Thursday, April 4, 2019

Operation Buckshot Yankee

subprogram duck shot northernOperation duck shot Yankee The Primary Point of WeaknessBy Jeffrey HigaAbstractOperation duck shot Yankee is a harmful effect that was a turning point in cyber aegis for the U.S. administration. This attendant set up the current dominating warf atomic number 18 fighting commonwealth known as cyberspace and established the need for change magnitude cyber security. I would deal to play up the sluicet known as Operation Buckshot Yankee, how and why it happened, a possible solution that could produce prevented this, and analogous events synonymous to this situation. I would desire to highlight the main point of weakness from my perspective on the situation and propose how this weakness support be strengthened with proper people management and knowledge. I will provide explanations and samples to provide a capable view on how this situation could run through possibly be prevented, and statistical info to back up my findings as substa nti on the whole(prenominal)y as a personal shell of a real situation belatedly occurring in my career. By being able to estimate the possible costs of damages in some(prenominal) monetary and reputational damage ca employ in these situations, these numbers can prove how valuable data can be and what the costs of a simple mistake such as using a mysterious cauterize drive can cause. In conclusion, I would like to mention a possible solution to the difficulty and my personal view on the situation and how it applies to us non only in this event, only when in like manner has an impact on our everyday lives in the field of IT and IT security.EssayOperation Buckshot Yankee is establish on a cyber security incident which took place in the Middle East in 2008. This cyber fall upon event was a turning point in the history of U.S. cyber defense, and caused drastic losses of data from hidden disposal databases. Operation Buckshot Yankee was the name of the operation to stop a mal icious mark that was contained on a rubbishy drive an American soldier found in the Middle East. This flash drive was then inserted by a government employee to a laptop connected to Central instruction meshings and caused the code to spread through disclose categorise and unclassified military networks allowing the enemy to steal valuable breeding on these systems.According to an obligate by Lynn (2010), U.S. government systems are constantly probed and registerned by adversaries one thousand thousands of times daily, just now this attack was an caseful of a successful cyber attack. The military lost thousands of data files including weapon and operational plans as well as surveillance data stored on classifieds U.S. networks. Having this incident happen, the government has realized the need for increased cyber security and work to create a secure international network. In response to this attack, the government state cyberspace as an official war fighting domain, and in itiated plans to regulate cyberspace crimes and safety.Up to this attack in 2008, Operation Buckshot Yankee is said to have been the most compactificant breach of U.S. military information processing systems to meshing according to an condition by Nakashima (2010). According to Lynn (2010) this image of attack is the introduction of a new type of war fighting that opens up the new domain known as cyberspace where traditional war laws do not apply. Cyberspace has now become the primary point of attack, as these types of attacks are comparatively inexpensive as they only required accomplished individuals and computers, rather than large expensive equipment such as tanks and jets.According to another article by Nakashima, the NSA was warned by a signal in the U.S. system onerous to send messages back to the code creator. The NA then found a program that infected their classified network and was sending data out. They rootaged the code to the aforementioned thumb drive and fou nd that the code would find out for important documents and spread itself to other thumb drives connected to the network. The malicious program was called Agent.btz and infected the host computer and spread over the network to other computers. Any other flash drives connected to already infected computers were then overly infected and caused further spread throughout the network. The article also mentions that the code had already been out for months prior to the attack, and was floating around the internet but did not have access to government systems imputable to them being isolated from the public networks. Due to the government not being able to scan public networks thoroughly, the code was bypassed until the incident. This situation highlights the danger of insider threats, whether intentional or accidental. In the case of Buckshot Yankee, the slackness of an individual was the cause of the insider threat which compromised an otherwise secure system isolated from outsider th reats.Operation Buckshot Yankee is the planned government operation of shutting down Agent.btz and putting a stop to the thievery of government data. The government analyzed the code and saw that it was looking operating instructions on what actions to take. The NSA Tailored plan of attack Operations team created a plan to force the code to deactivate itself by sending their instructions for it to shut down. The operation was a success and the instructions were sent out across the network at one time testing as done, and the malicious code was shut down. Though this code was put to a stop, legion(predicate) important government documents had already been stolen, but the incident was put to a halt.This incident led to the banning of thumb drives on Department of Defense systems as a security measure from preventing a similar incident from happening again. The flash drive was sourced in the Middle East and according to an article by Goodin (2010) the source code was said to have b een from Russia but in that respect is no solid raise right off proving this. The article by Goodin also describes that Government systems are constantly beneath the threat of cyber attack, and that a dozen computer hackers could drastically weaken U.S. government networks if a network vulnerability is found. This is a perfective aspect compositors case of how drastically times have changed, and that cyberspace is the new arena to commence attacks. According to the article as an typeface, a dozen people at computers could possibly bring a orbit down in an extremely cost and labor efficient manner. Losses of life would be minimal for adversaries compared to a energising attack, and damages caused could be in the form of disruption of services or staling of valuable data as described in Buckshot Yankee. A great example of disruption of services would be the event in Estonia as described by Richards (2009). A Distributed Denial of Service attack was launched against Estonia i n take issue of moving a politically valued statue. These attacks lasted three weeks and were strategically launched targeting banks and other essential services to cripple the technological systems of Estonia. Having essential services shut down can cause chaos and leave a country vulnerable to attacks if an adversary were to take advantage of the situation. Taking that into account, resulting damages of cyber warfare and cyber attacks could essentially have worse effects than energising war or possibly result in extensional kinetic war.Operation Buckshot Yankee is a perfect example of how battles will most likely be fought in this current era and going into the future. Cyber attacks are en extremely inexpensive and efficient system of causing a significant amount of damage with minimal effort. Due to the nature of cyberspace, attacks are also very difficult to pinpoint and regulate. Traditional laws do not apply here as there are no clear boundaries in the world of cyberspace. As described in an article by Mjr. Gen. Charles J. Dunlap USAF (2009), the definition of cyberspace itself is yet very unclear and undefined. Without proper definition, it is difficult to make hi-fi laws to apply to this new war fighting domain. The only real protection as mentioned in this article is for nations to take responsibility for their own actions and their citizens. In the case of Operation Buckshot Yankee, this was the unintentional irresponsibility of a U.S. citizen. Due to difficulty in specifically sourcing threats and the limitless boundaries of cyberspace, it is almost impossible to place blame on a certain country or individual, especially if they are located in another country. As in the case of Buckshot Yankee, though the incident was caused in the Middle East, the code is theoretically sourced from Russia, but there is no way to truly prove it.This brings me to the point that the primary point of any cyber security system is human error. I believe that people cause the most problems in any technology environment regardless of the situation. Computers are controlled by people that cause the problems. Another great and synonymous example is the recent event of credit card information being stolen from stone pit. An article by Riley, Elgin and Matlack (2014) malware had been installed on Targets computer system to steal credit card information as it was swiped. Target had installed a detection system by FireEye to detect malware prior to the event happening, but the system was ignored even when alerts were given to the companies IT and management. According to the article, about 40 million credit card numbers and 70 million other pieces of information were stolen before the situation was acted upon. This is another prime example of a system operative properly but being held back by people. Had this situation been acted upon as soon as the alert was announced, many peoples valuable information would have been saved, and the company would have saved possibly avoidable expenses.As described in a book by Harris,S., Kumar,P.V. (2013), the most important part of cyber security is people. Operation Buckshot Yankee is a perfect example of how human error can cause catastrophic damage. Whether it be due to improper training or carelessness, this event started with the actions of a single person and turn into a widespread situation with catastrophic damages. If proper training was initiated and due diligence was practiced, this situation could have been avoided. closely would consider a random flash drive found in an adversary country to be suspicious and would not try to plug it into any computer, let alone a secure government system, but user errors such as this are the primary cause of incidents regarding technology.Wilshusen (2013) shows statistics from government agencies explaining that 20% of cyber incidents are due to improper usage only secondary to incidents still unexplained or under investigation. This statist ical data is a definite indicator that people are the primary cause for problems in even federal government agencies. By having solid statistics based on real reports from 2012, it is irrefutable evidence that people are the primary cause of concern and outlines the need for continuous training and testing of knowledge. By keeping people properly trained and reducing the number of unknowing individuals having access to network resources higher up their knowledge these numbers could possibly be greatly reduced.A great personal example is at my place of employment. I work for a government sponsored healthcare company which handles patient data on a daily basis that is regulated by HIPAA. There are a few employees who are older aged (50-60) and are relatively unfamiliar with computers regardless of training given. A prime example is one employee in particular who is in upper management. I cannot think of a more perfect example of a prime target for any type of cyber attack, from socia l engineering to spam emails, she has travel victim to them all and constantly does to this day. Upon sitting at her computer, all her usernames and passwords can be found on sticky notes on her desk or under her keyboard. She also opens every email and attachment regardless of what it says or who it is from. We recently had a couple simultaneous incidents happen with her in the past few weeks. The first sign was her email account being locked by our service provider. We called and they said her email was being used to send thousands of spam emails while logged in from China. Upon fixing this and changing her passwords etc., we scanned her computer only to find more than 17,000 malware installed on her computer. We constantly inform her about how to properly inspect email and about not giving out personal information or opening every attachment. Even with antispam programs on our server, some emails will ceaselessly slip through, and she will always open them. I find this to be a prime example of human error and carelessness to perfectly describe how an incident such as Buckshot Yankee can occur.The statistical cost provided in an article by Ponemon Institute (2012) has shown in a stick with that the average cost to a company of a successful cyber attack is about $214,000. This shows that the damages can be significant, and that data is extremely valuable. In the case of buckshot Yankee, the data which was stolen containing weapon plans, and confidential trading operations and surveillance data is of significant value and could result in catastrophic damages to the U.S. in both costs and possibly loss of life. If this data is placed in the wrong hands it could be used maliciously and the damage could be limitless. In the situation of my workplace, losing patient data could also be a significant loss, leading to possible lawsuits and compromising of patients personal information. In the case of target, had the situation been handled properly and the securit y system been utilized, it could have prevented the significant leaking of data. In a journal by Espenchied (2012) of Microsoft, Operation Buckshot Yankee took almost 14 months to clean up from Department of Defense and Pentagon networks. In all of these situations damages would not only cause significant monetary damage, but also damage the reputation of the data holder. For companies like Target, fixing the damages caused has resulted in an estimated $61 million in expenses and 9 lawsuits according to Riley, Elgin, and Matlack (2014). Had they acted quickly, these damages as well as damage to their reputation could have been minimized.ConclusionIn conclusion to these findings, I would like to stress the importance of proper continued training of employees in any type of computer related job, as proper use of computer systems is the best method of preventing such events from occurring. Though proper training can be expensive, it can end up saving more money as well as reputation of the company as exampled given in each situation mentioned. Though the U.S. government has a highly sophisticated and expensive cyber security system, it was compromised by a simple mistake. The importance of due diligence and due care is extremely relevant to Operation Buckshot Yankee, as had the zero source individual been informed, they would have considered the mysterious flash drive a threat, and would not have compromised the system by carelessly using it.Because of how difficult it is to find and hold any party responsible in the domain of cyberspace, the best preventative measure is to make sure that your systems are not exposed to internal threats. Most threats from outside can be filtered with hardware and software, but inside threats are the largest problem. As described by Wilshusen (2013), user error is the leading known cause of cyber incidents in federal agencies at 20%, followed by malicious code at 18% also due to user carelessness with direct threats such as unauth orized access and probing last at 17% and 7% respectively. The personal example I had given in my place of employment is another example of an insider threat compromising the network due to user misuse and carelessness.The only solution to keeping U.S. cyberspace safe is by ensuring that all hardware and software systems are up to date with current threats, and properly maintained in addition to informed system users. By regulating who has access to data resources, and making sure they are trained to the necessary level of knowledge, we can prevent these future mistakes from happening, and minimize possible damages due to data loss. These concepts apply not only in a government setting, but apply to use at work and even on our personal computers at home. Keeping cyberspace safe is the responsibility of all computer users, and is of utmost importance in this era where we are so dependent on computers.ReferencesBeidleman, Lt. Cl. Scott W. delineate AND DETERRING CYBER WAR, (2009) 1- 40Espenchied,J.A. (2012). A Discussion of Threat Behavior Attackers Patterns.Goodin, D. (2010, August 25). Pentagon confirms attack breached classified network The Register. Retrieved from http//www.theregister.co.uk/2010/08/25/military_networks_breached/Harris,S., Kumar,P.V. (2013). CISSP all-in-one exam guide, sixth edition.New York McGraw-Hill.Lynn, W. J. (2010, October). Defending a New Domain Foreign Affairs. Retrieved from http//www.foreignaffairs.com/articles/66552/william-j-lynn-iii/defending-a-new- domainNakashima, E. (2011, celestial latitude 8). Cyber-intruder sparks response, debate The Washington Post. Retrieved from http//www.washingtonpost.com/national/national- security/cyber-intruder-sparks-response-debate/2011/12/06/gIQAxLuFgO_story.htmlNakashima, E. (2010, August 24). Defense official discloses cyberattack. Retrieved from http//www.washingtonpost.com/wp- dyn/content/article/2010/08/24/AR2010082406495.htmlPonemon Institute (2012, May 24). Infosecurity Cybercr ime costs companies an average of $214,000 per attack. Retrieved from http//www.infosecurity- magazine.com/view/25966/cybercrime-costs-companies-an-average-of-214000-per- attack/Richards, J. (2009). Denial-of-Service The Estonian Cyberwar and Its Implications for U.S. interior(a) Security. Retrieved from http//www.iar-gwu.org/node/65Riley,M., Elgin,B., Matlack,C. (2014, March 13). Target Missed Warnings in Epic Hack of Credit control board Data Businessweek. Retrieved from http//www.businessweek.com/articles/2014-03- 13/target-missed-alarms-in-epic-hack-of-credit-card-dataWilshusen, G. C. (2013). CYBERSECURITY. A Better Defined and Implemented National Strategy Is Needed to bid long-lasting Challenges, 36.Wilson, G. C. (2013). CYBERSECURITY. A Better Defined and Implemented National Strategy Is Needed to Address Persistent Challenges, 36

No comments:

Post a Comment