Saturday, April 04, 2009

And the Cyber Cold War rages on....

President Obama has done nothing to straighten up military forces especially Air Force Space Command (aka has USAF Cyber command) on the grim situtation that China and Russia now know our entire power grid infrastructure and may use blackouts as social engineering for their defense. So far the trojans/logic bombs haven't done any collateral damage as it has a remote control fuse it seems. The President has been overly cowardly to not bring up this concern as he is too busy trying to make friends with the Europeans. China and Russia have this Asian pact where they give us Intellegence on terrorism, but they make up their loss of sheer political power in the cyber cold war it seems. It could be a social enginnering game of cat and mouse with blackouts as severe as the Northeast Blackout of 2003 (caused by UNIX glitch which put the plant into safe mode).



The recent news about GhostNet, the suspected cyber espionage activity of the Chinese government uncovered by The Information Warfare Monitor is alarming news, to say the least. More than a thousand computers have been compromised with apparent ease, many in high-value secure government offices. Researchers revealed that the compromises were so sophisticated, that confidential documents were removed, video cameras and microphones turned on to observe events, and sophisticated key-loggers tracked everything that was typed. According to two of my sources well-placed in government and computer security, this is just the frightening tip of an enormous iceberg.
Many will recall my report on the FBI's concern about counterfeit network router hardware being installed in businesses and government agencies all across the nation. Many were concerned that the counterfeit routers contained code that allowed for a broad range of back-doors into secure computer systems, as well as covert kill-switches that would shut-down after receiving a remote signal. Indeed, several analysts found thousands of additional lines of machine code as compared to a non-counterfeit. Since the counterfeit hardware originated in China, the FBI was very concerned, so much so that they responded to my report.
Our work here, together on abovetopsecret, broke that important story to the world.
I've recently spoken to two well-placed computer security experts who firmly believe there is a frightening connection between GhostNet and the counterfeit routers. Their fear is that we are mere months away from a series of significant cyber attacks on key private sector businesses and portions of our infrastructure.
My first contact is a highly experienced computer security expert who often works directly with law enforcement and intelligence agencies. Asking for my assurances of complete confidence in his anonymity, he revealed that there is a great deal of concern, both among his IT counterparts and security experts within law enforcement, that GhostNet is a sophisticate reconnaissance system designed to locate the counterfeit routers. Many are speculating that the gHost RAT trojan (delivered via email and has been in broad use for months) may be triggered by recognizing key attributes of the counterfeit routers, and reports back the details of the exploitable network.
Experts are concerned that the number of infected systems discovered by The Information Warfare Monitor may very well be a tiny percentage of networks that are known to be exploitable, but not yet infected. GhostNet is cataloging potential networks and refining the cyber weapons for the next round of attacks. The activity seen thus far has been proof-of-concept tests of computer take-over software in preparation for larger-scale attacks -- a weapons test if you will.
My second contact is an IT manager at a large financial products company who tracked down and replaced a number of counterfeit routers in their network. As their internal security team examined all systems connected to the removed routers, he was alarmed at their findings. Nearly all of the Windows-based computer systems connected to the routers contained some form of malware. In comparison to other Windows computers on their network, only 10-20% on average had any type of malware. He cautioned that all of the systems on the counterfeit routers were new systems in public-facing installations (branch offices), and a higher-than normal infection rate was expected. However, the 100% infection-rate was unusual.
Both of these computer security professionals are increasingly concerned about the convergence of these two items that appear to point back to either the Chinese government, or Chinese state-sponosored cyber criminals. The report from Information Warfare Monitor stops short of specifically naming the Chinese government, or intelligence agencies within the government, as the culprit of these attacks. However, we do know that their intelligence agencies and law enforcement units have acted upon information obtained through GhostNet.
My contacts feel we (western nations) are mere months away from the second, more serious wave, of attacks designed to harm key corporations and interrupt vital infrastructure. The hope is that GhostNet is a tool of cyber criminals -- after all, if that is the case, we're safe, no criminal would cripple the networks that provide their bounty. What worries them most, however, is the combination of our complete lack of preparation (the U.S. DHS cyber security division is a joke), the stunning sophistication and multi-tiered nature of these attacks, and the disturbing potential connection to the Chinese government. To be clear, they feel a second wave of attacks are not likely to be a national disaster that cripples the nation, that may be reserved for the third wave.
The conspiracy theorist in me observes a number of causes for concern.
(1) - The mainstream press appears to be working hard to spike or avoid any connection of GhostNet back to the counterfeit router issue.
(2) - The media, especially US-based media, is typically over-playing the "hacker criminal" aspect of this story so as to avoid concern over state-sponsored cyber warfare -- they know we (western nations) are at a disadvantage.
(3) - The Chinese government has recently made a great deal of noise voicing concern over the US dollar and the need for a global currency. Causing harm to the US infrastructure through a well-placed cyber attack may significantly weaken the dollar and hasten their financial agenda.
(4) - After all that has happened after September, 2001, especially the increase in sophisticated Internet attacks as well as known state-sponsored cyber terrorism, why has the government let us down?
These developments indicate the Internet equivalent of the 9/11 attacks may very well be on the horizon. And again, we are not only not ready, we're completely clueless

No comments :