Cyber is the New Cold War
The Cold War between the West and the Soviet Union was a period of tension, skirmishes, and proxy wars during the period of 1947 to 1991. Any of these had the potential, at any time, to erupt into full scale and possibly thermonuclear war. Both sides knew about the Cold War. They knew that they were in it, and had deep understanding of what was at stake.
Fast forward to today. Tensions between the West and (primarily) Russia are higher than they were at any point since the end of the Cold War. Russia is increasingly threatened by ever expanding influence, and borders, of NATO, the European Union, and US influence.
Both sides of the Cold War engaged in significant activities of spying. The objective was quite direct- to collect knowledge and secrets from the other side and leverage that information to an advantage. The techniques included:
Human intelligence – using and/or compromising people to obtain secrets
Signals and Communications Intelligence – listening in on other’s communications
Technology Intelligence – Industrial spying including clandestine photography, theft of technology, etc.
The field of counter-intelligence was developed to counter these types of espionage.
During the 2016 USA election campaign, a group known as Fancy Bear (assumed to be controlled by the Russian government) was responsible for hacking both the Democratic National Convention and Republican National Convention in the USA. Similar attacks were conducted to steal communications as recently as the French national election, and UK’s GCHQ uncovered evidence that Fancy Bear intended to target every server in Whitehall, the Home Office, Foreign Office, Ministry of Defence as well as every major TV broadcaster.
Another group known as APT 10 (likely China government backed) recently unleashed a sustained campaign against Managed Services Providers in Japan and elsewhere. The compromise of MSP networks provided broad and unprecedented access to many of their customer’s communications.
The USA announced recently that it laid charges against four men, two of whom are Russian intelligence officials, accusing them of the massive data breach of Yahoo.com, which compromised the communications of half a billion user accounts.
Propaganda is biased, misleading, or false information that is used to promote a specific political perspective, create fear, or cause instability. People of cold war era age will remember posters trumpeting the threat of the “Red Menace” and the fear surrounding the prospect of nuclear war.
Propaganda now takes the form of fake news, twitter bots and social media. During the USA elections, the Brexit vote, and other European elections, a large number of probably automated bots were posting and spreading so much fake news as to drown out the impact of actual events. These bots continue to be made to spread the propaganda chosen by their creators. With such a low cost and high potential for impact, propaganda has attained new heights of influence.
Testing and Probing
A common event during the cold war would be for one side to launch a small, limited incursion or attack on the other side, specifically to test missile detection and defense capabilities. These were generally calculated to be threatening enough to warrant a response, but not enough to cause an escalating round of counter-attacks.
In December 2015 and again in December 2016, the power grid in Ukraine was brought down by an unknown third party hacker. At one point, over thirty substations and 225,000 people were without heat and light due to these compromises.
In April 2017, a Russian Telecommunications provider started to advertise that it was host to over 50 different financial organizations IP addresses, causing communications destined for those addresses to be transmitted to them – and not their rightful destinations. The protocol that the internet uses to determine routing between companies is called BGP, and this event is known as a BGP hijack. While this type of event can be caused by a misconfiguration of equipment, this occasion seems suspicious – in that the list of IP addresses affected contained a very large percentage of ‘high value’ targets. While this event lasted only a few minutes, the response of the global internet could be measured and assessed.
In the Cold War era, several tactics were used by both sides with the goal of gaining the upper hand or destabilizing the other. For example, the Soviet Union armed and supported insurgency during conflicts and civil wars in places like Greece, Korea, Vietnam, Afghanistan, Angola, etc. Invariably, the West aligned with the other side. The effect was that two world powers utilized third party conflicts to attack the interests and/or territorial holdings of each other.
In the new world, much of our existence, valuables, and secrets exist in information, databases, and cyber space. The cold war has evolved as well – in many respects, cyber is the new proxy war.
In 2010, the Stuxnet virus was discovered. Stuxnet was created to damage Iran’s nuclear weapons program by causing logic controllers running Uranium centrifuges to overspeed and self destruct.
In 2014, a group that called itself the “Guardians of Peace,” infiltrated and stole vast amounts of internal data, communications, and intellectual property from Sony Pictures. US intelligence as stated that they believe this was a state sponsored attack led by North Korea.
We have seen WikiLeaks evolve from a whistleblowing website to a Propaganda machine releasing politically motivated information, at well chosen times to attempt to influence the outcome of elections in the USA, UK, Germany, France and others.
The New Reality
We are already in the midst of a cyber based cold war, and have been for some time now. The opponents are well hidden, and have significant capability and motivation.
This article was written by Dave Ehman, an expert in Cyber Security, Aerospace and It technology, and the CTO of Centry.
For more content like this, follow @CentryCyber on Twitter!