A New Side of Cyber Security

I have been in the cyber security space for 30 years. Most of that time has been focused on the detection of intrusions into computer systems (i.e., intrusion detection) using various data sources and types of analyses. Over these years I've seen various attack trends come (and go), including:

  • the lone hacker, perhaps best exemplified by Kevin Mitnick's activities in the 1990s (see "Ghost in the Wires")
  • automated attacks and worms, starting, more or less, with the ILOVEYOU worm in 2000; (the Morris Worm did not kick off a trend like ILOVEYOU did)
  • professional hacking, perhaps first hitting the public consciousness with the Aurora attack against Google around 2010.

Over time the cyber security market adjusted their techniques, products, and marketing accordingly.

A new attack trend

I believe we are now entering a new phase in attacks. These new attacks I call influence attacks (or sometimes manipulation attacks). The goal of these attacks is to manipulate people to believe a certain thing, increasingly identify with that belief, and ultimately to take actions based on that belief.

What makes these influence attacks different from traditional propaganda is that they leverage the technology of cyber space itself including social media, large-scale data collecting on individuals (see this 2017 blog post), data analytics, and voluminous amounts of fake sites, stories, groups, and individuals. They may include traditional cyber attacks to acquire compromising information (kompromat) or take control of legitimate users' accounts.

The first large-scale versions of influence attacks probably began with the 2016 United Kingdom Brexit vote and the United States Presidential election. However, it wasn't until 2017 that most people started to realize the existence of these attacks (see "Cyber Pearl Harbor: Did you miss it?"), and only now, more than half way through 2018 are we starting to see the companies actively respond.

Some of these recent responses include

  • July 31, 2018 Facebook announces they removed 32 pages and accounts they believe are associated with Russian influence attacks.
  • August 20, 2018 Microsoft announces they executed a court order allowing them to take control of 6 Internet domains associated with Russian influence attacks.
  • August 21, 2018 FireEye releases a report detailing a large-scale influence attack by Iran.
  • August 21, 2018 Facebook announces they took down 652 pages, groups, and accounts associated with the Iranian influence attacks.
  • August 21, 2018 Twitter announces (via a tweet) that they suspended 284 accounts associated with the Iranian influence attacks.
  • August 23 2018 Google announces they have taken down dozens of YouTube channels, blogs, and Google+ accounts associated with the the Iranian influence attacks.

The investigations by FireEye and Microsoft show that companies in the cyber security space are starting to see influence attacks over the Internet as being in their wheelhouse.

A different kind of cyber war

The early trends in cyber attacks (lone hackers, automated attacks, and professional attackers) were largely logical progressions. No one would be surprised that a company that built products to detect lone hackers would position themselves for automated attacks and then later professional attackers.

But this new attack is fundamentally different. It isn't so much about getting inside people's computers. It is about getting inside people's heads. It is about turning people against each other. It is about controlling other countries by manipulating their voters and finding leverages against their political leaders.

Carl von Clausewitz wrote in his highly influential book "On War":

We see, therefore, that war is not merely an act of policy but a true political instrument, a continuation of political intercourse, carried out by other means. ... The political object is the goal, war is the means of reaching it, and means can never be considered in isolation from their purpose.

Russia has shown that influence attacks over cyberspace can be very effective at achieving their political objectives.

This new kind of war will be a stretch for the traditional cyber security companies. New data sources, analysis techniques, and skill sets are needed. It is not clear whether this can be a viable commercial market. Who will pay to detect and defend against these influence attacks?

Perhaps most ominous, though, is the lack of support and sometimes hostile response of political leaders, the media, and even much of the public to organizations trying defend against these influence attacks. The well-respected cyber security expert Alex Stamos, who was on the front lines of large-scale attacks against Yahoo! and then the large-scale influence attacks carried out via Facebook, wrote in "How the U.S. Has Failed to Protect the 2018 Election--and Four Ways to Protect 2020":

the subsequent actions of House Republicans and President Trump have signaled that our adversaries can expect powerful elected officials to help a hostile foreign power cover up attacks against their domestic opposition. ... Although by now Americans are likely inured to chronic gridlock in Congress, they should be alarmed and unmoored that their elected representatives have passed no legislation to address the fundamental issues exposed in 2016.

Final thoughts

As I wrote in my 2017 blog post "Cyber Pearl Harbor: Did you miss it?"

Democracies are very vulnerable to information operations, and Putin has figured this out. Why should an enemy drop bombs like the Japanese did in Pearl Harbor when they can achieve their political goals through information operations?

I confess that I am not optimistic. Russia succeeded in getting their man elected President, and this President continuously attacks the legitimacy of the investigation into the Russian attacks. For months the largest social media companies denied their roles or responsibilities in these attacks. Russia continues their influence attacks to sow discord across democracies and turn us against one another. Other countries are launching their own influence attacks. Senate Republicans voted to block a $250 Million Election Security Measure. The biggest stars of Fox News, the most popular cable news network in the United States, continually attack the investigation into the Russian influence attacks.

We are in uncharted waters.