Connect with us

Technology

A new cyber arms race

Alexandra Goman

Published

on

Not long time ago cyber threats were not even on agenda in security, let along national security landscape. Now, the situation is different. Now, everyone recognizes the risks of hyper-connected world: from an individual in front of the computer to a high-level officer, operating a nuclear facility. As new tools are being developed, cyber-security occupies an important niche in decision-making and planning.   As more and more people are securing their laptops, tablets, phones; the military started doing that too.

Just six years ago the US Defence Secretary warned[1] about a possible Cyber Pearl Harbour. Cyber Pearl Harbour is a strategic surprise attack which could potentially incapacitate computational and communication capabilities, leading to a devastating impact on the country (Goldman and Arquilla, 2014, p. 13). This notion is usually fuelled by ongoing media reports that countries are in active pursuit of offensive cyber capabilities which could jeopardize any sector, penetrate any system and cause major disruptions. Regardless of the accuracy of these reports, every country understands that these cyber insecurities can be and, probably, will be exploited by an enemy. That is why many states are now allocating enormous amount of resources to develop defensive cyber means along with the offensive capabilities.

The number of cyberattacks is increasing. One can argue about its future potential targets, but it is clear that we should assume that cyberattacks will become only more sophisticated and, possibly, more deadly in the future. That is why vulnerabilities should be addressed, and the nations should be prepared to the cyber challenge.

Along the most well-known cyberattacks happened in Estonia (2007), Syria (impacted air defence systems 2007), Georgia (2008), Iran (Stuxnet 2009-10), The Saudi Arabia (Aramco 2012), Ukraine (2014), U.S. (electoral campaign 2016). Additionally, the world was quite agitated about WannaCry and Petya attacks in 2017. All in all, most of the recent attacks targeted commercial sectors, showing that there might be a constraining norm in regards to military sector and critical infrastructures.

 This consequently might indicate that states might be pursuing more sophisticated technologies in order to target more sophisticated systems. It might as well suggest a possibility of on-going cyber arms races between the countries. However, there are clear limitations of cyber warfare, as no physical damage occurred and no people were killed. Even the damage inflicted on critical infrastructures was limited and failed to cause major consequences. However, financial losses as a result of cyberattacks can be rather substantial and might have a great impact on economically weaker states.

Based on the scale of current attacks, we can only assume that the technology will spread and get more sophisticated with the time. As Mazanec has outlined, cyber warfare capabilities will play a role in future military conflicts, as they are being integrated into military and state doctrines (2015, pp. 80-83). However, despite cyber challenges to national security, it does not necessarily reflect that deterrence methods and tactics will be applicable to cyberspace.

This technology is quite cheap, requires less resources and personnel, and therefore allows less economically advanced countries developing cyber. As a result, there is a clear asymmetry with weaker states competing with the world powers. Consequently, the threat is multiplied internationally.   So the states are now in an unprecedented situation, because of the high level of uncertainty that cyberspace poses. This compels the states to adapt to the fast changing environment in international relations.

According to the report of McAfee[2], a global security technology company, 57% believe that cyber arms race is taking place now. The top officials in the West are convinced too.  For example, NATO secretary general Stoltenberg said[3] that cyber would become integral to any military conflict. Following this, NATO Defence Ministers have agreed[4] that cyber will be a part of military planning and operations. It is clear that the West is fully aware of cyber developments and eager to use it in its actions.

Similarly, the Chinese Military Strategy of 2015 has also admitted that cyberspace will take a place in strategic competition among all parties. The Indian Army is also not falling behind and strengthening its cyber arsenal. General Rawat has recently said[5] that India is now more concerned about developing these cyber capabilities than fighting on the border.  The chain-reaction follows as in the case of the Cold War in pursuing the technologies and keeping up-to-date with the others states.

In this situation a leader faces similar challenges as in proliferation of any other military technology. There are four possible scenarios that make it difficult to calculate probabilities (According to Goldman and Arquilla, 2014):

1)    We develop a cyber capability[6] – They develop a cyber capability;

This is a frequent scenario and occurs when both countries have technological capability to develop cyber means.

2)    We develop a cyber capability – They don’t develop a cyber capability;

There are certain problems in verifying if a country really lacks a capability to pursue cyber weapons. However, this case gives obvious advantage and leverage to a state that develops cyber capability.

3)    We don’t develop a cyber capability – They develop a cyber capability;

From a political and strategic point of view, it puts a state into a disadvantageous position, therefore, making it undesired.

4)    We don’t develop a cyber capability – They don’t develop a cyber capability;

It is more desirable; however, no direct experience exists. Usually if there is a possibility that a technology can be developed, it will be developed at least by some state.

Interestingly enough, there is not much concrete information available in regards to these developments, whether it is amount of arsenal, types of cyber capability, or just simple information on the notions. Information which is accessible is usually written by the Western authors (it is particularly covered by US officials/military and academia) or can be found in government’s documents. NATO common strategy, perhaps, contributes towards it. On a broader scale, cyber is treated as a state secret and specific information is classified. There is much information which is not available (for example, development of cyber weapons, its employment, reasons for its employment, legality of the use of cyber weapons etc.). In some countries, there is nothing to find at all.

The good example is cyber capabilities of Russia. There is no available information: no official statements, no official policy, no academic articles published, it goes to the extent that even media is not engaged in these issues. Alexei Arbatov (2018), an internationally recognized scholar on global security, has recently confirmed that even academic debate in Russia does not officially exist, only at the university level or informal. Notwithstanding, the Military Doctrine of the Russian Federation recognizes[7] the fact that military threats and dangers are now shifting towards cyberspace (“informatsionnoe prostranstvo”).

Similarly to Russia, China also maintains secrecy concerning its developments in the military. According to the report of the Institute for Security Technology Studies (2004), available sources insist that Beijing is pursuing cyber warfare programs, but classified nature of specifics aggravates assessments.

 This secrecy around cyber resembles the secrecy surrounding nuclear developments. All of this information was classified too, yet the principles of nuclear governance have managed to emerge even in the tight environment of the Cold War. Similar situation arose in regards to the use of drones. All the initial strikes of drones were classified, and only with time the debate started to evolve. At the moment it is quite vigorous.

As for cyber, it will certainly take time to talk freely about cyber capabilities and warfare. It will be different in different countries, but in the end the debate will open up as well as new technologies will come and cyber would have become a history.

References

Arbatov, A. (2018). Stability in a state of flux. Opinion presented at the 31st ISODARCO Winter Course – The Evolving Nuclear Order: New Technology and Nuclear Risk, 7-14 January 2018, Andalo.

Billo, Ch. and Chang, W. (2004). Cyber Warfare, an Analysis of the Means and Motivations of selected Nation States. Institute for Security Technology Studies, [online] Available at http://www.ists.dartmouth.edu/docs/cyberwarfare.pdf [Accessed on 27.12.2017].

Goldman, E. and Arquilla, J., ed. (2014). Cyber Analogies. Monterey: Progressive Management.

Mazanek, B. (2015). Why International Order is not Inevitable. Strategic Studies Quarterly, 9 (2), pp. 78-98. [online] Available at: http://www.airuniversity.af.mil/Portals/10/SSQ/documents/Volume-09_Issue-2/mazanec.pdf [Accessed on 28.01.2018].

[1] U.S. Department of Defense (2012). Remarks by Secretary Panetta on Cybersecurity to the Business Executives for National Security, New York City, [online] Available at: http://archive.defense.gov/transcripts/transcript.aspx?transcriptid=5136 [Accessed on 22.01.2018].

[2] McAfee (2012). Cyber Defense Report. [online] Available at: https://www.mcafee.com/uk/about/news/2012/q1/20120130-02.aspx [Accessed on 22.01.2018].

[3] Hawser, A. (2017). NATO to Use Cyber Effects in Defensive Operations. Defense Procurement International, [online] Available at: https://www.defenceprocurementinternational.com/features/air/nato-and-cyber-weapons [Accessed on 22.01.2018].

[4] NATO (2017). NATO Defense Ministers agree to adopt command structure, boost Afghanistan troops levels. [online] Available at: https://www.nato.int/cps/ic/natohq/news_148722.htm?selectedLocale=en [Accessed on 22.01.2018].

[5] Gurung, Sh. (2018). Army stepping up cyber security. The Economic Times, [online] Available at: https://economictimes.indiatimes.com/news/defence/army-stepping-up-cyber-security/articleshow/62482582.cms [Accessed on 23.01.2018].

[6] Here it means both offensive and defensive capabilities (Author’s note).

[7] The Military Doctrine of the Russian Federation (edited in 2014). Moscow: p. 4. [online] Available at: http://www.mid.ru/documents/10180/822714/41d527556bec8deb3530.pdf/d899528d-4f07-4145-b565-1f9ac290906c [Accessed on 23.01.2018].

Use your ← → (arrow) keys to browse

Specialist in global security and nuclear disarmament. Excited about international relations, curious about cognitive, psycho- & neuro-linguistics. A complete traveller.

Continue Reading
Comments

Technology

The Impact of Blockchain For Businesses

Published

on

Blockchain

Throughout the years, the concept of blockchain technology has gradually overtaken the business world. But no longer is it only being associated with cryptocurrency. Now it’s finding its way into other industries such as eCommerce and logistics management. 

Helping to digitize businesses, it’s a popular technology due to its ability to solve challenges such as security breaches. But that’s not the only benefit that comes with investing in blockchain technology. If your business is interested in investing in enterprise software development and in blockchain in particular, then the following information can prove to be invaluable. 

What is it?

Before getting into the advantages, it’s important to first understand exactly what blockchain is. Arguably one of the most disruptive technologies, it’s something that should no longer be ignored. To put it simply, blockchain is a collection of digital technology information which is stored within a database.  This will typically include:

  • Information about certain customer transactions including key data such as the time, monetary amount, date and more. 
  • Information about exactly who is buying your products or services. Revealing shopping behaviors, it’s stored with a digital signature rather than a specific name. 
  • Unique blocks of information – which can easily be distinguished from one another. For example, if one customer buys one item and then in the future buys a different one, they will be in different blocks.

What Are The Benefits?

  1. An Increased Level of Efficiency

One of the most important benefits that come with implementing blockchain technology within your business is the elevated level of efficiency it can provide. Removing the need for a third-party due to its more decentralized design, it will make your operating processes far more streamlined. 

With blockchain technology, you can step away from the more traditional, time-consuming processes that were rife with human error and automate them. Ensuring that they are completed more quickly and accurately, you can spend the time that you saved on other areas of your business. 

As well as making the overall process more streamlined and convenient, it allows for everyone to access the same information at one time – making financial record-keeping more trustworthy in the long term. 

One industry that could particularly benefit from faster payments and transactions is the real estate market. With a simpler system of ownership records, it will make the process of selling properties far easier. It will also open up the possibility of automating agreements between tenants and landlords, which will similarly speed up the process. 

  1. Greater Transparency Overall

A notable characteristic that blockchain has is its ability to be transparent. As the technology is a type of a transaction or distributed ledger, it allows those within a network to share all of the same documentation instead of individual copies. 

By making this open to viewing, it directly adds a remarkable layer of accountability, giving each sector within the business the responsibility to act correctly towards the company’s growth and its customers. The fact that each document can only be updated through the agreement of all participants also ensures that no illegitimate changes can be made. More consistent, transparent and accurate, the staff will perform better together in the long run.

  1. An Increased Level of Security 

As aforementioned, an increased level of security is one of the key benefits that come with blockchain technology. Far more secure than the more traditional record-keeping systems, it will ensure that each transaction that’s made is heavily encrypted and linked to the last transaction. But how does it do this?

Without getting too technical, blockchain technology is created with several ‘blocks’ which are formed by a computer network. Once created, they are added to a ledger which fuses a chain of information. As it is such a complex technology that exists across several serves rather than one (as most traditional technologies are), it’s one of the most protected from breaches. 

This level of security is particularly important for businesses that store sensitive customer data such as – healthcare, within the government and in financial services. 

  1. Reduced Costs

For many businesses, it’s important to cut costs where you can. And with blockchain technology, you can do exactly that. Although the initial investment might seem expensive, the benefits that come with it make it more than worth it for many businesses. As mentioned above, it removes the need for third parties. And because of this, you can work directly with your clients and customers.

This will, in turn, help to reduce your overall costs. With this new automated technology, you also no longer have to review information separately. Helping to save time and therefore save money. You can then reinvest the money that you’ve saved by not having to deal with third parties in other aspects of your business – such as marketing or IT.

  1. Enhanced Traceability 

Traceability is key within many businesses – as without it, you can’t identify transactions. With blockchain technology, you can reap the benefits that come with an enhanced level of traceability. For example, every time that someone purchases a product from your business, it will create a digital audit trail which is recorded within the blockchain. Showcasing who and when they were bought, it can easily be traced if need be.

Helping to prevent fraud (if you have a business that’s involved in exchange), verify the authenticity and improve security, it’s an essential addition for many. In particular, this heightened level of traceability can be ideal if your business traditionally deals with products which are traded through a very complex supply chain – such as within medicine. Tracking exactly who manufactured and distributed each item, it will be easier to recall products if need be.

Final Thoughts

The impact that blockchain technology can have within a business is clear. A type of technology that is ever-developing and growing in popularity, it’s something that’s here to stay. Of course, before you invest in the technology, it’s vital that you thoroughly research the pros and cons and how it could directly affect your business’ operations.

Prev postNext post
Use your ← → (arrow) keys to browse

Continue Reading

Technology

Inside the New WhatsApp Buffer Overflow Vulnerability

Published

on

Whatsapp

Facebook’s WhatsApp mobile app has had a rough time lately with regard to software vulnerabilities. In November 2019, the social media company quietly issued a security patch for a buffer overflow vulnerability contained in their messaging application.

However, the vulnerability disclosed in November 2019 is not the only recent vulnerability discovered and patched in the secure messaging application. Earlier in 2019, another buffer overflow vulnerability was discovered and patched by the company. Both of these vulnerabilities are rated as “severe” due to the fact that an attacker exploiting them can run malicious code on the target device.

To make things worse, the vulnerabilities in WhatsApp can be exploited by an unauthenticated attacker. These vulnerabilities were discovered in functions that process data sent by another WhatsApp user to the target. By taking a simple action – initiating a WhatsApp call or sending an MP4 video to the target – an attacker can trigger the vulnerability, giving them control over the device. These vulnerabilities can then be exploited to place spyware on the victim’s device and to view the user’s messaging history within the app.

A Brief History of WhatsApp Security

The recent WhatsApp vulnerability is not the first buffer overflow contained within the mobile app. In May 2019, a different buffer overflow vulnerability was discovered in how WhatsApp processed the data contained within an incoming call.

This vulnerability was created because WhatsApp uses a special binary format for sending data between devices and then unpacks this data at the recipient device. If an attacker sent a specially formatted packet, which lied about the length of a certain field, the recipient’s WhatsApp would unpack the data into a place on the stack that did not have sufficient space for it. As a result, the attacker would have the ability to write to memory that should have been outside of their control. This vulnerability was concerning since it allowed remote code execution on a target device without any user interaction required. The malicious packet was sent as part of initiating a call, so, even if the user rejected the call, the damage was already done.

This past WhatsApp vulnerability has been the source of significant controversy. While Facebook was in the process of patching the vulnerability, they observed someone trying to exploit it on the device of a UK-based human rights lawyer. Additional investigation pointed to the use of the vulnerability to spy upon individuals who would be of interest to certain governments.

The Israeli-based NSO Group is well known for developing and selling exploits to governments for use in surveillance activities that fall outside the scope of law enforcement activities. This, and the fact that the observed attack used infrastructure previously linked to the NSO Group, has led Facebook to believe that the company was beyond the exploitation of the WhatsApp vulnerability. As a result, Facebook has begun a lawsuit against the NSO Group for exploitation of a vulnerability in one of their products.

The Newest WhatsApp Vulnerability

The buffer overflow vulnerability disclosed in May was not the last such vulnerability in the WhatsApp platform. In November 2019, Facebook patched another vulnerability in WhatsApp that was similar in scope, severity, and potential impact.

This vulnerability dealt with how WhatsApp handled MP4 video files. Along with a video file comes a stream of metadata containing details about the file. When parsing this metadata, WhatsApp is vulnerable to a stack-based buffer overflow attack. This would allow the attacker to perform a Denial of Service attack (crashing the app) or to run attacker-controlled code on the app that could give access to previous conversations that the user has performed on the app. Exploitation of the vulnerability only requires an attacker to know the phone number of the victim and to send them a malicious MP4 video via WhatsApp.

Luckily, while the new vulnerability had the potential to be at least as damaging as the previous buffer overflow flaw, it appears that this one was not being actively exploited by attackers prior to being patched by Facebook. However, this demonstrates the importance of keeping such applications up-to-date (so that Facebook-provided security patches are applied) and to consider the risks associated with using these applications for personal communications.

Protecting Against Buffer Overflow Vulnerabilities

Buffer overflow vulnerabilities are nothing new. They are extremely simple vulnerabilities – only involving a failure to properly manage memory and user input – yet they can be extremely difficult to detect. A wide range of buffer overflow vulnerabilities exist, and sometimes apparently “safe” code can be vulnerable since another vulnerability can be exploited to bypass existing protections against buffer overflows.

The two major WhatsApp vulnerabilities disclosed and patched in 2019 demonstrate the potential impact of a buffer overflow vulnerability in a critical application. Both of these vulnerabilities could be exploited without user interaction, and enabled an attacker to run malicious code within the victim application. In one case, the vulnerability was exploited multiple times to spy upon parties of interest to various governments, leading to a lawsuit by Facebook against the suspected perpetrator.

Protecting against buffer overflow vulnerabilities requires the ability to identify and block potential exploits before they reach a vulnerable application. Deploying a strong web application firewall (WAF) to protect an organization’s web presence and runtime application self-protection (RASP) for critical or potentially vulnerable assets is an important first step toward protecting an organization and its software assets against exploitation.

Use your ← → (arrow) keys to browse

Continue Reading

Technology

3 2020 Developments That Could Make Your Life Easier

Published

on

There are many systems under development right now that could eventually make your life easier – but below, we’re going to look at 3 of them. We could be using these developments a lot sooner than you think! 

5G

Why do we need 5G when we have 4G – 4G is fast enough, right? People are worried about the health implications, but everybody seems willing to look past that to get more speed. More speed could really help businesses. Also, while 5G is generally operating from the same infrastructure as before, mass adoption will cause issues for data centers. This could make the situation both better and worse in some respects. 

Virtual Reality 

Virtual reality is already being used by many people, but it could actually be put to good use soon. When it comes to simple things like shopping, you could make your life so much easier and more enjoyable. Whether you’re shopping for furniture or clothes, virtual reality could mean checking out the fit easily. Try on clothes in the comfort of your home without even ordering them first. See what a sofa looks like before you buy. The options are endless! 

Artificial Intelligence 

We’re still going to need human intelligence, but AI can have a huge impact in our personal and working lives. In work alone it could mean enhanced automation with no need to do tedious tasks. Then, there’s next gen disaster response. It’s the technology of the future!

With these developments in mind, what are some of the most important developments in human history? Check out the infographic to find out!


check out an infographic about human history
Use your ← → (arrow) keys to browse

Continue Reading

Trending