Friday, October 13, 2017

kaspersky/uninstall.exe

One of the most common computer applications is some form of antivirus software.



Most computers are pre-installed with a antivirus protection subscription. Although the free subscription usually lasts only a month and typically seeks to entice a customer to purchase the program, antivirus protection is actually quite important. While scrolling through the comments on a controversial Facebook post, checking e-mail, and browsing “the Google” for memes, antivirus software actively protects against hundreds of attempted attacks or breaches against a system. Fortunately, a variety of free and capable antivirus software programs exist online (Microsoft Security Essentials, Avast, etc.), and customers are able to protect their systems without additional costs.

Antivirus software is structured to know everything about a computer. Once installed, it is granted access to every crevice of a computer’s registry. It is not often antivirus software is equated with security breaches. It is even less often that antivirus software is equated with cyber espionage
However, this has become the case for Kaspersky Labs, Inc

Kaspersky Labs is a Moscow-based computer security company. It boasts a wide variety of products and services, but is most known for its antivirus software. Kaspersky products are sold and disturbed throughout the United States and, until recently, was even used by the government. Kaspersky is widely considered to be at the forefront of cybersecurity technology. Despite its advanced mechanism for detecting threats, the Russian company is cloaked in a shroud of doubt. 

Why? It is speculated that Kaspersky has backdoor ties to Russian hackers. Its founder, Eugene Kaspersky, recevied his high school education at a cyrptology institution sponsored by the former KGB. Kaspersky had a stint creating software for the Soviet government. Don't be led to a conclusion, however, There's no definitive proof that Kaspersky's company colludes with Mother Russia. Instead, consider these cases:

1) Israeli intelligence actually tracked Russian hackers using vulnerabilities in Kaspersky antivirus software. The Russians were searching for U.S. secrets. Now, the initial intrusion was discovered nearly two years ago, but was brought to the discussion table when an NSA employee made a clumsy mistake. The employee, wanting to continue work at home, put sensitive information on his or her computer. The employee's computer was running software from Kaspersky Labs. Russian hackers were able to locate these improperly stored files on the contractor's computer and steal them. Kaspersky denies involvement. 

2) Legislation is swirling around Congress to essentially ban agencies and the military from using Kaspersky software. A trifecta of prominent U.S. intelligence officials all agreed that they would not be comfortable operating their organizations with Kaspersky on any system. Eugene Kaspersky vehemently opposes these opinions. He argues that U.S. policymakers and officials are letting politics cloud their judgement instead of simply using the best end-point security products on the market. But don't be fooled -- Kaspersky maintains a very high reputation among cybersecurity professionals. To reiterate, there is no solid evidence of Kaspersky-Russian collusion, and its quite easy to be swayed by the current political and social climate of U.S. politics.

3) Here is where things become shades of grey. Kaspersky Labs is physically based on Russia, so it is obviously obligated to follow Russian telecommunications law. And it is precisely those laws that are raising eyebrows. Kaspersky is required to aide the FSB in any operation, and the FSB can assign agents to work in or with Kaspersky. Telecommunications law also requires that Kaspersky must install interception equipment that would allow the FSB to monitor traffic. Now, because Kaspersky's data servers reside in Russia, that means U.S. data is flowing through these Russian laws. Alternatively, this relationship is not strikingly odd. It is not strange for communication companies to work with their respective governments. The U.S. has similar regulations on metadata. 

Ultimately, any software that serves as an apparatus for hacking shouldn't be used in the government. On the other hand, NSA employees shouldn't be taking work home. This Kaspersky-gate scare won't go away, and surely more information will surface regarding the true nature of the Kaspersky-Russian relationship. Until then, go update your antivirus software. I recommend Microsoft Security Essentials. If you have a mac, I am sorry. Avast is nice.

If you've read this far, I'd like to recommend another cyber hygiene action to take. CCleaner is an excellent tool for cleaning up your computer files and registry. Your computer voluntarily stores an incredible amount of unwanted files and data just by browsing the internet. CCleaner helps you remove this unnecessary information and free some space. It's free to download, and from what I know, isn't linked to the Russian government.

Tuesday, October 03, 2017

Russian Salami Tactics in Foreign Elections


Based on the Kremlin's recent activity, it is clear that Russia is attempting to make themselves larger and stronger (annexation of Crimea, neo-expansionism in Ukraine) while making other countries smaller and weaker.


To do this, Russia is using the following tactics to influence foreign governments: (1) validating separatist mentalities, (2) supporting opposition groups, and (3) deepening internal divisions. These tactics will undermine strength and unity in foreign nations, comparatively making Russia stronger.
Why these tactics? Because Russia has no chance of weakening US or NATO hegemonic power through conventional means. As Politico states, “The Kremlin’s overall strategy to dismantle the Western alliance is best encapsulated by a 2013 article in a Russian military journal, where what’s since become known as the “Gerasimov Doctrine” was laid down in writing. Adopting tactics of subterfuge traditionally associated with “non-linear” or “hybrid” war, the doctrine calls for the use of non-military over military measures by a four-to-one ratio, thus allowing a conventionally weaker power like Russia (whose military budget is one-tenth that of NATO’s) to fight asymmetrically by exploiting its adversaries’ weaknesses.”
Low-level subversion or meddling in one country is unacceptable, but affecting the internal makeup of dozens of western adversaries? Truly scary. If these actions go unaddressed (or worse: unnoticed), they will collectively add up to a destabilized NATO, EU, etc.  After all, “A West that is divided, inert and unsure of its own basic values is not one that will resist Russia’s revisionist agenda” (Politico). 
Validating separatist mentalities
Using “automated social-network accounts” (bots) to propagate “digital misinformation campaigns” (fake news), Russia has shown a determined desire to interfere in international separatist movements.
These potentially include: Catalonia, Kurdish homeland, Brexit, Venice, and more.
In August of 2016, Moscow hosted a conference (funded in part by the Russian government) that brought together leaders of foreign sucessionist movements. Italian, Catalan, Basque, Northern Ireland, Scottish, Californian, Texan, and Puerto Rican separatist groups met to discuss anti-globalism and separatist issues. It is important to note that Russia does not kindly entertain secessionist movements within its borders.
Supporting opposition and fringe groups
As is typical, the Kremlin is targeting leaders that would be particularly tough on Russia (Hillary Clinton) and opting to support those that may be more lenient towards Russia, and perhaps even lift sanctions (Marine Le Pen, Donald Trump).
More interesting, however, the Kremlin is supporting fringe and opposition groups, as well. This in order to diffuse the popular vote and thus weaken the chances of the best-qualified candidate winning. Russia does this both through financial and political support. This was evident when it was discovered Russia bought Facebook ads in support of Jill Stein, Bernie Sanders, and Donald Trump. The ad bought in support of Jill Stein read, “Choose peace and vote for Jill Stein. Trust me. It’s not a wasted vote. … The only way to take our country back is to stop voting for the corporations and banks that own us. #GrowaSpineVoteJillStein"
Looking to Europe, Russia is also supporting post-communist German Left party, the Italian Five Star movement, and many right-wing Euroskeptic groups that want to pull from the EU in favor of nationalism.
France’s far-right National Front Party admitted they received $12.2 million in loans from a Kremlin-affiliated bank in 2014, according to Bloomberg. And it asked for another loan of $27.7 million in February, the report added.
Deepening internal division
If this isn't enough, the Kremlin is also exploiting the existing polarization of domestic US politics and trying to deepen the divide.
Recent news has come out that Russia purchased several advertisements and authored posts that concerned current racial tension in the US. Facebook has agreed to turn over 3,000 Russian-purchased advertisements. Some of these ads are supportive of groups such as Antifa and Black Lives Matter, while other ads pose these groups as a threat.
Russia may be using similar division tactics in other countries.
These activities beg the questions:
How do we categorize this aggression?
How do we defend against similar acts?
What is the appropriate response?
Until then, we clearly need to work on identifying foreign-influence in domestic politics. This requires extensive cooperation and good faith from social media sites. Zuckerberg has responded, “We will do our part to defend against nation states attempting to spread misinformation and subvert elections. We’ll keep working to ensure the integrity of free and fair elections around the world, and to ensure our community is a platform for all ideas and force for good in democracy.”

Tuesday, September 26, 2017

APT 33

Election hacking seemingly dominates United States cybersecurity discussions, with the focus being, “did Russia hack our election?” I don’t necessarily care about that. What I do care about are the cybersecurity threats from enemies of the state.

A few days ago, security company FireEye released a report detailing the origins of what they deemed “APT 33.” APT is an acronym for ‘advanced persistent threats,’ which is a general term to describe identified threats that could be problematic in the future. Based on their analysis, FireEye believes APT 33 operates on behalf of the Iranian government.

Since 2013, analysts at FireEye have tracked APT 33 as it conducted various cyber espionage operations in the United States, Saudi Arabia, and South Korea. In mid-2016 to early 2017, APT 33 targeted a U.S. organization in the aerospace sector and a business conglomerate located in Saudi Arabia with aviation holdings. More recently in May of 2017, APT 33 targeted a Saudi Arabian and South Korean business conglomerate, based in oil and petrochemicals, by using malware disguised as a job vacancy announcement with the Saudi company.

Iran’s targets are a bit unsettling. First, Iran and Saudi Arabia are not friendly. In fact, Iran’s quasi-friendly relationship with Qatar is one of the reasons as to why Saudi Arabia presented the tiny Gulf nation with a list of demands after cutting diplomatic ties. FireEye speculates that Iran was likely searching for ways to enhance its own military aviation capabilities against its regional adversaries. The U.S. may have been a target simply because it supplies Saudi Arabia with an large amount of arms - $110 billion worth – to the Gulf state. 

Second, Iran has often expressed interest in growing their petrochemical industry, and has even engaged in partnerships with nations like South Korea. So why would the Iranians be targeting a new partner? It is unclear. However, analysts at FireEye believe Iran may have targeted the Saudi and South Korean chemical company as a way to improve its own competitiveness.





This discussion also highlights the importance of enhanced partnerships between the government and the private sector. I’m assuming the analysts at FireEye were the first to put out a detailed report on APT 33, which proves that sometimes private technology firms can allocate human capital and utilize advanced technology more efficiently than the government.


Labeling APT 33 as an advanced persistent threat is wise. Based on the Iranian’s growing cyber capability, they could soon begin procuring or finessing cyber weapons. As our dependence on technology deepens, so does our attack surface, meaning new ways to attack the U.S. via cyberspace are growing. Regardless of the subject – aerospace firms, Equifax, or the power grid – a foreign cyber-attack or act of espionage on the U.S. is and should always be a national security issue.

Thursday, September 21, 2017

Trumpian Globalism

Donald Trump gave his inaugural U.N. General Assembly speech this Tuesday, and like the campaign he came out swinging. In the speech, President Trump took aim at both North Korea and Iran. Between the threats of destroying North Korea, ripping up the Joint Comprehensive Plan of Action, and coining a new nickname for North Korean leader Kim Jong-Un, President Trump introduced the General Assembly to his version of globalism. Trump began his speech, after his obligatory boasting of his own achievements, by discussing the promise and perils that humanity faces. Trump looked to the past in this speech, bringing up the reasons for the creation of the U.N. and highlighting the success of the Marshall plan in rebuilding Europe after the Second World War. Instead of the standard view that the Marshall plan helped to further integrate the world, Trump took the position that the plan created nations that were "strong, independent, and free." President Trump also stated that he was here in the best interest of his nation and he expected that other leaders should be there in the best interest of theirs. This siren call to defend sovereignty may seem like something out of the Russian or Chinese foreign policy playbook; however, like everything with Donald Trump, there are always conditions attached. While Trump stated the the protection of sovereignty and independence of each nation was one the core purposes of the U.N., it is clear that he expected all nations to have a rudimentary respect of human rights and that they all have an obligation to their people. Before launching into his attacks on Iran and North Korea, Trump stated that all nations had an obligation to "confront the wicked few." Trump's view on how the international order appears to be a hybrid of the traditional view of American foreign policymakers and that of China or Russia. Heralding American values of government of, by, and for the people and then stating that the United States will not directly promote these views in other nations. It appears that Trump is attempting to directly translate his domestic platform of "America First" to the world. It remains to be seen how these two seemingly contradictory positions will mesh. Trump clearly expects the world to act with the United States against Iran and North Korea and in return he promises not to intervene in their internal affairs. The long-term impact of this new foreign policy will affect the security of both the nation and the world as a whole.

Wednesday, September 20, 2017

The Devaluation of National Interest


In his article “’National Security’ as an Ambiguous Symbol,’” Arnold Wolfers explains that national interest and national security should be based on the values of the country as a whole. One value that America upholds is that of freedom. The United States was built on immigrants and refugees seeking freedom from their oppressors. Within the first seven months of his presidency, Donald Trump has begun a battle against this value. During his campaign, Donald Trump promised to build a wall to keep illegal immigrants out of the United States. He attempted to enact a “Muslim” ban, keeping people from specific Islamic countries from entering the U.S. The President has also reduced America’s intake of refugees. He claims to be making America great again and using his power to protect and promote the ideals of the American people. Unfortunately, since he has become President, Donald Trump has removed quite a few of the American people, or those who hoped to one day become citizens of the United States.
Have immigrants and refugees compromised our nation’s security? To this question, our President would respond yes. He could say that they are taking our jobs and hurting our economy. He could say that they are radicals sneaking into the United States to attack us. We could choose to believe a number of things about these people and their effects on how “secure” we feel. Is it right to automatically assume that all refugees from Islamic countries are terrorists just because it makes us feel safer? Is it right to encourage ICE to come in the middle of the night to drag immigrants out of there homes? The security that we feel because of the injustices done to others has removed their right to security as well. Is our nation not one of equality, justice, and freedom?
I pose the question, how far is too far? At what point are we being more discriminatory than secure? How can we as Americans support the proposal to lift DACA? How can we agree to keep refugees out because of their religion? How far will this devaluation of national interest extend?

            

Monday, September 18, 2017

U.S. Cyber Command Gets High

Polish up your resumes!

U.S. Cyber Command may soon be searching for a new commander.


Why?

Just last month, President Trump ordered the Department of Defense to begin initiating Cyber Command's elevation to a Unified Combatant Command. This is a huge progressive step forward for U.S. military infrastructure. Currently, Cyber Command is subordinate to U.S. Strategic Command and it mainly provides assistance and other augmentative services to the military's various cyberspace missions. The elevation will also remove Cyber Command from the National Security Agency, truly making it an independent UCC with authority over the cyberspace operational domain. As such, Cyber Command would basically set the operational standards for U.S. cyber operations. It would also assume responsibility for resource allocation, training, and mission execution.

Cyber Command is headed by Admiral Michael Rogers. He is the head of the National Security Agency. This is where things get interesting. Because of the elevation and split from the NSA, Secretary of Defense James Mattis will likely recommend a nominee to head Cyber Command. Sources say the elevation process should take about a year to fully implement, but for this blog's sake, timing is not important. What is important, however, is the direction in which a new cyber commander could take the nascent cyber UCC. The new commander would have the power to change U.S. tactical and strategic cyberspace behaviors. This will be something to watch. Will the U.S. maintain its defensive posturing in cyberspace, or will it become an offensive/preemptive, deterrent actor? 

As you can imagine, Rogers is not thrilled with the idea of splitting his agencies apart. Even in the best case scenario, he will still lose power over one of his agencies. I would venture to say he will remain in charge of the NSA and likely will forfeit Cyber Command authority. Former SecDef Carter and DNI Clapper were not fans of Rogers' dual-hat arrangement. I am unsure of either Mattis' or Coats' opinion on the matter.

Regardless, as this elevation process develops, I think it would be worthwhile to follow. Whoever assumes the head position of Cyber Command will have an incredible opportunity to spearhead a new era of U.S. cyberspace policy. Will we see more Stuxnets aimed at North Korea? Or, perhaps, will see see more nuanced rhetoric aimed at creating impenetrable networks? Stay tuned.

Saturday, September 16, 2017

Grand Strategy in the Cyberspace Terrain


Grand strategy, as far as I can tell, is the use of various tools (diplomatic, economic, militaristic) to best achieve a state’s national interest and desired role in the word. Conventional interpretations of grand strategy focus on land, sea, and air. Over the last few decades, the internet has formed a web of networks and created a new terrain: cyberspace. This realm is markedly different in that interactions are not purely physical, the terrain is not dominated by states but by individuals, the territory is virtually lawless, and it is often hard to ID the source/attacker.  

How a nation generally interacts with others in this new realm develops its reputation, from which we can attempt to interpret said nation’s grand cyber strategy.

First, it is important to note that there has never been an instance of cyber war, or even an attack that resulted in loss of life or extensive damage to critical infrastructure. Though some alarmists talk of a cyber Pearl Harbor or 9/11, most experts in the field do not view these as realistic. Instead, most interactions are categorized as either espionage, subversion, or sabotage. So grand cyber strategy, while still passive or aggressive, defensive or offensive, etc. is far milder than conventional militaristic grand strategy.

China’s grand cyber strategy is one of espionage. The instances of Chinese theft in American cyberspace are many: Shady Rat, Ghost Net, the Pentagon Raid, the Byzantine Series, and the F-35 jet plans. This is fairly predictable because China is a rising power that will threaten the US’s hegemony (cue Thucidydes). For a country that does not invest in innovation but rather in manufacturing, theft from an existing power makes sense. Additionally, China has something to prove. “Because cyber espionage is less risky and less costly than attempting to match the conventional US military machine, China uses this tactic to show the Americans that it is a force to be reckoned with in cyberspace” (Cyberwar versus Cyber Realities, p133).

Interestingly, we engage positively with China after they have launched a cyber attack against us, usually turning to diplomacy and transparency. Why? – to avoid escalation and to set global cyber norms. After all, it is partially the victim’s fault due to lack of successful defense. China is engaging in cyber espionage because America produces things worth stealing.

Russia’s grand cyber strategy, compared to China’s, is marked by subversion. This is evident in Russia’s relentless DDoS attacks on Georgia, Estonia, and Ukraine (neo-expansionism??), as well as recent disruption in European and American elections (dissemination of disinformation, propaganda).

Israel’s unique grand strategy is one of aggressive containment- particularly in the context of nuclear weapons. Israel has developed a reputation and international expectation that it will respond (using a fusion of intelligence, cyber, and military tools) to regional powers that develop a nuclear program. See Stuxnet, Operation Orchard.

The United States’ grand cyber strategy has been, to this point, largely one of non-engagement and restraint. In most cyber interactions, our tactics have been defensive rather than offensive. We have recently stressed the importance of hardening our security for the intended effect of deterrence through denial. There seems to be an understanding that cyberattacks fall greatly below the range of military operations and are largely inconsequential to relations between states. There is no incentive to escalate the situation, but rather to harden one’s own defensive capabilities.

Rules of thumb (from Cyberwar versus Cyber Realities, Maness):
When cyber tactics are used: (1) they tend to only be used by existing rivals or states involved in territorial disputes, (2) they are used with relative restraint, (3) they tend not to elicit a strong reaction anyways*, (4) it is possibly just a normalized ‘language’ for rival pairs to non-violently express discontent/displeasure, and (5) so far have proved ineffective in stopping the targets from continuing to pursue their goals [If you look at Stuxnet, Bronze Soldier, and Shamood, all three had no effect on targets’ goals : Estonia becomes even closer with Europe, Iran continued to enrich uranium, and Saudi Arabia continued the Iranian oil embargo].


*Attacks that are public and harder to conceal are more likely to provoke a foreign policy response (DDoS).