Arbor Networks: Security to the Core

When I began a while back to generate a study of interesting cyber attacks to see if there were any common themes and to perhaps make some attempt at generating a chronology of such activity and it’s evolution, I ran across Minihan’s comment “Peace really does not exist in the Information Age“. That pretty much summed up my findings.

Rather than cyber-war, or cyber-terrorism, perhaps cyber-espionage or some other equally sexy title, I thought I’d abstract things a bit here and title this post based on that insightful comment from Lieutenant General Kenneth Minihan’s 1998 U.S. Senate testimony. Minihan, then Director of the National Security Agency/Central Security Service (NSA/CSS), carried a common message about how threats had forever changed as a result of the “Information Revolution”.

As summarized in this TISS report, he talked about the blurring role of nation-state sponsored activities, erosion in distinction between civilians and soldiers and a “diffusion of threats with perpetrators of crimes harder to locate“. Minihan spoke about “how existing paradigms for war and conflict will no longer be appropriate“, “how the term “nation”, a concept pivotal to current thinking about the laws of conflict, will become obsolete“, and “what is an “attack” in the context of cyberspace?”

We’re certianly seeing this today, in the media spotlights surrounding the Estonia attacks, the recent attacks on the Pentagon, and so forth. As a matter of fact, as I attempted to put together some chronology on cyber conflict, I found it to be a daunting task worthy of far more time than my schedule permits.

The more I looked, the more such activity surfaced, with a full spectrum of motivators from which to take your pick. Nearly any newsworthy event is now accompanied by cyber activity of some sort. Michael A. Vitas of Institute For Security Technology Studies at Dartmouth College provides an interesting analysis, albeit a bit dated, of where cyber attacks accompany physical violence, and provides a detailed analysis and case studies of four such events.

I compiled a slew of notes on examples of cyber attacks I’ve come across, most of these associated primarily with Internet-based activities (versus, say, isolated SCADA or PCS systems). I was planning to categorize these attacks based on motivators or suspected sponsors, but instead I’ll provide a subset of my list here, and note that my entire list is clearly more incomplete than I’d ever imagined, and largely U.S. centric.

Some of the interesting presumably geopolitical attacks over the past decade or so include, but are certainly not limited to:

• 1990 Attackers from Netherlands penetrate 34 U.S. Defense sites
• 1998 Solar Sunrise, Moonlight Maze
• 1999 Midnight Maze
• 2000 Former Republic of Yugoslavia (FRY) and NATO conflict in Kosovo
• 2001 China and U.S. Spy Plane Incident
• 2003 Titan Rain
• U.S., Iraq, Afghanistan, et al. (2003 -) - no reference needed
• Chechen’s and Russians (1994-2004)
• the Indo-Pak Conflict
• the Palestinian-Israeli Conflict

Some presumably less politically motivated attacks that attracted a great deal of attention include:

• 2000 Attacks on Amazon, EBAY, Yahoo!, etc..
• 2002 Winter Olympics Korean Speed Skater DQ’d
• 2006 Denmark Cartoon Rage
• 2006 Pirate Bay - GVU/Polish Police Attacks
• Anti-spam/bot attacks
• DNS/root server attacks (one of many)
  

And l’est we not forget, some notable worms and viruses with attack vectors and [not so] questionable motivators:

• 1999 Melissa Virus
• 2001 Code Red
• 2001 Ramen
• 2001 Nimda
• 2001 Lion
• 2001 Adore
• 2001 Code Red II
• 2003 Slammer
• 2003 Blaster
• 2004 MyDoom
• 2004 Witty
  

The above is in no way a comprehensive list, a full study of such attacks, the impact, and the motivators would be quite interesting, and quite an undertaking. More and more on the commercial front attacks are motivated by financial gain, either directly from extortion, or as retaliation of some sort. The continued anti-spam and anti-bot attacks such as those directed at the likes of Castle Cops and Spamhaus, in response to impacting otherwise streamlined cybercrime activities, illustrate the completion of an underground cybercrime economy and botnet eco-system.

The Internet’s ability to enable asymmetric warfare, providing maximum effect and reach, is clearly one of its most attractive characteristics for any attacker, independent of their motivation. As more and more critical services and economies are reliant on networked systems and the Internet, the criticality of their availability and security grows.

If you believe cyber war, given even the most strict definition (of which I’m not entirely sure what that is), is inconceivable, well, I suspect you’ll one day appreciate that your government, whichever government that may be, is slightly more attune to the threat.

Either way, I tend to agree, peace really doesn’t exist in the Information Age.

This entry was posted on Tuesday, June 26th, 2007 at 3:16 pm and is filed under Arbor Networks, Botnets, Critical Infrastructure, Events, Interesting Research, Malware, Viruses, Vulnerabilities, Worms. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.