Inside Cyber Warfare, 2nd Edition

Inside Cyber Warfare, 2nd Edition

by Jeffrey Carr
Released December 2011
Publisher(s): O'Reilly Media, Inc.
ISBN: 9781449325459

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

When the Stuxnet computer worm damaged the Iranian nuclear program in 2010, the public got a small glimpse into modern cyber warfare—without truly realizing the scope of this global conflict. Inside Cyber Warfare provides fascinating and disturbing details on how nations, groups, and individuals throughout the world increasingly rely on Internet attacks to gain military, political, and economic advantages over their adversaries.

This updated second edition takes a detailed look at the complex domain of cyberspace, and the players and strategies involved. You’ll discover how sophisticated hackers working on behalf of states or organized crime patiently play a high-stakes game that could target anyone, regardless of affiliation or nationality.

  • Discover how Russian investment in social networks benefits the Kremlin
  • Learn the role of social networks in fomenting revolution in the Middle East and Northern Africa
  • Explore the rise of anarchist groups such as Anonymous and LulzSec
  • Look inside cyber warfare capabilities of nations including China and Israel
  • Understand how the U.S. can legally engage in covert cyber operations
  • Learn how the Intellectual Property war has become the primary focus of state-sponsored cyber operations

Jeffrey Carr, the founder and CEO of Taia Global, Inc., is a cyber intelligence expert and consultant who specializes in the investigation of cyber attacks against governments and infrastructures by state and non-state hackers.

Publisher resources

View/Submit Errata

Table of contents

  1. Inside Cyber Warfare
  2. Foreword
  3. Preface
    1. How This Book Came to Be
    2. Conventions Used in This Book
    3. Attributions and Permissions
    4. How to Contact Us
    5. Safari® Books Online
    6. Acknowledgments
  4. 1. Assessing the Problem
    1. The Complex Domain of Cyberspace
      1. Cyber Warfare in the 20th and 21st Centuries
        1. China
        2. Israel
        3. Russia
          1. The Second Russian-Chechen War (1997–2001)
          2. The Estonian cyber attacks (2007)
          3. The Russia-Georgia War (2008)
        4. Iran
        5. North Korea
      2. Cyber Espionage
        1. Titan Rain
    2. Cyber Crime
    3. Future Threats
      1. Increasing Awareness
      2. Critical Infrastructure
    4. The Conficker Worm: The Cyber Equivalent of an Extinction Event?
    5. Africa: The Future Home of the World’s Largest Botnet?
    6. The Way Forward
  5. 2. The Rise of the Nonstate Hacker
    1. The StopGeorgia.ru Project Forum
      1. Counter-Surveillance Measures in Place
    2. The Russian Information War
      1. The Foundation for Effective Politics’ War on the Net (Day One)
    3. The Gaza Cyber War between Israeli and Arabic Hackers during Operation Cast Lead
      1. Impact
      2. Overview of Perpetrators
        1. Motivations
      3. Hackers’ Profiles
        1. Team Evil
        2. Cold Zero (aka Cold Z3ro or Roma Burner)
        3. Team Hell (aka Team H3ll or Team Heil)
        4. Agd_Scorp/Peace Crew (aka Agd_Scorp/Terrorist Crew)
        5. Jurm Team
        6. C-H Team (aka H-C Team)
        7. Hackers Pal
        8. Gaza Hacker Team
        9. DNS Team
        10. !TeAm RaBaT-SaLe! (aka Team Rabat-Sale or Team Rabat-Sala)
        11. DZ Team
        12. Ashianeh Security Group
        13. Nimr al-Iraq (“The Tiger of Iraq”) and XX_Hacker_XX
      4. Methods of Attack
        1. Distributed denial of service (DDoS) capability
        2. Website defacements
        3. Viruses and Trojans
      5. Israeli Retaliation
    4. Control the Voice of the Opposition by Controlling the Content in Cyberspace: Nigeria
    5. Are Nonstate Hackers a Protected Asset?
  6. 3. The Legal Status of Cyber Warfare
    1. Nuclear Nonproliferation Treaties
    2. The Antarctic Treaty System and Space Law
    3. UNCLOS
    4. MLAT
      1. United States Versus Russian Federation: Two Different Approaches
    5. The Law of Armed Conflict
    6. Is This an Act of Cyber Warfare?
      1. South Korea
      2. Iran
      3. Tatarstan
      4. United States
      5. Kyrgyzstan
      6. Israel and the Palestinian National Authority
      7. Zimbabwe
      8. Myanmar
    7. Cyber: The Chaotic Domain
  7. 4. Responding to International Cyber Attacks as Acts of War
    1. The Legal Dilemma
      1. The Road Ahead: A Proposal to Use Active Defenses
    2. The Law of War
      1. General Prohibition on the Use of Force
      2. The First Exception: UN Security Council Actions
      3. The Second Exception: Self-Defense
      4. A Subset of Self-Defense: Anticipatory Self-Defense
      5. An Alternate Basis for Using Active Defenses: Reprisals
    3. Nonstate Actors and the Law of War
      1. Armed Attacks by Nonstate Actors
      2. Duties between States
      3. Imputing State Responsibility for Acts by Nonstate Actors
      4. Cross-Border Operations
    4. Analyzing Cyber Attacks under Jus ad Bellum
      1. Cyber Attacks as Armed Attacks
      2. Establishing State Responsibility for Cyber Attacks
      3. The Duty to Prevent Cyber Attacks
      4. Support from International Conventions
      5. Support from State Practice
      6. Support from the General Principles of Law
      7. Support from Judicial Opinions
      8. Fully Defining a State’s Duty to Prevent Cyber Attacks
      9. Sanctuary States and the Practices That Lead to State Responsibility
    5. The Choice to Use Active Defenses
      1. Technological Limitations and Jus ad Bellum Analysis
        1. Limitations on attack detection
        2. Limitations on attack classification
        3. Limitations on attack traces
      2. Jus in Bello Issues Related to the Use of Active Defenses
        1. Active defenses: The most appropriate forceful response
        2. Technological limitations and jus in bello analysis
    6. Conclusion
  8. 5. The Intelligence Component to Cyber Warfare
    1. The Korean DDoS Attacks (July 2009)
      1. The Botnet Versus the Malware
      2. The DPRK’s Capabilities in Cyberspace
    2. One Year After the RU-GE War, Social Networking Sites Fall to DDoS Attack
    3. Ingushetia Conflict, August 2009
    4. The Predictive Role of Intelligence
  9. 6. Nonstate Hackers and the Social Web
    1. Russia
    2. China
    3. The Middle East
    4. Pakistani Hackers and Facebook
    5. The Dark Side of Social Networks
      1. The Cognitive Shield
        1. Examples of OPSEC violations
        2. Adversary scenarios
        3. Study findings
    6. TwitterGate: A Real-World Example of a Social Engineering Attack with Dire Consequences
    7. Automating the Process
      1. Catching More Spies with Robots
        1. The automation and virtualization of social network entities
        2. Owning social network users for a small budget of $300–$1,300
        3. Bringing down a social network from the inside
  10. 7. Follow the Money
    1. False Identities
    2. Components of a Bulletproof Network
      1. ICANN
      2. The Accredited Registrar
      3. The Hosting Company
    3. The Bulletproof Network of StopGeorgia.ru
      1. StopGeorgia.ru
      2. NAUNET.RU
      3. SteadyHost.ru
      4. Innovation IT Solutions Corp
      5. Mirhosting.com
      6. SoftLayer Technologies
    4. SORM-2
    5. The Kremlin and the Russian Internet
      1. Nashi
      2. The Kremlin Spy for Hire Program
      3. Sergei Markov, Estonia, and Nashi
    6. A Three-Tier Model of Command and Control
  11. 8. Organized Crime in Cyberspace
    1. A Subtle Threat
      1. Atrivo/Intercage
      2. ESTDomains
      3. McColo: Bulletproof Hosting for the World’s Largest Botnets
    2. Russian Organized Crime and the Kremlin
  12. 9. Investigating Attribution
    1. Using Open Source Internet Data
      1. Background
      2. What Is an Autonomous System Network?
        1. Timeline of political events
        2. Analysis
        3. Alternate views
    2. Team Cymru and Its Darknet Report
    3. Using WHOIS
      1. Caveats to Using WHOIS
  13. 10. Weaponizing Malware
    1. A New Threat Landscape
      1. StopGeorgia.ru Malware Discussions
        1. SQL injection, blind SQL injection, and using BENCHMARK
      2. Twitter as DDoS Command Post against Iran
      3. Social Engineering
        1. The Social Graph API
      4. Channel Consolidation
      5. An Adversary’s Look at LinkedIn
      6. BIOS-Based Rootkit Attack
      7. Malware for Hire
      8. Anti-Virus Software Cannot Protect You
      9. Targeted Attacks Against Military Brass and Government Executives
        1. Research is the key to offensive capabilities
        2. Delivery of targeted attacks
        3. Command, control, and exfiltration of data
        4. Why client-side 0day vulnerabilities can be so devastating
        5. Protecting against 0day exploits
          1. Defense in Depth
          2. Using technologies such as MOICE and virtualization
          3. Physical separation between data of varying sensitivity
  14. 11. The Role of Cyber in Military Doctrine
    1. The Russian Federation
      1. The Foundation for Effective Politics (FEP)
        1. Chronicles of Information Warfare
        2. Analysis
      2. “Wars of the Future Will Be Information Wars”
        1. Who is Alexandr Burutin?
        2. The speech
          1. Analysis
      3. “RF Military Policy in International Information Security”
        1. The paper
        2. Creating a legend for a cyber attack
      4. The Art of Misdirection
    2. China Military Doctrine
      1. Anti-Access Strategies
      2. The 36 Stratagems
      3. US Military Doctrine
  15. 12. A Cyber Early Warning Model
    1. The Challenge We Face
      1. Cyber Early Warning Networks
      2. Building an Analytical Framework for Cyber Early Warning
        1. Latent tensions
        2. Cyber reconnaissance
        3. Initiating event
        4. Cyber mobilization
        5. Cyber attack
      3. Cases Studies of Previous Cyber Attacks
        1. Case study: Cyber attacks against Georgia
        2. Case study: GhostNet cyber espionage
        3. Case study: Cyber attacks against Denmark
      4. Lessons Learned
      5. Defense Readiness Condition for Cyberspace
  16. 13. Advice for Policymakers from the Field
    1. When It Comes to Cyber Warfare: Shoot the Hostage
    2. The United States Should Use Active Defenses to Defend Its Critical Information Systems
    3. Scenarios and Options to Responding to Cyber Attacks
      1. Scenario 1
        1. Option 1
        2. Option 2
        3. Option 3
        4. Option 4
      2. Scenario 2
        1. Option 1
        2. Option 2
      3. Scenario 3
        1. Option
      4. Scenario 4
        1. Option
    4. In Summary
    5. Whole-of-Nation Cyber Security
  17. 14. Conducting Operations in the Cyber-Space-Time Continuum
    1. Anarchist Clusters: Anonymous, LulzSec, and the Anti-Sec Movement
    2. Social Networks: The Geopolitical Strategy of Russian Investment in Social Media
      1. 2005: A Turning Point
      2. DST and the Kremlin
      3. The Facebook Revolution
    3. Globalization: How Huawei Bypassed US Monitoring by Partnering with Symantec
  18. 15. The Russian Federation: Information Warfare Framework
    1. Russia: The Information Security State
      1. Russian Government Policy
      2. New Laws and Amendments
      3. Government Structures
    2. Russian Ministry of Defense
      1. Administrative Changes
      2. Electronic Warfare Troops
      3. The Federal Service for Technical and Export Control (FSTEC)—Military Unit (Vch) 96010
      4. 5th Central Research and Testing Institute of the Russian Defense Ministry (5th TSNIII)—Military Unit (Vch) 33872
      5. 18th Central Research Institute of the Russian Defense Ministry (18th CRI MOD)—Military Unit (Vch) 11135
      6. 27th Central Research Institute of the Russian Defense Ministry (27th CRI MOD)—Military Unit (Vch) 01168
    3. Internal Security Services: Federal Security Service (FSB), Ministry of Interior (MVD), and Federal Security Organization (FSO)
      1. Federal Security Service Information Security Center (FSB ISC)—Military Unit (Vch) 64829
      2. Russian Federal Security Service Center for Electronic Surveillance of Communications (FSB TSRRSS)—Military Unit (Vch) 71330
      3. FSB Administrative Centers for Information Security
      4. Russian Interior Ministry Center E (MVD Center E)
      5. Russian Interior Ministry Cyber Crimes Directorate (MVD Directorate K)
        1. Implications
      6. Russian Federal Security Organization (FSO)—Military Unit (Vch) 32152
    4. Russian Federation Ministry of Communications and Mass Communications (Minsvyaz)
      1. Roskomnadzor
        1. The cyber vigilantes
    5. Further Research Areas
  19. 16. Cyber Warfare Capabilities by Nation-State
    1. Australia
    2. Brazil
    3. Canada
    4. Czech Republic
    5. Democratic People’s Republic of Korea
    6. Estonia
    7. European Union
    8. France
    9. Germany
    10. India
    11. Iran
    12. Israel
    13. Italy
    14. Kenya
    15. Myanmar
    16. NATO
    17. Netherlands
    18. Nigeria
    19. Pakistan
    20. People’s Republic of China
    21. Poland
    22. Republic of Korea
    23. Russian Federation
    24. Singapore
    25. South Africa
    26. Sweden
    27. Taiwan (Republic of China)
    28. Turkey
    29. United Kingdom
  20. 17. US Department of Defense Cyber Command and Organizational Structure
    1. Summary
    2. Organization
      1. The Joint Staff
      2. Office of the Secretary of Defense
      3. US Strategic Command (USSTRATCOM)
  21. 18. Active Defense for Cyber: A Legal Framework for Covert Countermeasures
    1. Covert Action
    2. Cyber Active Defense Under International Law
    3. Cyber Active Defenses as Covert Action Under International Law
    4. Cyber Attacks Under International Law: Nonstate Actors
  22. Index
  23. About the Author
  24. Colophon
  25. Copyright

Product information

  • Title: Inside Cyber Warfare, 2nd Edition
  • Author(s): Jeffrey Carr
  • Release date: December 2011
  • Publisher(s): O'Reilly Media, Inc.
  • ISBN: 9781449325459