National Security is Everyone's Business

April 25th, 2024 | 3:40 PM ET

The Cyber Wild West

Posted: October 18th, 2022

By Walter Pincus

Pulitzer Prize Winning Journalist Walter Pincus is a contributing senior national security columnist for The Cipher Brief. He spent forty years at The Washington Post, writing on topics that ranged from nuclear weapons to politics. He is the author of Blown to Hell: America's Deadly Betrayal of the Marshall Islanders. Pincus won an Emmy in 1981 and was the recipient of the Arthur Ross Award from the American Academy for Diplomacy in 2010.  He was also a team member for a Pulitzer Prize in 2002 and the George Polk Award in 1978.  

OPINION — Two events last week made me more aware than ever of the danger to individuals and to governments from the internet.

First, I was hacked by a scam that froze my computer and then, hackers claiming to be contractors for my service, wanted several hundred dollars to provide a firewall that I already had. It took assistance from my local Computer Geeks group to clean up the problem and explain how often such scams take place.

Second, was a revelation I had after a Center for Strategic and International Studies (CSIS) webinar featuring Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA) and General Paul M. Nakasone, who runs both U.S. Cyber Command and the National Security Agency (NSA).

When asked what responses have been put in place if a major event such as the May 2021 Colonial Pipeline hacking took place again, Easterly referred to what was done when “Log4Shell” occurred – which was a serious vulnerability contained in open source software that was incredibly easy to exploit.

It involved a vulnerability in Apache Log4j2, a popular Java library for logging error messages in applications. The vulnerability, which quickly became known to malicious actors, enabled remote attackers to take over any Log4j2 user’s internet-connected service.

Apparently, the Chinese company Alibaba first reported the problem to Apache in late November 2021, but it was not until December 9, 2021, that Apache informed its users. What followed was what one security expert called “an exploit storm,” with some 50,000 scams or exploitation attempts made within nine hours, expanding to 100-per-minute. It quickly grew to over one million, because most Java users did not know they had that Apache Log4j application.

Easterly explained that after the Apache disclosure in December, CISA marshaled the Federal government on the Log4j problem. “We were very worried about incursions on federal or civilian networks or ransomware” and worked together to ensure we were putting out authoritative guidance – how do you find this vulnerability and how do you mitigate it.”

The Cipher Brief hosts expert-level briefings on national security issues for Subscriber+Members that help provide context around today’s national security issues and what they mean for business.  Upgrade your status to Subscriber+ today.

She explained how CISA had “led the Federal response working with all our partners, terrific collaboration with the technology and with the researchers that gave us amazing insights into what they saw across the eco-system.”

The result, Easterly said, showed wider cybersecurity cooperation over the past year with the so-called “public-private partnership” enabling the transformation of “the whole idea of partnership into real time operational collaboration, so we are getting those insights so we can take those dots, connect those dots and we can drive them to the nation’s scale.”

On the international side, Easterly said she had been incredibly impressed by the Ukranian’s ability to withstand cyberattacks which she attributed in part to “the power of international partnerships.”

She said the U.S. had been working with the Ukrainian Emergency Computer Response Team, but also with “our partners from Latvia, Lithuania, Estonia, Poland, the Czech Republic, in a fantastic sharing platform to essentially get ahead of potential cyber activity. I think that’s also something that’s helped give us some insight of what could potentially happen here.”

For Gen. Nakasone, the lesson was, “How am I going to be able to bring that kind of action with a number of really important partners and synchronize it in terms of when we need it. We’ve learned a lot on that.”

Based on the idea that foreign allies had experiences that helped contribute to cyberattack responses, I looked at list of significant cyber incidents that CSIS maintains covering “attacks on government agencies, defense and high tech companies, or economic crimes with losses of more than a million dollars.” The CSIS list described 96 such attacks worldwide so far this year.

Here for illustration, are those CSIS reported for September 2022:

  • Iranian hackers targeted Albanian computer systems, forcing Albanian officials to temporarily shut down the Total Information Management System, a service used to track individuals entering and exiting Albania. This attack closely followed Albania’s decision to sever diplomatic ties with Iran’
  • Hackers targeted Montenegro’s government networks, rendering Montenegro’s main state websites and government information platforms inaccessible. Montenegrin officials blamed Russia for the attack.
  • Hackers targeted the state-level parliamentary website of Bosnia and Herzegovina, rendering the sites and servers inaccessible for multiple weeks.
  • China accused the U.S. National Security Agency of numerous cyberattacks against China’s Northwestern Polytechnical University. Authorities claim the NSA stole user data and infiltrated digital communications networks.
  • The group Anonymous took responsibility for a series of cyberattacks against the Iranian government that took down two main Iranian government websites and the websites of several state media organizations.
  • Hackers targeted the Mexican Defense Ministry and accessed six terabytes of data, including internal communications, criminal data, and data that revealed Mexico’s monitoring of Ken Salazar, the U.S. Ambassador to Mexico.
  • A Russian-based hacking group targeted the website of the United Kingdom’s intelligence agency MI5 with a DDoS [distributed denial-of-service] attack that temporarily took the site offline.

As Easterly observed, “This is a borderless cyber space.”

Nakasone said in this type of international cyber warfare, “You judge your success by staying ahead of the adversary.”

He added, “That’s something we do very well at the agency [NSA] and the command [CYBERCOM], and trying to figure out the next act, the next tool, the next operation.” The success of the latter steps, he attributed to “the creativity of the people I work with.”

Easterly agreed, “At the end of the day it’s all about the talent of the people who are doing these operations — the defenders, the folks who are listening for intel, that are doing the hunt for admissions, that’s where the creativity lies and that’s going to enable us to be successful in protecting the nation.”

The Internet today is like a small town in the Old Wild West, with no sheriff yet controlling all of the evil doers drawn to that town.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Tagged with:

Related Articles

Israel Strikes Iran

BOTTOM LINE UP FRONT – Less than one week after Iran’s attack against Israel, Israel struck Iran early on Friday, hitting a military air base […] More

April 19th, 2024 by The Cipher Brief

Search

Close