CIA – this stands for Confidentiality, Integrity, and Availability and is known as the security triad.
A few years ago, Cyber was announced as the fifth domain of warfare, joining Land, Air, Sea, and Space. While the United States has outstanding cyber capabilities as demonstrated by Stuxnet, they are very coy about tipping their hat to anyone as to how great their capabilities are. Cyber warfare is also sort of like nuclear warfare…where we would not want to initialize a full out cyber war against the like of a Russia because they could counter. And we would counter and so on, and so forth. For the past 10 years or so, there have been a lot of cat and mouse games going on in relative plain site where we do little about it. China, as a nation, steals our corporate secret. Russia provides safe haven to cyber gangs who steal credit card information and the like. ISIS is now using the internet for distributing recruitment propaganda, and it’s interesting to see what the United States will do to counter this. Why? Because if we unless cyber fury, it’s sort of like telling the world the Stealth Bomber exists, and we tip our hands to the Russias and the Chinas of the world. Do nothing, and there’s risk of increased recruitment.
My guess is, there’s a bean counter somewhere that might be estimating that at most, ever, the ceiling for recruitment is 15,000 people. If that number were to go over 15,000, or approach it, cyber tools would be unleashed. Until then, we have isolated stories of people leaving the country to join ISIS.
Recruitment might be a big deal, but we have to weigh our risks of doing nothing and keeping our cyber attack secrets against doing something and letting the world know what we have.
We know that apparently our enemy creates videos and launches them throughout the internet. This provides problems with sourcing it as well as wondering who is watching it for recruitment purposes. What I would propose would be to completely disrupt this operation in all aspects of security.
- Clone video and insert code. This code is similar to emails with embedded images, that once you open the email, the embedded image has an A HREF tag in a 1×1 pixel that accesses code on a remote website. When anyone clicks the video, you now know what IP is viewing the video…create 200 different videos with different attacks.
- Clone video and edit. Add things like the Benny Hill theme song and speed up terrorists. Do things to make them look silly. Release video. Do 18 different versions with the same name as the original.
- Wherever twitter links or social media links exists for videos, change the destination it’s being linked to. For example, recently the hacker group Anonymous hacked an ISIS site and replaced the content with a Viagra ad. All users who went to the site were then seeing a boner pill ad. The NSA has capabilities to do this, and even if they are doing it, we will never know they are.
- Take down the internet. No, you can’t do this. I thought it was sort of funny when they asked Trump about this last night on the debate – unfortunately, it was a trap question to make him look like an idiot. There are things you can do, however, such as black list an IP from being allowed in the country. I’m not sure what their current capabilities are, but it may be possible to block traffic at our gateways for certain IPs. For example, if a malicious server hosting content related to ISIS is in Syria and on server 18.104.22.168, it all traffic could be dropped coming inbound from that server. The problem is, the server content could move around a lot. I’m not a network specialist, but this is how I understand some of the capabilities at the top level could be at the top gateways. I’m also aware of a way to stop the bad actors in Syria – but this would involve well….killing off all network connections out of the country and jamming all satellite signals to outer space…and perhaps dealing with all of the phone carriers to kill traffic. So you can isolate perhaps the whole country of many millions because of a few thousand. Not sure that’s the best way. But it did sound funny last night when Trump was like, “let’s get our smart people to take them off the internet”.
- DDoS – so you know where they have content. Send a DDoS attack against them. Disrupt the ability for anyone to ever see content.
- Infiltrate sites – I’m sure they are already doing this, but as soon as you know where new ISIS sites are, start with recon…whois, fingerprinting, etc. Get names, addresses, then perform surveillance in vans then make people disappear.
- Create fake ISIS sites – Wha? Yeah, create fake websites for recruitment. Find the vulnerable people out there. When they click your website, install code on their machines which feeds you information about them. Create so many of these websites it makes your head spin. Suddenly, anyone wanting to know about ISIS knows there’s a good chance if they click on a website that they could be clicking a fake site meant to trap them.
- Find traffic and kill it. I was once reading about a tool called Einstein, which essentially was a deep packet inspection tool which looked for malicious traffic – but I would guess would also be able to identify hash values of a file (like a video) and either kill it or track where it is going. It can be passive and log everything for the FBI/CIA/NSA too review…or it can be active and drop traffic. I don’t know where they have this, if it’s even in existence, or even what networks this is supposed to protect.