Category Archives: cyber war

Originally a fictional story on cyber war that parallels the hacking events surrounding Google and China in early 2010. Now contains newer commentary on current events.

Cyber War – Ethical Hacking

17 Sunday Jan 2010

Posted by in cyber war

Leave a comment

Tags

, , , ,

Tyler was in his essence as he walked his Unit and Console Sergeant through his hack.  “The SecIntel from this new dashboard is much richer than we expected.  It includes the results of the Chinese vulnerability scans.  So we know the vulnerable IPs that North Korea will exploit.  We simply exploit them first and set our trap.  The beauty here is these targets won’t ever have their data exfiltrated because the first step of our hack – the code I’ve already developed – is to redirect the hacks to our virtual environment where we can control everything.  I’m calling this Project Quarantine.  Sergeant, please sign me up for a medal.”

The Console Sergeant didn’t have much patience for over-confident software developers.  “This is good work soldier, but let’s be clear.  There will not be any medals because Cyber Command not a legitimate member of the Armed Forces.  Remember in high school or college, where you have sanctioned sports teams like basketball and football?  And then you have some new sport trying to gain awareness, and they call it a club?  Well that’s us, we’re a club.  Our funding comes entirely from Google – a freakin corporation!  We ethically hack their foreign government adversaries to keep them out of the courtroom.  Which leads me to my point.  Google isn’t paying us to quarantine.  They want these hackers dead!  So Project Quarantine is a nice start but you better think of it more as a killing field.  Now get to work on some black ice!”

Cyber War – SecIntel

16 Saturday Jan 2010

Posted by in cyber war

Leave a comment

Tags

, , , , ,

Four days earlier, Tyler found it difficult to distinguish late evening from early morning in the darkness.  Now that he was sleeping on a cot in a makeshift bunk in the data center, he was completely divorced from the notion of days and nights.  Most of his interactions with measured time were in the realm of UTC or Coordinated Universal Time, oftentimes referred to by laymen as the less accurate Greenwich Mean Time (GMT).  Tyler was -5 GMT, or  minus 5 UTC, so when he looked at a data event from a sensor located somewhere in the world and that event’s time was tagged with 7:00 UTC – Tyler understood that to be 2:00 GMT in his local time zone – or 2am EST.  Tyler was sleeping 4 hour stretches in 20 hour intervals; the same as the 5 other cyber warriors of his unit though everyone was staggered by 4 hours making it possible to share a single cot.  Tyler left the cot a few minutes before the next sleeper arrived, used the restroom, and rejoined the others in the war room.  The time was Sunday, 1:00 UTC, locally Saturday 20:00 UTC, or 8pm EST.

SecIntel was briefing his unit on some new dashboards.  Jane was speaking.  Her masculine voice seriously negated the effect of her curves under that uniform.  “On this dashboard, you typically monitor the volume of high severity sensor events from suspect North Korean ISPs.  I understand ya’ll like to cull the command and control channels for source IPs to target.  We’ll we’ve tuned out some of the noise by correlating it with traffic from our honeypots in Taiwan.  The Chinese cyber warriors are known to obfuscate their source IPs by routing their attacks through multiple hops in Taiwan.  This is why we’ve established honeypots there.  We’re not any closer to tracking their sources but we have recognized a 6 hour window between increased reconnaissance traffic through these honeypots and a corresponding increased level of high severity attacks from North Korea.  By analyzing the recon activity we can guestimate the exploits.  This takes us an hour.  That gives you approximately 5 hours to set traps ahead of the attacks.  Instead of merely using this dashboard to cull a pool of IPs to begin tracking, you can now use it to set traps based on the exploit’s anticipated signature without needing to know the source IP ahead of time.  What do ya’ll think about that?”

Tyler felt like a bank robber seeing the vault door left open.  “Man, ya’ll are good.”

Cyber War – Forensics

15 Friday Jan 2010

Posted by in cyber war

2 Comments

Tags

, , , ,

Tyler was back working in the war room.  The shift started with an operations review from the Console Sergeant while the unit went through the turnover checklist.

“This is what we know team.”  The Console Sergeant would randomly look different unit members directly in the eye as he talked.  He might turn to you once out of eight staff, or twice out of three – completely random.  But the duration of his stare was almost always exactly two minutes without ever looking at his watch.  “The attack wiped the hard drives to various degrees before our defenses pulled the power.  So Forensics focused on our virtual war room since backups were less than 24 hours old.  They discovered 5 vulnerabilities.  Technically two vulnerabilities, one on 2 machines and another on 3 other machines.  These were both Adobe vulnerabilities and there’s no excuse for that!  We’ll deal with that later.  Working on the assumption the attack emanated from one or both of these vulnerabilities, Forensics discovered the exploit.  The command and control function leveraged the DoD messaging system which has apparently been compromised for several months.  Now, I’m not saying we’re responsible for those systems but going forward I want more focus on defensive measures.  Forensics was able to track the exploit into our personnel system working from the assumption that in order to find your home addresses, they must have compromised that platform.  The compromise is confirmed but Forensics isn’t yet sure of the extent of exfiltration.  This is everything I know to date, any questions?”  The Console Sergeant took a sip of his coffee and looked over everyone’s heads.  That was his MO for when he didn’t want questions but Tyler was too tired to notice.

“Sir, what about the black ice that took down the Drone Pilot?”

The Console Sergeant looked into his coffee cup before setting it down and turned his gaze to Tyler.  “We don’t really know it was black ice that killed the Drone Pilot.  He might have suffered an aneurysm coincidentally during the attack.  I don’t believe that of course, but we don’t have evidence yet of the black ice; it was apparently a highly sophisticated Aurora APT.  Clearly, given the attackers were wiping our drives, we can assume they accomplished their objectives.  I assure you Forensics  continues to work around the clock on this.”

Tyler didn’t have any other questions.

Cyber War – NATO

14 Thursday Jan 2010

Posted by in cyber war

Leave a comment

Tags

, , ,

Tyler was falling in and out of sleep at the keyboard.  He was tracking 17 targets and had laid traps for 5 of them, but the usual adrenalin wasn’t there.  Eight hours earlier his house was bombed by his enemies.  He was spared from having to witness the head and limbs being separated from the UPS driver’s torso because first the flash blinded his video feed and then the blast blew apart the camera.  But the drama had left him drained.

After the blast he crawled out the egress window of his basement office and called his Console Sergeant.  The Console Sergeant immediately contacted the rest of the unit working from home and they successfully diffused additional bomb attempts.  So Tyler was now working at the home office of Cyberman First Class, Carl Weaver.  Carl’s unit called him I/O because the guy could hook stuff up.   Remember the movie Independence Day when David (played by Jeff Goldblum)  jacked his Apple laptop into the console port of an alien space ship – apparently with a universal serial bus cable?  Well in the real world, I/O was the guy who could probably actually do that.

I/O called over to Tyler to wake him, “Dude, you watching your dashboards?”

“Hmm, yeah, yeah.  I’m tired man.”

“Go lie down in my guest room, I got your dash.”  I/O paused but knew Tyler wasn’t moving and wasn’t likely to reply either so he struck up a line of conversation to see if he could stimulate him.  “You hear about the drone pilot?”

“No man, I just saw them carry a stretcher into their war room.  What happened?”

“Well they follow the same protocol as us but one of them was beta testing some new VR gear.  He’s brain dead.”

“What!  Are you fucking shitting me?  Holy shit!”  Tyler was alert again.

“I shit you not.  And here’s the deal.  Those drone pilots are Air Force man.  That theoretically  pulls NATO into this.  The  articles of NATO don’t cover cyber war – not that the President has ever acknowledged this as a war – but attacking the Air Force constitutes an attack on a recognized NATO member.  Up ’till now, NATO considered this a U.S. / China trade war.  The shit has hit the fan.”

Cyber War – Home Theater

13 Wednesday Jan 2010

Posted by in cyber war

3 Comments

Tags

, ,

Tyler sat in his game chair booting up his home theater.  The console sergeant ordered the unit to work from home after some oriental black ice took out the war room.  No one on his team was injured but he saw them carry a stretcher into the Drone Pilots’ war room on his way out the door.  Good thing his transfer to the Ethical Hack team full time came through – SecIntel was going to take some shit for this.

The Chinese sourced most of their attacks out to North Korean cyber mercenaries, and those guys weren’t known to have black ice capable of causing physical injury.  Tyler’s team only had two confirmed kills and they’d been at this for awhile.  Their black ice manipulated the target’s monitor and other I/O devices to stimulate a heart attack.  It required the target be physically susceptible and that was a very small population, but it helped spread fear.  All’s fair in cyber warfare.

Protocol would have placed Tyler on a jet to their disaster recovery site, but a funny thing about the Internet.  DARPA created the Net as a measure of robustness for critical computing systems.  The idea that internetworking would add redundancy.  This irony is not lost on hackers.  Tyler’s DR site went down with the same attack that took out his war room.  In retrospect, it’s better to maintain a DR site offline.  But the U.S. Cyber Command is resilient, or at a minimum his unit subscribes well to the consumerization of I/T.  Tyler’s unit was able to work from home.  Home Theater didn’t refer to Tyler’s personal audio/video equipment, but to his home war room.

The system was now fully up and Tyler scanned his situational dashboards.  He heard the brakes of a truck pull up outside his house.  He didn’t have a window view of his front porch but had a video cam out there and brought that up on one of his dashboards.  UPS.  Tyler couldn’t recall any outstanding shipments and googled the UPS tracking site.  Meanwhile the UPS driver placed the package at Tyler’s door and clicked on his wireless PDA to indicate the delivery.  Before he could turn halfway to walk back to his truck, the package exploded, setting fire to Tyler’s house.  The driver became the 2nd official U.S. casualty of cyber war.

Cyber War

12 Tuesday Jan 2010

Posted by in cyber war

Leave a comment

Tags

, , ,

Tyler was emotionally exhausted as he completed the shift turnover checklist with his replacement and badged out of the cyber war room.  He shuffled down the hallway, past the drone pilots’ war room and through the data center mantrap.  The parking lot was dark as he beeped his remote to find his car and he honestly couldn’t tell if it was morning or night.  For the last month he’d been pulling double shifts every other day (actually it makes more sense to refer to the time periods as every other 24 hours) and he had to stare at the military time display on his watch for several moments before his brain registered AM vs PM.  It was PM, so he figured he could quaff a few drinks at the Pwn Shop Lounge  on his way home.  His start of week AM shifts were followed by PM shifts, but his 2nd PM shifts were followed by a free 12 hours.  And the 2nd half of the week was the inverse.  He couldn’t keep track of it any longer.

Once inside the Pwn Shop Lounge, Tyler immediately saw some of the SecIntel soldiers and joined them at their table.  He ordered a cheeseburger and fries and poured himself a beer from the pitcher using an apparently extra glass.  “Cheers comrades.”  Tyler didn’t muster much excitement with the salute, it was more out of formality.  He didn’t work on this crew’s shift, but he did work SecIntel every other night – the last being 12 hours earlier.

“Cheers Tyler.”  This from Jane, the lone female cyber soldier in the crew.  She wasn’t exactly unattractive.  It was her voice, it had zero feminine qualities.  But from the neck down, visually while she wasn’t speaking, she wore the blue skirt and white blouse uniform like a porn star.  And Tyler was sitting next to her.  “So how’s the ethical hack shift soldier?  You fry some Choogles yet?”

Tyler thought “Choogles” was such a stupid term.  It hadn’t really caught on (it refered to Chinese cyber warriors in the context of them trying to replicate the secintel of Google) but Jane was young and into the hacker speech style.  “Not sure Jane.  Google doesn’t confirm our kills for 7 days.  Our black ice generally executes within 24 hours but it takes the Chinese a week to process the death record electronically.  How you doin?”

Tyler’s burger arrived before Jane could reply and she waited while he responded to the server.  “I’m good Tyler.  Wednesdays are my Fridays.  I’m ready to unwind.  You got 12 hours?”

Tyler liked the sound of that.  Hard to believe it wasn’t even a year since Google exited the Chinese market for search engines – which escalated into a full-blown cyber war – and he’d been laid only 3 times since.  War is hell.  “Let me finish this burger.  You want some of my fries?”