Professional Documents
Culture Documents
Syria
Syria
Therefore, cyber warfare and hacking techniques should be used against the threats of the frequent
terrorist groups like isis and those in Pakistan.
In the U.S., they have presented as security issues for critical infrastructure,
such as industrial sites, and cast doubt on the integrity of crucial information
technology systems used for elections — including many vulnerable voting
machines (PDF) themselves that are employed and managed at the state
level.
Like many private companies and public agencies in the U.S., the
Department of Defense struggles with a shortage of information security
professionals. But RAND research suggests that the armed forces, and the
nation more broadly, might already have some of the personnel resources it
needs — in the ranks of its Reserves and National Guard.
RAND researchers studying the skills of personnel in the Army National
Guard and the U.S. Army Reserve in 2015 estimated, conservatively, that
more than 100,000 of these men and women have some degree of cyber
competence, including thousands with deep or mid-level cyber expertise.
A growing proportion of reservists are “digital natives” who want to leverage their tech skills as
part of their military duties.
The U.S. has different options for filling shortfalls in its arsenal of
information security professionals. In March, for example, Rep. Ruben
Gallego (D-AZ) proposed the creation of a “cyber national guard” to attract
talented civilians who do not want to serve in the military, but are willing to
contribute to the nation's cyber defense.
This threat to American democracy and cyber way of life demands hands-on
attention to the underlying machines and devices. Mitigating this threat with
human resources will require the cyber equivalent of boots on the
ground. The state of Ohio has already tapped its National Guard to defend its
election system from hackers.
Time is running out to build an adequate nationwide defense for the next
presidential election cycle, but many of the necessary personnel resources
are right here — in the form of the Guard and the Reserves that are ready
and willing to be called up to perform the mission.
The Russian information operations system, combined with the Russian form
of centralized government control, allows it to launch cyber-operations with
greater speed, agility and brazenness than most analysts believe is possible
in the West. The unprecedented 2007 cyberattacks on Estonia illustrate the
growing sophistication of Russia's unrelenting focus on cyber-operations. In
an attempt to prevent Estonia's removal of a Soviet-era war memorial in the
capital of Tallinn, Russia unleashed a digital firestorm that crippled essential
computer networks across the tiny Baltic nation.
Now the United States finds itself in Russia's crosshairs and needs to develop
a strategy to respond — and a universal cyberwarfare lexicon.
Only when norms and laws are binding will there be legal and tangible
consequences for cyber actions against others. Tangible costs, such
as sanctions, are important because without them history has shown that
malicious actors will continue or intensify their behaviors in pursuit of their
objectives. The editor of the “Tallinn Manual 2.0” may have said it best: “The
Russians are masters at playing the 'gray area' in the law, as they know that
this will make it difficult to claim they are violating international law and
justifying responses such as countermeasures.”
The complaint said the group attacked a seried of unnamed U.S. companies using
Sakula, the same rare program involved in U.S. Office of Personnel Management (OPM)
hacks detected in 2014 and 2015. The filing did not mention the OPM hacks.
The arrest could provide information on the OPM hacks which U.S. officials have
blamed on the Chinese government.
In an FBI affidavit linked to the complaint, an FBI agent said he believed Yu provided
versions of Sakula to two unnamed men that he knew would be used to carry out
attacks on the firms.
Yu's court-appointed attorney, Michael Berg, said Yu was a teacher with no affiliation
with China's government.
"He says he has no involvement in this whatsoever," Berg said, adding that Yu came to
Los Angeles for a conference.
The Justice Department and San Diego FBI declined to comment further.
The court filings said Sakula had rarely been seen before the attacks on U.S.
companies and Yu knew the software he was providing would be used in the hacks
carried out between 2010 and 2015.
Though the victims are not named, some companies appeared to be in the aerospace
and energy industries.
Adam Meyers, vice president at U.S. security firm CrowdStrike, said software flaws and
one of the internet protocol addresses cited in the complaint matched up with attacks on
a U.S. turbine manufacturer, Capstone Turbine, and a French aircraft supplier.
Meyers said Sakula could be used by multiple groups, but that all of the known targets
would be of interest to the Chinese government.
The OPM breach was a subject of U.S.-China talks, and the Chinese government
previously told American diplomats it had arrested some criminals in the case.
CHINA’S HACKING-2
This was the first time an American company had the guts to publicly stand up and
point the finger at the government of China.
Those were different times. Six years later, a mantra among cybersecurity experts is
that there's only two types of companies: those that have been hacked by China, and
those that don't know they've been hacked yet.
Countless companies have accused China of hacking them. A whole industry has
benefitted from this, offering defensive tools and forensics investigations to potential
and actual victims. The reason why China has become such a superpower when it
comes about hacking is because it wants to be the world's biggest superpower, and
the fastest way to get to the top is steal secrets from the current leader.
But the current leader, the United States, has also decided to stand up. In 2014, the
Department of Justice announced the indictment of five hackers who work for the
country's military. The officers have practically no chance of ever seeing an American
courthouse, but it was a way to make what's still the loudest stand against Chinese
corporate espionage. Then, a year later, US and China announced a ceasefire of
hacking operations, at least those against corporations. It was the beginning of a new
era.
But that didn't stop all Chinese hacks. The worst one to date, perhaps, was that on
the Office of Personnel Management or OPM, which resulted in the loss of more than
21 million personal records of government workers. The US government never
publicly blamed China, but many anonymous US officials did in interviews with
journalists.
This week, as part of VICELAND documentary series CYBERWAR, VICE Canada reporter
Ben Makuch talks to the US government and the world's foremost experts on Chinese
hacking, trying to trace the rise of the hacking giant.
CHINA’S HACKING-3
Chinese intelligence repeatedly targeted US national
security agencies and email accounts of US officials, a
soon-to-be-released report says, adding that Beijing spies
targeted info on nuclear weapons, FBI investigations and
war plans.
“Chinese intelligence has repeatedly infiltrated US national
security entities and extracted information with serious
consequences for US national security, including
information on the plans and operations of US military
forces and the designs of US weapons and weapons
systems,” a draft annual report for 2016 said, as cited by the
Washington Free Beacon.
The final version of the report of the US-China Economic
and Security Review Commission is to be released
November 16.
The hacks allowed Beijing to gain “insight into the
operation of US platforms and the operational approaches
of US forces to potential contingencies in the region,” it
goes on.
According to the document, China applied efforts at “cyber
and human infiltration” of national security sectors,
including the FBI and the US Pacific Command. The
report says that Washington “faces a large and growing
threat to its national security from Chinese intelligence
collection operations