Anda di halaman 1dari 47
T H N
T
H
N

April2012,Issue10

</Cyber_Warfare>

Editorial

CallitCyberWarfare,Terrorism,ComputerMania thismonth The HackerNewsturnsovereveryleafofthenewestwayworldcitizensare
CallitCyberWarfare,Terrorism,ComputerMania thismonth The
HackerNewsturnsovereveryleafofthenewestwayworldcitizensare
fightingwarsandusingtheirkeyboardstodestroyplanetearth.
MoMossttcallitCyberWarfareandweareonceagainproudtohavesomefan-
tasticwriterslikePierluigiPaganini,MouradBenLakhoua,LeeIves,Paul
F.RendandAhmedSherifbackwithustohelpeducateallourreaders
abouttheimpendingcyberwarcrisisandwhatwecandoaboutit.
PierluigiPaganinigivesusastepbysteptechnicalunderstandingofthe
issueandAhmedSherifgivesafantasticlookatSCADA,theworkings
andthetakedowns.
Joinusasweexplorethisnewfrontierandletusknowhowyoufeeland whatyouhavelearned! MohitKumar, Editor-in-chief,
Joinusasweexplorethisnewfrontierandletusknowhowyoufeeland
whatyouhavelearned!
MohitKumar,
Editor-in-chief,
TheHackerNews
SpecialThanksto:
-PattiGalle(ExecutiveEditor-THN)
--PPiieerrlluuiiggiiPPaaggaanniinnii((AAuutthhoorr--TTHHNNMaMaggaazziinnee))
-MouradBenLakhoua(Author-THNMagazine)
-LeeIves(Author-THNMagazine)
-PaulF.Rend(Author-THNMagazine)
-AhmedSherif(Author-THN Magazine)

TableofContents

1.)CYBERWARFARE MOHITKUMAR,FOUNDERTHN 2.)CYBERWEAPON PIERLUIGIPAGANINI 3.)CYBERWARFARE-ANINTERNATIONALCONCERN
1.)CYBERWARFARE
MOHITKUMAR,FOUNDERTHN
2.)CYBERWEAPON
PIERLUIGIPAGANINI
3.)CYBERWARFARE-ANINTERNATIONALCONCERN
MOURADBENLAKHOUA
4.)TERRORISTSANDEXPLOSIVES
PAULF.RENDA
5.)SCADAATTACKING
AHMEDSHERIF
6.)CYBERWARMYTH ORREALITY?
LEEIVES
77 ))WATCH

YOUR BACK THEYAREWATCHING YOUR

HACK

PATTIGALLE,EXECUTIVEEDITORTHN

8.)INTERVIEW WITHTHEHACKERNEWS

HACKERNEWSEDITORIALSTAFF

9.)JUSTICETHEAMERICANWAY

PATTIGALLE,EXECUTIVEEDITORTHN

1100 ))NNEEWSWSOOFFTTHHEEMOMONNTTHH THNEDITORIALSTAFF
1100 ))NNEEWSWSOOFFTTHHEEMOMONNTTHH
THNEDITORIALSTAFF

ActivistsandTerroristsTurntoCyberspace

ActivistsandTerroristsTurntoCyberspace By:MohitKumar “ Cyberspace

By:MohitKumar

Cyberspace”Anintangiblelocalityinwhichdatabasesandwebsitesexist. Sincethebeginningofrecorded history,terrorism hasbeen an important meansutilizedtocauseinstabilitytogovernments.Youwillfindthateventhe

Biblesupportedin-depthmethodsofterrorism.In100A.D.IsraeliZealots

battledtheRomanoccupationoftheircountrywithterroristgorillastylehit andruntacticsinpublicplaces. Evenmanyworldhistorianssaythatthe UnitedStatesofAmericawasfoundedinterrorism,anditiscertainlyhardto aarrgguueethatmodern daynationslikeCyprus,Algeria,Ireland,Tunisia,and Israel,inallprobability,wouldnotexisttodayifnotforterrorism.Nomatter howitisdefined,itisapparentthatterrorismhassignificantlyanddirectly moldedworldhistoryandhasplayedanimportantrolehistoricallybydirectly compellingsocietiestomakedifficultchoicesbetweenlevelsoffreedom and levelsofoppression.

and levelsofoppression. Thismonthweexplorethisnewfrontofcyberwarfareandweaim
Thismonthweexplorethisnewfrontofcyberwarfareandweaim toawaken
Thismonthweexplorethisnewfrontofcyberwarfareandweaim toawaken
people.Peopleonthefrontlineofthecyberwarandthosewhoareinnocently
livinglifethroughtheirPC’smusteducatethemselvesonhow government
andhacktivistshavedeclaredwarontheworldandhowtheyaredoingit.
WiWitthhthemoderndayadventofcomputertechnology;theworldfindsitself
enmeshedinthenew frontierof“Cyberspace”andthishasnow placedthe
worldsquarelyatahistoricalturningpoint.Thetypeofforcetheworldhad
alwaysunderstoodasstandardactsofterrorism,isnow beingsupplantedby
cyber-espionage,hacktivism,sizeablecyberstrikes,andtheuseofnumerous
cyberweaponsagainstcrucialinfrastructure.Cyberwarfare,Cyberspyingand
Cyberterrorism consistofanyandallformsofassertiveormalevolentactions
ttaakkeenninoppositiontoagovernmentagency,corporation,oraprivatecitizen
whichtranspiresin“cyberspace”tocarryouttheiractions.Forthecyberwar-
rior,cyberterroristorcyberspytoattainaccesstotargetedcomputersystems
theyhavegottoutilizevandalism,espionage,andsabotage.Itisimportantto
notethattheUnitedStatesPentagonhasformallyrecognizedcyberspaceasa
new domaininwarfareandthoroughlyfeelscyberspacehasbecomejustas
criticaltoUnitedStatesmilitaryoperationsasisland,sea,air,orspace.Many
countriesfeelthesameandasChinahasshowedus,areemployingthisnew frontiertogaindominance.
countriesfeelthesameandasChinahasshowedus,areemployingthisnew
frontiertogaindominance.
Cyber-terrorismisincreasinginfrequencyandisadroitenoughtogenerate
Cyber-terrorismisincreasinginfrequencyandisadroitenoughtogenerate
seriousdamages.The“Cyberwarfare”nowtakingplaceisillustrativeofanew
modeofterrorism,atthesametimecontinuingtoresemblemanystandard
militaryandbattleprocedures.Itiscertainlynotsurprisingtolearnthata
wholehighlyfundedindustryspecializingin new formsofcounterintelli-
gencehasbeenbirthedbecauseof“Cyberwarefare”,consistingprimarilyof
privateandmilitary-basedfirmsandorganizations.Worldwidealmostall
WeWesstteerrnngovernmentsandtheircorporaterunmediahavewastedlittletime
inidentifyingCyberwarfareas"TheFifthDomainofModernWarfare”.
TheUnitedStatesDefenseSecretaryLeonPanettastatedataJuly2011news
TheUnitedStatesDefenseSecretaryLeonPanettastatedataJuly2011news
conferencethatthePentagonconsideredthecommercialInternettobe“an-
other operationaltheater ofwar” and thatU.S.Strategic Command
(StratCom)andCyberCommandmustbepreparedtotakeonamorecon-
frontationalrolein combating cyberassaults.Thisnewsconferencewas
calledbytheDefenseDepartmentaftertwoconsecutivesmonthsofassaults
ongovernmentdatabasesthatgrew intoheated“Cyberwarfare”withseveral
anonymousgroupsofonlinehackers.Therewasnolackofabundanceoffear
anonymousgroupsofonlinehackers.Therewasnolackofabundanceoffear
tacticsusedattheJulynewsconferencefeaturingPanetta;withtheDepart-
mentofDefenserevealingtothepublicthatan“unknownforeignagency”had
collectedmorethan20,000documentsinacyber-assaultonaU.S.military
contractorinthespring.
AtitsannualworkshopinJune2011,GlobalNetworkAgainstWeaponsand
AtitsannualworkshopinJune2011,GlobalNetworkAgainstWeaponsand
NuclearPowerinSpacedevoteditsconferenceentirelyto“Cyberwarfare”.
Theconclusionthatwasreachedbythoseattheconferencein2011wasthatit
simplydidn’tmatteriftheimpetusoraim wasaninsurgentassaultagainst
‘BigBrother,foreconomicenrichment,foreigngovernmentespionage,orfor
nefariouspurposessuchasmaliciousmischief,unfortunatelythesehackerat-
tacksconsistentlyendedupservingtheinterestofgroupslikeCyberCom-
mandandtheNSA.Everysingleoneofthesenewbreaches,nomatterthemo-
mandandtheNSA.Everysingleoneofthesenewbreaches,nomatterthemo-
tives,createdastrongerrationaleforgovernmentwagingoffensiveformsof
“Cyberwarfare”topre-emptivelydefendnationalsecurity.Regrettably,each
newattackappearstohavecreatedastrongercaseforevengreatergovern-
mentencroachmentonourcivilliberties.ItisimportanttonotethatTheU.S.
StrategicCommandnowservesasthecommandcenterforconducting“Cy-
berwarefare”,aunique21st-centurybrandofwar.Andvirtuallyeverytech
niqueof‘near-war’assaultsincluding“Cyberwarfare”ismanagedfrom U.S.
niqueof‘near-war’assaultsincluding“Cyberwarfare”ismanagedfrom U.S.
StrategicCommand(StratCom)headquartersinOmaha,Nebraska.
WhatdoesthismeanforgroupslikeAnonymousorLulzsec? WeWearewitnessinganewerainthehistoryofwarfarethatisrapidlyunfolding
WhatdoesthismeanforgroupslikeAnonymousorLulzsec?
WeWearewitnessinganewerainthehistoryofwarfarethatisrapidlyunfolding
allaroundusandiscreatingaforceofchangethathasthepossibilitytohelp
destroyorhelprevolutionizeourworld.“Cyberterrorism”couldeasilyimpair
a nation economically,psychologically,and even physicallyand in every
singlearenathatisusingmoderntechnologyastheirforemostpurposeforex-
istenceshouldconsiderCyber-terrorismasaveryrealthreat.Itisevidentthat
manycountries,suchasChinaandtheUnitedStatesnowviewtheInternetas
aavalidinstrumenttofightawaragainstanyandallenemies.Itisevidentto
worldleadersandmulti-nationalcorporationsthattheInternetcannow be
used to enhancemilitaryand economicpowerfortheirnationsortheir
bottom line.Therefore,governmentsandcorporationsallovertheworldare
nowaggressivelytrainingandrecruitingtheirown “CyberWarriors”touse
theInternetforoffensiveattacks,andtoprotectthemselvesfrom suchat-
tacks.
GroupslikeAnonymousshould takeheed and realizethatunlimited re-
GroupslikeAnonymousshould takeheed and realizethatunlimited re-
sourcesarebeingusedtofightthiscyberwarandifAnonymousandothers
wanttorevolutionizetheworldtheymuststayonestepaheadofahugema-
chineworkingtocrippletheireffortsandcrippleworldgovernmentsandin-
dustry.
Thoughfraughtwithaltruistic,nefarious,andunintendedconsequences,the
Thoughfraughtwithaltruistic,nefarious,andunintendedconsequences,the
actionsofJulianAssangeandWikiLeaksmayserveasthecornerstoneofhow
thismovementiscarried forward.Governmentspaintwith thebroadest
brushpossible(cloakingtheirdeedsormisdeeds)andinvokerealorimag-
inedfearsasathreattonationalsecurity.Conversely,proponentsofcivillib-
ertiesbelievetheseactionsasanecessaryoversightandtherightofcitizens
(USFirstAmendment)tounderstandtheworkingsofgovernmentandside
withtheproverb,sunlightisthebestdisinfectant. Towinawaronemustknow theirenemy. Know thatyourenemyiswell
withtheproverb,sunlightisthebestdisinfectant.
Towinawaronemustknow theirenemy. Know thatyourenemyiswell
stocked,welleducated,wellre-enforcedandwellfunded.Worldcyberwaris
atourfeetandthosethataim togivedemocracytopeopleworldwidemust
recognizeaformidableenemy.
Wethepeoplearedependingonyou.Don’tlosethiswar.

CyberWeapon

By:PierluigiPaganini

First,let'strytoprovideadefinitionofacyber-weapon.TodothisIhave gotten inspiration from an articlewritten
First,let'strytoprovideadefinitionofacyber-weapon.TodothisIhave
gotten inspiration from an articlewritten bytheexpertsThomasRidand
PeterMcBurney.Tocorrectlydefineacyberweaponithassignificantlegal
andpoliticalconsequencesaswellasthesecurityitself.Thelinebetweenwhat
isacyber-weaponandwhatisnotacyber-weaponissubtle.
BBuuttdrawingthislineisimportant.Forone,ithassecurityconsequences:ifa
toolhasnopotentialtobeusedasaweaponandtodoharm tooneormany,
itissimplylessdangerous.
SSeeccoonnddllyy,,drawingthislinehaspoliticalconsequences:anunarmedintrusion
ispoliticallylessexplosivethananarmedone.Thirdly,thelinehaslegalcon-
sequences:identifyingsomethingasaweaponmeans,atleastinprinciple,
thatitmaybeoutlawedanditsdevelopment,possession,orusemaybepun-
ishable.
Itfollowsthatthelinebetweenweaponandnon-weaponisconceptuallysig-
Itfollowsthatthelinebetweenweaponandnon-weaponisconceptuallysig-
nificant:identifyingsomethingasnotaweaponisanimportantfirststepto-
wardsproperlyunderstandingtheproblemathandandtodevelopingappro-
priateresponses.Themostcommonandprobablythemostcostlyform of
cyber-attackaimstospy.
The two experts define “cyber weapon” as “a com- putercodethatisused,or designedtobeused,withthe
The two experts define
“cyber weapon” as “a com-
putercodethatisused,or
designedtobeused,withthe
aimofthreateningorcaus-
ingphysical,functional,or
mentalharm to structures,
systems,orlivingbeings“ Overtheyearsmanycyberweap- onshavebeenidentified,without adoubtthemostfamousofwhich
systems,orlivingbeings“
Overtheyearsmanycyberweap-
onshavebeenidentified,without
adoubtthemostfamousofwhich
isthevirusStuxnet.
Aninterestingclassificationofcyberweaponsisbasedonspectrumofaction, inthisscaleweintroducethefollowingcategories: •
Aninterestingclassificationofcyberweaponsisbasedonspectrumofaction,
inthisscaleweintroducethefollowingcategories:
• Lowpotentialendofthespectrum isamalwareabletoaffectsystemsfrom
outsidebutthatisnotabletopenetratethetargetortocreateadirectharm.
Tothiscategorytoolsandsoftwaretogeneratetraffictooverloadasystem
createdamagetoitsserviceswithatemporaryeffect(e.g.DenialofService
attack)withoutdamaging.
•• Medium potentialendofthespectrum,anymaliciousintrusionwecan
identifythatisnotabletoinfluencethefinaltargetthatisanywayableto
createfunctionalandphysicaldamage.Inthiscategoryareincludedgeneric
intrusionagentslikemalwareabletorapidlyspread.
••Highpotentialendofthespectrumisanagentthatiscapableofpenetrat-
ingthetargetavoidinganyprotection,creatingadirectharm tothevictim.
Thatcouldbethecaseofasophisticatedmalwarethatcouldharm aspecific
systemlikethevirusStuxnet.Insidethiscategoryweintroduceafurtherdis-
tinctionbetweenalearningagentandintelligentagent.Stuxnetisanintelli-
gentweaponwithoutlearningcapabilities,maybethisfeaturewillbepartof
thenextgenerationofcyberweapons.
Costandcomplexityofthiscyberthreatarehighpotentialbecauseyoumust
Costandcomplexityofthiscyberthreatarehighpotentialbecauseyoumust
considerthatbehindhighpotentialagentsthereisalongandconsiderable
contentofintelligenceusedtoacquireinformationonfinaltargetanddevelop
theweaponspecificforit.
Inrecentyearsoneofthetopicsofgreatestinterestintheinternationalscien-
tificcommunityhasbeen thedevelopmentofnew cyberweaponsto use
againsthostilecountries.
Whatdominates,withoutanydoubt,wastheuseofvirusesandothermal- waretoattackcriticalinfrastructureoftheopponents.
Whatdominates,withoutanydoubt,wastheuseofvirusesandothermal-
waretoattackcriticalinfrastructureoftheopponents.
TheStuxnetcasedidschool,asbehinditsdevelopmenttherearegovernment
structures,mostlikelyintheU.S.andIsrael.
Whyhastheuseofacyberweaponprovedawinner? ••First,thedisclosureofsuchagentsissilencedforthenatureofthevulner-
Whyhastheuseofacyberweaponprovedawinner?
••First,thedisclosureofsuchagentsissilencedforthenatureofthevulner-
abilitiesthatareexploited.Thestudyofnewzero-dayvulnerabilityprovidesa
realadvantagetothosewhoattackandtherelatedrisksoffailureofopera-
tionsisminimal.Weconsiderthatattacksperpetratedinthisway,becauseof
theanonymousnatureoftheoffense,allowyoutocircumventtheapprovalby
theworldcommunitytoamilitaryoffensive.
•Thecostsinvolvedindevelopingsolutionssuchasthatatissuearerela- tivelylowcomparedtootherconventionalweapons. •
•Thecostsinvolvedindevelopingsolutionssuchasthatatissuearerela-
tivelylowcomparedtootherconventionalweapons.
• Thechoiceofcyberweaponallowsthosewhousethesolutiontoremain
anonymousuntilmilitarystrategiesdeem itappropriate.Themainstrategies
thatusesuchmalwarearemainlyaimedat:
o Probingthetechnologicalcapabilitiesoftheenemy.Theabilityofanagent
o Probingthetechnologicalcapabilitiesoftheenemy.Theabilityofanagent
toinfectenemystructuresissymptomaticofinadequatecyberdefensestrat-
egythatmaysuggestadditionalmilitaryoptions.
o Underminethosethatareconsideredcriticalstructureswhoseoperation
dependsontheopponent'svitalfunctionsofthegovernmentalstructureofa
country.
•Thereisnodoubtregardingtheefficacyoftheseweapons.Eventshave
•Thereisnodoubtregardingtheefficacyoftheseweapons.Eventshave
provedthattheyareoffensiveweaponsdesignedwiththeintenttoinfectop-
posingstructures.Thecyberweaponscanbedesignedtohitspecifictargets
whileminimizingthenoiserelatedtheusageoftheweaponthatcanresultin
causingthediscovery.Thevectorofinfectioncanbeofvariouskinds,suchas
acommonUSBsupport,beingabletohitaverylargenumberoftargetsina
smalltimeinterval.
•Anothersignificantfactoristheabilitytopredictandtoobservethedevel-
•Anothersignificantfactoristheabilitytopredictandtoobservethedevel-
opmentofacyberweaponbyagenciesintelligence.Inaclassicalcontextthe
developmentofaconventionalweaponcanbeeasilyidentifiedthroughintel-
ligenceoperationsonthegroundandviasatelliteobservationscanbeeasily
identifiedagarrisonusedtodevelopmilitarysystems.Thedevelopmentofa
cyberweaponisratherdifficulttolocateandthushinderthecyberweapon
beingexposed.Evenaprivatehomemaybesuitableforthepurpose.
Tounderstandtherealevolutionofcyberweaponswillshowyouaslidetaken
Tounderstandtherealevolutionofcyberweaponswillshowyouaslidetaken
fromapartofthepresentation"PreparingforaCyberAttack"byKevinG.
Coleman.
Byviewingthisitiseasytounderstandhowithasgrownovertheyearsand
thetechnologyinthedevelopmentofacyberarsenalandhow dangerousthe
cyberweaponsareinthefuture.
BBuuttwho are the objectives to be attacked with weapons ofthis
kind?
Theseriesisverywide,itisknownthatamalwarecanaffectanysystem in
whichthereisacontrolcomponent.Tocitesomeexamples:
• Industrialcontrolsystems,particularconcernarethosecomponentsthat
overseetheoperationofsuchplantsforenergyproductionanddeliveryofser-
vicesofvariouskinds,suchaswaterutilities.
• Systemsforterritorycontrols • Hospitalsandgovernmentcontrols • Communicationsnetworks • Defencesystems
• Systemsforterritorycontrols
• Hospitalsandgovernmentcontrols
• Communicationsnetworks
• Defencesystems
Severalintelligencestudiesdemonstratethatmoreover140countrieshavea
Severalintelligencestudiesdemonstratethatmoreover140countrieshavea
cyberweapondevelopmentprogram.Startingin2006theequityinvestment
isahundredtimeshigher,withasensibleincreaseinthenumberofcountries
thatarepursuingthiskindofweaponoracquiringknowledgeinthesector.
Isthecyberweaponauniqueprerogativeofgovernments?
UUnnffoorrttuunnaatteellyynot,althoughbehindthedevelopmentofacyberweaponthere
ispainstakingintelligenceworkandtheinvestmentstilllarge.Wemustalso
keepinmindthatsuchweaponscanalsobedevelopedbygroupsofcriminals
andhacktivistswithunpredictableanddisastrousconsequences.Asantici-
patedthedevelopmentofacyberweaponrequiresalongprocessofresearch,
however,groupsofhackersandcybercriminalsmaybeable,throughpro-
cessesofreverseengineering,toanalyzethesourcescodesofexistingweap
onsmodifyingthem accordingtheirdesign.Inthiswaytheycouldproliferate
onsmodifyingthem accordingtheirdesign.Inthiswaytheycouldproliferate
cyberweaponscharacterizedbyincreasinglycomplexandunpredictablebe-
havior.
Let’sclarifythatacyberweaponnotnecessarilymustbeusedwithoffensive
purpose.Duringlastfew months newshasbeencirculatinginsomemedia
aboutFujitsucompanyhavingsubscribedacontractwiththeJapaneseMin-
istryofDefenseforthedevelopmentofanewvirus.
Thenewsconfirms,therefore,theapproachintroducedinthisarticle,viruses areused asaweapon
Thenewsconfirms,therefore,theapproachintroducedinthisarticle,viruses
areused asaweapon insideacyberstrategy.Icitethisexampleforthe
uniquenessofthecase.Thistimetheprojectforthevirusdevelopmentisnot
fortheoffensepurposebutfordefense.Thatisanotherinterestingusageofa
cyberweapon,developedtodefendsystemsandtrackbackanycyberthreats.
RReeggaarrddiinnggtheproject,foranapproximatecostofU.S.$2.3million,itap-
pearsthatJapaniskeentohaveatoolthatseeksoutinfectedcomputers,hop-
pingfromPCtoPC,andcleansthemup.
Thedebateontheefficacyofthemethodadoptedisopen.
Arewereadytofaceacyberattack? NNoodoubtinrecentyears,internationalopinionwasstronglysensitizedon
Arewereadytofaceacyberattack?
NNoodoubtinrecentyears,internationalopinionwasstronglysensitizedon
thisissueandtherehavebeenhugeinvestmentsinwarfare.Numerousstud-
ieshavedemonstratedtheneedforadequatecyberstrategy,defensiveasof-
fensive.Unfortunatelythenewsisnotgood.Toomanycriticalinfrastructures
arestillvulnerabletoattackscarriedoutwiththistypeofweapon.Itisthere-
forenecessarytomonitor,withaninternationalcollaboration,thedevelop-
mentandproliferationofthesethreats.Thekeycriticalinfrastructuresall
overtheworldmustbeidentifiedandmustdefineacommondefensepolicy westillhavemuchworktodo. AbouttheAuthor:
overtheworldmustbeidentifiedandmustdefineacommondefensepolicy
westillhavemuchworktodo.
AbouttheAuthor:
PierluigiPaganini,SecuritySpecialist
CEH-CertifiedEthicalHacker,ECCouncil
SecurityAffairs(http://securityaffairs.co/wordpress)
Email:pierluigi.paganini@securityaffairs.co
References: http://www.tandfonline.com/doi/abs/10.1080/03071847.2012.664354
References:
http://www.tandfonline.com/doi/abs/10.1080/03071847.2012.664354

Cyberwarfareaninternationalconcern

By:MouradBenLakhoua

Todaycybersecurityisamajorconcernforallcountriesandallnationsneed
Todaycybersecurityisamajorconcernforallcountriesandallnationsneed
tobepreparedforamassiveattackthatwilltakedowntheirfacilities.Intra-
ditionalwartheattackerstartsbyusingairforcetotargetcriticalsystemsin
thecountry,thisoperationwillmaketheenemyoutofcontrolofhisarmyand
decreasethecommunicationinthecountry.
TechnologyischangingandIthinkthatcyber-attackgoingtobethefirstop-
TechnologyischangingandIthinkthatcyber-attackgoingtobethefirstop-
erationinanytraditionalwar.Ifyoupenetratetheircyberspacefirstyouwill
beabletogatherveryimportantinformationthatcanbeusedinthewar,for
example,numberofsoldiers,numberofairportsandtypesofsystemsusedin
thearmycommunicationetc…
Manycountriesmayfeeltheyarenotgoingtobeaffectedbythistypeofwar-
Manycountriesmayfeeltheyarenotgoingtobeaffectedbythistypeofwar-
fareastheyhavenopoliticalconflictsbutthisisnottrue.Forexample,the
cyberwarbetweenPakistanandIndiawheretheyusedonlinesearchengines
toidentifyvulnerablewebsitesinAfricatodefacethem andtransmit mes-
sagesregardingthesituationintheregion.
Toprotectcyberspaceitisveryimportanttocreateanationalstrategyforall
Toprotectcyberspaceitisveryimportanttocreateanationalstrategyforall
countriescitizensthatwillincludeanactionplantoprotecttheircyberbor-
ders.Thefirstthingisidentifyingwhatwearelookingtoprotectforexample
hospitals,ministries,governmentalinstitutions,mediaestablishments,per-
sonalinformationandsoon.
Next,weapplysecuritystandardsandbestpracticestoguaranteetheconfi-
Next,weapplysecuritystandardsandbestpracticestoguaranteetheconfi-
dentiality,integrityandavailabilityofinformationattheseorganizations,by
conductingaconstantauditoftheexistinginformationsystems.Theaudits
canbetwiceayearormore,thiswillhelpustounderstandifwearevulner-
abletocyber-attacksornot.
Duringthecyber-attackallpeopleareinvolved,soweneedtocreateacyber- securityawarenessandtrainingprogram
Duringthecyber-attackallpeopleareinvolved,soweneedtocreateacyber-
securityawarenessandtrainingprogram forindividualsincludingthesmall
family. Wecan createakind ofcartoonstotransmittheinformation to
children’sormoviesforparents.Thiswillraisethesecurityawarenessand
makethem educatedaboutcyber-attackweaponslikemalwares.Trainingof
technicalstaffisalsoimportanttoacquiretheknowledgeofhowtomakeour
systemsprotectedandwhatkindofthreatsarefacingcyberspace.
Vulnerabilitiesarediscoveredonadailybasesandthismakesthevulnerabil-
Vulnerabilitiesarediscoveredonadailybasesandthismakesthevulnerabil-
ityassessmentandpenetrationtestinganimportantpartofthestrategyto
makeyoursystem asmuchaspossible,freefrom new bugsdiscoveredindif-
ferentsoftwarepackages.Thiscanbebyalertingallcitizensofnewvulner-
abilitiesviamailinglistsandhowitispossibletofixthesevulnerabilities.
AlsoImplementinghoneypotsforcatchinganddetectinginfectedmachines
AlsoImplementinghoneypotsforcatchinganddetectinginfectedmachines
inthenationalcyberspaceandlaunchingacyber-securitycommunitycoordi-
nation(suchasHoneynetproject(1),Shadowserver(2),CERT’s(3))tomiti-
gatemalwarethreats.Thiscoordination can help bylearningfrom other
countriesexperienceindefendingtheircyberboarders.
Clean-upservicesisaveryimportantactivitythatmakesyourcyberspace
Clean-upservicesisaveryimportantactivitythatmakesyourcyberspace
safe,wecanimaginethenumberofbotnetworksexistingintheworldand
theymaybeusedinacyber-attackatanymoment.Removingmalwaresfrom
infectedhostswillmitigatethisthreatbyprovidingfreetoolsandassistanceif
theyarerequiredbyvictims.
Finally,animportantquestionthatmanyaskishow preparedare
weforcyber-warfare?
TThheeansweristhatwearefindingaverypromisingsituationthatneedslaws
andprioritiesforcybersecuritycooperationintheinternationalcommunity.
Manystakeholdersunderstandtheimportanceofprotectingcyber-spaceto
makeitcleanfrom malwaresandcybercriminals.
Reference:
(1)TheHoneynetProjecthttp://www.honeynet.org/
(2)Shadowserverhttp://www.shadowserver.org/wiki/
((33))CERT-CChttp://www.cert.org/
AboutAuthor:
MouradBenLakhouaisanInformationSecuritypractitioner.
Adminatwww.sectechno.com |info@sectechno.com
ScadaHacking ActivistsandTerroristsTurntoCyberspace By:AhmedSherif
ScadaHacking
ActivistsandTerroristsTurntoCyberspace
By:AhmedSherif

By:MohitKumar

Ofcourse,mostofushavewatchedtheLiveFreeordieHardMovies.They werewonderfulmovieswhichcombinedtechnologywithcyberwarandat-
Ofcourse,mostofushavewatchedtheLiveFreeordieHardMovies.They
werewonderfulmovieswhichcombinedtechnologywithcyberwarandat-
tacking. Forthosewhodidn'twatchthesemoviestheyweretalkingabout
hackingtheinfrastructuresystemsoftheUSsotheycouldcontrolallthesys-
tems.Maybemostofusthoughtaboutthisscenarioassciencefiction.We
didn'texpectthattechnologyhasbecomeanimportantpartofourlifeand
enoughtoexposeustothedanger!
Virus,Trojan&Worms WhWheennwehearaboutthoseterminologiesweknow thatthesekindsofmal-
Virus,Trojan&Worms
WhWheennwehearaboutthoseterminologiesweknow thatthesekindsofmal-
waresexistbutweneverexpectedthatmalwarescoulddestroytheinfrastruc-

tureofacountryorevenacity.Mostofusdon'thaveenoughknowledgeto expectthat,wejustknow thatmalwarescanbedetectedbyanti-virusesand wecanremovethem easily.Wedon'tknow therealharm itcancauseforus andforourcountries.ButwhatwouldyoudoifItoldyouthatmalwarescould disableasafetymonitoringsystem fornearlyfivehours?Anditcanexposea lotofpeopletodanger.WhatwouldyoudoifItoldyouthatthismalwarecan exploitanuclearplant? Wearetalkingareallifesituation,notaboutthe movie.Wehavetoknowhowtheycouldattackourworld.Andhowtheycan endourlifeinamoment.

Scada WhatisthemeaningofScada?ItreferstoSupervisorycontrolanddataacqui- sition.
Scada
WhatisthemeaningofScada?ItreferstoSupervisorycontrolanddataacqui-
sition.
ScadaarethesystemsusedtoDeliver/Monitor/Control: – ThepowerinyourHome/Plant/Office/country –Thewateryourdrink
ScadaarethesystemsusedtoDeliver/Monitor/Control:
– ThepowerinyourHome/Plant/Office/country
–Thewateryourdrink
–TrafficLightsinyourcity
– Trainswecommutewith
–Theenergysector whichrunseverythingelse!
In2000,inQueensland,Australia.VitekBodenreleasedmillionsoflitersof
In2000,inQueensland,Australia.VitekBodenreleasedmillionsoflitersof
UntreatedSewageintofreshwaterstreamsusingawirelesslaptop.
#In2003SQLSlammerWorm crashedtheOhioNuclearPlantnetwork.
#In2010StuxnetWorm infectedthousandsofcomputersmostoftheinfec-
tionwasinIranwitha60%totalinfection.
#In2011:DuquWorm wasdevelopedtostealinformationfrom PC’severy-
whereanduntilnowKasperskycompanycan'tdevelopadetectiontoolforit.
So,let'sstartwithsometechnicalpractice.IwillshowyouhowaScadasystem worksandhowitcanbeinfected.
So,let'sstartwithsometechnicalpractice.IwillshowyouhowaScadasystem
worksandhowitcanbeinfected.
Let'sstartwiththeKingiew6.53applicationasit'sasimulationofScadasys-
temswhichworkonwindowsOS. WewillusewindowsXP machineand
downloadKingiew6.53onitfromtheurlbelow:
htttp://download.kingview.com/software/kingview%20English%20Version/kingiew6.53_EN.rar
Thisprogram isvulnerablewithHMIHeapoverflowandcanbeexploited.
Thisprogram isvulnerablewithHMIHeapoverflowandcanbeexploited.
Here'stheexploiturl:http://www.exploit-db.com/exploits/15957/
Asyoucanseethisexploitiswrittenbypythonlanguage,youcanchangethe
shellcodewithyours.
TThheeexploitcommandwillbelikethepythonexploit.pyip777andthis
numberreferstotheportofkingiew6.53program.Afterapplyingthisexploit
,windowsXPOSwillbeinfectedandyouwillhaveameterpretersessionthen
youcancontrolalltheOSasneeded.
YoucanfindalotofexploitationofScadasystemsintheMetasploitproject.
IfyouusebacktrackdistributionyoucanfindScadaexploitationsinthispath.
(opt/metasploit3/msf3/modules/exploits/windows/scada)
ElectronicRocket(Stuxnet) TThhiissistheelectronicrocketwhichcouldendadreamofacountrytohavea
ElectronicRocket(Stuxnet)
TThhiissistheelectronicrocketwhichcouldendadreamofacountrytohavea
nuclearweapon.ExpertsintheNYTimessaid“thisrocketwasmadeinIsrael
andtestedintheirDimonareactorwithasimulationofIraniannuclearsys-
tems.” IttargetswindowsOSwhichcontainSiemensprograms.Thestory
startedwithaspywithaUSBhardand4zero-dayvulnerabilities,thenthe
wormstartedtoworkandspreadvianetworks.
DidStuxnetmakeasuccess?
Yes,itdidandcouldinfectthousandsofcomputersinIraniannuclearreac-
Yes,itdidandcouldinfectthousandsofcomputersinIraniannuclearreac-
tors(Natanz)anditcouldalsocontrolthetemperatureofthesystem.IfStux-
netwaswrittentomakeexploitationandincreasethetemperatureofthere-
actoritcoulddoit.AsyoucanseeinthepictureabovethepresidentofIran
appearedtoannouncehisresentmentagainstcyberweaponattacks.Hean-
nouncedthathewillsueSiemenscompanybecauseit'sinvolvedinthisattack
andmaybeitgaveIsraelsomeinformationabouttheirsystems.
Inthispictureaboveyoucanseethecostsofweapons.Israelwasverysuc- cessfulwithalowcost. WhatCanStuxnetdo?
Inthispictureaboveyoucanseethecostsofweapons.Israelwasverysuc-
cessfulwithalowcost.
WhatCanStuxnetdo?
–TargetsScadanetworks
– SiemensSimaticWinccspecifically

–usesrootkitstechnologytohideitself –classicwindowsrootkit –PLCrootkit –changestotheplccodearealsohidden –spreadsviaUSBSticksandnetworkshares

–uses4zero-dayvulnerabilities – maliciouspayloadsignedwithstolendigitalcertificates – RealtekandJmicron
–uses4zero-dayvulnerabilities
– maliciouspayloadsignedwithstolendigitalcertificates
– RealtekandJmicron
YYoouucanwatchanexplanationofSymanteccompanyandhowStuxnetinfects
PLCfrom theurlbelow:(http://www.youtube.com/watch?v=cf0jlzVCyOI)
References:
#http://goo.gl/TeKkU
#http://goo.gl/mZKvr
#http://goo.gl/SWjT2

TerroristsandExplosives

By:PaulF.Renda

InducingElectromagneticPulses(EMP)inDigital DevicesMayMakeExplosivesObsolete
InducingElectromagneticPulses(EMP)inDigital
DevicesMayMakeExplosivesObsolete
Today,computers(microprocessors)controlalmosteveryaspectofourlives.
Today,computers(microprocessors)controlalmosteveryaspectofourlives.
Inanymodernhospital,themonitoringofpatients’vitalsignsreliesoncom-
puterizedsystems.Today,manycommercialjetsareeitherflownbywireor
arecontrolledbyanonboardcomputerizedsystem.Oilrefineries,waterpol-
lutionplants,chemicalplants,andtheelectricgridarecontrolledbymicro-

processorsrunningSCADAsupervisorycontrolanddataactionsoftware. WhenIusetheterms“microprocessor/solidstate”and“computer,”Iam re ferringtodevicesthatareveryvulnerabletoelectromagneticpulse(EMP).

StarfishEMP
StarfishEMP
TheUnitedStateswasfirstintroducedtothepowerofanEMPbytheStarfish
TheUnitedStateswasfirstintroducedtothepowerofanEMPbytheStarfish
explosion.Starfishwasa1.4MegatonH-bomb,whichwasdetonatedatanal-
titudeofabout400km andadistanceofabout1,500milesfrom Hawaii.The
pulsepinnedtheneedlesofsomeinstrumentsandburntoutothertestgear.
Itmadeitselfknowntotheinhabitantsbydeactivatinganumberofstreet
lights.TelephonecallsfromotherHawaiianislandswereaffected.
Ithasbeentheorizedthatahydrogenbombblast400km awayfrom Omaha
Ithasbeentheorizedthatahydrogenbombblast400km awayfrom Omaha
wouldcreatedanEMPthatwoulddisabletheUnitedStates’electricgridand
othersolid-statedeviceshookeduptoit.Itwouldalsowreakhavocwithmi-
crowavetowersandsatellites,aswellasothermeansofcommunicationand
transportation.
In addition,EMPscan alsobeproduced bytheexplosion ofan armature
In addition,EMPscan alsobeproduced bytheexplosion ofan armature
chargedwithelectricity;thatis,achemicalexplosioninvolvingachargedcon-
ductor.
BothofthesemethodsrelyontheEMPtobetransmittedthroughfreespace.
BothofthesemethodsrelyontheEMPtobetransmittedthroughfreespace.
Pulsestravelingthroughfreespacelosetheirenergyatarateof1/rsquared.I
haveexperimentedwithinjectedEMPthroughcopperwiringandorother
communicationswiring.Ifitconductselectricity,itwillconductapulse.What
aboutthepowerstripsthatprotectelectronics?Mypulsereadilypasses
throughthem.Icanretunemygeneratortomaximizeitsdisablingpower.
AAnnootthheerroriginofEMPisthesun.Coronalmassdischargesandsolarstorms
haveplayedhavocwiththeelectricgrid.Ourlargeelectricaldistributionin-
frastructureactsasareceivingantenna,andcanalsoactastransmittingan-
tennaifoneweretoinjectanEMPintoit.
IhaveexperimentedwithMarxgenerators,havingusedthem toinducethese
IhaveexperimentedwithMarxgenerators,havingusedthem toinducethese
pulsesthroughcopperwiring,phonewiring,andanyothertypeofconductor.
Inthesecases,thepulsesdiedownasacomplexLCR circuit.Ihavegiven
demonstrationsofmyprototypesatDEFCON and HOPE;thesearetwo
above-groundhackerconferences.Mydeviceproducespulsesmanyordersof
magnitudesmalleranH-bomborachemicalarmature.
IInnsstteeaaddofonelargepulse,Icreatemanypulses.Thesummationofpulsescre-
atesdisturbancesinthedeviceundertest.Mypulsescancreatethreediffer-
enteffects:one,asight,likelinesonatelevisionwhenlightningstrikes—a
typeofeffectfuzzing.Thesecondisamorepowerfuleffect:thedevicewill
turnoff,reboot,orwillneedtobemanuallyreset.Thethirdeffectisthatthe
devicewillburnout.Thesesolid-statecomponentshaveamemory;oncea
deviceispulsed,itsworkinglifetimeiscutshort.
TheRussianFederationisalsoengaginginagreatdealofresearchintothis
TheRussianFederationisalsoengaginginagreatdealofresearchintothis
methodology.Ihavebeenfollowingtheirworkclosely,althoughthereader
shouldnotinferfrom thisthatIhackintoRussiansystemsindeed,myhard
drivesarenotonlyspicandspan,butIdrycleanthemdaily.
IInnthemovieDieHard4:LiveFreeorDieHard,thereistalkofafiresale,or
anattackagainstallgovernmentalinstallations,infrastructure,powerlines,
gaslines,andwaterlines.Thistypeofhackwouldbeextremelydifficulttoac-
complish.ItwouldrequiremalwarethatrunsonWindows,Linux,SunSo-

laris,andtheZ/OSoperatingsystem.Thereisnosinglevirusorworm that couldattackalltheseoperatingsystemssimultaneouslywiththesameeffect. Ofcourse,thereisacommonality;theseoperatingsystemsallrunonsolid state devices. The aforementioned film, interestingly, highlights the government’sdifficultyinrecruitinghackertalent.

Whatwouldatheoreticalattacklooklikeagainsta50-storeybuild- ing?
Whatwouldatheoreticalattacklooklikeagainsta50-storeybuild-
ing?
Theelevators,thelightingcontrol,thecentralfiresystemeverythingwouldgo
down.Buildingmanagementwouldbecomeunabletocommunicatewiththe
occupants.
Whataboutafly-by-wireplane? Theplaneistotallycontrolbymicroprocessorsrunningadifferentoperating system
Whataboutafly-by-wireplane?
Theplaneistotallycontrolbymicroprocessorsrunningadifferentoperating
system soastobevirus/worm resistant.Italsorunscommunicationbuses,
utilizingdifferentprotocols.Onecommonelementisthatmicroprocessors
runeverything.Airplanesareresistanttolightning/EMPsgeneratedexter-
nally,butarehighlysusceptibletoEMPinterferencegeneratedinthecabin.
Explosivescreatephysicalforensics;thatis,theremainsofthebomb,the
Explosivescreatephysicalforensics;thatis,theremainsofthebomb,the
chemical-typetimer,andthebombpackage.EMPcreatesnosuchforensics.
Anattackcanbelaunchedfromanyelectricoutlet.ThereisnoIPaddressthat
canbetraced;besides,anydevicethatisusedforsuchtracingwouldbedis-
abledbytheEMP.Thepulsegeneratorcanbedisguisedasanypieceofelec-
tronicequipment.

http://www.security-faqs.com/

By:LeeIves

MythOrReality?
MythOrReality?
Goodquestion!Andtheanswerreallywilldependuponwhoyoulistento.
Goodquestion!Andtheanswerreallywilldependuponwhoyoulistento.
Infact,itwillalsobeinfluencedbyhowyoudefinecyberwarfareinthefirst
place.
HastaLaVista,Baby
TToosomepeopletheterm meansrealbattlefieldfightingcontrolledbycom-
puters,somethingliketheman versusmachinebattlesofTheTerminator
franchise.TheT-101isalongwayoffofcoursebutcomputersareplayingan
increasingrolein militaryactions,from laserguidancesystemstoremote
dronesandmuchelsebesides.

GovernmentSpiesAndHackers Themorepopularunderstandingoftheterm CyberWarfare,andtheoneI’m goingtotalkabouttoday,surroundsthecultureofgovernmentcontrolled spiesandhackers.

Ifyoukeepaneyeonthenewsthenyouareprobablyawarethatthisisasub-
Ifyoukeepaneyeonthenewsthenyouareprobablyawarethatthisisasub-
jectthatisgarneringalargeamountofattentionthesedays.Butwhatexactly
isthethreatthatisposedandhowmuchofaproblem isitreally?

Interconnected Intheworldweliveinrightnow thetrendisformoreandmoreofoursys- temstobeconnectedtointernalnetworksandtheinternetitself.Thatdoesn’t justapplytoyouandIinourhomesbutalsotobanks,militaryinstallations andgovernments.Thisnewlevelofconnectivitybringshugebenefitsinterms ofproductivityandcollaborationbutitdoesopenupnewareasofrisktoo.

ofproductivityandcollaborationbutitdoesopenupnewareasofrisktoo. 22THN-Magazine|April2012 www.thehackernews.com|Issue10
CyberWarfareRisks TThheeriskspresentedbythistypeofcyberwarfarearemanyandvaried.Some
CyberWarfareRisks
TThheeriskspresentedbythistypeofcyberwarfarearemanyandvaried.Some
oftheobviousonescentrearoundhighvaluetargetssuchasnuclearpower
stations--i.e.StuxnetwhichallegedlytargetedIran’snuclearproductionfa-
cilitieswiththeintentionofdamagingtheiruranium enrichingcentrifuges--
butalsoother,‘non-military’targetssuchasthepowergridcouldalsobeput
atrisk.Possibly.
Othertargetswhichmaybeconsideredlessriskycouldalsobeofinterestto
Othertargetswhichmaybeconsideredlessriskycouldalsobeofinterestto
governmentsponsoredhackerstoothoughpersonalemailaccountsandcom-
puterscouldbehackedinthehopesofdiscoveringpasswordsandothersensi-
tiveinformationthatcouldopenupother,juicieropportunities.

How bigaproblem isthistypeofcyberwarfare? Thatisaverytrickyquestiontoansweractually.Afterall,ifyournationhad justbeenhackedandlostvaluableinformationwouldyousharethosedetails withtheworld?Ofcourseyouwouldn’t!

Ibelievetheonlyviableresponseistopatchthebreachinthehopethatit
Ibelievetheonlyviableresponseistopatchthebreachinthehopethatit
doesn’thappenagainandtokeepquietsoasnottoalertotherpotentialag-
gressorstothefactthatyournetworkscansoeasilybecompromised.
Infactthistypeofcyberwarfare,beithackingorspying,isveryhardtoreport
Infactthistypeofcyberwarfare,beithackingorspying,isveryhardtoreport
onatallbecauseitisverymuchacloakanddaggerindustry.Nonationwill
admittocarryingoutsuchactivitiesandveryfew arewillingtoreportfalling
victimtothemeither.
CyberWarfare–TheMyth
Sowhoisbehindtheseinternationalcyberattacksthen?
China?
TThhaattsstthheeeeaassyyaannsswweerriissnn’’ttiitt??
Oratleasttheonethatvariousgovernmentsandmediaoutletswouldlikeus
tobelieve,despitethelackofanyrealsupportingevidenceofanykind.
ButbeforeyougetallhotandbotheredaboutthePeople’sLiberationArmy
ButbeforeyougetallhotandbotheredaboutthePeople’sLiberationArmy
youshould,perhaps,stopandconsiderthefactthatChinahasbeenatarget
ofthistypeofactivitytoo.InarecentarticleTheRegisterhighlightedhow
overseascomputershadtakencontroloversome10,593Chinesewebsitesin
2011.
SoitisAmericathen?
Maybe,maybenot.
IInnthecaseaboveChinaactuallyattributedalargerportionoftheblameto
theirneighboursinJapanbutAmericadidreceiveamentionnonetheless.
Theproblem withthisblamegameofcourseisthefactthatthesehacksare
hardtotraceinthefirstplace.
Whenyouconsiderhowregularhackersareabletocovertheirtracks,asthey
causemayhem orstealmoneyacrossthenet,thenyoubetterbelievethatstate
sponsoredcyberwarriorswilldoexactlythesame,onlybetter.
WhWheenngovernmentfacilitiesarecontrolledbybotnetsorcrippledbyDDoSat-
tacks,identifyingtheperpetratorisgoingtobeanalmostimpossibletask.
CyberWarfare-TheReality
Ithinkthesimpletruthhereisthatthoseofuswhoareoutsideofgovernment
simplyhavenowayofknowinghowbigaproblem cyberwarfarereallyis.We
canguess,probablyquiterightly,thatitdoesindeedgoonrightnowandthat
itwilllikelybeabiggerissueinyearstocome.
Ialsothinkitfairtoassumethatourowngovernments,whicheveronesthey
Ialsothinkitfairtoassumethatourowngovernments,whicheveronesthey
maybe,havemorethanapassinginterestinacquiringothernation’ssecrets
--theyalwayshavedone--nonationisperfectandveryfewarelikelytobe
withoutblamewhenitcomestocyberwarfare.
Butinsteadofattributingblame,whichisveryhardtodoanyway,perhapswe
shouldjustconcentrateonhardeningourownsecurityandmitigatingthe
risksofanattacksucceedingagainstus?
WATCH YOUR BACK THEY AREWATCHING YOUR HACK
WATCH YOUR BACK
THEY AREWATCHING YOUR HACK

By:PattiGalle(ExecutiveEditorTHN)

HelloallofyouPrincesofPeace,KingsandQueensofFreedom,Warriorsof
HelloallofyouPrincesofPeace,KingsandQueensofFreedom,Warriorsof
WorldRevolution.Apparently,youhaveattractedmoreattentionthanwas
firstthoughtwarrantedbythosebeadyeyedFedsandgummylippedgovern-
mentofficials.Asyoucanseebythecontentofthismonth’smagazine,war
hasbeendeclaredinthecyberworld.
Ahhhh,Ilovethesoundofarevolution,thetappingofthosekeysonthekey-
Ahhhh,Ilovethesoundofarevolution,thetappingofthosekeysonthekey-
board.Iloveseeingtherevolution,darkroomswithjustacomputerscreen
lightingthewaythroughthetrenches.IlovereadingoftherevolutionasFa-
cebookandTwittermessagesrunwildthroughthecircuitsofcablesandsatel-
litebeams.
Clearly,ourtrueAnonsareholdinguptheirmiddlefingertoworldgovern-
Clearly,ourtrueAnonsareholdinguptheirmiddlefingertoworldgovern-
mentsandcrustycorruptcorporations.Which,inturn,hassenttheFBI,CIA,
Stratcom andblah,blah,blahchargingintokillyourcomputerscreensand
jamyourkeyboards.TakingAnonsofftojailandthreateningthemwithloss
oflimbandlife.
Ack….thewholethinggivesmeaheadache. WhWhoodothesepeoplethinkaregoingtostandupandprotectMotherEarth?
Ack….thewholethinggivesmeaheadache.
WhWhoodothesepeoplethinkaregoingtostandupandprotectMotherEarth?
Certainlynottheex-hippieswhostoodfirm,jointsinhand,fightingthecor-
ruptgovernmentandtheirwarmachinesinthe1960’s.Theyhaveallsince
fallenontotheireasychairs,theirjointsextinguished,their401K’sdimin-
ished,theirtaxesincreasing,andtheirMedicaredisappearing.
Certainlynotthepoorandthesociallyunacceptable.Howcantheyfighta
Certainlynotthepoorandthesociallyunacceptable.Howcantheyfighta
battlewhentheirhousesareforeclosed,theirjobsaregone,theireducations
worthless? Theyhaveonlyenoughemotionalstrengthtofaceanotherbleak
day.
WhWhoodoesthisleavetotakeupcyberarmsagainsttyrannyandin-
justiceand greed and corruption? Theanswerhasunfoldedincom-
puterscreensallaroundtheworld.
Thelegionsofyoungpeoplewhoawokefrom theirdreamsofgoodfortune
Thelegionsofyoungpeoplewhoawokefrom theirdreamsofgoodfortune
andhappinessandfoundtheirfuturesdarkandhopeless.Thechildrenof
technologythathaverealizedakeyboardisthemostpowerfulweaponinthe
world.That’swho.
BBuutttakeheedmycherubs,remembertheyingandyangoflife,thepolarop-
posites,theblackandwhite,thegoodversusevil.Youwillnotgofreelyinto
thegoodfight.Mostly,theywilluseyourownsoldierstofightagainstyou.
WhydoyouthinktheFBIhassentsomanysnitchesintothecybertrenches?
WhydoyouthinktheFBIhassentsomanysnitchesintothecybertrenches?
Theycertainlycouldnotfightthiswarthemselves;theyhavetoresorttoen-
ticingcomputerliterateandbrillianttechiemindstodotheirdirtydeeds.
But,nomatter.Foreverysnitchthereisacommitted,moralandMADyoung
personwhoknowsthatthereisnotruthbeingtold,noprotectionforthetax
payers,nosponsorshipoffortuneforthepeople.
WhichbringsmetoatrendonFacebookandTwitterthatconcernsmeabit.
WhichbringsmetoatrendonFacebookandTwitterthatconcernsmeabit.
Young,bright,eagerkidswantingtojointheranksoftheseasonedAnony-
mous.Theyfeelthesameinjustices,thesamerealizationoftheirdarkfu-
tures,thesameangertowardsthecorruptionoftheirgovernmentsbutthey
arerunningheadlongintoanightmare.Theirinexperienceandlackoftech-
nicalabilityiscausingarrestsallovertheworld.
Tothem Isay“slow andsteady”winstherace.Thoughtfulandmeticulous
Tothem Isay“slow andsteady”winstherace.Thoughtfulandmeticulous
processcompletesthedeed.Inordertomakerealchange,inorderforgov-
ernmentstoreallyhearthemessage,inorderforAnonymoustoreallydo
whatotherscouldnot,youmustknowyourweaponandknowyourenemy.
IalsohopethattheexperiencedAnonseesthetrendanddoeswhateverthey
cantohelpthenewrecruitbesuccessfulandmakeadifference.
REMEMBER:
REMEMBER:
YOUAREANONYMOUS YOUARELEGION YOUNEVERFORGET YOUNEVERFORGIVE EXPECTYOU……
YOUAREANONYMOUS
YOUARELEGION
YOUNEVERFORGET
YOUNEVERFORGIVE
EXPECTYOU……
Interviewon INTERNETSECURITY
Interviewon
INTERNETSECURITY
TheHackerNewsisproudofthefactthatmanynewspapersandmagazines
TheHackerNewsisproudofthefactthatmanynewspapersandmagazines
aroundtheworldaskforinterviewswithusaboutinternetsecurityandhack-
ingingeneral.Wewouldliketosharearecentinterviewwithyouasitgives
uschancetosendoutsomegreattechnicalinformationandkeepourreaders
uptodatewithopinionsandfactsinthecybersecurityworld.Wearegrateful
toeveryonewhowantstobeinformedandwehopeyouenjoyreadingour
latesteffortsateducatingtheworld.
Q :IN YOUR OPINION,WHAT HAS BEEN THE MOST SIGNIFI- CANT INTERNET SECURITY INCIDENT ON THE
Q :IN YOUR OPINION,WHAT HAS BEEN THE MOST SIGNIFI-
CANT INTERNET SECURITY INCIDENT ON THE INTERNET IN
THELAST2YEARS?
Inspiteoftheirsimilarities,itisimportanttonotethatnotallcyberattacks
Inspiteoftheirsimilarities,itisimportanttonotethatnotallcyberattacks
sharethesamecauseorthesameintention.Itisalsoessentialtonotethat
thereareasmanyvariedmotivesbehindthesecuritybreachesofinternetse-
curityastherearehackers.Becauseinformationisvalueddifferentlybyev-
eryone,itmakesitdifficulttounequivocallystateorsingleoutwhichinternet
securityincidentmightbecharacterizedas“themostsignificantsecurityinci-

dent”overthelasttwoyearperiodbecausecorporations,financialandinsur anceservices,educationalinstitutions,governments,and militaryinstitu-

tionsareresponsibleforcriticalinformationfrom financialtomedicaltosen-
tionsareresponsibleforcriticalinformationfrom financialtomedicaltosen-
sitivepersonalinformationtonationalsecurityandhypersensitiveclandes-
tinegovernmentoperations.Iwouldhavetosaytheyareallsignificantbe-
causesomeofthemostimportantinstitutionsintheworldsuchassuprana-
tionalinstitutionsliketheIMF,theUSSenate,aswellasmanymajorcorpora-
tionslikeNintendoSony,numeroussearchenginessites,andemailproviders
suchasGoogleandtheirGmailserviceandbanksandtheirdatabankswere renderedvulnerable.
suchasGoogleandtheirGmailserviceandbanksandtheirdatabankswere
renderedvulnerable.
GiventhatifIhadtochoosespecifics,inmyopinionandfrom amediaand economicpointofview
GiventhatifIhadtochoosespecifics,inmyopinionandfrom amediaand
economicpointofview thePlayStationNetworkoutagewasthemostsignifi-
cant.ItresultedfromanexternalintrusiononSony'sPlayStationNetwork
andQirocityservices,inwhichpersonaldetailsfrom approximately77mil-
lionaccountswerestolenandpreventedusersofPlayStation3andPlaySta-
tionPortableconsolesfromplayingonlinethroughtheservice.Theattack
forcedSonytoturnoffthePlayStationNetworkonApril20,2011.OnMay4,
2011,Sonyconfirmed thatindividualpiecesofpersonalinformation from eachofthe77million accountsappearedtohavebeen
2011,Sonyconfirmed thatindividualpiecesofpersonalinformation from
eachofthe77million accountsappearedtohavebeen stolen.Theoutage
lastedforapproximately23days.
From apoliticalormilitaryviewtheexploitofLockheedMartin’sVPN access
From apoliticalormilitaryviewtheexploitofLockheedMartin’sVPN access
system,whichallowedemployeestologinremotelybyusingtheirRSASecu-
rID hardwaretokenswasmostsignificant.Attackersapparentlypossessed
theseeds--factory-encodedrandom keys--usedbyatleastsomeofLockheed's
SecurID hardwarefobs,aswellasserialnumbersandtheunderlyingalgo-
rithmusedtosecurethedevices.
From atechnologicalpoint,CertificationAuthoritiessuchasComodo,Digi-
From atechnologicalpoint,CertificationAuthoritiessuchasComodo,Digi-
notar&Co.HackersbrokeintoawebsecurityfirmintheNetherlandsand
issuedhundredsofbogussecuritycertificatesthatcouldbeusedonwebsites
includingtheCIA andIsrael'sMossad,aswellasinternetgiantssuchas
Google,MicrosoftandTwitter.Morethan500 fakecertificates,including
somewhichcouldbeusedtosendfakeWindowsupdatestocomputers,and
otherswhichcouldbeusedwhenconnectingtotheCIA'ssite,werefraudu-
lentlyissuedinthehack. Q :IN WHAT WAYS HAS SUPRANATIONAL LEGISLATION AF- FECTED INTERNET USERS AND HACKERS? DO
lentlyissuedinthehack.
Q :IN WHAT WAYS HAS SUPRANATIONAL LEGISLATION AF-
FECTED INTERNET USERS AND HACKERS? DO YOU AGREE
WITH THESUGGESTION THATLEGISLATION SUCH ASSOPAIS
AN ATTEMPT TO LIMIT FREEDOM OFINFORMATION?
AssoonastheInternetstartedtobecomeacommercialforcetherehasbeen
AssoonastheInternetstartedtobecomeacommercialforcetherehasbeen
aclarioncallforasupranationalsolutionforlegalenforcement.International
lawenforcementhasfoundthegrowthofInternettechnologyhasthecapabil-
ityoftranscendingallbordersandmakesitsocybercrimesknow nogeo-
graphicboundaries.Theyhavelearned thatcomputersecuritythreatsare
regularlyglobalinnaturewithoutgeographicboundaries.
Theyhavelearned thatcomputersecuritythreatsareregularlyglobalin
Theyhavelearned thatcomputersecuritythreatsareregularlyglobalin
naturewithoutgeographicboundaries.Therehasbeenasteadyandincreased
involvementofnumeroushighprofileinternationalgroupsthatareworking
tounderstandandpolicetheborderlesscharacteristicsofcyberspaceand
cybercrime.AmongthemostactivehavebeentheUnitedNations,TheEuro-
peanUnion,TheUnitedStatesCongress,TheCouncilofEuropeandtheOr-
ganizationforEconomicCooperationandDevelopment.Withsuchpowerful
organizationaddressinghackingandcybercrimeitwouldbenaïvetothink
organizationaddressinghackingandcybercrimeitwouldbenaïvetothink
thattheyarenothavingandwillnotanenormouseffectonhackersandev-
erydayinternetusers.Inegalitariansocieties,themethodsofpolicingofits
citizenshasalwayshadtowalkafineline;ofattemptingtoprovidesecurity
whileatthesametimeattemptingtomaintainlibertyfortheircitizens.For
example;theinternationalreactiontoTheStopOnlinePiracyAct(SOPA)a
UnitedStatesbillintroducedtoexpandtheabilityofU.S.lawenforcementto
fightonlinetraffickingincopyrightedintellectualpropertyandcounterfeit goodsspeaksforitself.On
fightonlinetraffickingincopyrightedintellectualpropertyandcounterfeit
goodsspeaksforitself.On January18,2012,Wikipediaandan estimated
7,000othersmallerwebsitescoordinatedaserviceblackout,toraiseaware-
nessofSOPA.OtherprotestsagainstSOPAandPIPAincludedpetition
drives,withGooglestatingitcollectedover7millionsignatures,boycottsof
companiesthatsupportthelegislation,andarallyheldinNew YorkCity.So
fartheInternethascontinuedtothrivedespitetheloudandpersistentcalls
foraglobalinternationallegalstructure. Thepublic’sreactiontoSOPAspeaksforitself.Thereisatremendousmis-
foraglobalinternationallegalstructure.
Thepublic’sreactiontoSOPAspeaksforitself.Thereisatremendousmis-
trustwhenitcomestogovernmentcensoringorcovetinginformation.
Q :WOULD YOU AGREE OR DISAGREE WITH THE SUGGESTION THATTHE INTERESTSOFPRIVATE COMPANIESARE NOW SET- TING
Q :WOULD YOU AGREE OR DISAGREE WITH THE SUGGESTION
THATTHE INTERESTSOFPRIVATE COMPANIESARE NOW SET-
TING THE AGENDA FOR NATIONAL AND SUPRANATIONAL
GOVERNMENTAL LEGISLATION?
WhentheInternetwasfirstcreated,thetheoretical“FirstAmendmentofthe
WhentheInternetwasfirstcreated,thetheoretical“FirstAmendmentofthe
Internet”,wasthattheInternetremainsaneutralandopenplatform forall
users.Theoverridingprincipalwasthat“netneutrality”wouldalwaysensure
thatInternetproviderscan’tinterferewithanyinternetuser’scapabilityto
accessanyandallcontentontheInternet,nomatterthecontentorsource.It
isanundeniablefactthattheInternethasbecomethekeygatewaytogain
accessto,andthedistributionofinformationworldwide.

30THN-Magazine|April2012

www.thehackernews.com|Issue10

TheInternetinallprobabilitynowplaysthemostimportantpartinactivating
TheInternetinallprobabilitynowplaysthemostimportantpartinactivating
andmobilizingawiderangeofpeopleacrossandwithinborders.Sadly,itis
therealitythatmoneyinfluenceslawmakersineverycountryandespecially
intheUnitedStates.Forexamplethetelephoneandcablecompanieshavein-
undatedWashingtonDCwithmillionsofdollarsandhundredsoflobbyiststo
buysupportinCongressandputpressureontheFCC.Privatecitizens,public
interestgroupsandascantnumberofDClawmakershavetriedtofightback.
BBuuttweallmustfightbacktomakesuretherulesandlegislationbeingpro-
poseddemandsoftheselawsbetteroversightandconsumerprotectionsand
makesurethattheprivatecorporationswillneverbeabletoenhancetheir
bottom linesonthebacksoftheircustomers.
Additionally,governmentsworldwidedonotneedprivatecompanieshack-
Additionally,governmentsworldwidedonotneedprivatecompanieshack-
ingwoestodrivetheirconcernsforinternationalsafety.Lookingatafewex-
amplesofwhathashappenedwillshow thatgovernmentleadersarewell
awareofthesecuritythreatsandareworkinghardonformingsomesortof
legislationtodealwithit.
#In2000inQueensland,Australia.VitekBodenreleasedmillionsoflitersof
#In2000inQueensland,Australia.VitekBodenreleasedmillionsoflitersof
UntreatedSewageintofreshwaterstreamsusingawirelesslaptop.
#In2003SQLSlammerWorm crashedtheOhioNuclearPlantnetwork.
#In2010theStuxnetWorm infectedthousandsofcomputers,mostofthein-
fectionwasinIranwitha60%totalinfection.
#In2011theDuquWorm wasdevelopedtostealinformationfrom PC’sev-
#In2011theDuquWorm wasdevelopedtostealinformationfrom PC’sev-
erywhereanduntilnowtheKasperskycompanycan'tdevelopadetectiontool
forit.
Q :IN JUNE 2011,AN INVESTIGATION INTO HACKING BY THE GUARDIAN ESTIMATED THAT ‘ONE IN FOUR
Q :IN JUNE 2011,AN INVESTIGATION INTO HACKING BY THE
GUARDIAN ESTIMATED THAT ‘ONE IN FOUR HACKERS’WAS
AN FBIINFORMANT. IN YOUR OPINION,HOW ACCURATE IS
THISSTATISTIC?
SSoorrrryytosay,Ihavecometobelievethattheinsidersinthecomputerhacker
communityhavecorrectlyestimatedthatroughly25% ofitsmembersare
presentlyworkingasinformantsfortheFBIandnumerousotherUSgovern-
mentagencies.
Yourowninvestigativereportin2011statedhow thatlargenumbersofgov-
Yourowninvestigativereportin2011statedhow thatlargenumbersofgov-
ernmentoperativeshaveincreasedtheunparalleled“paranoiaanddistrust”
insidetheUShackerpopulationatthepresenttime.
Thisincreaseingovernmentinformantsappearstohavecomeintofruition
notbytheFBItrainingtheirofficersinhackingproficiency,butbyutilizing
thedirethreatofprotractedprisonsentencesasameansofcompellingincar-
ceratedhackerstoflipandbecomegovernmentinformants.
Certainly,thisFBImodusoperandiislargelyresponsibleforthecreationof
Certainly,thisFBImodusoperandiislargelyresponsibleforthecreationof
“legionofinformants”deeplyentrenchedinsidethehackingpopulaceinthe
US.
SSttiillll,,malwaresexistthatcandestroytheinfrastructureofacityorawhole
country.Thepotentialharmtheycancauseforusandforourcountriesisso
potentthatitisobvioustheFBIandothersecurityagenciesareinfiltrating
hackernetworks.
Wearetalkingareallifesituations,thatcouldharm andevencauselossoflife
ifamajorcyberattackweretooccur.TakingStuxnetasanexampleandlook-
ingatwhatitcandoisafrighteningeducation.Hereiswhatitcando.
– TargetsScadanetworks – SiemensSimaticWinccspecifically – usesrootkitstechnologytohideitself –
TargetsScadanetworks
SiemensSimaticWinccspecifically
usesrootkitstechnologytohideitself
classicwindowsrootkit
PLCrootkit
changestotheplccodearealsohidden
spreadsviaUSBSticksandnetworkshares
––
uusseess44zzeerroo--ddaayyvvuullnneerraabbiilliittiieess
maliciouspayloadsignedwithstolendigitalcertificates
RealtekandJmicron
Wehavetoknow how theycouldattackourworldandhow wecancombat
suchanattack.
TThheeissueishowmuchpiracyisnecessaryandofwhatnatureisreallyneeded
towardoffsuchanattack.
Q :DOESTHE ARREST OF LULZSEC MEMBER HECTOR XAVIER MONSEGUR REPRESENT A PRECEDENT IN THE USE
Q :DOESTHE ARREST OF LULZSEC MEMBER HECTOR XAVIER
MONSEGUR REPRESENT A PRECEDENT IN THE USE OF
“DIVIDE AND CONQUER” TACTICS USED BY AUTHORITIES
WHEN DEALING WITH HACKING GROUPS?
IIdonotnecessarilyfeelthisisa“precedent”becauseyouneedonlylookat
history.Theactofarrestingthenusingthreatorrewardtoproduceadouble
agentisnotnew butitistimehonoredandeffectivetechnique.Monseguris
notthefirstnorwillhebethelast.
OOnneeofmostrecentandwellknownexamplesisAdrianLamo,aconvicted
hackerwhoturnedinformantin theBradleyManningcase.Now withthe
arrestofLulzsecmemberHectorXavierMonsegur,theFBIissendingaloud
andclearmessagetothehackingcommunitythatthisisnotagameanddoes
comewithagraveandconstantrisktoyourfreedom.I’m certaintheHackers
oftheworldhavetakennotice.
IInnarecenteditorialregardingthissubjectTheHackerNewstookthestand
that:
““SABU MAYJOIN THERANKSOFPEOPLELIKE,JOHN WALKER,IGOR
GOUZENKO,OLEG GORDIEVSKY,ADMA YAHIYE GADAHN,ALDRICH
AMES,TOKYO ROSE,AARON BURR,ROBERT HANSSEN,AND THE
MOSTFAMOUSOFALL,BENEDICTARNOLD.BUT,HASSABU ORANY
OFTHOSEPEOPLETRULYSUPRESSEDTHERIGHTOFTHEPEOPLETO
KNOWTHETRUTH?
OONNEEMUSTASKTHEM SELFWHYLULZSEC,ANONYMOUS,WIKILEAKS,
ETC.EXIST? WHAT HAS DRIVEN MILLIONS OF YOUNG PEOPLE
BEHINDTHEMASKANDINTOCYBERSPACETOPLACESELF,FAMILY
ANDHOMEON THEFRONTLINEOFATTACKBYTHEFBIANDOTHER
INFAMOUSLAW ENFORCEMENTAGENCIES?THEANSWER ISQUITE
CLEAR.THE TRUTH.IF THE FBI,GOVERNMENT,MULTI-BILLION
DOLLARCORPORATIONS,BANKSANDOTHERFINANCIALINSTITU-
TTIIOONNSSWERE TELLING USTHE TRUTH,WELL,WHO WOULD NEED
THEM?”
Q :IN WHAT WAYS HAVE GOVERNMENTS ADAPTED TO USE HACKING FOR THEIR OWN AGENDA? IS
Q :IN WHAT WAYS HAVE GOVERNMENTS ADAPTED TO USE
HACKING FOR THEIR OWN AGENDA? IS STUXNET AN ISO-
LATED CASE FOR EUROPE AND NORTH AMERICA?
Withthemoderndayadventofcomputertechnology;theworldfindsitself enmeshedinthenew frontierof“Cyberspace”andthishasnow
Withthemoderndayadventofcomputertechnology;theworldfindsitself
enmeshedinthenew frontierof“Cyberspace”andthishasnow placedthe
worldsquarelyatahistoricalturningpoint.Thetypeofforcetheworldhad
alwaysunderstoodasstandardactsofterrorismarenowbeingsupplantedby
cyber-espionage,hacktivism,sizeablecyberstrikes,andtheuseofnumerous
cyberweaponsagainstcrucialinfrastructure.Cyberwarfare,Cyberspyingand
Cyberterrorism consistofanyandallformsofassertiveormalevolentactions
ttaakkeenninoppositiontoagovernmentagency,corporation,oraprivatecitizen
whichtranspiresin“cyberspace”tocarryouttheiractions.Forthecyberwar-
rior,cyberterroristorcyberspytoattainaccesstotargetedcomputersystems
theyhavegottoutilizevandalism,espionage,andsabotage.Itisimportantto
notethattheUnitedStatesPentagonhasformallyrecognizedcyberspaceasa
new domaininwarfareandthoroughlyfeelscyberspacehasbecomejustas
criticaltoUnitedStatesmilitaryoperationsasisland,sea,air,orspace.Many
countriesfeelthesameandasChinahasshowedus,areemployingthisnew frontiertogaindominance.
countriesfeelthesameandasChinahasshowedus,areemployingthisnew
frontiertogaindominance.
Stuxnetisnotanisolatedcaseforanynation.Stuxnetisawindowtothe
futureofcyberspaceandcyberwarfare.
Q :IN WHAT WAYSHASHACKING AND CONVERSELY BECOME MORE SOPHISTICATED?
Q :IN WHAT WAYSHASHACKING AND CONVERSELY BECOME
MORE SOPHISTICATED?
HHaacckkeerrsshaveadvancedfromyourtraditionaltechniqueslikephishingtosoft-
warethatcanstealpasswordscalled“rootkits”tomaneuveringsearch-engine
rankingstohaveusersconnecttoaninfectedwebpagecalled“SEOpoison-
ing”.Allthesetechniquesallowhackerstoobtaininformation.In2012,hack-

erswillbeusingnew modesandcombiningdifferentvarietiesofmalwareto createmulti-levelattacks.Hackersareconstantlycomingupwithnewwaysto accesscomputersusingworms,viruses,spyware,scareware,ransom ware, andnumerousotherauxiliarytypesofmalware.Hackingisshiftingfrom ex- ploitationtodisruptiveattackstodestructiveattacks.

ex- ploitationtodisruptiveattackstodestructiveattacks. 34THN-Magazine|April2012 www.thehackernews.com|Issue10
ConverselyalmostallWesterngovernmentsandcorporaterunmediamedi- umshavenotwasted anytimein identifying
ConverselyalmostallWesterngovernmentsandcorporaterunmediamedi-
umshavenotwasted anytimein identifying Cyberwarfareas"TheFifth
DomainofModernWarfare”.
Mostofushavewatchedthe“LiveFree”or“DieHardMovies.” Theywere
Mostofushavewatchedthe“LiveFree”or“DieHardMovies.” Theywere
wonderfulmovieswhichcombinedtechnologywithcyberwarandattacking.
Forthosewhodidn'twatchthesemoviestheyweretalkingabouthackingthe
infrastructuresystemsoftheUSsotheycouldcontrolallthesystems.Most
ofusthoughtaboutthisscenarioassciencefiction.
WeWedidn'texpectthattechnologyhasbecomeanimportantpartofourlifeand
enoughtoexposeustothedangerofbeingdevastatedbyacyberattack.
TodaywehavesomethingcalledScada.ScadareferstoSupervisorycontrol
anddataacquisition.
ScadaarethesystemsusedtoDeliver/Monitor/Control:
ThepowerinyourHome/Plant/Office/country
––
TThheewwaatteerryyoouurrddrriinnkk
TrafficLightsinyourcity
Trainswecommutewith
Theenergysector whichrunseverythingelse!
YYoouucanfindalotofexploitationofScadasystemsintheMetasploitproject.
TheMetasploitProjectisanopen-source,computersecurityprojectwhich
providesinformationaboutsecurityvulnerabilitiesandaidsinpenetration
testingandIDSsignaturedevelopment.Itsmostwell-knownsub-projectis
theMetasploitFramework,atoolfordevelopingandexecutingexploitcode
againstaremotetargetmachine.
WhWhaattisobviousisthatourinfrastructureisatriskasitiseasytoexploitour
basicneedsinfrastructure,therefore,makingcity,states,countries,incapaci-
tated.
Q :IS THERE AN IDENTIFICABLE TRAJECTORY WITHIN ITS PROGRESSION THAT MAY HINT AT FUTURE TRENDS
Q :IS THERE AN IDENTIFICABLE TRAJECTORY WITHIN ITS
PROGRESSION THAT MAY HINT AT FUTURE TRENDS AND/OR
METHODS?
CCyybbeerr--tteerrrroorriissmmisincreasinginfrequencyandisadroitenoughtogenerate
seriousdamages.The“Cyberwarfare”nowtakingplaceisillustrativeofanew
modeofterrorism,atthesametimecontinuingtoresemblemanystandard
militaryandbattleprocedures.Itiscertainlynotsurprisingtolearnthata
wholehighlyfundedindustryspecializingin new formsofcounterintelli-
gencehasbeenbirthedbecauseof“Cyberwarefare”,consistsprimarilyofpri-
vateandmilitary-basedfirmsandorganizations.WorldwidealmostallWest
erngovernmentsandtheircorporaterunmediahavewastedlittletimein
erngovernmentsandtheircorporaterunmediahavewastedlittletimein
identifyingCyberwarfareas"TheFifthDomainofModernWarfare”.
TheUnitedStatesDefenseSecretaryLeonPanettastatedataJuly2011news
TheUnitedStatesDefenseSecretaryLeonPanettastatedataJuly2011news
conferencethatthePentagonconsideredthecommercialInternettobe“an-
other operationaltheater ofwar” and thatU.S.Strategic Command
(StratCom)andCyberCommandmustbepreparedtotakeonamorecon-
frontationalrolein combating cyberassaults.Thisnewsconferencewas
calledbytheDefenseDepartmentaftertwoconsecutivesmonthsofassaults
ongovernmentdatabasesthatgrew intoheated“Cyberwarfare”withseveral
anonymousgroupsofonlinehackers.Therewasnoabundanceoffeartactics
anonymousgroupsofonlinehackers.Therewasnoabundanceoffeartactics
usedattheJulynewsconferencefeaturingPanetta;withtheDepartmentof
Defenserevealingtothepublicthatan“unknownforeignagency”hadcol-
lectedmorethan20,000documentsinacyber-assaultonaU.S.militarycon-
tractorinthespring.
AtitsannualworkshopinJune2011,TheGlobalNetworkAgainstWeapons
AtitsannualworkshopinJune2011,TheGlobalNetworkAgainstWeapons
andNuclearPowerinSpacedevoteditsconferenceentirelyto“Cyberwar-
fare”.Theconclusionthatwasreachedbythoseattheconferencein2011was
thatitsimplydidn’tmatteriftheimpetusoraim wasaninsurgentassault
against‘BigBrother,foreconomicenrichment,foreign governmentespio-
nage,orfornefariouspurposessuch asmaliciousmischief,unfortunately
thesehackerattacksconsistentlyendedupservingtheinterestofgroupslike
CyberCommandandtheNSA.Everysingleoneofthesenewbreaches,no
CyberCommandandtheNSA.Everysingleoneofthesenewbreaches,no
matterthemotives,createdastrongerrationaleforgovernmentwagingoffen-
siveformsof“Cyberwarfare”topre-emptivelydefendnationalsecurity.
Regrettably,eachnewattackappearstohavecreatedastrongercaseforeven greatergovernmentencroachmenton
Regrettably,eachnewattackappearstohavecreatedastrongercaseforeven
greatergovernmentencroachmenton ourcivilliberties.Itisimportantto
notethatTheU.S.StrategicCommandnowservesasthecommandcenterfor
conducting“Cyberwarefare”,aunique21st-centurybrandofwar.Andvirtu-
allyeverytechniqueof‘near-war’assaultsincluding“Cyberwarfare”isman-
agedfrom U.S.StrategicCommand(StratCom)headquartersinOmaha,Ne-
braska.
CyberWarfareisthefuturethreatanddevelopmentincyberspace.Educat- ingpeopleonthisissueisofimmediateimportancetohelpthem
CyberWarfareisthefuturethreatanddevelopmentincyberspace.Educat-
ingpeopleonthisissueisofimmediateimportancetohelpthem gainwaysto
protectthemselvesagainsttheinevitable“doomsday”virus.
Q :IS THERE AN IDENTIFIABLE TRAJECTORY IN THE WAY IN
WHICH GOVERNMENTS ARE PROSECUTING HACKERS THA
MAY HINT AT FUTURE METHODS?
WhWheetthheerrhackingisdoneforpoliticalreasons,forthefunofit,orforillegalfi-
WhWheetthheerrhackingisdoneforpoliticalreasons,forthefunofit,orforillegalfi-
nancialgain,theUnitedStatesgovernmentviewshackingasathreatjustify-
ingvigorousprosecutionofanyandallpersonsengagedinthistypeofactiv-
ity.TheUSalsofeelthattheyareexperiencingacriticalshortageofofITsecu-
rityskillsandpersonnelandareworkingdiligentlyonrecruitmentandin-
ducementprogramstobuildandholdontothe"bestofthebestofcyberde-
fenders,"Ascyberwaractsbecomemorecommonplaceandwhencitizens
areharmedIbelieveyouwillseeanincreaseinprosecutionandpunishment ofhackersingeneral.Withnoholdsbarred.
areharmedIbelieveyouwillseeanincreaseinprosecutionandpunishment
ofhackersingeneral.Withnoholdsbarred.
In the United States,there is the United States Strategic Command
In the United States,there is the United States Strategic Command
(USSTRATCOM)whichisoneofnineUnifiedCombatantCommandsofthe
UnitedStatesDepartmentofDefense(DoD).Itischargedwithspaceopera-
tions(suchasmilitarysatellites),informationoperations(suchasinforma-
tionwarfare),missiledefense,globalcommandandcontrol,intelligence,sur-
veillance,andreconnaissance(C4ISR),globalstrikeandstrategicdeterrence
(theUnitedStatesnucleararsenal),andcombatingweaponsofmassdestruc
tion. StrategicCommandwasestablishedin1992asasuccessortoStrategicAir
tion.
StrategicCommandwasestablishedin1992asasuccessortoStrategicAir
Command(SAC).InOctober2002,itmergedwiththeUnitedStatesSpace
Command.(USSPACECOM).
StrategicCommandisintendedtogivethePresidentandtheSecretaryofDe-
StrategicCommandisintendedtogivethePresidentandtheSecretaryofDe-
fenseaunifiedresourceforgreaterunderstandingofspecificthreatsaround
theworldandthemeanstorespondtothosethreatsasquicklyaspossible.
Q :IS THERE SUCH A THING AS FREEDOM OF SPEECH WITH-
OUTLIMITS?
THERE SUCH A THING AS FREEDOM OF SPEECH WITH- OUTLIMITS? Freedom

Freedom ofspeechisthepoliticalrighttocommunicateone'sideasbymeans ofspeech.Freedom ofspeechisgenerallyacknowledgedasabasichuman rightandIstrongbelieveshouldbeavailabletoeveryone.Istheresucha thingasfreedom ofspeechwithoutlimits?TheFreedom Forum Organiza- tion,legalsystems,andsocietyatlarge,recognizelimitsonthefreedom of speech,particularlywhenfreedomofspeechconflictswithothervaluesor rights.Incivilizedsocietiesthisideahasbeenchallengedmanytimesover wwhhiicchh provesthatherearenosimplerulesfordeterminingwhen speech shouldbelimited.Ifweareatlibertytospeakoutfreelythenwemustbe readytoacceptthatotherswillexpressideasverydifferentfromourown. Thismaypossiblyincludeideasthatoffendandperhapsevenharm us.Hate speechassailsothersbaseduponsuchdifferencesasrace,religionorgender. Countlessnationsandorganizationsplacelimitsonfreedom ofexpression. Theserestrictionsaregovernment’swayofcontrollingtheirpeople.Youonly

hhaavveetoseehow authoritativeregimesrestrictvotingrights,censorspeech
hhaavveetoseehow authoritativeregimesrestrictvotingrights,censorspeech
andevencertainformsofartandgoasfarastobancertainreligiousandpo-
liticalgroups.Thesearejustafew ofthetechniquesgovernmentsusetocon-
trolpublicopposition.Thenontheotherhand,attimesthepowersthatbeset
policiesandrestrictionsforgoodreasonslikesafety.Iwouldthinkitismore
importanttounderstandwhytherulesexistthanjustautomaticallyobeying
them.
them. 38THN-Magazine|April2012 www.thehackernews.com|Issue10
Justice TheAmericanWay
Justice
TheAmericanWay
PattiGalle ExecutiveEditor, TheHackerNews
PattiGalle
ExecutiveEditor,
TheHackerNews
HectorXavierMonsegur,akaSabu,leaderoftheAnonymousaffiliatedhack- inggroupLulzSec,wasarrestedbyFBIagentsinhisNew
HectorXavierMonsegur,akaSabu,leaderoftheAnonymousaffiliatedhack-
inggroupLulzSec,wasarrestedbyFBIagentsinhisNew Yorkapartmenton
Monday,June7,2011,at10:15pm.HectorXavierMonsegur,aunemployed
28yearoldPuertoRicanlivinginNewYorkquietlypleadedguiltytoseveral
countsofhackingandidentitytheftcrimesonAugust15,2011.Monsegur,
whowasfacedwithamaximum of124yearsinprisononallthecharges,soon
becameacooperatingwitnesswithFBIinvestigators;workingundercoverfor
tthheeFFBBIIffoorruuppttoossiixxmomonntthhssbbeeffoorreehhiisssseenntteenncciinngg
TheLulzSecgroupleadbyHectorXavierMonsegur,akaSabuhadtakenaim
TheLulzSecgroupleadbyHectorXavierMonsegur,akaSabuhadtakenaim
atanumberofvaryinggroupsandorganizations.AttimestheLulzSecgroup
attacksappearedtobeforideologicalreasonsbutmostoftenitwasjustfor
the“Lulz.”AsthearrestsofLulzSecmemberscontinuegloballythemessage
of“YouCanRunbutYouCannotHide”isthestrongmessagebeingsentto
thoseinthehacktivistscommunity.
TThheearrestlastweekofthefivemoreLulzSecmembersplacestheFBIand

othersupranationalorganizationsjustonemorestepclosertotheirgoalof

shuttingdownhacktivistsgroupslikehighprofileAnonymousandentrap-

pingamoreprominentcyberrenegade,JulianAssange,founderofWikileaks.

Atpresenttime,theUnitedStatesgovernmentdefinitelyneedsAssangeto
Atpresenttime,theUnitedStatesgovernmentdefinitelyneedsAssangeto
testifyagainstBradleyManning,aformerUSsoldier,chargedwithespionage
andaidingtheenemy.ItappearsthatWikileaksfounderJulianAssangecould
facethesamechargesleviedagainstManningshouldheeverhavetofacethe
Americanjusticesystem.Itwasonlylastyearthatitwaswidelyreportedin
themediathattheUnitedStatesgovernmentwouldprobablynotbeableto
chargeJulianAssangewithespionagebecausenodirectlinkshavesurfaced
bbeettwweeeenn Assangeand hissupposed informant,BradleyManning.ButUS
prosecutorscontinuetobeadamantthattheycanproveManning'sconnec-
tiontoAssangeandWikiLeaks,butthusfaranyevidencetheypossessseems
tobederivedstrictlyfrominference.
CoulditbepossiblethattherecentleakoftheStratfor(theprivateintelli- gencecompanydubbed the“shadow CIA”)e-mailsgiven
CoulditbepossiblethattherecentleakoftheStratfor(theprivateintelli-
gencecompanydubbed the“shadow CIA”)e-mailsgiven toWikileaksby
Anonymouswerenothingmorethananelaborateschemetoentrapandbuild
astrongercaseagainstWikileaksfounderJulianAssange?TheWikiLeaksor-
ganizationdidnotreleaseanyspecificinformationonhow theycameinto
possessionoftheStratforemails.Ontheotherhand,StratforadmittedinDe-
cember2011thatitsdataservershadbeencompromisedbyAnonymous.
Consequently,iftherecentStratforemail"leak"controversyistheUSgovern-
Consequently,iftherecentStratforemail"leak"controversyistheUSgovern-
mentssubversiveattempttodragJulianAssangeandotherWikiLeaks.org
peopleintothecreditcardfraudandcomputerintrusioncriminalcaseswhich
arecurrentlyinmotionregardingStratforandotherAnonymous/Lulzsectar-
gets,then itwould seemsobviousthatthoserecruited,within hacktivists
groups,toaideandabetthegovernmentasmolesshouldbewaryconcerning
whotheyaretrusting.
WhWhaattIthinkishumorousabouttheissueoftheFBIusingStratfortoincrimi-
WhWhaattIthinkishumorousabouttheissueoftheFBIusingStratfortoincrimi-
nateJulianAssangeistheircompletelackofanyconcernforStratforandthe
consequencesofWikileaksexposingemails,snatchedbyhackers,thatcould
unmasksensitivesourcesandthrowlightonthemurkyworldofintelligence-
gatheringbythecompany,whichcountsFortune500companiesamongits
subscribers.Stratfor,inastatementshortlyaftersaidthereleaseofitsstolen
emailswasanattempttosilenceandintimidateit.
Butwait!IthoughtStratfor,somewhatakintoaprivatizedCIA,wasselling
Butwait!IthoughtStratfor,somewhatakintoaprivatizedCIA,wasselling
itsanalysesofglobalpoliticstomajorcorporationsandgovernmentagencies
andifso,whydidn’ttheFBIcarethatalltheirtomfoolerywouldbeexposed?
TToomakethewholethingmorebizarreWikileaksclaimstohaveproofofthe
firm'sconfidentiallinkstolargecorporations,suchasBhopal'sDowChemical
CoandLockheedMartinandgovernmentagencies,includingtheUSDepart-
mentofHomelandSecurity,theUSMarinesandtheUSDefenseIntelligence
Agency.
It’satakedowndonewithtotalimpunityandinmyopiniondisgrace.Ifyou
It’satakedowndonewithtotalimpunityandinmyopiniondisgrace.Ifyou
can’tprotectyourownsourcesbecauseyouhavesuchahardontotakesome
onedownduetowhatIthinkisbasicallytheirpride…….thenwell,theymove
tothebottomofthebarrel.
IIthinkthewholedirtymessisobviousandwhatwecanexpectfrom govern-
mentagenciesthatcan’tfightwithdecency.Theyseem tolovetousepeople
involvedinthemovement,ontheproandconsidetotheirbenefit. Their
knackofluringAnonhackersontotheirpayrollandnowleakinginformation
thatstripsthem ofanysignofdemocracyismystifying.

NewsoftheMonth

# CustomerCreditReportsalongwith Rhinohornsand Ivoryfor ResaleinBlackmarket:http://goo.gl/dGCPy #
# CustomerCreditReportsalongwith Rhinohornsand Ivoryfor
ResaleinBlackmarket:http://goo.gl/dGCPy
# MicrosoftusestheirhookhandandpeglegandcensorsThe
PirateBaylinksonWindowsLiveMessenger:http://goo.gl/W7vSp
# A Russian ZeusattackerSentencedfrom Million DollarFraud:
http://goo.gl/xocTy
##Chinesehackerdidn'treadhisfortunecookieandgotarrested
forleaking6million loginsfrom CSDN :http://goo.gl/Fgl7h
#Facebookprofilescanbe hijackedbyChromeextensionsmal-
ware.Whocares? :http://goo.gl/AC0uo
# Lulzsec leaves no one laughing and Dumps 170937 accounts
from MilitaryDatingSite:http://goo.gl/drLL7
# Anonymousrisksgoingto helland Defacespage-“POPE isnot welcome,outout!!!!!”:http://goo.gl/hO6Te # Hacktivism
# Anonymousrisksgoingto helland Defacespage-“POPE isnot
welcome,outout!!!!!”:http://goo.gl/hO6Te
# Hacktivism Breached 174 Million Records in 2011 :
http://goo.gl/rkgBj
#CarberpBankingTrojanScam -8ArrestedinRussia:
http://goo.gl/YNWBc
## Kaspersky finds Malware that resides in your RAM :
http://goo.gl/n607Y
# Fake LinkedIn Emails Link to Blackhole Exploit Malware :
http://goo.gl/eVPGm
#ThePirateBayraisestheirrumbottlesandplansLowOrbit
ServerDronestobeat#Censorship:http://goo.gl/GktF1

NewsoftheMonth

# Mystery ofDuqu Programming Language Solved.Was on the wallofacavethewholetime!:http://goo.gl/j2tex #
# Mystery ofDuqu Programming Language Solved.Was on the
wallofacavethewholetime!:http://goo.gl/j2tex
# CyberIdiotsSellingMillionsofU.Smilitaryemailaddresses.
Guesstheywanttoknow wheretogetgoodcoffeeinAfghanistan:
http://goo.gl/Wz8f3
## SixNationalTelevision StationsofIran Hacked.Theyonlyaired
the reading of the Koran so it didn't really matter :
http://goo.gl/KY5O9
# PresidentAssad's hacked emails revealisolation ofSyria's
leader;someonepassmeatissue:http://goo.gl/02NpS
# Malicious Android application stealing banking credentials:
someonepassmeahundred:http://goo.gl/nt5IF
##FBIakaFools,BastardsandIdiotsactuallyleakedStratfore-
mailsjusttobustJulianAssange?:http://goo.gl/Hu736
# Potential Security Risk of Geotagging for the Military :
http://goo.gl/zXyxj
# Tunisian IslamistWebsiteHacked byAnonymous. Seven Vir-
ginsfoundincompromisingpositions:http://goo.gl/H3DN7
# FBIchargeAnonymousforstealingCC worth $700000 in Strat- forattackcausetheyreallythinkAnonsaregoingtopay(idiots):
# FBIchargeAnonymousforstealingCC worth $700000 in Strat-
forattackcausetheyreallythinkAnonsaregoingtopay(idiots):
http://goo.gl/2VFth
# Vatican Radio hacked by AnonymousHackers. God forgives
them.:http://goo.gl/CyzYI
# Hackerexposes40,000 CreditCardsfrom DigitalPlayground.
Easytoseewhoisacheapskatepornviewer:http://goo.gl/jve2H

NewsoftheMonth

# FinallyGoogleChromegetshacked atPwn2Own. Googleisn't Giggling:http://goo.gl/2mu2V # Chinese spied on NATO
# FinallyGoogleChromegetshacked atPwn2Own. Googleisn't
Giggling:http://goo.gl/2mu2V
# Chinese spied on NATO officialsusing Facebook Friendsthen
sentthem someChow Mein:http://goo.gl/B5tfY
# Symantec's Norton anti-virus 2006 source code Leaked by
Anonymous:http://goo.gl/HaHRf
## 'The New York Iron Works'police supplierHacked by Anony-
mous.TheyweresomadtheytriedtoshoottheAnonlogobutonly
ruinedtheirlaptops:http://goo.gl/BrC7F
# AlbaniaisthemostMalwareinfectedNation.Fleasandbedbugs
areaproblemalso:http://goo.gl/XHrQv
# THE “TRUTH” SIMMERS THE POT OF SABU :
http://goo.gl/SKHm6
#AntiSechackersdefacePandaSecuritysitetoprotestLulzSecar- rests:http://goo.gl/Np8xv # RogueAntivirusadvertisedon 200000
#AntiSechackersdefacePandaSecuritysitetoprotestLulzSecar-
rests:http://goo.gl/Np8xv
# RogueAntivirusadvertisedon 200000 hackedWebpages:
http://goo.gl/y0OAy
# Anonymous:A Declaration oftheIndependenceofCyberSpace.
A NationalAnthem tofollow?:http://goo.gl/NwPbo
# GitHub hacked with Ruby on Rails public key vulnerability : http://goo.gl/EROSF # BackTrack 5
# GitHub hacked with Ruby on Rails public key vulnerability :
http://goo.gl/EROSF
# BackTrack 5 R2 Released, New Kernel, New Tools :
http://goo.gl/SvYe3