Cyber Warfare and Security

Lecture Introduction

Understanding Today's Propaganda

  • To understand the present, it's important to look at the past.

  • Propaganda is ever-present; however, its modern form is mainly virtual, enabled by easy mass production and accessible platforms like YouTube.

Historical Perspective: World War II

  • Adolf Hitler's oratorical skills and understanding of media were key to his influence.

  • He ensured the creation of cheap radios to distribute his message widely.

Modern Day: State-Based Actors

  • Cybersecurity dirty work often occurs between countries (nation-states).

  • Example: North Korea uses cyber hacking to steal money due to sanctions preventing traditional economic activities.

North Korea's Cyber Warfare

  • They have a dedicated cyber hacking team within their military.

  • Their activities include stealing money to offset economic sanctions.

  • Sanctions are in place because North Korea doesn't adhere to international rules (e.g., Geneva Convention) and pursues nuclear weapons.

  • The possession of nuclear weapons is viewed as a deterrent.

ISIS and Propaganda

  • ISIS used mediums like Call of Duty to recruit troops.

  • They targeted vulnerable individuals, particularly through online gaming platforms.

  • They used advertisements and screening questions to identify potential recruits.

Internet as a Propaganda Machine

  • Social media serves as a modern propaganda tool, with various sides disseminating information for their agendas.

Cyber Warfare Definition

  • Cyber warfare involves hostile actions by one state against another in cyberspace, causing harm comparable to a military attack.

  • Governments use cyber warfare as a cheaper alternative to traditional military actions.

Key Players in Cyber Warfare

  • US, China, North Korea, Russia, and Israel are significant players.

  • These countries have dedicated arms within their military focused on cyber activities.

  • They engage in both defensive and offensive missions.

  • Agencies like the NSA (US) play key roles in these missions.

  • China has a large number of non-government hackers it can utilize.

China's Approach to Cyber Warfare

  • China views cyber warfare broadly, including economic, diplomatic, and social development aspects.

  • PLA Unit 61398 is a well-known group involved in cyber warfare.

North Korea's Cyber Force

  • North Korea's cyber force dates back to the 1990s.

  • The Reconnaissance General Bureau has dedicated units, including Bureau 121, with 2,000 personnel.

  • Unit 91 focuses on acquiring technologies for nuclear development.

  • They steal information and hack financial institutions.

  • They are believed to be linked to the Lazarus Group, known for the Sony breach in 2014.

The Sony Hack of 2014

  • North Korea warned against the release of the movie "The Interview," a comedy about interviewing Kim Jong Un.

  • They launched a cyberattack on Sony in response to the film's release.

Russia's Cyber Warfare

  • Russia has been utilizing cyber warfare for a long time, including in the Ukrainian war.

  • They understand the importance of cyber warfare and invest in it.

Future of Warfare

  • Governments are considering the future of warfare, including the use of robot troops and drones.

  • They are targeting young students for military strategy roles.

Israel's Cyber Warfare

  • Israel faces numerous adversaries and has a strong focus on cyber defense.

  • Unit 8200 is the largest unit in the Israeli Defense Force, comparable to the NSA in the US.

Aspects of Cyber Warfare

  • Cyber warfare extends beyond military action to economic, financial, diplomatic, and political spheres.

  • Activities include cyber espionage, mass surveillance, disruption, destruction, and subversion.

Cyber Espionage and Mass Surveillance

  • Countries engage in mass surveillance.

  • Cyber espionage aims to steal state secrets and business intellectual property.

Advanced Persistent Threat (APT)

  • Unauthorized access often stems from advanced persistent threats.

Australian Power Network Hack (2019)

  • The Australian power network and servers were hacked in 2019.

  • The attack was sophisticated and likely state-sponsored.

  • Governments are cautious about attributing attacks to specific countries for diplomatic reasons.

COVID-19 Origins and Cyber Attacks

  • In 2020, Australia questioned the origins of the COVID-19 virus, leading to cyber attacks from the Chinese government.

Reminders and Demonstrations

  • State-based actors use cyber attacks to demonstrate their capabilities.

Nuclear Weapons

  • The threat of nuclear weapons is often more impactful than their use.

Subversion and Interference

  • Subversion involves weakening authority through subtle tactics like media commentary.

  • Social media is used to spread disinformation and influence public opinion.

  • Russia has been active in interfering in elections and political events.

Stuxnet

  • Stuxnet was the first virus worm to infiltrate a state (Iran).

  • It targeted Iran's nuclear enrichment plant.

Iran's Nuclear Program

  • Iran aimed to develop its nuclear program, raising concerns about weapon development.

  • They used gas centrifuges to separate uranium isotopes.

Stuxnet's Attack

  • Stuxnet targeted Siemens industrial controllers used in the centrifuges.

  • The virus was introduced through a USB drive, exploiting the air gap (physical isolation) of the system.

  • It manipulated pressure, causing damage to the centrifuges.

  • Thousands of centrifuges were rendered inoperative.

  • Stuxnet is believed to has been a collaborative effort by the US and Israel.

Pagers in Lebanon

  • Hezbollah used pagers for communication to avoid tracking.

  • The pagers were infiltrated with explosives, demonstrating sophisticated espionage techniques.

Organized Crime and Cyber Warfare

  • Organized crime groups have been slow to adopt the Internet for financial gains.

  • However, they now use it for money laundering and transfer.

Challenges for Criminals

  • Moving large amounts of cash is a major challenge for drug dealers.

  • They are now converting currency into crypto to facilitate transfers.

Cybercrime Activities

  • Ransomware, DDoS attacks, cryptojacking, and identity theft are common activities.

Ransomware

  • Ransomware is a lucrative business model. It is recommended that organisations conduct regular backups to prevent loss.

  • Some criminals even offer hotlines to assist victims with payment.

DDoS Attacks

  • DDoS attacks can cause significant financial losses for online businesses.

Cryptojacking

  • Cryptojacking involves using someone else's computer resources to mine cryptocurrency.

Hacking Government Agencies

  • Hacking government agencies and companies often targets personal identifiable information (PII).

Fraud

  • Fraud is a highly lucrative activity for organized crime.

  • Romance scams, shopping scams, tech support scams, investment scams, and refund scams are common.

Dodgy Call Centres

  • Some scammers operate highly organized call centers.

Business Email Compromise (BEC)

  • BEC scams target specific individuals and lead to large sums of money being transferred to criminal-controlled accounts.

Identity Theft: Phone Porting & SIM Swapping

  • Identity theft is a growing issue.

  • Focus on the speed of modern identity theft vs the theft speed in 2010/2015

  • Phone porting (SIM swapping) is a serious problem

The rest of Identity Theft lecture will be covered next week