Pages

29 January 2015

Australia Building an Offensive Cyberwar Capability

Christopher Joye
January 27, 2015

The frequency and severity of global cyber-attacks is rising rapidly and extending into outright cyber-war between states. And Australia is no innocent bystander, developing its own cyber-weapons, which we can reveal for the first time have been deployed in counter-terrorist operations overseas.

This new universe of unprecedented digital threats means law enforcement and security authorities require 21st-century tools to combat criminals, anarchists and despots that would do us harm. That is why the proposed mandatory “metadata” retention laws, which seek to preserve the investigative playing field police and intelligence agencies had before the advent of the Internet, are so important.

On June 27 North Korea’s Ambassador to the United Nations, Ja Song-nam, sent a letter to UN Secretary-General Ban Ki-moon, warning that if the US allowed Sony Pictures Entertainment to release a comedy, called The Interview, on a CIA plot to assassinate North Korean dictator Kim Jong-un, it would be tantamount to “undisguised sponsoring of terrorism as well as an act of war”.

"The US should take immediate and appropriate actions to ban the production and distribution of the aforementioned film; otherwise, it will be fully responsible for encouraging and sponsoring terrorism," the letter said.

After infiltrating Sony’s computer network for months and stealing over 100 terabytes of confidential data (including the next James Bond movie’s script), on November 24 a North Korean hacking collective called the “Guardians of Peace” (aka “GOP”) leaked three unreleased Sony films, sensitive salary details and embarrassing email correspondence between top executives and their actors.

They also installed the immensely destructive “Wiper” malware on numerous Sony computers, which erased their information, rendered the machines inoperable, and shutdown the entire Sony network for more than six weeks.

Almost two months after Wiper was detected Sony said it was forced to delay its quarterly filings because its “financial and accounting applications and many other critical information technology applications would not be functional until early February 2015 due to the amount of destruction and disruption that occurred”.

On 18 and 19 December the hackers demanded Sony cancel the December 25 premiere ofThe Interview, and threatened physical attacks on any venues that aired it. Sony promptly withdrew the film.

"We will clearly show …you at the very time and places The Interview be shown, including the premiere, [the] bitter fate those who seek fun in terror should be doomed to,” the hackers wrote.

"Soon all the world will see what an awful movie Sony Pictures Entertainment has made. The world will be full of fear. Remember the 11th of September 2001. We recommend you to keep yourself distant from the places at that time. (If your house is nearby, you’d better leave.)"

The FBI says the malware was compiled on Korean-language computers and is similar to the Wiper code used in a 2013 North Korean cyber-attack on the South’s banking system.

Having identified offensive cyber operations as a low-cost asymmetric capability, North Korea has invested in a formidable cyber-warfare infrastructure. Its primary agency, known as Bureau 121, has 1800 hackers dispersed around the world according to one defector.
Swift US response

The US response was swift. Convinced by evidence garnered from the NSA’s penetration of North Korea’s networks, President Barack Obama, a former civil rights lawyer, sensationally declared on December 19 that the US would retaliate “proportionally” and “in a place and time and manner that we choose”. The characteristically cautious Obama had no doubt about the source of the attacks or the need to react decisively, The New York Times reported.

"We cannot have a society in which some dictator can start imposing censorship here in the US," Obama said, adding that "it says something about North Korea that they decided to have the state mount an all-out assault on a movie studio because of a satirical [comedy]".

US Cyber Command did not wait long. On December 23, and again on December 28, North Korea’s internet and wireless networks were wiped out.

"At Pyongyang time 7:30pm [on Saturday December 28], North Korea’s internet and mobile 3G network came to a standstill," Chinese state media said.

North Korea’s National Defence Commission blamed America for “disrupting the Internet operations of … our republic”. The NDC also racially vilified Obama for being “reckless in words and deeds like a monkey in a tropical forest” after Sony officials went ahead with the release ofThe Interview, which the NDC described as a “dishonest and reactionary movie hurting the dignity of the supreme leadership of [North Korea]”.

In early January Obama also signed off on additional sanctions for North Korea’s “destructive, coercive cyber-related actions during November and December 2014”, which “constitute a continuing threat to the national security, foreign policy, and economy of the United States”.
Worse than Sony

North Korea’s brazen attack highlights how the cyber domain is becoming increasingly chaotic and hazardous despite sustained efforts to establish security mitigants. It also sets a worrying precedent for autocracies fearful of rebuke. Here Edward Snowden’s patron, Russia, is probably a pioneer.

In November it was fingered by Mandiant for sponsoring hacks on major financial institutions, which have exposed tens of millions households, in response to Western sanctions following its invasion of the Ukraine.

Russian Foreign Ministry spokesman Alexander Lukashevich has leapt to North Korea’s defence over Sony, claiming that “the concept of the movie [The Interview] is so aggressive and scandalous that the reaction of the North Korean side … is quite understandable”.

"We perceive US threats to take revenge … as absolutely counterproductive and dangerous, as they only would add tensions to the already difficult situation on the Korean Peninsula and could lead to further escalation of conflict," Mr Lukashevich said.

On January 8 Wired reported that “amid all the noise the Sony hack generated … a far more troubling cyber-attack was largely lost in the chaos”. Germany’s Federal Office for Information Security had disclosed that “advanced” hackers had broken into and physically destroyed part of a German steel mill by “manipulating and disrupting control systems to such a degree that a blast furnace could not be properly shut down”, which caused “massive damage to the system”.

"The know-how of the attacker was very pronounced, not only in conventional IT security but extended to detailed knowledge of applied industrial controls and production processes," the report says.

Wired claims this is “only the second confirmed case in which a wholly digital attack caused physical destruction of equipment”. “The first case, of course, was Stuxnet, the sophisticated digital weapon the US and Israel launched against control systems in Iran in late 2007 or early 2008 to sabotage centrifuges at a uranium enrichment plant.”
Australian cyber offensive

Australia is no passive participant in these cyber conflicts. Multiple intelligence sources have toldThe Australian Financial Reviewthat for more than a decade we have been building an offensive “computer network attack” (CNA) capability inside the Australian Signals Directorate (ASD), which openly advertises for hackers who are “passionate about breaking and securing computer systems” with “knowledge of offensive and defensive techniques to protect Australia’s interests”.

Sources say ASD has launched cyber-attacks on terrorists in the Middle East that were conspiring against Australia. ASD’s small team of CNA specialists, which are a fraction of the people working in its “computer network exploitation” area (which steals foreign intelligence), develop their own malware and borrow payloads from the larger CNA resources residing inside America’s NSA and Britain’s GCHQ.

Australia has also allegedly harnessed its offensive cyber skills to hit back against a non-democratic state that was pilfering our public and private secrets, intelligence sources say.

This involved implanting malware on foreign servers that erased data and disabled the cooling systems such that they were ultimately “fried”.

Every day we seem to learn of new black swans lurking in cyberspace, which reinforce the need for governments, companies and individuals to pre-emptively protect themselves. So despite the revelations of fugitive former NSA contractor Edward Snowden (who has notably never leaked NSA information on the privacy and civil rights abuses of Russia and China’s security agencies), the US, UK and many European nations continue to support mandatory data retention policies.

The issue with the metadata debate is that the cost-benefit analysis lacks balance.

Journalists have done a great job explaining the low probability risk of a democratic government systematically exploiting metadata to the detriment of its own electorate. In this context, calls for more oversight and controls when people access data are spot-on.

There has, however, been less time committed to understanding the ever-changing threat landscape. Many of those who rail against metadata retention are the same “anarcho-libertarians” who dismiss the tsunami of evidence that the internet is being hijacked by individuals and state and non-state entities that want to undermine our way of life.

No comments:

Post a Comment