Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

9/4/2020
11:55 AM
Connect Directly
Facebook
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Strategic Cyber Warfare Heats Up

It's "anything goes," according to renowned hacker the Grugq, who drew a bright line between cyberwar and cyber warfare at this week's virtual Disclosure Conference.

When tens of millions of Korean pop music sensation BTS superfans descended on the Internet in June in support of Black Lives Matter, some described them as a virtual army. But for renowned hacker the Grugq, the impact of that army was very real. By taking online action to support racial justice at the behest of BTS, their fans were engaging in the kind of cybercraft that analysts often attribute to nation-states, he said.

"People with this level of devotion, who spend $50 on a lightbulb that's the same color as their neighbor's lightbulb and can be controlled by the management of the band, these people are operating in cyberspace. I think that's awesome. But that also means that cyber power belongs to a K-pop band," Grugq said in his opening keynote on the subject of cybercraft and cyber warfare at the virtual Disclosure Conference on Wednesday. 

Related Content:

Stop Saying 'Digital Pearl Harbor'

Collateral Damage: When Cyberwarfare Targets Civilian Data

Special Report: Computing's New Normal, a Dark Reading Perspective

Grugq drew a bright line between cyberwar, which uses Internet-connected computing devices in the service of a traditional war with real-world impact on infrastructure and lives, and cyber warfare, which, as part of cybercraft, has allowed nation-states to engage each other antagonistically without directly killing people. 

"'Cyber' used to mean that it only gave you strategic surprise," which is why cybercraft is so often compared to the Japanese attack on Pearl Harbor, he said. "But now cyber warfare is [the ruleless game] Calvinball. Anything goes."

This rapidly changing environment is a core part of Grugq's definition of cybercraft as "applied cyberpower" – the ability to use the Internet to create advantages and influence events in the real world across the realms of diplomacy, information, military, and the economy. Essentially, the interconnectedness of the components that gird almost every aspect of society also makes it significantly easier and cheaper to exploit them. 

It's not just Grugq expressing concern over the state of cyber power. The rapid evolution of environments that promote the exchange of information, whether or not factual, makes it easier to manipulate those environments — and to affect the thinking of large groups of people, according to RAND in an October 2019 report.

Three key findings of the RAND study support Grugq's analysis. First, national security increasingly relies on institutions that can help mediate the deluge of information available online by better educating people against social manipulation. Second, Big Tech and the private-sector influence billions of people and can wield their cyber power in ways that previously only nation-states have been able to. 

And third, networks will become the domain of conflicts, as state actors develop networks to "avoid attribution and strengthen their virtual societal warfare capabilities against retaliation," the study says.

"It will be much more difficult to understand, maintain an accurate portrait of, and hit back against a shadowy global network," the report's authors wrote.

Another way to put it is to think of how the application of cyber power has led to exploiting "cognitive vulnerabilities," says Herb Lin, computer security policy expert and research fellow at Stanford University's Center for International Security and Cooperation.

"The idea is not to hack the vulnerabilities in the computer but to hack the vulnerabilities inside the brain" by exploiting our biases and expectations, Lin said. Look no further than the fake Russian hack of the Michigan voter registration database from earlier this week, which turned out to not be a hack at all because the information it contained was already publicly available. 

"This is a new environment, and it's one that we don't understand very well," he says.

That lack of ability to get consumers to "slow down and think," as Lin and others have put it, serves two purposes, said Grugq. It exploits the kinds of societal divisions that have been worsening in the United States and elsewhere, and it decreases the morale of the people being exploited — whether or not they know it.

"Battles stop when the people fighting them choose to stop," he said. "That's a much lower bar to reach than destroying the capability to fight or the will of the nation to fight."

 

Seth is editor-in-chief and founder of The Parallax, an online cybersecurity and privacy news magazine. He has worked in online journalism since 1999, including eight years at CNET News, where he led coverage of security, privacy, and Google. Based in San Francisco, he also ... View Full Bio
 

Recommended Readings:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
osiriscodex
50%
50%
osiriscodex,
User Rank: Apprentice
9/6/2020 | 1:32:41 PM
Great reporting
Great reporting. I can't usually make it to these kinds of conferences, so I rely on second hand accounts, and you've done a great job. I'm featuring this article in the upcoming OSIRIS Brief as especially noteworthy and useful to decision makers and military strategists. Not only are TheGrugq's insights helpful, as a current practicioner, but your additional research adds context and iinformation I am sure people working in this field will appreciate.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: Exactly
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-6564
PUBLISHED: 2020-09-21
Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of a permission dialog via a crafted HTML page.
CVE-2020-6565
PUBLISHED: 2020-09-21
Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2020-6566
PUBLISHED: 2020-09-21
Insufficient policy enforcement in media in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2020-6567
PUBLISHED: 2020-09-21
Insufficient validation of untrusted input in command line handling in Google Chrome on Windows prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVE-2020-6568
PUBLISHED: 2020-09-21
Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.