Cyberwars: Watching the US and China in Real-Time

norse-hacking-map-640x353Since the dawn of the internet age, there has been no shortage of stories about hackers, malware-peddling malcontents, online scams and identity theft. Add to that the growing consensus that wars in the future will be fought online through “cyberwarfare divisions”, and you can understand why such positive statements once made about the internet – like how it would bring the world together and create “a global village” – would seem incredibly naive now.

However, despite the prevalence of hacking and cyberwarfare-related fear, very few people have actually experienced what it is like. After all, the effects of hacking are mostly invisible to the untrained eye, with the exception of very-high-profile database breaches. Now, though, a security company has produced a fascinating geographic map that shows global hacking attempts in real-time. And of course, the ongoing battle between US and Chinese forces accounts for much of it.

norse-china-usa-hacking-smallerThe real-time map, maintained by the Norse security company, shows who’s hacking who and what attack vectors are being used. The data is sourced from a network of “honeypot” servers – essentially a juicy-looking target that turns out to be a trap -maintained by Norse, rather than real-world data from the Pentagon, Google, or other high-profile hacking targets. The Norse website has some info about its “honeynet,” but it’s understandably quite sparse on actual technical details.

If you watch the map for a little while, it’s clear that most attacks originate in either China or the US, and that the US is by far the largest target for hack attacks. You can also see that the type of hack used, indicated by the target port, is rather varied. Microsoft-DS (the port used for Windows file sharing) is still one of the top targets , but DNS, SSH, and HTTP are all very popular too. CrazzyNet and Black Ice – two common Windows backdoor programs often used by script kiddies and criminals – is also sure to pop up.

Unit-61398-Chinese-Army-Hacking-Jobs-With-Great-BenefitsOn occasion, the map is likely to show a big burst of coordinated attacks coming from China and directed towards the US. And while it is difficult to blame these attacks directly on the Chinese government (as they are adept at routing their attacks through other servers) government and independent researchers are confident the majority of these attacks are being directed by the People’s Liberation Army’s Unit 61398 – aka. the PLA’s cyberwarfare division.

A lot of hacks originate in the US, too, but their targets are much more varied. And in cases where Chinese facilities (or other nations that are nominally identified as hostile to the US) you can bet that the US Cyber Command at Fort Meade is behind the lot of them. But the map is still limited in that it uses Norse’s own honeypot operations to identify these attacks, and it therefore cannot be said with absolute certainty that real attacks happen in the same fashion.

nsa_aerialBut a general picture of the size and shape of global hacking and cyberwarfare can be divined by looking at the stats. Back in 2012, the US DOD reported that it was the target of 10 million cyber attacks per day. Likewise, the National Nuclear Security Administration says it saw 10 million attacks per day in 2012. In 2013, BP’s CEO said it sees 50,000 cyber attacks per day, and the UK reported around 120,000 attacks per day back in 2011.

While the extent and purpose of these attacks certainly varies, it is pretty clear that hacking and cyberwarfare is a global problem and something that governments, corporations, and institutions need to pay attention to. Last year, the Obama administration’s announced that it would not sit idly by in the face of stepped up attacks from China. However, the subsequent testimony and document leaks by Snowden showed that the US has been conducting its own attacks the entire time (and even beforehand).

And such is the nature of war, regardless of the context or the weapons used. States rattle their swords claiming they will not tolerate aggression, but there is always a fine line between maintaining one’s defenses and escalating a situation to the point that mutual destruction becomes inevitable. Perhaps the people who are currently fighting this alleged cyberwar should look to the past – specifically to the First World War and the Cold War – to see just how effective “arms races” are!

Source: extremetech.com, map.ipviking.com

Cyberwars: ACLU and NSA ex-Director to Debate Tomorrow!

keith-alexander-nsa-flickrIn what is sure to be a barn-burner of a debate, the former head of the National Security Agency – General Keith Alexander – will be participating tomorrow in a with ACLU Executive Director Anthony Romero. The televised, surveillance-themed debate, will take place tomorrow –  June 30th, 10:30am Eastern Time – on MSNBC. The subject: whether or not the NSA’s vast surveillance and data mining programs are making American’s safer.

While many would prefer that the current head of the NSA be involved in the debate, General Alexander is a far better spokesperson for the controversial programs that have been the subject of so much controversy. After all, “Emperor Alexander” – as his subordinates called him – is the man most directly responsible for the current disposition of the  NSA’s cyber surveillance and warfare program.Who better to debate their merit with the head of the ACLU – an organization dedicated to the preservation of personal freedom?

Edward-Snowden-660x367And according to classified documents leaked by Edward Snowden, General Alexander’s influence and power within the halls of government knew no bounds during his tenure. A four-star Army general with active units under his command, he was also the head of the National Security Agency, chief of the Central Security Service, and the commander of the US Cyber Command. It is this last position and the power it wields that has raised the greatest consternation amongst civil-libertarians and privacy advocates.

Keith Alexander is responsible for building this place up between 2005 and 2013, insisting that the US’s inherent vulnerability to digital attacks required that he and those like him assume more authority over the data zipping around the globe. According to Alexander, this threat is so paramount that it only makes sense that all power to control the flow of information should be concentrated in as few hands as possible, namely his.

NSA_fort_meadeIn a recent security conference held in Canada before the Canadian Security Intelligence Service (CSIS), Alexander expressed the threat in the following, cryptic way:

What we see is an increasing level of activity on the networks. I am concerned that this is going to break a threshold where the private sector can no longer handle it and the government is going to have to step in.

If this alone were not reason enough to put people on edge, there are also voices within the NSA who view Alexander as a quintessential larger-than-life personality. One former senior CIA official who agreed to speak on condition of anonymity, claimed:

We jokingly referred to him as Emperor Alexander—with good cause, because whatever Keith wants, Keith gets. We would sit back literally in awe of what he was able to get from Congress, from the White House, and at the expense of everybody else.

And it is because of such freedom to monitor people’s daily activities that movements like the February 11th “The Day We Fight Back” movement – an international cause that embraced 360 organizations in 70 countries that were dedicated to ending mass surveillance – have been mounted, demanding reform.

us_supremecourtIn addition, a series of recent ruling from the US Supreme Court have begun to put the kibosh on the surveillance programs that Alexander spent eight years building up. With everything from cell phone tracking to cell phone taps, a precedent is being set that is likely to outlaw all of the NSA domestic surveillance. But no matter what, the role of Snowden’s testimony in securing this landmark event cannot be underestimated.

In fact, in a recent interview, the ACLU’s Anthony Romero acknowledged a great debt to Snowden and claimed that the debate would not be happening without him. As he put it:

I think Edward Snowden has done this country a service… regardless of whether or not what he did was legal or illegal, whether or not we think the sedition laws or the espionage laws that are being used to possibly prosecute Snowden are too broad, the fact is that he has kick-started a debate that we did not have. This debate was anemic. Everyone was asleep at the switch.

One can only imagine what outcome this debate will have. But we can rest assured that some of the more predictable talking points will include the necessities emerging out of the War on Terror, the rise of the information revolution, and the dangers of Big Brother Government, as well as the NSA’s failure to prevent such attacks as the Boston Marathon Bombing, the Benghazi Embassy bombing, and a slew of other terrorist incidents that took place during Alexander’s tenure.

Do I sound biased? Well perhaps that’s because I am. Go ACLU, stick to Emperor Alexander!

Sources: engadget.com, democracynow.org

The NSA’s New Super Computer Facilities

nsa_aerialThe extent and depth of the NSA’s snooping has been the subject of much scrutiny and controversy of late. And it seems that the more we come to learn about the issue, the worse it gets. In addition to the extensive access the NSA seems to have to our personal data, there’s also the staggering amount of power that is being concentrated in so fe hands, coupled with a serious lack of oversight. Worse yet, it appears the NSA is showing no signs of slowing down.

Just two months ago, the Army Corps of engineers began breaking ground on a new supercomputing facility in Fort Meade, Maryland – the center of the NSA’s cyber operations. Known as the High Performance Computing Center-2, this $860 million data center will span more than 600,000 square feet of space, including 70,000 square feet of technical space. The center is expected to be completed in 2016.

NSA_supercomputerBut worse yet is the fact that this is not the only center being built, nor it is even the largest. In addition to the Fort Meade facility, the NSA is also building a massive data center in Utah, a project that will feature up to 1 million square feet of facilities and cost a hefty $1.5 billion. The computers alone will take over 100,000 square feet and the facility will require its own electrical substation to power all the air conditions required.

In truth, the Fort Meade location is only necessary because of the planned facility being built in Utah. Once it is up and running, the NSA will need a separate location where analysts can look over the growing amounts of processed information and material, and in turn make reports and provide recommendations for policy-makers.

cyberwarfare1Of course, the purpose of these facilities go beyond the mere analysis and storage of information. In addition, the Utah Data Center will also employ new code-breaking capabilities. Given the extent to which modern, high-value information is encrypted – everything from commerce to diplomacy to personal information – the center will be employing the latest code-cracking tools developed by the NSA.

Naturally, the NSA’s tightly-controlled PR department has stated that the purpose of these centers is to protect national security networks and provide U.S. authorities with intelligence and warnings about cyber threats, as part of the Comprehensive National Cybersecurity Initiative (CNCI). However, this has done little to allay fears, and seems like the same song being played on repeat.

hackers_securityAs always, the NSA’s stated objective do not address the growing awareness that the NSA has and continues to conduct cyber attacks in foreign countries. As Snowden’s testimony and recent revelations about the US super-secret Cyber Command revealed, American agencies have been conducting far more than just defensive operations in recent years.

All of these efforts began in earnest during the 1990’s and expanded greatly after September 11th, 2001. Much of this has had to do with the staggering increase in the amount of data being transmitted and shared on a daily basis, and not just the issue of terrorism. But what is disturbing is the near-total removal of oversight that began after 9/11 and has continued unabated ever since.

Despite promises that the era of warrantless surveillance was at an end, all attempts to resolve the issue have become marred by what is meant by “electronic surveillance”. In the meantime, the NSA continues to enjoy some rather broad freedoms to monitor and process the information we transmit. And as those abilities continue to grow, we can only hold our breaths and pray they mean it when they say “innocent people need not be worried”.

Sources: policymic.com, datacenterknowledge.com, seattleweekly.com, wired.com