I preface this diary stating that I myself am a systems administrator. What that means for your lay folk not intrenched into the details of the IT world is that I am the keeper of the rainbow bridge for the network where I work. It is my responsibility to ensure the data that resides within my digital Asgard stays safe, separated, and operating without issue.
There is however a digital threat on the horizon. A looming Ice Troll threat that looks like a digital build up of the nuclear arms race. And to be honest, as a guardian of the bridge, it scares the living crap out of me.
Join me below for a briefing on what I learned today and some speculation on what it might mean for our digital future.
My boss, the IT Manager...well he's my Odin and tells me what can get in and what can get out. There are however strays from time to time. I have a few Thor's who choose for whatever reason to attempt escape from my vision. There are also a few Loki's who attempt entry into the gated digital city that is my network. I swat these attempts down with severe prejudice and strength. I take MY city seriously. Yes, it is mine. This is how personal I take my job as guardian of my Asgard.
The rule of thumb is, don't piss off the sysadmin. In any job, if you want to have an easy time and get some great perks...go buy your network admin a bottle of scotch. Seriously, we IT people run on Mountain Dew (diet in my case if you're pondering a gift), small bagged snacks (funyuns, Cheetos, fritos, take your pick) and copious amounts of 40% alcohol to volume products. You might be annoyed that you cannot check facebook during your break but you want to change that? Go get your IT gurus gifts of sacrifice. You'll likely see how quickly that Websense filter stops annoying the hell out of you.
In any event, we're a swarthy bunch. Digital privateers tasked with rooting out piracy and protecting safe harbors from those who would do harm. In the same vein of the pirates and privateers of old, we actually raise our glasses to our most famous hackers and groups of hackers. As privateers we recognize skill where skill is, indeed there are some very smart folks amongst those crazy pirates amongst the digital seas. One of the more amusing to me is that Anonymous group, who have some amazing talent in their ranks and have such a cavalier attitude. I like to think that had they been born in the age of piracy, they'd be sailing right there along side Black Beard.
The point of this intro into the ideals and views of your typical IT person has purpose. That being we're a very unique folk and take our jobs seriously but accept our outcomes with a raised toast of a glass, proudly declaring "Good Game!". Indeed even my own organization was the target of a random attack, having our website defaced and a message left in my administrative inbox. A few emails exchanged, I got laid out the details of what I had missed in my ramparts of defense. I was actually thankful for this digital pirate pillaging my Asgard because now I am better defended.
But the times, they are a changing.
As the world continues to migrate into integrated networks it really was only a matter of time until geopolitics forced the Nation State's hand into play. Increasingly and with faster integration we in the IT world are seeing our security threats not from Black Beard but from our own nations. If you haven't read or heard the recent NPR report I encourage you to read it.
The article goes on to describe how a virus was found and seems to have been created with a specific purpose. To extract banking information from Lebanese banks accounts. It is a Stuxnet style of virus. For those not familiar, Stuxnet was a virus specifically targeted at specific computer configurations. More specifically those used at computers related to Iranian nuclear operations.
These targeted attacks are increasingly and most blatantly and obviously coming from not some group of kids in the Philippines, doing it for the lulz, but from the Nation States we reside in. Specifically the virus Stuxnet all but admittedly coming from the Department of Defense.
From Wikipedia
In May 2011, the PBS program Need To Know cited a statement by Gary Samore, White House Coordinator for Arms Control and Weapons of Mass Destruction, in which he said, "we're glad they [the Iranians] are having trouble with their centrifuge machine and that we – the US and its allies – are doing everything we can to make sure that we complicate matters for them", offering "winking acknowledgement" of US involvement in Stuxnet.[21] According to The Daily Telegraph, a showreel that was played at a retirement party for the head of the Israel Defense Forces (IDF), Gabi Ashkenazi, included references to Stuxnet as one of his operational successes as the IDF chief of staff
I know a lot of you have probably glossed over at this point, technical stuff tends to do that to people. But however I want to point out how important this pivot in technical change of threats and where they come from is important. What the US has done has effectively ramped up the dial to 11. That Kaspersky was the one that found this recent threat is even more important.
To put it in cold war terms, effectively what we have had is a KGB agent finding documents related to an operation that a CIA op conducted in Lebanon to recruit resources and assets for the express purpose of information finding. This is important metaphor, we have as the US effectively raised the digital arms race and have forced the hands of nation states across the globe.
Many systems administrators, network administrators, and just general IT folk out there... we are seeing the seas change. We are starting to see less sloops and schooners and instead are seeing bristled battleships. Granted those battleships are targeting very specific targets but there are a great many of us thinking "When will they think we're a target?"
And as an administrator, it scares the living daylights out of me.
Essentially what we can expect in the future is a ramp up in the targeted malware development. These targeted software/hardware attacks often go unnoticed because they are so select in their targeting blanket that your standard antivirus software will miss them. Even with the advanced heuristic scanning it can be missed and the payload delivered without you ever knowing.
To give an idea of how advanced these virus payloads are, Stuxnet was specifically designed to be benign to all computers except those acquired by bypassing embargoes into Iran, specifically Siemens computers meant for use for their centrifuges. The virus was so specific to the target that it was all but obvious as to the source of the attack.
Geopolitically what do you think that attacks like this will do? How does one think that adversaries of western interests will respond? What do you think the results of these ramped up digital arms war will reap?
For those versed in the security field of IT, I can tell you this. We're freaking the eff out.
Why are we doing so?
Like all arms wars, there are going to be unintended consequences. There are going to be tools and exploits that typically would never gone beyond the underground hacker ring of a "Hey look what we can do, fix it" and might possibly fall into the hands of someone who won't sound the bells and won't exploit it for information purposes only.
You see, those lulz hackers I described above, the ones that do it for the lulz? Very often they will hack something, exploit it, and then tell you how they did it. You know, so you learn your lesson. Just as I described my experience with it earlier.
Nation state hacking has no moral compass like this. So now instead of increased nuclear warheads, we are going to see an increase in digital warheads. These warheads have a risk of landing in the hands of people who have no compass and really until they got word of the exploit had no ability to exploit anything beyond a few scripts. People who really do intend to do harm and can then modify the code to extract information, and alter it and alter it for a purpose. In short we are throwing out there the possibility of a digital dirty bomb.
So now the question becomes, how can we expect other nations to respond? Would we honestly expect them to respond differently? Who will respond is a good question too? One thing is for certain, it is all but obvious that the US has taken the first obvious shot across the digital bow.
What are we the guardians on the bridge to do, to respond to these changes in the digital sea as well? What should we do to protect our own digital Asgard?
Well all I can tell you is that as a sysadmin, I am doing everything I can to batten down the hatches, shore up the defenses, and read every log file possible. Now that its becoming obvious that nation states are entering the privateer waters, no longer do I have to protect the harbors from a random pillaging, I now have to protect the harbors from keen intentional and targeted attacks with clear purpose. And unfortunately now I cannot even fathom the purpose of the attack, before having focused on things like social security numbers or financial information. Now all information could be in play, and because of the multi-national world we live in I cannot predict the intent of the attack.
This puts your guardians at a distinct disadvantage, but we fight the good fight and look where we can when we can. Welcome to the brave new digital world, wish us at the digital front lines some well wishes in our goals to protect your harbors.
PS. If I do not respond its because my wife is on the short end of a pregnancy and we're expecting a baby within the next few days. So apologies if any comments go ignored.
Sat Aug 11, 2012 at 12:30 PM PT: Thanks rangers for the rescue. Ill try to respond if I can. Update still no baby yet but soon very soon. Contractions getting closer together waiting on that magic five min mark so we definitely say she is in labor.