If you are having trouble viewing this email, click here to view this online

 

VOLUME 62

   ISSUE 62

27 September  2016

Article of the Month Around the World

CYBER WARFARE.

01. What does Cyber warfare mean?


It is any virtual conflict initiated as a politically motivated attack on an enemy’s computer and information systems. In simple words, cyber warfare is the use of hacking to conduct attacks on a target’s strategic or tactical resources for the purposes of espionage or sabotage.
Cyber warfare attacks can disable official websites, networks and also disrupt or disable essential services, steal or alter classified data and break down financial systems, among many other possibilities.
 

02. How does cyber warfare work?


Hackers that are in the military of a said state or hackers that are sponsored by the said state attack computers and networks that are involved with sensitive resources within a country. This procedure is similar to how a hacker works normally, they collect information about the system and find out loop holes and weak spots. The hackers then gain control of the said system or destroy it.
If hackers simply choose to gain control, then they can read privileged information not meant for them and they can exploit to gain advantage. And also sabotage people in various ways, from blackmailing them to luring them out of their security and killing them.
A good example of cyber warfare is in using DDoS (Distributed Denial of Service Attacks) to shut down access to government websites and social media, an effective tactic used by the Russians during the South Ossetian War in 2008.
 


 

03. Who does it target?


Will target any sensitive industry in your opponent’s infrastructure. This means obvious stuff like the military and defense and weapons manufacturers.
The worst part is that cyber warfare could target a country’s population; the most important strategic asset of a country. A hacker could launch terrorist attacks, i.e. doing scary things like hitting major financial sectors and causing economic damage to the country’s economic or abruptly terminating public communication.
 

04. Controversy over terms…


Eugene Kaspersky, found of Kaspersky Lab, concludes that “cyber terrorism” is a better term than “cyber warfare”. He states that “with today’s attacks, you are clueless about who did it or when they will strike again. It’s not cyber war but cyber terrorism.”
In October 2011 the Journal of Strategic Studies, a leading journal in that field, published an article by Thomas Rid, “Cyber War Will Not Take Place” which argued that all Cyber-attacks motivated by politics are merely sophisticated versions of sabotage, espionage, or subversion and that it’s is highly unlikely that a Cyber war will occur in the future.

Some experts, however, believe that this type of activity already constitutes a war.




 


05. Protection against attacks


The most effective protection against Cyber warfare attacks is securing information and networks. Security updates should be applied to all systems -- including those that are not considered critical -- because any vulnerable system can be co-opted and used to carry out attacks. Measures to mitigate the potential damage of an attack include comprehensive disaster recovery planning that includes provisions for extended outages.
 

06. Example of Cyber warfare:

• In 1998, the United States hacked into Serbia's air defense system to compromise air traffic control and facilitate the bombing of Serbian targets.


• In 2007, in Estonia, a botnet of over a million computers brought down government, business and media websites across the country. The attack was suspected to have originated in Russia, motivated by political tension between the two countries.


• Also in 2007, an unknown foreign party hacked into high tech and military agencies in the United States and downloaded terabytes of information.


• In 2009, a cyber-spy network called "GhostNet" accessed confidential information belonging to both governmental and private organizations in over 100 countries around the world. GhostNet was reported to originate in China, although that country denied responsibility.

 

Mandeera Karawita

Mandeera is an undergraduate of Institute of Information and Technology following Bachelor in Software Engineering and currently working as Intern - Information Security Engineer at Sri Lanka CERT|CC
 

 

 

 

 

 

 

 

 

 

References

1 Statistics on the Internet growth in Sri Lanka
http://www.trc.gov.lk/images/pdf/
statis_sep_2012.doc
2.The Dragon Research Group (DRG)
http://www.dragonresearchgroup.org/
3.TSUBAME (Internet threat monitoring system) from JPCERT | CC
https://www.jpcert.or.jp/english/tsubame/
4.Shadowserver Foundation
http://www.shadowserver.org/wiki/
5. Team Cymru
http://www.team-cymru.com
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
  
  Sri Lanka CERT|CC conducted Awareness Campaigns for SOS Children Villages in Sri Lanka
  
   "....Sri Lanka CERT|CC conducted Information security awareness sessions for all the SOS children villages in Sri Lanka upon the request made by Mr. Lasantha Weligamage, the Assistant Director of SOS Youth Facility, Piliyandala. The awareness sessions took place in Galle, Piliyandala, Nuwara Eliya, Monaragala, Anuradhapura and Jaffna......"
 

Teen sues parents over embarrassing childhood photos on Facebook

  

"...An 18-year-old woman is suing her parents for posting embarrassing, intimate tot shots of her onto Facebook and ignoring her pleas to take them down.

According to The Local in Austria, the woman, who can’t be named, claims that her progenitors have posted some 500 images of her since 2009....."

  Amex users hit with phishing email offering anti-phishing protection
   

'...Users who fall for the scheme are directed to a bogus Amex login page (at http://amexcloudcervice.com/login/). Once they enter their user ID and password, they are taken to a bogus page that ostensibly leads them trough the SafeKey setup process....'

SIRI HAS A NEW TRICK UP HER SLEEVE FOR IOS 1

   
  

'....There have been many changes in Apple's new operating system, iOS10, but one of the biggest changes has happened to Siri.

The digital assistant can now control third party apps, not just Apple's. To find out which apps work with Siri, head to the Siri section under "Settings" and then click on "App support." At the moment, users can do things like order a ride with Lyft, send money on Venmo and dictate a LinkedIn message....'

The Future of Hospital Operations Looks like 'Air Traffic Control'

  

'....Explosion of data volumes. Interoperability of systems. Large servers in the sky that can analyze enormous amounts of data, compute complex algorithms in real time, and communicate in microseconds. Mobile communication through devices that patients, providers and staff all carry all the time. What does this all mean for hospital operations? Based on working with dozens of hospitals and conversations with 100+ others, we think the near future of hospital operations is quite exciting. Call it what you will - "Hospital 2.0," "No Waiting Rooms," "Hospital Operations Center" - the basic building blocks to enable the future of hospital operations are already here....'

Month in Brief
Facebook Incidents Reported to Sri Lanka CERT|CC in August  2016
     
  
  Hacked
  Fake
  Other
   
  Statistics - Sri Lanka CERT|CC

HOW TO STOP ATTACKS FROM WITHIN

'"...Mari Frank is an attorney and certified privacy expert and the author of the “Identity Theft Survival Kit,” “Safe Guard Your Identity,” “From Victim to Victor,” and “The Guide to Recovering from Identify Theft.” This column has been written on the behalf of the Visual Privacy Advisory Council.....'

Free and cheap ways to study for IT certifications

'...For as long as there have been technology certifications, IT pros have debated their value. Some believe they're the key to a fatter paycheck, while others contend that they're often not worth the paper they're printed on. Others take the middle road and say they can be valuable in the right circumstances, but experience is king.....'

APPLE’S NEW IPHONE 7 PLUS IS SET TO BRING AUGMENTED REALITY INTO THE MAINSTREAM

"...Smartphones boasting “dual cameras” are becoming more common, and news that they will feature on the just-announced iPhone 7 Plus indicates their arrival into the mainstream.

But while dual cameras may stem from efforts to improve picture quality, they have the potential to lead us down much more interesting paths: The real story may be Apple is using dual cameras to position itself for the augmented reality world ushered in by the Pokemon Go phenomenon....."
Why more people aren’t cloud bursting?

'...Most IT departments face the occasional spike in computing demand. Sometimes they are predictable (a sports betting site knows what to expect when the cup final is on, for example), and sometimes not..."
 
Notice Board
  Training and Awareness Programmes - September  2016
  
DateEventVenue
20th September Computer Laboratory ,ICT Branch, Ministry of Education Workshop for testing the online system on CRC & PICTEC
  21st September Samudi Co-operative Hall, Rathnapura   ICT Society Programme  
  22nd September Sanasa University, Kegalle   ICT Society Programme  

Brought to you by: