Download - DISEC - mun.lgsdefence.org
DISEC Study Guide
Agenda: Addressing Threats in the Fifth
Domain
Introduction
From land, sea, air and space, warfare has entered into another domain called
cyberspace. This fifth domain, since it’s creation, has led to a rise in new threats,
with attacks being launched from across the globe. These attacks can be collectively
referred to as ‘cyber-crime’.
Cyber-crime entails any criminal act in correlation to computers and networks. It
often includes traditional crimes committed through networks. In today’s world,
integral factors such as economic development and security enhancement greatly
rely on networks and information technology thus highlighting cyber-crime as a
dilemma on both national and international stages. Cyber-crimes also impose
politically motivated threats and attacks, which have often led to violence. As a
result, cyber- terrorism as a whole threatens peace and promotes violence at a
national and international stage.
Through the years, cyber-threats have grown more aggressive and have had a sheer
impact on its victims. In today’s world, cyber-crime is used as a weapon for
political and national attacks. It has proved to become one of the most clever and
dangerous tactics, already classifying as a modern warfare in some countries.
As of today, state-sponsored cyber-attacks have been growing and are the preferred
state-sponsored warfare due to being more efficient than traditional methods. As a
result, politics and cyber are becoming entwined rapidly and imposing a major threat
to nations. Political entities such as the Democratic National Committee (DNC) and
the Republican National Committee (RNC) have been victims of cyber-crime.
Cyber-crime has affected many states since the 1980s, including the US Secretary of
Defense. There have been many serious incidents of hacking in the past resulting to
serious consequences such as military disasters.
Many of these attacks have been often linked to countries such as China, Russia,
North Korea and the United States. Cyber- crime has resulted to secure the
perpetrator and make it harder to find them thus resulting in allegations thrown
around. As a consequence, there is an increased amount of cyber-threats.
Cyber-crime, moreover hacking, often signifies clear military and political aims,
and its history includes corporate espionage solely for the purpose of weakening
rival companies and has often been accused of being state-sponsored. In
addition, there have been recent issues regarding hackers infiltrating health
services.
Due to such issues alongside the need for technology for securing systems and
states: individual, as well as state liability is put into question. Countries are
working to secure their networks against cyber-threats however it still remains as
a large dilemma, often met with stronger bugs from cyber- attacks or even lack
of funding.
History
During the peak of the Cold War in 1982, an American satellite detected a huge
explosion in Siberia. A faulty computer system that the Soviets had allegedly
stolen from Canada, had been the cause of said explosion, as the Soviets were
unaware the fact that the CIA had reset the program to malfunction. This was
one of the initial stages in using ‘logic bombs’ and cyberspace as a means of
warfare.
Over the years, the process of globalization, including the globalization of cyber
technology created more and more opportunities for mass influence to
individuals and society. One of the negative consequences being: as
development grew, the approach towards crime also widened and accelerated
cyber warfare and contemporary wars through social media.
Cyber-crime cause damage to the world economy totaling up to 445 billion
dollars a year and has serious consequences for the labor market. Cyber-crime
has become a growing industry that harms innovations, trade, competitiveness
and the economy as a whole. The issue has become a major problem for the
major powers as it drops their economy. For instance, in the USA, about 40
million people were faced with stealing of personal information and
identification.
Cyber-crime first started with hackers trying to break into the computer network
for the “thrill”, the way itself got into the wrong hands and was misused to
access sensitive and classified information. Appearing in the
‘60s it had perfectly developed into warfare till the 21st century. Experiments
about connecting to computers and combining them, as networks became an
interest by
1965. At the end of the day, the result was a successful exchange of information
between two computers. On October 20,
1969, a similar experiment was conducted between two computers located in
different cities. From that moment ARPANet started spreading the experiment to
more and more scientific and military institutions.
With the help of industrialization and globalization there was a rapid
development in technology resulting in more penetration into human lives
through cyber activities. As a consequence, it became a posing threat
to today’s crime.
In the 60s, hacking developed from a casual “thrill’’ to a device used to receive
sensitive information. Eventually criminals started to infect computer systems
with computer viruses, which resulted in breakdowns on personal and business
computers. In the 70s, there came the conflict of economic crime through
information technology, as well as industrial espionage. In 1973, the cashier of
the New York Citibank got 2 million dollars transferred into his account using
the office computer. On another occasion during the 70s era of cyber-crime,
there was a robbery from the Security Pacific Bank for 10.2 million dollars.
The economic crime became a huge dilemma. In the 80s, cyber-crime occurred
at a larger scale than ever before, as independent cyber-attacks escalated and
state- sponsored cyber-attacks also began to take place. In 1987, the invasion of
a 17-year old hacker has been one of the most dangerous cyber-crimes
committed. Reason being: the perpetrator could control the system mainframe
and U.S missiles and was only caught when he took copies of the software.
Hacking and illegal distribution of programs and personal content became
widespread and easing into the 90s, a whole range of illegal encroachments
became present including distribution of child pornography, and extremist
scheme virtual networks.
The history of cyber-crime is linked with a history of legislatives and actions to
prevent such action. The Budapest Convention is a convention on cyber-crime.
The Convention is the first international treaty directed towards cyber-crime and
the Internet, dealing specifically with infringements of copyright, computer-
related fraud, child pornography and violations of network security. It demands
international co- operation for legislatives to stop such crimes. It also contains
powers and procedures such as searching on the Internet and interceptions. The
Council of Europe drafted the treaty with ample contribution from observing
states in 2001. The convention also delivers substructure for international
cooperation and is open to ratification even by non-council members and states.
The Convention is the only substantive multipartite agreement with a stated aim
of addressing cyber-crime with focused, consonant legislation and capability
building. Thus, it is largely recognized as a peremptory document and enjoys
abidance from non-signatory states as well. The Convention is also
supplemented by additional protocol, which was adopted in 2003 and consists of
countering racism and xenophobic threats and insults.
The treaty works on a general and mutual sharing of information in order to
facilitate better law enforcement and law down suitable procedures. The Article
23 of the Convention outlines the general proposition under which international
co-operation is pursued. It states as follows:
“Article 23 – General principles relating to international co-operation
The Parties shall co-operate with each other, in accordance with the provisions
of this chapter, and through the application of relevant international instruments
on international cooperation in criminal matters, arrangements agreed on the
basis of
uniform or reciprocal legislation, and domestic laws, to the widest extent
possible for the purposes of investigations or proceedings concerning criminal
offenses related to computer systems and data, or for the collection of evidence
in electronic form of a criminal offense.” (DISEC)
It is evident that the Convention’s assistance relies on the pre-existing co-
operation between the states and parties. Hence, the provisions only deliver to
the already existing multilateral and bilateral treaties between parties.
The Convention on Cyber-crime has also been criticized for its supposed
setbacks. The provisions of the Convention are criticized for supposed
infringement of state sovereignty. In particular, Article 32 is disputable as it
gives local police full access to servers located in another country’s
administration, even without seeking permission from the authorities of the
country. As Russia finds this a threat to its sovereignty it has refused to sign the
treaty and often expresses its displeasure towards the Convention itself. Russia
introduced a new proposal of an international cyberspace treaty. The proposal
was, however, rejected at the 12th UN Congress on Crime Prevention and
Criminal Justice.
Regardless, Brazil and China have refused to adopt the Convention for the same
reason. India also continues to remain a non-signatory to the inequitable
Convention claiming it is too insufficient in tackling cyber-crimes. Therefore,
with multiple countries being non-signatories, the Convention is limited to a
few. Thus, to ensure maximum consensus it should be made sure there is
negotiation and ample participation of all states.
However, the development of cyberspace and its capability of global
communication need to be an integral factor taken into making future
legislatives.
What is the problem?
By 2018, cyber crime has grown exponentially, as the number of hackers grows
more every year and as new techniques have been discovered. With traditional
cyber crime threats such as social engineered trojans, unpatched software,
network traveling worms etc.
becoming more common, it has given rise to much more advanced tactics.
These advanced tactics include
ransomware attacks, cyber-physical attacks, mining cryptocurrencies as well as
hacking elections. Ransomware refers to a type of malware that encrypts and
locks down important files, and then the hackers
demand ransom in exchange for them releasing the files. Cyber-physical attacks
focus on shutting down a city’s electric grid or hacking into a power station etc.
Mining cryptocurrencies refers to the theft of or to have control over digital
currencies such as Bitcoin. Hacking elections further highlights the political
motives behind most cyberwarfare, that aims to destabilize a country or control
its government.
However, one of the biggest problems faced in cyber warfare has to do with how
hackers are able to access private servers and steal information from them. Many
people are not aware of the risks posed by cyber crime and thus have not taken
the necessary precautions to safeguard themselves from malware. This allows
cyber criminals to access users private information remotely and they can pass
through undetected.
In most cases, cyber-criminals convey their communications through a number
of jurisdictions to circumvent the detection of the crime or identity. Terrorist
groups such as Al-Qaeda and Daesh heavily rely on information technology to
proceed with organizational objectives without any interference while avoiding
any information and identification leakage. Networks providing the perfect
platform for mass influence often end up in a successful attempt for many
dangerous parties to fulfill their objectives. Hence, the mass influence of social
media transcends international borders. Many terrorists rely on the transparency
and efficiency of social media to influence, radicalize and raise funds. In
addition, the governments’ incapability of managing the transcended data, as
bounded by the set laws and legislations, facilitates the use of information
technology by terrorist groups. Furthermore, such aspects threaten individuals’
rights; for instance their freedom of expression and moreover, privacy. The
increasing influence has created conflicts at a higher. Conflicts now not only
remain between separate states but identity claims and individual
rights as well as inclusion against exclusion. The world has started to see the
social media in a different light due to it being used strategically by many states
and non-state actors. However, the western world still believes in the traditional
means of war disregarding the new world of contemporary wars.
These contemporary wars are quite different from the traditional aspects of war
as they’re moreover a build-up towards political unrest rather than a direct
action. Contemporary wars are moreover the “mastermind” behind a direct
action, therefore being more verifiable through logical framework rather than
observation or experience.
Furthermore, as western states believe war and conflicts in liberal democracies
need a higher degree of legitimacy, it is more efficient for non-state actors to
gather mass influence from social media. Moreover, it causes a massive effect on
the international relations often demonstrated in past contemporary wars like the
conflict in Ukraine; this signifying that the cyber domain has affected
international relations and framed past strategies and actions and will continue to
do so.
Social media, proven to have a mass influence on every aspect of our life, and
now resulting as warfare has caused a dilemma to rise up and the stigma of
cyber- crime alongside the rapid rise in activism and terrorism has caused the
issue to be discussed at both a national and international stage. With the rise of
such issues, the influence becomes stronger. This creates new concepts to use
social media. This can also be seen when social network sites and web
televisions are used as subtle weapon systems.
Moreover, the growing issue has come with the acceptance of the lines between
social media and terrorism itself are blurring. Different perceptions on the topics
of cyber- crime and cyber security are often
observed. Full-scale conflict is in correlation to information technology in
today’s world. While the acts are perceived as terrorism, the opposing group also
perceives them as activism. From a third eye, it is found to be perceived as
operational support for non- state actors.
With increasing mass influence of social media, it has become a battleground for
states and non-state parties to fight, consequently leading to damaging civilian
lives. Such attacks have been found damaging mass infrastructure, an example
being the Stuxnet attack on Iranian nuclear centrifuges, damaging around 900 of
those without any trace of the perpetrator. Such attacks are often found risking
the civilians’ lives on a large scale.
Status Quo
At present, governments across the world have had to take precautions and put
up safeguards to protect their data from independent cyber attacks as well as
state sponsored. Some of the most advanced cyber security systems have been
developed to protect all the aspects of our lives such as finance, healthcare,
government etc., all of which are dependent on technology.
Such systems use a risk-based approach which requires an in depth
understanding of the threat being faced, which consists of two factors. Firstly,
who is the perpetrator, and what is their aim? Targeted files can be secured by
creating a backup and encrypting them, as well as uploading important files to
different servers, which would make multiple files difficult to access at once.
Inactive silent alarms can also be used to alert the user immediately whenever
they are triggered by someone trying to access locked files.
A combination of such methods are used by governments to build an efficient
and security cyber-security system to control cyber attacks. More laws and
policies are also being made regarding this issue to ensure maximum protection
from hacking groups.
State Sponsored Cyber Attacks
Case Study: The Stuxnet Attack-
The Stuxnet Worm had first emerged in the summer of 2010, and was a 500-
kilobyte computer worm that infiltrated many computer systems. The worm
operated in a process. First, it analyzed and targeted the computer systems and
Windows networks. Then, the machine infiltrated the Windows- based software
that was used massively for operations. Finally, by compromising the Siemens
Step7 software, the worm had access to the industrial logic controllers, which
helped the worm, gain sensitive industrial information as well as control the
operations. Stuxnet could spread widely between computers running Windows,
even those not connected to the Internet.
The Stuxnet Worm attacked over fifteen Iranian facilities. It is believed that the
attack started off due to a random worker’s USB. One of the facilities affected
was the Natanz nuclear facility. When the International Atomic Energy Agency
visited the Natanz facility, they saw numerous uranium centrifuges breaking
however could not understand the reason of the failure.
Later in 2010, Iran technicians contacted computer security experts to examine
their computers and discovered many malicious files on the system. It was
eventually revealed that those malicious files were the Stuxnet Worm. It is
currently estimated to have destroyed 984 uranium enrichment centrifuges
resulting in a 30% decrease in enrichment efficiency. Experts suggest that
the Stuxnet worm attack on the Iranian nuclear facilities was a combined
operation between the U.S and Israel.
In October 2012, the U.S defense secretary alerted that the U.S could be
vulnerable to a “cyber Pearl Harbor”. The month after, Chevron confirmed the
conjecture by admitting that Stuxnet had spread through
its machines.
In spite of the fact that the creators of Stuxnet haven't been formally distinguished,
the size and complexity of the worm have persuaded that it could have been made
just with the sponsorship of a country state, and albeit nobody's possessed up to it,
breaks to the press from authorities in the United States and Israel emphatically
recommend that those two nations did the deed. Since the disclosure of Stuxnet,
Schouwenberg and other PC security engineers have been warding off other
weaponised infections, for example, Duqu, Flame, and Gauss, an invasion that hints
at no lessening. Simply following quite a while of undetected penetration did the
U.S. what's more, Israel release the second variety to assault the axes themselves
and self-duplicate to a wide range of PCs.
Also, the principal variant of Stuxnet was just recognized with the information of
the second.
So while the second Stuxnet is viewed as the primary digital demonstration of
power, the new points of interest uncover that the effect of the principal infection
will be significantly more noteworthy. That is on the grounds that the underlying
assaults "gave a valuable outline to future assailants by featuring the imperial street
to penetration of hard targets": people filling in as contractual workers.
Case Study: Bitcoin Tumbles As Hackers
Hit South Korean Exchange Coinrail-
South Korean cryptographic money trade Coinrail said it was hacked, starting a
lofty fall in Bitcoin in the midst of restored worries about security at virtual cash
trades as worldwide arrangement producers
attempted to manage exchanging the advanced resource.
In an announcement on its site on Monday, June 11 2018, Coinrail said its
framework was hit by "digital interruption" on Sunday, causing a misfortune for
around 30 percent of the coins exchanged on the trade. It didn't evaluate its esteem,
yet in an insourced report nearby news outlet Yonhap news assessed that 40 billion
won ($37.28 million) worth of virtual coins were stolen.
The heist at Coinrail, a generally little South Korean digital money trade, sent the
cost of Bitcoin tumbling to two-month lows as it by and by featured the security
dangers and the frail direction of worldwide cryptographic money markets.
South Korea is one of the world's real digital money exchanging focuses, and is
home to a standout amongst the most vigorously trafficked virtual coin trades,
Bithumb.
South Korean authorities trust that North Korean programmers stole a huge
number of dollars' worth in digital forms of money a year ago, as indicated by
neighborhood reports.
Kyodo News reports that the National Intelligence Service (NIS), instructions the
nation's officials on the digital assaults, said that phishing tricks and different
strategies had yielded many billions of won in client reserves. The news benefit
remarkably revealed that experts in South Korea are testing whether similar
programmers were behind a month ago's assault on Coincheck, which prompted the
robbery of more than $500 million in digital currency.
A year ago's assault on cryptographic money trade Bithumb brought about around
8 billion won being stolen, alongside the individual data of somewhere in the range
of 30,000 clients, as already detailed by CoinDesk. South Korean parliament part
Kim Byung- kee additionally noticed the effect of phishing messages in defrauding
clients, as per Reuters, saying:
"North Korea sent messages that could hack into cryptographic money trades and
their clients' private data and stole (digital currency) worth billions of won."
Isolated North Korea has been ensnared in return hacks and tricks on various events,
and also unsuccessful endeavors at taking digital forms of money from exchanging
locales, as beforehand detailed. A year ago, police authorities guaranteed that North
Korean aggressors endeavored to trap 25 workers at four trades with skewer
phishing assaults; however none seemed to have fallen for the ploy.The endeavored
robberies were first detailed by cyber security firm FireEye, and later affirmed by
government authorities.
The rebel country is by all accounts following digital currencies as an approach to
sidestep budgetary assents forced by the United Nations, especially authorizes voted
in after the nation's ongoing atomic rocket tests.
Case Study: Pyeongchang Winter
Olympics Game Hacked-
A cyber-attack caused the web disturbances amid the Winter Olympics' opening
service on Friday night, Olympic authorities and security specialists said.
Jihye Lee, a representative for the Pyeongchang Organizing Committee, affirmed
Sunday "the innovation issues experienced Friday night were caused by a cyber-
attack."
Mr. Lee did not expound on the reason but rather said that the assault had been
immediately tended to and that frameworks had been settled by Sunday.
The cyber-attack took out web access and broadcasts, grounded supporters'
automatons, closed down the Pyeongchang 2018 site, and kept onlookers from
printing out reservations and going to the function, which brought about a
surprisingly high number of void seats.
Security specialists said they had revealed confirms that the assault had been in
progress since toward the end of last year. It was coordinated at the Pyeongchang
Organizing Committee and fused code that was particularly intended to disturb the
Games or maybe even send a political message.
"This assailant had no goal of leaving the machine usable," a group of scientists
at Cisco's Talos danger knowledge division wrote in an examination Monday.
"The reason for this malware is to perform devastation of the host" and "leave
the PC framework disconnected."
In a meeting, Talos specialists noticed that there was a subtlety to the assault that
they had not seen previously: Even however the programmers plainly showed that
they had the capacity to annihilate casualties' PCs, they held back before doing as
such. They eradicated just reinforcement records on Windows machines and left
open the likelihood that responders could in any case reboot the PCs and fix the
harm.
"For what reason did they pull their punch?" asked Craig Williams, a senior
specialized pioneer at Talos. "Apparently, it's making some political message" that
they could have done far more regrettable, he said.
Talos' discoveries coordinated those of other web security organizations, as
CrowdStrike, which decided on Monday that the assaults had been in progress since
at any rate December. Adam Meyers, VP of knowledge at CrowdStrike, said his
group had found time stamps that demonstrated the dangerous payload that hit the
opening service was developed on Dec. 27 at 11:39 a.m. Composed Universal Time
and 8:39 p.m. in South Korea.
Prominent Cyber Attacks
Titan Rain: the name given by the FBI to a series of coordinated attacks on
American computer systems since 2003 ongoing for at least three years. It was
discovered that the hackers, such as those at Lockheed Martin and NASA,
infiltrated several sensitive private and public computer networks. Not only was
military intel and classified data stolen, but also thousands of “zombified”
machines, i.e. computers infiltrated by malicious software that can be activated
later, were left behind. Titan Rain is considered the largest state-sponsored
cyber-attacks in history, said to have been organized or supported by the Chinese
government.
Cyber Attacks on Estonia: a series of well- planned cyber-attacks began on 27
April 2007 and swamped websites of Estonian organizations, including Estonian
parliament, banks, ministries and broadcasters, amid the country’s row with
Russia about the relocation of a Soviet statue. Due to the sophistication of the
attacks it was claimed that the Russian government had assisted in orchestrating
the attacks. Among others Nashi, a nominally independent proKremlin youth
group, has taken responsibility for the incident. Some argue that it may have
been the second-largest instance of state- sponsored cyber-attack, following
Titan Rain.
Korean Cyber War: Already in 2009 and
2011 North Korea has been blamed for cyber raids against South Korean
organizations. On 15 March, North Korea’s KCNA news agency accused the US
and its allies of large-scale hacking attacks on its Internet servers. Later in
March, around
32,000 South Korean computers at banks and broadcasters were affected by a
cyber- attack. Even though the attack could be traced back to a Chinese IP
address officials emphasized that this did not reveal who was behind the attack,
as hackers can route their attacks through addresses in other countries to obscure
their identities. North Korea is suspected to have staged the attack amid rising
tensions on the Korean Peninsula.
Questions A Resolution Must Answer
1. What factors have caused the progression of cyber crime and how can they be
controlled?
2. To what extent can governments be held responsible for state-sponsored cyber
attacks?
3. How have past resolutions and laws helped control cyber warfare?
4. Which methods can be used to reprimand hackers behind independent cyber
attacks?
5. How can governments take precautions and put up safeguards to protect
themselves from cyber-threats?
Works Cited
• “Bitcoin Tumbles as Hackers Hit South Korean Exchange Coinrail.”
Reuters, Thomson Reuters, 11 June 2018, www.reuters.com/ article/us-
markets-bitcoin-korea/bitcoin- tumbles-as-hackers-hit-south-korean-
exchange-coinrail-idUSKBN1J703I.
• “Cyber Threat Basics, Types of Threats, Intelligence & Best Practices.”
Secureworks, www.secureworks.com/ blog/cyber-threat-basics.
• “Full List.” Council of Europe, Council of Europe,
www.coe.int/en/web/conventions/ full-list/-/conventions/treaty/185.
• Giles, Martin. “The Nasty Surprises Hackers Have in Store for Us in
2018.” MIT Technology Review, MIT Technology Review, 2 Jan. 2018,
www.technologyreview.com/s/609641/ six-cyber-threats-to-really-worry-
about- in-2018/.
• Kelley, Michael B. “The Stuxnet Attack On Iran's Nuclear Plant Was 'Far
More Dangerous' Than Previously Thought.” Business Insider, Business
Insider, 20
• Nov. 2013, www.businessinsider.com/
• stuxnet-was-far-more-dangerous-than- previous-thought-2013-11.
• Lynch, Justin, et al. “Protecting the Nation's Critical Infrastructure | Fifth
Domain: Cyber.” Fifth Domain, Fifth Domain,
www.fifthdomain.com/critical- infrastructure/.
• McKay, Tom. “Pyeongchang Olympics Hit By Cyber Attack, With
Widespread Rumors Russia to Blame.” Gizmodo, Gizmodo.com, 11 Feb.
2018, gizmodo.com/pyeongchang-olympics-hit- by-cyber-attack-with-
• widespre-1822909628.
• “Nation-State Cyber Attacks Come out of the Shadows.” NS Tech, 6 Apr.
2017, tech.newstatesman.com/guest-opinion/ nation-state-cyber-attacks-
come-shadows.
• Perlroth, Nicole. “Cyberattack Caused Olympic Opening Ceremony
Disruption.” The New York Times, The New York Times, 12 Feb.
• 2018, www.nytimes.com/2018/02/12/ technology/winter-olympic-games-
hack.html.
• “South Korea: North Korea Stole Millions From Crypto Exchanges Last
Year.” CoinDesk, CoinDesk, 5 Feb. 2018, www.coindesk.com/south-
korea-north- korea-stole-millions-crypto-exchanges- last-year/.
• Sweet, Carson, and IDG Contributor Network. “State-Sponsored
Cyberattacks Are Now the Preferred Method of Warfare.” CSO Online,
InfoWorld, 30 Oct. 2017, www.csoonline.com/article/3235270/
hacking/state-sponsored-cyberattacks-are- now-the-preferred-method-of-
warfare.html.
• “The Consequences of Cyber Attacks.” JIA SIPA, 23 June 2017,
jia.sipa.columbia.edu/consequences- cyber-attacks.
• “War in the Fifth Domain.” The Economist, The Economist Newspaper, 1
July 2010, www.economist.com/briefing/2010/07/01/ war-in-the-fifth-
domain.
• “Where Does Cyber Crime Come From? History of Cyber Crime.” Le
VPN, 10 Oct. 2017, www.le-vpn.com/history-cyber-crime- origin-
evolution/.