Cyber war stakes rising

U.S. intelligence officials have warned as nation-sponsored cyber warfare goes mainstream this year, attacks on U.S. installations and institutions could result not just in damage and theft but in fatalities.

By Richard Sale January 15, 2013

U.S. intelligence officials have warned as nation-sponsored cyber warfare goes mainstream this year, attacks on U.S. installations and institutions could result not just in damage and theft but in fatalities.

They believe fatalities could occur and “that is the best estimate at this point,” said the former senior intelligence official.

Currently 12 of the world’s 15 largest military powers are building cyber warfare programs, these intelligence sources told ISSSource, adding the number of intrusions and attacks has increased dramatically over the last several years.

U.S. security researchers have warned because of vulnerability in the firmware, attackers could tap into Voice over IP (VoIP) products from Cisco and other manufacturers. The research at Columbia Engineering – funded by U.S. military research arm, the Defense Advanced Research Projects Agency (DARPA) found the flaw affected all 14 of Cisco’s Unified IP Phone models that are used in government departments and corporations around the world. Equipment from other manufacturers could also be vulnerable.

By inserting malware into handsets the researchers said they could start eavesdropping on private conversations, “not just on the phone but also in the phone’s surroundings. It’s not just Cisco phones that are at risk. All VoIP phones are particularly problematic since they are everywhere and reveal our private communications,” said project leader, Professor Salvatore Stolfo.

Last year, cyber attacks at the Iranian government were uncovered and Iran retaliated with “denial of service” attacks at U.S. banks and Saudi oil companies that are continuing today. Over 10 U.S. banks were under cyber attack by Iranian hackers for over a week, interrupting service. Just Tuesday, Wells Fargo may have also been the victim of a sophisticated campaign of distributed denial-of-service (DDoS) attacks. Other victims included Bank of America, PNC, BB&T, JPMorgan Chase and others.

In addition, ISSSource reported Iran intensified its attempt to push forward its cyber war capabilities with a six-month rash of virus attacks that culminated with its hackers disabling 30,000 computers at Saudi Aramco, the world’s largest oil corporation, this past August, computer and intelligence experts said.

The attack took place August 15, when a malware weapon took down at least 30,000 of the company’s computers, said Jim Lewis, a computer expert at the Center for Strategic and International Studies (CSIS) in Washington. While Aramco officials said production did not suffer from the attack, sources have said it is hard to believe they did not have production issues.

Two former senior CIA officials first alerted ISSSource the culprit in the attack was Iran working with personnel inside the Aramco’s computer center. They said the Saudi regime is investigating the attack and is arresting suspects like operating staff, janitors, office people, and cargo handlers.

CIA sources said at the time attack was the work of a disgruntled Shiite insider (or insiders) that had full access to the system.

The U.S. is not alone in suffering attacks as a Syrian government backed hacker group is now attacking Saudi government websites, particularly focusing on the Saudi Ministry of Defense. Several of the Saudi sites are down. The Syrian Electronic Army is carrying out direction from Syrian intelligence in retaliating against the Saudis for support to the Syrian opposition forces, including Jihadis who have been effective in fighting Bashar al Assad’s rule.

The Christian Scientist Monitor today published a list of damaging cyber events including:

  • Cyber espionage that’s intended to scoop up industrial secrets alone costs U.S. companies as much as $400 billion annually, some researchers estimate. Much of that comes over the long term, as stolen proprietary data give firms in other nations, such as China, a leg up by slashing research-and-development costs.
  • The volume of malicious software targeting U.S. computers and networks has more than tripled since 2009, according to a 2011 report by the director of national intelligence. Reports in 2012 corroborate that upward trend.
  • Ransomware netted cybercriminals $5 million last year, by some estimates. Smart-phone and other mobile cyber vulnerabilities nearly doubled from 2010 to 2011, according to the cyber security firm Symantec.
  • The Pentagon continues to report more than 3 million cyber attacks of various kinds each year on its 15,000 computer networks.

Defense contractors such as Lockheed Martin have become key targets as well, the report continued. At a November news conference, Chandra McMahon, Lockheed vice president and chief information security officer, said 20% of all threats aimed at the company’s networks were sophisticated, targeted attacks by a nation or a group trying to steal data or harm operations.

As ISSSource reported last week, U.S. builders of America’s most advanced combat aircraft, the F-35 Joint Strike Fighter, are still frantically rushing to put in place cutting edge technology that would secure the aircraft’s avionics from Chinese hacker attacks. The Chinese got hold of the plans three years ago.

In addition, three years ago, the same hackers who are part of a military cyber group, also stole plans for the F-22 combat aircraft. Both planes are advanced stealth aircraft and considered the most advanced and the most expensive in the world.

The former senior U.S. intelligence official said the major U.S. contractors of the plane never thought of designing countermeasures that would act to repel China’s extensive hacking programs, and he said the security equipment was never installed. China, who has issued vehement non-denials about the event, long ago created groups of military cyber hackers to pillage intellectual property and military technology. Those units often employed logic bombs and other devices whose purpose is the unauthorized seizure of classified U.S. military or commercial technology.

The initial breach occurred when Chinese hackers penetrated the vulnerable computers of British Aerospace (BAE) and the intrusion was done with such skill the Chinese ended up monitoring online meetings and technical discussions of the plane. The attack on BAE lasted 18 months before anyone found out about it. After the breach occurred, officials halted the program, and then restarted with work on the new expensive security system still ongoing, said former U.S. intelligence officials.

The hackers behind the cyber attacks on major U.S. banks have repeatedly disrupted online banking by using sophisticated and diverse tools that point to a carefully coordinated campaign, security researchers said.

The hackers, believed to be activists in the Middle East, were highly knowledgeable about the defensive equipment used by the banks and likely spent months on reconnaissance, said researchers in a Reuters report, who viewed the assaults as among the strongest and most complex the world has seen to date.

Researchers said the hackers used botnets, which are inexpensive to rent for short periods. What made these botnets much more powerful was they were made up of Web servers and not just personal computers.

Topping the mounting list of concerns, though, is the accelerating pace of cyber attacks on the computerized industrial control systems that run the power grid, chemical plants, and other critical infrastructure.

Richard Sale was United Press International’s Intelligence Correspondent for 10 years and the Middle East Times, a publication of UPI. He is the author of Clinton’s Secret Wars and Traitors.