Vulnerabilities / Threats
9/3/2013
10:03 PM
Tom Parker
Tom Parker
Commentary
Connect Directly
RSS
E-Mail
50%
50%

An Unrestricted Syria

Cyber on the table for Syria's possible response to a U.S. missile strike?

As the world waits to see what the U.S. and its allies will do in response to Syria's purported chemical weapons attacks and much of the media mulls the repercussions of action versus doing nothing at all, the usual talking heads have started their inevitable riff on the usual cyberconflict hype playlist (attacks against the power grid and so on). In contrast to the relatively well-informed dialogue on most news channels regarding Syrian weapons systems and trade agreements with allies such as Russia, dialogue around how cyber may play a role seems to lack any sophistication or depth whatsoever. Since mainstream media is missing a trick here, it seemed like a good opportunity for a little more dialogue on the subject.

In 1999, a pair of Chinese PLA colonels published a book entitled "Unrestricted Warfare." The topic of the publication was to document ways in which a technologically inferior nation-state (such as China), may overcome its disadvantage through the use of unconventional warfare. In many ways, Unrestricted Warfare is a modern adaptation of the more subtle philosophies discussed in the Art of War. Methods discussed include economic warfare, terrorism, "lawfare" (a term for political activism aimed at causing legislative change) and electronic warfare.

Strategically speaking, in lieu of an ability to mount a conventional militarily response to action by the U.S., such an approach puts cyber front and center in terms of a viable response for Syria. Further to this, if we consider the political turmoil faced both in the U.S. and Britain as to how the world might respond to a chemical attack, consider the challenges and political collateral associated with similarly conceiving a proportionate response to a cyber-counter-offensive by Syria. I can't imagine that UN weapons inspectors have a great deal of experience attributing exploit payloads.

Thus far, most of what we know (in the public domain) about Syria's cyber capability is limited to the Syrian Electronic Army (SEA), who have been responsible for a handful of DDoS attacks, website defacements, and perhaps most notably, the compromise of an Associated Press's Twitter account, which was utilized to post misinformation regarding an act of terrorism that led to a $200 billion dip in the stock market.

Although many of the capabilities demonstrated by the SEA are far from those that we might expect from a state-level information operations program, there is currently very little evidence that the SEA is any way representative of the cyber muscle that Syria may be able to bring to bear if sufficiently provoked. Further to this, it is almost impossible to fully account for the cyber technology transfers that may occur, if Syrian sympathizers such as Iran elect to come to Syria's aid in the event of a US or allied military strike.

Although a successful offensive against the U.S. media's favorite cyber warfare target (the power grid) is extremely unlikely, if nothing else, the SEA was able to undeniably prove the viability, potential effectiveness and their ability to couple two of the key principals discussed in the Chinese colonels publication: electronic and economic warfare. While I find it unlikely that Syria is sufficiently prepared to affect a cyber counteroffensive of any significance by itself, unlike arms transfers in the kinetic warfare domain. Allies and groups sympathizing with the Syrians could likely prove a significant force multiplier, without drawing the attention that conventional military assistance may result in, possibly making such a strategy an even more attractive option for the Syrian regime.

Should a cyber-orientated cyber offensive occur, Syria may very well attempt to cast the same uncertainty and doubt on who is behind the attack, which they have rather successfully applied to the reported chemical weapons attacks. The media response, public outrage, and political circus that would likely follow would unlikely put an end to their troubles, but may throw a curve ball that few are prepared to fully address.

Tom Parker is CTO at FusionX

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-2595
Published: 2014-08-31
The device-initialization functionality in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, enables MSM_CAM_IOCTL_SET_MEM_MAP_INFO ioctl calls for an unrestricted mmap interface, which all...

CVE-2013-2597
Published: 2014-08-31
Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c in the acdb audio driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via an application that lever...

CVE-2013-2598
Published: 2014-08-31
app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to overwrite signature-verification code via crafted boot-image load-destination header values that specify memory ...

CVE-2013-2599
Published: 2014-08-31
A certain Qualcomm Innovation Center (QuIC) patch to the NativeDaemonConnector class in services/java/com/android/server/NativeDaemonConnector.java in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.3.x enables debug logging, which allows attackers to obtain sensitive disk-encryption pas...

CVE-2013-6124
Published: 2014-08-31
The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a (1) chown or (2) chmod command, as demonstrated by changing the permissions of an arbitrary fil...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.