Web War II
The United States has entered Web War II. Like Web War I, the media and policymakers are completely oblivious to the long-term risks heralded by the attacks and counter attacks being launched across the digital domain. While the current Web War II has not seen the much feared "Pearl Harbor," the Cyberwar has landed on the shores of the United States.
Of course, Web War I refers to the attacks in the Spring of 2007 on Estonia by Russian-sponsored hackers. The nature of the digital domain made it difficult for Estonia to identify the true attackers and the vectors of the attack shifted across hundreds of points of entry. Allen Greenberg's book Sandworm is probably the best account of Web War I.
Patrick Howell O'Neill, reporter for The Daily Dot has written about Web War I and he described it as "this surreptitious smash into Estonia's digital heart sparked a shift in the fighting stance of the world's most powerful militaries, and most cutting-edge private companies that continues to this day."
At the time, Estonia was one of the world's leading nations on the internet. As Mr. O'Neill noted, "The nation relies more on Skype, which was created in the county in 2003, than old-fashioned telephone systems." Yet, overnight, Estonia's leading newspaper's website was shuttered by a dedicated denial of service attack (overwhelmed by digital spam) and subsequent botnets that shut the entire country off from the world.
Good Golly G
The United States is actively transitioning to a 6G technology platform that is quaintly described as "the internet of things" (IoT). Most senior members of the intelligence community think that connecting IoT to the internet is a really bad idea because IoT is mostly designed to run on stand-alone networks. But the intelligence community has been overruled by political hacks and their corporate masters, which has paved the way for the theft of intellectual property and the complete destruction of privacy. Whatever the Chinese Army hackers were able to steal using the internet is nothing compared to the blatant theft of personal data by Silicon Valley and Beltway Bandits.
The American Dream Mall, which is financed by municipal bonds, has at the center of its business model a secret agreement with a mobile phone company to use cellphone technology to harvest data for a new Artificial Intelligence (AI) program. Every teenage girl in Northern New Jersey and New York City is going to load the American Dream app on their phones to have the ultimate "augmented reality experience" when shopping. This program is going to track what the shoppers look at (facial recognition programs will be used throughout the mall), how long the person looks at the items and match it up with their profiles (favorite colors, music, social media, etc.) to push special offers/discounts. Unfortunately, bond holders have not secured the rights to the AI, digital data, or any of the attendant financial wealth.
Web War II was launched because America can do little to defend its own critical infrastructure. As Hans Holmer, SRG's CISO and former CIA Case Officer recently remarked, "The Colonial Pipeline hack and the Meat Packing Plant hacks are not necessarily sophisticated breaches. The ransomware was purchased from third parties on the DarkWeb. The hackers have targeted critical infrastructure assets that are being run by corporations that have few incentives to protect critical infrastructure," Mr. Holmer said. "The problem is, we risk sounding like we are blaming the victims of the cyber breaches, when the US Government cannot possibly defend every network that corporations leave vulnerable in the pursuit of higher profits."
The launch of Web War II may have begun with the hacking of SolarWinds, which is an American software company whose businesses helped manage networks, systems, and information technology infrastructure. It is headquartered in Austin, Texas, with sales and product development offices in a number of locations in the United States and several other countries. What made SolarWinds so attractive was its ability to update and upload massive changes to/through the clouds used by large critical infrastructure providers and members of the defense community.
Verizon has long emphasized that most cyber attacks go undiscovered for months and are generally discovered by a third-party. Mr. Holmer noted, "The SolarWinds hack was discovered by FireEye, a private cybersecurity company, on December 8, 2020. They found it because FireEye was hacked, which to their own credit, they disclosed to the public. The security team reported their Red Team toolkit, containing applications used by ethical hackers in penetration tests, was stolen.
"A few days later, FireEye discovered a supply chain attack while it was investigating the nation-state attack on its own Red Team toolkit. The FireEye researchers stumbled across evidence that attackers entered a backdoor in the SolarWinds software "trojanizing SolarWinds Orion business software updates to distribute the malware," Mr. Holmer explained. "It's a tradition in the cyber community that you get to name the malware that you discover. FireEye called it SUNBURST."
More than 200 entities were identified as being victims of the SolarWinds hack including The U.S. Department of Energy (DOE) and National Nuclear Security Administration (NNSA), which maintains the U.S. nuclear weapons stockpile. Even Microsoft admitted it had been hacked by the SUNBURST and its e-mail system was compromised.
Mr. Holmer believes the SolarWinds hack was done by Russian cyber actors, despite President Trump's suggestion it was China (and a joke). What makes SolarWinds noteworthy is the amount of time the hackers spent inside the critical infrastructure assets. It wasn't three months. It was longer than six months. Mr. Holmer described the attack being as if the hackers were infiltrating a facility by closing doors after entering a room and waiting to see who entered/left the room before opening the next door. "Imagine if criminal ransomware hackers adopted these techniques to distribute ransomware," he added.
Smith's Cyber Gradings attended a Cyber Briefing on SolarWinds by members of the intelligence community as well as heads of the largest companies in Silicon Valley. At the crux of the discussion was the central question about who knew what and when. The person at FireEye who discovered SUNBURST is no longer with the firm and was not able to attend the briefing. However, the private cyber security sector did ask members of the intelligence community if they knew about the SolarWinds hack. If not, why not? If yes, then why wasn't anyone warned? Mr. Holmer would like to know why people believe that the USG could or should possibly defend every US network, no matter how poorly coded or defended, and remain compliant with the relevant laws or even have the necessary resources to do so.
Mr. Holmer stated, "There is no reason for the intelligence agencies to sacrifice sources and methods in order to protect private companies and their shareholders. It's the job of the companies to protect their customers and be responsible for the cyber security of the critical infrastructure."
Chinese Hacks NYC MTA
New York City's MTA disclosed last Wednesday that Chinese operatives had hacked the transportation system in April. Three of the transport authority's 18 computer systems were hacked, according to transport officials. The Chinese hackers leveraged flaws in Pulse Connect Secure — a commonly used VPN connectivity service that helps staff log in from home — to obtain access to the MTA and other systems. The MTA forced 3,700 employees and contractors, or 5 percent of its staff, to change passwords as a precautionary step.
The Chinese hackers obtained access to systems used by New York City Transit which includes the subway and buses along with the Long Island Rail Road and Metro-North Railroad. The hackers were unable, or chose not, to access the systems that control the actual operation of the subways, trains, or buses.
So too, on Wednesday, the Martha's Vineyard Steamship Line, which operates the ferry boats to Nantucket and Martha's Vineyard, disclosed it was hacked. On the night of June 2, the website was still down and passengers were warned to expect delays. The company had not specified whether they paid a ransom and said they were "unable to release or confirm" any specific details of the attack, the Daily Mail reported.
There are no fingerprints to be found aboard one of the Iranian Navy's largest ship, IRIS Kharg, because it exploded and sank. It was no secret the Iranian ship had mine-laying capabilities. But, rumors and suspicions have surfaced in the cyber community that a hack was used to insert a software program to detonate the mines before being deployed. The hack was perfectly harmless so long as the mines were not armed and the deployment system was not operational – but, put the two actions together and KAPOW.
Film footage of Iran's largest refinery, located outside Tehran, revealed a seam cracking in the middle of a massive storage tank. Eventually, the crack spread, which led to the complete collapse of the tank resulting in a giant explosion. Was the gas storage tank old and poorly maintained? Or did someone hack the refinery's SCADA so the storage tank was filled beyond its storage capacity? We may never know. The problem is that Iran likely does more to protect these resources than U.S. corporate actors do to protect theirs.