Category Archives: cyberwar

Cyber-Attacking Nuclear Plants: the 3 000 cyber bugs

In the first half of 2019 , no country endured more cyber-attacks on its Internet of Things—the web of internet-connected devices and infrastructure—than India did. So asserts Subex, an Indian telecommunications firm, which produces regular reports on cyber-security. Between April and June of 2019, it said, recorded cyber-attacks jumped by 22%, with 2,550 unique samples of malware discovered. Some of that malicious code is turning up in hair-raising places.

On October 28, 2019 reports indicated that malware had been found on the computer systems of Kudankulam Nuclear Power Plant in Tamil Nadu, the newest and largest such power station in India. Pukhraj Singh, a cybersecurity researcher who formerly worked for the National Technical Research Organisation (NTRO), India’s signals-intelligence agency, says he was informed of the malware by an undisclosed third party in September, and notified the government.The attackers, he said, had acquired high-level access and struck “extremely mission-critical targets”…. On October 30, 2019 the body that operates nuclear power plants acknowledged, sheepishly, that a computer had indeed been infected, but it was only an “administrative” one.

Sensitive sites such as power plants typically isolate the industrial-control systems (those that control the workings of a plant) from those connected to the wider internet. They do so using air-gaps (which involve disconnecting the system from the wider world), firewalls (which monitor data-flows for suspicious traffic) or data diodes (which allow information to flow out but not in).

But breaching a computer on the outside of these digital moats is nevertheless troubling. It could have given the attackers access to sensitive emails, personnel records and other details which would, in turn, make it easier to gain access to the more isolated operational part of the plant. America and Israel are thought to have sneaked the devastating Stuxnet virus into Iran’s air-gapped uranium-enrichment plant at Natanz around 2007 by planting a USB stick on a worker, who carried it inside and plugged it in.

The culprit behind the Kudankulam attack is unknown, but left some clues. The malware in question is from a family known as DTrack, which gives attackers an intimate look at what victims are doing—down to their keystrokes. It is typically used to monitor a target, making it easier to deliver further malware. DTrack was originally developed by a group of hackers known as the Lazarus Group, who are widely assumed to be controlled or directed by North Korea.

Excerpts from On the DTrack: A cyber-attack on an Indian nuclear plant raises worrying questions, Economist, Nov. 1, 2019

How to Fool your Enemy: Artificial Intelligence in Conflict

The contest between China and America, the world’s two superpowers, has many dimensions… One of the most alarming and least understood is the race towards artificial-intelligence-enabled warfare. Both countries are investing large sums in militarised artificial intelligence  (AI), from autonomous robots to software that gives generals rapid tactical advice in the heat of battle….As Jack Shanahan, a general who is the Pentagon’s point man for AI, put it last month, “What I don’t want to see is a future where our potential adversaries have a fully ai-enabled force and we do not.”

AI-enabled weapons may offer superhuman speed and precision.  In order to gain a military advantage, the temptation for armies will be to allow them not only to recommend decisions but also to give orders. That could have worrying consequences. Able to think faster than humans, an AI-enabled command system might cue up missile strikes on aircraft carriers and airbases at a pace that leaves no time for diplomacy and in ways that are not fully understood by its operators. On top of that, ai systems can be hacked, and tricked with manipulated data.

AI in war might aid surprise attacks or confound them, and the death toll could range from none to millions.  Unlike missile silos, software cannot be spied on from satellites. And whereas warheads can be inspected by enemies without reducing their potency, showing the outside world an algorithm could compromise its effectiveness. The incentive may be for both sides to mislead the other. “Adversaries’ ignorance of AI-developed configurations will become a strategic advantage,” suggests Henry Kissinger, who led America’s cold-war arms-control efforts with the Soviet Union…Amid a confrontation between the world’s two big powers, the temptation will be to cut corners for temporary advantage. 

Excerpts from Mind control: Artificial intelligence and war, Economist,  Sept. 7, 2019

Example of the Use of AI in Warfare: The Real-time Adversarial Intelligence and Decision-making (RAID) program under the auspices of The Defense Advanced Research Projects Agency’s (DARPA) Information Exploitation Office (IXO)  focuses on the challenge of anticipating enemy actions in a military operation. In the US Air Force community, the term, predictive battlespace awareness, refers to capabilities that would help the commander and staff to characterize and predict likely enemy courses of action…Today’s practices of military intelligence and decision-making do include a number of processes specifically aimed at predicting enemy actions. Currently, these processes are largely manual as well as mental, and do not involve any significant use of technical means. Even when computerized wargaming is used (albeit rarely in field conditions), it relies either on human guidance of the simulated enemy units or on simple reactive behaviors of such simulated units; in neither case is there a computerized prediction of intelligent and forward-looking enemy actions….

[The deception reasoning of the adversary is very important in this context.]  Deception reasoning refers to an important aspect of predicting enemy actions: the fact that military operations are historically, crucially dependent on the ability to use various forms of concealment and deception for friendly purposes while detecting and counteracting the enemy’s concealment and deception. Therefore, adversarial reasoning must include deception reasoning.

The RAID Program will develop a real-time adversarial predictive analysis tool that operates as an automated enemy predictor providing a continuously updated picture of probable enemy actions in tactical ground operations. The RAID Program will strive to: prove that adversarial reasoning can be automated; prove that automated adversarial reasoning can include deception….

Excerpts from Real-time Adversarial Intelligence and Decision-making (RAID), US Federal Grants

Who Owns Your Voice? Grabbing Biometric Data

Increasingly sophisticated technology that detects nuances in sound inaudible to humans is capturing clues about people’s likely locations, medical conditions and even physical features.Law-enforcement agencies are turning to those clues from the human voice to help sketch the faces of suspects. Banks are using them to catch scammers trying to imitate their customers on the phone, and doctors are using such data to detect the onset of dementia or depression.  That has… raised fresh privacy concerns, as consumers’ biometric data is harnessed in novel ways.

“People have known that voice carries information for centuries,” said Rita Singh, a voice and machine-learning researcher at Carnegie Mellon University who receives funding from the Department of Homeland Security…Ms. Singh measures dozens of voice-quality features—such as raspiness or tremor—that relate to the inside of a person’s vocal tract and how an individual voice is produced. She detects so-called microvolumes of air that help create the sound waves that make up the human voice. The way they resonate in the vocal tract, along with other voice characteristics, provides clues on a person’s skull structure, height, weight and physical surroundings, she said.

Nuance’s voice-biometric and recognition software is designed to detect the gender, age and linguistic background of callers and whether a voice is synthetic or recorded. It helped one bank determine that a single person was responsible for tens of millions of dollars of theft, or 18% of the fraud the firm encountered in a year, said Brett Beranek, general manager of Nuance’s security and biometrics business.

Audio data from customer-service calls is also combined with information on how consumers typically interact with mobile apps and devices, said Howard Edelstein, chairman of behavioral biometric company Biocatch. The company can detect the cadence and pressure of swipes and taps on a smartphone.  How a person holds a smartphone gives clues about their age, for example, allowing a financial firm to compare the age of the normal account user to the age of the caller…

If such data collected by a company were improperly sold or hacked, some fear recovering from identity theft could be even harder because physical features are innate and irreplaceable.

Sarah Krouse, What Your Voice Reveals About You, WSJ, Aug. 13, 2019

Who is Afraid of Shamoon? How to Wipe a Country Off the Face of the Earth

Suspected Iranian hackers infiltrated critical infrastructure and government computers in the Persian Gulf nation of Bahrain in July-August  2019, raising fears among leaders in the region that Tehran is stepping up its cyberattacks amid growing tensions…Hackers broke into the systems of Bahrain’s National Security Agency—the country’s main criminal investigative authority—as well as the Ministry of Interior and the first deputy prime minister’s office, according to one of the people familiar with the matter.

On July 25, 2019 Bahrain authorities identified intrusions into its Electricity and Water Authority. The hackers shut down several systems in what the authorities believed was a test run of Iran’s capability to disrupt the country, the person said. “They had command and control of some of the systems,” the person said.  The breaches appeared broadly similar to two hacks in 2012 that knocked Qatar’s natural-gas firm RasGas offline and wiped data from computer hard drives belonging to Saudi Arabia’s Aramco national oil company, a devastating attack that relied on a powerful virus known as Shamoon.  Bahrain is the smallest country in the Persian Gulf, but it is strategically important because it’s the permanent home of the U.S. Navy’s Fifth Fleet and Navy Central Command. It is closely allied with its much larger neighbor, Saudi Arabia, a regional rival of Iran.

The Bahrain authorities haven’t definitively attributed the attack to Iran, but they have been provided intelligence by the U.S. and others suggesting Iran is behind it, the people familiar with the matter said….“In the first half of 2019, the Information & eGovernment Authority successfully intercepted over 6 million attacks and over 830,000 malicious emails. The attempted attacks did not result in downtime or disruption of government services,” 

Excerpt from High-Level Cyber Intrusions Hit Bahrain Amid Tensions With Iran, WSJ, Aug. 7, 2019

Why a Dumb Internet is Best

Functional splintering [of the internet] is already happening. When tech companies build “walled gardens”, they decide the rules for what happens inside the walls, and users outside the network are excluded…

Governments are playing catch-up but they will eventually reclaim the regulatory power that has slipped from their grasp. Dictatorships such as China retained control from the start; others, including Russia, are following Beijing. With democracies, too, asserting their jurisdiction over the digital economy, a fragmentation of the internet along national lines is more likely. …The prospect of a “splinternet” has not been lost on governments. To avoid it, Japan’s G20 presidency has pushed for a shared approach to internet governance. In January 2019, prime minister Shinzo Abe called for “data free flow with trust”. The 2019 Osaka summit pledged international co-operation to “encourage the interoperability of different frameworks”.

But Europe is most in the crosshairs of those who warn against fragmentation…US tech giants have not appreciated EU authorities challenging their business model through privacy laws or competition rulings. But more objective commentators, too, fear the EU may cut itself off from the global digital economy. The critics fail to recognise that fragmentation can be the best outcome if values and tastes fundamentally differ…

If Europeans collectively do not want micro-targeted advertising, or artificial intelligence-powered behaviour manipulation, or excessive data collection, then the absence on a European internet of services using such techniques is a gain, not a loss. The price could be to miss out on some services available elsewhere… More probably, non-EU providers will eventually find a way to charge EU users in lieu of monetising their data…Some fear EU rules make it hard to collect the big data sets needed for AI training. But the same point applies. EU consumers may not want AI trained to do intrusive things. In any case, Europe is a big enough market to generate stripped, non-personal data needed for dumber but more tolerable AI, though this may require more harmonised within-EU digital governance. Indeed, even if stricter EU rules splinter the global internet, they also create incentives for more investment into EU-tailored digital products. In the absence of global regulatory agreements, that is a good second best for Europe to aim for.

Excerpts from Martin Sandbu,  Europe Should Not be Afraid of Splinternet,  FT, July 2, 2019

If You Control Space, You Control Everything: Space as War Domain

The North Atlantic Treaty Organization (NATO) is looking to classify space as a domain for warfare in an attempt to deter China’s growing military power.  If NATO’s proposal succeeds, the international alliance could move forward with the development and use of space weapons.  According to NATO diplomats, the international organization is preparing to release an agreement that will officially declare space as a war domain. This means that aside from land, air and sea, space could also be used for military operations during times of war.

Although NATO’s partner countries currently own 65% of the satellites in space, China is reportedly preparing to launch a massive project that involves releasing constellations of satellites in low Earth orbit.  China Aerospace Science and Industry Corp (CASIC)  is planning to put in orbit 150 or more Hongyun satellites by 2023. Some of these satellites will provide commercial services like high-speed internet while others would be controlled by the Chinese military. These militarized satellites can be used to coordinate ground forces and to track approaching missiles.

“You can have warfare exclusively in space, but whoever controls space also controls what happens on land, on the sea and in the air,” according to Jamie Shea, a former NATO official. “If you don’t control space, you don’t control the other domains either.”

Excerpts from Inigo Monzon , NATO Prepares For Space Warfare By Militarizing Low Earth Orbit, International Business Times, June 24, 2019

US v. China: The Slow and Sure Conquest of Internet Infrastructure


A new front has opened in the battle between the U.S. and China over control of global networks that deliver the internet. This one is beneath the ocean. While the U.S. wages a high-profile campaign to exclude China’s Huawei Technologies Co. from next-generation mobile networks over fears of espionage, the company is embedding itself into undersea cable networks that ferry nearly all of the world’s internet data.

About 380 active submarine cables—bundles of fiber-optic lines that travel oceans on the seabed—carry about 95% of intercontinental voice and data traffic, making them critical for the economies and national security of most countries. 

The Huawei Marine’s Undersea Cable Network majority owned by Huawei Technologies, has worked on some 90 projects to build or upgrade submarine cables around the world…US o fficials say the company’s knowledge of and access to undersea cables could allow China to attach devices that divert or monitor data traffic—or, in a conflict, to sever links to entire nations.  Such interference could be done remotely, via Huawei network management software and other equipment at coastal landing stations, where submarine cables join land-based networks, these officials say.

Huawei Marine said in an email that no customer, industry player or government has directly raised security concerns about its products and operations.Joe Kelly, a Huawei spokesman, said the company is privately owned and has never been asked by any government to do anything that would jeopardize its customers or business. “If asked to do so,” he said, “we would refuse.”

The U.S. has sought to block Huawei from its own telecom infrastructure, including undersea cables, since at least 2012. American concerns about subsea links have since deepened—and spread to allies—as China moves to erode U.S. dominance of the world’s internet infrastructure…..Undersea cables are owned mainly by telecom operators and, in recent years, by such content providers as Facebook and Google. Smaller players rent bandwidth.Most users can’t control which cable systems carry their data between continents. A handful of switches typically route traffic along the path considered best, based on available capacity and agreements between cable operators.

In June 2017, Nick Warner, then head of Australia’s Secret Intelligence Service, traveled to the Solomon Islands, a strategically located South Pacific archipelago. His mission, according to people familiar with the visit, was to block a 2016 deal with Huawei Marine to build a 2,500-mile cable connecting Sydney to the Solomons.  Mr. Warner told the Solomons’ prime minister the deal would give China a connection to Australia’s internet grid through a Sydney landing point, creating a cyber risk, these people said. Australia later announced it would finance the cable link and steered the contract to an Australian company.  In another recent clash, the U.S., Australia and Japan tried unsuccessfully in September 2018 to quash an undersea-cable deal between Huawei Marine and Papua New Guinea.

U.S. and allied officials point to China’s record of cyber intrusions, growing Communist Party influence inside Chinese firms and a recent Chinese law requiring companies to assist intelligence operations. Landing stations are more exposed in poorer countries where cyber defenses tend to be weakest, U.S. and allied officials said. And network management systems are generally operated using computer servers at risk of cyber intrusion. Undersea cables are vulnerable, officials said, because large segments lie in international waters, where physical tampering can go undetected. At least one U.S. submarine can hack into seabed cables, defense experts said. In 2013, former National Security Agency contractor Edward Snowden alleged that Britain and the U.S. monitored submarine cable data. The U.S. and its allies now fear such tactics could be used against them. American and British military commanders warned recently that Russian submarines were operating near undersea cables. In 2018, the U.S. sanctioned a Russian company for supplying Russian spies with diving equipment to help tap seabed cables.


The Ionian Sea Submarine Cable Project (Greece) 

China seeks to build a Digital Silk Road, including undersea cables, terrestrial and satellite links, as part of its Belt and Road plan to finance a new global infrastructure network. Chinese government strategy papers on the Digital Silk Road cite the importance of undersea cables, as well as Huawei’s role in them. A research institute attached to China’s Ministry of Industry and Information Technology, in a paper published in September, praised Huawei’s technical prowess in undersea cable transmission and said China was poised to become “one of the world’s most important international submarine cable communication centers within a decade or two.” China’s foreign and technology ministries didn’t respond to requests for comment…

Huawei Marine Networks

Bjarni Thorvardarson, then chief executive of the cable’s Ireland-based operator, said U.S. authorities raised no objections until 2012, when a congressional report declared Huawei Technologies a national security threat. Mr. Thorvardarson wasn’t convinced. “It was camouflaged as a security risk, but it was mostly about a preference for using U.S. technology,” he said. Under pressure, Mr. Thorvardarson dropped Huawei Marine from Project Express in 2013. The older cable network continued to use Huawei equipment.

The company is now the fourth-biggest player in an industry long dominated by U.S.-based SubCom and Finnish-owned Alcatel Submarine Networks. Japan’s NEC Corp is in third place.Huawei Marine is expected to complete 28 cables between 2015 and 2020—nearly a quarter of all those built globally—and it has upgraded many more, according to TeleGeography, a research company.

Excerpts from America’s Undersea Battle With China for Control of the Global Internet Grid , WSJ, Mar. 12, 2019