Tag: cyberwar

  • From Minecraft to Crippling the Internet

    From Minecraft to Crippling the Internet

    Minecraft is innocent enough, right? Many tales of wicked deeds sometimes have an unlikely, harmless beginning. Here is one such tale.

    Even though it’s about something that happened way back in 2016 (a cyberattack on the DNS network^ that crippled the Internet for a majority of users in North America), this well-written cyberwar article is totally worth sharing in light of recent privacy and security scandals:

    https://www.wired.com/story/mirai-botnet-minecraft-scam-brought-down-the-internet/^

    For a more in-depth analysis of cyberwar and what it may entail, check my comprehensive article, Daring to Imagine Cyber Warfare^.

    [ax_meta lnimgurl=’http://mentatul.com/wp-content/uploads/2018/06/02940-MinecraftDNSAttack-Thumb.jpg’ lnimgw=’250′ lnimgh=’250′ title=’From Minecraft to Crippling the Internet’ desc=’Many tales of wicked deeds sometimes have an unlikely, harmless beginning. Here is one such tale.’]

  • Daring to Imagine Cyberwarfare

    Daring to Imagine Cyberwarfare

    Disclaimer: this article is meant to prevent the hostile use of technology by encouraging transparency and highlighting the major risks that await us during the coming years. I live on a planet where I don’t want to have nuclear weapons and especially not nuclear weapons that can be hacked^.

    Computer viruses and hacking have been around since the dawn of the Internet. But while some time ago the platform was used almost exclusively by academics and the tech-savvy, the Internet is now quickly becoming one of the central technological pillars of our society. Particularly in developed countries, countless vital social systems are now connected to it, ranging from the run-of-the-mill residential heating system to critical infrastructure such as hospitals, public transport and even military.

    In the same time, the skills and tools in the cyber-soldier’s arsenal have greatly increased in potency. Even more importantly, the interest and will to compromise connected systems has increased exponentially in the past decade. Some years ago, the Internet was home to mostly petty crime and the occasional larger security breach. Now-a-days, state actors such as the United States^, North Korea^, and pretty much all major powers and nation-states involved in military conflicts, train and make use of cyber-hacking squads.

    Independent hackers (not aligned with any nation-state or political cause) and hacktivists^ (hackers with a presumably ethical agenda) have also evolved. They’ve become very well organized and armed, sometimes using digital weapons acquired from state agencies. One of the biggest vulnerabilities of cyber-weaponry is that it can be copied and distributed in a matter of seconds.

    In 2017, the NSA was humiliatingly robbed^ by hackers. Immediately after, the agency’s arsenal was distributed and sold^ to organizations across the globe. Some major^ security incidents^ followed. I’m sure that what was made public so far only scratches the surface^ of the damage done. The increasing popularity of ransomware^ will lead to many more such attacks in the future^. After all, it appears like North Korea got itself quite a bit of money using WannaCry^.

    Judging by the trend of the past decade, it sure looks like things will get worse before they get better. As more and more devices come online, the risks will only increase. The cyber-arsenal of the 2020s is beginning to look very scary, especially when considering the exponentially increasing number of targets. Combined with the way technology permeates our lives (and how much of our personal information is in the hands of companies that profit from selling data^), a country could find itself brought to its knees before a single shot was fired.

    Throughout the past few years I’ve been compiling a list of cyber-attack methods ranging from the mundane to the most interesting and devious. Later in the article I’m going to present you with a few scenarios showing how these methods could be used against a nation-state. I do this in the hope that governments will take the necessary steps to protect their citizens (and, in fact, the entire world) from what I consider to be the blitzkrieg of the 21st century.

    Means of Cyberattack

    This list is by no means exhaustive and I aim to regularly maintain it. It’s important to also keep in mind that none of the items on this list is particularly devastating by itself. The power of today’s cyber-attacker lies in mastering the art of combining several attacks to reach the desired result, something that will be covered in the second part of the article.

    • Worms^ and viruses are the oldest means of cyberattack. Despite the popularity of antivirus programs, these old acquaintances of ours can still wreak havoc long before antivirus makers can issue the required countermeasures. The omnipresence of the Internet has allowed viruses and worms to maintain their feasibility.
    • Spyware^ is commonly perceived as a tool employed by shady organizations in order to acquire user data (with the purpose of monetizing it). It’s much more dangerous than that. I’m unsure if espionage saved more lives than it destroyed, but through the use of spyware, people with little foresight (for example script kiddies^) can gain access to information that can destabilize a fragile geo-political and economic balance. What’s even more dangerous is that influential leaders can be blackmailed using data grabbed by spyware. And this sort of attack has been evolving as of late. Check this one about ultrasound tracking^.
    • Exploits^ are another very old acquaintance in security circles. All software has bugs. Vulnerability scanners^ are a means of automatically and easily discovering ways to deliver attack payloads such as trojan horses^. It became much worse in the past few years because various technology companies started giving remote access “features” to their devices^ – in fact, these “features” have quickly turned into messy back-doors. I suspect governments have played quite a role in motivating device manufacturers to install these back-doors. Perhaps I can entrust a government to spy only for fighting crime, but unfortunately these same tools quickly get into the hands of the same category of people the government is presumably trying to reduce. However, I think that the privacy compromises made in the name of “fighting crime” are causing more damage than they prevent.
    • Social engineering^ and phishing^ are newer additions to the cyber-arsenal. These means of obtaining private information and gaining access to restricted systems have become popular thanks to the Internet, and particularly when millions of less tech-savvy people started using it.
    • And now onto more inventive means of attack. In 2017, students demonstrated that sonic attacks^ can be used to disrupt vehicle steering systems. This is just the tip of the iceberg though.
    • As far back as 2016 (which is ages ago in technology), researchers have proven that a Skype call’s sound^ can be scraped to detect up to 41.89% of the keystrokes somebody presses during the call. The ratio goes up to 91.7% if there is knowledge about the keyboard model being used and the user’s typing behavior. With the advent of machine learning^, I’m quite sure that these numbers can be greatly improved. Given enough data, a program can recognize the model of the keyboard being used after analyzing the sound of a couple of sentences being typed, and then be able to map every sound to the appropriate key. When in doubt, the same program can employ a dictionary of common words and phrases to figure out the gaps.
    • Hacking robots is quickly becoming a serious threat. One of the most famous cyberweapons ever employed was the Stuxnet^ worm, which was responsible back in 2009^ for damaging Iran’s nuclear program. Legal experts have actually concluded that, despite the worm’s “good intentions”, its use was illegal^. Despite my opposition to nuclear weapons, I find it hypocritical when one country forbids another to build them through dehumanizing excuses such as “you are irresponsible warmongers”.
    • Continuing with robot hacking, we’re living in an age when more and more of the technology we use becomes “smart” (read: exploitable). Enter “smart” cars (read: hackable cars^). And this Internet of Things^ thing is gaining momentum despite all the warnings out there^. As internet pioneer Bruce Schneier recently pointed^ out, “it might be that the internet era of fun and games is over, because the internet is now dangerous.”
    • Last but not least, here’s my absolute favorite cyber-attack. Hardware backdoors^! As the Wiki article points out, “China is the world’s largest manufacturer of hardware which gives it unequaled capabilities for hardware backdoors”. A well-hidden back-door^ may never be discovered until too late. This is one of the most effective and most expensive weapons in the cyber-arsenal; only nation-states or large corporations can afford deploying it. And I’m quite sure that almost all of our devices are ridden with such crafty points of entry.

    Cyberwarfare

    So now that the little list of doom is more or less complete, let’s see what attack vectors combinations are likely to be used in a major confrontation where the target is a technologically-developed country. Here, the imagination’s the limit, so I’ll just give a few scary examples to make a point and leave the rest of the inventing to those that have more time (and money) for it.

    • A country can be very easily thrown into chaos by a well-orchestrated cyberattack. Just suppress the invasion alert system^, shut down the power grid^, overload the communication networks^, mess with the self-driving traffic and other robots, disrupt stock markets and, of course, invade with conventional troops that have a better knowledge of the invaded country than the defending army does. Sounds difficult? Not for a nation-state that does its homework. There is so much personal data and so many vulnerabilities out there! A secret agency can work its way into the system by blackmailing the right people and ask them to do seemingly harmless favors at just the right time. Slowly but surely, foreign software is everywhere and plenty of vulnerabilities have been created and exploited.
    • How about taking over an armed outpost with no casualties on the attacking side? It can be done by taking out all the guards, silently and quickly. It’s easy when the attacker knows their patrol routes^ by heart. The article I linked shows how a seemingly harmless app reveals such information because some soldiers use it to track their fitness. Hilarious and dangerous in the same time. Because of the hardware backdoors most likely present in our devices, it’s fairly safe to assume that at least some countries on Earth can probably activate GPS tracking on seemingly harmless mobile devices in case of war. Even if measures are taken to counteract this, we’re talking 21st century technology here: conventional weapons have evolved and, used in conjunction with various surprise elements, can win a war faster than nukes. This is because nukes simply destroy everything, whereas a well-orchestrated attack can result in hostages, hijacked equipment and most importantly, access to secure data systems.
    • One of the most awful attacks I’ve ever read about was when an epileptic journalist was sent into a seizure^ after somebody sent him a strobing image using social media. This led to an arrest. It shows not just what our technology allows, but also how deviously inventive people can be. The attacks combined here are knowing something about somebody and then employing a means of delivery (social media) for sending a dangerous payload (an image causing an epileptic seizure).
    • And we can’t forget meddling into politics. It’s already well-known that Russia interfered^ in the 2016 election over in the USA. And guess what: they still interfere in daily life there^. It’s already turning into a fashion, and probably other countries are taking notes and getting ready to follow suit. Now-a-days not a single shot needs to be fired to push a country over the brink. A clever use of cyber-weapons can give a nation-state a solid advantage in a trade or cultural war. Divide et impera.
    • Some time ago, somebody deactivated Trump’s Twitter account^. Even though hopefully nobody would believe a nuclear war declaration from a Twitter account, such a security breach could be coupled with fake radar signals or other misleading information. A paranoid adversary might be quick to pull the trigger and in the aftermath, there won’t be many winners.
    • As our technology evolves, so will our use of various robots. Self-driving cars, fully automated factories and countless jobs that will soon be given to robots. It’s not hard to imagine the amount of damage that can be done to a country’s infrastructure and population by a well-orchestrated cyberattack.
    • Last but not least, let’s talk machine learning. As I pointed out before, AI is not really intelligent yet^. Many developed countries make use of machine learning for all sorts of things, such as super-fast trading on the stock market. As the years pass, we will see more systems being automated, but not able to discern right from wrong. And what will happen when such systems are hijacked? What would a terrorist do with an AI? This is a door that my imagination doesn’t want to open.

    Countermeasures

    Security needs to be taken much more seriously. In 2017, a bunch of big names got together with the purpose of securing the Internet of Things^. At least once in a while, it’s good that corporations seem capable of actually cooperating. Or can they?

    The website of the famed alliance looks deserted^; there are very few resources there and it seems like it hasn’t been updated since its launch in early 2017. Unfortunately, in the age of hyper-consumerism^, such a publicity stunt is probably enough to keep people thinking that these companies actually care about security (they don’t seem to). So, the majority keeps buying insecure devices that can eventually be used against them (and their countries).

    Shortly after writing this article (12 days, to be precise), a new, fancier alliance between tech behemoths launched the Cybersecurity Tech Accord^ with great fanfare. Let’s wait and see if their website^ will still be around in about a year from now…

    I believe the only way for society to protect itself from online threats is to:

    • Use open source software exclusively and thoroughly verify it, line by line.
    • Rely on open source hardware designs or come up with them itself (it’s not so difficult now-a-days – several countries already do this).
    • Build all critical hardware in-house (local factories, local employees).
    • Secure communication endpoints with encrypted routers using multiple layers and fallback endpoints, similar to TOR^ but with additional layers of redundancy (similar to two people having to turn the same key at the same time in order to launch a missile).

    And last but certainly not least, we have… quantum cryptography^. This could be a savior but it remains to be seen if nation-states and corporations will ever allow its use by the general public. China has been making great strides^ when it comes to this technology. Yes, the same China that manufactures most of our electronics. I wonder why they’re so interested in secure communication…

    Version history:

    2018-04-06 – 1.0 – Written.

    [ax_meta fbimgurl=’http://mentatul.com/wp-content/uploads/2018/05/002835-Cyberwarfare-Share.jpg’ lnimgurl=’http://mentatul.com/wp-content/uploads/2018/05/002835-Cyberwarfare-Thumb.jpg’ fbimgw=’1170′ fbimgh=’350′ lnimgw=’250′ lnimgh=’250′ title=’Daring to Imagine Cyberwarfare’ desc=’The skills and tools in the cyber-soldier's arsenal have greatly increased in potency. Even more importantly, the interest and will to compromise connected systems has increased exponentially in the past decade.’]

  • Hackers all around Us!

    Hackers all around Us!

    Whenever news comes in about some sort of data breach or hacked service, we’re often treated with pictures of the assumed perpetrators and how their office (bedroom? garage?) looks. Mentatul managed to get in touch with some of these unique people. They were happy that somebody is interested in their private lives and difficult working conditions.

    Let us begin with Paul, a young man from Edinburgh who started hacking banks when he was 15 years old.

    Paul
    Paul

    We asked Paul about why he decided to become a hacker and about his daily routine:

    “I knew I am destined to be a hacker when I realized that simply by looking at a computer screen I could see zeros and ones fly out of it, along with words such as “password”, “identity theft” and “data security”. I then turned to the Hacker Fraternity and they told me only precious few have this talent, which they call The Gift. They told me I’m a natural.”

    “But even with such talent, my job is very difficult. I always have to dress in a menacing yet stylish outfit. Wearing gloves makes typing difficult. The sunglasses force me to crank the screen brightness for my laptop all the way to the max. It seriously impacts battery life.”

    Another interesting story is that of m4~, a housewife from Kansas who started hacking out of boredom.

    m4~
    m4~

    “Watching cats and dogs videos on Facebook gets old after a while, so I took a course in hacking. Suddenly, whenever I was looking at computer screens, a blue mist enveloped me, and I could see passwords fly through it. After winning a recipe website hacking contest, the Hacker Fraternity awarded me with this special hoodie that makes me disappear when I’m hacking. The dramatic effect is important for online success. The only problem is that my son got scared a couple of times when he saw mommy disappear in a dark blue haze when she turned on her laptop.”

    And then there’s Ulf, the boy-wonder from Switzerland who makes a living by stealing Bitcoins from rich.

    Ulf
    Ulf

    “One day I found this special magnet that attracts Bitcoin straight from the wireless networks of the rich. During the usual two-hour ride in my black van throughout the priciest neighborhoods in central Switzerland, I make about $4000.”

    Through our correspondent in New Zealand we got to know The Grewsome Crew, two siblings from Auckland. We asked them to tell us if they know of any good hackers that are able to do their job without this natural gift of seeing ones, zeros and cryptic symbols when they touch a keyboard.

    The Grewsome Crew
    The Grewsome Crew

    “Not really, no. Only those with The Gift can make it out there,” said the brother using a vocal distortion filter. His sister filled in: “It’s very tough competition. Sometimes the only thing that makes the difference is the hoodie. It also helps if you have a map of the Earth in your secret bunker. It’s good for geotagging victims.”

    Then there are those that, in addition to The Gift, have additional Gifts, such as p00r 0wn3r. He called us through a network of crypted relays and refused to give his location but judging by his English accent, we can safely assume he’s from a French-speaking area of the world.

    p00r own3r
    p00r own3r

    “You see, I was born with a severe eyesight handicap, so I learned Braille. Soon after finishing gymnasium I realized that I can come up with the correct password simply by touching text boxes on the screen. It’s called “tactic decryption” and there are very few of us that have this gift.”

    Concluding our series of interviews, we discussed with one of the unfortunate hackers who do not have The Gift. Meet Ovidiu from Moldavia.

    Ovidiu
    Ovidiu

    “Not having The Gift complicates my life. I must always use fancy lights and a fog machine to be even able to bypass the simplest security measures. If I wear an expensive suit in combination with a thick balaclava I can look threatening enough to manage some simple weekend heists. I’ve been kinda depressed due to all this.”

    S3Kr3T
    Mentatul, be careful what you’re writing. This is your first warning from S3Kr3T. I uploaded a picture of me to warn you that I can own this website whenever I want.

    That’s all folks, a glimpse into the unique lives of those that force you to change passwords every now and then, and sometimes even manage to siphon money from your bank accounts.

    If you want to see more pictures with hackers, just follow this simple Google search:

    https://www.google.com/search?q=hacker&newwindow=1&dcr=0&source=lnms&tbm=isch&sa=X&ved=0ahUKEwim3syFlOTXAhWBB5oKHSofDrUQ_AUICigB&biw=2560&bih=1305^

     

     

     

    This text has been published in the “Satire” category for a good reason.

    P.S.: if you want to understand more about hackers than what the silly stereotypes online show, you can start from this Wikipedia entry:

    https://en.wikipedia.org/wiki/Hacker^

    [ax_meta lnimgurl=’http://mentatul.com/wp-content/uploads/2018/01/02583-HackersAllAroundUs-Thumb.jpg’ lnimgw=’250′ lnimgh=’250′ title=’Hackers all around Us!’ desc=’Mentatul managed to get in touch with some of these unique people.’]

  • The AI Stock Market Wars

    The AI Stock Market Wars

    Before Artificial Intelligence develops free will and would even be in a sufficiently advanced position to decide if humans are necessary on this planet, we seem to be doing a pretty good job of destroying ourselves anyway by giving a dangerous amount of power over to semi-intelligent algorithms. Enter the artificially intelligent hedge fund:

    https://www.wired.com/2016/01/the-rise-of-the-artificially-intelligent-hedge-fund/^

    But what’s this talk about “destroying ourselves”? Can these things actually kill? Well, let’s look at this way: these algorithms are designed to make profits for their owners by moving investments from one company to the other. In other words, stock market algorithms are playing with the fate of companies in order to make profits for investors. But unlike a human, an algorithm is not programmed for empathy, mercy or intuition. Such algorithms could potentially annihilate a promising company simply because it made some errors in reporting or short-term financial planning.

    But this is just the first step. As the AI Stock Market War gears up, the operational and decisional complexity of automated trading will exceed anything humans are even remotely able to keep track of. Before you know it, you got a jungle of super-intelligent AIs desperate to ruin all the others.

    Let me repeat: these things aren’t programmed for empathy or mercy (that’s why I’m using the word “things” – it’s something that humans made up and that possesses no free will and no naturally developed instincts). They will eliminate a company that doesn’t perform well with the same precision a doctor cuts out a tumor, except much, much colder and disinterested. And before you say: “well, that’s good isn’t it? Survival of the most profitable”, need I remind you that it’s you and your friends and family who work in these companies?

    There might come a day when we won’t be able to plea for our jobs with another human being. Instead, we’ll negotiate with a computer that has just reached the decision that we’re useless to the company (and perhaps society) and our best home is on the street, begging for food (if we’re lucky).

    And before you think that “nah, humans will never allow an AI to run their company”, well, think again:

    http://www.businessinsider.com/hedge-fund-bridgewater-associates-building-ai-to-automate-work-2016-12?r=US&IR=T&IR=T^

    I think Artificial Intelligence can develop into something really wonderful. I also think humans are born wonderful. Unfortunately, the current educational system and the society it created have the ability to create some very twisted individuals. And if such a twisted individual manages to get behind the control panel of a powerful AI, then woe upon the rest of us… because such AI makes nukes look like firecrackers (and I wouldn’t put it past a program to reach the conclusion that managing to somehow launch a cyber-attack or even a physical attack towards another company would be a profitable decision).

    Update 2018-10-16: if this topic interests you, make sure you also read “The Danger with Artificial “Intelligence” Is That It’s Not (yet) Intelligent”^.

    [ax_meta lnimgurl=’http://mentatul.com/wp-content/uploads/2017/07/02014-AIStockMarketWar-Thumb.jpg’ lnimgw=’250′ lnimgh=’250′ title=’The AI Stock Market Wars’ desc=’Stock market algorithms are playing with the fate of companies in order to make profits for investors.’]

  • Trump, Putin and Cold War 2.0

    Trump, Putin and Cold War 2.0

    I present you with one of the best geopolitical analysis articles I’ve read in the past couple of years. It’s also quite a long read. But if you care about the conflict between the world’s superpowers, this will be an excellent use of your time since it’s also very well written.

    The text goes in ample detail regarding cyberwarfare and how Russia has become a force to be reckoned with in the field of social media manipulation. You will also learn why it was possible for Russia to influence the elections in the United States. In turn, this will make it clear that democracy is facing a threat as a result of the intense polarization affecting many societies on Earth.

    This polarization is a result of people having become disillusioned with the establishment (both political and economic). Unfortunately, everybody stands to lose when power is transferred to irrational, perhaps even sick individuals.

    In the article below, you will also be presented with valuable historical information that will help in understanding the current geopolitical situation.

    http://www.newyorker.com/magazine/2017/03/06/trump-putin-and-the-new-cold-war^

    Even though the text is written from an American point of view, I found it to be quite balanced. Of course, I’m aware that this judgement is based on my ideological preferences. In any case, there’s a lot of useful information to be extracted from the text, which is why I highly recommend it.

    [ax_meta lnimgurl=’http://mentatul.com/wp-content/uploads/2017/06/01936-TrumpPutinColdWar-Thumb.jpg’ lnimgw=’250′ lnimgh=’250′ title=’Trump, Putin and Cold War 2.0′ desc=’I present you with one of the best geopolitical analysis articles I've read in the past couple of years.’]

  • Cyber-Warfare is Scary

    Cyber-Warfare is Scary

    When we read in the press about “hacking”, it’s mostly about software-based attacks. It may be about exploiting a vulnerability to reveal passwords or attacking an insecure computer. Then there’s the entire social-engineering aspect to it, which is basically hacking a person’s mind (can also be seen as a person’s software).

    Cyber-warfare^ has been defined as “actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption”. Serious confrontations are also going on between corporations, with industrial espionage being one of the main drivers. Unlike in real war, because a single individual can take on an entire nation through the use of clever hacking, the boundaries between these “size categories” are blurred.

    In addition to the myriad ways a target can be hacked through software, there’s something far more insidious and dangerous that can happen. Hardware-based attacks:

    https://www.wired.com/2016/06/demonically-clever-backdoor-hides-inside-computer-chip/^

    What the article above explains is how tiny hardware back-doors can be baked inside any integrated circuit. It’s not news that this is doable, but what is news is that it’s way too easy to achieve and almost impossible to detect. Even in the case of the highly advanced computer processors that are inside all our devices. Apparently it can be done by a single (well trained) person working inside the factory that manufactures the chip.

    Such modifications are extremely hard to detect. It’s quite tempting to go a bit paranoid when thinking about how many of our mission-critical processors are manufactured in Asia. China has lately started to re-assert itself technologically and militarily. There was an age when airplanes and bombs would decide the fate of a war. That age is slowly fading away.

    [ax_meta lnimgurl=’http://mentatul.com/wp-content/uploads/2016/06/00730-CyberWarfareIsScary-Thumb.jpg’ lnimgw=’250′ lnimgh=’250′ title=’Cyber-Warfare is Scary’ desc=’A single (well trained) person working inside a factory that manufactures electronics can bake a hardware back-door inside any integrated circuit.’]