Book Review: Inside Cyber Warfare: Mapping the Cyber Underworld
Book Review: Inside cyber warfare: Mapping the Cyber Underworld by Jeffrey Carr
‘If this book has accomplished anything, it’s shown that cyber warfare is increasingly common, vulnerabilities exist at every level of our infrastructure, and the worst possible response is to deny that the problem exists’. Revealing the ending of a book at the beginning of a review is not a recommended practice but in this case an exception to the rule can be justified. In that one sentence, author Jeffery Carr (CEO of , the Founder and Principal Investigator of Project Grey Goose) articulated his own reason for writing ‘Inside cyber warfare – Mapping the Cyber Underworld. He warns that failing immediate action to protect our national defenses, hostile hackers, sponsored by non-friendly states, could gain access to the most important infrastructures with untold consequences for government and citizens alike.
Jeff’s hard-hitting but persuasive argument of ever increasing threats emerging in the vast arena of cyberspace warranted some deeper delving. Putting my questions to him I received some thought provoking replies. To keep with the flow of the book I have added these questions and answers to the end of each relevant section. Please note that these will not be found within the book.
Technically detailed, this book is an excellent aid for savvy experts exploring how this precariously dangerous state of vulnerability has emerged and yet is suitable for anyone just wanting to get to grips with what cyber warfare is all about. After all, cyber security is increasingly important in our daily personal lives with the rise of social networking, online banking, cell phones; it is not restricted to central business functions. An attempt to improve awareness of the surrounding issues is long overdue.
The rapid growth of internet technology from personal computers to smart grid infrastructures has outpaced a corresponding level of security, unintentional or not. cyber warfare starts by assessing the problem we are facing with Jeffrey deftly negotiating through ‘The Rise of the Non-State Hacker’ with an overview of the prominent players around the world such as Team Evil and the DNS Team, their motivation and actions.
Jart Q: There is a camp on the security analysis side that still argues most cyberwar events have been primarily just a bunch of hacktivists, thoughts?
Jeffrey A: Hacktivists are one group to consider, but they're out at the periphery where they can be used by other State or State-sponsored actors. They're typically associated with the noisier, publicized DDoS (direct denial of service) events that make the news. Lots of bark, little bite.
‘Inside cyber warfare’ leads the reader along a compelling but thoroughly alarming journey, from hackers learning their trade in the cybercriminal markets to applying their knowledge in government aided espionage.
Jeffrey A: The most effective attack tools are the ones that we never hear about; that are produced in State owned R&D labs. Other than those, everything else has its origin in cybercrime. It takes time and money to create a zero day exploit, which in my view is evidence of, at the very least, State sponsorship.
Using the August 2008 StopGeorgia Project Forum as a significant point in the evolution of hacking and cyber attacks and failing any ‘‘international agreement on what constitutes an act of cyber war’ Jeffrey discusses what active defenses states should employ in chapters on ‘The Legal Status of cyber warfare’ and ‘Responding to International Cyber Attacks as Acts of War’ continuing his argument that ‘securing cyberspace is an absolute imperative’. He outlines the role of the intelligence services and the restrictions under which they operate.
Jart Q: As the founder of Grey Goose, many would believe only government security services in combination with large external contractors could or should involve themselves in such research. What is the role for open source in this field?
Jeffrey A: Government agencies as well as the contractors that they engage have to operate under certain authorities and limitations which "security trust networks" like Project Grey Goose do not have to abide by. Consequently, I see us as data providers - data which otherwise would be very hard, if not impossible, for those agencies to obtain.
No in-depth analysis on cyber warfare is complete without considering the role of social networking as an aid to the cyber terrorist; this subject is integrated into the arena of digital foot printing, false identities, bulletproof networks and following the money. Jeffrey details how organized crime and lax internet service providers are linked through a network of bad hosts, spam, botnets and malware resulting in profitable cybercriminal activities through examples such as; Atrivo, ESTDomains and McColo. So how does organized crime integrate into the subject of cyber warfare, such as through the cybercrime ring, the RBN (russian business network), and its links to Russian intelligence and the Russian government?
Jart Q: You say in the book that the RBN dropped from view but never went away, just slipped back under the radar, away from further media spotlight (as you know and I and some others strongly agree). Do you think this was in conjunction with a closer FSB alliance & RU gov protection?
Jeffrey A: Yes, exactly. The Kremlin and Russian organized crime have a relationship of usefulness. That's not to say it’s a formalized agreement. I suspect i’ts much more informal than that, but if the interests of the State and the interests of OC coincide, so much the better.
Jeffrey A: Russian organized crime, in general, and the RBN in particular, create and maintain a bulletproof network of international domain registration and hosting services that the Kremlin can use to attack its political opponents in cyberspace and have plausible deniability while doing it.
Computer forensics, the tool used by investigators to trace the origins of cyber attacks, face an increasingly difficult task though networks of false identities, multiple websites on the same server and proxy servers. Cyber Warfare attempts to chart the ever expanding array of malware being used in cyber attacks although admitting that such a topic is a subject in its own right. This too is the case with ‘The Role of Cyber in Military Doctrine’ being an overview of big country players and their cyber warfare capabilities. Perhaps the most interesting aspect here is an analysis of the Chinese government’s view on ‘information warfare’ with its emphasis on science and mathematics. Chinese students regularly achieve the top places in international competitions, many studying at the best international institutions and returning to serve China in a variety of capacities, including in the People’s Liberation Army. According to Carr, China has a preference for cyber espionage, unlike Russia who has been attributed with acts of cyber warfare. Carr illustrates how cyber espionage by China hackers is inspired by ancient writings where trickery, mischief and mayhem are favored methods.
Jart Q: It would appear that three countries have the potential, with either existing or potential capabilities, to apply major cyberwarfare events; Russia, China, and US. However, it would appear China actually utilizes most of its capability to defend its “Green Wall, and the US would appear to apply most of their efforts in data mining domestic and foreign social networks for anti-terrorist purposes, leaving Russia as the main externally facing cyberwar protagonist, comments?
Jeffrey A: I agree with your assessment as far as it goes, however I would add Israel and Iran as a fourth and fifth State entity. They are almost as aggressive as Russia in their use of cyber operations against geopolitical opponents. Then there's the Palestinian National Authority/Hamas - also very active in terms of cyber operations against Israel.
Jart Q: What other countries, have or are developing significant cyberwar capabilities?
Jeffrey A: See above!
In the book advice for the policymakers follows on from the challenges that we face and what can be done to set up an effective defense mechanism to ward off future cyber attacks. Carr advocates a pro-active approach to cyber warfare and is clear about the ‘what if’ scenarios if policy makers sit back and do nothing. A central theme is that companies providing internet services should be held accountable with proper regulation as their role is central in the strategic infrastructure of the U.S. business environment.
Jart Q: We now regularly see Dennis Blair and others, providing grim warnings of a cyber Armageddon, without major and further funding for cyber defense. How much of this is real and how much of it is simply lobbying for further departmental funding?
Jeffrey A: Hard to say. I think there's certainly an element of hype but on the other hand that's how things get done in DC. Unfortunately, it’s the noisiest wheel in danger of falling off that gets the grease.
Jart Q: Bearing in mind your view that the US govt., tends to favor business above its people, can anything be done to make companies come clean about being the victim of a network attack, in the way you've asked for on your blog, www.intelfusion.net/wordpress/about/, by, for example, making their logs available to determine attribution?
Jeffrey A: Perhaps I didn't do a good job in expressing my position on that. I don't think the Government favors business over its citizens. I think that business favors profit over doing the right thing and the government prefers to do nothing to change that. On the one hand, it's our own U.S. networks that are being used by foreign actors to attack U.S. interests and steal from U.S. companies from inside our own borders. On the other hand, that gives us an opportunity to discover who is paying the bill for these criminal acts via the use of National Security Letters issued by the FBI, CIA, and other U.S. agencies.
Cyber Warfare brings together principal components of the emerging threats that we face in the seemingly infinite arena of cyberspace, a territory that could contain dangers that we perhaps do not yet fully understand or appreciate. This book provides an excellent overview, but with enough detailed analysis, making it an essential guide on the what, why and where of the new cyberspace world in which we now live. My advice to cyberwar skeptics, read Inside Cyber Warfare, and then see if you dare to still deny that the problem exists as a major threat to national security for many countries.
By jart armin
Inside Cyber Warfare: Mapping the Cyber Underworld by Jeffrey Carr, O'Reilly 2010 Print ISBN: 978-0-596-80215-8 / Ebook ISBN: 978-1-4493-8017-5