Offensive capabilities



Similar documents
How Covert Agents Infiltrate the Internet to Manipulate, Deceive,...

Cybersecurity & International Relations. Assist. Prof. D. ARIKAN AÇAR, Ph.D. Department of International Relations, Yaşar University, Turkey.

NATO & Cyber Conflict: Background & Challenges

AN INSIGHT TO CYBER WORLD WITH PROF. MICHAEL E.SMITH

2 Gabi Siboni, 1 Senior Research Fellow and Director,

National Cyber Crime Unit

The main object of my research is :

Workflow Administration of Windchill 10.2

GFSU Certified Cyber Crime Investigator GFSU-CCCI. Training Partner. Important dates for all batches

Trends Concerning Cyberspace

Research Note Engaging in Cyber Warfare

The UK cyber security strategy: Landscape review. Cross-government

Appendix A: Gap Analysis Spreadsheet. Competency and Skill List. Critical Thinking

Cyber Security Summit China and Cyber Warfare Desmond Ball 25 July 2011

No. 29 February 12, The President

Ordinary Legislative Procedure

1342) Prerequisit. cies. Investigative interview and C9, F9,) interviews. research, the. C. Sketching. the Crime and students. Scene.

How do we Police Cyber Crime?

Cyber Diplomacy A New Component of Foreign Policy 6

Dear Delegates, It is a pleasure to welcome you to the 2014 Montessori Model United Nations Conference.

CYBER SECURITY STRATEGY AN OVERVIEW

1 of 7 31/10/ :34

White Paper: Cyber Hawk or Digital Dove

Roles and Responsibilities of Cyber Intelligence for Cyber Operations in Cyberspace

Harmful Interference into Satellite Telecommunications by Cyber Attack

No. 30 February 16, The President

working group on foreign policy and grand strategy

James R. Clapper. Director of National Intelligence

The National Counterintelligence Strategy of the United States

Cybersecurity. Canisius College

Cybercrimes: A Multidisciplinary Analysis

Topic: Cyber Security

West African Minerals Corporation ("West African" or the "Company") Holding in Company

Today s Global Cyber Security Status and Trustworthy Systems That Leverage Distrust Amongst Sovereigns

Cyberterror. Cyberspace computer-mediated communication systems has become a battleground between states and terrorists, and among nation states.

Counterterrorism and Cybersecurity

"Cyber War or Electronic Espionage - Active Defense or Hack Back" David Willson Attorney at Law, CISSP Assess & Protect Corporate Information

UNCLASSIFIED. Executive Cyber Intelligence Bi-Weekly Report by INSS-CSFI. June 15th, 2015

Anthony Minnaar Dept of Criminology & Security Science School of Criminal Justice College of Law University of South Africa

Methods of Denial of Service attacks and applicable ways of defense

Internet Safety and Security: Strategies for Building an Internet Safety Wall

UTCS CyberSecurity. Educating Cyber Professionals. Dr. Bill Young Department of Computer Sciences University of Texas at Austin. Spring Semester, 2015

SUMMARY OF KEY SECTIONS OF THE USA PATRIOT ACT OF 2001 By Richard Horowitz, Esq.

TLP WHITE. Denial of service attacks: what you need to know

Cybercrime in Canadian Criminal Law

Unit 3 Cyber security

Accreditation in Higher Education - an introduction -

Public Private Partnerships and National Input to International Cyber Security

DENIAL OF SERVICE: HOW BUSINESSES EVALUATE THE THREAT OF DDOS ATTACKS IT SECURITY RISKS SPECIAL REPORT SERIES

RUSSIA CHINA NEXUS IN CYBER SPACE

Korea s experience of massive DDoS attacks from Botnet

Statement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives

EXTREME CYBER SCENARIO PLANNING & ATTACK TREE ANALYSIS

Cybersecurity in SMEs: Evaluating the Risks and Possible Solutions. BANCHE E SICUREZZA 2015 Rome, Italy 5 June 2015 Arthur Brocato, UNICRI

Comparison of Information Sharing, Monitoring and Countermeasures Provisions in the Cybersecurity Bills

NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA

Sport and Sports Betting Integrity Action Plan Britain s approach to address risks to the integrity of sport and sports betting

Knowing Your Enemy How Your Business is Attacked. Andrew Rogoyski June 2014

Honourable members of the National Parliaments of the EU member states and candidate countries,

Cyber defence in the EU Preparing for cyber warfare?

STATE UNIVERSITY OF NEW YORK COLLEGE OF TECHNOLOGY CANTON, NEW YORK COURSE OUTLINE JUST 201 CRITICAL ISSUES IN CRIMINAL JUSTICE

A Detailed Strategy for Managing Corporation Cyber War Security

the Council of Councils initiative

NCIS Overview. Prevent Terrorism Protect Secrets Reduce Crime

Regulatory Story. RNS Number : 8343I. DCD Media PLC. 08 July TR-1: NOTIFICATION OF MAJOR INTEREST IN SHARES i

Guide to Wireless Network Security

Corporate Spying An Overview

Panel 3: Applicability of International Law to Cyberspace & Characterization of Cyber Incidents

MI5. Careers Guide 2012/13. Owing to the sensitivity of our work, we do not publicly disclose the identities of our staff.

Cybersecurity Primer

WRITTEN TESTIMONY OF

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

Espionage and Intelligence. Debra A. Miller, Book Editor

VIENNA MODEL UNITED NATIONS CLUB

Public Opinion on Selected National Security Issues:

Customer Acceptance Policy

TYPES, PREVALENCE, AND PREVENTION OF CYBERCRIME. Haya Fetais & Mohammed Shabana. Saint Leo University COM- 510

STATEMENT OF JOSEPH M. DEMAREST, JR. ASSISTANT DIRECTOR CYBER DIVISION FEDERAL BUREAU OF INVESTIGATION

Brief on Did GCHQ Spy on You Illegally?

Earn a Bachelor or Master of Science Degree (BS/MS) in Intelligence Management at Henley-Putnam, a Leader in Intelligence Studies Education

The EU s approach to Cyber Security and Defence

PUREPROFILE LTD. ACN CONTINUOUS DISCLOSURE AND COMMUNICATION POLICY

Computer and Network Security in Higher Education

Visualizing Threats: Improved Cyber Security Through Network Visualization

Transcription:

Chapter 5 5 Beyond signals intelligence: Offensive capabilities 5.1 Introduction Documents released by German magazine Der Spiegel provide a much richer picture of the offensive activities of the NSA and its allies, including the UK s GCHQ. i The global surveillance infrastructure and hacking tools described in the previous chapters are not only used for obtaining information to be fed into intelligence reports and tracking terrorists. The agencies are also developing cyber-warfare capabilities, with the NSA taking the lead within the US armed forces. This militarisation of the internet saw U.S. intelligence services carried out 231 offensive cyber-operations in 2011 ii. The UK's National Strategic Defence and Security Review from 2010 made hostile attacks upon UK cyberspace a major priority iii. It is fair to assume that many countries are following suit and building cyber-warfare capabilities. Der Spiegel terms the development of these aggressive hacking tools as Digital Weapons. In their view D weapons which should join the ABC (Atomic, Biological and Chemical) weapons of the 20th century because of their indiscriminate nature. Here lies a fundamental problem. The modern world with connected global communications networks means that non-state actors such as civilians and businesses are now affected by the agencies activities much more frequently than before. The internet is used by everyone cyberspace is mainly a civilian space and the opportunity for collateral damage is huge. The papers leaked to Der Spiegel appear to show that signal agencies have little regard for the security and wellbeing of anyone who gets caught in the path of their operations. According to the documents, the agencies generally use the equipment of third parties including innocent internet users - as an intermediate step for exfiltrating information form their operations. They even call them unwitting data mules, and while in some cases they could be employees of companies, in other cases they appear to be quite random. This way the agencies cover their tracks and avoid being detected. But of course the unwitting victim could end up suspected of wrongdoing. These is a thin line between many GCHQ activities and what is understood as cyber warfare. The Tallinn Manual on the international law applicable to cyber warfare sets out that cyber attacks on civilians are unlawful. iv The agencies, oversight bodies and Parliament need to acknowledge that GCHQ has the capability to launch cyber attacks and confirm that procedures are in place to ensure that international laws of war are followed. These aspect 1 of 6

should be part of the public debates on mass surveillance and making the agencies fit for purpose in post-cold War democracies. Below we outline some of the most controversial documented practices involving the UK. 5.2 Psychological operations against political activists According to the Snowden documents, proactive actions, v now represent 5% of GCHQ s business. vi Some of these actions will involve the hacking and disabling of target systems described in the previous sections. But GCHQ also appears to engage in dirty tricks and psychological manipulation programmes. vii The unit leading these efforts is called the Joint Intelligence Threat Research Group (JTRIG) with 150 staff trained in online covert operations, which they see as a third pillar of activities complementary to signals intelligence and computer network exploitation viii. Some of these operations ix are designed to intimidate and pull groups apart x, for example, deleting a target s online presence and spreading false information. Leaked documents show that GCHQ has developed a programme to influence the outcome of online polls. xi 2 of 6

GCHQ has used these techniques against groups not involved in terrorism or serious crime, such as the hacktivists of Anonymous. xii GCHQ has also targeted supporters of Wikileaks, xiii albeit in a less aggressive manner. Any law breaking activities by political activist networks that may be disruptive but that are at their core non-violent social movements from sufragettes to anti-fracking - should be dealt with by the criminal justice system, not a secretive spy agency. Any members of lawful organisations or groups not primarily engaged in criminal activity should not have their privacy or freedom of expression disproportionately interfered with. 5.3 Using illegal attack techniques: denial of service Besides engaging in psychological warfare and the mass implants of malware, GCHQ has engaged in disabling remote systems through Denial of Service (DOS) attacks. This involves flooding the capacity of a networked computer system until it collapses. According to documents published by NBC xiv, Anonymous s chat rooms were shut down by GCHQ s own hacking operations in 2011, called Rolling Thunder, with the effect of pushing away some 80% of visitors. According to NBC, this is the first time that a Western government has been found carrying that sort of attack, normally attributed to Chinese and Russian covert operations. The report also pointed out the impact on other websites and servers in the vicinity: a DDOS attack against the servers hosting Anonymous chat rooms would also have shut down any other websites hosted by the same servers, and any other servers operated by the same Internet Service Provider (ISP), whether or not they had any connection to Anonymous. It is not known whether any of the servers attacked also hosted other websites, or whether other servers were operated by the same ISPs xv. Denial of Services are criminal acts and in the UK, xvi and a major reason GCHQ was persecuting many of those hacktivists was their use of this technique to shut down websites. xvii It now appears that GCHQ was using the same techniques against them. These attacks can have negative effects on computer systems in the vicinity, so innocent websites could be taken down as well, depriving many people of their freedom of expression. xviii A basic tenet of democracy is that security services must uphold the law when fighting those who break it. 5.4 Fourth party collection The NSA routinely piggy back on cyber offensive operations of other nations to steal data. Documents give an example where North Korean equipment had been bugged by South Korea, but the NSA managed to extract the information. xix Internal documents from Menwith Hill station in the UK describe how they use Kurdish intelligence activities to obtain information in Iraq and Iran xx. 3 of 6

There should be clear regulations to ensure these operations do not give innocent civilians or businesses unwarranted exposure to risks. 5.5 Take over networks of hijacked computers Leaked documents show the NSA has programmes dedicated to the acquisition of command and control capabilities over large networks of computers. xxi These so-called botnets, have been previously hijacked by criminals or other organisations. The operations under the programme DEFIANTWARRIOR rely on extensive support from GCHQ and use all the TURMOIL, TURBINE and XKEYSCORE technologies described above to discover and hack into the systems. The controlled computers can then be used for further internet monitoring or throw-away non-attributable nodes for hacking operations. The leaked slides warn operatives not to show too much skill to avoid being identified as state actors. The owners of infected computers will not notice that their computers are now involved in NSA/GCHQ operations. The NSA seems to limit takeovers to foreign botnets, which may 4 of 6

provide some legal cover. But it is unclear what is the exact legal justification for the involvement of GCHQ. 5.6 Conclusion Cyberwarfare and offensive capabilities are highly problematic. As we have seen in other chapters, these capabilities have a natural tendency to grow from possession of key points in the infrastructure (Chapter 1) and creation of capabilities to control other people s equipment and networks (Chapter 2). This is aided by the intense integration of capabilities and technology between the USA and UK. Once GCHQ has control of both the network and specific networks in foreign countries, the possibility of using the control of networks to attack systems in other countries becomes obvious. The same tool can be used to surveil or shut down. The problem however with GCHQ controlling these offensive capabilities is that they are highly secretive and are not subject to the same levels of public oversight we would normally expect. Parliament would normally examine the ethical, legal and strategic questions associated with our offensive weaponry. Cyberwarfare capabilities of course have profound implications. The uses they can be put to are potentially horrific, and likely to implicate the general population. Since nearly all modern systems are computerised, nearly anything connected to the Internet can potentially be weaponised. So cyberware could be used against infrastructure that is controlled by specific civilian or military equipment for example, an electricity grid, nuclear power plant or transportation controls. There are open questions surrounding the need for specific international law to govern cyberwarfare. While our government believes there is no need for new treaties, it is Parliament s job to consider whether it currently understands the capabilities we are developing in secret and whether our clandestine approach supports or undermines that view. Finally, we should clearly limit the scope of what is understood as cyberwarfare. The framing of many issues around digital security in these terms has been criticised by scholars such as Myriam Cavelty xxii. She argues that the excessive use of war-like language to talk about complex phenomena - where traditional enemy lines are unclear - can hinder a proper analysis and trigger disproportionate responses. 5 of 6

i http://www.spiegel.de/international/world/new-snowden-docs-indicate-scope-of-nsa-preparations-forcyber-battle-a-1013409.html ii http://www.washingtonpost.com/world/national-security/us-spy-agencies-mounted-231-offensivecyber-operations-in-2011-documents-show/2013/08/30/d090a6ae-119e-11e3-b4cb-fd7ce041d814_story.html iii https://www.gov.uk/government/news/strategic-defence-and-security-review--3 iv Schmitt, M. N. (2013). Tallinn manual on the international law applicable to cyber warfare (pp. 1 215). New York: CAMBRIDGE UNIVERSITY PRESS. v https://firstlook.org/theintercept/document/2014/04/04/full-spectrum-cyber-effects/ vi http://msnbcmedia.msn.com/i/msnbc/sections/news/snowden_cyber_offensive2_nbc_document.pdf vii http://msnbcmedia.msn.com/i/msnbc/sections/news/snowden_youtube_nbc_document.pdf viii https://www.eff.org/files/2014/04/09/20140224-intercept-training_for_covert_online_operations.pdf ix http://msnbcmedia.msn.com/i/msnbc/sections/news/snowden_cyber_offensive1_nbc_document.pdf x https://www.eff.org/files/2014/04/09/20140224-intercept-training_for_covert_online_operations.pdf xi https://firstlook.org/theintercept/2014/07/14/manipulating-online-polls-ways-british-spies-seekcontrol-internet/ xii http://msnbcmedia.msn.com/i/msnbc/sections/news/snowden_anonymous_nbc_document.pdf xiii https://firstlook.org/theintercept/article/2014/02/18/snowden-docs-reveal-covert-surveillance-andpressure-tactics-aimed-at-wikileaks-and-its-supporters/ xiv http://www.nbcnews.com/feature/edward-snowden-interview/war-anonymous-british-spies-attackedhackers-snowden-docs-show-n21361 xv http://www.nbcnews.com/feature/edward-snowden-interview/exclusive-snowden-docs-show-uk-spiesattacked-anonymous-hackers-n21361 xvi http://www.out-law.com/page-9592 xvii http://www.techdirt.com/articles/20140205/09440926098/those-convicted-ddos-attacks-ukwondering-why-gchq-was-allowed-to-ddos-them.shtml xviii http://www.infosecurity-magazine.com/view/36789/gchq-used-ddos-attack-on-anonymouscommunications/ xix http://www.spiegel.de/media/media-35679.pdf xx http://www.spiegel.de/media/media-35680.pdf xxi http://www.spiegel.de/media/media-35689.pdf xxii https://ccdcoe.org/publications/2012proceedings/2_6_dunn%20cavelty_themilitarisationofcybersp ace.pdf 6 of 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information