CYBER-UPROAR.COM

Cyber Espionage Could Cause a Global Shift in Power

2010-08-02T12:40:00Z

As everyone around the world knows, China hasbecome quite the cyber-espionage powerhouse, enabling them for many years to"leap frog" over their own technological developments by exploiting theadvancements in the West to save time and money.

Alreadythis year the U.S. has experienced multitudes of IW exploits, includingan attack on an oil refinery site and at least 33 major intellectualproperty attacks against several leading commercial software companies. These companies employ some of the best and brightest applicationdevelopers in the U.S., and their source code, algorithms, and specifically, the methodology involved in the evolutionary ways in which we currently think and process information have been extrapolated and are now in the hands of an unscrupulous competitor.

Lookingthrough past and recent events in China's political, industrial,university and social activities and motives, it is very reasonable topredict that the next wave of cyber attacks will be against the Bio andNanoTechnology laboratory and research facilities, and here's why:

TheBioTechnology impact will reach far beyond the health care andpharmaceuticals industry and into areas obscure to common thought. Itis these obscure areas that many times hold the greatest opportunity anddisruptive power.

NanoTechnologyis an obscure science to many and one that only recently began to gainthe attention of the press. It allows for the development andconstruction of materials one atom at a time. It is difficult toimagine an industry that will not be impacted as this advanced researchbecomes commercialized in the next several years.

The combination of Nano and BioTech will evolve (and has been evolving) into the next major revolution - "The Materials Age".

Theeconomic and political implications of winning or losing the battle tobe number one in this technology could cause a shift in global power.

Numerouslaboratories in the U.S. have already experienced major exploits fromthe Chinese and fear the attack landscape they are facing in theupcoming months and years ahead.

A 2005 report from the U.S. National Academies of Science, Rising Above the Gathering Storm warns that the U.S. "could lose its privileged position" in science, with "new competitors just a 'mouse click' away."

Demos , one of the U.K.'s most influential think tanks, published China: The Next Science Superpower? in 2007. Their report indicates that:

" 'Whilethere is a marked improvement in the university sector, both in termsof the quantity of graduates [with around 350,000 IT graduates in 2004],and also the quality of degrees and PhDs, it would be wrong tounderplay the challenges that China must confront as it seeks to becomean 'innovation-oriented society.' "

Noted in an interview with Ze Zhang, (the Vice President of Beijing University of Technology) on May 26, 2006 after the general assembly of the Chinese Association for Science and Technology (CAST):

" 'Everyonethere was talking constantly of innovation. But I think we are onlyjust beginning to understand what that word really means. It's likegears grinding against one another. There's a lot of tension betweenthe push and pull for innovation and the capacity of the politicalsystem to deliver it.' "

Zhang argues that the obstacles are in the Party, private and academic sectors:

" 'Probablythe greatest challenge is to get Chinese companies to become moreinnovative ...Reform is needed here, especially in state-ownedenterprises, where the bosses are still chosen by the Party. It's notlike shareholders who have the company's best interests at heart.' "

" 'Another problem that has worsened in the past five years is plagiarism and research misconduct.' "

" 'Again,it's the result of politics getting mixed up with science... Everyoneworks with the door closed, in secret. This is very bad for innovation.' "

Informationcyber-attack tactics via internet communication technology play asignificant role in all three areas. If the Party, private and academicsectors are unable to conduct innovative solutions, the next logicalstep is to conduct yet another spying escapade via politically motivatedhackers whether they are state sponsored or funded by private sectors:

On Monday, October 29, 2007, (one year and five months after the interview with Ze Zhang), Oakridge National Labs (ORNL ), the Department of Energy's largest Science and Energy laboratory, was exploited by a coordinated attack.

A database containing sensitive information of approximately 12,000 scientific researchers who visited the facility from 1990 - 2004was penetrated while attempts were made to gain access to computernetworks at numerous laboratories and other institutions across thecountry.

Several weeks before theactual exploit, there were approximately seven waves of 1,100 phishinge-mails delivered using a very sophisticated strategy:

Groupsof ORNL employees were sent out e-mail notifications regarding anupcoming scientific conference. Others were sent a complaint on behalfof the Federal Trade Commission. In 11 known cases, the employees tookthe bait.

Each e-mail instructed the recipient to open an attachment for further information. And when they did, it "enabled " the hackers to infiltrate the system and remove data," Thom Mason, the Director of ORNL said.

"Everyyear we build bigger and more sophisticated fences around our databasesand every year our enemies find new and more sophisticated ways totunnel under the fence. This is an ongoing challenge that is going tobe here as far as we can see in the future," Mason stated.

Officialsat Pacific Northwest National Laboratory in Richland, Washingtondiscovered and reported a similar exploit on the same day.

In late October the I.P. addresses related to the attacks were discovered to be owned by Chinese websites.
Asscience and technology advancements continue to accelerate, IW willaccelerate. The social, economic and political impacts of theseadvancements will continue to threaten global shifts in power.

Executivesin business, government and industry must become knowledgeable enoughabout near-term breakthroughs in order to properly position themselvesand their organizations in order to defend themselves and gain proper"triage' rights in the industry to protect them against the next "TitanRain" or "Titan Hail" of IW.

Asnew advances are made, more IW advances will rapidly evolve and willexponentially increase the rate of the cyber threat model we see todaywhether they be state-funded, corporate, or academia-related (or allthree).

Thecombination of NanoTechnology and BioTechnology will evolve (and hasbeen evolving) into the next major revolution - "The Materials Age".

Theeconomic and political implications of winning or losing the battle tobe number one in this technology could cause a shift in global power.

SCADA - A Glimpse Beyond the 'Power Outage'

2010-07-27T13:46:00Z

For at least the past ten+(+) years, we have heard or read about our Country's vital SCADA (Supervisory Control And Data Acquisition) systems being vulnerable and overwhelmingly 'cyber-attacked' by malicious hackers.

In general, SCADA systems refer to an industrial control system: a computer system monitoring and controlling a process. The process can be industrial, infrastructure or facility-based, and they run on very old PC's running very old versions of Microsoft Windows operating systems using a very insecure network protocol run over TCP/IP. Some of their systems have been mildly upgraded and connected to the Internet for those workers who like to connect from home.

Because these systems are proprietary and owner-operated, the reports and propaganda that has been passed around in the news and even in the industry itself has been focused on only one aspect of SCADA's area of control: The power grid. I would like to list the other Industrial control systems that SCADA systems influence:

:: Refining;
:: Fabrication;
:: Power generation;
:: Manufacturing;
:: Production;
:: Water treatment and distribution;
:: Waste water collection and treatment;
:: Oil and gas pipelines;
:: Electrical power transmission and distribution;
:: The pharmaceutical industry;
:: Wind farms;
:: Civil defense siren systems and
:: Large range communication systems

Facility processes occur both in public facilities and private ones, including buildings, airports, ships, and space stations. They monitor and control HVAC, access, and energy consumption.

So, as you can see, disrupting our SCADA system could mean a whole lot more than simply shutting down our power for a week. If all, or even three targets were taken down, say water treatment, waste water collection and, oh... large range communication systems, all at once (and they would be down for more than one week), whatever area(s) that were affected would feel and smell like a third world country pretty quickly. Is that the master plan - or am I hyping a conspiracy theory? It's plausible.

Think about the probability of one of the leading pharmaceutical companies being overtaken without anyone's knowledge and the grim thought of wide-spread distribution of an altered drug? Impossible? No!

It is interesting to note that several months ago I had decided to research this SCADA topic from several different angles for a book - including the "elite" hacker point of view (HD Moore and his pride and joy "Metasploit" architecture), imodscan (a network scanner built with Metasploit to scan and exploit the SCADA network protocol), and the modbus protocol (the very insecure protocol running over the TCP/IP network that sustains these SCADA networks) - in an attempt to (in my book) solve the issues from the inside-out by getting in using various cloak and dagger techniques.

By doing further research on the modbus protocol, I found the website to the company who designed the protocol, and amazingly enough, they had a huge list of their customers - hundreds of them. It took at least an hour or two, but I was able to compile a list of hardware, components, and ultimately hardware vendors and COTS vendors who pushed out full solutions to their customers who actually LISTED their customers. (Turns out China bought three systems from one of our U.S. manufactures. (Quid-pro-quo?) But I digress.

The real reason I am writing this column is because I came across this specific article that said "Even with minimal Internet access, malware and breaches are increasingly occurring in utility, process, and control systems." Still.

The article blames 30% of the malware coming in via USB keys internally. That part is easy to solve.

I can't help but wonder what the number of attacksbased on the code that HD Moore publicly spread around, proving exactlyhow easy it is to exploit the SCADA systems - the same code that waspublished in plain text in one of TechRepublic's online magazines... Ifthey still have it up there, the comments are truly hilarious and worth aread, but I won't post the exact location nor will I post any of ithere.

But what about the widely publicized problems: the privately owned facilities with no regulation authority? The mis-matched installation network interface cards, the patchwork of data transmission cables and the insecure protocols themselves? Antiquated machines, users who demand to connect to the intranet from home? Various versions of an unstable and security-ridden operating system? These systems monitor processes that in turn control and leverage the actual functionality of a facility. Yes, the facilities themselves (in most cases - water treatment, for example) use physical load bearing balancing acts to support the "old fashioned way", but it is not completely impossible to affect these as well, through intelligent efforts. And I haven't even touched the surface. All-in-all, these systems are riddled with issues that should concern even the most extreme anti-'paranoirist'.

These system priorities begin with availability being paramount, but Top Secret level security solutions need to be in the loop somewhere - including a DoD physical presence in light of the electromagnetic wave and in-range bombing threats.

My head spins around when I read such material knowing what I now know about how critical these systems truly are and knowing they are privately owned and operated.

While there has been much progress in several areas of study on the matter, as well as the development of "SCADA and Control Systems Survival Kit", (a document of best practices for SCADA systems), there has been a severe lack off concentrated effort, solutions and real-time contribution among the most "key" whitehat security "experts".

(c) 2010 Cyber Uproar

Timeline Update / Correction to 'China's Long-Term (2 Year!) IW Strategy Hits U.S. Hard!'

2010-07-14T10:35:00Z

It has been a long and arduous journey. The relocation was fairly painless and the rest of the management team transitioned here as well. The rest of the contract will be taking up much more of my time than usual; however, I have a plethora of posts coming soon. In the meantime, enjoy the timeline - I will be adding a third layer showing the hardware and software "security products" explosion over time and its success (or failure and why) to meet the needs of the increased virus outbreaks and hacks. The hope is that 'pitting' all three layers together to provide a vivid visual analysis will reveal more interesting patterns.

I have made a request to the developers to add more functionality to the timeline and they heartily accepted the additions. Therefore, be on the lookout for a timeline key, which will immensely aid your viewing, and in the near-future, the ability to stack up to 5 (or perhaps even more) vertical layers onto the timeline for even more pattern visualization. Fun, fun!

Thank you for your patience and insightful email commentary.

Correction:

In an earlier post: 'China's Long Term (2 Year!) IW Strategy Hits U.S. Hard' I bastardized the art of analysis and reporting by indicating the myth that China had established "copyrights" to over 90+ percent of rare earth minerals.

That post has been duly corrected: China has secured a "dominant position" regarding the rare earth materials, including ores, oxides, metals, alloys and semi-finished rare earth products that cannot be reproduced artificially.

The source for this correction requests to remain anonymous.

My sincere apologies to my readers - the inaccuracy shows slight of diligence which will be carefully avoided in all future posts.

(c) 2010 Cyber Uproar

It's 2010, Can Someone Please Tell Me What Information Warfare Really IS?

2010-05-30T14:11:00Z

There are several Chinese authors who command respect for the scope of their works and depth of their thought on IW issues, as well as Mr. Timothy L. Thomas from the Foreign Military Studies Office in Fort Leavenworth, K.S., to whom I owe a great debt for the translation of much of this material.

I will do my best to briefly cover the span of years 1996-2010; however,it is interesting to note the slight shifts in definitions with accordance to social, political and economic issues in the world during those times. I have done my best to weave prime examples in and out of these "definitions" of Information Warfare.

The developing nature of the Chinese perspective of IW

1996: one of the first definitions offered stated that "IW is a war in which both sides strive to hold the battlefield initiative by controlling the flow of information and intelligence."

This initial definition did not address information superiority or information operations, just control. Instead of protecting friendly information systems and attacking enemy systems, (as the U.S. defines the term), the emphasis was on protecting oneself and controlling the enemy.

Also in 1996 Wang Pufeng, Yang and Guo stated that the central issue in achieving victory in IW is control of information, that the most important initiative of future battlefields would be the power to control information. "Victory will be determined by the side that has the capability to control information resources and their utilization". These are the indices of a nation's capacity to direct a war effort, they wrote.

An example of a victory (performed in 2008!) can be seen here .

For now, it is suffice to say that clearly, in 1996, the emphasis was on control.

1997: fewer attempts to define IW were made. Noted author stated that IW includes all types of war fighting activities that involve the exploitation, alteration, and paralysis of the enemy's information and information systems, as well as those types of activities which involve protecting one's own.

Author Liang Zhenxing added that the Chinese definition of IW should take cognizance of Chinese characteristics but be in line with the definition prevailing internationally. In that respect his IW definition is more aligned than some to the U.S. definition.

1998: even fewer original discussions of the term IW. One analyst defined IW as the ability to hinder an opponent's decision-making while protecting friendly decision-making abilities.

It is interesting that the Chinese emphasis is not on attacking enemy information systems but on "hindering" an opponent's decision-making. ... I suppose attacking the enemy's information systems wouldn't allow much room for control.

1999: Chinese analysts again return to a serious debate over IW issues,defined more broadly this time as involving two sides in pitched battle against one another in the political, economic,cultural, scientific, social,and technological fields. The fight was over information space and resources.

IW was also defined narrowly as the confrontation of warring parties in the field of information. The essence of IW, Shen wrote, is to attain the objective of "forcing the enemy troops to surrender without a fight" through the use of information superiority.

Obviously this definition echoes historical Chinese thoughts on warfare;however this seems to imply that information superiority is more of a cognitive than systems related process.

Another definition in 1999 was proposed by Chinese author Yuan Banggen, the head of a General Staff Directorate. He stated that IW is the struggle waged to seize and keep control over information, and the struggle between belligerent parties to seize the initiative in acquiring, controlling and using information.

This is accomplished by capitalizing on and sabotaging the enemy's information resources, information systems, and "informationized" weapon systems, and by utilizing one's own.

Yuan thus substitutes capitalizing and sabotaging for the U.S. term attacking while simultaneously emphasizing control. He also noted that IW is a kind of knowledge warfare, a rivalry between groups of professionals with hi-tech knowledge.

A third 1999 discussion distinguished IW and informationized war, defining IW as a form of fighting and part of a complete war, and informationized war as an entirely new form of war. IW will gradually become informationized war, but this won't happen until the middle of the 21st Century when informationized forces will be available. The latter is the follow-on to mechanized forces.

(Does this sound familiar?) Read on...

In 1999 informationized forces were viewed as the soul of Sun Tsu's "subduing the enemy without battle," the tactic requiring superior military strength, full preparedness, destroying the enemy's strategy, and cultivating, conducting and fostering discipline with the goal being to "force the enemy side to regard their goal as our goal," to "force the opponent to give up the will to resist and end the confrontation and stop fighting by attacking an enemy's perception and belief via information energy."

If perceptions are attacked correctly, morale drops and with it control,the main ingredient in IW. The proper information assault can make this work.

Again, the focus in 1999 includes some cognitive aspects of IW and again an emphasis on control.

In late December of 1999, Xie Guang, the Vice-Minister of the Commission of Science, technology and Industry for National Defense stated IW "in the military sense means overall use of various types of information techniques,equipment, and systems,using disturbance, misinformation or destruction of the enemy's information systems, to shake the determination of the enemy's policymakers,and at the same time the use of all means possible to ensure that one's own information systems are not damaged or disturbed."

Ouch.

2000: IW specialist Wan Pufeng offered a deeper explanation of IW than any seen to date, distinguishing it from information war. In his opinion an information war refers to a kind of war and a kind of war pattern, while information warfare refers to a kind of operation and a kind of operational pattern. The new operational pattern refers to operations in a computer network space.

Information warfare embraces information detection systems, information transmission systems, information and weapon strike systems, and information processing and use systems. Information war embraces information warfare. Both integrate information and energy and use an information-network-based battlefield as their arena of activity.

I'll talk more about operational patterns in part 2.

{ end part one }

(c) 2010 Cyber Uproar

Visual Timeline Reveals Swarm of Hacks

2010-05-14T05:30:00Z

Today (tonight?) I finally began working with TimeGlider , the web-based timeline maker I mentioned in my earlier post, built by Mnemograph.

My objective is to (hopefully later today), embed a two layered timeline (the top layer filled with "random" events, the bottom layer filled with attacks and virus outbreaks) that is interactive. At the current time, I have a "work in progress" ready to go, however, I failed to use the beta version of the software that would have enabled me to conjoin the two timelines together in one embedded statement, and may need to start the project over.

So, I've taken a snapshot to give just one example of some random data that I've captured today.

The picture below is an actual view of the two timelines I mentioned. This is a five-year view, but you can zoom down to the day. If you hover over the event, you will get the date and time - if you click on the event, you will get any added information. For simplicity, I added no pictures, just icons.

I want to draw your attention to the large red star on the top timeline, and the black half-moons on the bottom timeline. Since I zoomed out for the five-year snapshot, I'll fill in the dates.

On September 6th, 1996, after China opened it's 256K dedicated circuit connected to the US, 10 days later the CIA was hacked, the UK Labour Party was hacked... you can see the pattern for yourself. It is amazing when you zoom out even farther - you begin to realize what is happening with the business and political events simultaneously. But, there are such things as coincidences.

Note: There were no other hacks to government sites before this - there were only viruses, and virus creation toolkits wide spread and made available on the internet, from what information I have gathered thus far. Of course, this information is incomplete.

If I continue to fill in the blanks (who knows how long it would take and if it could ever be completed by one person), I'm quite certain I would continue to see a fascinating orchestration and multiple arrays of events both past,present, and presumably future.

At any rate, this is just one of many examples that a visual timeline can do. It acts like a gliding scatter-plot that you can add pictures and icons and meaningful text, data, and/or links to.

This particular example was done in just a few hour's time and is simply a few inches of a few feet of data that I have entered into the (free) software.

I utilized and compiled various existing sources (which I will thank profusely once I have the actual timeline posted) on the internet and also obtained information from several books that I have been reading in my spare time, but I have yet to have cracked the surface on the data I have available.

I am going to concentrate on virus outbreaks and attacks against the U.S. for the majority of my time (among other things). I welcome any assistance.

Once the live version is available, it will be embedded in the header or footer of the blog. I haven't decided yet.

Join in - comments are disappearing into the ether...

(c) 2010 Cyber Uproar

How the U.S. Has Been Blindingly Scathed by the Chinese Stratagems of InfoWar - Part Two

2010-04-29T05:22:00Z

Refresher:

1. Stratagems for the Stronger Force
2. Stratagems for Two Equal Forces
3. Stratagems for Direct Attack
4. Stratagems to Confuse the Enemy
5. Stratagems to Gain Ground
6. Stratagems Before the Last Stand

Once again I am using example situations of how the Chinese"net force" has been using the 36 stratagems of war against the U.S. in IW manuevers by using one or two examples.

Continuing from Part One, as highlighted above, we are concluding the techniques of section one: the Stronger Force and moving into section two: Two Equal Forces.

Category 1: Stratagems for the Stronger Force

No. 04. Wait at ease for the enemy

(To be near the goal while the enemy is still far from it, to wait at ease while the enemy is toiling and struggling, to be well-fed while the enemy is famished:--this is the art of husbanding one's strength.)

The Chinese set their global, holistic goal in place many years ago, as is evident by the astonishing array and multi-dimensional orchestration of their barrage of cyber attacks as well as non-cyber initiatives and activities against the United States and other countries over the last 14+ years.

The U.S. Military has be struggling on many levels to discern the correct approach to resolve the integral issue of technical deterrence. Compounded by corporate and privately owned layers of Internet backbone and routing technology, the Military has no accurate way to pinpoint 100% attribution on-demand.

While the U.S. toils away on this matter, Beijing waits, patiently at ease, well-fed on the information they have gathered via IW, like taking candy from a baby, closer and closer to accomplishing their goal of global Military, Economic, Industrial, Biotechnological, Biochemical, Cyber, and Knowledge/Information domination. (I'm certain I've missed a few.)

Category 2: Stratagems for Two Equal Forces

These stratagems focus on immediate options that you have on hand: using what you already have or what exists in your environment; create illusions; make new weapons; or form new and innovative plans. These stratagems require that you look at your own situation with fresh eyes and that you understand how your opponent looks at your environment and arsenal, so that you can create convincing illusions or put old items to new uses.

In this sense, the Chinese are looking at the U.S. as an equal force in cyber technology, which represents an important factor which I will go into detail about in the final installment: "Clipping the Wings of the Tiger: Final Installment of How the U.S. Has Been Blindingly Scathed by the Chinese Stratagems of InfoWar".

No. 0.7 Create something out of nothing

(Get what you need by trickery or illusion.)

China leveraged its economy to force IT companies, most significantly Microsoft, to reveal sensitive and proprietary information regarding their software applications. This information allows the PLA to utilize "zero-day" security flaws in Microsoft applications that exploit unknown or unpatched software vulnerabilities before the vendor patch is available. It also greatly enhances the PRC's ability to plant malicious software designed to collect sensitive information or potentially damage networks and infrastructure.

No. 08 Use a well-known path to advance by a hidden path

(Use the commonly expected strategy to hide the real strategy.)

China is notorious for hacking servers such as the Pentagon, the Department of Defense and Sandia Laboratories. These attacks, along with distributed denial of service (DDoS) attacks, have been their "expected" strategies.

Attacking the IMF in 2007 wasn't a huge surprise, however the information stolen that led to China obtaining information regarding third world countries who the U.S. has and has not funded in order to gain mineral dominance for 97 percent of all raw minerals for over 20 years was not a strategy that was expected.

Additionally, infiltrating U.S. organizations where some of the best and brightest software developers are employed and stealing the source code for their major applications was not an area the U.S. expected as part of the IW threat from China.

No. 10. Conceal a dagger in a smile

(Never express anger, and never express sarcasm. They show weakness, and they show hastiness in revealing motives.)

On April 1, 2001, a cyberwar between China and the United States erupted after a U.S. Navy spy plane collided with a Chinese fighter jet over international waters in the South China Sea, resulting in the death of the Chinese fighter pilot.

Chinese hackers declared a week-long May Day war on U.S. sites.

In retaliation, several U.S. hacker groups defaced hundreds of Chinese government and commercial websites with pornographic images and messages advocating drug abuse.

(c) 2010 Cyber Uproar

How the U.S. Has Been Blindingly Scathed by the Chinese Stratagems of InfoWar - Part One

2010-04-28T09:27:00Z

The Chinese feel a compelling need to develop a specific Chinese IW theory. This theory must be in accordance with Chinese culture, the economic and military situation in the country, the perceived threat, and the Chinese military philosophy and terminology.

Chinese IW theory is strongly influenced by Chinese military art. China has quickly integrated IW theory into its People's War concept, and it is believed that they have already developed their independent "net force" branch of service (to supplement the navy, army and air force), and have applied the 36 stratagems of war into their IW methods.

Here in Part One I will outline ways in which China's "net force" has already used two of these stratagems against the U.S. In future segments I will continue this trend until they are exhausted and will finish with a proposed strategy on how to apply several of the stratagems of war in unique and interesting ways to the U.S. IW theory in an effort to assuage the Chinese attacks as they successfully pick and choose their targets. The goal is to, over time... reverse roles by poly-morphing several stratagems together into one complex whole.

Before beginning, I find it important to enlighten or refresh you regarding the Chinese war theory and how it is very different than the traditional game of Chess. As you probably are aware, in Chess one starts with a board filled with pieces, the object being to think several moves in advance of your opponent and capture pieces as you move along until there are no more pieces - the game ending when one King has captured the other King.

In direct contrast, the Chinese theory to war is like that of the game of Go, where one starts with an empty board, and the players take turns placing pieces (black and white stones) on the board in an effort to gain control of as much territory as possible. Although capturing of an opponent's stones is possible, it is secondary to controlling territory. To play well, one must balance defending one's own territory and attacking the vulnerable pieces of the opponent. The game of Go ends with the board filled with pieces and the winner controls the greatest amount of territory.

36 Stratagems (don't worry, all 36 are not listed here), are broken down into six categories:

1. Stratagems for the :: Stronger Force
2. Stratagems for :: Two Equal Forces
3. Stratagems for :: Direct Attack
4. Stratagems to :: Confuse the Enemy
5. Stratagems to :: Gain Control
6. Stratagems :: Before the Last Stand

I'll begin with two stratagems (from China's perspective of being the Stronger Force) that their "net force" has already used against us by simply using an example or two, although (unfortunately) there are quite a few of each.

Category 1: Stratagems for the Stronger Force

No. 01. Deceive the sky to cross the sea

(Conceal your preparations by being completely open and public.)

A network administrator was looking for a hacker that continued to break into a Department of Defense server to gain access to a confidential database. After failing to stop him after several weeks of diligently trying, he was funded the money and set up an Intrusion Detection System in front of the firewall to inspect and log all of the incoming and outgoing traffic. The logs were almost immediately full, and his days were filled with combing the logs, looking for suspicious traffic. Finally the administrator spent several weeks worth of late nights over coffee looking over the logs and observantly realized that a General's Secretary was logging into his system at 18:00 hours every night when he was never there. The hacker had succeeded so long because he had legitimate credentials and had made himself an acceptable part of the scenery while in the act of committing IW.

Category 1: Stratagems for the Stronger Force

No. 05. Loot a burning house

(If your opponent suffers adversity not related to your battle, you can use the diversion of his attention, energy, and resources to further weaken him.)

January 12, 2010 - Haiti was struck by a magnitude -7.0 earthquake, creating much diversion in the U.S.

Google censorship intensifies, forensic analysts, the CIA and FBI (and many others, presumably) are called in to investigate the Google incident, and millions of Americans and government agencies rush to the aid of the Haitians.

January 25, 2010 - The U.S. oil industry is hit by cyber attacks with another "new level of sophistication", once again focused on one of the crown jewels of the industry: valuable bid data detailing the quantity, value, and location of oil discoveries worldwide (coincidentally similar to the 2007 IMF incident).

Once again, the attackers took over a major portion of the network (again, coincidentally like the IMF incident). A previous (yet different in style) attack from China in 2008 gained the attackers all the information they needed to assemble and craft the perfect bullet for this infiltration - all that they needed was a major distraction.

Attention is still drawn to the Google and Haiti incident while remaining experts are in awe over the attack that looks nothing like anything they have ever seen before.

(c) 2010 Cyber Uproar

Is creating a separate Service Branch on par with the Army, Navy and Air Force a bad idea for "Cyber War"?

2010-04-27T11:38:00Z

I don't necessarily think so.

Well, let me rephrase that. I think the tactics used (at this time) are to obtain information, and as such - should be continued to be properly termed InfoWar. As such, the currently existing "armed" services shouldn't be going around shooting and blowing up bits and bytes.

I do believe that our enemies tactics are similar to our own U.S. hackers and are thus two-fold in nature: one - they issue a barrage of distraction DDoS attacks and other annoyances to tie up random (or targeted) resources away from their target to keep everyone busy, while two -they infiltrate their target(s), seek-and-find what they want, and plant their back-door's.

I don't believe that an entire branch "on par" with the Army, Navy and Air Force is necessary, but I do believe that a branch that is structured and executed much like the Coast Guard would be an intelligent decision for multiple reasons:

:: Cyber could be considered as an "ancillary" weapon during tactical military operations. For example, this branch of the military could coordinate and execute a targeted attack that would disable the enemy's missile launching systems.

:: Soldiers could be dedicated to researching classified and unclassified resources that could lead to further discovery of long-term enemy strategies.

:: Specially trained officers could become analysts and work with expert researchers to create sensitive algorithms for data mining systems that would plant the seeds for long-term, broad based InfoWar analysis looking far into the future.

:: Specifically trained soldiers could work around-the-clock on devising, building, testing and implementing deterrence techniques to put in place to defeat attacks on critical infrastructures.

:: Trained Soldiers could be "on watch", alleviating the need for conventional soldiers to "get up to speed" with computer security and forensics technology.

:: We don't know what, if anything, our enemies have created to use against us or in what capacity, so developing a few offensive and defensive techniques wouldn't be a bad idea.

:: Finally, an entirely separate division would focus their efforts, (by positioning a Cyber Guard branch of the military entirely focused on Cyber), on the coordination and facilitation of training operations between appointed industry experts from each sector of technology - congruent with both military operation standards and compliance - and industry implementation, policy and procedure guidelines.

Together the Cyber Guard unit focused on working with the Industry experts and the experts working side by side with the unit, would map out an initial course of action and set the stage for future Phases of Strategy and Implementation Guidelines.

This brand new type of alliance between a military unit and industry organizations will be crucial to an overall strategy to secure the Internet and our critical infrastructure.

This course of action would be the first of many steps towards standing up a Cyber Guard unit that coordinates with both a service branch of the armed forces and with the industry's top notch experts, where the Cyber Guard unit will be privy to immediate forthcoming information, and where the industry experts will gain trust and further insight into where the nature of the attacks are coming from and theories as to why, so they may continue their research and build and design better system security software considering military performance specifications. In my opinion, it's another case of a win-win-win all around.

I'm sure I've left plenty of things wide open for debate, for example - I think the far bigger picture of the IW that has been hitting the U.S. HARD for years now - the information being gathered - is not random but specifically chosen and state-sponsored and in a designated order, however I believe this is a high level Department of Defense issue, and that delegation may include coordination with the "Cyber Guard" unit and with a unit that is prepared to out-maneuver these tactics and perform strategic tactics of their own.

(c) 2010 Cyber Uproar

China's long-term (2 year!) InfoWar Strategy Hits U.S. Hard!

2010-04-25T07:03:00Z

In October of 2008,

The International Monetary Fund took a blind hit from Chinese state-sponsored hackers in a military tactic known as 'Strategic Information Warfare'.

At the time of the attack that lasted for approximately one week, the IMF had a network link into the World Bank, the World's largest anti-poverty agency.

Spy-ware was detected on the entire network, "but absolutely no evidence that any sensitive information or systems were breached".

(Note: The definition of systems being infiltrated means that systems were breached, and having spy-ware detected across your entire network means that the probability is very high that sensitive information was stolen and possibly more was sent out through several back-door's while the spy-ware was diligently being removed across the entire network.)

But what could be the point?

Nick Day, a former British Intelligence Officer who runs Diligence, a private investigative firm, insists that "...what the Chinese are looking to do is to get influence over a number of third world countries where there are assets in particular, where there are minerals , oil, etc. - where there is wealth that would be strategically useful. And if the IMF is not going to bail them out, or is going to bail them out at a rate which is fairly punitive, then the Chinese can go into those countries and say, "Don't go to the IMF. Come to us. We'll bail you out and we want exclusive deals over the next 20 years to all of your mining concessions in your country, access to mineral wealth, access to oil - all the raw materials that China is going to need to keep carrying its economy forward."

(Side note: the above is a great example of a preemptive motive one could use to delineate between the young hacker vs. the nation-sponsored political attacker.)

September 2009

China secures dominance of over 97 percent of the production of rare earth minerals.

(Note: these minerals cannot be reproduced artificially.)

These minerals are used by the U.S. in every electronic device - cell phones, computer hard drives, guided missiles - and will impact critical military uses, such as defense systems, precision-guided munitions, lasers, communications systems, radar systems, avionics, night vision equipment, satellites and more, according to the Government Accountability Office.

China, of course, decreases output and increases export taxes on all rare earth material to a range of 15 to 25 percent.

September 2009 thru January 2010

China is cheating on trade agreements, aggressively pursuing military capabilities and aggressively conducting cyber-attacks.

The U.S. economy is still bleak at best. China continues to support the U.S. dollar.

January 2010

The White House National Security Council directed U.S. spy agencies to lower the priority placed on intelligence collection for China from Priority-1 to Priority-2, "amid opposition...from senior intelligence leaders who feared [rightly so] it would hamper efforts to obtain secrets about Beijing's military and its cyber-attacks".

Now let's put these four pieces of information together:

1. October 2008

The IMF and the World Bank were infiltrated by a severe cyber-attack, gaining China valuable insight into the countries we were and were not funding.

2. November 2008 thru 20??

China takes this information and gains major influence over third world countries in exchange for exclusive deals over the next 20 years to all mining concessions in those countries, including mineral wealth and raw materials they need.

3. September 2009

China controls dominance over 97 percent of our rare earth minerals that has long-reaching implications for the U.S. Department of Defense.

4. January 2010

Despite China's persistent and aggressive cyber-attacks against the U.S., the Obama administration directs the U.S. spy agencies to lower the priority against China in order to "assuage Chinese concerns" that intelligence agencies are "exaggerating" threats from Beijing.

So, while we continue to loosen up our grip on gathering our own information, China continues to conduct more aggressive attacks - thus furthering their long-term agenda(s).

In this particular instance, (pardon me if I've missed a few steps) - while we pay back our debt to China, pay taxes on much needed minerals (when they allow us to have them) - taxes that help refill their depleted cash flow from lending out to third world countries, we now have given them insight as to an approximation of what supplies we have left, our building operation efforts, and have allowed them to stifle our innovation efforts and limit our supplies - while they have, through long-term - (though not very long-term) Information Warfare tactics, stolen our current and near-future weaponry plans.

Not a bad plan.

Unfortunately, because the current Military efforts and strategies continue to get smacked down by the Obama administration or Policy makers and/or internally wrestled within the government organizations themselves as to who will stand up the U.S. CyberPower unit and conquer the deterrence debate, these state-sponsored InfoWar tactics are going to persist and quite possibly cripple U.S. control as China continues to take a long-term, broad-based approach to National Security.