Vulnerabilities / Threats
9/3/2013
10:03 PM
Tom Parker
Tom Parker
Commentary
50%
50%

An Unrestricted Syria

Cyber on the table for Syria's possible response to a U.S. missile strike?

As the world waits to see what the U.S. and its allies will do in response to Syria's purported chemical weapons attacks and much of the media mulls the repercussions of action versus doing nothing at all, the usual talking heads have started their inevitable riff on the usual cyberconflict hype playlist (attacks against the power grid and so on). In contrast to the relatively well-informed dialogue on most news channels regarding Syrian weapons systems and trade agreements with allies such as Russia, dialogue around how cyber may play a role seems to lack any sophistication or depth whatsoever. Since mainstream media is missing a trick here, it seemed like a good opportunity for a little more dialogue on the subject.

In 1999, a pair of Chinese PLA colonels published a book entitled "Unrestricted Warfare." The topic of the publication was to document ways in which a technologically inferior nation-state (such as China), may overcome its disadvantage through the use of unconventional warfare. In many ways, Unrestricted Warfare is a modern adaptation of the more subtle philosophies discussed in the Art of War. Methods discussed include economic warfare, terrorism, "lawfare" (a term for political activism aimed at causing legislative change) and electronic warfare.

Strategically speaking, in lieu of an ability to mount a conventional militarily response to action by the U.S., such an approach puts cyber front and center in terms of a viable response for Syria. Further to this, if we consider the political turmoil faced both in the U.S. and Britain as to how the world might respond to a chemical attack, consider the challenges and political collateral associated with similarly conceiving a proportionate response to a cyber-counter-offensive by Syria. I can't imagine that UN weapons inspectors have a great deal of experience attributing exploit payloads.

Thus far, most of what we know (in the public domain) about Syria's cyber capability is limited to the Syrian Electronic Army (SEA), who have been responsible for a handful of DDoS attacks, website defacements, and perhaps most notably, the compromise of an Associated Press's Twitter account, which was utilized to post misinformation regarding an act of terrorism that led to a $200 billion dip in the stock market.

Although many of the capabilities demonstrated by the SEA are far from those that we might expect from a state-level information operations program, there is currently very little evidence that the SEA is any way representative of the cyber muscle that Syria may be able to bring to bear if sufficiently provoked. Further to this, it is almost impossible to fully account for the cyber technology transfers that may occur, if Syrian sympathizers such as Iran elect to come to Syria's aid in the event of a US or allied military strike.

Although a successful offensive against the U.S. media's favorite cyber warfare target (the power grid) is extremely unlikely, if nothing else, the SEA was able to undeniably prove the viability, potential effectiveness and their ability to couple two of the key principals discussed in the Chinese colonels publication: electronic and economic warfare. While I find it unlikely that Syria is sufficiently prepared to affect a cyber counteroffensive of any significance by itself, unlike arms transfers in the kinetic warfare domain. Allies and groups sympathizing with the Syrians could likely prove a significant force multiplier, without drawing the attention that conventional military assistance may result in, possibly making such a strategy an even more attractive option for the Syrian regime.

Should a cyber-orientated cyber offensive occur, Syria may very well attempt to cast the same uncertainty and doubt on who is behind the attack, which they have rather successfully applied to the reported chemical weapons attacks. The media response, public outrage, and political circus that would likely follow would unlikely put an end to their troubles, but may throw a curve ball that few are prepared to fully address.

Tom Parker is CTO at FusionX

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: nice post
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1750
Published: 2015-07-01
Open redirect vulnerability in nokia-mapsplaces.php in the Nokia Maps & Places plugin 1.6.6 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the href parameter to page/place.html. NOTE: this was originally reported as cross-sit...

CVE-2014-1836
Published: 2015-07-01
Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_path parameter in a cancel action.

CVE-2015-0848
Published: 2015-07-01
Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image.

CVE-2015-1330
Published: 2015-07-01
unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vecto...

CVE-2015-1950
Published: 2015-07-01
IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not require authentication for access to the Python interpreter with nova credentials, which allows KVM guest OS users to discover certain PowerVC credentials and bypass intended access restrictions via unspecified Python code.

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report