Why Online Attacks By Nations Are Problematic: Enemies Can Learn From Your Digital Weapons, Then Turn Improved Versions Against You

from the that's-awkward dept

Thu, Mar 5th 2015 9:03pm — Glyn Moody

Last month, we wrote about a great discussion between Edward Snowden and Bruce Schneier that explored how offensive and defensive operations by national intelligence agencies had changed as they moved online, becoming much more intertwined. A new Snowden leak published by The Intercept confirms that the situation is even more complex, because adversaries can learn from digital attacks directed against them to create even better weapons, which they then use to counterattack: The NSA is specifically concerned that Iran's cyberweapons will become increasingly potent and sophisticated by virtue of learning from the attacks that have been launched against that country. "Iran’s destructive cyber attack against Saudi Aramco in August 2012, during which data was destroyed on tens of thousands of computers, was the first such attack NSA has observed from this adversary," the NSA document states. "Iran, having been a victim of a similar cyber attack against its own oil industry in April 2012, has demonstrated a clear ability to learn from the capabilities and actions of others."
That's because, unlike traditional physical weapons used against enemy infrastructure, digital versions are not generally destroyed during an attack. One of their big advantages is that once they have infiltrated and infected a target system, they can continue to carry out surveillance or attacks over a long time period. But that also means they may eventually be discovered -- especially if they leak out -- allowing them to be studied and improved in a way generally not possible with traditional weapons. Those new versions can then be directed elsewhere, including against the original attacker.

So intelligence agencies find themselves in a difficult position. The more they carry out attacks using digital weapons, and the more sophisticated those tools, the greater the likelihood that adversaries will detect them, adapt them and then turn them back against the country that deployed them. It's probably too much to hope that this may cause such weapons to be used more sparingly....

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: counterattacks, cybersecurity, digital weapons, iran, nations, nsa, online attacks

20 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

rexfred (profile), 5 Mar 2015 @ 10:01pm

So, eventually we arrive at a stasis wherein attack, counter attack happens so quickly that actual penetration becomes non-productive? Sort of a Loop de Loo.Bring on the Q computor.
[ link to this | view in chronology ]
- Anonymous Coward, 6 Mar 2015 @ 3:45am
  
  Re:
  Indeed - I didn't realise the Netrunner LCG was a guidebook, rather than a dystopian warning.
  [ link to this | view in chronology ]
Uriel-238 (profile), 5 Mar 2015 @ 10:35pm

And Uriel goes on another anecdote that is strangely applicable.
One of my favorite parts of the Monkey Island games (specifically one and three) was the insult swordfighting bit.

As Guybrush (yes, that was his name learns to fight with a sword, it's established that in the Errol Flynn tradition, the insults and quippy responses that opponents make at each other are what really determine the outcome of a fight.

So you walk up and down the roads of Melee island looking for people to duel. And you rapidly realize that there's so many more insults and quips than the couplet that you were given (something about dairy farmers and cows).

But each time you were caught blindsided by a new insult, that insult became yours. Same with the responses, until you knew more than any pirate on the island.

Except maybe the Sword Master.
[ link to this | view in chronology ]
Anonymous Coward, 5 Mar 2015 @ 11:22pm

And it's taken this long to realize this? Guess what? When I first heard of Stuxnet, I was saying then that they had just handed a weapon to their enemy. It might be 4 or 5 years before they understood completely the complexity of how it functioned but sooner or later they were going to see those methods again. No brain surgeon required on this. It's friggin' common sense (no matter how rare that might be today).

Notice that we have pretty much the same set up as MADD. No one but government has any protection if there is some to be had. Everyone else on the internet is up to be the victim. Helped out no doubt by the NSA that loves to get zero days to exploit but doesn't share with the companies where the bugs are to fix them. That means everyone else is open to attack and it has been engineered this way very much on purpose.

Considering how much of our infrastructure relies on computer hardware and software, should such go down, it's not going to be pretty. Imagine how you would feel to go get a shower only to find out the shower and toilet doesn't work because there is no water, the water heater element is burned out because the water level dropped and then the electricity quit. So you go to get parts to fix the frigging water heater only to find the hardware store is sold out of those elements and they have no idea when the next shipment will be because the phone doesn't work and they can't send an order in because the computer is trashed. There are cars stacked up in the intersections wrecked, because the red lights are out and the grocery store can't take your credit card for the same reason that the computer network is down. You best get them groceries in three days before they are completely out of everything because until the next shipment comes in there's nothing else to buy.

Sounds like a grand defense plan don't it?
[ link to this | view in chronology ]
- Anonymous Coward, 6 Mar 2015 @ 1:24am
  
  Re:
  Dont worry, im sure those private companies who do important things care about their security and will not try to save money on it.
  lol jk, real cyber 9/11 will happen soon and they will not be able to stop it. Certainly not with the current methods.
  [ link to this | view in chronology ]
Anonymous Coward, 6 Mar 2015 @ 12:21am

Hubris...
There's another message hiding in there: NSA considers it newsworthy that the enemy have learned from their attack.

I'm not sure what's worse, the hubris or the foolishness displayed.
[ link to this | view in chronology ]
- DaveHowe (profile), 7 Mar 2015 @ 2:34am
  
  Re: Hubris...
  This is the same thinking that gives you the idea of a "golden key" - A backdoor (sorry, "Framework") that weakens people's privacy, but is magically only usable by one government's TLAs, because China immediately asking for a copy of the key "because terrorism" is of course unreasonable and requires a presidential statement to that effect....
  [ link to this | view in chronology ]
Derek Kerton (profile), 6 Mar 2015 @ 2:38am

"That's because, unlike traditional physical weapons used against enemy infrastructure, digital versions are not generally destroyed during an attack"

Also, things like cruise missiles, stealth bombers, and nukes are very, very expensive and have a high marginal cost of production. We can also see their physical production sites from the air, and target them before they are complete.

OTOH, digital attack tools are largely made of code, and much like an MP3, have a low marginal cost of production, and can be created in somebody's mom's basement.
[ link to this | view in chronology ]
Rich Kulawiec, 6 Mar 2015 @ 2:48am

Consider the Internet of Things
Or as I think it's more properly called, The Internet of Bots (because nobody hyping this has even made a cursory attempt to consider the massive security and privacy implications). Deployment has already started, and any adversary worthy of the title is busy figuring out how to exploit the surveillance and sabotage capabilities it promises.
[ link to this | view in chronology ]
jsf (profile), 6 Mar 2015 @ 6:48am

Nothing New
This concept is what the classic "military industrial complex" of Eisenhower fame is all about. Once you use or show your latest weapon it will be copied and/or countered. Which in turn means you need a bigger, better, newer weapon. Of course the for profit contractors are more than happy to help build those new weapons, and of course now sell the older stuff to anyone in the world willing to pay for them.
[ link to this | view in chronology ]
Anonymous Coward, 6 Mar 2015 @ 7:00am

If you had'nt created them

If you had focused on defence

Now....were just fucked
[ link to this | view in chronology ]
Anonymous Coward, 6 Mar 2015 @ 7:56am

Isn't this basically true of any type of weapon and attack? I mean once you use something knew, everyone else (including the target) goes, "Oh, I see what you did there. Cute. I'm going to figure out how to do that too." It doesn't matter if the weapon is destroyed in the process of using it. They will still learn something that helps them develop and even improve on it.
[ link to this | view in chronology ]
John Fenderson (profile), 6 Mar 2015 @ 8:10am

The art of the possible
Very often, the only thing that makes something impossible is the belief that it is. Once someone accomplishes the impossible and demonstrates to others that it can in fact be done, then others very quickly figure out how to do it too. There are countless examples of this going all the way back through history.

So, if you've developed a weapon (or any technology) that can do things nobody else thinks can be done, then that advantage only exists until the first time you use the weapon, at best. Once others see the weapon demonstrated, then others will have the weapon as well.
[ link to this | view in chronology ]
Anon, 6 Mar 2015 @ 10:07am

Of COurse
>Isn't this basically true of any type of weapon and attack? I mean once you use something knew, everyone else (including the target) goes, "Oh, I see what you did there. Cute. I'm going to figure out how to do that too." It doesn't matter if the weapon is destroyed in the process of using it. They will still learn something that helps them develop and even improve on it.

Heck, the same principle applied 100 years ago.
As soon as the Allies used tanks, or the Germans used gas, the other side could figure out what they needed to do to retaliate. All it did was raise the bar on lethality and futility.

Note that Germany never used gas in WWII (nor did the allies). It would simply become a zero-sum game to do so.
[ link to this | view in chronology ]
- Anonymous Coward, 6 Mar 2015 @ 10:20am
  
  Re: Of COurse
  And the Chinese invented and used gun powder centuries before that and look where that ended up.
  [ link to this | view in chronology ]
- Uriel-238 (profile), 6 Mar 2015 @ 11:41am
  
  Hitler was gassed, himself in WWI
  And was so horrified by the experience that he a) swore never to authorize gas attacks in warfare, and b) issued gas masks to his soldiers down to the last clerk and grunt, even in theaters where gas attacks were unlikely. Hitler was rather paranoid about gas.
  
  Mobile mechanized armor was a critical element to Blitzkrieg, but the Battle of Britain focused on air superiority and military targets until a single bomb was accidentally dropped in an English civilian neighborhood. The allies used this to justify attacking civilian targets and military manufacturing, and the Blitz and later V1 and V2 programs were developed in response.
  [ link to this | view in chronology ]
Anonymous Coward, 6 Mar 2015 @ 11:21am

NSA/GCHQ Boomerang & Blowback
"Hoist with his own petard" -- Shakespeare.
[ link to this | view in chronology ]
Anonymous Coward, 6 Mar 2015 @ 12:35pm

Straight pride? methinks Nick Steiner is protesting too much.....

Taking bets on the amount of time before someone uncovers his past history as a hardcore gay porn star....
[ link to this | view in chronology ]
Anonymous Coward, 8 Mar 2015 @ 8:06am

"...has demonstrated a clear ability to learn from the capabilities and actions of others."

Too bad y'all can't do the same!
[ link to this | view in chronology ]
lew, 10 Mar 2015 @ 8:18am

'Intelligence agency' does not foresee much at all
NSA is stupid: S/N of mass collection means that approach is useless. Tools it uses are inspirations for others. $Bs spent to no result.

CIA and NSA spend $Bs on briefing the president every day, but studies show that reading the newspapers make for better decisions. Now the Internet and P2P can obsolete all their intelligence gathering.

CIA, NSA, military have evolved back into a std mafia protection racket.

Confidence in gov, approval rating, is at an all-time low. But the right question would be "Are they criminals?" and "Should they hang?"
[ link to this | view in chronology ]