June 2016 - The Cyber Loop

Critical Infrastructure Protection, Volume II

This book is a follow-on to our earlier book published in 2011 and represents a detailed look at various aspects of cyber security. The chapters in this book are the result of invited presentations in a 2-day conference on cyber security held at the City University of New York, City College, June 8-9, 2011.

Our increased reliance on the Internet, information, and networked systems has also raised the risks of cyber attacks that could harm our nation’s cyber infrastructure. The cyber infrastructure encompasses a number of sectors including the nation’s mass transit and other transportation systems, railroads, airlines, the banking and financial systems, factories, energy systems and the electric power grid, and telecommunications, which increasingly rely on a complex array of computer networks. Many of these infrastructures’ networks also connect to the public Internet. Unfortunately, many information systems, computer systems, and networks were not built and designed with security in mind. As a consequence, our cyber infrastructure contains many holes, risks, and vulnerabilities that potentially may enable an attacker to cause damage or disrupt the operations of this cyber infrastructure. Threats to the safety and security of the cyber infrastructure come from many directions: hackers, terrorists, criminal groups, and sophisticated organized crime groups; even nation-states and foreign intelligence services conduct cyber warfare. Costs to the economy from these threats are huge and increasing. Cyber infrastructure protection refers to the defense against attacks on such infrastructure and is a major concern of both the government and the private sector.

A key contribution of this book is that it provides an integrated framework and a comprehensive view of the various forms of cyber infrastructure protection. We, the editors, strongly recommend this book for policymakers and researchers.

Read the full book here.

The Cukoo’s Egg

From Amazon.com

Before the Internet became widely known as a global tool for terrorists, one perceptive U.S. citizen recognized its ominous potential. Armed with clear evidence of computer espionage, he began a highly personal quest to expose a hidden network of spies that threatened national security. But would the authorities back him up? Cliff Stoll’s dramatic firsthand account is “a computer-age detective story, instantly fascinating [and] astonishingly gripping” (Smithsonian).

Cliff Stoll was an astronomer turned systems manager at Lawrence Berkeley Lab when a 75-cent accounting error alerted him to the presence of an unauthorized user on his system. The hacker’s code name was “Hunter” — a mysterious invader who managed to break into U.S. computer systems and steal sensitive military and security information. Stoll began a one-man hunt of his own: spying on the spy. It was a dangerous game of deception, broken codes, satellites, and missile bases — a one-man sting operation that finally gained the attention of the CIA…and ultimately trapped an international spy ring fueled by cash, cocaine, and the KGB.

Ghost in the Wires

From Amazon.com

Kevin Mitnick was the most elusive computer break-in artist in history. He accessed computers and networks at the world’s biggest companies–and however fast the authorities were, Mitnick was faster, sprinting through phone switches, computer systems, and cellular networks. He spent years skipping through cyberspace, always three steps ahead and labeled unstoppable. But for Kevin, hacking wasn’t just about technological feats-it was an old fashioned confidence game that required guile and deception to trick the unwitting out of valuable information.

Driven by a powerful urge to accomplish the impossible, Mitnick bypassed security systems and blazed into major organizations including Motorola, Sun Microsystems, and Pacific Bell. But as the FBI’s net began to tighten, Kevin went on the run, engaging in an increasingly sophisticated cat and mouse game that led through false identities, a host of cities, plenty of close shaves, and an ultimate showdown with the Feds, who would stop at nothing to bring him down.

Ghost in the Wires is a thrilling true story of intrigue, suspense, and unbelievable escape, and a portrait of a visionary whose creativity, skills, and persistence forced the authorities to rethink the way they pursued him, inspiring ripples that brought permanent changes in the way people and companies protect their most sensitive information.

Cyber War in Perspective: Russian Aggression against Ukraine

Overview from CCDCOE:

The conflict in Ukraine appears to have all the ingredients for cyber war. Moscow and Kyiv are playing for the highest geopolitical stakes, and both countries possess a high level of expertise in information technology and computer hacking. However, there are still many sceptics of cyber war, and more questions than answers. Malicious code has served criminals and spies very well, but can cyber attacks offer soldiers more than a tactical edge on the battlefield? Can they have a strategic effect? And what norms should be established in international relations to govern nation-state hacking in peacetime and in war?

The book serves as a benchmark in the early history of Internet-era warfare. It features 18 chapters by scholars and practitioners who identify the case’s tactical and strategic implications, discuss their significance for policy and law, and analyse ongoing information operations. For worldleaders and system administrators alike, the ‘cyber dimension’ of the Russo-Ukrainian crisis offers many lessons and sheds light on whether cyber war is still closer to science fiction than reality.

This case study, which examines the Ukraine crisis between 2013-2015, demonstrates that cyber attacks have been used in a broader strategy of information warfare. They encompass digital propaganda, denial-of-service (DoS) campaigns, website defacements, information leaks by hacktivist groups, and cutting-edge cyber espionage malware. However, apart from disruptions to Internet connectivity between Crimea, Donbass, and the rest of Ukraine, there have been no known attacks against civilian or military critical infrastructures. Does this mean that Russia – considered by many to be one of the leading cyber powers in the world – is voluntarily showing restraint? And what are the scenarios in which we could see an escalation of this conflict in cyberspace?

Read the full book here.

Nuclear Lessons for Cyber Security

Identifying “revolutions in military affairs” is arbitrary, but some inflection points in technological change are larger than others: for example, the gunpowder revolution in early modern Europe, the industrial revolution of the nineteenth century, the second industrial revolution of the early twentieth century, and the nuclear revolution in the middle of the last century.1 In this century, we can add the information revolution that has produced today’s extremely rapid growth of cyberspace. Earlier revolutions in information technology, such as Gutenberg’s printing press, also had profound political effects, but the current revolution can be traced to Moore’s law and the thousand-fold decrease in the costs of computing power that occurred in the last quarter of the twentieth century.

Read the full article here.

Fatal System Error

From Amazon.com:

In 2004, a California computer whiz named Barrett Lyon uncovered the identity of a hacker running major assaults on business websites. Without fully grasping the repercussions, he set on an investigation that led him into the heart of the Russian mob. Cybercrime was evolving. No longer the domain of small-time thieves, it had been discovered by sophisticated gangs. They began by attacking corporate websites but increasingly stole financial data from consumers and defense secrets from governments.

While Barrett investigated the cutting edge of technology crime, the U.S. government struggled to catch up. Britain, however, was a different story. In the late 1990s, the Queen herself had declared safe e-commerce a national security priority. Agents from the London-based National Hi-Tech Crime Unit sought out Barrett and enlisted his help. They also sent detective Andrew Crocker, a Welsh former boxer, to Russia to track down and prosecute the hacker’s and to find out who they worked for.

Fatal System Error penetrates both the Russian cyber-mob and the American mafia as the two fight over the Internet’s massive spoils. It takes readers into the murky hacker underground, traveling the globe from San Francisco to Costa Rica, London, and Russia. Using unprecedented access to mob businesses and Russian officials, it shows how top criminals earned protection from the Russian government—and how Barrett Lyon and Andrew Crocker got closer to the titans of the underground economy than any previous outsider. Together, their stories explain why cybercrime is much worse than you thought—and why the Internet might not survive.