Cyber Warfare - How prepared is Nepal?

So, Let me break down every single stuffs and make it easy for you to understand what the topic is about and what's the threat to our country in depth.

What is Cyber Warfare?

The proliferation of internet usage in the recent years has changed the way we interact daily. Right from the usage of e-Commerce, online banking, social networking sites up to connecting every single devices like Internet of things - IOT i.e. toasters, refrigerators, televisions, temperature controls, home automation systems, nuclear power station to internet and controlling them from any end point of globe has been developed. After land, sea, air and space, warfare has entered the fifth domain: cyberspace. Back in the old days, war was fought either from land, sea, air, and space with guns, ammunition, fighter jets, missiles, but now an individual or even a group of individuals can wage a war with just a use of computer and working internet connection, right from their bed while taking a sip of tea and in pajamas.

So, Cyber Warfare is the art and science of fighting without fighting; defeating an opponent without spilling their blood. In other words, cyber war refers to the action by a nation-state, to penetrate other nation’s computers and networks for the purpose of causing damage or disruption.

These days almost all the nation and states are fully dependent on internet for storage and transference of information and information in this era has become a critical part of daily operations. What we say, what we do, what we share, what we plan are very critical information we hold as an individual or as a nation overall and these information could be used against us to malice us.

The Internet was not originally designed with security in mind, but as an open system to allow scientists and researchers to send data to one another quickly. Without strong investments in cyber security and cyber defenses, data systems remain open and susceptible to rudimentary and dangerous forms of exploitation and attack. Since, the internet is widely open and easily accessible by anyone, information can be easily extracted or manipulated and could be used against for espionage, sabotage or vandalism of the national level infrastructures by directly striking to the networks from thousands of miles away and eventually destroying and disrupting the normal flow of information and communication and therefore cyberspace could be the next war-fighting domain in modern warfare.

Let's look at some major attacks around the globe in the past.

Back in the old days (late 80’s and early 90’s), hackers used to break into systems for fun and with motive of learning new things. Robert Tappan Morris, a Cornell University graduate student who released the most notable internet worm also known as ‘Morris worm’ on November of 1988, was where the people started noticing the ability and potential of the internet. Directly or indirectly nation and state sponsored cyber-attack has been going on for more than a decade. The sophistication of cyber-attacks have been evolving in the recent years.

Involvement of China

In 2006, when the China Aerospace Science and Industry Corporation (CASIC) intranet network was surveyed, spywares were found in the computers and later on October 2007, Chines Ministry of State Security stated that foreign hackers had been stealing information from Chinese key areas. The most popular search engine of china, ‘Baidu’ was hacked by Iranian Cyber Army on January of 2010. ‘Operation Aurora’ a series of cyber-attack conducted by china is also among the most notable attack by china against US.

Involvement of Russia

Russia has a tagline of spy, espionage and proxy war since the phase of cold war. On August 2008, computer networks in Georgia were hacked by unknown foreign intruders but around that time US was in conflict with Russia, although there was little or no disruption of services but the hacks did put political pressure on the Georgian government and it appeared to be coordinated with Russian military actions. The most notable attacks carried out by Russian hackers include Red October in 2012, Turla in 2014, Yahoo data breach in 2014, Democratic National Committee (DNC) hack in 2016 and release of Hillary Clinton’s private email has also been blamed upon the Russian hackers although the real source is still unknown or unspoken.

Involvement of others

Among many of the notable attacks, Stuxnet which was discovered in 2010, had targeted industrial control SCADA (Supervisory Control and Data Acquisition) systems in Iran and was blamed on US and Israel, ‘Flame’ in 2012 which appeared to be targeting Iran and middle-eastern countries. ‘Shamoon’ in 2012 was used to conduct an incredibility destructive attack on Saudi oil industry which was blamed on Iran, Sony Pictures hack in 2014 which was blamed on North Korea.

Other than these countries, Belgium, Australia, Maldives, India, Pakistan, Nepal etc. are also the victims of cyber-attacks and are at high risk of massive cyber-attack.

Since, technology is ever changing, and so are cyber threats. Hackers have evolved as per the time. Previously attacks used techniques that were random but now the attack pattern are completely different, sophisticated and more dangerous. Attack are more advanced, persistent and the threats are higher.

What's going on in Nepal?

As per Microsoft’s Malware Infection Index Asia Pacific 2016, Nepal is ranked number four in the list, which means Nepal is extremely vulnerable to cyber-attack and is encountering highest number of malware attack on a daily basis. The Asia Pacific region is especially vulnerable with emerging markets most at risk of malware threats. Out of top five locations across the globe most at risk of infection, a total of four are from the Asia Pacific – Pakistan, Indonesia, Bangladesh and Nepal, topping the ranking at first, second, fourth and fifth place in terms of computer encountering malware.

This is not the first time that Nepal has become a target or being exploited by cyber criminals and state sponsored hackers. Previously, Naikon also known as APT-30 (Advanced Persistent Threat) group has targeted military, government and civil organization and exploited. Carbanak, an APT style attacks also resulted in financial loss of the Nepal including almost thirty other country. These type of attacks are growing rapidly although Nepal has not developed much in terms of technology. Although Nepal has Information Technology Security Emergency Response Team (ITSERT-NP) but does not actively participate in research and development nor do they participate in active Intelligence gathering and learning about new threats and spreading awareness or maybe I could be unaware of that.

Technical manpower who are capable of defending the national level infrastructure are extremely limited and are always outnumbered by start-up hackers. Lack of training, resource, materials and especially security awareness seems to the problem in context of Nepal. The first phase should be divided into learning defensive tactics and then gradually developing offensive techniques and eventually build up elite cyber task force for national defense of information and security of Nepal. On 2014 – 2015 Nepal was highly vulnerable to cyber-attack since the national infrastructure almost collapsed because of the massive earthquake, and as a result, thousands of websites and servers including servers from government, military and private servers were victim of huge cyber-attack and cyber vandalism. The main reason Nepal became a target of cyber attackers was because of the chaos and dilemma caused by earthquake. Most of the websites are built by people who have little or no knowledge about security and on top of that the websites are built for just small amount ranging from minimum of five thousand to fifty thousand rupees. Until and unless the gap between developers and security people are not bridged, cyber-attacks will continue to generate and will be the biggest curse either for Nepalese economy and national infrastructure.

Overall

There is no such thing as hack proof security but still adding extra layer of security and using concept of defense in depth will make attacker to put more effort, time and resource. Since, policy is the first line of defense, a well-structured, and well-formatted and policy should be to the point rather than defining the vague scope of the work. Creating policy for enterprise user as well and end user will help create a wall between enterprise level defenses. Every software and hardware devices should be taken seriously while manufacturing and should be tested before deploying or distributing to the end customers. Public awareness programs helps the public and security related people to discuss on topics that are usually not talked much which will close the gap between security builder and public.

The main motive behind any cyber-attack depends on type of attack and type of attacker who is attacking. By looking at the basic first steps of an attacker, the type of attack and the targeted point where an attacker is trying to attack is clear and now those information can be immediately put in place to find out if the attacker will succeed or fail. Usually, honeypots (a decoy server to find out the attack pattern of a hacker) are deployed at such case and help in studying the patterns of an attacker and also help stop attacks. To cope against cyber-attack, threat intelligence can be used as an option for defense in depth strategy. Threat intelligence gathers intelligence from various online source and then verify the original network traffic and discard the malicious traffic. Correlating different rule sets and making a certain rule to gather intelligence about the attack pattern also helps in reducing the threat to some extent.

To implement security concepts in modern cyber world, training materials and time for the training is limited and the cost is higher for training and on top of that the certifications are for limited period of time. Normally, the certifications of training are for either three years or for four years of limited time period and requires deep understanding of how networks and computers works. For enterprise level security it is somehow easy since there are lots of training resources that are freely available but to spread awareness among the public is a tough task since the public is completely unaware of how the systems work and how they can be used against them. Most people are not focused on the security part of the cyber world but are more interested in buying the latest gadgets and using them for sole benefit or for entertainment purpose.

Final words

No matter how deep is the defense is or how hard you are trained to defend, an attacker will always find a way inside and eventually break into the systems, but that does not mean to do nothing. We can never predict a cyber-war until we start one.

Alan Lakein states a quotation saying, “Failing to plan is planning to fail.”

This statement is indeed true, the very first step in doing any task is planning, and this is true for cyber warfare too. If there is no plan or well written and explained documentation then at the time of incidents, the administrator could not handle the attack and eventually get defeated and would lose data and information worth millions.

A famous quotation by Sun Tzu states, “Victorious warriors win first and then go to war while defeated warriors go to war first and then seek to win.”

This statement is also true in terms of cyber warfare. Before going towards war or before starting a war, a warrior must first know how to defend own self and know the enemy. A drill or an exercise should be carried out to learn the offensive way of penetrating and defensive way of blocking an attack. Offensive and defensive tactics should not be practiced once, nor twice, but a plenty of times before heading towards the real war. Cyber war is not much different than the war in land, sea or air but is the same, where as in cyber warfare there are no bloods and guns but just the computers, network and the giant internet. Recently, ransom wares are evolving day by day and if we do not make the general public aware about the rising malware attacks then the civilians could become direct victim of cyber-attacks.

Past is a lesson, and future is where we implement things we have learned in the past, we can either run away from it or learn a lesson from it. Previous attacks could be of great help to predict future attacks and patterns of attacks. We can expect satellites, naval forces, aircraft, missiles and rockets being hacked and exploited to cause severe damage to the global economy and infrastructures. If we do not prepare now for cyber warfare, develop threat intelligence and prepare defensively then it could raise a massive threats to our lives as a whole.
 

Note:You can find a part of this article published on a Print Media of Nepal at: https://thehimalayantimes.com/opinion/cyber-warfare-how-prepared-is-nepal/ which was published on January 05, 2017 5:06 am On: Opinion

Aftermath of ‘NSA Hack’ by ‘The Shadow Brokers’

Just after a cyber attack on U.S. Democratic National Committee by a lone hacker named ‘Guccifer 2.0’, National Security Agency (NSA) became the victim of cyber attack where the group named ‘The Shadow Broker's’ dumped more than 300 MB of Equation Group ‘Cyber Weapon’ which was operated by Tailored Access Operations (TAO) team. The Shadow Broker is currently running a Bitcoin auction for the hacking tools they have acquired. As of 13th August 2016, they tweeted about the hack with a POC and then released the dump with pgp encrypted files on different file sharing sites. As per their words, they are inviting “Wealthy elites” to bid huge amount of cryptocurrency for the deadliest cyber weapons.

The archive contained scripts under cryptonyms like BANANAUSURPER, BARGLEE, BLASTING, BUZZDIRECTION, exploits under cryptonyms like EGBL, ELBA, ELBO, ELCA, ELCO, EPBA, ESPL, EXBA and many different tools. Some of the cryptonyms were the same to that of Snowden’s leak. The exploit appears to be targeting firewalls, particularly Cisco Adaptive Security Appliance (ASA), Cisco Private Internet eXchange (PIX), Fortigate, Juniper Netscreen, TopSec etc. The exploits took advantage of undisclosed vulnerabilities aka 0’day exploits.

Mustafa Al-Bassam (Founder of LulzSec aka Tflow) has a good write up about the comprehensive list of all the tools and exploits that are contained or referenced in the dump. The targeted products and the company have already started to issue patch and publicly respond to the leaked exploits. “This is the first time possible examples of those tools have been available for inspection. As part of our analysis of these files, we identified an attack against NetScreen devices running ScreenOS.” says Derrick Scholl from the Juniper Product Security Information Response Team. Cisco has also released software updates that address Cisco ASA’s SNMP Remote code execution (RCE) vulnerability (CVE-2016-6366). Omar Santos, a Principal Engineer in the Cisco Product Security Incident Response Team (PSIRT) within Cisco's Security Research and Operations along his team has stated that “Cisco Firewall Service Modules and Cisco PIX Firewalls have passed the last day of software support milestone as stated in the published End of Life (EoL) documents. Further investigations into these devices will not be performed, and fixed software will not be made available.”  Meanwhile, Fortinet’s Threat Research and Response team has warned in an advisory of a ‘high-risk’ vulnerability in its older version of FortiGate firewalls, the statement states that, “FortiGate firmware (FortiOS) released before Aug 2012 has a cookie parser buffer overflow vulnerability, this vulnerability, when exploited by a crafted HTTP request, can result in execution control being taken over.” FortiOS 4.x firmware release and lower versions seem to be affected but FortiOS 5.x firmware is not affected and in the meantime FortiSwitch firmware versions 3.4.2 and below are affected.

Say what’s interesting in the bitcoin auction? Some of the geeks and leets seems to be making fun of the auction call or maybe they are enjoying the call. As of Wednesday, tiny payments (0.001337 BTC) of bitcoin seemed like this:

1never9kNNkr27UseZSHnaEHg1z8v3Mbb

1gonnaV3MFNjymS4RGvUbHACstiS8aSYz

1giveGEk184Gwep2KT4UBPTcE9oqWzCVR

1youKBMLEohsexdZtkvnTzHnc4iU7Ffty

1upAbpBEWQ467QNT7i4vBMVPzSfQ3sqoQ

1never9kNNkr27UseZSHnaEHg1z8v3Mbb

1gonnaV3MFNjymS4RGvUbHACstiS8aSYz

11etAyypstpXLQpTgoYmYzT8M2foBSBe1

1youKBMLEohsexdZtkvnTzHnc4iU7Ffty

1downAsBbRQcBfUj8rgQomqhRsNFf1jMo

This reads as 'never gonna give you up, never gonna let you down', which is one of a famous song among the leet community by Rick Astley - Never Gonna Give You Up.

Anyway this leak has awaken the top leading industries of networking and cyber security as well as many security community around the globe. If the victim organizations and industries do not patch their vulnerability soon, we can easily predict more script kiddies or even pro black hat communities exploiting the back doors for fun and for profits.

A search engine for Hackers – SHODAN

Wouldn’t that be cool if we could get access and control to security cameras, printers, toasters, traffic lights, gas station, nuclear power plant, monitoring stations etc.? Well, that’s exactly, what Shodan does for us. Basically, Shodan is a search engine that help users find specific devices (routers, servers, switches, computers etc.) that are connected to the internet.

This search engine was created by John Matherly and launched back in 2009. What makes Shodan different from other search engine is because of its algorithm, and definitely the way it unites the devices linked with the internet. Some define it as a reconnaissance tool, since it gives information about the open ports, service versions, server information and much more about the specified devices. A penetration tester would use this engine to find the targeted IP information which is publicly exposed. Security researchers would use it to find certain devices or information and generate report and distribute among the security community, whereas the same information could also be used by the black hat community to exploit the targeted network and cause damage to those vulnerable devices.

Most of the connected devices tend to be vulnerable in one way or the other way. A script kiddie with no prior knowledge of how things work, could use this engine and find widely open devices which uses default password or no passwords in some cases and then claim that they have hacked certain devices and act cool among friend circle. Well, isn’t that cool? (And by saying that I don’t motivate you to act illegal) Exactly, that’s what happen and what are happening. Sometimes back, security researchers have found huge number of vulnerable monitoring devices which used default username and default password or no password at all.

Back in the time, people used google dork to find out “How to hack IP camera” or so, but with Shodan you can now act as a Hollywood hacker and act cool (And again by saying this I don’t motivate you to act illegal either). Huge number of devices are widely exploited and used by cyber folks and kids. IP cameras are just a simple example. Not only IP cameras, but the devices I mentioned on the very first sentence are online, can be seen at Shodan, which are widely vulnerable and could easily be exploited with malicious intended folks from the dark.

It is always a best practice to change your default usernames and passwords, close the unused ports, and update your devices to the latest firmware and to the latest kernel release, patch the vulnerability which are made public, do not open any port unless you really need it and at least follow security related news to know what’s going on in the security community.

At last, remember this adage, “Bridge when you can and route when you must.” You might need it someday folks.

Social Impacts of Advances in Communications Technology

Technology these days has revolutionized the world of communication. The world is switching to the different era of modification because of the vastly growing and the wider use of the tech products. Technology now allows people the opportunity to communicate from opposite ends of the globe. Generally, communication and technology encompasses a broad range of mediums, from the internet to radio to television to wireless signal providers.

Social networking site’s seems to be a great place for utilizing the time for people these days. The newly emerging concepts and thoughts are being combined together for the general public’s benefit in the field of communication. These days people of different gender, geography and ethnicity from all over the globe is connected via the internet for communication among their relatives and loved ones. Using these social media and service’s was fairly complex for the people who are far from the world of inner tech as it involved html coding and designing custom pages. Eventually, developments in the field of communications and technology gave birth to the recent sophisticated social networking sites like that of Facebook, Twitter, WhatsApp, Google+, and LinkedIn etc. Most of the business organizations and public, use the social networking sites for the advertisement of their goods and products and communicating with their loved ones. Social networking sites as well as e-commerce websites has been a great place for businessman to display their goods and generate income.

Social impacts of the communication technology or social networking are excessive. Facebook has about 864 million daily users on average as of September 2014 data and so does some other top level social networking sites (Facebook team, 2014). The social networking sites as well as electronic device has made the life style of people a lot easier. People of age groups from 10 has been using and taking the advantages of communication technology these days. Despite of general communication, social networking sites like that of Facebook and twitter are being excessively used for scientific communities and research oriented organizations to spread the latest developments in science and technology. Parents and children, teachers and students, staffs and managers are using these sites as a tool to communicate. Many different opportunities for employment also arise and can be found via the internet.

As everything have pros and cons, every single electronic device, websites and servers can be hacked. The priority for the security to the communication and technology should not be neglected. Unprecedented advances in computing, robotics, artificial intelligence hold the potential to radically transform our world for the better and create mass abundance for all. Just because of the rapid development in communications and technology, the public in this world has changed their mind-set for the future and has skilfully developed the way of making use of the resources through the technology today.