militerisation of cyber space & weaponisation of software by dr t.h. chowdary * director, center...

Militerisation of Cyber Space&

Weaponisation of Software

By DR T.H. CHOWDARY

* Director, Center for Telecom Management & Studies• Chairman, Pragna Bharati (Intellect India), Andhra Pradesh

• Fellow: Tata Consultancy Service Ltd.* Former Information Technology Adviser, Government of A.P

Chairman & Managing Director Videsh Sanchar Nigam Ltd., Bombay

T: +91 (40) 6667-1191(O) 2784-3121®F: +91 (40) 6667-1111 (O)

[email protected]

Talk at IETE,Hyd: 17 May 2010 World Telecom & Information Society Day

mailto:[email protected]

Preface• A specter is haunting a great power like the US and the powers like

India that want to be great and the power Russia that was once a super power.

• The specter is Information Warfare (IW), in cyber space. Internet is being militarized just as the outer space was militarized by the Ronald Reagon, Margaret Thatcher combination. Software is being weaponised in order to smash the adversaries capability to wage war. This power point presentation is to sensitize Indian policy -makers to the looming peril and urge Indian professionals to develop the skills that are necessary to make our computer networks impregnable. No amount of funding will be too much to secure our networks especially those of the armed forces, finance and banking, telecom and power, health care and emergency service sectors.

S443_May2010THC_CTMS 2

ICTs are affecting our civilization

• Cell phones, computers, Internet, communications satellites, optical fiber cables, wireless in the local loop (WILL)

• Global connectivity to every equipped person, at any time, to anyone, anywhere


ICT-based Information Society

• Information storage, transmission and exchange over millions of computer networks distributed across the world.

• Diplomatic Missions, e-governance, power grids, telecoms, civil aviation, railways, police & related security and law enforcement, organs, banks, health and relief services…armed forces networks, supply chains… are targets.


ICTs in and for war

• Electronic warfare• Militerisation of outer space – Star Wars (Indrajit of Ramayana & Ghatotkacha of Mahabharat)• Ronald Reagon, Margaret Thacher Vs. The Soviet Union (Gulf Wars I and II, Afghanistan/ Pakistan )


China- The Foremost Information War (IW) Power

Sources for this presentation:• 1. Northrop Grumman project; Capability of the Peoples Republic of China to

Conduct Cyber Warfare and Computer Network Exploitation prepared for the US-China Economic and Security Review Commission.

• Shadows in the Cloud : A report released on 6th April 2010 by the Information Warfare Monitor Citizen Lab, Munk School of Global Affairs, University of Toronto and (b) The SecDev Group, Ottawa and the Shadow Service Foundation .

• Cyber Warfare: An Analysis of the Means and Motivations of Selected Nation States by the Institute for Security Technology Studies at Dartmouth College, USA

• Ten Critical Trends for Cyber Security - World war 3.0 - The Futurist, Sept-Oct 2009

• Scrutiny Cyber Space for the 44th Presidency: A report of the CSIS Commission on Cyber Security


China- The Foremost Information War (IW) Power (2)

• China’s Intellectuals resources for I.W

• The Science of Military Strategy • The Science of Campaigns • An Introduction to Information Warfare -written by Maj.Gen. Dai Qingmin. He worked at the PLA’s

Electronic Engineering Academy .• The Academy of Military Science has a journal, China

Military Science with close links to PLA theoretical, experimental and practical work in the weaponisation of software.



China’s Intellectuals resources for I.WInstitutions :

• The National University of Defense Technology, Changsha, Hunan Province

• The PLA Science & Engineering University • The PLA Information Engineering University • The AMS has a Department of Warfare Theory and Strategic Research. • The PLA maintains 6 Technical Reconnaissance Bureau (TRB) located in

Lanzhou, Jainan, Chengdu, Guangzhou and Beijing military regions that are responsible for SIGINT collection of strategic and tactical targets.

• The first TRB in Chengdu received a series of military commendations for substantial achievements in informatisation research.



• China’s I.W Doctrine

• PLA’s goal is to establish control of an adversary’s information flow and maintain dominance

• In the battle space• The Information War (IW) strategies called Integrated Network Electronic

Warfare.• It targets the adversaries’ information systems to delay deployments and

impact combat effectiveness of troops already in theater.• Campaigns will be conducted in all domains simultaneously – ground, air, sea

and electro-magnetic space.• It seizes control of adversary’s information flow and establishes information

dominance.• PLA considers that this is a pre-requisite for seizing air and naval superiority.



• China’s Haktivist communities

• The Chinese hacker community. They are thousands of web based groups. They are developing malware tools. The community is engaged in large scale politically motivated denial of service attacks, data destruction and web-defacements of foreign networks. They are HACTISTS . They trade attacks with their counter parts in the USA, Japan, Taiwan, Indonesia and South Korea.

• Hackers are 2 kinds - White hat Hackers: These are bug hunters -exploit coders. Their goal is profits. They help improve security and achievement of recognition with great exploits & Black Hat operators : They are mercenaries, get paid to penetrate networks; they write worms and viruses.



• Chinese cyber ware hactivists have a nation state customer, making the activity state- sponsored by default, regardless of the affiliation of the actual operators at the keyboard.

• These operators have resources necessary to develop and exploit previously unknown vulnerabilities that are often missed by signature based IDS /IPS and end point protection software . These groups are heavily focused and research new Zero Day vulnerability (that is first ever discovery of vulnerability



• Recruitment & Organisaion• PLA has Information Warfare Militia units

since Y2002. • The PLA scouts and identifies IT professionals

with specific backgrounds such as advanced degree holders; who had studied overseas and computer networking experts to co-opt them in the cyber Militias.



• Targets• Numbers: 30,000/40,000 Hactivists cleverly

covered links with the PLA• Forensic analysis suggests that the groups are

comprised of multiple members of varying skill levels operating with fixed schedules and standard operating procedures They take detailed steps to mask their activities on the targeted computer.



• Exfiltration Operations• These attacks often begin with an e-mail message with a file

attachment containing both exploit code and another small piece of software which will give the attacker control of the victim’s computer. Then this file ( usually, an image document or spreadsheet is opened by the vulnerable program on the victim’s computers ( eg: Power Point, WordPad, Adobe Acrobat etc. the back door program executes. E-mail is the most common entry vector).

• Analysis of forensic data associated with penetrations attributed to sophisticated state-sponsored operators suggest that in some operations multiple individuals are possibly involved, responsible for specific tasks such as gaining and establishing network accessed, surveying portions of the targeted network to identify information of value and organizing the data exfiltration.



• Staging points are servers where the exfiltrated data are copied into. They compress, encrypt, segment and replicate exfiltrated information before distributing it through encrypted channels to multiple external servers that act as drop points .

• The US information security staff could eventually detect and block the exfiltration in mainstream but not before significant amounts of data left the network.

• Intrusion prevention systems were then turned on to alert and block further activity and for the next five hours, these systems continued to detect attempts by the hacking operators to return to complete the exfiltration.



• Main Theater of operations; Chengdu• Operational Exercises• A Lanzhou Military Region division conducted

in Feb 2009 an opposed forced information warfare exercise featuring computer network attack while countering electronic warfare attacks


Some exploits

• In Jan 2007 the PLA successfully fired a laser to bring down a defunct Chinese weather satellite. That system has been operationalised since. This technology is called the Nuclear Generated electro-magnetic pulse attacks for controlling space-based information assets

• In 2007 China successfully tested direct ascent ASAT weapon that used a kinetic kill vehicle to destroy an aging Chinese weather satellite.

• China has developed a road mobile ICBM , the DF-31A that can range the continental United States and a submarine launched variant, the JL-2 that will be deployed in China’s new nuclear powered submarines.

• In 2006 the Chinese used a laser dazzling weapon that temporarily blinded a reconnaissance satellite .

• A long term persistent campaign by the Chinese hacker community successfully exfiltrated at least 10-20 terabits of data from US government networks as of Y 2007.


Other countries on to E.W

• USA• Russia • Pakistan • Iran• South Korea• Israel


What India should do

• Evolve & adopt an IW doctrine• Train ad equip defence personnel (like south

Korea ) in EW• Build intellectual resources • Universities, Institutes, Journals• Carry out exercises • Hold Hacking competitions• Fund Adequately


A surprise

• Kautilya’s Artha Sastra has a chapter on warfare- China’s PLA’s doctrine of IW appears to be the electronic version of physical actions.

• Welcome GOI’s decision (13.05.’10) to set up a National Defense University near Gurgaon.


Dhanyawad:Thank You


militerisation of cyber space & weaponisation of software by dr t.h. chowdary * director, center...

Documents

cyber warfare

cyber security s443

information warfare

cyber security world

great power

power grids

power russia

super power