The Low-Intensity Cyber War Just Got Worse

David Grantham
|
Posted: Jun 28, 2017 2:30 PM
The Low-Intensity Cyber War Just Got Worse

The international barrage of cyber attacks should be recognized for what it is – a global, low-intensity conflict. The evidence points to a convoluted web of state operators, associates and opportunists who share, steal and develop malware within an increasingly integrated dark web.  The current state of information warfare is not just juvenile delinquents joyriding the Internet.  The risk is as great as our imagination, making the consequences hard to fathom. The law cannot keep pace with the developing threat, making it hard to formulate a response.  

Then someone leaked highly sophisticated malware developed by the NSA and CIA.  

WannaCry got the world’s attention as it shut down systems across the globe in a rapid, seemingly coordinated fashion. Victims from China to England were forced to pay ransom to unlock their systems. The danger that comes from such an operation is obvious – especially for hospitals. Lacking even temporary access to patient records could cost lives, often forcing administrators to fork over the money immediately.

Much attention was paid to this angle as health services throughout England found their systems compromised by the ransomware. And realize that user error remains the single greatest threat to computer systems – just ask John Podesta. But the world is facing an overwhelming and repeated cyber offensive.

The WannaCry malware took advantage of vulnerabilities in Microsoft systems. Unfortunately, much of the world employs old, sometimes pirated software. The company did not patch some flaws for out of date operating systems. Meanwhile, users could not or would not update their systems accordingly. And when the malware took root in one location, it quickly spread to connected systems. Many pin the responsibility on North Korea for the spread of WannaCry.

The NSA discovered the Microsoft flaw some time ago, but didn’t disclose that information to the company, and then someone leaked it. The president and chief legal officer Brad Smith demanded new requirements for governments to report vulnerabilities to vendors, “rather than stockpile, sell, or exploit them."  The NSA would likely argue that it capitalizes on such exploitation to go after U.S. adversaries using those products. This piece is not intended to resolve the question of whether national security use should come before disclosure or vice versa. It’s the lack of attention given to these leaks and the government response that is of main concern.  

Digital capabilities from two of the nation’s foremost spy agencies were leaked and are now in use by bad actors against targets across the globe. That’s frightening. The Wikileaks publications of CIA malware from Vault 7 series laid bare U.S. capabilities for all our adversaries to see. Intelligence tradecraft is so protected because it provides an advantage over adversaries. Once bad guys know your tactics and capabilities, they adjust and you lose access.

The leaking of NSA malware is more immediately problematic because someone has and is using our own expensive research against us and others. A group known as the Shadow Brokers –? believed to be Russia-backed cybercriminals, an NSA mole, or some hybrid ?? has distributed or auctioned off leaked malware.

Now, a second more deadly malware known as EternalBlue is also wreaking havoc. This other NSA tool is more sophisticated and already hit telecommunications giant IDT Corporation in New Jersey. The global chief information officer at IDT, Golan Ben-Oni characterized it as something that far surpasses current protections. More worrisome, he learned while notifying authorities that “no one was running point” on the response.  

Two days ago, security firms began reporting yet another round of attacks. Danish shipping company Maersk, U.S. pharmaceuticals Merck and others all reported compromised systems. Couple this with the June discovery of a malware designed specifically to take down power grids, known as Crash Override, and one can see how the world is in the grips of a major cyber battle.

To borrow from Golan Ben-Oni, we like to work on known problems. Indeed, the unknown tends to handicap decision makers. But industry and government must fight the battle in front of them – leakers and all.