Visualising the invisible

The latest issue of Wired has a simply schematic map of ‘an invisible but vast war zone’ created by cyberattacks:

Cyberattacks mapped

Every month, it seems, a mammoth cyberattack sponsored by a nation state comes to light. In recent years, more than 20 countries have announced their intent to launch or beef up their offensive cyber capabilities. The result is a burgeoning digital arms race that presents a major threat to the security of our data.

But they are very late to the game (and there are also many internal threats to ‘the security of our data’: think NSA or GCHQ).  In October 2013 Google Ideas in collaboration with Arbor Networks launched an interactive map of daily Distributed Denial of Service (DDoS) attacks that attempt to make an online service unavailable by overwhelming it with traffic from multiple sources :

Digital attacks 29 September 2015

According to Arbor Networks,

Attackers build networks of infected computers, known as ‘botnets’, by spreading malicious software through emails, websites and social media. Once infected, these machines can be controlled remotely, without their owners’ knowledge, and used like an army to launch an attack against any target. Some botnets are millions of machines strong.  Botnets can generate huge floods of traffic to overwhelm a target. These floods can be generated in multiple ways, such as sending more connection requests than a server can handle, or having computers send the victim huge amounts of random data to use up the target’s bandwidth. Some attacks are so big they can max out a country’s international cable capacity.  Specialized online marketplaces exist to buy and sell botnets or individual DDoS attacks. Using these underground markets, anyone can pay a nominal fee to silence websites they disagree with or disrupt an organization’s online operations. A week-long DDoS attack, capable of taking a small organization offline can cost as little as $150.

I discussed these, and connected them to militarised cyberattacks in ‘The everywhere war’ [DOWNLOADS tab].

The site provides an illuminating typology of attacks – TCP connection attacks that attempt to use up all available connections; Volumetric attacks that use up bandwidth; Fragmentation attacks that send a flood of TCP or UDP fragments to a victim, overwhelming their ability to re-assemble the streams and severely reducing performance; and Application attacks that target applications.

There is also an instructive gallery of major attacks:

Gallery of major attacks

And in 2014 another internet security company, Norse, released a live stream of origins and targets of attack; I’ve pasted a screenshot below but there is also a YouTube video here.

NORSE Digital attacks

The image above — which looks like Missile Command on steroids — shows just a snippet of hacking attempts around the world, the countries from which they originate, and the countries that they are attacking.

In reality, the attackers are hitting what Norse calls honey pots — special traps designed to detect unwanted network intrusions by hackers. It’s important to note that the location an attack comes from isn’t necessarily its true origin, as hackers can make an attack look like it’s coming from one place when it’s really coming from another.

You can find a list of other cyber attack maps at CTF365 here.

War at a distance

Porter-The-Global-Village-Myth-webNews from Patrick Porter of a new book due out in March, The global village myth: distance, war and the limits of power (from Hurst in the UK/Georgetown University Press in the US):

According to security elites, revolutions in information, transport, and weapons technologies have shrunk the world, leaving the United States and its allies more vulnerable than ever to violent threats like terrorism or cyberwar. As a result, they practice responses driven by fear: theories of falling dominoes, hysteria in place of sober debate, and an embrace of preemptive war to tame a chaotic world.

Patrick Porter challenges these ideas. In The Global Village Myth, he disputes globalism’s claims and the outcomes that so often waste blood and treasure in the pursuit of an unattainable “total” security. Porter reexamines the notion of the endangered global village by examining Al-Qaeda’s global guerilla movement, military tensions in the Taiwan Strait, and drones and cyberwar, two technologies often used by globalists to support their views. His critique exposes the folly of disastrous wars and the loss of civil liberties resulting from the globalist enterprise. Showing that technology expands rather than shrinks strategic space, Porter offers an alternative outlook to lead policymakers toward more sensible responses—and a wiser, more sustainable grand strategy.

You can get a preliminary preview of Patrick’s basic argument at War on the Rocks here.

The other side of NSA

I’ve emphasised the networks in which drone operations take place several times on this blog, and I’ll have more to say about it (and, crucially, the satellite links involved) very shortly.  But this applies to all domains in which advanced militaries now operate.  In 2012 Army magazine (62: 6) put it like this:

The world in which U.S. forces operate is increasingly wireless and computer network-based. Rapidly evolving information technologies are expanding the speed, capacity, agility, efficiency and usefulness of modern networks. The prolif- eration of these systems is changing the way humans interact with each other and their environment, including military operations. This creates conditions that will make U.S. forces increasingly dependent on these technologies and require soldiers to counter technology-empowered and so- phisticated adversaries who can utilize commercial indus- try and the network as their primary combat developers. This broad and rapidly changing [Operational Environment] will present a plethora of potential threats and opportunities that are primarily limited by our own—and our opponents’—imagination, causing the Army to operate within a cyberspace domain and EMS [Electromagnetic Spectrum] that are increasingly congested and contested.

The authors went on to emphasise the convergence of ‘cyber and EMS capabilities’ (and, not coincidentally to my interest in satellite communications, the intersections between commercial and military systems):

Commercial and military systems are increasingly reliant on both as networks and telecommunication infrastructures expand their use of wireless means. This is particularly important for collaborative systems that require connectivity to operate effectively. The synergistic effect of these networks is a significant reason why EW [electronic warfare], EMSO [EMS operations] and cyber operations must be viewed as interrelated and interdependent.

The Pentagon has now published its first Field Manual on Cyber Electromagnetic Activities (FM 3-38).  If you are still wondering what these are, and why I’ve described them as the ‘other side’ of NSA (and by extension, GCHQ and the other ‘Five Eyes’) global surveillance operations, this is what the manual says:

Cyber electromagnetic activities are activities leveraged to seize, retain, and exploit an advantage over adversaries and enemies in both cyberspace and the electromagnetic spectrum, while simultaneously denying and degrading adversary and enemy use of the same and protecting the mission command system (ADRP 3-0). CEMA consist of cyberspace operations (CO), electronic warfare (EW), and spectrum management operations (SMO).

Cyber Electromagnetic Activities

The FM – and remember this is doctrine: we have a long way to go before we are able to probe into practice – diagrams the relation between the ‘five domains’ of US military operations (air, land, sea, space and cyberspace) and the electromagnetic spectrum like this:

Five domains and the Electromagnetic Spectrum

Operationally, for ‘unified land operations’ (this is a US Army manual, remember) this translates into undertaking Cyber Electromagnetic Activities (CEMA) thus:

Cyber electromagnetic activities Operational View

You can find a short discussion of the pre-history behind the Field Manual here.

I’m going to work my way through the manual in detail, and think through its implications for what I already know about cyberwar (even if Thomas Rid thinks it will never take place).  I sketched out some of my early ideas in ‘The everywhere war’ (DOWNLOADS tab), largely in relation to Stuxnet and cyber-attacks on Iran’s nuclear programme, but there have been many more developments and revelations since then, so watch this space.