6/7/15 "First Strike: US Cyber Warriors Seize Offensive"

Cyberwar Plan New Focus on Deterrence
2011 7/15/2011 http://www.wsj.com/articles/SB10001424052702304521304576446191468181966
The military must move from defending against major cyberattacks to deterring assaults by letting enemies know the U.S. is willing to retaliate with its own virtual weapons or real military force, a top general said Thursday. The Pentagon's new strategy for threats from computer hackers primarily deals with enhancing defense of its computer systems and those of its military contractors. But Marine Gen. James Cartwright, vice chairman of the Joint Chiefs of Staff, said that policy is just a start....
If the U.S. were attacked in a way that justified a response under the laws of armed conflict... responses could begin with diplomatic efforts, then escalate to "kinetic" attack, with real-world weapons, Gen. Cartwright said...Deputy Secretary of Defense William Lynn said the laws of armed conflict apply in cyberspace, implying that the U.S., in some cases, reserves the right to use real bullets and real bombs to retaliate for virtual attacks. The Wall Street Journal reported the military's conclusion in May.

“world’s largest national research hub”
NSA targeted China's Tsinghua University in extensive hacking attacks
2013 22 June, 2013 UPDATED 13 August, 2013, http://www.scmp.com/news/china/article/1266892/exclusive-nsa-targeted-ch...
The university is home to one of the mainland’s six major backbone networks, the China Education and Research Network (CERNET) from where internet data from millions of Chinese citizens could be mined. The network was the country’s first internet backbone network and has evolved into the world’s largest national research hub.
It is one of the mainland’s non-commercial networks, owned by the Ministry of Education, but operated and maintained by the university and other colleges. In the wake of Snowden’s claims, the Ministry of Foreign Affairs set up an office to deal with diplomatic activities involving cyber security the first of its kind on the mainland, said a Foreign Ministry spokeswoman... saying Beijing, long accused of cyberhacking by the United States, has been a “a major victim” of cyberattacks and it opposed “cyberattacks in all forms”... the central government would discuss cybersecurity issues with the United States at next month’s Sino-US strategic and security dialogue.
Professor Xu Ke, deputy director of the Institute of Computer Networks at Tsinghua University...said only governments or large organisations would have the resources and manpower to “find the needle in a haystack”....individual hackers “could gain little”, as the amount of information they faced would be “colossal”.
This article appeared in the South China Morning Post print edition as Tsinghua's hub role made it target for NSA

complete must-read document below:

“Strategy for Operating in Cyberspace” July 2011
First Strike: US Cyber Warriors Seize the Offensive
2013 January-February 2013 http://www.worldaffairsjournal.org/article/first-strike-us-cyber-warrior...

China, US Have Weapons for Cyberassault
5/11/15 http://www.voanews.com/content/china-us-have-weapons-for-cyberattack/276...
As the World Wide Web has evolved and grown more complicated, so have the tools and techniques of cyber-espionage and military action.Perhaps nowhere is this evolution more clearly seen than in China’s recently disclosed “Great Cannon” and its similarities to “QUANTUM.” reportedly possessed by the U.S.
...But cyber-researcher and report co-author Nicholas Weaver says censorship is the least of the threats posed by the Chinese Great Cannon device. “It was basically big and showy, but not very effective, I could modify it, for example, to intercept all emails coming from China directed to a target,” he said. “If there happens to be an email to my target with a Word document, I could modify that Word document to contain an exploit, which would be effectively unnoticeable to everybody.”... And it has the Obama administration wary.
US closely watching
Jeff Rathke, acting deputy spokesperson for the State Department, said any effort to censor the Web or use it in an offensive fashion is troubling....The Great Cannon uses China’s existing great firewall infrastructure but weaponizes global Web traffic into a focused, offensive system....
US fights back
China isn’t alone in possessing such advanced cybertools.
Citizen Lab researchers noted similarities between the Great Cannon and QUANTUM in their report on the Great Cannon,“While employed for a highly visible attack in this case, the Great Cannon clearly has the capability for use in a manner similar to the NSA’s QUANTUM system, affording China the opportunity to deliver exploits targeting any foreign computer that communicates with any China-based website not fully utilizing HTTPS,” researchers wrote...

The powerful Web tools go to the heart of an emerging debate of whether they are espionage tools or offensive weapons. “Neither,” said Bruce Schneier, longtime crypto-analyst and chief technology officer at Resilient Systems cybersecurity firm. “There’s no difference anymore.”... In “Data and Goliath,” Schneier writes “The cyberweapons manufacturer Hacking Team sells packet injection technology to any government willing to pay for it... All of these existed before I wrote about QUANTUM. By using its knowledge to attack others rather than to build up the Internet's defenses, the NSA has worked to ensure that anyone can use packet injection to hack into computers.”Schneier says the boundary between cyber-espionage and cyberattacks is gone, and “as long as cyber-espionage equals cyberattack, we would be much safer if we focused the NSA's efforts on securing the Internet from these attacks.”

US officials report massive data breach at federal human resources agency
6/4/15 http://www.theguardian.com/technology/2015/jun/04/us-government-massive-...
A US law enforcement source told Reuters Thursday night a “foreign entity or government” was believed to be behind the attack. Authorities were looking into a possible Chinese connection, the news agency said, quoting a source close to the matter. Chinese officials issued swift denials...

Hunting for Hackers, N.S.A. Secretly Expands U.S. Internet Spying Borders
6/4/15 http://www.nytimes.com/2015/06/05/us/hunting-for-hackers-nsa-secretly-ex...
http://itsecuritynews.info/2015/06/05/hunting-for-hackers-n-s-a-secretly...
6/4/15 http://news.yahoo.com/nsa-expands-online-spying-search-hackers-report-21...
...the Obama administration expanded the National Security Agency‘s warrantless surveillance of Americans’ international Internet traffic to search for evidence of malicious computer hacking, according to classified N.S.A. documents.

White House Cannot Conclude China-Based Hackers Carried Out Cyber Attack
6/5/15 VOA News updated http://www.voanews.com/content/suspected-chinese-hackers-stole-data-on-m...
The White House said Friday it cannot conclude at this time that China-based hackers carried out the massive cyber attack on the federal agency responsible for collecting background information on and issuing security clearances for millions of government employees. Spokesman Josh Earnest said the FBI continues to investigate the security breach, that a lot of work must still be done to determine who was responsible. Earlier, U.S. law enforcement officials said China-based hackers, possibly with links to China's government, were behind the attack, though they have not provided details of how they came to this conclusion....
FILE - Foreign Ministry spokesman Hong Lei speaks during a press briefing in Beijing, China.
China Foreign Ministry spokesman Hong Lei Friday slammed accusations against China as "irresponsible," saying such attacks are "generally anonymous and conducted across borders, and their origins hard to trace. Not to carry out a deep investigation and keep using words such as 'possible' is irresponsible and unscientific," Hong told reporters Friday Zhu Haiquan, Chinese Embassy spokesman in Washington, emphasized China outlawed hacking. "Jumping to conclusions and making hypothetical accusations is not responsible and counterproductive," He also repeated that China is also a victim of cyber attacks.....

.
Hacking Linked to China Exposes U.S. Personnel Data
6/5/15 http://www.nytimes.com/2015/06/05/us/breach-in-a-federal-computer-system...
... if the attribution to China holds... For three years Mr. Obama has been trying to move the subject of cyberattacks to the center of the American-Chinese relationship...A year ago, the Justice Department indicted five members of Unit 61398 hacking unit of the Chinese People’s Liberation Army, accusing them of stealing data from U.S. firms to benefit state-owned Chinese companies. But rather than change Chinese behavior, the indictments shut down many formal and informal discussions between the United States and China. Chinese officials have said they are victims of hackers too...“Strategic and Economic Dialogue” with Chinese officials is scheduled this month, cyber issues will again be in the forefront.
Correction: June 4, 2015 Because of an editing error, an earlier version of a summary with this article said incorrectly that the federal employees affected by the data breach worked for the Office of Personnel Management. The breach affected workers whose information was held by the Office of Personnel Management.

Obama: US Needs More Aggressive Cybersecurity
6/5/15 Voice of America http://www.voanews.com/content/us-lawmaker-china-responsible-for-hacking...
RFER http://rferl.c.goolara.net/Click.aspx?id=022538924191521911
Chairman of the House of Representatives Homeland Security Committee, Congressman Michael McCaul, appearing on U.S. TV Sunday said
"We look at the threat indicators. Who has the motive and intent to steal this data? This is a huge data-mining project and it targets political appointees in the federal government and federal employees, four million of them. In my judgment, this was an attack by China against the United States government. It quantifies to espionage," McCaul added that the source of the attack, discovered in April and made public last Thursday, has not yet been confirmed, but the way it was carried out suggests to him the Chinese government was involved....
Appearing on a separate TV program Sunday, Congressman Adam Schiff, ranking member of the House Intelligence Committee, said there are only two possibilities regarding such a sophisticated attack. "Either a state actor or a group of very sophisticated private hackers who often work in concert with the state ...in this age of asymmetric cyber-warfare those on the offense have all the advantage... I think one of the big things we have to do, in addition to our defense, is figure out when we’re going to go on offense...
The United States and China are scheduled to hold their next round of strategic and economic dialogue in two weeks in Washington.
h

Concern Mounts Over Russian Crackdown on Internet Search Engines
June 03, 2015 http://www.voanews.com/media/video/concern-mounts-over-russian-crackdown...
Russian media activists warn of crackdown on Internet freedom as lawmakers consider greater control over search engines. The Kremlin media watchdog contacted Internet giants Facebook, Twitter and Google last month to remind them they to comply with existing Russian laws... critics say laws are being used to clamp down on political opposition.

Meet the cyberwar experts & strategic communicators experts below:

Why U.S. got hacked: ‘The mystery is what took the Chinese so long’
The New York Times By DAVID E. SANGER, JULIE HIRSCHFELD DAVIS NICOLE PERLROTH
Updated June 5, 2015 at 10:21 pm http://www.seattletimes.com/nation-world/why-us-got-hacked-the-mystery-i...
....Federal officials said Friday the cyberattack appeared to have originated in China, but they didn’t point fingers directly at the Chinese government. White House spokesman Josh Earnest said he couldn’t divulge much while the case was under investigation. Still, he noted investigators “are aware of the threat that is emanating from China.”....Obama administration officials painted a picture of a government office struggling to catch up, with the Chinese ahead at every step. OPM did not have an inventory of all the computer servers and devices with access to its networks. It did not require anyone accessing information from outside to use the basic authentication techniques most Americans use for online banking. It did not regularly scan for vulnerabilities in the system and found 11 of the 47 computer systems that were supposed to be certified as safe for use last year were not “operating with a valid authorization.” The problems were so severe for two systems that hosted the databases used by the Federal Investigative Service — which does background investigations for officials and contractors who are issued security clearances — that the inspector general argued for temporarily shutting them down because the security flaws “could potentially have national security implications.”...In the most egregious case cited by the inspector general, outsiders entering the system were not subjected to “multifactor authentication” — systems that, for example, require a code that is sent to a cellphone to be entered before giving access to a user....
But hackers in China apparently figured that out months before the report was published....As one senior former government official who once handled cyberissues for the administration, who would not speak on the record because it could endanger the person’s role on key advisory committees, said Friday: “The mystery here is not how they got cleaned out by the Chinese. The mystery is what took the Chinese so long.”
“This is one of those classic good-news, bad-news stories,” said one White House official who declined to speak on the record. “It was as a result of additional scanning and monitoring tools on the network they found some of these indicators” of the intrusion “and surged some capability to find out what was happening.”
White House officials weren’t saying much publicly about how the breach could have happened after warnings from the inspector general and others. Michael Daniel, the White House’s top cyber official, declined to speak on the record and Lisa Monaco, who has been handling cyber issues as one of Obama’s top national-security officials, declined to be interviewed.
What’s China up to?
A number of administration officials in interviews Friday painted a picture of Chinese adversaries who appear to be building huge databases of information on U.S. citizens, useful for intelligence gathering and other purposes....Researchers and government officials have determined the Chinese group that attacked the office was likely the same one that seized millions of records held by the health-care firms Anthem and Premera....experts believe the group is privately contracted, though the exact affiliation with the Chinese government is not known.

U.S. officials and analysts say groups of hackers working for the Chinese government with a series of major hacks...China builds a database of fAmericans personal info by hacking government agencies and health-care companies, using a high-tech tactic to achieve age-old goal of espionage: recruiting spies or gaining more information on an adversary...
“the announcement came as the NSA had expanded warrantless surveillance of foreign hackers that could sweep up data on innocent Americans”
6/5/15
News of the breach followed revelations the Obama administration secretly allowed the National Security Agency to expand warrantless monitoring of Internet data in an effort to hunt for cybersecurity intrusions originating from foreign countries. Those searches could also gather information on innocent Americans, The New York Times reports... the Obama administration is trying to attract more programmers to join the Pentagon to help bolster cybersecurity defenses.
http://www.usnews.com/news/articles/2015/06/05/china-suspected-in-theft-...
“They’re definitely going after quite a bit of personnel information,” said Rich Barger, chief intelligence officer of * ThreatConnect cybersecurity firm. “We suspect they’re using it to understand more about who to target [for espionage], whether electronically or via human ­recruitment.”

In-Q-Tel ...* ThreatConnect Threat Intelligence Arlington, US 2013 ...US 2013 For detailed profiles for 450+ Enterprise Security startups, visit Enterprise Security feed at tracxn.com 12/7/14 www.slideshare.net/ Tracxn/ tracxn-enterprisesecuritysectorsnapshotoct2014

ThreatConnect, Inc. the leading provider of advanced threat intelligence .. Investors include Google and In-Q-Tel, investment arm of the intelligence ...https://www.linkedin.com/in/janalind

National Science Foundation and CIA venture fund In-Q-Tel.... Novak Biddle, Valhalla Partners and Grotech offer ...
2/28/10 www.readwrite.com/2010/02/23/never-mind-valley-washington-dc

IQT Intelligence Community Partners
https://www.iqt.org/about-iqt/
Launched in 1999 In-Q-Tel (IQT)... to bridge the gap between the technology needs of the U.S. Intelligence Community (IC) and emerging commercial innovation. We identify and invest in venture-backed startups developing technologies...
While CIA remains our primary partner, IQT has broadened its scope in recent years to support other agencies within the IC, such as the National Geospatial-Intelligence Agency (NGA), Defense Intelligence Agency (DIA), and Department of Homeland Security Science and Technology Directorate (DHS S&T)....primary point of engagement with IC is through the In-Q-Tel Interface Center (QIC) in the Central Intelligence Agency.’s experienced officers, QIC provides a direct connection to IC technology leaders and end users, ensuring our strategies and investments are on target. Each partner agency sponsors a similar team of interface staff...

CIA venture firm In-Q-Tel....Infinite Power ...W\ww.ventureonline.com

------------

needs wide distribution:

“Strategy for Operating in Cyberspace” July 2011
First Strike: US Cyber Warriors Seize the Offensive
January-February 2013 http://www.worldaffairsjournal.org/article/first-strike-us-cyber-warrior...
When the Pentagon launched its much-anticipated “Strategy for Operating in Cyberspace” in July 2011, it appeared the US military was interested only in protecting its own computer networks, not in attacking anyone else’s. “The thrust of the strategy is defensive,” declared Deputy Secretary of Defense William Lynn...Pentagon planners had already classified cyberspace officially as a fifth “domain” of warfare, with land, air, sea, and space. As the “Strategy for Operating in Cyberspace” in 2011 “allows DoD to organize, train, and equip for cyberspace as we do in air, land, maritime, and space to support national security interests.” That statement by itself contradicted any notion the Pentagon interest in cyber was mainly defensive. Once the US military accepts the challenge to fight in a new domain, it aims for superiority in that domain over all its rivals, in both offensive and defensive realms. Cyber is no exception. The US Air Force budget request for 2013 included $4 billion in proposed spending to achieve “cyberspace superiority” ...

US military geek warriors are now prepared to go on the attack, armed with potent cyberweapons that can break into enemy computers with pinpoint precision....a program launched in October 2012 by the Defense Advanced Research Projects Agency (DARPA), the Pentagon’s experimental research arm. DARPA funding enabled the invention of the Internet, stealth aircraft, GPS, and voice-recognition software, and the new program, Plan X...“to create revolutionary technologies for understanding, planning, and managing cyberwarfare.” The US Air Force, also signaling its readiness to go into cyber attack mode, in August announced it was looking for ideas on how “to destroy, deny, degrade, disrupt, deceive, corrupt, or usurp the adversaries [sic] ability to use the cyberspace domain for his advantage.” The new interest in attacking enemies rather than simply defending against them has spread to the business community...“We’re following a failed security strategy in cyber,” says Steven Chabinsky, formerly the head of the FBI’s cyber intelligence section and now chief risk officer at CrowdStrike, a startup company that promotes aggressive action against its clients’ cyber adversaries. “There’s no way that we are going to win the cybersecurity effort on defense. We have to go on offense.”...

The growing interest in offensive operations is bringing changes in the cybersecurity industry. Expertise in patching security flaws in one’s own computer network is out; expertise in finding those flaws in the other guy’s network is in. Among the “hot jobs” listed on the career page at the National Security Agency are openings for computer scientists who specialize in “vulnerability discovery.” Demand is growing in both government and industry circles for technologists with the skills to develop ever more sophisticated cyber tools, including malicious software—malware—with such destructive potential as to qualify as cyberweapons when implanted in an enemy’s network. “Offense is the biggest growth sector in the cyber industry right now,” says Jeffrey Carr, a cybersecurity analyst and author of Inside Cyber Warfare...

The move to offensive operations in cyberspace was actually under way as Pentagon officials were still insisting their strategy was defensive. The big revelation came in June 2012, when New York Times reporter David Sanger reported that the United States and Israel were behind the development of the Stuxnet worm, used to damage computer systems controlling Iran’s nuclear enrichment facilities...the attacks code-named Olympic Games constituted “America’s first sustained use of cyberweapons.” The highly sophisticated Stuxnet worm delivered computer instructions that caused some Iranian centrifuges to spin uncontrollably and self-destruct. According to Sanger, the secret cyber attacks had begun during the presidency of George W. Bush but were accelerated on the orders of Obama.... a cyberweapon designed and used for the same purpose and with the same effect as a kinetic weapon: like a missile or a bomb, it caused physical destruction.... Used preemptively, it could keep a conflict from evolving in a more lethal direction. The targeted country would have a hard time determining where the cyber attack came from....

“We’re no longer just hurling mass and energy at our opponents in warfare,” says John Arquilla, professor of defense analysis at the Naval Postgraduate School. “Now we’re using information, and the more you have, the less of the older kind of weapons you need.” Access to data networks has given warfighters a huge advantage in intelligence, communication, and coordination. But their dependence on those networks also creates vulnerabilities, particularly when engaged with an enemy that has cyber capabilities of his own.
“Our adversaries are probing every possible entry point into the network, looking for that one possible weak spot,” said General William Shelton, head of the Air Force Space Command, speaking at a CyberFutures Conference in 2012. “If we don’t do this right, these new data links could become one of those spots.”

Achieving “cyber superiority” in a twenty-first-century battle space is analogous to the establishment of air superiority in a traditional bombing campaign. Before strike missions begin against a set of targets, air commanders want to be sure the enemy’s air defense system has been suppressed. Radar sites, antiaircraft missile batteries, enemy aircraft, and command-and-control facilities need to be destroyed before other targets are hit. Similarly, when an information-dependent combat operation is planned against an opposing military, the operational commanders may first want to attack the enemy’s computer systems to defeat his ability to penetrate and disrupt the US military’s information and communication networks.
Indeed, operations like this have already been carried out ...

And, as DARPA’s Plan X reveals, the US military is currently engaged in much larger scale cyber war planning. DARPA managers want contractors to come up with ideas for mapping the digital battlefield so that commanders could know where and how an enemy has arrayed his computer networks, much as they are now able to map the location of enemy tanks, ships, and aircraft. Such visualizations would enable cyber war commanders to identify the computer targets they want to destroy and then assess the “battle damage” afterwards. Plan X would also support the development of new cyber war architecture. The DARPA managers envision operating systems and platforms with “mission scripts” built in, so that a cyber attack, once initiated, can proceed on its own in a manner “similar to the auto-pilot function in modern aircraft.” None of this technology exists yet, but neither did the Internet or GPS when DARPA researchers first dreamed of it.

As with those innovations, the government role is to fund and facilitate, but much of the experimental and research work would be done in the private sector. A computer worm with a destructive code like the one Stuxnet carried can probably be designed only with state sponsorship, in a research lab with resources like those at the NSA. But private contractors are in a position to provide many of the tools needed for offensive cyber activity, including the software bugs that can be exploited to provide a “back door” into a computer’s operating system. Ideally, the security flaw or vulnerability that can be exploited for this purpose will be one of which the network operator is totally unaware. Some hackers specialize in finding these vulnerabilities, and as the interest in offensive cyber operations has grown, so has the demand for their services. The world-famous hacker conference, Defcon, attracts to Las Vegas...every year creative often antisocial hackers who have gone legit as computer security experts, law enforcement types, government spies, and a few curious academics and journalists...

In August 2012....no company logo or brand name on the card, just “Paying top dollar for 0-day and offensive technologies...” identified the buyer as “zer0daybroker” and an e-mail address. A “zero-day” is the most prized of all computer vulnerabilities, unknown to anyone but the researcher who finds it. So no one can prepared a defense against it. The growing demand for these has given rise to brokers like Zer0day, who identified himself as “Zer0 Day Haxor”. in a subsequent e-mails. As a broker, he probably did not intend to hack into a computer network himself but act as an intermediary, connecting sellers who discover the vulnerabilities with buyers who want to use them and willing to pay a high price for the tools...

But the rise in offensive cyber operations has transformed the vulnerability market, and hackers these days are more inclined to sell zero-days to the highest bidder. In most cases, these are governments. Not surprisingly, the National Security Agency—buying through defense contractors—may well be the biggest customer in the vulnerability market... The designers of the Stuxnet code cleared a path into Iranian computers through the use of four or five separate zero-day vulnerabilities, an achievement that impressed security researchers around the world. The next Stuxnet would require the use of additional vulnerabilities. “If the president asks the US military to launch a cyber operation in Iran tomorrow, it’s not the time to start looking for exploits,” says Christopher Soghoian, a Washington-based cybersecurity researcher. “They need to have the exploits ready to go. And you may not know what kind of computer your target uses until you get there. You need a whole arsenal [of vulnerabilities] ready to go in order to cover every possible configuration you may meet.” ....

The vulnerability market has developed to such a point that entire security companies now devote themselves exclusively to the discovery and sale of these exploits. Some deal strictly with US government agencies or the defense contractors that act on their behalf, other companies (and individuals) deal with foreign buyers as well...
Misha Glenny, writing in the Financial Times, argued that the tacit US admission of responsibility for Stuxnet will act “as a starting gun; countries around the world can now argue that it is legitimate to use malware pre-emptively against their enemies.” One danger is that US adversaries, notably including Russia and China, may now cite the use of Stuxnet to support their argument that an international treaty regulating the use of cyberweapons may be needed. The United States has long opposed such a treaty on the grounds that it would undermine its own technological advantages in cyberspace and could also lead to efforts to regulate the Internet in ways that would harm freedom of expression and information...
The US military has not set up its own rules of engagement for cyber conflict, though the head of the US Cyber Command, Army General Keith Alexander, says they are necessary. Neither has the US government a “declaratory policy” regarding the use of cyberweapons analogous to government statements on when and where nuclear weapons may be used...