Page 51 - Cyber Warnings
P. 51
Such an operation would be classified. Perhaps the NSA doesn’t do this because of legal
matters. Either way, through citizens or the NSA, the Tao Group would not want to expose its
best tools for cyber war, tactics, etc.
On the other hand…Russia wants to project her power and works through “Fancy Bear.” This is
just one of the names given to a Russian hacking group (this one by Dmitri Alperovitch of
Crowdstrike) has a record of so many attacks, it does not appear that anyone is slowing them
down or ending their threat. Microsoft, calling them STRONTIUM instead, has seen successful
attacks (October 2016) against Adobe Flash and the Windows kernel---reports Wikipedia.
And Fancy Bear (in the same article) reports that FireEye watched “zero day exploits” from the
same group---calling them APT 28---two years before the Windows kernel attack. A list from the
above two sources on Fancy Bear weapons: Xagent, Sofacy, Chopstick, Coreshell, Foozer and
Downrange to name a few.
Fancy Bear has shown it can erase firmware inside switches and routers, fake email servers,
conduct spear phishing and infect military operations.
One of the targets in cyber war is the firmware of the BIOS. I received responses out on the HP
WEB site dealing with the manipulation of firmware inside the BIOS. Usually, the bottom line to
removing a digital infection is to re-install the operating system; desperate folks might even
replace the hard disk drive.
Neither act, however, is a solution here. Tools are available to modify the UEFI (Unified
Extensible Firmware Interface to reinstall this surveillance.) According to WIRED (March of
2015) Kovah and Kallenberg, when with Mitre, revealed it doesn’t take an NSA to initiate such
an attack---shown at the CanSecWest conference.
It is an extraordinary tool to prevent a counter-strike by a nation-state to flash that adversary’s
BIOS---the methods are too slow for the first-strike attack, but the vulnerabilities are so many
and so universal inside a BIOS that non-military systems can be compromised in preparation for
war.
According to the WIRED article, “LightEater” can go deeper than root-level privileges by
infecting the BIOS. But my point is that this is a weapon a citizen cyber group can initiate. Thus,
besides the attribution problem, you have the problem that your anti-malware application won’t
even spot this BIOS attack.
In my March 11, 2013 report to Booz Allen Hamilton (“Containment of Digital/Physical Attacks”) I
referenced Jonathon Littman’s book “The Fugitive Game” where he quotes physicist Brosl
Hasslacher, “Tsutomu (Shimomura) has built software that can literally destroy an alien
computer.
They are essentially viruses that can, for example, tell the computer to sit on one register until it
literally melts the circuitry in the chip or command the hard drive to hit the same track 33,000
times---until it destroys the drive.” Good God! Hardware hacking not requiring the presence of
machine and technician being together! Take out an adversary that is 6,000 miles away!
51 Cyber Warnings E-Magazine – July 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
