Are Russian Hackers Helping the Syrian Government?

Russia supplied attack helicopters in Syria. (Getty Image)
Russian supplied attack helicopters in Syria. (Getty Image)

As the Syrian civil war drags on one thing is clear, Russia is arming the Syrian government. As they have already supplied arms and attack helicopters to al-Assad’s regime, could Russian hackers be performing cyber attacks against Syrian opposition too?

It’s really no secret that Russia is arming the Syrian government, and there is nothing illegal about it. Russia and China have used their veto power at UN security council meetings to block sanctions against Syria. But as the physical battle rages on, a war in the cyber realm is also well under way.

A full blown war of cyber attacks is unfolding in Syria, with some calling it the most active cyber conflict in recent times. Apparently pitting the Syrian government and a group called the Syrian Electronic Army (SEA) against a loose group of Syrian resistance hackers and surprisingly the hacker group Anonymous.

So far the majority of the cyber conflict is one sided, with Syrian rebels taking the brunt of the attacks (Syrian rebels have  really only been able to deface some government sites in response). But with the overwhelming efficiency and strength of the attacks, it is apparent that the Syrian government must be getting outside help.

DefenseNews article discloses that Syrian government forces are using cyber tools that have been created by several other countries in their offensive strikes:

Assad has Iran’s backing, and his supporters are allegedly also using Iranian cyber tools. Alexander Klimburg, a senior adviser at the Austrian Institute for International Affairs, said it’s widely believed that the Syrians are using popular offensive software designed in Iran.

But it is just not Iranian software, they are also using utilities created in Europe and surprise, surprise… Russia.

The Russian government is well known to use hacker groups like the Russian Business Network to attack other nations. Doing so gives the Russia government plausible deniability in the attacks.

With Russia apparently investing military equipment in the al-Assad regime and offensive cyber tools, it is not a far stretch to assume that they may also be supplying the use of Russian hacker group services.

Majority of Indian Army Cyber Breaches from Pen Drives and PowerPoint

General Bikram Singh

Though Chinese and Pakistani hackers are a constant threat to India’s sensitive military information, restricting the use of pendrives and PowerPoint presentations is the key to preventing the cyber invasion against India according to Chief of Army Staff General Bikram Singh.

Analysis of Indian cyber breaches have shown that over 70 percent have been caused by the use of USB Pen drives. General Singh has also ordered that all sensitive war plan meetings be done paperless and that PowerPoint use is to be restricted.

The Indian military believes that doing this along with the standing practice of limiting military information leaked to social media sites will help keep the cyber invasion in check.

Last year the Indian army ordered all of its troops to remove their pictures and any military affiliation from social networking sites. This is a very good move, and one that I wish the United States would do with our troops. Social Engineering hackers are scanning these sites looking for military personal to target.

I have seen military personal post way too much military identifying information on their personal sites. This even includes members of our military cyber teams. And terrorist groups like the Taliban have been known to pose as attractive woman on social media sites to try to lure information out of allied soldiers.

Iran Practices Cyber Defense During Naval Drills

Iran Rear Admiral Rastegari

For the first time, Iranian Naval forces included a cyber attack scenario during maritime military drills. According to Iran’s Press TV, their Navy’s Cyber Defense group successfully detected and blocked a simulated attack against navy systems.

During six days of simulated naval defense drills, called Velayat 91, Iranian ships practiced defending coastal waters against suspected invasion tactics. Though not mentioned, the drills were obviously intended to give Iran’s navy practice against a possible attack by American warships.

But this year, the drills included a cyber war scenario putting their Naval Cyber Defense group through the paces. Iran’s Rear Admiral Amir Rastegari told reporters that during the drill, aggressive forces launched a cyber attack against the computer network of defensive forces in order to infiltrate the network and hack information or spread viruses.

According to Admiral Rastegari, the Navy’s Cyber Defense is tasked with monitoring all naval system and detects “all cyber infiltration and immediately takes necessary measures to counter them.

And apparently the group successfully stop the simulated red team attack.

But after how successful Stuxnet was in the past, I am curious how well the group would do against a real American cyber attack. Especially attacks that would likely coincide with other forms of electronic warfare and include the full force of American sea, air and land units if we did invade.

2/3 of Britains believe they should Strike first in Cyber War – Would it Work?

GCHQ at Cheltenham, Gloucestershire

A recent poll in the UK by the security company LogRhythm revealed that 65% think that Britain should pre-emptively strike countries that pose a cyber threat to the nation. And only 18% of those polled believed that pre-emptive strikes were unjustified.

Britain is hit by up to 1,000 cyber attacks per hour. These attacks are focusing on government sites, corporations, and even the country’s communication network. By why would such a large number believe that first strikes are the correct course of action?

According to the poll, the public in general seems to have lost faith that their private information can indeed be kept private. 41% polled believe that their data stored by companies or the government will be compromised by hackers. And these fears are not unjustified, especially with the rise of hacktivism. Hackers are constantly breaking into big name technology corporations and government sites worldwide and dumping databases to the public.

I agree in taking an offensive stance against cyber attacks. But one problem is the very anonymous nature of the internet. Being attacked in the cyber realm is not like facing another nation on the field of battle. Forces don’t form battle lines and approach in columns. There are no entrenched troops to strike and no supply lines to cut.

It is fairly trivial for a hacker to bounce his attacking traffic through several nations before it reaches the intended target. He could even be using a compromised server in an ally nation (or neutral country) to attack yours. How would you know which nation to strike back at?

Earlier this year a Pakistani hacker group attacked Israeli websites over the Gaza strikes. They changed Israeli DNS settings and pointed major Israeli websites to a defaced website – that was hosted in Texas!

The hacker group set up a server with a legitimate American server hosting company. When they made the DNS change, anyone who surfed to Israel’s Microsoft site or big name social media sites would end up at the server in Texas.

Of course, as soon as the US web hosting company was notified of what was going on, they moved to have the correct DNS settings restored and took down the hosted webpage. Oddly enough, for a short period of time though before it was complete taken down, the hosted website displayed a new message – “Pakistanis Suck!”

Another problem with hacktivism type attacks is that they seem to pull in other groups who respond in kind. So you may have one or two perform web defacements or SQL attacks, then in reprisal two or three other groups attack back in revenge. Which of course spurs more groups into the fray to respond with their own attacks.

Granted these are more nuisance types of attacks, but as Russia’s military is rumored to use the RBN to perform attacks, China or other nations could do the same. And they could be armed with more potent programs like Stuxnet, instead of those that just perform denial of service attacks.

A lot of cyber attacks and cyber espionage attempts do seem to originate from China. By far, China has the most internet users in the world. They have 10 times the users that the UK has and twice as many as the US. The scary part is that the US already has almost 80% of their population online. so far, China is only 40% connected…

World connected users

At this point they could probably put up 5-10 very talented hackers for every one of ours. Maybe 100 or even 1000 to one for those just running script based attacks or using hacker programs.

Do we really want to get into a tit-for-tat battle with them?

Something must be done, and now. Any attacks against foreign nations would have to be covert. Chances our that allied forces already have a good hold on foreign networks and communication systems.

The US cyber command was formed from initial work by the NSA. According to Richard Clarke’s book “Cyber War: the next Threat to National Security” the NSA has already compromised many foreign networks:

“Although not authorized to alter data or engage in disruption and damage, NSA thoroughly infiltrated the Internet infrastructure outside the U.S. to spy on foreign entities.”

But the NSA did not have legal authority to actually attack in times of war. US military forces were folded in with the NSA to give it the legal authorization needed to attack foreign cyber space. Thus creating Cyber Command.

The US is allegedly the top in offensive cyber power, but obviously is far lacking in defense. The UK suffers from the same weakness. This past summer, Jonathan Evans, the head of MI5 claimed that one attack alone caused a London based company about $1.3 Billion.

The question is then, how do we perform critical pre-emptive offensive strikes without being crippled ourselves by a counter attack?