Photo Credit: New America
By Olga Novitsky, Reporter
On February 25, 2016, Director of National Intelligence James Clapper delivered the US intelligence community’s statement of the World Wide Threat Assessment, and at the very top of his list of global threats was “Cyber and Technology.” The assessment described both threats and opportunities, ranging from social media to Artificial Intelligence (AI) and the Internet of Things (IoT). So what is cyber exactly? SSP alumni Daniel Charles and Shane Quinlan tackled that question on February 20, 2016 during a session called “Cyber 101” hosted by the Center for Security Studies. Quinlan described their presentation at the outset as “everything they wished they would’ve known” after graduating SSP and before going into the cyber field. They started the session off with a 2010 Wired Magazine quote from Ryan Singer stating that, “Nobody uses the word cyber anymore, except people trying to scare you and trying to make the Internet seem scary or foreign.” Although DNI Clapper was not trying to scare the House Permanent Select Committee on Intelligence, Clapper (along with Charles and Quinlan) made clear that the term “cyber” is, albeit unfortunately, “here to stay.”
Before discussing “cyber” and all the verbal baggage that comes with it (cyberspace, cyberwar, cybersecurity, cyberattack, etc.), the presenters gave a brief overview of how the Internet actually works. The Internet began as inter-networking, a way to share information across systems by switching data packets over phone lines. After some trial and error, the Department of Defense approved the Internet for commercial use in the 1990s. The “https” of the World Wide Web takes the data packets (in 0’s and 1’s, or “bits”) and translates them into images that everyone can see and understand. Programmers use HTML, Python, C#, Java, and other coding “languages” to make this translation process easier (rather than writing everything out in 0’s and 1’s). Data is broken into “packets,”sent through the Internet through a path of least resistance, and put back together on the other end. Every device has an Internet protocol (IP) address that defines the location in space where the packets should go. When you connect to a website (which has its own IP address), this happens dynamically and almost instantaneously.
The collection of your information can happen in a few ways. Cookies, for example, are a piece of code, or an identifier that is placed on your computer, that allows sites to “remember” what you did when you last visited. This can be as simple as not having to log in again or making it easier to search for something you’ve previously looked at. First party cookies are unique to that site; third party cookies share this information with other sites through a network, which is how ads target users based on what they seem to be interested in. For example, if you’re buying something online and leave it in your cart, ads will show up for that item on another site or on social media. Browser profiling is when your computer is identified by your browser activities, such as when you install updates or plug-ins. You can secure your network through Proxies or Virtual Private Networks (VPN’s). Proxies are a single stream of traffic through a different IP address, so a site sees that address instead of yours; ultimately, though, it is possible to trace proxy activity back to your IP address. VPN’s are more secure and more widely used than proxies because they provide an encrypted channel, or a “secret tunnel” through which your data packets are sent to a site; VPN’s hide your information and make it seem like you’re within the network you’re trying to reach – a tactic you may employ, for instance, if you are working from home remotely.
The Dark Web is where things start to get scary. The Dark Web works through an encrypted network that cannot be indexed by the open Internet, making it hard to reach in the first place. Secondly, the channels go through a series of Nodes that cover your tracks through encryption, and are decrypted on the other end, at the site you’re trying to reach. This hides both your identity and transactions, which can lead to all sorts of shady dealings, including illicit trafficking, assassins for hire, and much more.
A cyber attack finds a hole in programming code—usually unnoticed or unintentional by the original programmer—and uses that hole to download harmful content onto your device or into your system. The presenters referenced a Lockheed Martin white paper that explains how an attack happens in seven phases: 1) Reconnaissance, 2) Weaponization, 3) Delivery, 4) Exploitation, 5) Installation, 6) C2, and lastly 7) Actions on Objectives (which is the actual attack). Essentially, this is about 1) Scanning the networks and getting to know your enemy, 2) Finding a gap in the language of a program to be exploited, 3-6) Widening this gap in order to exploit it, and 7) finally going through with the attack. Common types of attacks on computers include: Malware, or “bad software,” Malvertising (using ads to deliver the attack to your computer), Trojan Horses, or Man in the Middle (which controls transactions or traffic between you and another site or computer). Denial of Service or Distributed Denial of Service (DoS/DDoS) shut down a site by overwhelming it with requests from a single (DoS) or multiple (DDoS) places. Phishing is when a site looks similar to the one that you are trying to reach, tricking you into entering your credentials. For example, a website is created to look like that of your bank, it sends you a fake “alert” by email, and when you click on the alert link or put in your credentials, it steals your information. Rootkit is a software that gives root access to your computer – essentially controlling your device. A newer form of attack mentioned in DNI Clapper’s statement is Ransomware, through which someone can lock your entire computer or system down unless you pay a ransom, while threatening to delete all the information on it. These are all examples of “little cyber:” logic-based attacks, data protection, information security, computer network operations, and “netwar”. “Big cyber” attacks include kinetic attacks and Electromagnetic Pulses (EMPs) that destroy computers or servers, information and network warfare, electronic warfare, spectrum management, and JEMSO (Joint Electromagnetic Spectrum Operations). If you’re truly looking for a scare, check out Norse Corp’s active map, which only shows about 1/4 of the number of attacks happening right now.
On the bright side, the United States government has come up with some approaches to address the “cyber problem” and is constantly looking for ways to innovate and protect its systems. (See presenters’ Slides #34-#59 for an overview of USG involvement in cyberspace.) What this means for our generation is that we are the future. Growing up using social media and knowing not to open emails or click on links from a fraudulent Nigerian prince – while seemingly laughable – gives us a slight advantage over the older generations whose companies are now running into the “cyber problem.” Neither Daniel Charles nor Shane Quinlan graduated from SSP knowing that they would eventually work in the cyber field, but there are opportunities in both the public and private sector for those who are interested. It may be too late to become a computer programmer, but it’s not too late to take classes or learn coding. More importantly, Charles and Quinlan argued, if you know security and understand the basics of cyber, you have a chance to fill the emerging management gap between policymakers and engineers, serving as a “translator” between the two. See? Cyber isn’t so scary after all.
Key Definitions:
- Application – an output program; you put in code and something else comes out.
- Web 2.0 – applications on the Internet; rather than simply requesting and receiving information, you are interacting back and forth.
- Social Media – dynamic social interactions with people, sharing images and information, originating from 1990s forums.
- Virtualization – when your device serves as a window into a server somewhere else; your computer is essentially running as a program, much like using “remote display.”
- Encryption – a code that scrambles your data, so that someone cannot read it without a “key.” There are public keys and private keys. Every time you use your password to unlock your phone, for example, you’re decrypting the data that’s on it. Without your key, the data is unintelligible.
- The Cloud – a redundancy mechanism that makes it possible to share information with servers all over the world. It provides both storage and access, allowing multiple people to interact with data at the same time.
- Active Directory – an “active phonebook” for your company, where someone manages credentials and access to information.
Resources and Further Reading:
https://sites.google.com/a/georgetown.edu/ssp-cyber-101/resources
A Note on the Author and Presenters: Olga Novitsky is a second-year student in the Security Studies Program with no previous background in cyber issues. The views expressed in this article by Daniel Charles and Shane Quinlan are their own, and do not necessarily represent those of their employer.