asymmetric warfare

Reagan? No, Regin — Yet Another [GCHQ] Intelligence Malware

Recently, computer security firm Symantec reported discovery of another intelligence-gathering malware, dubbing  it “Regin.”

What’s particularly interesting about this malware is its targets:

  • It infected computers in Afghanistan, Austria, Belgium, India, Iran, Ireland, Mexico, Pakistan, Russia, Saudia Arabia;
  • At 48% of total infections, the largest group of targets were private individuals and small businesses.

Please do read Symantec’s blog post and its technical paper on Regin to understand how it works as well as its targets. Many news outlets either do not understand malware and cybersecurity, or they get facts wrong whenever major malware attacks are reported. Symantec’s revelation about Regin is no different in this respect.

Independent.ie offers a particularly exceptional example distorting Symantec’s report, claiming “Ireland is one of the countries worst hit globally by a dangerous new computer virus that spies on governments and companies, according to a leading technology firm.”

If by “worst hit,” they mean among the top four countries targeted by this malware? Sure. But only 9% of the infections affected Irish-based computers, versus 28% of infections aimed at Russian machines, and 24% affecting Saudi machines. The Independent.ie’s piece reads like clickbait hyperbole, or fearmongering, take your pick.

What wasn’t addressed by the Independent.ie and numerous other outlets, including those covering the tech sector are some fundamental questions:

  • What assets or activities might the targeted countries have in common that would make them targets of a single intelligence operation organized by one or more nation-states?
  • What are so many private individuals and small businesses targeted by this malware, in contrast to other malware-based intelligence-collection operations seen to date?

The Guardian came closest to examining these issues, having interviewed researchers at computer security firm F-Secure to ask the origins of the malware. As of 24-NOV-2014, the firm’s Mikko Hypponen speculated that the US, UK, and/or Israel were behind Regin’s development and deployment.

As of the video embedded above, Hypponen firmly says the UK’s intelligence entity GCHQ is behind Regin, in particular the malware’s invasion of a Belgian telecom network (see video at 07:20). Continue reading

Why So Surprised? CIA, U.S. Military Knew Chinese Hackers Expected Since 1999

Cover, Unrestricted Warfare via Wikimedia

Cover, Unrestricted Warfare via Wikimedia

The breathless reporting about the alleged Chinese hacking at The New York Times is truly annoying because of the shock it displays. The surprise any major government or private corporate entity shows at this point about any network-based security breach that appears to originate from China should be treated as propaganda, or a display of gross ignorance.

In 1999, the CIA’s Foreign Broadcast Information Service published a white paper entitled Unrestricted Warfare, written by the PRC’s Col. Qiao Liang and Col. Wang Xiansui. The publication outlined the methodologies a nation-state could deploy as part of an asymmetric war. Further, the same work outlined the U.S.’s weaknesses at that time were it to confront such asymmetric warfare. It did not focus any other nation-state, just the U.S.*

The colonels acknowledged that the U.S.—at the time of the paper—had considered using a range of tools in response to conflicts:

“…There’s no getting around the opinions of the Americans when it comes to discussing what means and methods will be used to fight future wars. This is not simply because the U.S. is the latest lord of the mountain in the world. It is more because the opinions of the Americans on this question really are superior compared to the prevailing opinions among the military people of other nations. The Americans have summed up the four main forms that warfighting will take in the future as: 1) Information warfare; 2) Precision warfare [see Endnote 8]; 3) Joint operations [see Endnote 9]; and 4) Military operations other than war (MOOTW) [see Endnote 10]. This last sentence is a mouthful. From this sentence alone we can see the highly imaginative, and yet highly practical, approach of the Americans, and we can also gain a sound understanding of the warfare of the future as seen through the eyes of the Americans. Aside from joint operations, which evolved from traditional cooperative operations and coordinated operations, and even Air- Land operations, the other three of the four forms of warfighting can all be considered products of new military thinking. General Gordon R. Sullivan, the former Chief of Staff of the U.S. Army, maintained that information warfare will be the basic form of warfighting in future warfare. For this reason, he set up the best digitized force in the U.S. military, and in the world. Moreover, he proposed the concept of precision warfare, based on the perception that “there will be an overall swing towards information processing and stealthy long-range attacks as the main foundations of future warfare.” For the Americans, the advent of new, high-tech weaponry, such as precision-guided weapons, the Global Positioning System (GPS), C4I systems and stealth airplanes, will possibly allow soldiers to dispense with the nightmare of attrition warfare. …”

The rise of military tools like drones for precision-guided stealth attacks was predicted; quite honestly, the PRC’s current cyber warfare could be a pointed response to Gen. Sullivan’s statement about information warfare.

But in acknowledging the U.S.’s future use of MOOTW, the colonels also offered up the most likely approaches in an asymmetric assault or response: trade war, financial war, new terror war in contrast to traditional terror war, ecological war. Of these, they cited a specific example of new terror war entity and attacks: Continue reading

Emptywheel Twitterverse
bmaz @ThePlumLineGS @germanrlopez The entire thing seems designed to absolve Clinton with fancy dan charts, graphs+statistics. its bullshit.
19mreplyretweetfavorite
emptywheel @caulkthewagon GetOffOurLawn
20mreplyretweetfavorite
bmaz @ThePlumLineGS @germanrlopez Yes, then blithely hands Clinton mostly a pass. And does so without so much as even mentioning the AEDPA.
21mreplyretweetfavorite
emptywheel My 14+ yo Lab mix at crowded vet wondering where all the Corgies came from.
23mreplyretweetfavorite
bmaz @ThePlumLineGS @germanrlopez ..."superpredators" and the other fear mongering straight out of the Clintonian efforts in 94 and 96. Was awful
25mreplyretweetfavorite
bmaz @ThePlumLineGS @germanrlopez I was actually involved in trying to fight many changes for worse here. Can't tell how much we heard....
26mreplyretweetfavorite
bmaz @ThePlumLineGS @germanrlopez In terms of numbers, yes. But where do you think the states got the cover to go hog wild??
27mreplyretweetfavorite
bmaz @ThePlumLineGS @germanrlopez So, for Lopez to blithely say that the Clinton years really didn't have much effect is straight up stupid.
28mreplyretweetfavorite
bmaz @ThePlumLineGS @germanrlopez And the 1994 Crime bill and 1995 AEDPA really were awful+created living hell that states copied and made worse.
28mreplyretweetfavorite
bmaz @ThePlumLineGS @germanrlopez While the trends did indeed really start going wild during Reagan years, they cemented during Clinton terms
30mreplyretweetfavorite
bmaz @cristianafarias Jury nullification is inherently within the purview of jury. But formalizing it+instucting a jury of it is asinine thought
32mreplyretweetfavorite
bmaz @ThePlumLineGS @germanrlopez It does not ring true for squat to me, who actually practiced criminal law since the Reagan years.
35mreplyretweetfavorite
February 2016
S M T W T F S
« Jan    
 123456
78910111213
14151617181920
21222324252627
2829