The forensics of chasing war hackers

Washington Post:

Here in the Citizen Lab at the University of Toronto, a new breed of hackers is conducting digital espionage.

They are among a growing number of investigators who monitor how traffic is routed through countries, where Web sites are blocked and why it's all happening. Now they are turning their scrutiny to a new weapon of international warfare: cyber attacks.

Tracking wars isn't what many of the researchers, who call themselves "hacktivists," set out to do. Many began intending to help residents in countries that censor online content. But as the Internet has evolved, so has their mission.

Ronald J. Deibert, director of the Citizen Lab, calls the organization a "global civil society counterintelligence agency" and refers to the lab as the "NSA of operations."

Their efforts have ramped up in the past year as researchers gather evidence that Internet assaults are playing a larger role in military strategy and political struggles. Even before Georgia and Russia entered a ground war earlier this month, Citizen Lab's researchers noticed sporadic attacks aimed at several Georgian Web sites. Such attacks are especially threatening to countries that increasingly link critical activities such as banking and transportation to the Internet.

Once the fighting began, massive raids on Georgia's Internet infrastructure were deployed using techniques similar to those used by Russian criminal organizations. Then, attacks seemed to come from individuals who found online instructions for launching their own assaults, shutting down much of Georgia's communication system.

Two weeks later, researchers are still trying to trace the origins of the attacks. "These attacks in effect had the same effect that a military attack would have," said Rafal Rohozinski, who co-founded the Information Warfare Monitor, which tracks cyber attacks, with Citizen Lab in 2003. "That suddenly means that in cyberspace anyone can build an A-bomb."

The cyber attacks that disabled many Georgian and Russian Web sites earlier this month marked the first time such an assault coincided with physical fighting. And the digital battlefield will likely become a permanent front in modern warfare, Deibert said.

...

The small Toronto office of Citizen Lab, tucked in a basement of the university's Munk Centre for International Studies, serves as the technological backbone for the operations. World maps and newspaper clips cover the walls. Researchers move between multiple computer screens, studying lists of codes with results from field tests in Uzbekistan, Cambodia, Iran and Venezuela, to name a few.

"We rely on local experts to help us find out why a particular site is being blocked," Deibert said. It could be a problem with the Internet service provider, a temporary connection glitch or a downed server. "But what's more effective is blasting a site into oblivion when it is strategically important. It's becoming a real arms race."

He's referring to "denial of service" attacks, in which hundreds of computers in a network, or "botnets," simultaneously bombard a Web site with millions of requests, overwhelming and crashing the server. In Georgia, such attacks were strong enough to knock key sources of news and information offline for days.

Georgian Internet service providers also limited access to Russian news media outlets, cutting off the only remaining updates about the war. On the night of Aug. 12 -- the height of the fighting -- "there was panic in Tbilisi brought about by a vacuum of information," Rohozinski said.

Shadowserver saw the first denial of service attack against Georgia's presidential Web site July 20. When the fighting began, Andre M. Di Mino, Shadowserver's founder, counted at least six botnets launching attacks, but it was "difficult to tell if it was a grass-roots effort or one commissioned by the government."

...

It's unclear who is behind the attacks, however. In some cases, the locations of botnet controllers can be traced, but it's impossible to know whether an attacker is working on the behalf of another organization or government. "It's going to take a year to figure this out," Nazario said.

...

Computer experts tell me the reason it is so hard to trace these attacks is that the hackers take over computers not associated with them and use these zombie computers for the attacks. For some reason it is difficult to trace back through a string of zombies to the source.

I suspect that NSA or the Air Force are working on ways to forensically find these hackers and do it in a reasonable amount of time.

It would also not surprise me if counter measures are not developed to automatically attack the attackers. They would be like the HARM anti radar missiles which lock on to enemy radar sites as soon as they are turned on. In a hot war, that is what I would do.

Comments

Post a Comment

Popular posts from this blog

Should Republicans go ahead and add Supreme Court Justices to head off Democrats

Washington Post: Some Democrats eye adding more justices to the Supreme Court to change its ideological bent The once-remote idea has gained the attention of liberals angered by the GOP push to remake the federal courts. Probably the easy way to defeat this court-packing scheme is for Trump to propose doing the same thing now.  It would lead to Democrat denunciations and claims that it would be wrong, thereby blowing up any attempt by them in the unfortunate event of Democrats winning a presidential election.
Read more

Is the F-35 obsolete?

Headline USA: Pentagon Fires Back after Musk Calls Its Most Expensive Project ‘Obsolete’ 'Yeah, as I'm sure you can appreciate, Mr. Musk is, currently, a private citizen, I'm not going to make any comments about what a private citizen may have to say about the F-35....'   ... ... Drones appear to be replacing jets for many operations.  The Russia-Ukraine war is an example of that.  Drones are often hard to detect and can be used for intelligence operations as well as for attacking enemy targets.  It would not surprise me to see drones engaging other drones in combat.  They also cost much less than manned fighters.  
Read more

Apple's huge investment in US including Texas facility

Blaze: Apple announced a $500 billion commitment to infrastructure in the United States over four years, its largest commitment to domestic spending to date. Apple said it will expand teams and facilities in Arizona, California, Iowa, Michigan, Nevada, North Carolina, Oregon, Texas, and Washington as part of its new spending. With a new facility in Houston, Texas, Apple will reportedly double its investment in advanced manufacturing along with increasing investments in AI and silicon engineering. The company said in a press release that the Houston facility will produce servers to support Apple Intelligence, the "personal intelligence system that helps users write, express themselves, and get things done." ... The Texas facility will be for advanced technologies.   Texas has become a place that is very supportive of the tech industries.  Austin and Houston have seen much of the tech growth in the state.  Texas universities have been active in the AI field.
Read more