蘇俄駭客 (2)

Russia's Greatest Weapon May Be Its Hackers- 蘇俄駭客 (2)

Yet some code—in particular, the family of “backdoors” into programs known as CHOPSTICK—regularly used by APT28 has been linked to those virtual break-ins. And there’s less ambiguity about a similar attack on an unclassified military network at the U.S. Department of Defense last year. “We analyzed their network activity, associated it with Russia and then quickly kicked them off the network," Secretary of Defense Ashton Carter said in April.

Cyberspying on the West Wing’s emails may be cheeky, (impudent) but it’s not much different from the old-school espionage and signals-intelligence games that Russia and America have been playing for decades. What’s truly scary, on the other hand, is infiltrating physical infrastructure in a way that could herald a new generation of violent covert action and sabotage. “This is an entirely new way of waging war,” says one former KGB general once posted as a spy to London who now works in the private security sector. “It is like the invention of planes or submarines. Suddenly you can attack the enemy from a completely new and unexpected direction.... This is the essence of warfare: constant surprise.”

In April, Eugene Kaspersky, the Moscow-born CEO of Kaspersky Labs, noted that there has been a dramatic surge in targeted attacks against power grids, banks and transportation networks around the world—and warned that groups targeting crucial infrastructure have “the capacity to inflict very visible damage. The worst terrorist attacks are not expected.”

Among the most frightening new-generation cyberweapons are those designed to target super-secure, so-called “air-gapped” systems that have no links to the Internet or outside networks. The developers of Stuxnet bridged the air gap by developing ingenious programs that infected CD-ROMs and memory sticks that then colonized Iran’s nuclear development computers, ultimately inflicting devastating physical damage on uranium centrifuges and forcing the Iranians to replace their entire computer infrastructure. But a Stuxnet-like program that can be carried by email and memory sticks, called Uroburos, has been around since 2011—and was diagnosed as being of Russian origin. Uroburos targets Microsoft Windows, sets up surreptitious communications with its parent network and is able to leap across air gaps isolating secure networks from the Internet.

“The scary thing is that now everyone can do pretty much anything to anyone,” says Klimburg. He believes that one way to distinguish between criminal and government cyberactivity is measuring the amount of programming resources an attack requires—like malware designed to leap across air gaps. “If you see a huge amount of organization and programming going into an attack, that’s a good indicator that there’s a government involved.”

The U.S. and Europe remain extremely vulnerable to infrastructure attacks—especially as so much of these developed economies’ vital infrastructure is now electronic, from financial systems to social networks. One small example: In late April, a fleet of American Airlines Boeing 737s was temporarily grounded after an iPad application known as an “electronic flight bag” used by pilots for preflight checks crashed. The iPad app replaced 13 pounds of paper manuals—but when it went down, so did the entire fleet.

More worrying, though still hypothetical: The U.S. Government Accountability Office issued an official warning in April that “modern aircraft’s interconnectedness can potentially provide unauthorized remote access to aircraft avionics systems” and that an aircraft’s Wi-Fi access could be exploited by hackers. When security researcher Chris Roberts joked on Twitter about how easy it would be to “start playing with the EICAS”—Engine-Indicating and Crew-Alerting System—he was bumped off a flight. Boeing issued a statement saying that “no changes to the flight plans loaded into the airplane systems can take place without pilot review and approval.”

Other infrastructure is just as unprotected. A recent survey by the energy industry consultants Black & Veatch revealed that only 32 percent of U.S. electric utility companies had integrated security systems with the “proper segmentation, monitoring and redundancies needed for cyberthreat protection.”

Personnel work at the Air Force Space Command Network Operations & Security Center at Peterson Air Force Base in Colorado Springs, Colo. July 20, 2010. The U.S. and Europe remain extremely vulnerable to infrastructure attacks—especially as so much of these developed economies’ vital infrastructure is now electronic, from financial systems to social networks.RICK WILKING/REUTERS

In February, President Barack Obama set up a new Cyber Threat Intelligence Integration Center, described as “a national intelligence center focused on connecting the dots regarding malicious foreign cyberthreats to the nation.” Defense Secretary Carter made a trip to the heart of Silicon Valley, this month to help improve relationships with tech companies after damaging revelations by former National Security Agency contractor Edward Snowden about digital surveillance. “This threat affects us all,” Carter told the assembled techies. "There are also really great opportunities to be seized through a new level of partnership between the Pentagon and Silicon Valley.”

Behind the scenes, American spy agencies are also busy fighting a secret war against cyberenemies. Snowden—now in hiding in Russia—publicly revealed the massive scale of data mining by U.S. intelligence agencies, often in apparent violation of protections for U.S. citizens’ privacy. But a recent report by Kaspersky Labs suggests that the U.S. is no slouch in the hacking department either. A hacking collective that Kaspersky’s team dubbed Equation Group—sponsored, it coyly says, “by a nation-state with nearly unlimited resources”—has for the past 14 years apparently been busy planting top-flight spyware around the world, including a keystroke-logging program called Grok and a protective encryption system known as GrayFish.

The top targets? Iran and Russia, followed by Pakistan, China and India. The malware has targeted financial, government, diplomatic, aerospace and telecommunications networks, as well as research institutions and universities. According to Kaspersky’s engineers, the Equation Group designed “the world’s most mysterious malware warhead” as well as “a secret storage vault that survived military-grade disk wiping and reformatting, making sensitive data stolen from victims available even after reformatting the drive and reinstalling the operating system.”

Thanks to its vast resources, the U.S. may well be able to stay one step ahead of its cyberenemies. But the problem with this new battlefield is that none of the potential combatants know the rules—and, even more dangerous, no one can be certain of who the combatants are. “It is not always possible to distinguish between cyberespionage, cyber covert action and, most importantly, preparation for cybersabotage or war,” says Klimburg. “Serious misunderstandings are preprogrammed.... The consequences of misidentifying the motive of the attacker could be, in diplomatic-speak, ‘inadvertent escalation’—or accidental cyberwar.”

Richard Clarke, head of cybersecurity and counterterrorism coordination in the George W. Bush administration, has warned of the dangers of a “false flag” cyberattack designed to create tension between the U.S. and, for instance, China and launched by a hidden third party.

Some academics have proposed “cybermilitary exercises” between the United States and Russia as a vehicle for trust building. Others suggest establishing “rules of the road”—a kind of informal agreement for cyberspace that outlines what is a legitimate target for espionage purposes, with an agreement not to target super-critical infrastructure such as power grids with cyberespionage attacks.

But even if Beijing could be persuaded to come on board, the current geopolitical tension between Washington and Moscow is hardly conducive to gentleman’s agreements. Russian President Vladimir Putin has characterized the Internet as a “CIA invention” and this month ordered the FSB to “cleanse the Russian Internet” by forcing all Internet providers to keep their servers in Russia—another turn of the screw in the Kremlin’s long-term plan to create a separate Russian Internet, a project to which Putin has pledged some $100 million since 2012. And during the Sochi Olympics in February 2014, the FSB deployed aggressive cyberspying tools designed to infect foreign visitors’ computers and cellphones with spyware through Wi-Fi networks and cellphone towers.

It is unlikely that such a regime would shy away from using every cyberweapon at its disposal. It’s equally unlikely that, faced with a barrage of what White House spokeswoman Jan Psaki described as “hundreds of cyberattacks a day,” the U.S. will cease and desist from developing some of the world’s most sophisticated cyberweapons in retaliation. The cyber arms race is on.

Yet some code—in particular, the family of “backdoors” into programs known as CHOPSTICK—regularly used by APT28 has been linked to those virtual break-ins. And there’s less ambiguity about a similar attack on an unclassified military network at the U.S. Department of Defense last year. “We analyzed their network activity, associated it with Russia and then quickly kicked them off the network," Secretary of Defense Ashton Carter said in April.

Cyberspying on the West Wing’s emails may be cheeky, but it’s not much different from the old-school espionage and signals-intelligence games that Russia and America have been playing for decades. What’s truly scary, on the other hand, is infiltrating physical infrastructure in a way that could herald a new generation of violent covert action and sabotage. “This is an entirely new way of waging war,” says one former KGB general once posted as a spy to London who now works in the private security sector. “It is like the invention of planes or submarines. Suddenly you can attack the enemy from a completely new and unexpected direction.... This is the essence of warfare: constant surprise.”

In April, Eugene Kaspersky, the Moscow-born CEO of Kaspersky Labs, noted that there has been a dramatic surge in targeted attacks against power grids, banks and transportation networks around the world—and warned that groups targeting crucial infrastructure have “the capacity to inflict very visible damage. The worst terrorist attacks are not expected.”

Among the most frightening new-generation cyberweapons are those designed to target super-secure, so-called “air-gapped” systems that have no links to the Internet or outside networks. The developers of Stuxnet bridged the air gap by developing ingenious programs that infected CD-ROMs and memory sticks that then colonized Iran’s nuclear development computers, ultimately inflicting devastating physical damage on uranium centrifuges and forcing the Iranians to replace their entire computer infrastructure. But a Stuxnet-like program that can be carried by email and memory sticks, called Uroburos, has been around since 2011—and was diagnosed as being of Russian origin. Uroburos targets Microsoft Windows, sets up surreptitious communications with its parent network and is able to leap across air gaps isolating secure networks from the Internet.

“The scary thing is that now everyone can do pretty much anything to anyone,” says Klimburg. He believes that one way to distinguish between criminal and government cyberactivity is measuring the amount of programming resources an attack requires—like malware designed to leap across air gaps. “If you see a huge amount of organization and programming going into an attack, that’s a good indicator that there’s a government involved.”

The U.S. and Europe remain extremely vulnerable to infrastructure attacks—especially as so much of these developed economies’ vital infrastructure is now electronic, from financial systems to social networks. One small example: In late April, a fleet of American Airlines Boeing 737s was temporarily grounded after an iPad application known as an “electronic flight bag” used by pilots for preflight checks crashed. The iPad app replaced 13 pounds of paper manuals—but when it went down, so did the entire fleet.

More worrying, though still hypothetical: The U.S. Government Accountability Office issued an official warning in April that “modern aircraft’s interconnectedness can potentially provide unauthorized remote access to aircraft avionics systems” and that an aircraft’s Wi-Fi access could be exploited by hackers. When security researcher Chris Roberts joked on Twitter about how easy it would be to “start playing with the EICAS”—Engine-Indicating and Crew-Alerting System—he was bumped off a flight. Boeing issued a statement saying that “no changes to the flight plans loaded into the airplane systems can take place without pilot review and approval.”

Other infrastructure is just as unprotected. A recent survey by the energy industry consultants Black & Veatch revealed that only 32 percent of U.S. electric utility companies had integrated security systems with the “proper segmentation, monitoring and redundancies needed for cyberthreat protection.”

全文完

11/23/2015-

·