Information Security Has Become More Vital

Published Date: 02 Nov 2017

Abstract

Nowadays, information security has become much more vital by the progress of technology in our daily life. Somehow, this can be explained by constantly new report on Information theft, breach of security policies by hackers, organized internet crimes and important information to be obtained and to be used by terrorists. Likely, many companies suffer from huge losses in their income by information theft, embezzlement and all kinds of malicious attacks. However, more attacks come from the internet directly and a reason for which we have to build an idea forward to prevent those attacks to happen and make it more secure for the company. Different organizations are very conscious nowadays in how secure the network is such as the banking and telecommunication field.

Now, the government is now much conscious of how important information is for the growth of the country.

Introduction

Reliable information is much vital in certain organization because its those information acquired that will uplift the growth of the organization and It must be processed in the most legal way possible. The fight that occurs to obtain such information is information warfare. Information warfare is the collection of tactical information trying to make believe that one’s information is truly genuine and using that belief to manipulate information and future enemy strategies. Information can be divided into two parts namely offensive and defensive information warfare and further we will discuss it as we progress in the paper.

The main aspects that will be encountered in this paper will be why is information warfare so important? Why ever people seem to connected to it? What are the risks involved while dealing with the information? What are the steps approached to combat it? Is it impossible to fight against?

Information infrastructures

The definition of information was defined in 2002 by Hanseth as "a shared, evolving, open, standardized, and heterogeneous installed base" and by Pironti (2006) as all of the people, processes, procedures, tools, facilities, and technology which supports the creation, use, transport, storage, and destruction of information. The information was first introduced in 1990s and through the decade it has proved quite a fruitful aspect in the information systems field. Information infrastructure is a technical structure of an organizational form, an analytical perspective or a semantic network (form of knowledge representation).

By performing live broadcast for organizations the present technology has uplift the efficiency. However, live broadcast could be doing business online and this brought so much risk within the organization where the business is being performed. For example, with opportunity to work outside the working surroundings by internet access and rapid technological change, eventually there was an exposure of information infrastructure to a string of risk in the form of electronic fraud, information theft and industrial espionage. By facing all those constraints, the government and non governmental bodies should provide organization efforts necessary to combat the threat of information warfare.

Risk management

Security is the main aspect in information warfare for the management of risk. However, before implementing such controls and even before testing, risk assessment should first be carried out in organizations. Furthermore, while considering risk to information infrastructures the number, type and variation of threats did increase at an alarming rate.

Threats have come through networks and information infrastructures where no single entity, governmental or private has the responsibility to protect or secure information and application. We must have information superiority that is the capability to collect, process, and disseminate an uninterrupted flow of information while exploiting or denying an adversary’s ability to do the same. With the rapid phenomenal growth of networks it happens that there is lot of misuse in the society. The ability to secure the computer system is very well understood and instead there is lot of intrusions coming through. The wider impact of threats comes through geographical distribution, size and complexity of

Networks.

Information warfare

Information warfare as its name signifies is the war between information. Being more precise it is the application of force in a large scale against information assets and system against the computers and networks that support the four critical infrastructures (the power grid, communications, financial, and transportation). However, protecting against computer intrusion even on a smaller scale is in the national security interests of the country and is important in the field of information warfare.

However, Information warfare can be classified into two categories. It is offensive information and defensive information warfare that predominates. Through decades the rapid rise in our information and communication technologies brought an enormous change in the field of communication and together with it the significance and implications of information warfare.

Offensive information warfare

Offensive measures are those measures taken to affect adversary information and information systems.

Let us consider the United States in this type of Information warfare. Normally, the United States will be more favorable to advance in terms of foreign policy interest. However, the latter possesses the technological knowledge to start an efficient and effective information war. Despite the information falls under department of defense, the intelligence community itself can execute covert action operations.

Defensive information warfare

The defensive information warfare is all steps needed to defend against information attacks.

On the other hand, the department of defense and intelligence community has done a very nice job by reforming the national security threat created by information warfare. Moreover, work still has to be done.

National Institute of Standards and Technology (NIST) together with National Security Agency (NSA) and Defense Information Systems Agency (DISA) should set computer security standards and objectives for the private sector.

The representatives from law enforcement as well as the members should

Review the actual policy on encryption and the political area that surrounds it.

The department of defense need not depend more on NII( National Information Infrastructure) instead develop a secure emergency form of communication in the event of information warfare attack.

The NII should be declassified and then released to the public.

There should be continued coordination, namely Dual Use Technology, between the government and industry.

The era of information warfare with ‘flame’

‘Flame’ is one of the major destructive viruses found on the internet. It is also the third major cyber weapon after the stuxnet virus that considerably attacked the Iran program in 2010 and Duqu in 2011 which is another virus. However, they were further examined by the UN telecommunication union about malware that was deleting sensitive information across the Middle East. During the search to find a code nicknamed as ‘wiper’ kaspersky lab discovered the malware worm win.32.flame. Flame is a sophisticated attack toolkit and is a backdoor a Trojan and has worm like features. Ultimately, it can replicate on the local network and eventually on any removable media. The malware goes into the computer and once the system is infected completely it begins a very complex set of operations. It includes sniffing the network traffic, taking screenshots, recording audio conversations and intercepting the keyboard among others. Moreover, the data captured is made available to the operators through the link to the flame’s command and control servers. Later, the operators can upload further modules which expand the Flame’s functionality. Around 20 modules have been detected in Flame. However, it has been stated that Flame appears that flames has been stated to affect USB stick called euphoria and Auto run infector. Somehow, the experts did not detect it yet the reason behind this is that Flame appears to be disabled in configuration data. The ability to affect USB stick is as follows.

Autorun infector can be stated as Autorun.inf. The Autorun.inf was used in early stuxnet using the shell32.dll trick. This method was used only in stuxnet and was not detected in any other malware.

Euphoria is mainly spread on the media using the junction point directory that contains malware modules and LNK file that trigger the infection when the directory is opened.

Vulnerability on the print spooler was also exploited by the stuxnet by using a special Microsoft operations framework file executed mainly on the attacked system using windows management instrumentation and secondly via remote job tasks. Even when administrative users do have rights, it may attack other machines in the network.

The complexity of the ‘Flame’ virus is as much dangerous as stuxnet that attacked iran. It has 100 times as much code than typical virus designed to steal financial information according to the kaspersky lab. Ultimately, it is very diffcult to analyze this type of virus. It consists of different libraries such as ‘zlib’, ‘libbz2’ and has sqlite3 for database manipulation and lua for virtual machine. Lua is rather a programming language which can easily manipulated and merged with c language. In flame itself there high order logic compiled in lua with efficient and effective attack subroutines and libraries compiled in c++. According to the experts of cryptographic the ‘Flame’ virus uses an obscure cryptographic method known as prefix collision attack. Actually, the virus fakes digital credentials and finally helps it to spread. On the other hand, security experts have added that the design of this new variant require world class cryptanalysis. However, the debugging and running is not that important because it is not a conventional executable application.

Purpose of this ‘Flame’ virus

The discovery of complex attacks is not new. In 2010, there was an attack in Iran using the virus stuxnet that disrupted the operations of centrifuges at nuclear facilities. On the other hand, in 2011 Duqu was found and it was built rather same as the stuxnet virus. It was rather used as espionage rather than sabotage that is it was used as the extraction of data out of the computer that it infected. However, according to experts ‘Flame’ virus was created to collect information on the operations carried out in certain nation states in the Middle East such as

Iran, Lebanon, Syria, Israel and others.

The self destruction of flame

After have been detected, ‘Flame’ has been ordered to self destruct. However, Flame has a built in function such as suicide that can be used to uninstall the malware from infected computers. Somehow, the ‘Flame’ virus decided to distribute a self removable module to infected computers that are connected to servers still under their control. According to Symantec security response team, its command and control servers had sent an updated directive to the virus which is named ‘flamer’ designed to remove it from compromised computers. Therefore, any users that receive the file would have all the reaches of ‘Flame’ virus removed.

The information warfare between the transitions of ipv4 to ipv6

The internet protocol (ip) itself is responsible of how data packets are routed on the internet and is however responsible for the addressing system that ensures traffic is routed to the intended destination. Normally, the web runs on the version 4 of the internet protocol and the first version to be widely deployed. In IP version 4 there is around 4 billion addresses in the internet address space. With the growth in technology the rapid growth of networks made the depletion of the internet address space. In addition, over time the fault or defect of ipv4 has been detected and reviewed. However, the ipv6 was introduced to reduce the defective situation caused by ipv4. On June 6 2012, the IPv6 was launched worldwide and in Mauritius. However, the launching of the newer version of the internet protocol created a new broad environment on the internet. In certain point, this was like warfare between the versions of the internet protocol and the reason behind this was the increase of attacks with the adoption of IPv6. This will be explained further in this paper.

With the new version, it is as much crucial as the previous version concerning the growth of the internet as a platform for innovation and economic development. However, Afrinic (African network information centre) has been encouraging stakeholders to opt for the IPv6 as they will run out of the IPv4 in 2013/2014. There many reasons normally to shift from the IPv4 to the IPv6 and one of the case is that the range of IP’s is coming to an exhaustion point. Furthermore, it also offers security improvements over the IPv4 such using the IPsec fro authentication and encryption. It also offers auto configuration for the new devices connected to the network. It offers superior connection and offers peer to peer collaboration facilities. The technical issues faced by the IPv6 are the header manipulation. By using the headers extension headers and IPsec (internet protocol security) can analyze and deter some sort of attack based on header manipulation.

The fact is that all extension headers have to be processed by all stacks. It can be a source of concern that is a long chain of extension headers or some large size could be used to surprise certain computer systems as an example is the case of masquerading an attack and firewalls. Another possibility in the IPv6 is spoofing. A spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage. Since tunneling requires that the protocol is encapsulated in another, therefore its use could a security issues such as address spoofing. Flooding issues is a big source of problem in Ipv6. It is more complex when performing the scanning for valid host address and services for Ipv6 rather Ipv4.

To scan the Ipv6 segment may take up 580 billion years because the address space uses a 64 bit. However, it does not mean the larger space that IPv6 is totally invulnerable to this type of attack. In addition, the broadcast address does not make the IPv6 secure. Certain features such as multicast address continues to cause problems and smurf-type attacks are also possible on multicast traffic.

Mobility Is another main aspect of IPv6 since mobility is a very complex function that normally concerns security aspects. Mobility uses two types of addresses namely mobile address and real address. The real address is a typical IPv6 addresses which is used in extension header. The second one is a temporary address contain in the IP header. Moreover, due to the characteristic of this network the temporary component of mobile node address could be exposed to spoofing attacks on home agent. Mobility however needs special security measures and administrators and therefore they must be well aware of the situation.

However, there is a lot of improvement from Ipv6 compared to Ipv4. The new protocol put in place provides countless features that improve the overall functionality and bring forward some security functions.

The outraging flow of attacks with the adoption of Ipv6

The concern of the adoption of Ipv6 is very alarming because there is an increase risk of denial of service and buffer overflow attacks. On the other hand, Ipv6 exposes businesses to cyber attacks and the problem is that hackers uses Ipv6 that bypass security controls and filters designed and configured for Ipv4 traffic. Infact, the number of attacks using Ipv6 is relatively small but as Ipv6 is being widely adopted there will be an alarming increase in attacks in the future.

However, some security researchers have seen a spread malware using Ipv6 based on command and control capabilities. Without the necessary attention to IPv6, this technique can bypass existing protection such as non-Ipv6 enabled firewalls completely. Ipv6 uses a completely different scheme of IP addresses and by having a huge amount of IP addresses it will benefit companies from a high level management and also it will benefit cyber criminal. Further more, the cyber criminals will not only change the IP’s frequently and make it difficult to track and trace. However, many existing security controls that rely on black listing malicious IP addresses will be found to be very effective. In addition to that, cyber criminals will be able to rotate the IP addresses rapidly which can pose a challenge to the effectiveness of blacklisting and even grey and white listing.

Nowadays, with rise in technology our network engineers and security professionals are more familiar with IPv4 network. Somehow, with the adoption of Ipv6 is also shortage of skills and people need to be trained enough to deal with IPv6 constraints.

As a result, it creates security holes during the transition process because the lack of training. It can also occur in the creation of usage and security policies of IPv6. Not all the policies implemented in IPv4 environment can be translated to the policies implemented in IPv6 environment. There is a need to rewrite the policies and the lack of expertise makes it likely that IT manager will not deliberately create a security hole while writing those new policies.

‘OPERATIONS HIGH ROLLER’ ONE OF THE BIGGEST CYBER BANK ROBBERY

At the beginning the cyber attacks occurred in Europe and then it continues till Latin America and the United States. The idea behind operation high roller was take huge amount of money from bank balances. An automated malicious program was then discovered that used deliberately servers to attempt for theft that occurred in commercial firms such credit union, large multi national mind regional banks as well invidual has been attacked. IN addition to this situation, security firms have found that attackers have shifted from their routine attacks and have got directly into the bank servers and constructed software which is automated. Mc Afee has been able to track the global fraud which is still in force in different countries. They have discovered 60 different servers that has been used normally to steal around 60 million euro. The servers identified were located in Russia. These attacks were considered to be the biggest and most sophisticated cyber bank robbery in history.

The problem of Mini duke malware that affected Europe through Adobe reader

A new attack has been discovered and European government was one of the main targets through flaws in adobe reader software. However, the attack consists of a malicious program name as "miniduke" and has attacking continuously Ukraine, Portugal, Romania and other institutions around Europe.

MiniDuke finds its way to infected computers through PDF’s. Once, this malicious program is downloaded to the computer it creates a unique identifier and encrypts any communication. Further more, it has a built up mechanism to fool any anti virus and security professionals. Having gone through security, even though the software connects to tweeter to search for tweets on premade accounts. The tweets contains tweets tag with encrypted url’s for back doors that can send it commands and finally open the backdoor through GIF files. The back door is malicious and once they are run on the computer, they can allow hackers to access files, move them, remove them and make directories.

Bypassing Google two factor authentication

Due to investigation made, a loop hole has been found in Google authentication system and finally let the hackers to bypass Google two factor authentication and ultimately gain full control of gmail accounts by exploiting the unique passwords used to connect individual applications to Google accounts. The imperfections reside in the auto login mechanism implemented Google chrome in the latest versions of android. In addition to the vulnerability can allow using ASP to gain access to google account recovery and 2 step verification settings. The auto login allow users who usually linked their chromebooks and mobile devices to their google accounts to automatically access all related pages over the web without ever seeing another link page .

Information warfare in Mauritius

Some years ago we considered Mauritius to be transformed in a cyber island and making Mauritius as a central hub when it deals with technology. Moreover, this situation is still in progress. Many investors have been investing their income in large IT companies in Mauritius. However, this could benefit the people of Mauritius as it would create jobs. On the other hand along with the technology come its risks. However throughout the paper risks has been specified such as virus attacks and all. There have been cases of embezzlement in our MCB/NPF scandal but this was not due to computer hacking. Further more, some illegal transactions were made. The usage of magnetic cards to withdraw money from ATM was one of the main problems. However, there was information warfare between the medias.

Apple Mac’s attacked by Java based malware attack

It has been discovered that Apple engineers has been attacked by the same zero vulnerability that attacked Facebook. A malicious attacked was found on the Macintosh computers. According to the Apple industry the malware was used in an attack against Apple and other companies across the globe. From the information about the attack so far it has been stated that it was a ‘watering hole attack’. The purpose of the attack is that it is easier to compromise a site that people visit rather to attack directly a company. Somehow, it is very difficult to break through. The surveys showed that the Unites States covered nine of the ten crimes.

International vulnerability

Nowadays, many countries face nearly the same problems as the United States in terms of cyber crimes and hacking. On the other hand, many brings along an ideological attacks on their information systems and also vulnerable to cyber war.

In addition, the international law is not adequate to deal with the cyber crime. A recent survey that was made from different countries including Mauritius appeared that these countries failed to effectively deter cyber crime although no assignment appeared to be made on cyber vulnerability and the capability to defend or respond in cyber war. The survey actually started when the Philippines found that the law was inadequate and to keep in existence against the alleged perpetrator of the ‘love bug’ virus that stopped e mail networks in May 2000. It was later found that 33 of 52 nations have not fully updated their criminal codes to deal with any offense that concern the computer systems. Only the Philippines where the love bug originated, the latter had came forward to cover all ten types of crimes. The offenses committed were data related crimes such as interception, modification and theft, network tampering, including interference and sabotage, crimes of access including hacking and virus distribution. Other computer crimes were computer fraud and computer forgery.

The United States worked with NATO (North Atlantic treaty organization) and EU (European Union) to create standards and agreement for cyber defense. In addition to, the allied countries began to analyze the same issues faced by the United States and the United States real progress may about to happen in dealing with cyber crime. Furthermore, the Unites States approved most of the cyber crime reviewed by 41 council of Europe in December 2000.

Role for private industry and information warfare

The critical systems are found mainly in the private sectors and the public sectors. With the rise of technology in the society risks have increase deliberately and the government is forced to put security measures forward. At the end, 90 percent of the burden of defense must fall on the user and in addition to this 100 percent of the burden of day to day defense against cyber crime and hackers. There has been uniform attack and many of them have gone through sophisticated defenses in response. Some of them incorporate the problems and also keep from sight losses from law enforcement agencies because of the fear of being vulnerable. Likewise, some of them may have the illusion that a combination of federal action and law enforcement activity can offer more protection that is really reliable. Many entities provide insufficient funding of all defenses and reconstitution activity because as a result there is insufficient pressure to interfere with efforts in order to decrease expenses and there are inadequate liability, insurance, and auditing standards to force affective action. Liability laws have not been implemented or not clear as to the failure to develop adequate protection and reconstitution capabilities. Through, the federal government, it is more emphasized on prevention and recovery capability.

The military view of Information Warfare

Information warfare is nowadays omnipresent in our daily life. Concerning the United States it happened they wanted to digitize the battlefield and ultimately linked soldiers and weapons via wireless links. Further more, the weapon was built in such a way that it is with thermal sight that is able to send still frames back to high commands and is ultimately connected to the helmet monitor that normally enables the soldier to aim the target without the expose his body to the enemy. However, it seems like science fiction but finally the technique will be exposed to the battlefield so as to reduce casualties. Despite information on formation warfare, there is no way that technology can replace soldier until the war is changed so that nobody is involved physically.

Globally soft war can be described as information warfare in a global way. The aim of the soft war is not only to manage the superiority of information but also to manipulate enemy with fake or adapted information. This kind of warfare is mainly focused on "jamming". Jamming means interfering with communications and surveillance.

Information warfare and deception in military doctrine.

The development of operations involves that the concept have been transferred from military to civilian affairs. The clash between the media, the military and the media about terrorism has meant the distinction between war and peace is difficult to make. By considering deception, deception has been one of the main constraints in our daily life. Military deception can be defined as actions executed to purposely mislead adversary decision makers as to friendly military capabilities, intentions and operations thereby causing the adversary to take specific actions that will contribute to the accomplishment of the friendly mission.

The means of deception can be the following:

Camouflage

Demonstration

Display

Mimicry

Spoofing

Dazzling

Disinformation

Conditioning

Deception and information warfare tactics

Normally, information is divided into offensive and defensive information warfare. However, deception is more likely to be placed in offensive information warfare. Information warfare itself consists of different functions. It also includes defensive activities such as counter deception diminishes the effect of an enemy’s deception activities), and counter propaganda or counter a psychological operation (which attempts to counter the impact of the enemy’s messages). On the other hand offensive activities include military deception and physiological operations.

The significance of deception in contemporary information warfare

Information warfare is however a means to control the "infosphere". The word info sphere is more likely to be compared with the environment. IN addition to this, it provides a perception and information flows at the tactical and operational level in time of peace, tension and war. Somehow, it means how we must control information and prevent information to vanish to cyber attackers. Controlling perceptions is one of the main aspects also in the information warfare. The information itself may or may not represent physical reality. The defensive side of information is concerned about the protection and shielding of data. Ti also make sure that the data used is maintained at a high integrity and ultimately available to people who is permitted to use it. Denial and deception is another constraint in the field of information warfare. The function of denial is to secure information and assist deception and on the hand deception is used to attack methods put in place to get an advantage over the adversary. However, the purpose of this defensive information warfare is to prevent those attacks to be successful and as a result offensive information warfare uses the same methods against the opponent. One of the major weapons of deception is:

Represent the data to the adversary that normally represent the truth as you want them to become aware of it. This is achieved by using manipulated data.

Also, setting the context in which the opponent interprets the data.

Allowing ‘noise’ to be a common factor in the communication channel so that the opponent receives only the data allowed by the deceiver.

For instance security should ensure only the data that attain one’s objectives are released and physiological operations should create the context in which it is to be interpreted. It is also to create a deception using genuine data and however it will just be a subset of the real data. The offensive information warfare is deception as it is hiding the real data from the enemy even if it not always showing the false.

Corporate information warfare

Generally, the description of corporate information warfare is not new. As a result, students studying abroad can gather information to the government not just by attending lectures and seminar but also to work like a spy for the benefit of the government. It is not only the gathering of information but also possible to spread information, real or fictitious. It can also create global changes. In today’s world, many processes are controlled by computer chips and it would be easier for the IC manufacturer to claim that the widely used chip by their competitors does not work as it should.

Global information warfare

This type of information warfare works against industries, global economic forces and against entire countries. It does not concern much about research data but on the other hand it concerns mainly the theft of secrets and turns the information against its owners.

Conclusion

However, information is seen to be a vast area to examine because it is there in our daily life. It can be used as a weapon as the core of certain activities. Further more, sophisticated equipments is available worldwide and also anyone can have access to it and the risk is about large number of computer systems that are poorly managed and poorly equipped to fight against intruders. However, it is very vital that education and training about information warfare should be offered in order to maintain information superiority over its opponent. Ultimately, the military personnel from top to bottom on information warfare threats should be prevented from happening.