White House considered cyberwar with Libya

The American government considered hacking Gaddafi army computers before aiding in an airstrike against Libya.

In the days before President Obama approved American-led airstrikes in Libya without congressional go-ahead, the White House considered using cyberwarfare to attempt to crush the army of Colonel Muammar Gaddafi.

Hoping to cripple the Gaddafi government’s computer systems and bring down their air-defense network, The New York Times reports today that the Obama administration“intensely debated” if hacking into foreign computers would be a smart move during the start of the ongoing NATO missions in Libya that are largely supported by American troops.

Officials involved with the decision-making of the cyber-attack tell The Times that American authorities were concerned that officially entering an era of high-scale computer warfare could cause competing nations across the globe to respond with cyber crimes of their own against the Pentagon. The US has already accused China, Russia and North Korea of cyberwarfare in the past, however, and has denied responsibility for similar crimes waged against the nation of Iran.

As the US points fingers at superpowers abroad for cybercrimes, today they are admitting that they’ve very recently considered such a route themselves, though wholeheartedly denying it never happened.
Only weeks after the Libya mission began, though, the debate came up once again.
The Times report today also reveals that the Obama administration debated if cyberwarfare would be necessary in the Navy SEAL operation in May that led to the execution of Osama bin Laden at his Abbottabad, Pakistan compound. In that case again, report sources close to the matter, the US ultimately decided against hacking al-Qaeda computers, instead relying on more traditional military routes, such as stealth helicopters and boots on the ground.

“These cybercapabilities are still like the Ferrari that you keep in the garage and only take out for the big race and not just for a run around town, unless nothing else can get you there,” says one Obama official to the Times, speaking on condition of anonymity.
After the president approved American troops to aid in the NATO-led assault on Gaddafi’s army, Obama stood by his decision to make the move without getting the okay from Congress, even after lawmakers approached the commander-in-chief that he would be in clear violation of the War Powers Resolution Act of the Nixon White House. In his defense, President Obama insisted that the level of “hostilities” overseas did not necessitate a war.
Earlier in 2011, however, both the president and the Pentagon were involved in paperwork that equated cybercrimes on foreign nations as acts of war. According to the United States’ own policy, cybercrimes perpetrated against the US could call for a response from the American military. In that case, American-led cyber attacks on Gaddafi would almost certainly warrant retaliation with not just bytes, but bullets too.
In May of this year, one unnamed military official equated the new policy to The Wall Street Journal this way: “If you shut down our power grid, maybe we will put a missile down one of your smokestacks.”
Months later, the US was quick to point the finger at China for a series of Internet crimes waged against several nations, including the States and Taiwan, though lacked any evidence whatsoever.
In the past year, the United States has admitted that cyberattacks would be the future of international warfare, though has denied that they have practiced it themselves. Defense Secretary Leon Panetta even told a Capitol Hill hearing that the “next Pearl Harbor” could likely be caused by computer crimes.
Some, however, believe that the US has been behind acts like this all along, meanwhile denying their involvement. Stuxnet, a 2010 computer worm that targeted Iranian nuclear facilities, is believed by many to be of American origin and infiltrated with the help of Israel. Speaking at a TED Talk earlier this year, researcher Ralph Langner said, "My opinion is that the Mossad is involved but that the leading force is not Israel. The leading force behind Stuxnet is the cyber superpower – there is only one; and that's the United States."

China behind massive cyber attack on US?

Without another scapegoat to pin the blame on, Americans are naming China as the culprit of a series of cyber attacks because, well, why not?
Jim Lewis of the Center for Strategic and International Studies tells Reuters that China is likely to blame for a massive series of cyber crimes that took the network of dozens of organizations by storm. Lewis, a cyber crime expert, can’t point reporters to any evidence in particular, but notes that the organizations infiltrated in the slew of attacks had information that China might want to have.
"Everything points to China. It could be the Russians, but there is more that points to China than Russia," Lewis says.
The United Nations, as well as the governments of the United States, India, South Korea, Canada and Taiwan are included in the list of 72 organizations targeted by a series of attacks conducted over a five year span.
Security company McAgee discovered the attacks and says that a “state actor” was responsible but won’t say who. Neither McAfee nor the Chinese offered comment on if China was responsible.
Vijay Mukhi, an Indian cyber-expert, adds to Reuters that he would not be surprised if the attacks came out of China because, he puts it, “that’s what China does.” Mukhi also notes, however, that India’s government barely protected their electronic data, saying their security is something out of the Stone Age.
While some of the networks targeted in the attacks included information held by other Asian governments (such as Taiwan and Hong Kong)and the Olympic Committees of the runner ops to the 2008 games that went to Beijing, the majority of those targeted were American companies and nonprofits.
If you ask Lewis, however, it’s got to be China.
“Who else spies on Taiwan?” he asks.
Lewis has long explored cyber crime and security issues in China. He is the author of the publication Building an Information Technology Industry in China: National Strategy and just last week told CNN that “China is very active in espionage.”

Pentagon creating new-generation cyberweapon

A next-generation cyberweapon capable of knocking out enemy networks, even if they're not connected to the Internet - this is a primary goal for the Pentagon's research and development teams.

According to the Washington Post, the US military is ramping up its cyber-efforts in anticipation of a possible showdown with Iran or Syria.
The Pentagon had wanted to use cyber warfare technology during the NATO mission in Libya, but realized that it would have needed at least a year to properly develop the necessary weapon.

The Pentagon is creating a next-generation cyberweapon.

“We weren’t ready to do that in Libya. We are not ready to do that now, either,” the newspaper quoted an anonymous US official as saying.
US military officials are looking to create a weapon capable of targeting “offline” military systems, that would transmit damaging codes by radio. The US’s military’s Defense Advanced Research Projects Agency (DARPA) recently secured a half billion dollars in funding for such a project.
However, codes disseminated by such a weapon would need to be customized in order to have the right effect on enemy targets.
“Unless you already have a custom-written code for a system, chances are we don’t have a weapon for that because each system has different software and updates,” Joel Harding, an independent military consultant, explained.
The Pentagon is due to spend $3.4 billion on cyber technology in this year alone. The technology in the US military's current arsenal can disable components of an enemy weapons system, but not the system as a whole. Future cyber tools – like those currently in use – are likely to be used in combination with other tactics and arms.
The world’s first digital warhead, the computer worm Stuxnet, is believed to have disabled hundreds of centrifuges in an Iranian nuclear facility back in 2009 and 2010. Some blamed Mossad for the attack, saying that the US helped to develop the virus. The worm, however, lacked the precision and predictability necessary in a military operation.
The new generation of cyber warfare is thought to be more advanced, using a "fundamentally different approach than Stuxnet,” said an unnamed military official. “If I am trying to knock down an air defense system, I have to know precisely what is going to happen and when it will happen.”
The new weapon should minimize the possibility of collateral damage, for example the disruption of civilian systems. Developers also need to work around the fact that destructive codes could be sent back to attack American targets or used by foreign intelligences for their own ends.
Now, with the Pentagon’s cyber expenditures rising, defense officials are far from satisfied with how things are going. “I am still not remotely satisfied with where we are in cyber,” Deputy Secretary of Defense Ashton B. Carter said earlier this month. “I dare say we’d spend a lot more if we could figure out where to spend it.”

US launched cyber attacks on other nations

The assumption that the US has the technological know-how to cripple a competing nation has always been just that: as assumption. In a recent sit-down interview, however, a former spy chief confirmed that America has already waged cyber attacks.Mike McConnell, the former director of national intelligence at the National Security Agency under George W Bush, tells Reuters this week that cyber war is more than a distant possibility. According to the current vice chairman at Booz Allen Hamilton, the US has already launched attacks on the computer networks of other nations.
Confirmed: US has already waged cyberattacks

McConnell did not add any input as to what countries have been hit with American cyber warfare in the past, but he did confirm that the US has already used the ability. When asked by Reuters if the United States had the capability to destroy the computer system of an adversary, McConnell responded “Yes.” When asked if it worked, he confirmed “yes” as well.
"Do we have the ability to attack, degrade or destroy? Sure. If you do that, what are the consequences? That is the question,” added McConnell.
Although the former spy chief neglected to name any countries that have been the target of American attacks, the US is believed by some to be the culprit behind a virus that targeted computer systems in Iran in 2010. Stuxnet, an advanced computer worm discovered in June of that year, impacted the computers used in conjunction with Iran’s nuclear program. In a January 2011 article in the New York Times, an American nuclear intelligence expert speaking on condition of anonymity said that the Israelis were behind Stuxnet, placing the blame on one of America’s most important allies. The expert adds in the article that Israel did indeed work hand-in-hand with the US in perfect Stuxnet before sending it to the Iranian networks, but that Washington wanted “plausible deniability.”
Other sources have since all but confirmed America’s involvement in the worm. German cyber security expert Ralph Langner told National Public Radio last year that the virus seemed like something out of science fiction, but added that, "Thinking about it for another minute, if it's not aliens, it's got to be the United States.” He went on to call the US “the leading force” behind Stuxnet, an assumption that many in Iran believe as well. While the Iranians have never officially recognized retaliation on their part, rumors of revenge via cyberwar have been rampant in recent weeks, particularly after news broke out of Mexico last month that hackers south of the border were being recruited by Iran to participate in an infiltration of American computers.
Before it launched an airstrike` attack on Libya in 2011, a cyberattack was considered as a route to oust Colonel Muammar Gaddafi, an Obama official said to the New York Times last year. In the end, however, America relied on other techniques. “These cybercapabilities are still like the Ferrari that you keep in the garage and only take out for the big race and not just for a run around town, unless nothing else can get you there,” the insider, speaking on condition of anonymity, told the Times.

‘Flame’ Virus explained: How it works and who’s behind it

‘Flame’ Virus: How it works and who’s behind it

Flame may be the most powerful computer virus in history, and a nation-state is most likely to blame for unleashing it on the World Wide Web.Kaspersky's chief malware expert Vitaly Kamlyuk shared with RT the ins and outs of Stuxnet on steroids.
Iran appears to be the primary target of the data-snatching virus that has swept through the Middle East, though other countries have also been affected.The sheer complexity of the virus and its targets has led Moscow-based Kaspersky Lab to believe a state is behind the attack.

Kaspersky first spotted the virus in 2010, though it may have been wrecking havoc on computer systems for many years.Vitaly Kamlyuk told RT how his company discovered it, just what makes Flame so significant, features of the virus that could point towards its creator, and why we all lose out in this intensifying cyber-war.
RT: So, how did you spot the malware, was it a planned investigation, or did it come by surprise?
Vitaly Kamlyuk: It was by surprise. We were initially searching for a [different form of] malware. We were aware of the malware that had spread throughout the Middle East, attacked hundreds of computers and wiped their hard drives, making the systems unbootable after that. It was actually after an inquiry from the International Telecommunications Union, which is a part of the United Nations, who actually asked us to start conducting research. When we started looking for this mysterious malware in the Middle East, we discovered this suspicious application that turned out to be even more interesting than the initial target of our search.
RT: According to one of your experts, 'Flame' does not appear to cause physical damage, so why has it been dubbed the most hazardous cyber-attacks in history?
VK: It’s actually on the same level as the notoriously known Stuxnet and Duqu [attacks], because we suspect that there is a nation state behind the development of this cyber attack, and there are reasons for that. This application doesn’t fit into any of the existing groups of developed cyber attack tools. There are currently three groups. There are traditional cyber criminals who are hunting users’ data (like log-ins and passwords) to access bank accounts over the Internet and steal money, send spam, or conduct dubious attacks.This [Flame] doesn’t fit into the group of traditional cyber criminal malware. Also, it doesn’t fit into the activists’ malware who are using typically free and open source tools to attack computers on the Internet. And the third known group [at this time] is nation-states.
RT: What makes this malware different from all other Spyware programs and what damage can it do?
VK: It’s pretty advanced – one of the most sophisticated [examples of] malware we’ve ever seen. Even its size – it’s over 20 megabytes if you sum up all the sizes of the modules that are part of the attacking toolkit. It’s very big compared to Stuxnet, which was just hundreds of kilobytes of code: it’s over 20 megabyes. And the Stuxnet analysis took us several months, so you can imagine that a full analysis of this threat may take us up to a year. So we think it is one of the most sophisticated malware [programs] out there.
It’s also quite unique in the way it steals information. It’s possible to steal different types of information with the help of this spyware tool. It can record audio if a microphone is attached to the infected system, it can do screen captures and transmit visual data. It can steal information from the input boxes when they are hidden behind asterisks, password fields; it can get information from there.Also it can scan for locally visible Bluetooth devices if there is a Bluetooth adapter attached to the local system.
RT: Is there a connection between this new cyber threat and previous large-scale virus attacks?
VK: We are trying to compare and find similarities between this development and previous [ones] of course, but there are so few of them – Stuxnet or Duqu mostly. There is no reliable relation between Stuxnet and Flame as we call it…they are completely different. Because Stuxnet was a small application developed for a particular target with the specific objective to interact with industrial control systems and break them down. And Flame is a universal attacking tool kit used mostly for cyber espionage. So there are so things that [Flame] shares in common with Stuxnet and Duqu, and these are the vulnerabilities that are used by both [types of] malware. Probably one malware simply copied vulnerabilities from the other malware program when they were published.
RT: So this means that cyber warfare is evolving rapidly, and 'Flame' vividly confirms this trend. Can less technologically developed nations resist such attacks, or is it game over for them?
VK: It’s never game over in this area, because even if the country isn’t technologically developed in this area, it doesn’t prevent them from cooperating with organizations like ours and with private companies in the security industry that can provide them with valuable pieces of information which can actually result in the discovery of such threats. And when we discover such threats, we permanently add them to antivirus databases, and users from those nations can use freely available trial tools and commercial antivirus [software] to protect their systems.
RT: This enormous stratum of data that 'Flame' can gather, who would need it and is it really possible to analyze such an avalanche of information?
VK: First of all, when we’re talking about the size of data that is to be analyzed, we know that the attackers do not infect as many victims as possible. Their resources are limited; it seems that they understand that. They are keeping the number of infected machines more or less the same. So it’s the same level. When they finish analyzing data that has been stolen from one network, they remove the malware and switch to another.So we think that it’s still possible the extract only the data they are interested in.
RT: So can we call this a cyber war, and if so?
VK: Stuxnet and Duqu were bright examples of cyber weapons which could even physically destroy infrastructure, and this [Flame] is a continuation of this story. So this is another development in this roe which continues in addition to Stuxnet and Duqu.There are also nation stations supporting [these] developments. We think that cyber warfare has been going on for years already. People were just probably not aware of it because cyber warfare has a unique feature: it’s hidden. Nobody knows when cyber warfare operations are going on. This is the key feature of it.
RT: Who is behind these cyber attacks?
VK: Like with Stuxnet and Duqu, it’s currently unclear who is behind it. It’s very hard to find out who is behind it because when we try to follow the traces, who controls the application – it connects to the command and control centers – it turns out to be… dozens or even more servers spread around different countries around the world. More than 80 or 90 domains are associated with those servers. Most of them are registered with fake identities. So they’re pretty well protected and hidden. So it is unclear who is behind that, and we try not to speculate who could be behind such attacks. We try to base it on pure facts like the language we extract from the code. In this case, we only found traces of good English used inside the code.