Click here for the Middle East Cyber War Master Index with the Complete Timeline.
This week of Cyber War on the Middle East front, has shown a slight change on the Cyber Conflict trend. For the first time since January, psyops have deserved a primary role, maybe on the wake of the video released by the Anonymous against Israel one week ago. Not only the Jerusalem Post calls the video into question, but also argues that it may have been forged by Iran, identifying a state sponsored impersonation behind the entry of Anonymous in this cyber war.
But this has not been the only psyops event as an alleged message from Mossad to the Anonymous has appeared on pastebin, whose beginning sounds like a dark warning: If you want to be a hero start with saving your own lives. Although there are many doubts on its truthfulness, it deserves a particular attention since outlines a new age on psyops, what I call “pastebin psyops”.
But a war is not made only of psyops, so this week has also seen more hostile actions, among which the most remarkable one has been the leak of 300,000 accounts from Israeli Ministry of Construction and Housing. This action had been preannounced by a wave of attacks on primary Israeli sites (which targeted also the PM site), and most of all, has been carried on by 0xOmar, the absolute initiator of this cyber conflict.
Palestine has been targeted as well, and it is really interesting to read under this perspective a statement by Ammar al-Ikir, the head of Paltel, the Palestinian telecommunications provider according to whom cyber attacks on Palestinian websites and internet servers have escalated since Palestine joined UNESCO.
On the Iranian front chronicle report of a failed cyber attacks againstPress TV, Iran’s English-language 24-hour news channel and most of all of a controversial statement by Gholam Reza Jalali, a senior Iranian military official in charge of head of the Iranian Cyber Intelligence, according to whom the country’s nuclear facilities have finally been made immune to cyber attacks. And it is not a coincidence that in this week Iran has kicked off the first national conference on Cyber Defense. A matter that deserves a special attention by Tehran because of the growing number of attacks on Iran’s cyber space by US and Israel. On the other hand, Israel did a similar move one month ago, at very early stage of the cyber conflict.
As predicted a couple of months ago, NATO admitted to use Twitter in Libya for receiving information from rebels pertaining coordinates and movement s of the loyalist troops of Colonel Gaddafi.
Thanks to the famous six degrees of separation and the viral propagation model, Twitter ensures a rapid spread of information, but since it is far from a reliable medium, in the specific circumstance NATO indicated to “authenticate” the tweets of war by mean of more traditional media such as satellite images. This allowed, before taking any military action with missiles, to verify the consistency of the information received.
Whether we are aware or not, this is the dawning of a new age in warfare and, especially for the role played by new technologies (Mobile and Social Networks). An era brilliantly summarized by the term “Consumerization of Warfare” coined by Andrea Zapparoli Manzoni, which emphasizes the role of new consumer technologies (Social Network and Mobile) in a new war format (actually I coined the term Mobile Warfare, but unfortunately I have to admit that this term does not expresses the concept with the same completeness).
The issue is considerably more complicated than a simple tweet or a Facebook status update (a method that, although unconfirmed, is said to have been used by the Syrian Government to distribute DdoS software to its supporters for attacking adversary sites), and hides the (usual and well known) Social Network security issues, which are projected in a military dimension extending them in a much larger and dangerous scale both for senders and recipients of the tweets.
The main security concern relies in reputation, a bless and a curse for Social Networks. As already mentioned, in the specific circumstance the tweets of war were checked with “traditional” methods (anyway this is already an advantage since it is easier to check the veracity of a received information, rather than probing satellite images search for enemy outposts), but, generally speaking in absence of verification means, there is no guarantee concerning the truthfulness of a tweet, which, for instance might have been modified or manipulated up to the point of reversing the original content.
Moreover, the distribution channel is not what one would define “a reliable channel” and the chronic lack of privacy (which on one hand ensures a rapid spread of the tweets and/or status updates to a wider audience as possible) makes the tweets easily interceptable by the adversary, which is then able to implement adequate countermeasures, before the recipient has the time to act (on the other hand is rather easy to create a fake profile for following the tweets or status updates of the enemies ). Probably, in order to create some sort of encrypted channel between the peers, would be more effective to establish a priori a code and not to be too explicit in the indications (such as those found here), but from a theoretical point of view nothing prevents a conceptual step forward for thinking about encrypted and authenticated tweets (shifting the problem to the key exchange, but that’s another story). Without flying too much with imagination, all this delineates a real war strategy through Social Networks that the Armies of the (very near) future will have to seriously take into consideration.
And that is what is already happening: The U.S. Army already has special corps (a kind of Corps of Network and Security Engineers) dedicated to maintain the Internet connectivity in war zones by mean of, for instance, drones equipped with special antennas to provide 3G or Wi-Fi connectivity: recent events in middle east have shown that social network is an excellent medium for PsyOps operations as well as information exchange. As a further confirmation, few days ago, a scoop from NYT unleashed the project funded by the Obama Administration, for a portable “Internet in a Suitcase” and independent mobile networks, to ensure connectivity in war zones and/or backing dissidents to overtake censorship or Internet filters.
But while we are assisting to a growing use of “consumer ” technologies in war zones (up to the intention by the U.S. Army to use Android equipped devices on the battlefield), we are increasingly getting used to coarse countermeasures deployed by illiberal governments as well. Those countermeasures aim to stop internal protests and movements and span from completely shutting down of the Internet up to filtering social networks. As a consequence we may not exclude “a priori” that in the near future the countermeasures could become more sophisticated: cyber-attacks targeting social networks or tweet spoofing are two possible realistic countermeasures up to “(Mobile) Malware of State” specifically designed to alter or prevent communications from traditional or mobile endpoints . Fantasy? Maybe, even if Social Network has nothing to prove in terms of impact, after some countries preferred to completely shut the Internet, real lifeblood of every nation, in order to stop the spread of unwelcome information made with tweets and status updates (every individual may become a war reporter with a simple mobile device).
Maybe one day (near) the EULA of Social Networks will be modified to disallow the use of social media platforms for actions of virtual guerrilla or Cyberwarfare: certainly Consumerization of Warfare carries on, amplified, all the concerns of consumerization of Information Technology, that we are reporting for two years now, and that are just beginning to show all their malicious effects for security in the enterprise. This might definitely be a huge concern (think to a military devices with a 0-day vulnerability exploitable by the enemy) and for sure it is not a good omen considering that more and more federal agencies are winking to consumer technologies as well.
If you are interested to more information about Consumerization of Warfare (was Mobile Warfare), besides the link in the post:
Tweets Of Democracy: The Obama Speech In Middle East and the role of New Technologies;
Mobile Warfare In Libya Comes True: Hacking and Hijacking of Libyana Mobile Operator in Libya.
Only a couple of days after the post dealing with the impact of Internet Connectivity and Social Networks for propaganda (and more in general for PsyOps Operation) my dear friend and Colleague David Cenciotti reported to me an interesting article dealing with the use of Twitter for psyops campaign (after the tweets of war for aleged military operations I already talked about)… Only a few hours and it happened exactly what I had theorized (even if in a quite sophisticated manner).
As a matter of fact, as reported in the above quoted article, it looks like a patriot hacker, named The Jester (th3j35t3r) used Twitter to send specific messages to erode the morale of the loyalist enemy troops. For sure no one ever before today had never thought of taking so literally the well-known twetter motto “Follow me”, which sounds much better as “Follow My Thoughts”.
This occurrence confirms the need of keeping the internet connections up and running during military operations. Next prophecy? Will we soon see wi-fi drones in the Unified Protector Operation? And Maybe Loyalist hackers performing wardriving against them?
A couple of posts ago, in the article “Tweets Of War”, I discussed about the possibility to use consumer mobile devices and Internet connectivity as a kind of weapons, for instance to tweet the positions of enemy troops in order to address allied bombs as did, for instance by some rebels in Libya (simply go to twitter.com and issue a search for the tweets by #LibyanDictator.
Of course this fact raises the question of the importance of internet connectivity during military actions, and, as a consequence, also of the importance of information security, which may not be limited to “simple” message encryption: as an example, referring to the above mentioned example, we cannot authenticate tweets so we may not exclude a priori that they are spoofed tweets in order to drive the allied bombs towards the wrong target (we might always think to authenticate them with a Comodo Certificate!).
As a matter of fact, maintaining the internet connectivity has become a primary priority, that is the reason why U.S. army, for instance, is thinking to implement appropriate technologies and countermeasures in order to maintain or restore Internet connectivity during military actions. Times change and I would almost say that what was once considered the corps of engineers, today, in a mobile warfare, should be called Corps of (network and security) Engineers. What the Corps of Engineers do in the real battlefield (build connections and bridges), the Corps of (network and security) Engineers do in the Cyber-battlefield (build internet connections and connectivity bridges).
Strictly speaking, why maintaining the Internet Connectivity is so important? Of course, the main reason is for the purpose of propaganda in terms of “evangelism to the cause”, gathering of the faithful, and why not, foreign public involvement. We have seen so far, how much has been important (and keeps to be important) for the winds of change blowing in the Maghreb, the role of mobile technologies and social networks, at the beginning for spreading the movements (also beyond the boundaries) and then to bear witness to the World of what was really happening, in all the cases playing a crucial role for the advent of the Odissey Dawn operation (while I am writing, you only need to go to Twitter for being spectator of the dramatics occurrences in Libya: from the reporting of events to requests for help, doctors, etc.). This role is much more important during the military operations where, typical case, both parties claim real or alleged success in combat operations, or provide each other the responsibility for civilian casualties.
But a closer look shows an even more important factor, apparently secondary, but probably potentially decisive in a situation similar to the one occurring in Libya where you are fighting a civil war between rebels and loyalists. In a similar context the Internet may play a primary role for conveying PsyOps messages, not only to encourage citizens to join the protests, as it is happening in Syria, where Facebook is being used to gather followers to revolt; but also for opposite purposes convincing rebels to disarm and return back to their families without further bloodshed. This does not sounds new since such a similar operation had been attempted from the Egyptian Government (actually with a tragicomic outcome) by overtaking the main mobile operators and flooding their mobile subscribers with propagandistic messages which were supposed to encourage the younger people to support the falling government and abandon the protests (a complete report at this link in Italian). One might say that this is not a new concept (read for instance the following article issued in 2001), the difference is that, in 2011, both the transmission technologies and, most of all, the reception technologies (read mobile devices) are much more sophisticated and spread making this kind of operation really effective if compared to how it could be ten years go.
Of course there is a further dramatic question to be addressed for psyops messages propagated through the Internet, and it is the one pertaining to information security, some aspect of which I have already addressed in this post. On one hand, whatever message is transmitted through the Internet may be suitable to man-in-the middle attacks and hence hacked if not properly secured throughout the propagation process: hacking in this case would correspond, for instance, to alter, if not invert, the content. What if the above mentioned tweets were spoofed providing false coordinates? Maybe am I flying with the fantasy if I say that the authors could have negotiated a priori with the recipients some predefined semantics with which to transmit the messages.
On the other hand, it is likely that the Corps of (Network and Security) Engineers will not have to worry about only to establish and maintain the internet connectivity in military operations, but also to face, in a cyber-battlefiedl, enemy malware weapons and/or jamming of Denial-Of-Service tools specifically conceived to attack psyops sources at the root (it is appropriate to say!) in order to make them unusable. In any case, they will not have to underestimate in any way the impact of hacking from a psyops perspective (in favor or against, (just think of echo raised from the recent Libyan TV hacking).
- 752,669 hits since November 2010
08/13/2011 - My Post on Android Malware Mentioned on Engadget.
04/14/2011 - The Article Smart Grid: L'ultima Frontiera del Cybercrime published on ICT Security Magazine May 2011.
03/14/2011 - Security Summit 2011: Paolo Passeri guest at Round Table "Mobile Security: Rischi, Tecnologie, Mercato"
02/14/2011 - The Article Gears of Cyberwar published on ICT Security Magazine January 2011.
About This Blog
In this blog I express my personal opinion, which does not necessarily reflects the opinion of my organization, about events and news or interest, concerning information security, winking to mobile world and, why not, to some curious personal event.
Every information is reported with its source.
Anyone intending to use information contained in my post is free to do so, provided that mention my blog in your article.
Top Posts & Pages
- List Of Hacked Celebrities Who Had (Nude) Photos Leaked
- 2013 Cyber Attacks Statistics
- 2012 Cyber Attacks Statistics
- 2013 Cyber Attacks Timeline Master Index
- A (Graphical) World of Botnets and Cyber Attacks
- August 2013 Cyber Attacks Statistics
- 16-31 March 2014 Cyber Attacks Timeline
- 1-15 March 2014 Cyber Attacks Timeline
- About Me
- 2013 Cyber Attacks Statistics (Summary)
- Analyzing a banking Trojan info.lastline.com/blog/analyzing… - 1 day ago
- Pipeline for a scalable malware analysis process: an interesting take from our very own @marco_cova. Worths reading! info.lastline.com/blog/a-pipelin… - 2 days ago
- 16-31 March 2014 Cyber Attacks Timeline wp.me/p14J6X-2y0 - 5 days ago
- RT @lastlineinc: Lastline co-founder Engin Kirda presents "Evasive Malware Attacks" at NY Information Security Meetup http://t.co/pcoZnspu1l - 1 week ago
- WatchGuard Uses Lastline's Cloud Based Sandbox to Combat APTs info.lastline.com/blog/watchguar… - 2 weeks ago
- @kf916 For the moment only the timelines. I am very busy. Hope to republish the charts quite soon - 2 weeks ago
- @lastlineinc is present at #ROOMn2014, visit our booth and discover how you can protect your organization from mobile advanced threats - 2 weeks ago
- @raistolo @dguido have you tried @HackSurfer? - 2 weeks ago
- 1-15 March 2014 Cyber Attacks Timeline wp.me/p14J6X-2xK - 2 weeks ago
- How To Build An Effective Sandbox: info.lastline.com/blog/different… - 3 weeks ago