Top

Published in:

2018 | OriginalPaper | Chapter

10. Development and Proliferation of Offensive Weapons in Cyber-Security

Author : Trey Herr

Published in: Cyber Weaponry

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

The proliferation of cyber weapons can put powerful offensive capabilities into the hands of states. This chapter explores just what a cyber weapon is and how the process of proliferation works. Highlighting the importance of information in building these offensive capabilities, the chapter argues that what should be considered a weapon is just a small part of what is proliferated in cybersecurity. While states have dominated the debate regarding cybersecurity threats, non-state and criminal actors play key roles in facilitating proliferation through the malware markets. When states and policymakers begin to examine how to disrupt the proliferation of new offensive techniques and methods, they should start with improving software security and resilience.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter “Who Was That Masked Man?”: System Penetrations—Friend or Foe?

next chapter No Smoking Gun: Cyber Weapons and Drug Traffickers

Basic Input/Output System or Unified Extensible Firmware Interface—both of which serve a similar purpose.

This in conjunction with the need for material resources to build test environments for this malware and the precision required of intelligence collected on potential targets are part of the explanation behind why there have been so few destructive attacks.

The information security community is an interconnected web of researchers, organizations, and for-profit companies. There exists an as-yet not well studied pattern of information sharing, both intentional and not, within this web which makes it difficult to contain knowledge of an offensive security innovation (outside of government) for very long. Some of this is because of the ethos of sharing novel finds and insights between researchers to help others get ahead of the curve while some is also likely due to some espionage by states and more sophisticated criminal groups on the same firms watching them.

There are instances where groups have stolen or recovered spent or improperly disposed of weapons of mass destruction materials. These cases would constitute unintentional proliferation, but are extremely rare.

Note—the last two paragraphs are excerpted from Trey Herr, “Governing Proliferation in Cybersecurity,” Global Summitry, 2, no. 1 (July 2017).

Ablon L, Libicki MC, Golay AA (2014) Markets for cybercrime tools and stolen data: Hackers’ bazaar, Rand Corporation. Available at: http://www.rand.org/content/dam/rand/pubs/research_reports/RR600/RR610/RAND_RR610.pdf. Accessed 29 November 2015

Allen Bradley (2016) Logix5000 controllers generals instructions reference manual. Available at: http://literature.rockwellautomation.com/idc/groups/literature/documents/rm/1756-rm003_-en-p.pdf

Anderson C (2015) Considerations on Wassenaar arrangement control list additions for surveillance technologies, Access. Available at: https://cda.io/r/ConsiderationsonWassenaarArrangementProposalsforSurveillanceTechnologies.pdf. Accessed 7 July 2015

Bacchus M, Coronado A, Gutierrez MA (2014) The insights into car hacking. Available at: http://web.eng.fiu.edu/~aperezpo/DHS/Std_Research/Car%20Hacking%20-%20eel%206931%20final.pdf. Accessed 20 Feb 2017

Böhme R (2005) Vulnerability markets. In: Proceedings of 22C3, vol 27, p 30

Bonfante G, Marion J-Y, Sabatier F, Thierry A (2013) Analysis and diversion of Duqu’s driver. In: Colon Osorio FC (ed) Proceedings of the 2013 8th international conference on malicious and unwanted software, presented at the international conference on malicious and unwanted software, IEEE, Fajardo, Puerto RIco, USA, pp 109–115

Currier C, Marquis-Boire M (2015) A detailed look at hacking team’s emails about its repressive clients. The Intercept, 7 July. Available at: https://theintercept.com/2015/07/07/leaked-documents-confirm-hacking-team-sells-spyware-repressive-countries/. Accessed 5 Jan 2016

Ellsmore N (2013) Penetration testing market analysis: where is all the revenue? Delling Advisory, 5 April. Available at: http://www.dellingadvisory.com/blog/2013/4/5/penetration-testing-market-analysis-where-is-all-the-revenue. Accessed 9 Jan 2016

“Exploit – Stack Overflows – Defeating Canaries, ASLR, DEP, NX” (2013) Security stack exchange. Available at: http://security.stackexchange.com/questions/20497/stack-overflows-defeating-canaries-aslr-dep-nx. Accessed 20 Feb 2017

Falliere N, Murchu LO, Chien E (2011) W32. Stuxnet Dossier, Symantec. Available at: http://www.h4ckr.us/library/Documents/ICS_Events/Stuxnet%20Dossier%20(Symantec)%20v1.4.pdf. Accessed 21 Oct 2013

Frei S (2013) The known unknowns, NSS Labs. Available at: https://library.nsslabs.com/reports/known-unknowns-0

Glisson WB, Andel T, McDonald T, Jacobs M, Campbell M, Mayr J (2015) Compromising a medical mannequin, arXiv Preprint arXiv:1509.00065. Available at: https://arxiv.org/abs/1509.00065. Accessed 20 Feb 2017

Harrison R, Herr T (eds) (2016) Cyber insecurity: navigating the perils of the next information age. Rowman & Littlefield, Lanham. Available at: https://books.google.com/books?id=NAp7DQAAQBAJ&source. Accessed 6 Jan 2017

Herley C, Florêncio D (2010) Nobody sells gold for the price of silver: dishonesty, uncertainty and the underground economy. In: Moore T, Pym D, Ioannidis C (eds) Economics of information security and privacy. Springer, Boston, pp 33–53CrossRef

Herr T (2014) PrEP: a framework for malware & cyber weapons. J Inf Warf 13(1):87–106

Herr T (2016) Malware counter-proliferation and the Wassenaar arrangement. In: 2016 8th international conference on cyber conflict: cyber power. Presented at the CyCon, IEEE, Tallinn, Estonia. pp 175–190

Herr T (2017a) Countering the proliferation of malware – targeting the vulnerability lifecycle. Belfer Center, Harvard Kennedy School, Cambridge, MA

Herr T (2017b) Governing proliferation in cybersecurity. Global Summitry, vol 2, no 1. Available at: https://academic.oup.com/globalsummitry/article/doi/10.1093/global/gux006/3920644/Governing-Proliferation-in-Cybersecurity?guestAccessKey=f88e2727-737a-4be2-991e-a3696624b420

Herr T, Armbrust E (2015) Milware: identification and implications of state authored malicious software. NSPW ’15 proceedings of the 2015 new security paradigms workshop, ACM, Twente, Netherlands, pp 29–43

InfoSec Institute (2017) Best DOS attacks and free DOS attacking tools, InfoSec Institute

Krebs B (2015) The Darkode cybercrime forum, up close. Krebs on Security, 15 July. Available at: http://krebsonsecurity.com/2015/07/the-darkode-cybercrime-forum-up-close/. Accessed 9 Jan 2016

Langner R (2011) Stuxnet: dissecting a cyberwarfare weapon. Secur Priv IEEE 9(3):49–51CrossRef

Langner R (2013) Langner – to kill a Centrifuge.pdf, The Langner Group, p 36

Levchenko K, Pitsillidis A, Chachra N, Enright B, Félegyházi M, Grier C, Halvorson T et al (2011) Click trajectories: end-to-end analysis of the spam value chain. Security and Privacy (SP), 2011 I.E. symposium on, IEEE, pp 431–446

Mackenzie H (2012) Shamoon malware and SCADA security – what are the impacts? | Tofino industrial security solution. Tofino Security, 25 October. Available at: https://www.tofinosecurity.com/blog/shamoon-malware-and-scada-security-%E2%80%93-what-are-impacts. Accessed 20 Feb 2017

Miller C (2007) The legitimate vulnerability market: inside the secretive world of 0-day exploit sales. In sixth workshop on the economics of information security, Citeseer. Available at: http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.139.5718. Accessed 5 Jan 2016

Mimoso M (2015) Evasion techniques keep angler EK’s cryptowall business thriving. Threatpost, 2 July. Available at: https://threatpost.com/evasion-techniques-keep-angler-eks-cryptowall-business-thriving/113596/. Accessed 5 Jan 2016

One A (1996) Smashing the stack for fun and profit. Phrack Magazine, November, vol 49, no 14. Available at: http://phrack.org/issues/49/14.html

Ozment A (2004) Bug auctions: vulnerability markets reconsidered. Third workshop on the economics of information security, pp 19–26

Prunckun H (2012) Counterintelligence theory and practice. Rowman & Littlefield Publishers, Lanham

Radcliffe J (2011) Hacking medical devices for fun and insulin: breaking the human SCADA system. Black Hat conference presentation slides, vol 2011. Available at: http://www.aicas.com/cms/sites/default/files/BH_US_11_Radcliffe_Hacking_Medical_Devices_WP.pdf. Accessed 20 Feb 2017

Radianti J (2010) Eliciting information on the vulnerability black market from interviews. Presented at the fourth international conference on emerging security information, systems and technologies, IEEE, pp 93–96

Radianti J, Gonzalez JJ (2007) A preliminary model of the vulnerability black market. The 25th international system dynamics conference, Boston, USA. Available at: http://www.systemdynamics.org/conferences/2007/proceed/papers/RADIA352.pdf. Accessed 30 Nov 2015

Radianti J, Rich E, Gonzalez J (2007) Using a mixed data collection strategy to uncover vulnerability black markets. Second pre-ICIS workshop on information security and privacy, vol 42, Citeseer. Available at: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.94.2652&rep=rep1&type=pdf. Accessed 30 Nov 2015

Ragan S (2015) Hacking team vendor calls breach a ‘blessing in disguise’. CSO Online, 9 July. Available at: http://www.csoonline.com/article/2946193/data-protection/hacking-team-vendor-calls-breach-a-blessing-in-disguise.html. Accessed 9 Jan 2016

Raiu C (2013) Destructive malware – five wipers in the spotlight. SecureList, 18 December. Available at: https://securelist.com/blog/incidents/58194/destructive-malware-five-wipers-in-the-spotlight/. Accessed 20 Feb 2017

Rashid F (2015) Inside the aftermath of the Saudi Aramco Breach. Dark Reading, 8 August. Available at: http://www.darkreading.com/attacks-breaches/inside-the-aftermath-of-the-saudi-aramco-breach/d/d-id/1321676. Accessed 20 Feb 2017

Schneier B (2017a) Who are the shadow brokers? The Atlantic, 23 May. Available at: https://www.theatlantic.com/technology/archive/2017/05/shadow-brokers/527778/

Schneier B (2017b) Why the NSA makes us more vulnerable to cyberattacks. Foreign Affairs, 20 May. Available at: https://www.foreignaffairs.com/articles/2017-05-30/why-nsa-makes-us-more-vulnerable-cyberattacks. Accessed 29 June 2017

Shamir U (2014) The case of Gyges, the invisible malware government-grade now in the hands of cybercriminals, Sentinel Labs. Available at: http://graphics8.nytimes.com/packages/pdf/technology/sentinel-labs-intelligence-report-04.pdf

Siemens (2005) GRAPH 5 – graphically programming sequence controllers under SS-DOS operating system. Available at: https://cache.industry.siemens.com/dl/files/689/19374689/att_81661/v1/Graph5_v30_e_OCR.pdf

Siemens. Introduction to control programming – building technologies. Siemens US. Available at: http://w3.usa.siemens.com/buildingtechnologies/us/en/education-services/building-automation/building-automation-self-study/pages/introduction-to-control-programming.aspx. Accessed 20 Feb 2017

Team Cymru (2011) A criminal perspective on exploit packs. Available at: https://blog.qualys.com/wp-content/uploads/2011/05/team_cymru_exploitkits.pdf

Thomas K, Huang D, Wang D, Bursztein E, Grier C, Holt TJ, Kruegel C et al (2015) Framing dependencies introduced by underground commoditization. Presented at the workshop on the economics of information security. Available at: http://damonmccoy.com/papers/WEIS15.pdf. Accessed 29 Nov 2015

Tsyrklevich V (2015) Hacking team: a zero-day market case study, 22 July. Available at: https://tsyrklevich.net/2015/07/22/hacking-team-0day-market/

Varner R, Collier W (1978) A matter of risk. Random House, New York

Wassenaar Arrangement (2015) The Wassenaar arrangement on export controls for conventional arms and dual-use goods and technologies, 12 March. Available at: http://www.wassenaar.org/wp-content/uploads/2015/08/WA-LIST-15-1-2015-List-of-DU-Goods-and-Technologies-and-Munitions-List.pdf. Accessed 19 Sept 2015

Wolf J (2013) CVE-2011-3402 – Windows Kernel TrueType Font Engine Vulnerability (MS11–087). Presented at the CanSecWest, 8 March. Available at: https://cansecwest.com/slides/2013/Analysis%20of%20a%20Windows%20Kernel%20Vuln.pdf

Title: Development and Proliferation of Offensive Weapons in Cyber-Security
Author: Trey Herr
Publisher: Springer International Publishing
Book: Cyber Weaponry
Print ISBN: 978-3-319-74106-2

Electronic ISBN: 978-3-319-74107-9

Copyright Year: 2018
DOI: https://doi.org/10.1007/978-3-319-74107-9_10

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"