Vulnerabilities / Threats
9/3/2013
10:03 PM
Tom Parker
Tom Parker
Commentary
Connect Directly
RSS
E-Mail
50%
50%
Repost This

An Unrestricted Syria

Cyber on the table for Syria's possible response to a U.S. missile strike?

As the world waits to see what the U.S. and its allies will do in response to Syria's purported chemical weapons attacks and much of the media mulls the repercussions of action versus doing nothing at all, the usual talking heads have started their inevitable riff on the usual cyberconflict hype playlist (attacks against the power grid and so on). In contrast to the relatively well-informed dialogue on most news channels regarding Syrian weapons systems and trade agreements with allies such as Russia, dialogue around how cyber may play a role seems to lack any sophistication or depth whatsoever. Since mainstream media is missing a trick here, it seemed like a good opportunity for a little more dialogue on the subject.

In 1999, a pair of Chinese PLA colonels published a book entitled "Unrestricted Warfare." The topic of the publication was to document ways in which a technologically inferior nation-state (such as China), may overcome its disadvantage through the use of unconventional warfare. In many ways, Unrestricted Warfare is a modern adaptation of the more subtle philosophies discussed in the Art of War. Methods discussed include economic warfare, terrorism, "lawfare" (a term for political activism aimed at causing legislative change) and electronic warfare.

Strategically speaking, in lieu of an ability to mount a conventional militarily response to action by the U.S., such an approach puts cyber front and center in terms of a viable response for Syria. Further to this, if we consider the political turmoil faced both in the U.S. and Britain as to how the world might respond to a chemical attack, consider the challenges and political collateral associated with similarly conceiving a proportionate response to a cyber-counter-offensive by Syria. I can't imagine that UN weapons inspectors have a great deal of experience attributing exploit payloads.

Thus far, most of what we know (in the public domain) about Syria's cyber capability is limited to the Syrian Electronic Army (SEA), who have been responsible for a handful of DDoS attacks, website defacements, and perhaps most notably, the compromise of an Associated Press's Twitter account, which was utilized to post misinformation regarding an act of terrorism that led to a $200 billion dip in the stock market.

Although many of the capabilities demonstrated by the SEA are far from those that we might expect from a state-level information operations program, there is currently very little evidence that the SEA is any way representative of the cyber muscle that Syria may be able to bring to bear if sufficiently provoked. Further to this, it is almost impossible to fully account for the cyber technology transfers that may occur, if Syrian sympathizers such as Iran elect to come to Syria's aid in the event of a US or allied military strike.

Although a successful offensive against the U.S. media's favorite cyber warfare target (the power grid) is extremely unlikely, if nothing else, the SEA was able to undeniably prove the viability, potential effectiveness and their ability to couple two of the key principals discussed in the Chinese colonels publication: electronic and economic warfare. While I find it unlikely that Syria is sufficiently prepared to affect a cyber counteroffensive of any significance by itself, unlike arms transfers in the kinetic warfare domain. Allies and groups sympathizing with the Syrians could likely prove a significant force multiplier, without drawing the attention that conventional military assistance may result in, possibly making such a strategy an even more attractive option for the Syrian regime.

Should a cyber-orientated cyber offensive occur, Syria may very well attempt to cast the same uncertainty and doubt on who is behind the attack, which they have rather successfully applied to the reported chemical weapons attacks. The media response, public outrage, and political circus that would likely follow would unlikely put an end to their troubles, but may throw a curve ball that few are prepared to fully address.

Tom Parker is CTO at FusionX

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-0460
Published: 2014-04-16
The init script in kbd, possibly 1.14.1 and earlier, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/defkeymap.map.

CVE-2011-0993
Published: 2014-04-16
SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors.

CVE-2011-3180
Published: 2014-04-16
kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to chown.

CVE-2011-4089
Published: 2014-04-16
The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.

CVE-2011-4192
Published: 2014-04-16
kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands as demonstrated by "double quotes in kiwi_oemtitle of .profile."

Best of the Web