Cyber Security

(External Content) Cyber Deterrence Theory

Abstract: This study endeavors to identify the shortfalls of the United States current utilization of deterrence theory in light of a growing amount of asymmetric warfare, warfare from afar, and cyber warfare that may rise to the level of weapons of mass destruction level. It proposes that this deterrence theory should be modernized to less developing a strategic common practice where some aggression is tolerated, and intolerable acts of aggression are retaliated with through diplomatic and economic tools against individuals involved within the organization perpetuating the aggression.

Citation: Hallock, Danial (2018).  "Modernizing Deterrence Theory." AMU. Accessed at: https://www.danialhallock.com/blog/2018/4/1/modernizing-deterrence-theory

Related Articles: Paradox of ProgressRedefining the Cold War; Syria, North Korea, and Trump

Abstract: This study identifies prior authoritative research into attribution assessments, their shortfalls, and recommends several potential avenues of improvement, namely the targeting of individual persons within non-state actors and advanced persistent threat actors conducting cyber attacks against the U.S. and her allies utilizing prior research into pyschology and motivational theories. 

Citation: Hallock, Danial (2018).  "Solving the Issue of Attribution, Targeting, and Retaliation." AMU. Accessed at: https://www.danialhallock.com/blog/2018/4/1/modernizing-deterrence-theory

Related Articles: When Bots Become Bombs, Paradox of Progress, The Accidental World War



Bush, Xi, and McCain walk into an Auditorium

Bush, Xi, and McCain walk into an Auditorium

The face of conflict is changing.  While leaders like Kim Jong Un and Donald Trump still see conflict in the traditional light, many of their peers - and certainly the next generation - see conflict differently:  Cultural, Economical, and Ecological. The kinetic warfare of the 19th and 20th century is a relic of past generations, a fact never more poignant than after recent speeches by three prominent politicians across two countries.

On Classified E-mails

On Classified E-mails

With the election cycle nearing its conclusion, you have undoubtedly heard a lot about Hilary Clinton (henceforth referred to as her honorary "Secretary") and her damned e-mail scandal.  In fact, you have probably heard about it far more than you would have liked; because, to put it bluntly, if Republicans aren't talking about Benghazi, then they're probably rambling on about this damned scandal.

The problem is, not many people really understand what the scandal is about, or why it's important in the first place. So, I endeavored to read through a few articles on the Internet, and - more importantly - the FBI documents released on the investigation, in an effort to build a primer on the issue and its relevance to the American Citizen.

This is not a political post; it is a technical primer, and as a result, my conclusions at the end of the post will be focused primarily on the ways in which technicians and engineers, like many of the people who read this blog, can learn from this cluster fuck.

The Accidental World War

The Accidental World War

A recent report by the Washington Post claims that the IC is investigating the possibility of Russian influence in American politics through cyber attacks, propaganda, and disinformation.  While this makes for a fantastic headline, it doesn't really tell us anything.  

However, the existence of the investigation does give us an interesting thought experiment. US interests are routinely being barraged by cyber attacks, like the Sony hack by North Korea in 2014, that are nominally ignored by the US government apparatus and IC alike.  However, there are two key differences between an attack at the electoral system:  First, it is an attack that undermines our ability to practice democracy; and second, it undermines our ability to project military, political, and technological power throughout the rest of the world.

(Updated) Security Bulletin: The OPM Hack & You

By now you should have heard about the massive data breach at the Office of Personnel Management, the government agency responsible for managing the personal records of every federal employee and member of the intelligence community. The most damning record comes to us in the form of the SF-86, a record that contains enough personally identifiable information to steal the identity of not only the professional obtaining the security clearance, but literally everyone they love.

This revelation is particularly sobering when it comes on the wake of a similarly damning bit of data mining:  Looking Glass.  The unfortunate realization that our security managers were right - be careful what you put on the internet - comes a little too late.  And, unfortunately, as both the OPM hack and the web crawler Looking Glass prove, you can be victimized even if you do everything right.

So, if you're a first cousin, or a spouse of a veteran, then everything necessary to end up with your identity stolen (your last known address, or two, your employer, your birth day, SSN, maiden names) is probably included in this data.  However, the amount of data leaked here is so massive that, unless you're named by a filtering program (like Looking Glass - or you post photos of your Mercedes on Twitter), you're probably not going to show up on any criminal's (or foreign government) radar.

For your average American, you might be included in this breach by name (e.g. "Airmen Johnny has coffee with Dr. Snuffy regularly"), but beyond your name you're probably without worry.


update: 16 june, 2015


From the CSID website:  $1,000,000 in identity theft protection services to be offered to those affected; notifications will be sent by e-mail or postal service by 19 June, 2015. SF-86s probably not compromised: "Your [family member] was not affected by this breach. The only data potentially exposed as a result of this incident is your personal data."

Furthermore, this incident did not affect military records; no contractors were affected unless they previously held Federal civilian positions. The incident affected current and former Federal civilian personnel, including Department of Defense civilian employees.

Unfortunately, there is a spearfishing campaign going on sending fictitious e-mails to DOD personnel. US Army CID states a phishing email is being sent to DOD personnel asking them to click on hyperlinks and enter a personal PIN number to verify their personal Information.

The Office of Personnel Management has issued a warning to its users to avoid clicking on links in e-mails, giving out personal information over the internet, or communicating with individuals of an unverified nature.




Data Mining, The Internet, and Counter Intelligence

Data Mining, The Internet, and Counter Intelligence

We can, and do, talk about Data Privacy and Ownership until we're blue in the face; we also talk about how seriously screwed up some of the things the National Security Agency did were, but we never really harp on the obvious fact:  All the security in the world doesn't do a damn bit of good if you give your information away; one ambitious JSON project over on Github called Looking Glass is capitalizing on just that very fact.

In fact, as of this publication, they have data mined over 139,361 resumes belonging to military and civilian officials within our nation's Intelligence, Surveillance, and Reconnaissance (ISR) fields.  Those handy little endorsements have been used by job seekers to categorize them into fields (e.g. "Security Clearance" or "ISR") where data miners have been more than willing to scoop that  information up.

Three Common Problems With SSH-Keychains

Three Common Problems With SSH-Keychains

Part of keeping a secure network is periodically backing up data or system logs, but if you have more than a handful of computers then logging on to each individual workstation can be a hassle.  So what's a lazy (I prefer "efficient") Systems Administrator to do?

Why, automate it through scripts, of course.

Typically, in order to automate retrieving data from multiple workstations, you need to build a script that remotely logs on to each workstation using secure shell, or SSH. Unfortunately, the process of using SSH to access a workstation requires you to authenticate with each workstation, preventing you from automating it without either:

  • Embedding the username and password into your script
  • Disabling authentication completely
  • Manually typing in the username and password each time you run the script

Fortunately, there is an alternative:  SSH-Keychains.  SSH-Keychains utilize Public Key Infrastructure (PKI) to generate a public and private key to authenticate the server and account with each workstation without the use of a normal password.

Creating an SSH-Keychain should be a quick process using the ssh-keygen command and copying the public key (id_dsa.pub) to the ~/.ssh/authorized_keys file, but sometimes the process still hangs up.  So you'll need to troubleshoot the issue using ssh -v to determine why the SSH is failing.  It could fail because:  Destination is not found in the known_hosts, public key failed, or failed keyboard-interactive (configuration file settings).

Sony Pictures and Cyber Warfare

Sony Pictures and Cyber Warfare

On November 25th, Sony Picture Entertainment was hacked by a group calling itself the Guardians of Peace, where millions of records of passwords, social security numbers, e-mails, salaries, and other extremely sensitive information was released to the public.  The exact scope of the data extracted from Sony is hard to fully grasp but, so far, the following information has been released to the public:

  • 47,426 Social Security Numbers
  • 3,000 employee records with salaries, benefits, passports, and contact details
  • 600+ plain text passwords, IP addresses, root certificates and other IT data
  • Financial reports, acquisition strategies, and budgeting forecasts
  • 19,944 e-mails.
  • 4,013,780 anti-piracy take-down notices

And while this is a staggering amount of information to be lost, it's a relatively insignificant event for the vast majority of Americans; yet we find ourselves equating the event to 9/11 and promising swift and equitable retribution on some fairly shaky evidence.

The Onion Router, Router

The Onion Router, Router

There's been a lot of publicity about a new router, called the anonabox, that promises to make all of your anonymous browsing dreams come true through an open-source software known as TOR. Given that I'm a lover of Kickstarter and an outspoken critic of a lot of voyeurism on the Internet in the post-Snowden world, a lot of my colleagues have approached me on what the hell TOR is, and whether or not this router is worth the pledge.

TOR, stands for The Onion Router, an open source software that has been keeping clandestine journalism safe for years. TOR is a vital tool to ensure the security and integrity of The Open Internet, and it is something that helps ensure journalistic integrity and the freedom of protest and speech. This is absolutely a cause worth supporting, and the anonabox promises to be a way to exchange money ($48) for the convenience of not having to download and tweak the open source TOR software onto each of your computers. However, as backlash against the project has already proven, the largest enemy is going to be unmet expectations.