Page 104 - Cyber Defense eMagazine September 2023
P. 104
In the defense sector, a civilian or military network/system administrator working from home could
become a target of interest for the adversary's intelligence services. With creative social engineering, and
the use of a password-cracking tool, for instance, BackTrack 5, any individual working for ill-intended
actors may be able to pick up the administrator's credentials and obtain access to sensitive information
residing on the government computers. This scenario constitutes a confidentiality breach and will
compromise sensitive information – national and NATO/EU and will harm the national interest, the
interest of our allies, and the collective defense.
By hacking into the Ministry of Foreign Affairs network, the adversary could compromise the data integrity
by deploying fake news, videos, and false statements on the MFA website instead of the real news and
sabotage our foreign policy posture. Even worse would be a scenario where the foreign state actor seeks
to embroil one ally into a dispute or conflict with its neighbors, partners, and allies in the EU and NATO.
They may take advantage of foundational narratives. By manipulating a foreign minister's statement
published on the MFA website, and making unfavorable remarks about a neighbor or any other ally in
NATO, an attacker could trigger a crisis and significantly harm our bilateral, regional, and even
transatlantic relations.
The source of information is of utmost importance to appeal to a larger target audience. In this case, if
the source is the Ministry of Defense (MoD) or Ministry of Foreign Affairs (MFA), the false information will
be taken at face value. It will then be hard to explain to our citizens that what the institutions announced
on their websites has been manipulated. In terms of data availability, the attacker could block any access
to the MFA's website by launching a so-called Denial of Service (DoS) attack against the MFA webserver.
This attack could use free software known as Low Orbit Ion Cannon (LOIC), which sends millions of
requests to the server and renders the server overflown and inaccessible to other users. As the attacker
had obtained all the network and system administration privileges, he could also access the server and
delete the entire website.
Another even more dangerous scenario would be an attack on a nuclear power plant. The cyber-attack
on Iranian nuclear facilities in 2010 was based on malware known as Stuxnet. This malware was so
sophisticated that it was called by some authors a "digital ghost." It was reportedly delivered to Iran's
nuclear facility via a thumb drive. The malware hijacks the information on the screen and displays that all
parameters of the systems are within accepted normal parameters while unbeknown to the operators, it
sends random commands to processes. This example demonstrates manipulation and misrepresentation
of data which in terms of the CIA (Confidentiality, Integrity, and Availability) triad, constitutes a breach of
data integrity. The attack demonstrated that even the most heavily protected, air-gapped Supervisory
Control and Data Acquisition (SCADA) systems are vulnerable from the inside. An air gap is a security
measure that isolates a digital device component or private local area network (LAN) from other devices
and networks, including the public internet. An air gap is also known as an air wall and the strategy of
using air gaps to protect critical data is also known as security by isolation.
Similarly, nowadays, more than a decade later, if an infected USB flash drive is plugged into a computer
belonging to an ally’s nuclear power plant SCADA system, the Stuxnet scenario can happen with its
nuclear power plant with a likely more advanced worm. It will jeopardize not only its national security but
also the security of its neighbors. It also has the potential to undermine the thrust in nuclear energy in
Europe and hurt the European economy. Similar intrusions are also likely to occur in other critical
Cyber Defense eMagazine – September 2023 Edition 104
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.