Monday, October 15, 2012

Being "held accountable" is the new black.

There's a general proscription in the IC about talking in any way about offensive things - for good reason. For for that reason, I recommend you take a little grain of salt with some of the things in Secretary Panetta's talk (here).


But even more alarming is an attack that happened two months ago when a very sophisticated virus called Shamoon infected computers in the Saudi Arabian State Oil Company Aramco.  Shamoon included a routine called a ‘wiper’, coded to self-execute.  This routine replaced crucial systems files with an image of a burning U.S. flag.  But it also put additional garbage data that overwrote all the real data on the machine.  More than 30,000 computers that it infected were rendered useless and had to be replaced.  It virtually destroyed 30,000 computers.


For example, the reason the Iranians named their module "wiper" is to reflect the name against their attackers, who had previously destroyed some Iranian oil refinery computers (http://news.techworld.com/security/3379060/mystery-wiper-malware-linked-to-duqu-says-security-firm/) .


Over the last two years, DoD has made significant investments in forensics to address this problem of attribution and we're seeing the returns on that investment.  Potential aggressors should be aware that the United States has the capacity to locate them and to hold them accountable for their actions that may try to harm America.

Likewise, offensive operations are how you do attribution, although defensive tools (such as forensics) typically have a small role as well (IMHO).

A big question here is the meaning of "Hold them accountable." Does this mean targeted assassination, the way it does with Iranian nuclear scientists? Is that how far we've come?

1 comment:

  1. I think US is afraid, .gov knows that there are too many weaknesses and exposures so all the speech go towards getting the enemy to think twice before attacking, the same with "cyber attacks will be considered an act of war", not confirming nor denying involvement in Stuxnet, saying that powerful cyberweapons where used on Afghanistan, etc. US wants to show cyberwarfare power and also does this kind of speech as deterrence.

    ReplyDelete