Introduction to Cyber-Warfare
A Multidisciplinary Approach
- 1st Edition - June 4, 2013
- Latest edition
- Authors: Paulo Shakarian, Jana Shakarian, Andrew Ruef
- Language: English
Introduction to Cyber-Warfare: A Multidisciplinary Approach, written by experts on the front lines, gives you an insider's look into the world of cyber-warfare through the use of… Read more
Introduction to Cyber-Warfare: A Multidisciplinary Approach, written by experts on the front lines, gives you an insider's look into the world of cyber-warfare through the use of recent case studies. The book examines the issues related to cyber warfare not only from a computer science perspective but from military, sociological, and scientific perspectives as well. You'll learn how cyber-warfare has been performed in the past as well as why various actors rely on this new means of warfare and what steps can be taken to prevent it.
- Provides a multi-disciplinary approach to cyber-warfare, analyzing the information technology, military, policy, social, and scientific issues that are in play
- Presents detailed case studies of cyber-attack including inter-state cyber-conflict (Russia-Estonia), cyber-attack as an element of an information operations strategy (Israel-Hezbollah,) and cyber-attack as a tool against dissidents within a state (Russia, Iran)
- Explores cyber-attack conducted by large, powerful, non-state hacking organizations such as Anonymous and LulzSec
- Covers cyber-attacks directed against infrastructure, such as water treatment plants and power-grids, with a detailed account of Stuxent
Information security professionals, system administrators. Security managers, security analysts. defense analysts, defense personnel, U.S Cybercom staff
Preface
Foreword
Introduction
References
Biography
Chapter 1. Cyber Warfare: Here and Now
Information in this Chapter
What Is Cyber War?
Is Cyber War a Credible Threat?
Attribution, Deception, and Intelligence
Information Assurance
References
I: Cyber Attack
Part I Cyber Attack
Chapter 2. Political Cyber Attack Comes of Age in 2007
Information in this Chapter
Reliance on Information as a Vulnerability
Rudimentary but Effective: Denial of Service
Leaving Unwanted Messages: Web Site Defacement
Tools for Denial of Service
The Difficulty of Assigning Blame: Why Attribution Is Tough in a DDoS Attack
Estonia Is Hit by Cyber Attacks
General Response to DDoS
Summary
Suggested Further Reading
References
Chapter 3. How Cyber Attacks Augmented Russian Military Operations
Information in This Chapter
The 2008 Russian Cyber Campaign Against Georgia
What Is Interesting About the Russian Cyber Campaign
Preparing for a Cyber-Capable Adversary
Summary
Suggested Further Reading
References
Chapter 4. When Who Tells the Best Story Wins: Cyber and Information Operations in the Middle East
Information in this Chapter
Hijacking Noncombatant Civilian IP Addresses to Help the War Effort: The Israel-Hezbollah “July War” of 2006
Civilians in the Cyber Melee: Operation Cast Lead
Summary
Suggested Further Reading
References
Chapter 5. Limiting Free Speech on the Internet: Cyber Attack Against Internal Dissidents in Iran and Russia
Information in This Chapter
DDoS as a Censorship Tool: Why Dissident Groups Are Inherently Vulnerable to Cyber Attacks
Silencing Novaya Gazeta and Other Russian Dissidents
Iran—How the 2009 Elections Led to Aggressive Cyber Operations
Summary
References
Chapter 6. Cyber Attacks by Nonstate Hacking Groups: The Case of Anonymous and Its Affiliates
Information in This Chapter
“Chaotic” Beginnings: The Chaos Computer Club, CCC
The Roots of the Anon—4chan, 7chan, and Other Message Boards
How We Are Influenced by 4chan: Memes
Anonymous—On Image, Structure, and Motivation
Anonymous—External Connections and Spin Offs
Your Security Is a Joke: LulzSec
Anonymous’ Modus Operandi
Targeting Governments, Corporations, and Individuals: Notable Hacks on Anonymous
Software for the Legion: Anonymous Products
Summary
Suggested Further Reading
References
II: Cyber Espionage and Exploitation
Part II Cyber Espionage and Exploitation
Chapter 7. Enter the Dragon: Why Cyber Espionage Against Militaries, Dissidents, and Nondefense Corporations Is a Key Component of Chinese Cyber Strategy
Information in This Chapter
Introduction
Why Cyber Espionage Is Important to China: A Look at Chinese Cyber Doctrine
Leveraging Resources Beyond the Military: The Cyber Warriors of China
Stealing Information from the U.S. Industrial-Military Complex: Titan Rain
Cyber War Against the Corporate World: A Case Study of Cyber Intrusion Attributed to China
Monitoring Dissidents: Gh0stNet
Using Legitimate Web Sites for Data Exfiltration: The Shadow Network
Cyber War Through Intellectual Property Theft: Operation Aurora
An Example of the Current State of the Art: Sykipot
Summary
Suggested Further Reading
References
Chapter 8. Duqu, Flame, Gauss, the Next Generation of Cyber Exploitation
Information in This Chapter
Introduction
Kernel Mode Rootkits
Vulnerabilities in the Operating System
Stolen Keying Material
Commonalities Between Stuxnet and Duqu
Information-Stealing Trojans
The Geography of Duqu
TDL3 and Other Malware
Object-Oriented Malware: Stuxnet, Duqu, Flame, and Gauss
Summary
Suggested Further Reading
References
Chapter 9. Losing Trust in Your Friends: Social Network Exploitation
Information in This Chapter
Introduction
Do You Really Know All Your LinkedIn Connections? Imposters in Social Networks
Designing Common Knowledge: Influencing a Social Network
Summary
Suggested Further Reading
References
Chapter 10. How Iraqi Insurgents Watched U.S. Predator Video—Information Theft on the Tactical Battlefield
Information in This Chapter
Introduction
The Predator UAV
Hacking the Predator Feed
Summary
Suggested Further Reading
References
III: Cyber Operations for Infrastructure Attack
Part III Cyber Operations for Infrastructure Attack
Chapter 11. Cyber Warfare Against Industry
Information in This Chapter
Introduction
Industrial Control Systems: Critical Infrastructure for Modern Nations
Information Technology vs. Industrial Control Systems: Why Traditional Infosec Practices May Not Apply
How Real-World Dependencies Can Magnify an Attack: Infrastructure Attacks and Network Topology
How a Cyber Attack Led to Water Contamination: The Maroochy Water Breach
Summary
Suggested Further Reading
References
Chapter 12. Can Cyber Warfare Leave a Nation in the Dark? Cyber Attacks Against Electrical Infrastructure
Information in This Chapter
Introduction
Cyber Attacks Directed Against Power Grids
Destroying a Generator with a Cyber Attack: The Aurora Test
Taking the Power Grid Offline with Minimal Effort: Attacks Leveraging Network Topology
Summary
Suggested Further Reading
References
Chapter 13. Attacking Iranian Nuclear Facilities: Stuxnet
Information in This Chapter
Introduction
The Alleged Target: The Natanz Fuel Enrichment Facility
How Stuxnet Targets Industrial Control Systems
Stuxnet Successfully Targets the Natanz Fuel Enrichment Plant
Stuxnet Is a Significant Advancement in Malware
Stuxnet Invalidates Several Security Assumptions
Implications for the Future
Summary
Suggested Further Reading
References
Conclusion and the Future of Cyber Warfare
References
Appendix I. Chapter 6: LulzSec Hacktivities
References
Appendix II. Chapter 6: Anonymous Timeline
References
Glossary
Index
"...an excellent overview of the topic…It looks at the information security aspect of cyberwarfare, as well the military, sociological and other aspects…this book should indeed be read by everyone in Washington, as they are making decisions on the topic, without truly understanding it."—Slashdot.org, RSAConference.com, August 4 2014
- Edition: 1
- Latest edition
- Published: June 4, 2013
- Language: English
PS
Paulo Shakarian
Paulo Shakarian, Ph.D. is a Major in the U.S. Army and an Assistant Professor of Computer Science at the U.S. Military Academy (West Point) teaching classes on computer science and information technology as wells as conducting research on cyber-security, social networks, and artificial intelligence. He has written over twenty papers published in scientific and military journals. Relating to cyber-warfare, he has written the paper “Stuxnet: Cyberwar Revolution in Military Affairs” published in Small Wars Journal and “The 2008 Russian Cyber-Campaign Against Georgia” published in Military Review. His scientific research has also been well received, featured in major news media such including The Economist and Nature. Previously, he has authored Geospatial Abduction: Principles and Practice published by Springer. Paulo holds a Ph.D. and M.S. in computer science from the University of Maryland, College Park, a B.S. in computer science from West Point, and a Depth of Study in Information Assurance also from West Point. Paulo has served two combat tours in Operation Iraqi Freedom. His military awards include the Bronze Star, Meritorious Service Medal, Army Commendation Medal with Valor Device, and Combat Action Badge. Paulo’s website is: http://shakarian.net/paulo.
JS
Jana Shakarian
Jana Shakarian is a Research Fellow at the West Point Network Science Center conducting sociological research in support of various DoD-sponsored projects. Previously, Jana has worked as a research assistant at Laboratory for Computational Cultural Dynamics at the University of Maryland where she extensively studied terrorist groups in south-east Asia in addition to other research initiatives at the intersection of social and computational science applied to military and security problems. She has written numerous papers in addition to co-authoring the book Computational Analysis of Terrorist Groups: Lashkar-e-Tabia, to be published by Springer in the near future. Jana holds an M.A. in cultural and social anthropology and sociology from the Johannes Gutenberg University, Mainz where her thesis was on “new war” theory. Jana’s website is: http://shakarian.net/jana.
AR
Andrew Ruef
Andrew Ruef is a Senior Systems Engineer at the firm Trail of Bits (New York, NY) where he conducts information security analysis. Andrew has nearly a decade of industry experience in computer network security and software engineering, working on various projects including reverse-engineering of malware, analysis of computer network traffic for security purposes, system administration, and development of secure software products. Andrew has also written numerous white papers on information security and has spoken at various conferences such including a recent conference talk at the Dagstuhl computer research center in Germany. Currently, Andrew is working toward his B.S. in Computer Science at the University of Maryland, College Park. A sampling of some of Andrew’s technical work can be found here: http://www.kyrus-tech.com/tag/andrew-ruef/.
Read Introduction to Cyber-Warfare on ScienceDirect