Cracking the Digital Vault: A Study of Cyber Espionage

Petallides, Constantine J

Home » Topics » Computer Science » cyber security

Cracking the Digital Vault: A Study of Cyber Espionage

By Constantine J. Petallides
2012, Vol. 4 No. 04 | pg. 2/3 | « »

Keywords: International Relations Cyber Security Cyber Terrorism Security Internet

Interstate Espionage

From the birth of civilization, leaders and their governments have sought to protect their secrets while learning as much as they can about the secrets of their enemies. Intercepting messages, using spies and double agents, and planting false intelligence in order to gain an advantage over an opponent have been sacred traditions for millennia. Spies would gather information and relay it back to their handlers and home governments, while analysts would intercept and decode messages and communiqués know as signals intelligence (SIGINT). While many would consider SIGINT to be a recent development, tied to the development of personal computing, electronic interception appeared as early as 1900, during the Boer War.19 The Boers had captured some British radios and used them to learn about British troop movements and supply routes.20 With modern, high-speed computing; however, the field of espionage has been shaken to its very core. Gone are the days of hiding microfilms in books at Soviet border crossings; now nations are able to learn each other’s secrets with a few clicks of a mouse.

As Vice Chairman of the Joint Chiefs of Staff, James Cartwright, told Congress in March 2007 "America is under widespread attack in cyberspace."21 The low cost of entry (for example, a laptop connected to the Internet), and the ability to operate anonymously, are factors that make information operations in cyberspace attractive to adversaries who know they cannot challenge the United States in a symmetrical war.22

In recent memory, the US has faced several important breeches of its secure data sharing networks. In 1998, a series of attacks with the US codename "Moonlight Maze" were aimed at NIPRNet, the network used to exchange information internally. These attacks compromised massive amounts of sensitive military data, and appeared to originate from a mainframe in Russia.23 In 2003, a series of cyberattacks known as "Titan Rain" was launched against the U.S. Defense Information Systems Agency (DISA), the U.S. Redstone Arsenal, the Army Space and Strategic Defense Installation, and several computer systems critical to military logistics. The cyber espionage attack apparently went undetected for many months.24 Although no classified systems were breached, many files were copied containing information that is sensitive and subject to U.S. export-control laws.25 And finally, in 2006, an extended cyber attack against the U.S. Naval War College in Newport, Rhode Island, prompted officials to disconnect the entire campus from the Internet.26 A similar attack against the Pentagon in 2007 led officials to temporarily disconnect part of the unclassified network from the Internet. 27

Cyber-based threats against U.S. information infrastructures are now a growing area of concern for national security. The US CERT recently revealed that attacks on US government systems increased by 40% in 2008;28 and DoD officials acknowledge that the Global Information Grid, which is the main network for the U.S. military, experiences more than three million daily scans by unknown potential intruders.29 Maj. Gen. William Lord (Air Force) stated publicly "China has downloaded 10 to 20 terabytes of data from the NIPRNet already."30 Lt. General Charles Croom (JTF-Global Net Operations) has stated that cyber attackers "are not denying, disrupting, or destroying [American military] operations – yet. But that doesn't mean they don't have the capability."31 Potential adversaries, such as China, Russia, Cuba, Iran, Iraq, Libya, North Korea, and several non-state terrorist groups are reportedly developing capabilities to attack or degrade U.S. civilian and military networks.32

These attacks all fall under the categories of Computer Network Exploitation (CNE) and Computer Network Attacks 1 (CNA1). CNE focuses solely on exploiting weaknesses in a network’s security and copying information (communications, secrets, plans, schematics, etc.) without causing any damage to the network or the data itself.33 CNE actually falls under the net of SIGINT under US intelligence law.34 CNA1 has the same goals as CNE; however, after the intruder copies the information he/she was after, the data will either be deleted, changed, or made inaccessible in some way on the original network.35 Aside from stealing data, CNA1 seeks to erode trust in a network, making its information unreliable.

Cyber espionage is not limited to scanning government networks and searching for state secrets. In fact, as the trend of digitalization of spying continues, intelligence agencies are investing in fewer direct spies, and assigning more support and reconnaissance staff to many missions. Rather than inserting a mole in an organization or agency, governments can use social media to find viable targets. Since nearly everyone has a Twitter, Facebook, LinkedIn, or other online profile, intelligence agencies can spy on employees of state agencies; learn their schedules, habits, passions, secrets, etc; and then bribe, threaten, or coerce them into turning over sensitive information.36 37 In these circumstances, cyber espionage is used to gather information on persons with access to sensitive information, rather than trying to acquire the information directly.

The problem with this kind of espionage is that attribution is nearly impossible. While many of the attacks on US servers come from Russia and China, given the ability of hackers to route an attack through multiple IP addresses, we cannot prove the Russians or the Chinese were actually responsible. While in traditional espionage a nation may disavow any knowledge of a captured mole’s actions, in the cyber domain, anyone can hide their true identity. This anonymity allows attackers to lie in wait,38 or place sentries on a network that may go unnoticed for years, intercepting signals and scanning information (seen in the DISA and Moonlight Maze attacks).

As a Neorealist, James Adams rightfully views the Internet as an anarchic system and declares, “Cyberspace has become a new international battlefield.”39 With no governing body or police force, the Internet perfectly fits the Realist security model. In this setup, every state stands alone or with its allies, whom it can never fully trust, and desperately tries to build up its cyber strength and defenses while fearing that every breakthrough made by another state poses a direct threat to their security.

Everyone In On The Game

In the beginning, espionage was reserved for governments, then this useful tool began falling into the hands of any civilian wealthy enough to buy information on his/her competitors, giving rise to the now ubiquitous practice of corporate espionage. Generally these two practices did not intersect, but today the power has been wrestled away from the Gordon Gecko’s of the world, and now anyone with a laptop and a broadband connection is capable of stealing secrets from corporations and states.

Never before have private citizens been able to breech a government’s security on a whim; but today we have men famous for doing just that. People like Kevin Mantic, Jeremy Parker, and Kevin Poulsen are responsible for countless high-security breeches of US law enforcement agencies. Mitnick, the most wanted computer criminal in United States history,40 used his skills to get free rides on the Los Angeles bus system, hacked into the FBI’s servers, and was ultimately convicted for breaking into the Digital Equipment Corporation's computer network and stealing software.41 Parker admitted that from December 23, 2008, through October 15, 2009, he hacked into the computer network Digital River in an effort to steal money; he also admitted to hacking into NASA servers on September 24^th 2009 in order to access and clone satellite data and video feeds.42 Finally, Poulsen, known by the FBI as the Hannibal Lecter of computer crime,43 was responsible for countless telecommunications hacks from which he earned millions in profits. Authorities began to pursue Poulsen after he hacked into a federal investigation database. During this pursuit, he further drew the ire of the FBI by hacking into federal computers for wiretap information.44 These three men represent millions of people around the world engaging in the same dangerous, criminal behaviors.

This unprecedented threat to information security has been a high-profile drain on the world economy. Since 2005, U.S. businesses have publicly reported 3,765 security breach incidents, costing more than $156 billion.45 Factor in all the breeches that go unreported and the crimes faced by foreign firms, and this figure explodes into the hundreds of billions.46 These crimes can include stealing firms’ customer data, products, and intellectual property. 20^th Century Fox computers were hacked and a copy of X-Men Origins: Wolverine was leaked online before the film’s release date. The event may seem trivial, but the film was downloaded 4.5 million times before the FBI and MPAA could bring down the sites hosting it, resulting in far lower ticket sales than initially predicted.47 Chanel and Louis Vuitton are perpetually under cyber attack as counterfeiters pilfer purse designs in order to make convincing knock-offs.48 This process has cost the couture fashion houses hundreds of millions of dollars in lost sales and legal fees.49 Finally, looking at Sony’s recent breech within its PlayStation Network, we saw a 24-day service disruption, millions of dollars in damages to the network, and 77 million users’ personal information scanned and stolen resulting in a cost of over two billion dollars.50 These examples illustrate the ease with which individuals can steal sensitive information from corporations, and the extent of the damage they are capable of causing. The motives here were purely financial, but the losses represent a massive economic threat not just to individual companies and industries but also to entire countries that face the prospect of decreased economic growth in a suddenly more competitive landscape.51

More direct national security concerns arise when intellectual property and records are stolen from corporations like Lockheed Martin and other defense contractors. Foreign governments and competing companies would pay top dollar for information about weapons research projects, and more importantly, how to undermine or defeat these systems. In the past, these companies only had to worry about traditional spies and double agents, but the recent intrusions into servers at Lockheed, Boeing, Mitsubishi Heavy Industries, and Northrop Grumman52 53 indicate a more pressing threat. Any adventurous hacker could try his/her luck at getting into these systems and then sell whatever information there is to steal to the highest bidder. This represents a direct threat to national security as spies attempt to acquire sensitive defense information.

To better understand this new security landscape, let’s examine the recent global espionage movement known as Shady Rat. Over the last five years, Shady Rat successfully intruded 71 global companies, governments, and non-profit organizations.54 Lifted from these highly secure servers, among other sensitive property: countless government secrets, e-mail archives, legal contracts, and design schematics.55 While the scope of the attack was immense, many security professionals are of the opinion the Shady Rat’s significance has been overblown. "While this attack is indeed significant, it is one of many similar attacks taking place daily," said Symantec’s Hon Lau.56 "Even as we speak, there are other malware groups targeting many other organizations in a similar manner in order to gain entry and pilfer secrets."57 While Mr. Lau is correct, his nonchalance reveals an even more frightening truth; attacks of this magnitude are so frequent that they have become mundane. There is little comfort to be found in this realization.

It Keeps Getting Easier

The following image is commonly know throughout the Internet as the “Dangerous Kitten.” This photo meme combines a cute kitten and the most famous quotation from the popular Legend of Zelda video game series. Now what does this amusing image have to do with cyber espionage? The actual JPEG file was used to deliver a powerful set of hacking tools. Using stenography,58 a .rar file containing the entire software suite was embedded in the image and made freely available on sites like 4chan.org and Anonymous message boards.59

The tools in the suite are designed for network intrusion and data manipulation; in skilled hands they are quite dangerous, and in unskilled hands, the damage they could cause to a server is potentially catastrophic.60 The tools were also designed to be used by absolutely anyone. With an introductory ReadMe file that advises users “This kit is perfect for libraries, Cafes, "friends" houses, and any computer you don't own. You're in, you raid, you're out...and no one's really the wiser” and simple instructions such as “enter IP, double click, and enjoy,”61 it becomes apparent that the kit can be used for any number of nefarious purposes, and the kitten’s name suddenly becomes an ironic double entendre.

These readily available hacker kits are what compound the security problem we currently face. Militias and terrorists must be trained and armed, both are expensive and likely to attract unwanted attention, but free and anonymous software allows anyone to become an online threat. During the Iranian Green Revolution, Anonymous used kits similar to these to program back-doors into Iranian firewalls and set up proxy servers so Iranians could evade the metaphorical blockade and access sites like Gmail, Facebook, and Western news outlets to organize their protests and get information out to the rest of the world.62

Chemicals can be controlled and missiles locked-down, but by the Internet’s very nature, these weapons-grade threats can be hidden and distributed absolutely anywhere.Continued on Next Page »

1 2 3

Abbate, Janet. Inventing the Internet. Cambridge, Mass: MIT, 1999. Print. Pg 15.

Adams, James. "Virtual Defense" Foreign Affairs Vol. 80, No. 3 (May - Jun., 2001), pp. 98

Alperovitch, Dmitri “Revealed Operation Shady Rat” McAfee White Paper

Capabilities and Related Policy Issues." Open CRS. Web. <http://www.fas.org/sgp/crs/natsec/RL31787.pdf>.

Chris Johnson, Naval War College Network, “Web Site Back Up Following Intrusion,” Inside the Navy, December 18, 2006.

“Dangerous Kitten” Encyclopedia Dramatica <http://encyclopediadramatica.ch/Dangerous_Kitten>

Danny, Cohen. "Specifications For the Network Voice Protocol (NVP)." (1976): Pg 12. Internet Engineering Task Force. Web. <http://tools.ietf.org/rfc/rfc741.txt>.

DOJ Case Logs <http://www.fbi.gov/minneapolis/press-releases/2011/texas-man-sentenced-for-hacking-into-computer-servers-of-local-company-and-nasa>

Eriksson, Johan & Giacomello, Giampiero. “The Information Revolution, Security, and International Relations”. International Political Science Review Vol. 27, No. 3 (Jul., 2006), pp. 231

Fidler, Stephen "Steep Rise in Hacking Attacks from China," The Financial Times, December 5, 2007, at www.ft.com/cms/s/0/c93e3ba2-a361-11dc-b229-0000779fd2ac.html.

Ferrucci, David. "Building Watson: An Overview of the DeepQA Project." Association for the Advancement of Artificial Intelligence. 2010. Web. <http://www.stanford.edu/class/cs124/AIMagzine-DeepQA.pdf>.

Grow, Brian, Keith Epstein, and Chi-Chu Tschang. "The New E-spionage Threat." Business Week. 10 Apr. 2008. Web. <www.cis.gsu.edu/~dtruex/courses/.../NewE-spionageThreat-BW042108.pdf>.

Gross, Michael “Exculsive: Operation Shady Rat” Vanity Fair 8/2/11 <http://www.vanityfair.com/culture/features/2011/09/operation-shady-rat-201109>

Hawke, Jack. “Internet Underground Takes on Iran”. MSN 9News. http://news.ninemsn.com.au/technology/827036/internet-underground-takes-on-iran

http://gigaom.com/cloud/the-real-costs-of-cyber-crime-infographic/

IMP -- Interface Message Processor, LivingInternet. http://www.livinginternet.com/i/ii_imp.htm

Keizer, Gregg. “'Shady RAT' hacking claims overblown, say security firms” Computer World 8/5/11 <http://www.computerworld.com/s/article/9218910/_Shady_RAT_hacking_claims_overblown_say_security_firms?taxonomyId=82&pageNumber=2>

Dr. Kopp, Carlo. "Understanding Network Centric Warfare." Air Power Australia - Home Page. 10 Apr. 2011. Web. <http://www.ausairpower.net/TE-NCW-JanFeb-05.html>.

Kruger, Lennard G. "Internet Domain Names: Background and Policy Issues." Open CRS. Web. <http://lugar.senate.gov/services/pdf_crs/internet/Internet_Domain_Names_Background_and_Policy_Issues.pdf>.

Lamont, Gary and Holloway, Eric. 2009. “Military network security using self organized multi-agent entangled hierarchies.” Proceedings of the 11th Annual Conference Companion on Genetic and Evolutionary Computation Conference: Late Breaking Papers (GECCO '09). ACM, New York, NY, USA, 2559-2566. DOI=10.1145/1570256.1570361 http://doi.acm.org/10.1145/1570256.1570361

Lee, Bartholomew. "Radio Spies – Episodes in the Ether Wars" http://www.trft.org/TRFTPix/spies9eR2006.pdf

Leffall, Jabulani "As cybercrime grows, so do the costs " MarketWatch.com October 13^th 2011.<http://www.marketwatch.com/story/as-cybercrime-grows-so-do-the-costs-2011-10-13>

Libicki, Martin, et al. “Influences on the Adoption of Multifactor Authentication” RAND Homeland Security and Defense Center <http://www.rand.org/content/dam/rand/pubs/technical_reports/2011/RAND_TR937.pdf>

McClintock, Pamela (May 6, 2009). "'X-Men' takes hit in foreign markets". Variety.

McLure, Helen “The Wild, Wild Web: The Mythic American West and the Electronic Frontier” The Western Historical Quarterly, Vol. 31, No. 4 (Winter, 2000), pp. 457-476

<http://www.jstor.org/stable/pdfplus/970103.pdf?acceptTC=true&>

Office of the United States Intellectual Property Enforcement Coordinator August 2010 <http://docs.google.com/viewer?a=v&q=cache:Z_4e8r7IZnIJ:www.justice.gov/dag/iptaskforce/intellectual-property-spotlight.pdf>

Oldehoeft, Arthur Foundations of a Security Policy for Use of the National Research and Educational Network, NIST February 1992. Pg 12

"Pentagon warns of Internet incursion by Chinese cyber-terrorists," GCN, August 24, 2006.

Pershing, Genny. "Cybertelecom :: ARPANet (1960s)”.

Pershing, Genny. "Cybertelecom :: ARPANet (1960s)." Cybertelecom :: Federal Internet Law and Policy - An Educational Project. 1 Feb. 2011. Web. <http://www.cybertelecom.org/notes/internet_history.htm>.

Pershing, Genny. "Cybertelecom :: ARPANet (1970s)."

Pershing, Genny. "Cybertelecom :: ARPANet (1970s)." Cybertelecom :: Federal Internet Law and Policy - An Educational Project. 1 Feb. 2011. <http://www.cybertelecom.org/notes/internet_history70s.htm>.

Pershing, Genny. "Cybertelecom :: ARPANet to Internet 1980s."

Phister, Paul W. "CyberCraft: Concept Linking NCW Principles with the Cyber Domain in an Urban Operational Environment." Web. <http://www.au.af.mil/au/awc/awcgate/afrl/cybercraft.pdf>.

Postel, Jon. "DoD Standard Internet Protocol." Internet Engineering Task Force. Web. <http://tools.ietf.org/html/rfc760#page-iii>.

Rashid, Fahmida “Northrop Grumman, L-3 Communications Hacked via Cloned RSA SecurID Tokens” eWeek 6/2/2011 <http://www.eweek.com/c/a/Security/Northrop-Grumman-L3-Communications-Hacked-via-Cloned-RSA-SecurID-Tokens-841662/>

Rollins, John. "Terrorist Capabilities for Cyberattack: Overview and Policy Issues." Open CRS. Web. <http://www.fas.org/sgp/crs/terror/RL33123.pdf>.

SEC Guidence on Reporting Cyber Security Incidents <https://campus.georgetown.edu/webapps/blackboard/content/contentWrapper.jsp?content_id=_2303938_1&displayName=SEC+Guidance+on+Reporting+Cybersecurity+Risks+and+Cyber+Incidents&course_id=_166817_1&navItem=content&href=http%3A%2F%2Fwww.sec.gov%2Fdivisions%2Fcorpfin%2Fguidance%2Fcfguidance-topic2.htm>

Singel, Ryan and Poulsen, Kevin (June 29, 2006). "Your Own Personal Internet". 27B Stroke 6, Wired.com. Retrieved 2006-08-24.

“Top 10 Most Famous Hackers of All Time” – IT Security <http://www.itsecurity.com/features/top-10-famous-hackers-042407/>

Tzu, Sun. The Art of War. [S.l.]: Pax Librorum H, 2009. Print.

“What are some advantages of VOIP?” http://www.fcc.gov/voip/

Wilson, Clay. "Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress." Open CRS. Web. <http://assets.opencrs.com/rpts/RL32114_20071115.pdf>.

Yin, Sara “Report: U.S. Urges Japan to Prioritize Security After Contractor Hack” PCMagazine 9/21/2011 <http://www.pcmag.com/article2/0,2817,2393320,00.asp>

1.) Singel, Ryan and Poulsen, Kevin (June 29, 2006). "Your Own Personal Internet". 27B Stroke 6, Wired.com. Retrieved 2006-08-24.

2.) Tzu, Sun. The Art of War. [S.l.]: Pax Librorum H, 2009. Print.

3.) Kruger, Lennard G. "Internet Domain Names: Background and Policy Issues." Open CRS. Web. <http://lugar.senate.gov/services/pdf_crs/internet/Internet_Domain_Names_Background_and_Policy_Issues.pdf>.

4.) Pershing, Genny. "Cybertelecom :: ARPANet (1960s)." Cybertelecom :: Federal Internet Law and Policy - An Educational Project. 1 Feb. 2011. Web. <http://www.cybertelecom.org/notes/internet_history.htm>.

5.) Abbate, Janet. Inventing the Internet. Cambridge, Mass: MIT, 1999. Print. Pg 15.

6.) Pershing, Genny. "Cybertelecom :: ARPANet (1960s)”.

7.) IMP -- Interface Message Processor, LivingInternet. http://www.livinginternet.com/i/ii_imp.htm

8.) Pershing, Genny. "Cybertelecom :: ARPANet (1970s)." Cybertelecom :: Federal Internet Law and Policy - An Educational Project. 1 Feb. 2011. <http://www.cybertelecom.org/notes/internet_history70s.htm>.

9.) Ibid

10.) Danny, Cohen. "Specifications For the Network Voice Protocol (NVP)." (1976): Pg 12. Internet Engineering Task Force. Web. <http://tools.ietf.org/rfc/rfc741.txt>.

11.) Pershing, Genny. "Cybertelecom :: ARPANet (1970s)."

12.) “What are some advantages of VOIP?” http://www.fcc.gov/voip/

13.) Pershing, Genny. "Cybertelecom :: ARPANet (1970s)”.

14.) Arthur Oldehoeft, Foundations of a Security Policy for Use of the National Research and Educational Network, NIST February 1992. Pg 12

15.) Pershing, Genny. "Cybertelecom :: ARPANet to Internet 1980s."

16.) Ibid

17.) Postel, Jon. "DoD Standard Internet Protocol." Internet Engineering Task Force. Web. <http://tools.ietf.org/html/rfc760#page-iii>.

18.) Pershing, Genny. "Cybertelecom :: ARPANet to Internet 1980s."

19.) Lee, Bartholomew. "Radio Spies – Episodes in the Ether Wars" http://www.trft.org/TRFTPix/spies9eR2006.pdf

20.) Ibid

21.) Wilson, Clay. "Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress." Open CRS. Web. <http://assets.opencrs.com/rpts/RL32114_20071115.pdf>.

22.) Ibid

23.) Ibid

24.) Ibid

25.) Ibid

26.) Chris Johnson, Naval War College Network, “Web Site Back Up Following Intrusion,” Inside the Navy, December 18, 2006.

27.) Wilson, Clay. "Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress."

28.) Stephen Fidler, "Steep Rise in Hacking Attacks from China," The Financial Times, December 5, 2007, at www.ft.com/cms/s/0/c93e3ba2-a361-11dc-b229-0000779fd2ac.html.

29.) Rollins, John. "Terrorist Capabilities for Cyberattack: Overview and Policy Issues." Open CRS. Web. <http://www.fas.org/sgp/crs/terror/RL33123.pdf>.

30.) "Pentagon warns of Internet incursion by Chinese cyber-terrorists," GCN, August 24, 2006.

31.) Grow, Brian, Keith Epstein, and Chi-Chu Tschang. "The New E-spionage Threat." Business Week. 10 Apr. 2008. Web. <www.cis.gsu.edu/~dtruex/courses/.../NewE-spionageThreat-BW042108.pdf>.

32.) Wilson, Clay. "Information Operations, Electronic Warfare, and Cyberwar:

Capabilities and Related Policy Issues." Open CRS. Web. <http://www.fas.org/sgp/crs/natsec/RL31787.pdf>.

33.) Class Discussion 9/26/11

34.) Ibid

35.) Ibid

36.) Class Discussion 10/24/11

37.) Dr. Kopp, Carlo. "Understanding Network Centric Warfare." Air Power Australia - Home Page. 10 Apr. 2011. Web. <http://www.ausairpower.net/TE-NCW-JanFeb-05.html>.

38.) Class Discussion 10/24/11

39.) Adams, James. "Virtual Defense" Foreign Affairs Vol. 80, No. 3 (May - Jun., 2001), pp. 98

40.) “Top 10 Most Famous Hackers of All Time” – IT Security <http://www.itsecurity.com/features/top-10-famous-hackers-042407/>

41.) Ibid

42.) DOJ Case Logs <http://www.fbi.gov/minneapolis/press-releases/2011/texas-man-sentenced-for-hacking-into-computer-servers-of-local-company-and-nasa>

43.) “Top 10 Most Famous Hackers of All Time” – IT Security

44.) Ibid

45.) Leffall, Jabulani "As cybercrime grows, so do the costs " MarketWatch.com October 13^th 2011.<http://www.marketwatch.com/story/as-cybercrime-grows-so-do-the-costs-2011-10-13>

46.) Ibid

47.) McClintock, Pamela (May 6, 2009). "'X-Men' takes hit in foreign markets". Variety.

48.) Office of the United States Intellectual Property Enforcement Coordinator August 2010 <http://docs.google.com/viewer?a=v&q=cache:Z_4e8r7IZnIJ:www.justice.gov/dag/iptaskforce/intellectual-property-spotlight.pdf>

49.) Ibid

50.) http://gigaom.com/cloud/the-real-costs-of-cyber-crime-infographic/

51.) Alperovitch, Dmitri “Revealed Operation Shady Rat” McAfee White Paper

52.) Rashid, Fahmida “Northrop Grumman, L-3 Communications Hacked via Cloned RSA SecurID Tokens” eWeek 6/2/2011 <http://www.eweek.com/c/a/Security/Northrop-Grumman-L3-Communications-Hacked-via-Cloned-RSA-SecurID-Tokens-841662/>

53.) Yin, Sara “Report: U.S. Urges Japan to Prioritize Security After Contractor Hack” PCMagazine 9/21/2011 <http://www.pcmag.com/article2/0,2817,2393320,00.asp>

54.) Alperovitch, Dmitri “Revealed Operation Shady Rat” McAfee White Paper

55.) Gross, Michael “Exculsive: Operation Shady Rat” Vanity Fair 8/2/11 <http://www.vanityfair.com/culture/features/2011/09/operation-shady-rat-201109>

56.) Keizer, Gregg. “'Shady RAT' hacking claims overblown, say security firms” Computer World 8/5/11 <http://www.computerworld.com/s/article/9218910/_Shady_RAT_hacking_claims_overblown_say_security_firms?taxonomyId=82&pageNumber=2>

57.) Ibid

58.) Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity.

59.) “Dangerous Kitten” Encyclopedia Dramatica <http://encyclopediadramatica.ch/Dangerous_Kitten>

60.) Ibid

61.) Ibid

62.) Hawke, Jack. “Internet Underground Takes on Iran”. MSN 9News. http://news.ninemsn.com.au/technology/827036/internet-underground-takes-on-iran

63.) Named after Andrey Markov, MDPs provide a mathematical framework for modeling decision-making in situations where outcomes are partly random and partly under the control of a decision maker. MDPs are useful for studying a wide range of optimization problems solved via dynamic programming and reinforcement learning.

64.) Lamont, Gary and Holloway, Eric. 2009. “Military network security using self organized multi-agent entangled hierarchies.” Proceedings of the 11th Annual Conference Companion on Genetic and Evolutionary Computation Conference: Late Breaking Papers (GECCO '09). ACM, New York, NY, USA, 2559-2566. DOI=10.1145/1570256.1570361 http://doi.acm.org/10.1145/1570256.1570361

65.) Ferrucci, David. "Building Watson: An Overview of the DeepQA Project." Association for the Advancement of Artificial Intelligence. 2010. Web. <http://www.stanford.edu/class/cs124/AIMagzine-DeepQA.pdf>.

66.) Lamont, Gary and Holloway, Eric. “Military network security using self organized multi-agent entangled hierarchies.”

67.) Ibid

68.) Phister, Paul W. "CyberCraft: Concept Linking NCW Principles with the Cyber Domain in an Urban Operational Environment." Web. <http://www.au.af.mil/au/awc/awcgate/afrl/cybercraft.pdf>.

69.) Libicki, Martin, et al. “Influences on the Adoption of Multifactor Authentication” RAND Homeland Security and Defense Center <http://www.rand.org/content/dam/rand/pubs/technical_reports/2011/RAND_TR937.pdf>

70.) SEC Guidence on Reporting Cyber Security Incidents <https://campus.georgetown.edu/webapps/blackboard/content/contentWrapper.jsp?content_id=_2303938_1&displayName=SEC+Guidance+on+Reporting+Cybersecurity+Risks+and+Cyber+Incidents&course_id=_166817_1&navItem=content&href=http%3A%2F%2Fwww.sec.gov%2Fdivisions%2Fcorpfin%2Fguidance%2Fcfguidance-topic2.htm>

71.) Eriksson, Johan & Giacomello, Giampiero. “The Information Revolution, Security, and International Relations”. International Political Science Review Vol. 27, No. 3 (Jul., 2006), pp. 231

72.) McLure, Helen “The Wild, Wild Web: The Mythic American West and the Electronic Frontier” The Western Historical Quarterly, Vol. 31, No. 4 (Winter, 2000), pp. 457-476

<http://www.jstor.org/stable/pdfplus/970103.pdf?acceptTC=true&>

73.) Ibid

74.) Ibid

75.) Eriksson, Johan & Giacomello, Giampiero. “The Information Revolution, Security, and International Relations”. International Political Science Review Vol. 27, No. 3 (Jul., 2006), pp. 236

76.) Ibid 237

Constantine J. Petallides studies International Politics at Georgetown University in Washington, DC.

More By This Author:

International Law Reconsidered: Is International Law Actually Law?

Cyber Terrorism and IR Theory: Realism, Liberalism, and Constructivism in the New Security Threat

Trading For Membership: Effects of EU Candidacy on Trade Openness and GDP Per Capita in Countries Seeking Membership

Cedars to the East: A Study of Modern Lebanon

Subscribe to Updates

Did you enjoy this article? Subscribe to the Student Pulse RSS or follow us on Twitter to receive our latest updates.

Follow @studentpulse

Cyber Attack Prevention for the Home User: How to Prevent a Cyber Attack

Cyber Terrorism and IR Theory: Realism, Liberalism, and Constructivism in the New Security Threat

International Law Reconsidered: Is International Law Actually Law?

Social Networking: Protecting Your Information and Personal Brand

Preventive Security in the 21st Century: The Threats of the Threats

Ungoverned Space, Fragile States, and Global Threats: Deconstructing Linkages

Somali Refugees in Kenya: Security Deficiencies and Public Health Concerns as a Result of Ineffective Policy

On Topic These keywords are trending in Computer Science

Calling All College Students!

We know how hard you've worked on your school papers, so take a few minutes to blow the dust off your hard drive and contribute your work to a world that is hungry for information.

It's a good feeling to see your name in print, and it's even better to know that thousands of people will read, share, and talk about what you have to say.

Share This Article

About Student Pulse

Student Pulse provides undergraduate and graduate students around the world a platform for the wide dissemination of academic work over a range of core disciplines.

Representing the work of students from hundreds of institutions around the globe, Student Pulse's large database of academic articles is completely free. Learn more »

Cracking the Digital Vault: A Study of Cyber Espionage

Interstate Espionage

Everyone In On The Game

It Keeps Getting Easier

More By This Author:

Subscribe to Updates

Related Articles

On Topic These keywords are trending in Computer Science

Calling All College Students!

Trending Articles

Share This Article

About Student Pulse

Follow Us