What are Cyber-Weapons?

“What are cyber-weapons? Instruments of code-borne attack span a wide spectrum, from generic but low-potential tools to specific but high-potential weaponry. This distinction brings into relief a two-pronged hypothesis that stands in stark contrast to some of the received wisdom on cyber-security.

Maximizing the destructive potential of a cyber-weapon is likely to come with a double effect: it will significantly increase the resources, intelligence and time required for development and deployment – and more destructive potential is likely to decrease the number of targets, the risk of collateral damage and the political utility of cyber-weapons…”

Cyber-Weapons” by Dr. Thomas Rid & Peter McBurney

Dr. Thomas Rid (War Studies, King’s College London) has published another exceptional article on cyber warfare. This publication, titled “Cyber-Weapons” is inspired by some of the feedback from his recently published article, “Cyber War Will Not Take Place.”

In this publication, Dr. Rid continues to expand on what constitutes a weapon, and how this relates to the terms and technologies of Cyber War. As with his previous article, this is a very refreshing and enlightening look at past and current cyber events. Dr. Rid masterfully separates the truth about cyber weapons and their capabilities from common misconceptions.

One section of the article that really captured my attention was the discussion of next generation Stuxnet type code called “Learning Weapons”. Cyber Weapons that can learn on the fly. They will observe and evaluate the environment autonomously and then take a course of action on their own.

This is an excellent read and definitely worth your time.

In the days and hours leading up to the afternoon of 19 March 2011, air force planners in France, Britain, and several other NATO countries were frantically preparing an imminent bombing campaign against military targets in Libya. In Washington on that same March weekend an unusual discussion took place between the Department of Defense and the White House. Should America deploy its cyber arsenal against Libya’s air defence system? After the Pentagon’s generals and geeks had briefed the president on the options, he decided that, No, the time was not ripe for cyber weapons…

Cyber-Weapons” – Check it out!

(Thomas Rid & Peter McBurney (2012): Cyber-Weapons, The RUSI Journal, 157:1, 6-13)

Hakin9 Mobile Security March Issue is Out!

The March issue of Hakin9 Mobile Security is out. This month’s magazine features an interview with Dr. Arun Sood by Zsolt Nemeth and Jeffrey Smith.

Dr. Arun Sood is Professor of Computer Science in the Department of Computer Science, and Co-Director of the International Cyber Center at George Mason University, Fairfax, VA. His research interests are in security architectures; image and multimedia computing; performance modeling and evaluation; simulation, modeling, and optimization.

He and his team of faculty and students have developed a new approach to server security, called Self Cleansing Intrusion Tolerance (SCIT). We convert static servers into dynamic servers and reduce the exposure of the servers, while maintaining uninterrupted service.

This research has been supported by US Army, NIST through the Critical Infrastructure Program, SUN, Lockheed Martin, Commonwealth of Virgina CTRF (in partnership with Northrop Grumman). Recently SCIT technology was winner of the Global Security Challenge (GSC) sponsored Securities Technologies for Tomorrow Challenge. Dr Sood leads a university spin-off called SCIT Labs Inc, which is commercializing SCIT technology under license from GMU.

Also in this issue is an article on “Android Mobile Security” by Vinay Gayakwad:

Android’s profound impact on the mobile market has made it a prime target for criminals. And the operating system, which powers over half of the 60.5 million smart phones sold worldwide in the third quarter of 2011, is less safe than its rivals. Juniper Networks’ Malicious Mobile Threats Report shows that Android malware instances increased by 400% between 2009 and 2010, while other platforms remained relatively secure, due mainly to fewer cybercriminals trying to break through their defenses, and in some cases, to stronger security features.

Other articles include:

  • Mobile Device Security by Prashant Verma
  • Virtualization Security by Amar Wakharkar
  • Interview with Scott Gordon by Aby Rao
  • Android Mobile Security by Vinay Gayakwad
  • The Ultimate Hat Trick that Worked over the Last Couple of Thousand Years by Zsolt Nemeth

Check it out!

Cheetah Robot sets new Land Speed Record

If your post Terminator apocalyptic survival plan involved running away from the robots, forget it! The DARPA backed Boston Dynamic’s “Cheetah” has set a new land speed record for legged robots . The robot can run up to 18 miles an hour,  up from the previous 1989 record of 13.1 mph.

It looks like it is running backwards, but the bendable body is pretty cool. And as it is with most American built robots, it has no head. This is usually done on purpose. Americans have a very negative response to robots, especially to ones that look human. We have been raised by American cinema that robots are bad.

On the contrary, Japanese robots are built to look as human as possible. But in their culture, the robot was always the good guy, the hero.

Well, there you have robot psychology 101, now you can tell your friends that you learned something important today.  🙂

LulzSec Founder Arrested – Turns in Fellow Hackers

It’s all just for the Lulz, or so LulzSec founder Hector Xavier Monsegur  might have thought. That was until he was faced with 124 years of jail time. He pleaded guilty on August 15th, and apparently has been working with the government ever since turning in fellow group members.

Hector, a 28 year old unemployed computer hacker was caught by using his real IP address once in a chat forum, according to Foxnews. Hackers will use proxy servers or spoof IP addresses to avoid detection and it seems the FBI found the one time that he didn’t.

But apparently FBI agents were shocked to find that the leader of the international group apparently lived off of welfare and didn’t live in the greatest neighborhood.

“Sabu could be making millions of bucks heading the IT security department of a major company, but look at him, he’s impoverished, living off public assistance and was forced between turning on his friends and spending a lifetime in jail.

“It’s sad, really,” a law enforcement officer said.

But it does appear that his co-operation is helping law enforcement track down other members. This week, according to the Los Angeles Times, five hackers with ties to the Anonymous/ LulzSec group were arrested:

Late Monday, Jeremy Hammond, also known in hacking circles as “Anarchaos,” was arrested in Chicago and charged in a criminal complaint with crimes relating to the December 2011 hack of Strategic Forecasting Inc. (Stratfor), a global intelligence firm in Austin, Texas. That hacking could have affected approximately 860,000 people, officials said.

Charged on Tuesday were: Ryan Ackroyd, Jake Davis, Darren Martyn and Donncha O’Cearrbhail. All were charged in connection with various hacks allegedly carried out by Anonymous, Internet Feds or LulzSec.

It’s sad that young professionals are wasting their time and lives for what seems like cyber joy riding. If they would use their skills for good, the electronic world would be a much better place.