famous Hackers of All Time” – IT Security

Tzu, Sun. The Art of War. [S.l.]: Pax Librorum H, 2009. Print.

“What are some advantages of VOIP?” http://www.fcc.gov/voip/

Wilson, Clay. "Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress." Open CRS. Web. .

Yin, Sara “Report: U.S. Urges Japan to Prioritize Security After Contractor Hack” PCMagazine 9/21/2011


1.) Singel, Ryan and Poulsen, Kevin (June 29, 2006). "Your Own Personal Internet". 27B Stroke 6, Wired.com. Retrieved 2006-08-24.

2.) Tzu, Sun. The Art of War. [S.l.]: Pax Librorum H, 2009. Print.

3.) Kruger, Lennard G. "Internet Domain Names: Background and Policy Issues." Open CRS. Web. .

4.) Pershing, Genny. "Cybertelecom :: ARPANet (1960s)." Cybertelecom :: Federal Internet Law and Policy - An Educational Project. 1 Feb. 2011. Web. .

5.) Abbate, Janet. Inventing the Internet. Cambridge, Mass: MIT, 1999. Print. Pg 15.

6.) Pershing, Genny. "Cybertelecom :: ARPANet (1960s)”.

7.) IMP -- Interface Message Processor, LivingInternet. http://www.livinginternet.com/i/ii_imp.htm

8.) Pershing, Genny. "Cybertelecom :: ARPANet (1970s)." Cybertelecom :: Federal Internet Law and Policy - An Educational Project. 1 Feb. 2011. .

9.) Ibid

10.) Danny, Cohen. "Specifications For the Network Voice Protocol (NVP)." (1976): Pg 12. Internet Engineering Task Force. Web. .

11.) Pershing, Genny. "Cybertelecom :: ARPANet (1970s)."

12.) “What are some advantages of VOIP?” http://www.fcc.gov/voip/

13.) Pershing, Genny. "Cybertelecom :: ARPANet (1970s)”.

14.) Arthur Oldehoeft, Foundations of a Security Policy for Use of the National Research and Educational Network, NIST February 1992. Pg 12

15.) Pershing, Genny. "Cybertelecom :: ARPANet to Internet 1980s."

16.) Ibid

17.) Postel, Jon. "DoD Standard Internet Protocol." Internet Engineering Task Force. Web. .

18.) Pershing, Genny. "Cybertelecom :: ARPANet to Internet 1980s."

19.) Lee, Bartholomew. "Radio Spies – Episodes in the Ether Wars" http://www.trft.org/TRFTPix/spies9eR2006.pdf

20.) Ibid

21.) Wilson, Clay. "Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress." Open CRS. Web. .

22.) Ibid

23.) Ibid

24.) Ibid

25.) Ibid

26.) Chris Johnson, Naval War College Network, “Web Site Back Up Following Intrusion,” Inside the Navy, December 18, 2006.

27.) Wilson, Clay. "Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress."

28.) Stephen Fidler, "Steep Rise in Hacking Attacks from China," The Financial Times, December 5, 2007, at www.ft.com/cms/s/0/c93e3ba2-a361-11dc-b229-0000779fd2ac.html.

29.) Rollins, John. "Terrorist Capabilities for Cyberattack: Overview and Policy Issues." Open CRS. Web. .

30.) "Pentagon warns of Internet incursion by Chinese cyber-terrorists," GCN, August 24, 2006.

31.) Grow, Brian, Keith Epstein, and Chi-Chu Tschang. "The New E-spionage Threat." Business Week. 10 Apr. 2008. Web. .

32.) Wilson, Clay. "Information Operations, Electronic Warfare, and Cyberwar:

Capabilities and Related Policy Issues." Open CRS. Web. .

33.) Class Discussion 9/26/11

34.) Ibid

35.) Ibid

36.) Class Discussion 10/24/11

37.) Dr. Kopp, Carlo. "Understanding Network Centric Warfare." Air Power Australia - Home Page. 10 Apr. 2011. Web. .

38.) Class Discussion 10/24/11

39.) Adams, James. "Virtual Defense" Foreign Affairs Vol. 80, No. 3 (May - Jun., 2001), pp. 98

40.) “Top 10 Most Famous Hackers of All Time” – IT Security

41.) Ibid

42.) DOJ Case Logs

43.) “Top 10 Most Famous Hackers of All Time” – IT Security

44.) Ibid

45.) Leffall, Jabulani "As cybercrime grows, so do the costs " MarketWatch.com October 13th 2011.

46.) Ibid

47.) McClintock, Pamela (May 6, 2009). "'X-Men' takes hit in foreign markets". Variety.

48.) Office of the United States Intellectual Property Enforcement Coordinator August 2010

49.) Ibid

50.) http://gigaom.com/cloud/the-real-costs-of-cyber-crime-infographic/

51.) Alperovitch, Dmitri “Revealed Operation Shady Rat” McAfee White Paper

52.) Rashid, Fahmida “Northrop Grumman, L-3 Communications Hacked via Cloned RSA SecurID Tokens” eWeek 6/2/2011

53.) Yin, Sara “Report: U.S. Urges Japan to Prioritize Security After Contractor Hack” PCMagazine 9/21/2011

54.) Alperovitch, Dmitri “Revealed Operation Shady Rat” McAfee White Paper

55.) Gross, Michael “Exculsive: Operation Shady Rat” Vanity Fair 8/2/11

56.) Keizer, Gregg. “'Shady RAT' hacking claims overblown, say security firms” Computer World 8/5/11

57.) Ibid

58.) Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity.

59.) “Dangerous Kitten” Encyclopedia Dramatica

60.) Ibid

61.) Ibid

62.) Hawke, Jack. “Internet Underground Takes on Iran”. MSN 9News. http://news.ninemsn.com.au/technology/827036/internet-underground-takes-on-iran

63.) Named after Andrey Markov, MDPs provide a mathematical framework for modeling decision-making in situations where outcomes are partly random and partly under the control of a decision maker. MDPs are useful for studying a wide range of optimization problems solved via dynamic programming and reinforcement learning.

64.) Lamont, Gary and Holloway, Eric. 2009. “Military network security using self organized multi-agent entangled hierarchies.” Proceedings of the 11th Annual Conference Companion on Genetic and Evolutionary Computation Conference: Late Breaking Papers (GECCO '09). ACM, New York, NY, USA, 2559-2566. DOI=10.1145/1570256.1570361 http://doi.acm.org/10.1145/1570256.1570361

65.) Ferrucci, David. "Building Watson: An Overview of the DeepQA Project." Association for the Advancement of Artificial Intelligence. 2010. Web. .

66.) Lamont, Gary and Holloway, Eric. “Military network security using self organized multi-agent entangled hierarchies.”

67.) Ibid

68.) Phister, Paul W. "CyberCraft: Concept Linking NCW Principles with the Cyber Domain in an Urban Operational Environment." Web. .

69.) Libicki, Martin, et al. “Influences on the Adoption of Multifactor Authentication” RAND Homeland Security and Defense Center

70.) SEC Guidence on Reporting Cyber Security Incidents

71.) Eriksson, Johan & Giacomello, Giampiero. “The Information Revolution, Security, and International Relations”. International Political Science Review Vol. 27, No. 3 (Jul., 2006), pp. 231

72.) McLure, Helen “The Wild, Wild Web: The Mythic American West and the Electronic Frontier” The Western Historical Quarterly, Vol. 31, No. 4 (Winter, 2000), pp. 457-476

 

73.) Ibid

74.) Ibid

75.) Eriksson, Johan & Giacomello, Giampiero. “The Information Revolution, Security, and International Relations”. International Political Science Review Vol. 27, No. 3 (Jul., 2006), pp. 236

76.) Ibid 237

Suggested Reading from Inquiries Journal

Cybersecurity is presented in the growing literature on the subject as an essentially "slippery" object for state security.1 The Internet puts a lot of stress on the conventional conception of state security as the insurance... MORE»
Advertisement
In Cyber War Will Not Take Place1, Thomas Rid develops his argument on the concept of "cyberwar", previously formulated in an article of the same name2 published in January 2012. His chief point is that "cyber war has never happened in the past, it does not occur in the present, and it is unlikely that it will disturb... MORE»
In June 2012, two years after the initial discovery of the Stuxnet worm,1 an excerpt from David Sanger's then soon to be released book entitled Confront and Conceal was published in the New York Times.2 This piece, purportedly based on the testimony of several current and former American, European and... MORE»
There is a widespread belief that as societies and governments become increasingly reliant upon information technology, they in turn are becoming more vulnerable to a whole range of cyber-threats.1 Whether these dangers are capable of generating enough damage to warrant a redistribution of government resources is the question at the heart of this essay. This paper provides an evaluation of the cyber-threat arguing that it deserves recognition as... MORE»
Submit to Inquiries Journal, Get a Decision in 10-Days

Inquiries Journal provides undergraduate and graduate students around the world a platform for the wide dissemination of academic work over a range of core disciplines.

Representing the work of students from hundreds of institutions around the globe, Inquiries Journal's large database of academic articles is completely free. Learn more | Blog | Submit

Follow IJ

Latest in Computer Science

2009, Vol. 1 No. 11
The earliest form of cryptography was the simple writing of a message, as most people could not read (New World, 2007). In fact, the very word cryptography comes from the Greek words kryptos and graphein, which mean hidden and writing, respectively... Read Article »
2015, Vol. 7 No. 10
Considering information is the most valuable asset of any organization, information security is one of the most important areas for every business and individual. Looking at the big picture, approximately 86% of all websites had a serious vulnerability... Read Article »
2009, Vol. 1 No. 11
With the explosion of the use of the Internet for nearly all forms of negotiable instrument exchange, the constant transmission of time sensitive and vital corporate communications, and the ubiquitous presence of malicious software writers, verifying... Read Article »
2009, Vol. 1 No. 11
As the sophistication of cyber criminals continues to increase, their methods and targets have also evolved. Instead of building the large Internet worms that have become so familiar, these criminals are now spending more time concentrating on wealth... Read Article »
2009, Vol. 1 No. 11
Multiple undersea internet cables were mysteriously severed and subsequently gained significant attention in the beginning of 2008. The attacks on those cables highlighted the enormous amount of internet traffic that uses the undersea cable system... Read Article »

What are you looking for?

FROM OUR BLOG

How to Read for Grad School
Writing a Graduate School Personal Statement
Presentation Tips 101 (Video)