, 42 tweets, 6 min read Read on Twitter
1/ 03 April 2019
20:18

1/ Attacks on computers, mobile devices and the Critical National Infrastructure all feature in the news. Healthy debate is needed, regarding cyber weapons.
2/ The world as we now know it relies on the Internet. If one coupled that with state-sponsored attacks, collectives and rogue individuals they are all showing the weaknesses of our cyber defences.
3/ As with any war - fear is a factor. Services and information are now readily available to the masses. In near real-time one can obtain many things. We utilise the Internet for financial transactions, viewing our favourite TV shows, listening to music.
4/ This may appear simplistic but the Internet has also become so available it has imbued itself within established defences and ancillary functions.
5/ The Internet and the malicious cyber operatives go hand in hand. Just like the bullet from a gun, to the most advanced missile technology, the cyber operative has a target rich environment.
6/ This environment can easily be targeted, the consequences of which would be catastrophic to a nation!
7/ Be it a socially motivated, political or a Critical National Infrastructure attack, the premeditated attacks on our society and current way of living are taking place as I write, second by second, hour by hour, day by day attack salvos reign in with pinpoint accuracy.
8/ An attacker can start with the 'low hanging fruit’, but so easily escalate privileges and gain root, clearing tracks then hide in plain sight.
9/ We are so dependent on the Internet, any adversarial foreign threat actor, knows he/she has the prerequisite weaponised cyber tools to target our computer dependency, be it financial, utility, medical information, weapons or tech development data.
10/ Indeed a hacker or cyber-army is capable of devastating a whole countries GDP.
11/ By definition, we all know Cyber-Warfare is a noun. It's definition being - “The use of computer technology to disrupt the activities of a state organisation, especially the attacking of information systems for strategic or military purposes.”
12/ There is a great difference between a cyber-crime and cyber-warfare. A crime may affect many but certain attacks are indeed acts of war. As with any war, the sovereignty and the impact upon the targeted country are felt. This problem is alive and well and very dangerous.
13/ So what about the cyber rules of engagement?. The Tallin Manual on the International Law Applicable to Cyber-Warfare was a report Intended for the NATO Cooperative Cyber Defence Centre of Excellence.
14/ Those studying Hybrid Warfare will appreciate, the rules of engagement make it so very difficult to recognise a global definition. After all, how can one define such a legal binding document, enforce legal responses when it is so hard for some to recognise.
15/ It is so hard for them to recognise elements of cyber-warfare, let alone prevent attacks and hold adversarial countries to account.
16/ Political posturing is all well and good. But without the aforementioned Internationally recognised agreements certain countries will continue to utilise this facet of the Hybrid-warfare cycle.
17/ One cannot touch, it, hear it, smell it or see it. If one was to contrast this with conventional warfare, target rich environments are all too clear.
18/ Just like special forces operatives, the objective is to get in and out without alerting the target. Although physical in nature the skill-set and mindset marry well within the Hybrid-warfare cycle and the SF operative.
19/
20/ Some scholars have stated - a cyber weapon is intuitively considered to be - “Any software, Intrusion device or virus, that can disrupt critical infrastructures of other countries.” From the aforementioned military defence systems to the National Critical Infrastructure.
21/ Communications, financial systems, electricity power generators/ grids or even our air traffic control systems also feature in the aforementioned scholars' reports.
22/ Cyber-espionage has been around for many years. With that in mind those that hold meetings, quite rightly the majority of opinion, has concluded cyber weapons that impair systems and spy on nations through high-tech threat operatives should be included.
23/ But as with Cyber-warfare no global legal definition to challenge actions are seen. This in itself leaves a playground of possibilities for cyber operatives and their paymasters.
24/ Deployment - In August 2016 one will remember the theft of weaponised cyber attack tools, these belonging to the National Security Agency (NSA) of the USA. Tools such as 'EternalBlue' were stolen.
25/ The NSA would not pay any ransom to the hacking group, named the 'Shadow Brokers'. As a result of this, the aforementioned tool and many others were released into the wild.
26/ Simple add a few lines of code yourself or utilise certain platforms and you'll find many systems that are easily compromised.
27/ Many will remember, or have been affected by the WannaCry ransomware attack of May 2017. This locked many systems. One was asked to pay a ransom in Bitcoins, the cryptocurrency before their systems could be unlocked, encryption wise.
28/ Some, more recently, will remember British Airways systems being targeted. Just 20 lines of code disrupted their entire operation.
29/ Far before the previously mentioned attacks around 2009, a cyber weapon called Stuxnet was used. A complex piece of malware coding, which many believed was a government cyber weapon.
30/ It's sole purpose was to severely aimed to disrupt the Iranian nuclear program. The coders were believed by many to be Israeli and US in origin. The target was the plant in Natanz, Iran.
31/ It operated by turning off key valves and slowing down/Interfering with centrifuges. A great deal of equipment was damaged and thankfully the Iranian uranium enrichment project was set back.
32/ To me a victory as I wouldn't want a totalitarian regime in charge of a nuclear capability!.
33/ Flame, another powerful piece of malware, which imitated a routine Microsoft software update, had previously mapped and monitored Iranian networks, in order to collect critical information.
34/ As anyone Interested in hacking knows, the process of reconnaissance is equally as important as the attack itself.
35/ Be it Cyber-warfare, Cyber-crime or Cyber-espionage, they are all currently active. A home PC, MAC, Linux user may not think this matters.
36/ But with a few assorted tools, be they remote software vulnerability acquisition tools to hardware tools planted on home/ company/ Government systems, one can wreak havoc.
37/ One could give examples of the aforementioned, in great detail. How would I target systems?, what would I use?. But as you will no doubt have seen, Russian GRU operatives are afoot, Chinese planting nano-tech within the vast flow of their cheap hardware.
38/ Russia, in particular, humoured me, irrespective of their Ministers and others stating "Russia does not use cyber weapons". But, be it the larger countries such as Russia or China, the smaller countries, down to the individual, each are equally as lethal.
39/ We recently had the Police Federation of England and Wales breach, now we have another Facebook breach, millions of records, the target being Amazon Cloud Servers.
40/ Companies may offer apologies, but it is you feeding the systems. At times the subtle art of secrecy and stealth is required. Most walk around with...what they term a mobile phone in their pockets.
41/ If one was took look back in time, the very technology within your device, would have developed at such a rate we would all be playing football on Mars by now!

Thank you for reading
Kind regards
Dave.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to David Kime
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!