Still continuing my series on topics which can be adapted from real-life to cyberspace, I decided to make a shift from social and cultural issues to the other main topic of my blog: security in communications technologies. Last week I came upon an article in the September’s Technological Review, written by Dr. Sandro Gaycken on Cyberwarfare. Thus, inspiration for this Sunday’s article on ‘digital armory’ was given.
As usual, let us start with armory in real-life terms. Since mankind evolved/ was created (do not want to deal with religious issues here), man were fighting for food with and against each other. Man were also fighting against each other for reasons of stupidity and envy. No matter why they were fighting, tools were used to facilitate the process of beating each other up. Clubs and spears might have been the first of these tools which have been used…and are called ‘weapons’. Later on man created armors to protect himself, weapons to pierce armors, means of traveling for strategic purposes and so on. What also may be included but is intentionally left out in this article is the means of strategy as a soft element of warfare – and the different kinds of warfare itself.
Finally, man took war to sea, air and land. The American ‘Star Wars’ project which has been delayed and then canceled (and maybe already revived) should have also taken war to space. Nowadays, man has taken and is currently taking warfare to cyberspace. Therefore, I would like to make a brief distinction. I am not talking about Predator drones which are controlled from faraway by the means of electronic communication – or smart bombs. I am talking about the possibility to use cyberspace as a playfield for warfare, e.g. hacking. Having mentioned, that I will not consider kinds of warfare, I am also not going to define terms of electronic warfare, media warfare, cyber terrorism – this might follow in a later article.
What weapons do exist in the digital armory?
Actually there are not a whole lot (distinctive different ways) of them. One way of intruding into an adversaries system is simply to manually spot its weak spot. That might be open ports which can be scanned with a port scanner or 0-day exploits which are enabled by legitimate programs running on this system. Also, exploits which have never been fixed or where the fixes and updates never found their way to the system – never forget to treat your IT guys well, they like soft drinks and video games! Some call it the real art of hacking/ cracking (depending on the purpose).
Contrary to that there programs such as trojans or viruses which once arrived on the system (and not cleaned up) will facilitate the connection between the attacker and the infected system. Sending someone a picture, which when opened secretly installs sub7, is most likely the easiest method. Once the backdoor has been opened, the attacker has a lot of choices to make. Compared to the first ‘weapon’ this work is said do be done by ‘scriptkiddies’.
Basically that’s it. However, there are a lot of ways of finding a weak spot or installing a program on the designated target system. Programs such as port scanners or network loggers facilitate the search for the spot of choice. Reading security news is also very important, because knowing the weak spots who have been fixed does not necessarily means that they are fixed on all systems (see above). Furthermore, figuring out weak spots of programs before they have been fixed is maybe the most challening but also rewardful activity. Getting a program of choice – such as keyloggers, trojans or backdoor programs – installed can also be done in several ways. Easiest way is to know the email address of the target and try to send him something, he is going to open and therefore infect his computer. Adding a real-life component you could just ‘lose’ a USB pen with interesting files on it in front of the door of your target. When he plugs it in to see what is on there (out of curiosity or because he wants to give it back and therefore find out if there is an address on it) he already lost. Sometimes, so-called ‘social-engineering’ might also help. The art to fake your own identity to make some open some file on his computer. For example, you figured out that your target company is dealing with client xyz. Then you fake the email header, sending the secretary of your target company an email with an attachment saying ‘invitation to whatever’. The minute you send it, you call her, saying your from client xyz and if she can open it invitation because there might be a mistake with the date. I should stop here. Of course I could give an explanation of how the different programs work an so on but for two reasons I am not doing it. Firstly, I am not a very techy guy and secondly I am not in the scene. All I am writing and saying is from security and academe sources but I have never been down to the ground. So I should leave it there before I say something completely wrong.
What about the armor?
Well, I do not know any armor which has not been pierced and in my opinion it is the same with weapons and armors in the digital environment. First of all, there is the choice of your operating system. A lot of means to intrude a system have been written exclusively for Windows systems. So using any UNIX platform such as MAC OS or Linux gives you less headache.
Additionally programs such as firewalls (who take care of your ports when properly adapted) and anti-virus/ malware programs (which take care of installed programs such as keyloggers) might improve your security. Unfortunately they are more reactive than pro-active.
Speaking of, pro-active amor is a well-designed system of computers (de-militarized zones, low privileges for users, routing server with firewalls, separate mail server).This again, involved both, real and digital actions.
The best armor still is knowledge and skills of the guy sitting in front of the computer. Of course I am not talking about the administrators (which have the hardest job here) but also everyone who just uses them. If you are not aware that opening each and every attachment and visiting porn sites from you company computer might be a security, than only god/ the universe can help you. There is not treatment for stupidity or lack of common sense.
In order to stay hidden, the best way of attacking a computer system is completely digital. The best way of defending it on the other hand, depends on hand-on skills of the users. All the above does not only apply for personal interactions but also between companies or even countries. Why is it that recently more and more countries set up there own cyber soldiers? That is what they have to do – secure and strike in cyberspace.
I am also aware, that this article might have raised questions and also lacks some further elaborations, but that is what the next weeks article will be for :).