A couple of posts ago, in the article “Tweets Of War”, I discussed about the possibility to use consumer mobile devices and Internet connectivity as a kind of weapons, for instance to tweet the positions of enemy troops in order to address allied bombs as did, for instance by some rebels in Libya (simply go to twitter.com and issue a search for the tweets by #LibyanDictator.
Of course this fact raises the question of the importance of internet connectivity during military actions, and, as a consequence, also of the importance of information security, which may not be limited to “simple” message encryption: as an example, referring to the above mentioned example, we cannot authenticate tweets so we may not exclude a priori that they are spoofed tweets in order to drive the allied bombs towards the wrong target (we might always think to authenticate them with a Comodo Certificate!).
As a matter of fact, maintaining the internet connectivity has become a primary priority, that is the reason why U.S. army, for instance, is thinking to implement appropriate technologies and countermeasures in order to maintain or restore Internet connectivity during military actions. Times change and I would almost say that what was once considered the corps of engineers, today, in a mobile warfare, should be called Corps of (network and security) Engineers. What the Corps of Engineers do in the real battlefield (build connections and bridges), the Corps of (network and security) Engineers do in the Cyber-battlefield (build internet connections and connectivity bridges).
Strictly speaking, why maintaining the Internet Connectivity is so important? Of course, the main reason is for the purpose of propaganda in terms of “evangelism to the cause”, gathering of the faithful, and why not, foreign public involvement. We have seen so far, how much has been important (and keeps to be important) for the winds of change blowing in the Maghreb, the role of mobile technologies and social networks, at the beginning for spreading the movements (also beyond the boundaries) and then to bear witness to the World of what was really happening, in all the cases playing a crucial role for the advent of the Odissey Dawn operation (while I am writing, you only need to go to Twitter for being spectator of the dramatics occurrences in Libya: from the reporting of events to requests for help, doctors, etc.). This role is much more important during the military operations where, typical case, both parties claim real or alleged success in combat operations, or provide each other the responsibility for civilian casualties.
But a closer look shows an even more important factor, apparently secondary, but probably potentially decisive in a situation similar to the one occurring in Libya where you are fighting a civil war between rebels and loyalists. In a similar context the Internet may play a primary role for conveying PsyOps messages, not only to encourage citizens to join the protests, as it is happening in Syria, where Facebook is being used to gather followers to revolt; but also for opposite purposes convincing rebels to disarm and return back to their families without further bloodshed. This does not sounds new since such a similar operation had been attempted from the Egyptian Government (actually with a tragicomic outcome) by overtaking the main mobile operators and flooding their mobile subscribers with propagandistic messages which were supposed to encourage the younger people to support the falling government and abandon the protests (a complete report at this link in Italian). One might say that this is not a new concept (read for instance the following article issued in 2001), the difference is that, in 2011, both the transmission technologies and, most of all, the reception technologies (read mobile devices) are much more sophisticated and spread making this kind of operation really effective if compared to how it could be ten years go.
Of course there is a further dramatic question to be addressed for psyops messages propagated through the Internet, and it is the one pertaining to information security, some aspect of which I have already addressed in this post. On one hand, whatever message is transmitted through the Internet may be suitable to man-in-the middle attacks and hence hacked if not properly secured throughout the propagation process: hacking in this case would correspond, for instance, to alter, if not invert, the content. What if the above mentioned tweets were spoofed providing false coordinates? Maybe am I flying with the fantasy if I say that the authors could have negotiated a priori with the recipients some predefined semantics with which to transmit the messages.
On the other hand, it is likely that the Corps of (Network and Security) Engineers will not have to worry about only to establish and maintain the internet connectivity in military operations, but also to face, in a cyber-battlefiedl, enemy malware weapons and/or jamming of Denial-Of-Service tools specifically conceived to attack psyops sources at the root (it is appropriate to say!) in order to make them unusable. In any case, they will not have to underestimate in any way the impact of hacking from a psyops perspective (in favor or against, (just think of echo raised from the recent Libyan TV hacking).
In a recent post, I discussed the influence and the role of (consumer) mobile technologies and social networks (“Mobile Warfare”) in the events that are changing the political landscape in the Mediterranean Africa, coming to conclusion that they are setting new scenarios which will have to be taken seriously into consideration by all those governments which still put in place severe limitations to human rights.
To me, “to be taken into consideration” means that all those governments will have to deploy “extreme measures” (hopefully less extreme than completely unplugging the Internet connection as already done by Egypt and Libya) in order to prevent mobile technologies from acting as catalyzers for the protests and also from turning common citizens into real time reporter for the most powerful magazine ever issued: the social network). More realistically these measures might include threats specifically targeted for mobile equipment involving hacking techniques commonly known in the infosec arena, such as Distributed Denial Of Service, or also malware aimed to alter the normal functioning of the devices.
On the opposite Site is also clear that modern army will also deploy “unconventional weapons” targeted to maintain Internet connectivity during military operations, mainly for PSYOPS purposes (or at least I was supposed to believe so). As a matter of fact the tweets, pictures, and videos shot from mobile devices during the dramatic days in Tunisia, Egypt and Libya had a dramatic impact on the foreign public opinion. In Tunisia and Egypt the dramatic images shot from mobile devices contributed to create the international pressure which led to the fall of their respective governments; in Libya, they acted as an accelerator for the definition of “No Fly Zone” and the consequent “Odissey Dawn” operation.
But there is also another point which makes more and more important to maintain Internet connectivity during military operations and is not simply related to PSYOPS, rather than to real military operations. A simple screenshot of twitter may give a dramatic evidence of this, simply searching the #LibyanDictator term.
It looks like twitter was used by rebels to provide NATO with coordinates of the enemy forces.
More in general, think to have a Mobile device with a GPS, and an Internet Connection, and you may “simply” pass the coordinates of the enemy troops to allied forces…
On the opposite front: think to make mobile devices unusable or, worst case, to alter their GPS with a malware and you may avoid to pass precious information to enemy, or worst, provide him with false coordinates (and watch him bombing his allies in few minutes)…
Probably I am going too much far with my imagination, anyway is clear that war strategists will have to become more and more familiar with virtual (that is made of bit and bytes) mobile (and social networks) battlefields.
It has been recognized that mobile technologies have had a significant impact on the events that occurred in North Africa. In my opinion, their impact was so impressive that I refer to them with the term of “mobile warfare” indicating with this term the fact that they are going to play a crucial role in the (let us hope fewer and fewer) wars of the future.
Since the Wikileaks affaire, and the consequent possibility to convert an Android Device into a Wikileaks Mirror during the attempt to put the main site off-line by mean of massive DDoS Attacks, it was clear to me that Mobile Technologies would have played a very important (never uncovered before) role in 2011, not only in Hacktivism, but, more in general, in human rights related issues.
I had a dramatic confirmation of this role during the Jasmin Revolution in Tunisia, where mobile technologies made every single citizen a reporter, capable of sharing in real time with the rest of the world information such as images, videos and tweets pertaining the dramatic events happening inside the country.
But it was with the #Jan25 and #Egypt tweets that the World discovered for the first time the power of the mobile warfare. In those dramatic days every single person of the planet only needed to access her Twitter account in order to become a virtual witness of the events; dramatic facts reported in great detail by hundreds of extemporaneous reporters “armed” only with a Smartphone, and made available in real time to the rest of the world thanks to the “six degrees of separation allowed by Social Networks”. The strength and the impact of this mobile warfare were so huge to force the declining Egyptian Government to shut the internet off for several days starting from January, the 27th.
Can we really understand what does it mean for a country to shut the Internet off? As single persons we are so used to the Web that we could not resist a single hour without checking the status of our mates. But for a country, an Internet connection disruption means a nearly complete stop for all economic and financial activities, including banking, trading, and so on. The only fact to have enforced such a dramatic decision (and the upcoming consequences) is particularly meaningful of the threat led by the Mobile Warfare and perceived by the Egyptian Government. But to have a clear understanding, we must also consider the fact that, at the same time, also the Egyptian Government tried to unleash the power of the mobile warfare with its clumsy attempt to stop the revolution by broadcasting Pro-Government SMS, thanks to country’s emergency laws, causing the following protests of Vodafone.
And what about Libya? I have a direct experience since I was in Tripoli for work at the beginning of last February (so one month and half ago even if it looks like a century has passed since then). I was not even completely out of the finger leading me from the aircraft to the airport facility, that I was impressed in noticing so many Libyan pepole playing with their iPhones. Since I just could not help thinking to the Egyptian situation, I asked to some of them if they had the feeling that something similar to Egypt could happen in Libya. Guess what they answered? They all simply agreed on the fact that, due to the different economic and political situation, it was impossible! Of course the point is not their answer rather than the fact that I was surprised to see so many smartphones (ok we are speaking about the airport which maybe is not so meaningful in terms of statistics) and more in general so many devices capable to provide an high level internet user experience (even if with the bottleneck of the local mobile networks) and be potentially used as a mobile warfare.
That event was just a kind of premonition since, a couple of weeks later, during the first days of the protests, and in particular during the reaction of the regime, smartphones and social networks once again played a leading role, allowing the world to witness in real time those dramatic events with a spreading rate unknown before. For the second time, approximately three weeks after Egypt, a country decided to disconnect the Internet in order to prevent the spread of information via the Social Networks. This time it was Libya’s turn, which decided to unplug the Web on February, the 18th. Once again the power of the mobile warfare was unleashed, disconnecting a country from the Internet in few minutes (how long would a real army have taken to do a similar sabotage?).
Is mobile warfare the cause or effect?
We must not make the mistake to consider the mobile warfare as an effect of the movements raised first in Tunisia, than in Egypt, and finally in Libya. Mobile warfare is simply the cause, since it is just for the action of mobile warfare that events could spread rapidly inside a single country, and later among different countries (in both cases with an unprecedented speed), encouraging other people to follow the example and acting, in turn, as a powerful catalyzer for the movements. As an example, consider the following article, which in my opinion is particular meaningful: it shows the Middle East Internet Scorecard, that is the dips of Internet connections registered in different countries belonging to Middle East in the week between February 11 and February 17 (that is when the social temperature in Libya was getting extremely hot): one can clearly recognize a viral spread of the “unplugging infection”.
What should we expect for the future?
Mobile Warfare has played and is still playing a significant role in the wind of changes that are blowing in North Africa. Thanks (also) to mobile technologies, people (most of all students) living in countries where human rights suffer some kind of limitations, have the possibility to keep continuously in touch with people living in different countries, learning their habits, and, in turn being encouraged to “fight” for achieving (or at least for attempting to achieve) a comparable condition. This revolution is not only technological but it is most of all cultural since it is destroying all the barriers that kept many countries separated each other and that allowed many population to live (apparently) in peace simply because they completely ignored the existence of a world outside: we could consider this as the equivalent of the old infosec paradigm (Homeland) Security Through Obscurity”.
At the opposite side, it is likely that all those Governments, having a peculiar idea about what human rights are, will deploy some kind of countermeasure to fight the mobile warfare and its inseparable companion: the social network. I do not think that completely preventing the use of mobile technologies is an applicable weapon, since they became too many important for a country (politics, economics, finance, etc.): nowadays each kind of information flows in real time, consequently no country may allow to go slower.
Moreover, for the reasons I explained above, the Internet disconnection is not a sustainable countermeasure as well, since no government in the world may allow to be cut-out for too long, in order to simply prevent people from tweeting or sharing ideas or videos on social networks. Even because, for instance, U.S. has secret tools to force Internet in case of disruption, which include the Commando Solo, the Air Force’s airborne broadcasting center, capable to get back to full strength the Wi-Fi signal in a bandwidth-denied area; satellite- and nonsatellite-based assets that can provide access points to get people back online; and finally cell towers in the sky, hooking up cellular pods to the belly of a drone, granting 3G coverage for a radius of a few kilometers on the ground would have 3G coverage underneath the drone. Would be interesting to verify if any of these technologies are currently being used in the Odissey Dawn operation.
For all the above quoted reasons, according to my personal opinion the countermeasures will aim to make unusable the resources of information collection (that is mobile devices), and the resources of information sharing (that is social networks).
So this new generation of Cyber-warfare will involve:
- A preventive block of Social Network in order to prevent whatever attempt to preventively share information. For the above quoted reason a total block will damage the whole economy (even if I must confess a preventive block of this kind will be quite easily bypassable by external proxies);
- A massive Denial of Service for mobile devices through massive exploit of vulnerabilities (more and more common and pervasive on this kind of devices), through massive mobile malware deployment or also by mean of massive execution of mobile malware (as, for instance, Google did in order to remotely swipe the DroidDream malware). Honestly speaking I consider the latter option the less likely since I can easily imagine that no manufacturer will provide cooperation on this (but this does not prevent the fact that a single country could consider to leverage this channel).
- Spoofing the mobile devices in order to make them unreachable or also in order to discredit them as source of reputable information.
- A “more traditional” Denial Of Service in order to put Social Networks offline (even if this would need a very huge DDoS due to the distribution of the resources of the Social Network providers.
In all the above quoted cases would be legitimate to expect a reaction, as done for instance, by the infamous Anonymous group.
- 752,683 hits since November 2010
08/13/2011 - My Post on Android Malware Mentioned on Engadget.
04/14/2011 - The Article Smart Grid: L'ultima Frontiera del Cybercrime published on ICT Security Magazine May 2011.
03/14/2011 - Security Summit 2011: Paolo Passeri guest at Round Table "Mobile Security: Rischi, Tecnologie, Mercato"
02/14/2011 - The Article Gears of Cyberwar published on ICT Security Magazine January 2011.
About This Blog
In this blog I express my personal opinion, which does not necessarily reflects the opinion of my organization, about events and news or interest, concerning information security, winking to mobile world and, why not, to some curious personal event.
Every information is reported with its source.
Anyone intending to use information contained in my post is free to do so, provided that mention my blog in your article.
Top Posts & Pages
- List Of Hacked Celebrities Who Had (Nude) Photos Leaked
- 2013 Cyber Attacks Statistics
- 2012 Cyber Attacks Statistics
- 2013 Cyber Attacks Timeline Master Index
- A (Graphical) World of Botnets and Cyber Attacks
- August 2013 Cyber Attacks Statistics
- 16-31 March 2014 Cyber Attacks Timeline
- 1-15 March 2014 Cyber Attacks Timeline
- About Me
- 2013 Cyber Attacks Statistics (Summary)
- Analyzing a banking Trojan info.lastline.com/blog/analyzing… - 1 day ago
- Pipeline for a scalable malware analysis process: an interesting take from our very own @marco_cova. Worths reading! info.lastline.com/blog/a-pipelin… - 2 days ago
- 16-31 March 2014 Cyber Attacks Timeline wp.me/p14J6X-2y0 - 5 days ago
- RT @lastlineinc: Lastline co-founder Engin Kirda presents "Evasive Malware Attacks" at NY Information Security Meetup http://t.co/pcoZnspu1l - 1 week ago
- WatchGuard Uses Lastline's Cloud Based Sandbox to Combat APTs info.lastline.com/blog/watchguar… - 2 weeks ago
- @kf916 For the moment only the timelines. I am very busy. Hope to republish the charts quite soon - 2 weeks ago
- @lastlineinc is present at #ROOMn2014, visit our booth and discover how you can protect your organization from mobile advanced threats - 2 weeks ago
- @raistolo @dguido have you tried @HackSurfer? - 2 weeks ago
- 1-15 March 2014 Cyber Attacks Timeline wp.me/p14J6X-2xK - 2 weeks ago
- How To Build An Effective Sandbox: info.lastline.com/blog/different… - 3 weeks ago