PDA

View Full Version : The US Started a New Arms Race: Everyone is Invited to Join



Ed Jewett
06-16-2012, 03:16 AM
Friday, 15 June 2012The US Started a New Arms Race: Everyone is Invited to JoinLast week, I wrote about how with the release of Stuxnet and Flame (and the disclosure that the US was behind it), would open Pandora's box (http://globalguerrillas.typepad.com/globalguerrillas/2012/06/pandora-smiled.html). How?
Proliferation. Every other country would see it as a green light to openly develop their own cyberweapons and USE them.
Accelerated pace. It would radically advance the state of the art in cyberweapons (both for other countries and any small group that was smart enough to do so) since the code would be available to nearly everyone for reverse engineering.
Accidents/failures. Since these weapons self-replicate, it makes it much more likely we'll see run-away disasters (small group/nation builds a weapon based on US/Indian/Chinese design with mods and no fail safe).
So, it was no surprise to read (http://www.theregister.co.uk/2012/06/11/india_state_sponsored_attacks/) that India is now in the process of greenlighting offensive cyberweapon development and use. Unfortunately, the opportunity to negotiate and push forward a global moratorium on cyberweapon development has been rejected. Too bad. However we should have expected this given how badly we screwed up in Iraq and Afghanistan, and our inability to learn from it. For example, the smart team of folks doing the yeoman's work to keep counter-insurgency theory alive in the DoD, to avoid another Iraq or Afghanistan in the future, is micro-scopic and about to get cut. In this case, the attractiveness of a cyberweapon (seemingly low cost for meaningful results) overwhelmed any concerns about the negative effects. Why? It's simple. The decision makers weren't warned about any negative effects, since the knowledge of open source warfare theory required to see negative effects doesn't exist in their advisor pool from the DoD/NSA/CIA. In fact, these agencies don't even recognize "warfare" as a discipline worthy of study (which is kind of like a doctor rejecting biology as something useful). Instead, the advice they offer is from lawyers, political scientists, and technologists (cybersecurity types). See the disconnect? They don't even have military historian on hand. What are the negative effects decision makers should have been apprised of? The major one is that we have now launched a new global arms race. A race to build the perfect cyberweapon.

A weapon that can hide, spoof, and mimic (check out the attributes of Storm (http://globalguerrillas.typepad.com/globalguerrillas/2007/10/malware-warfare.html))
A weapon that can evolve. Weapons that are built to break specific, critical systems at a deep level.
A weapon that has increasingly has the capacity to make decisions (the code will increasingly mimic nature -- insects/rats)
To make it worse, this is an arms race that EVERYONE with the smarts and training required can participate in. It's an open source arms race.

An arms race where the basic plans for every new weapon is released to the public when the weapon is used.
Plans that can be reverse engineered and shared with everyone on earth.
Plans that can yield copies of the weapon that will be sold to everyone that wants to buy it.
It's going to an interesting decade.


Posted by John Robb (http://profile.typepad.com/johnrobb) on Friday, 15 June 2012 at 10:24 AM | Permalink (http://globalguerrillas.typepad.com/globalguerrillas/2012/06/the-us-started-a-new-arms-race-everyone-is-invited-to-join.html)

Ed Jewett
06-20-2012, 05:37 AM
U.S., Israel Developed Flame Computer Virus (http://cryptogon.com/?p=30087)June 20th, 2012Via: Washington Post (http://www.washingtonpost.com/world/national-security/us-israel-developed-computer-virus-to-slow-iranian-nuclear-efforts-officials-say/2012/06/19/gJQA6xBPoV_print.html):
The United States and Israel jointly developed a sophisticated computer virus nicknamed Flame that collected intelligence in preparation for cyber-sabotage aimed at slowing Iran’s ability to develop a nuclear weapon, according to Western officials with knowledge of the effort.
The massive piece of malware secretly mapped and monitored Iran’s computer networks, sending back a steady stream of intelligence to prepare for a cyberwarfare campaign, according to the officials.
The effort, involving the National Security Agency, the CIA and Israel’s military, has included the use of destructive software such as the Stuxnet virus to cause malfunctions in Iran’s nuclear-enrichment equipment.
The emerging details about Flame provide new clues to what is thought to be the first sustained campaign of cyber-sabotage against an adversary of the United States.
“This is about preparing the battlefield for another type of covert action,” said one former high-ranking U.S. intelligence official, who added that Flame and Stuxnet were elements of a broader assault that continues today. “Cyber-collection against the Iranian program is way further down the road than this.”
Flame came to light last month after Iran detected a series of cyberattacks on its oil industry. The disruption was directed by Israel in a unilateral operation that apparently caught its American partners off guard, according to several U.S. and Western officials, speaking on the condition of anonymity.
There has been speculation that the United States had a role in developing Flame, but the collaboration on the virus between Washington and Israel has not been previously confirmed. Commercial security researchers last week reported that Flame contained some of the same code as Stuxnet. Experts described the overlap as DNA-like evidence that the two sets of malware were parallel projects run by the same entity.
Spokesmen for the CIA, the NSA and the Office of the Director of National Intelligence, as well as the Israeli Embassy in Washington, declined to comment.
Posted in Covert Operations (http://cryptogon.com/?cat=27), Infrastructure (http://cryptogon.com/?cat=21), Technology (http://cryptogon.com/?cat=12), War (http://cryptogon.com/?cat=28)