DISEC Study Guide

Agenda: Addressing Threats in the Fifth

Domain

Introduction

From land, sea, air and space, warfare has entered into another domain called

cyberspace. This fifth domain, since it’s creation, has led to a rise in new threats,

with attacks being launched from across the globe. These attacks can be collectively

referred to as ‘cyber-crime’.

Cyber-crime entails any criminal act in correlation to computers and networks. It

often includes traditional crimes committed through networks. In today’s world,

integral factors such as economic development and security enhancement greatly

rely on networks and information technology thus highlighting cyber-crime as a

dilemma on both national and international stages. Cyber-crimes also impose

politically motivated threats and attacks, which have often led to violence. As a

result, cyber- terrorism as a whole threatens peace and promotes violence at a

national and international stage.

Through the years, cyber-threats have grown more aggressive and have had a sheer

impact on its victims. In today’s world, cyber-crime is used as a weapon for

political and national attacks. It has proved to become one of the most clever and

dangerous tactics, already classifying as a modern warfare in some countries.

As of today, state-sponsored cyber-attacks have been growing and are the preferred

state-sponsored warfare due to being more efficient than traditional methods. As a

result, politics and cyber are becoming entwined rapidly and imposing a major threat

to nations. Political entities such as the Democratic National Committee (DNC) and

the Republican National Committee (RNC) have been victims of cyber-crime.

Cyber-crime has affected many states since the 1980s, including the US Secretary of

Defense. There have been many serious incidents of hacking in the past resulting to

serious consequences such as military disasters.

Many of these attacks have been often linked to countries such as China, Russia,

North Korea and the United States. Cyber- crime has resulted to secure the

perpetrator and make it harder to find them thus resulting in allegations thrown

around. As a consequence, there is an increased amount of cyber-threats.

Cyber-crime, moreover hacking, often signifies clear military and political aims,

and its history includes corporate espionage solely for the purpose of weakening

rival companies and has often been accused of being state-sponsored. In

addition, there have been recent issues regarding hackers infiltrating health

services.

Due to such issues alongside the need for technology for securing systems and

states: individual, as well as state liability is put into question. Countries are

working to secure their networks against cyber-threats however it still remains as

a large dilemma, often met with stronger bugs from cyber- attacks or even lack

of funding.

History

During the peak of the Cold War in 1982, an American satellite detected a huge

explosion in Siberia. A faulty computer system that the Soviets had allegedly

stolen from Canada, had been the cause of said explosion, as the Soviets were

unaware the fact that the CIA had reset the program to malfunction. This was

one of the initial stages in using ‘logic bombs’ and cyberspace as a means of

warfare.

Over the years, the process of globalization, including the globalization of cyber

technology created more and more opportunities for mass influence to

individuals and society. One of the negative consequences being: as

development grew, the approach towards crime also widened and accelerated

cyber warfare and contemporary wars through social media.

Cyber-crime cause damage to the world economy totaling up to 445 billion

dollars a year and has serious consequences for the labor market. Cyber-crime

has become a growing industry that harms innovations, trade, competitiveness

and the economy as a whole. The issue has become a major problem for the

major powers as it drops their economy. For instance, in the USA, about 40

million people were faced with stealing of personal information and

identification.

Cyber-crime first started with hackers trying to break into the computer network

for the “thrill”, the way itself got into the wrong hands and was misused to

access sensitive and classified information. Appearing in the

‘60s it had perfectly developed into warfare till the 21st century. Experiments

about connecting to computers and combining them, as networks became an

interest by

1965. At the end of the day, the result was a successful exchange of information

between two computers. On October 20,

1969, a similar experiment was conducted between two computers located in

different cities. From that moment ARPANet started spreading the experiment to

more and more scientific and military institutions.

With the help of industrialization and globalization there was a rapid

development in technology resulting in more penetration into human lives

through cyber activities. As a consequence, it became a posing threat

to today’s crime.

In the 60s, hacking developed from a casual “thrill’’ to a device used to receive

sensitive information. Eventually criminals started to infect computer systems

with computer viruses, which resulted in breakdowns on personal and business

computers. In the 70s, there came the conflict of economic crime through

information technology, as well as industrial espionage. In 1973, the cashier of

the New York Citibank got 2 million dollars transferred into his account using

the office computer. On another occasion during the 70s era of cyber-crime,

there was a robbery from the Security Pacific Bank for 10.2 million dollars.

The economic crime became a huge dilemma. In the 80s, cyber-crime occurred

at a larger scale than ever before, as independent cyber-attacks escalated and

state- sponsored cyber-attacks also began to take place. In 1987, the invasion of

a 17-year old hacker has been one of the most dangerous cyber-crimes

committed. Reason being: the perpetrator could control the system mainframe

and U.S missiles and was only caught when he took copies of the software.

Hacking and illegal distribution of programs and personal content became

widespread and easing into the 90s, a whole range of illegal encroachments

became present including distribution of child pornography, and extremist

scheme virtual networks.

The history of cyber-crime is linked with a history of legislatives and actions to

prevent such action. The Budapest Convention is a convention on cyber-crime.

The Convention is the first international treaty directed towards cyber-crime and

the Internet, dealing specifically with infringements of copyright, computer-

related fraud, child pornography and violations of network security. It demands

international co- operation for legislatives to stop such crimes. It also contains

powers and procedures such as searching on the Internet and interceptions. The

Council of Europe drafted the treaty with ample contribution from observing

states in 2001. The convention also delivers substructure for international

cooperation and is open to ratification even by non-council members and states.

The Convention is the only substantive multipartite agreement with a stated aim

of addressing cyber-crime with focused, consonant legislation and capability

building. Thus, it is largely recognized as a peremptory document and enjoys

abidance from non-signatory states as well. The Convention is also

supplemented by additional protocol, which was adopted in 2003 and consists of

countering racism and xenophobic threats and insults.

The treaty works on a general and mutual sharing of information in order to

facilitate better law enforcement and law down suitable procedures. The Article

23 of the Convention outlines the general proposition under which international

co-operation is pursued. It states as follows:

“Article 23 – General principles relating to international co-operation

The Parties shall co-operate with each other, in accordance with the provisions

of this chapter, and through the application of relevant international instruments

on international cooperation in criminal matters, arrangements agreed on the

basis of

uniform or reciprocal legislation, and domestic laws, to the widest extent

possible for the purposes of investigations or proceedings concerning criminal

offenses related to computer systems and data, or for the collection of evidence

in electronic form of a criminal offense.” (DISEC)

It is evident that the Convention’s assistance relies on the pre-existing co-

operation between the states and parties. Hence, the provisions only deliver to

the already existing multilateral and bilateral treaties between parties.

The Convention on Cyber-crime has also been criticized for its supposed

setbacks. The provisions of the Convention are criticized for supposed

infringement of state sovereignty. In particular, Article 32 is disputable as it

gives local police full access to servers located in another country’s

administration, even without seeking permission from the authorities of the

country. As Russia finds this a threat to its sovereignty it has refused to sign the

treaty and often expresses its displeasure towards the Convention itself. Russia

introduced a new proposal of an international cyberspace treaty. The proposal

was, however, rejected at the 12th UN Congress on Crime Prevention and

Criminal Justice.

Regardless, Brazil and China have refused to adopt the Convention for the same

reason. India also continues to remain a non-signatory to the inequitable

Convention claiming it is too insufficient in tackling cyber-crimes. Therefore,

with multiple countries being non-signatories, the Convention is limited to a

few. Thus, to ensure maximum consensus it should be made sure there is

negotiation and ample participation of all states.

However, the development of cyberspace and its capability of global

communication need to be an integral factor taken into making future

legislatives.

What is the problem?

By 2018, cyber crime has grown exponentially, as the number of hackers grows

more every year and as new techniques have been discovered. With traditional

cyber crime threats such as social engineered trojans, unpatched software,

network traveling worms etc.

becoming more common, it has given rise to much more advanced tactics.

These advanced tactics include

ransomware attacks, cyber-physical attacks, mining cryptocurrencies as well as

hacking elections. Ransomware refers to a type of malware that encrypts and

locks down important files, and then the hackers

demand ransom in exchange for them releasing the files. Cyber-physical attacks

focus on shutting down a city’s electric grid or hacking into a power station etc.

Mining cryptocurrencies refers to the theft of or to have control over digital

currencies such as Bitcoin. Hacking elections further highlights the political

motives behind most cyberwarfare, that aims to destabilize a country or control

its government.

However, one of the biggest problems faced in cyber warfare has to do with how

hackers are able to access private servers and steal information from them. Many

people are not aware of the risks posed by cyber crime and thus have not taken

the necessary precautions to safeguard themselves from malware. This allows

cyber criminals to access users private information remotely and they can pass

through undetected.

In most cases, cyber-criminals convey their communications through a number

of jurisdictions to circumvent the detection of the crime or identity. Terrorist

groups such as Al-Qaeda and Daesh heavily rely on information technology to

proceed with organizational objectives without any interference while avoiding

any information and identification leakage. Networks providing the perfect

platform for mass influence often end up in a successful attempt for many

dangerous parties to fulfill their objectives. Hence, the mass influence of social

media transcends international borders. Many terrorists rely on the transparency

and efficiency of social media to influence, radicalize and raise funds. In

addition, the governments’ incapability of managing the transcended data, as

bounded by the set laws and legislations, facilitates the use of information

technology by terrorist groups. Furthermore, such aspects threaten individuals’

rights; for instance their freedom of expression and moreover, privacy. The

increasing influence has created conflicts at a higher. Conflicts now not only

remain between separate states but identity claims and individual

rights as well as inclusion against exclusion. The world has started to see the

social media in a different light due to it being used strategically by many states

and non-state actors. However, the western world still believes in the traditional

means of war disregarding the new world of contemporary wars.

These contemporary wars are quite different from the traditional aspects of war

as they’re moreover a build-up towards political unrest rather than a direct

action. Contemporary wars are moreover the “mastermind” behind a direct

action, therefore being more verifiable through logical framework rather than

observation or experience.

Furthermore, as western states believe war and conflicts in liberal democracies

need a higher degree of legitimacy, it is more efficient for non-state actors to

gather mass influence from social media. Moreover, it causes a massive effect on

the international relations often demonstrated in past contemporary wars like the

conflict in Ukraine; this signifying that the cyber domain has affected

international relations and framed past strategies and actions and will continue to

do so.

Social media, proven to have a mass influence on every aspect of our life, and

now resulting as warfare has caused a dilemma to rise up and the stigma of

cyber- crime alongside the rapid rise in activism and terrorism has caused the

issue to be discussed at both a national and international stage. With the rise of

such issues, the influence becomes stronger. This creates new concepts to use

social media. This can also be seen when social network sites and web

televisions are used as subtle weapon systems.

Moreover, the growing issue has come with the acceptance of the lines between

social media and terrorism itself are blurring. Different perceptions on the topics

of cyber- crime and cyber security are often

observed. Full-scale conflict is in correlation to information technology in

today’s world. While the acts are perceived as terrorism, the opposing group also

perceives them as activism. From a third eye, it is found to be perceived as

operational support for non- state actors.

With increasing mass influence of social media, it has become a battleground for

states and non-state parties to fight, consequently leading to damaging civilian

lives. Such attacks have been found damaging mass infrastructure, an example

being the Stuxnet attack on Iranian nuclear centrifuges, damaging around 900 of

those without any trace of the perpetrator. Such attacks are often found risking

the civilians’ lives on a large scale.

Status Quo

At present, governments across the world have had to take precautions and put

up safeguards to protect their data from independent cyber attacks as well as

state sponsored. Some of the most advanced cyber security systems have been

developed to protect all the aspects of our lives such as finance, healthcare,

government etc., all of which are dependent on technology.

Such systems use a risk-based approach which requires an in depth

understanding of the threat being faced, which consists of two factors. Firstly,

who is the perpetrator, and what is their aim? Targeted files can be secured by

creating a backup and encrypting them, as well as uploading important files to

different servers, which would make multiple files difficult to access at once.

Inactive silent alarms can also be used to alert the user immediately whenever

they are triggered by someone trying to access locked files.

A combination of such methods are used by governments to build an efficient

and security cyber-security system to control cyber attacks. More laws and

policies are also being made regarding this issue to ensure maximum protection

from hacking groups.

State Sponsored Cyber Attacks

Case Study: The Stuxnet Attack-

The Stuxnet Worm had first emerged in the summer of 2010, and was a 500-

kilobyte computer worm that infiltrated many computer systems. The worm

operated in a process. First, it analyzed and targeted the computer systems and

Windows networks. Then, the machine infiltrated the Windows- based software

that was used massively for operations. Finally, by compromising the Siemens

Step7 software, the worm had access to the industrial logic controllers, which

helped the worm, gain sensitive industrial information as well as control the

operations. Stuxnet could spread widely between computers running Windows,

even those not connected to the Internet.

The Stuxnet Worm attacked over fifteen Iranian facilities. It is believed that the

attack started off due to a random worker’s USB. One of the facilities affected

was the Natanz nuclear facility. When the International Atomic Energy Agency

visited the Natanz facility, they saw numerous uranium centrifuges breaking

however could not understand the reason of the failure.

Later in 2010, Iran technicians contacted computer security experts to examine

their computers and discovered many malicious files on the system. It was

eventually revealed that those malicious files were the Stuxnet Worm. It is

currently estimated to have destroyed 984 uranium enrichment centrifuges

resulting in a 30% decrease in enrichment efficiency. Experts suggest that

the Stuxnet worm attack on the Iranian nuclear facilities was a combined

operation between the U.S and Israel.

In October 2012, the U.S defense secretary alerted that the U.S could be

vulnerable to a “cyber Pearl Harbor”. The month after, Chevron confirmed the

conjecture by admitting that Stuxnet had spread through

its machines.

In spite of the fact that the creators of Stuxnet haven't been formally distinguished,

the size and complexity of the worm have persuaded that it could have been made

just with the sponsorship of a country state, and albeit nobody's possessed up to it,

breaks to the press from authorities in the United States and Israel emphatically

recommend that those two nations did the deed. Since the disclosure of Stuxnet,

Schouwenberg and other PC security engineers have been warding off other

weaponised infections, for example, Duqu, Flame, and Gauss, an invasion that hints

at no lessening. Simply following quite a while of undetected penetration did the

U.S. what's more, Israel release the second variety to assault the axes themselves

and self-duplicate to a wide range of PCs.

Also, the principal variant of Stuxnet was just recognized with the information of

the second.

So while the second Stuxnet is viewed as the primary digital demonstration of

power, the new points of interest uncover that the effect of the principal infection

will be significantly more noteworthy. That is on the grounds that the underlying

assaults "gave a valuable outline to future assailants by featuring the imperial street

to penetration of hard targets": people filling in as contractual workers.

Case Study: Bitcoin Tumbles As Hackers

Hit South Korean Exchange Coinrail-

South Korean cryptographic money trade Coinrail said it was hacked, starting a

lofty fall in Bitcoin in the midst of restored worries about security at virtual cash

trades as worldwide arrangement producers

attempted to manage exchanging the advanced resource.

In an announcement on its site on Monday, June 11 2018, Coinrail said its

framework was hit by "digital interruption" on Sunday, causing a misfortune for

around 30 percent of the coins exchanged on the trade. It didn't evaluate its esteem,

yet in an insourced report nearby news outlet Yonhap news assessed that 40 billion

won ($37.28 million) worth of virtual coins were stolen.

The heist at Coinrail, a generally little South Korean digital money trade, sent the

cost of Bitcoin tumbling to two-month lows as it by and by featured the security

dangers and the frail direction of worldwide cryptographic money markets.

South Korea is one of the world's real digital money exchanging focuses, and is

home to a standout amongst the most vigorously trafficked virtual coin trades,

Bithumb.

South Korean authorities trust that North Korean programmers stole a huge

number of dollars' worth in digital forms of money a year ago, as indicated by

neighborhood reports.

Kyodo News reports that the National Intelligence Service (NIS), instructions the

nation's officials on the digital assaults, said that phishing tricks and different

strategies had yielded many billions of won in client reserves. The news benefit

remarkably revealed that experts in South Korea are testing whether similar

programmers were behind a month ago's assault on Coincheck, which prompted the

robbery of more than $500 million in digital currency.

A year ago's assault on cryptographic money trade Bithumb brought about around

8 billion won being stolen, alongside the individual data of somewhere in the range

of 30,000 clients, as already detailed by CoinDesk. South Korean parliament part

Kim Byung- kee additionally noticed the effect of phishing messages in defrauding

clients, as per Reuters, saying:

"North Korea sent messages that could hack into cryptographic money trades and

their clients' private data and stole (digital currency) worth billions of won."

Isolated North Korea has been ensnared in return hacks and tricks on various events,

and also unsuccessful endeavors at taking digital forms of money from exchanging

locales, as beforehand detailed. A year ago, police authorities guaranteed that North

Korean aggressors endeavored to trap 25 workers at four trades with skewer

phishing assaults; however none seemed to have fallen for the ploy.The endeavored

robberies were first detailed by cyber security firm FireEye, and later affirmed by

government authorities.

The rebel country is by all accounts following digital currencies as an approach to

sidestep budgetary assents forced by the United Nations, especially authorizes voted

in after the nation's ongoing atomic rocket tests.

Case Study: Pyeongchang Winter

Olympics Game Hacked-

A cyber-attack caused the web disturbances amid the Winter Olympics' opening

service on Friday night, Olympic authorities and security specialists said.

Jihye Lee, a representative for the Pyeongchang Organizing Committee, affirmed

Sunday "the innovation issues experienced Friday night were caused by a cyber-

attack."

Mr. Lee did not expound on the reason but rather said that the assault had been

immediately tended to and that frameworks had been settled by Sunday.

The cyber-attack took out web access and broadcasts, grounded supporters'

automatons, closed down the Pyeongchang 2018 site, and kept onlookers from

printing out reservations and going to the function, which brought about a

surprisingly high number of void seats.

Security specialists said they had revealed confirms that the assault had been in

progress since toward the end of last year. It was coordinated at the Pyeongchang

Organizing Committee and fused code that was particularly intended to disturb the

Games or maybe even send a political message.

"This assailant had no goal of leaving the machine usable," a group of scientists

at Cisco's Talos danger knowledge division wrote in an examination Monday.

"The reason for this malware is to perform devastation of the host" and "leave

the PC framework disconnected."

In a meeting, Talos specialists noticed that there was a subtlety to the assault that

they had not seen previously: Even however the programmers plainly showed that

they had the capacity to annihilate casualties' PCs, they held back before doing as

such. They eradicated just reinforcement records on Windows machines and left

open the likelihood that responders could in any case reboot the PCs and fix the

harm.

"For what reason did they pull their punch?" asked Craig Williams, a senior

specialized pioneer at Talos. "Apparently, it's making some political message" that

they could have done far more regrettable, he said.

Talos' discoveries coordinated those of other web security organizations, as

CrowdStrike, which decided on Monday that the assaults had been in progress since

at any rate December. Adam Meyers, VP of knowledge at CrowdStrike, said his

group had found time stamps that demonstrated the dangerous payload that hit the

opening service was developed on Dec. 27 at 11:39 a.m. Composed Universal Time

and 8:39 p.m. in South Korea.

Prominent Cyber Attacks

Titan Rain: the name given by the FBI to a series of coordinated attacks on

American computer systems since 2003 ongoing for at least three years. It was

discovered that the hackers, such as those at Lockheed Martin and NASA,

infiltrated several sensitive private and public computer networks. Not only was

military intel and classified data stolen, but also thousands of “zombified”

machines, i.e. computers infiltrated by malicious software that can be activated

later, were left behind. Titan Rain is considered the largest state-sponsored

cyber-attacks in history, said to have been organized or supported by the Chinese

government.

Cyber Attacks on Estonia: a series of well- planned cyber-attacks began on 27

April 2007 and swamped websites of Estonian organizations, including Estonian

parliament, banks, ministries and broadcasters, amid the country’s row with

Russia about the relocation of a Soviet statue. Due to the sophistication of the

attacks it was claimed that the Russian government had assisted in orchestrating

the attacks. Among others Nashi, a nominally independent proKremlin youth

group, has taken responsibility for the incident. Some argue that it may have

been the second-largest instance of state- sponsored cyber-attack, following

Titan Rain.

Korean Cyber War: Already in 2009 and

2011 North Korea has been blamed for cyber raids against South Korean

organizations. On 15 March, North Korea’s KCNA news agency accused the US

and its allies of large-scale hacking attacks on its Internet servers. Later in

March, around

32,000 South Korean computers at banks and broadcasters were affected by a

cyber- attack. Even though the attack could be traced back to a Chinese IP

address officials emphasized that this did not reveal who was behind the attack,

as hackers can route their attacks through addresses in other countries to obscure

their identities. North Korea is suspected to have staged the attack amid rising

tensions on the Korean Peninsula.

Questions A Resolution Must Answer

1. What factors have caused the progression of cyber crime and how can they be

controlled?

2. To what extent can governments be held responsible for state-sponsored cyber

attacks?

3. How have past resolutions and laws helped control cyber warfare?

4. Which methods can be used to reprimand hackers behind independent cyber

attacks?

5. How can governments take precautions and put up safeguards to protect

themselves from cyber-threats?

Works Cited

• “Bitcoin Tumbles as Hackers Hit South Korean Exchange Coinrail.”

Reuters, Thomson Reuters, 11 June 2018, www.reuters.com/ article/us-

markets-bitcoin-korea/bitcoin- tumbles-as-hackers-hit-south-korean-

exchange-coinrail-idUSKBN1J703I.

• “Cyber Threat Basics, Types of Threats, Intelligence & Best Practices.”

Secureworks, www.secureworks.com/ blog/cyber-threat-basics.

• “Full List.” Council of Europe, Council of Europe,

www.coe.int/en/web/conventions/ full-list/-/conventions/treaty/185.

• Giles, Martin. “The Nasty Surprises Hackers Have in Store for Us in

2018.” MIT Technology Review, MIT Technology Review, 2 Jan. 2018,

www.technologyreview.com/s/609641/ six-cyber-threats-to-really-worry-

about- in-2018/.

• Kelley, Michael B. “The Stuxnet Attack On Iran's Nuclear Plant Was 'Far

More Dangerous' Than Previously Thought.” Business Insider, Business

Insider, 20

• Nov. 2013, www.businessinsider.com/

• stuxnet-was-far-more-dangerous-than- previous-thought-2013-11.

• Lynch, Justin, et al. “Protecting the Nation's Critical Infrastructure | Fifth

Domain: Cyber.” Fifth Domain, Fifth Domain,

www.fifthdomain.com/critical- infrastructure/.

• McKay, Tom. “Pyeongchang Olympics Hit By Cyber Attack, With

Widespread Rumors Russia to Blame.” Gizmodo, Gizmodo.com, 11 Feb.

2018, gizmodo.com/pyeongchang-olympics-hit- by-cyber-attack-with-

• widespre-1822909628.

• “Nation-State Cyber Attacks Come out of the Shadows.” NS Tech, 6 Apr.

2017, tech.newstatesman.com/guest-opinion/ nation-state-cyber-attacks-

come-shadows.

• Perlroth, Nicole. “Cyberattack Caused Olympic Opening Ceremony

Disruption.” The New York Times, The New York Times, 12 Feb.

• 2018, www.nytimes.com/2018/02/12/ technology/winter-olympic-games-

hack.html.

• “South Korea: North Korea Stole Millions From Crypto Exchanges Last

Year.” CoinDesk, CoinDesk, 5 Feb. 2018, www.coindesk.com/south-

korea-north- korea-stole-millions-crypto-exchanges- last-year/.

• Sweet, Carson, and IDG Contributor Network. “State-Sponsored

Cyberattacks Are Now the Preferred Method of Warfare.” CSO Online,

InfoWorld, 30 Oct. 2017, www.csoonline.com/article/3235270/

hacking/state-sponsored-cyberattacks-are- now-the-preferred-method-of-

warfare.html.

• “The Consequences of Cyber Attacks.” JIA SIPA, 23 June 2017,

jia.sipa.columbia.edu/consequences- cyber-attacks.

• “War in the Fifth Domain.” The Economist, The Economist Newspaper, 1

July 2010, www.economist.com/briefing/2010/07/01/ war-in-the-fifth-

domain.

• “Where Does Cyber Crime Come From? History of Cyber Crime.” Le

VPN, 10 Oct. 2017, www.le-vpn.com/history-cyber-crime- origin-

evolution/.