The Snowden Wasteland

By Calum MacLeod, VP of EMEA at Lieberman Software.

  • 10 years ago Posted in

It’s another normal day and without even thinking about the magic of it all, I start the usual activities over breakfast. A quick check to see if there are any urgent emails; followed by a quick look at a couple of websites to pick up the latest news headlines, a quick glance at my LinkedIn and Facebook pages, and finally a quick scan to see if there has been any interesting Twitter activity overnight.


Has the NSA, GCHQ, People's Liberation Army (PLA), the Federal Security Service of the Russian Federation (FSB), or any one of the other national intelligence agencies intercepted and read my correspondence - doesn’t even cross my mind.


The Internet has changed our lives in so many ways, but with freedom of movement and expression, comes responsibility. Whether Julian Assange or Edward Snowden, or any other whistleblower, the question I ask myself is to what extent any of us have the right to use our freedom to expose what we believe to be wrong. The law does not allow me the right to publicly accuse anyone of a crime, without allowing them due process in a court of law. The recent case of a Graham Smith, falsely accused of historical child abuse, and who committed suicide is a case in point, or the case of Neil Carr, in 2012 who was falsely accused of molesting children. Parents set up a Facebook page to debate whether he was guilty or innocent.


According to Snowden, he says that “For me, in terms of personal satisfaction, the mission’s already accomplished. I already won.” So all is OK because he’s happy. But on the other side of the argument is the constant reminders that we are in the middle of a war – A Cyber War in which the key players are not concerned about our personal satisfaction, and are not interested in allowing us to change society, or allowing us to decide how we are governed.


Are We At War?
There are several interesting books published on the topic of Cyber Warfare, and in an “Introduction to Cyber Warfare – A Multidisciplinary approach” by Paulo Shakarian, Jana Shakarian, and Andrew Ruef, they define Cyber Warfare as “an extension of policy by actions taken in cyber space by state or nonstate actors that either constitute a serious threat to a nation’s security or are conducted in response to a perceived threat against a nation’s security.”


In a report published by the U.S. Department of Defense in 2009, they stated that DoD networks are probed roughly 250,000 times an hour”. In the same report they cited that by 2006, up to 20 terabytes of data had been remotely exfiltrated from NIPRNet. NIPRNet is the non-classified Internet Protocol (IP) Router Network which is used to exchange sensitive but unclassified information between Department of Defense "internal" users, as well as providing users access to the Internet.
There are many players in this game, and there is not sufficient space in this article to deal with each of them so attention will be given to the one that we all seem to consider the biggest threat, China.


Cyber Espionage is important to China because it is viewed as a method of levelling the playing field by adopting a strategy that neutralizes the enemy rather than direct confrontation. The theft of intellectual property from software vendors provides the means to identify vulnerabilities for later attacks. According to a publication for the PLA called “Unrestricted warfare”, they state that “Modern warfare includes political, scientific, and economic leaders in addition to military personnel. The notion of “unrestricted” warfare extends not only the domains of war but also the time at which such actions of war can take place. “Military” operations —that now include information, economic, and psychological aspects, can take place in peacetime in this perspective— further supporting the notion of “active offense.” Further they go on to state that “against an information-centric society, a nation’s political system, economic potential, and strategic objectives will be high-value targets. The preferred method to attack such a society would be through the use of asymmetric warfare techniques. Asymmetric warfare refers to the ability of a combatant to defeat a superior force by using tactics that exploit a major weakness in their weapon systems, tactics, or information technology.”


In 2010, in an operation that became known as “Operation Aurora”, Google, Adobe and thirty two other companies had their corporate systems hacked with the purpose of accessing information about Chinese human rights activists but also intellectual property— namely, source code of commercially developed software.


Who Is The Enemy?
While the media in general appears to be enjoying taking the moral high ground on issues such as the NSA, there is a need to raise awareness levels that the NSA and their allies are not the only protagonists in Cyber Space. The large scale cyber spying, known as GhostNet with its command and control infrastructure based mainly in the People's Republic of China had infiltrated high-value political, economic and media locations in 103 countries. Computer systems belonging to embassies, foreign ministries and other government offices, were compromised. Although the activity is mostly based in China, there is no conclusive evidence that the Chinese government is involved in its operation. However given that most Chinese hackers are now employed by the government, one could suggest that the circumstantial evidence leaves little doubt.


As we’ve seen with the numerous leaks over the past few years, the Insider threat still presents the greatest risk. But as we’ve seen in the recent past, the insider represents a new kind of threat. Whether government or industry, there are always people who are either disgruntled, or are simply criminals. This threat that results in a breach of confidentiality can have profound ramifications for political systems, financial systems and average companies with sensitive material. And the stark reality is that most of us are learning on the job how to deal with this.


Start at the beginning
Each and every organization is confronted with a myriad of hacking and penetration tools that are available both as Open Source and commercially. Like nuclear power, these tools can be used for good or bad.


However many of these tools rely on the ability to discover weak passwords that provide high levels of privilege. As Snowden discovered, badly managed privileged passwords are the keys to the kingdom, and the frequent reuse of the same passwords on multiple systems, make exploitation easy for the average administrator.
Additionally virtually all systems have vendor default accounts, and once you have the default account for a particular device than chances are that you are most likely to access most of these systems since they are rarely changed. Additionally it doesn’t require much intelligence to access websites such as http://www.phenoelit-us.org/dpl/dpl.html and to work your way through a list! - “Cyber Warfare Techniques, Tactics and Tools for Security Practitioners” by Jason Andress and Steve Winterfield


So as a first step, every organization should initiate and enforce an effective defense against privileged access
1. Implement an effective password policy that covers, privileged access, patching, and system hardening.
2. Disable the ability of administrators to be able to create local accounts that allow them to have privileged access. Breaches such as TJX happened because when the TJX systems were penetrated, the attackers were able to install accounts on Internet accessible applications in order to access the information that they were looking for http://www.computerworld.com/s/article/9044321/TJX_violated_nine_of_12_PCI_controls_at_time_of_breach_court_filings_say.
3. Deploy solutions that are constantly scanning for modifications to registries, service accounts, scheduled tasks, and new applications.
4. Include your workstations in any solution. This is very often the soft underbelly of any organization, and frequently the easiest place to launch an attack from.
There are many other points for consideration that are beyond the scope of this article to cover. But what we need to consider is that in our rush to applaud the likes of Snowden, we need to consider what the impact might be. Whether lessening the ability of those who are charged with protecting national security, to act with impunity is good or bad, the reality is that responsive measures are to be expected. As a child, stealing too much from the cookie jar either meant that the cookies went under lock and key, and even worse, cookies just disappeared of the shopping list!


In 2010, a bill was introduced in the in the US called the “Protecting Cyberspace as a National Asset” that would have given the President the power to literally shut down the Internet. As one objector put it, “I do not feel comfortable with the federal government having broad power over disabling communication equipment used for internet communication…” Although this bill was not enacted, it would not be surprising to see a response to the effect of the curbing of NSA activity as a result of the Snowden affair.


Let’s hope we don’t wake up tomorrow to no email, news, or whatever media we turn to at breakfast. It might just be that the newspapers actually achieve their key objective which has never been about how we’re governed, but more about circulation!
 

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and...
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets...
Research from Avast has found that employees in almost a third (31%) of Small and Medium...
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...
Trend Micro has published new research revealing that 90% of IT decision makers claim their...
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real...