User:LegendXXX/sandbox

Hacking and Cyber Response
Hacking and malware introduction has been, currently is, and will probably always be the preeminent problem for home PC users and government and corporate entities alike. For the user, malware on one’s PC can turn it into a member of a botnet or deny the use of the computer to its owner. Hacking is a main cause of identity theft and can cause financial catastrophe to the victim. The cost of personal attacks pales, however, in comparison to the damage which can be inflicted on corporations or government networks by data thieves or state-sponsored bad actors. The threat of mass identity theft, theft of intellectual property to include civilian and military applications, the misappropriation of sensitive or classified data, and the possibility of catastrophic damage by the disruption of the US power grid, for example, or the illicit transfer of the specifications of some new piece of classified military hardware to terrorists or non-allied states.

The Individual Hackers
My SPAM folder is constantly full of mail purportedly from Citibank, Chase, Wells Fargo, and other financial institutions insisting that my account has been compromised and if I would only click this link and log in with my credentials, all would be cleared up post-haste. Of course these are phishing attacks, trying to gain my login credentials for nefarious purposes. When specific persons (usually those with high-level clearance or power) are targeted, this is known as spear-phishing. This is becoming the preferred method of initiating an attack, says Help Net Security’s Zeljka Zorz, as it “targets the weakest link in most security chains: the human.” For us less well-heeled users, a common method of introducing evil onto a computer system is to turn someone’s greed against them. We have all read about the lawsuits over illegal downloads of music, movies, and TV shows, where unscrupulous consumers download “free” media via peer-to-peer networks often run through a hub in a country where copyright laws are more honored in the breach than in the observance. A common method of delivery is in a bit-torrent which is downloaded in pieces, then reassembled into a .mpeg, .mov, or .avi file for viewing by Windows Media Player or other player. Hidden in these torrents can often be found viruses, spyware, and other malware just aching to be installed on the host computer, logging keystrokes, turning the PC into a bot, or worse. It’s bad enough when the hacker is some creep in his parents’ basement trying to be a 1337 d00d (elite dude,) what about when the perpetrator is a government or government sponsored entity?

Governments and GSEs
For as long as there have been governments, there have been spies both official and unofficial ferreting out enemy (and allied) governments’ secrets, economic data, and capabilities. Our enemies will always try and get information surreptitiously or do us damage by denial of service or other methods. You may ask why the US government does not attack these bad actors either in retaliation or preemptively to keep them from attacking us or making the cost of such attacks prohibitive. The answer (as always) is much more complicated than it would seem. International law on cyber-espionage and cyber-warfare is still in development and there is no consensus as to what constitutes what and what a proper response might be. The same issue arose at the beginning of the space era. When the USSR first launched Sputnik, it technically violated US airspace but at an altitude which had never been possible and therefore never considered in existing treaty and law. When the US did nothing, this lack of response set a precedent which is still in effect. It is de facto legal to violate another nation’s airspace with satellites and vehicles beyond the atmosphere and subsequent law and treaties tacitly acknowledged this fact. When the US was first attacked in cyberspace, no international law or agreement covered the action so it was up to us to set precedent again. By taking no action, the US tacitly acknowledged that this activity would be tolerated and that there would be no consequences. The end result has been the plethora of cyber-attacks against both the US Government and private institutions such as the New York Times and major banks. The main perpetrator in these incidents appears to be China, specifically, the People’s Republic Army (PRC). The total lack of official response has emboldened certain bad actors (China, North Korea, Russia, Iran) to the point where, in order to defend our assets both physical and virtual, the US Military is in the process of establishing US Cyber Command as a separate Combatant Command on the same level as US Strategic Command, US Central Command, and US Transportation Command (Miles, 2011). Founded on the basis that “Cyber-security threats represent one of the most serious national security, public safety, and economic challenges we face as a nation”, this Command, if allowed to prosecute the cyber war (see Vietnam) will be the first line of defense on a new battlefield with as yet unimagined weapons.

Conclusion
Cyber-crime, cyber-terrorism, and cyber-war are new concepts with old tactics and predictable strategies. As is the case in any conflict, the side which is most prepared for all eventualities will be the victor. Hopefully US Cyber Command will provide a platform from which the US military can become prepared ad stay ahead (or at least not too far behind) its adversaries be they individuals like Anonymous and WikiLeaks or State sponsors like China, The People’s Republic of Korea, or The Russian Federation.