Best Defense is a Good Offense

The Best Defense Against Cyber Insurgents is a Good Offense

Danger Room is doing an outstanding job covering the story regarding insurgents capturing data from drones by eavesdropping the airwaves first revealed by the Wall Street Journal. Additional stories have covered other systems potentially vulnerable, potential ramifications of insurgent data interception, and my personal favorite – a discussion with Rex Buddenberg of the Naval Postgraduate School regarding the broader problem where the DoD focuses primarily on link security (communication protection) as opposed to data security (information protection).

But most of the conversation to date has taken a traditional military view of the problem. Ask an Army General what it means when the enemy is using specific tactics to infiltrate your lines of communication, and the General is unlikely to give you any good news. Ask a cyber soldier what it means when the enemy is using specific tactics to infiltrate your lines of communication, and you might notice a slight smile cross the soldiers face. When the enemy is in your lines it means bad news in traditional military terms, but in the asymmetrical world of cyber warfare this development should be seen as an opportunity.

Consider the details surrounding this massive security breach and consider whether things are as they appear. We know a lot of detail, a shocking amount actually.

* We know what systems are most vulnerable.
* We know what software is being used by the enemy.
* We know what hardware is being used by the enemy.
* We may even have a good idea of the skill level of the cyber insurgent.
* We have a good degree of knowledge on the devices receiving and potentially disseminating the data.
* We have complete control over the devices expected to send the information.

In cyber warfare terms, that is a gold mine of information.

There is a phrase in cyber warfare: The distance between information dominance and disinformation dominance is measured in millimeters. The use of “disinformation” in that phrase is often confused to mean playing charades with data (or changing data), but it should be seen in the context of social engineering for information (sometimes described as lie to learn). The DoD treats information as a weapon, always has. That isn’t always a good thing for our strategic communications, but in this case, treating information as a weapon is appropriate. Unless the Wall Street Journal article is one of the best conceived disinformation campaigns in cyber military history, it is very unlikely the WSJ’s source is a cyber security expert – rather a traditional military thinker who is forgetting to channel his inner Clausewitz.

In the old days of full disclosure for computer security vulnerabilities it was common for cyber experts wearing either a white or black hat to utilize a honeypot set to detect, deflect, sometimes counteract, but always to make record of attempts at unauthorized use of information systems. The purpose of most honeypots was to learn new techniques and identify common patterns used in the internet wild. Honeypots were intentionally left undefended in many cases, because the hope was to lure the hacker in.

From a cyber warfare perspective, the short term solution to the UAV video issue is not to encrypt the data (which is the long term solution), rather to use the unencrypted video stream to go after the cyber insurgents – with the specific intention of getting inside their network. It is not complicated to have a normal UAV camera send a video signal exactly as intended for the military function, but include packet data that exploits vulnerabilities in software like skygrabber, or to include code that exploits known vulnerabilities in popular video players. I’m sticking to very common examples that are easily understood by the masses, but at many layers of the UAVs video signal the potential to exploit the unencrypted broadcasted video feed as a weapon is significant.

In cyber warfare on today’s military battlefield, the UAV would became the signaling device intended to turn every unauthorized listening laptop into a potential breached system of the insurgent network, and there are many ways to add data to the UAV video system without compromising the military use of the video system. It is entirely probable the DoD is leveraging the known vulnerabilities of the video feed to turn the insurgent satellite snooper network into a new gateway into the insurgent information network.

While this UAV data breach does represent a horribly designed, taxpayer funded military information network, there is no reason the DoD isn’t already using this “problem” to our advantage, and leveraging the detailed knowledge of the insurgent eavesdropping techniques to get the cyber insurgents unwittingly working for our side. Most of the social engineering work has already been done; we know what the target network entry point, hardware, software, and user skill level… all that is left is to develop and deliver payloads.

Our Clausewitz trained military knows the best defense is a good offense. On today’s cyber military battlefield, going offensive with cyber “smart bombs” is a legitimate response to unauthorized network intruders in a war zone, indeed it should be standard operating procedure for all unencrypted military networks moving potentially sensitive data.

[U.S. Naval Institute]