A little over two weeks ago United States Army Specialist Bradley Manning was arrested and life as he knew it changed forever. Manning, an intelligence analyst stationed at Forward Operating Base Hammer, 40 miles east of Baghdad, had implicated himself as being responsible for the disclosure of in excess of 260,000 classified documents that he harvested from military classified networks (SIPRNET and JWICS). He shared this information with Adrian Lamo, well known “reformed” black hat hacker over encrypted instant messaging sessions ultimately culminating in Lamo turning to the United States Army’s Criminal Investigation Division (CID). Lamo, who along with Wired.com journalist Kevin Poulsen, have been labeled as ‘snitches’ as a result of Lamo’s cooperation with the authorities and Poulsen . The Internet is awash with speculation regarding this story with parties such as Julian Assange, founder of the Internet whistleblower site WikiLeaks.org – the site which Specialist Manning allegedly provided these documents and videos to, stating that were Specialist Manning responsible for the submissions (which Assange will neither confirm nor deny), he should be regarded as a national hero.
Regardless of your position on free speech or what only time, investigation and thorough analysis will reveal pertaining to the Manning case, gross misconduct occurred in what can only be described as a willful manner as it relates to Specialist Manning, his military occupational specialty, his rating, unit, command and brothers in arms the world over. Philosophy, politics and idealism are the wildcards in our space; the black swans which, when identified must be taken note of as that which motivates them in many respects lies squarely outside of the norms associated with breeches of this type. In most cases of espionage, which is candidly what this is — regardless of your feelings or philosophy, there are often common indicators that are noted and tend to be exploited by those seeking to exploit a party to do their bidding. This case is different. It’s interesting and quite candidly horrifying in that Specialist Manning (to the best of the data we have to date), was not motivated by greed or financial hardship (motivators seen in countless other cases such as the cases of Ames, the Walkers, or Hanson for example), or vice (as seen in the case of Lonetree). No, by all accounts (again taking into consideration that these accounts are coming largely via third party relay and information being disclosed resulting from the communications between Manning and Lamo along with information provided by friends of Specialist Manning), Specialist Manning was motivated by that which we might most easily describe idealistic or philosophical.
As a result, I am going to refraining from weighing in within an opinion regarding guilt or innocence as no doubt Specialist Manning will be undergoing investigation and I would imagine a Court Martial as a result of the allegations being brought forth against him. Certainly the communications he provide Lamo will act in building and strengthening the case against him and we would all do well to remember that Specialist Manning – like all Military personnel, swear an Oath of Enlistment which calls for the party swearing said oath to defend the Constitution of the United States from all enemies, foreign and domestic. The oath itself looks like this:
“I, (name), do solemnly swear (or affirm) that I will support and defend the Constitution of the United States against all enemies, foreign and domestic; that I will bear true faith and allegiance to the same; and that I will obey the orders of the President of the United States and the orders of the officers appointed over me, according to regulations and the Uniform Code of Military Justice. So help me God.“
It is communicated in an elegant and articulate manner and leaves no room for interpretation. Beyond that, when one enters into a military occupational specialty which requires a security clearance one’s life and personnel opinions must be willingly put aside for the greater good as the lives of others more often than not depend on a clear, unwavering stance on service, obligation and duty to the nation. Having said that, it should be noted that it is not my place nor is it my desire to pass judgment on this young man. That day and duty will come and justice served in a military court of his peers at a time yet to be determined. My real concern stems around the situational awareness of those in charge of the facility in which Specialist Manning worked on a daily basis and their procedural and operational effectiveness. Allowing anyone to enter into classified environment with read / writable media is not uncommon. Read writable material is used within these environments. However, allowing them to leave the facility with read / writable material – regardless of how it was labeled (in this case Specialist Manning stated that he labeled a read / writable disk as a ‘Lady Gaga’ cd and proceeded to pretend to lip-sync to her songs while he was scouring secure, classified systems and networks for material which he later downloaded within a split compressed file), is unusual to say the very least. In most cases it does not and never should occur.
This no doubt will be investigated by Army CID and others and will likely see the watch command, Officer in Charge and others investigated in order to proper assess whether Specialist Manning acted alone or in collusion with others. The results? Well we’ll have to wait for the results to be arrived at – we may never know as the Department of Defense may desire (and it is their right to do so), not disclose all that they find. Regardless I cannot think of a better case to highlight the need for regular, and vigilant security awareness and educational training in addition to greater degrees of cognizance of the existence and potential use and hosting of onion routed repositories within networks (public or private), which may be used for questionable and in some cases quite clearly, criminal ends.
Money for Nothing Relatively Risk Free: Why They Do What They Do
At the conclusion of the previous installment of this series I closed by saying that in the next we would begin exploring in more detail, the nature and reasoning of those things which influence the sub-economic ecosystems associated with the cyber criminal realm. It is extremely important to note that the world over, the lines between traditional criminal organizations and those born in the cyber age have blurred. The rate of occurrence and frequency of this blurring are difficult to diagnose. The point of genesis is unclear though it shows no signs of slowing. As I have commented before, cyber criminals are innovative opportunists. They share this trait with their more organized traditional criminal counterparts. It is in their individual and collective best interest to be. It aids in their being able to secure their livelihood and lives; high stakes for high stake players.
Due to this innovative opportunistic trait, a strange and interesting phenomenon began occurring. It would have profound impact over time on the entire world. Sophisticated ecosystems emerged reflecting this innovative opportunistic nature of the criminal mind. Recognizing the market needs present (supply and demand), traditional criminal organizations began evolving , investigating new means by which to generate revenue, conversely, cyber-criminals began meeting and either joining forces with traditional criminal organizations or began being groomed from the ranks within resulting in a level of sophistication not previously seen yet organic. This was not a localized event nor an stereotype associated with an ethnic or cultural group; it was the dawn of something new with a global world view. The following list – though extensive is not representative of all criminal activity blurring the lines between these worlds:
- Extortion / Protection Rackets
- State Sponsored / Cyber Terrorist / Cyber Mercenary Activity
- Cargo Heists / hijacking
- ATM / Credit Card Fraud (carding)
- Fraud
- Online Gaming, Gambling, Racketeering
- Money Laundering
- Theft of Property / Identity
- Sex and Pornography
- Confidence Scams
- Trafficking in Criminal Contraband / Fencing of Stolen Property
- Counterfeiting of Currency / Legal tender
- Manufacturing and sale of counterfeit goods
- Illegal substances
- Human smuggling
It is important to note that interest in cyber crime by professional criminals – traditional, cyber or otherwise, would not be as great were it not for the opportunity to generate revenue and demonstrate a profit while incurring the least amount of risk possible. Were this not the case, there would be far less speculation as to the true dollar amount associated with cyber crime globally (again recall estimates range from 600 billion to 1 trillion USD as of 2009 though I tend to believe they fall towards the lower end of the spectrum which is still a huge amount), in addition to the case logs being marked and researched. Recently we have seen several examples of this – examples that reflect the diversity of the activity seen and lengths to which individuals and organizations alike will go to achieve their goals. On November 10, 2009, the United States Department of Justice brought up charges against an alleged international hacking ring suspected of stealing $9 million dollars from more than 2,100 ATMs in approximately 280 cities worldwide.
The multi-national team of cyber criminals responsible for this theft targeted the RBS Worldpay organization, a division of the Royal Bank of Scotland. By undermining the data encryption utilized by the teams at RBS Worldpay, these criminals were able to generate 44 counterfeit payroll debit cards. With these debit cards, the parties making the withdrawals were allowed to keep up to half the amounts withdrawn while sending the remainder to the ringleaders. This activity in its entirety took all of 12 hours to conduct. This case demonstrated the creativity (innovative approach), that the team was willing to take in addition to the level of cooperation and collaboration required to achieve a crime of this level in such a short period of time. Additionally it displays the and solidifies the position taken by most law enforcement and security researchers today regarding the likelihood of international cooperation thusly supporting the risk-reward principle discussed earlier.
In September of this year, another case being prosecuted by the United States Department of Justice was made public. This case involves a Chinese national living and working here in the United States. The party in question was indicted in New Jersey for participating in an elaborate plan to steal confidential (e.g. proprietary intellectual property) information from the organization at which he was employed as an environmental engineer. His intention was to sell this information in China to other corporations and the Chinese government with the aid of his two Chinese co-conspirators. The information he had stolen (and transmitted to his private email account and co-conspirators in China), was related to a comprehensive hazardous waste information management system specifically designed for the Chinese market by his American employer. Its target audience was the Chinese equivalent of the Environmental Protection Agency in addition to those organizations that interact with the environmental & regulatory agency such as hazardous waste producers and shippers. The former employer of this individual pushed for prosecution under the fullest extent of the law. The organization, referred to as Company A, pled for the courts to take into consideration the damage that this infraction caused their business holistically. Due to this industrial corporate espionage, Company A argued that their opportunity to engage the Chinese government formally had now, as a result of the actions of this individual been seriously hampered as had their opportunity reach those organizations which do business with the Chinese governments EPA equivalent. Their assertion is that this cyber based industrial espionage has tarnished and likely made it impossible for them to business in the region.
In both of these cases (and these are just two random recent ones which I felt were interesting enough to demonstrate the diversity seen within the cyber criminal underground), the use of cyber intelligence, tactics, and techniques were employed. As a result, the required level of human involvement (direct physical involvement), was minimal. This lack of direct human involvement increased the reward proposition while minimizing the risk factors though not eliminating them. The following points were originally listed for consideration in the first post and I believe remain true:
- It often directly impacts those who cannot protect themselves – preying on the weak is always easier than preying on those who can defend but this does not mean that it does not happen and with great success as seen in the examples above and elsewhere
- Cyber-crime represents a real threat to the U.S. Economy and economies of nations the world over
- Cyber-crime represents a threat to the security interests of the United States of America and nations the world over (see first bullet)
- Cyber-crime transcends borders and national boundaries – rarely if ever, discriminates
- Impacts governments, businesses, and the private lives of law-abiding citizens the world over — most of whom are unaware that activity of this nature and degree is taking place, much less that they might be unwittingly made a part of it via a myriad of exploitative means
- It’s truly a global problem with global implications as there are individuals, gangs, cohorts, syndicates, organized crime elements, terrorists, and state sponsored entities actively participating and supporting the economies which support these criminals
- It’s impact, prevalence and maturity are underestimated and as a result often negated
With respect to these points, I will pose the same question I did in the initial post of this series before closing:“In the 21st Century, what has the potential to do more harm? Bombs, Bullets or Bits?”
