GCHQ the UK’s spying agency says they have fully engaged with AI to find, analyze and use the massive amounts of global data for their own intelligence work. AI and Machine Learning are playing an increasing role in cybersecurity, with security tools analyzing data from millions of cyber incidents, and using it to identify potential threats.
Digital disruption is sweeping through the world’s second-oldest profession, spying, and it is altering monitoring, collection, and action. Spying has of course been important for governments throughout history but it has also been very important for business and has helped create industrial change.
Historically people were used as the main spy agent, but in recent history and currently, spying and intelligence gathering are often accomplished by using Artificial Intelligence, cyber analysis, hacking and malware electronics.
AI, which traces its history back to British mathematician Alan Turing’s work in the 1930s, allows modern computers to learn to sift through data to see the shadows of spies and criminals that a human brain might miss. GCHQ, where Turing cracked Germany’s naval Enigma code during World War Two, said advances in computing and the doubling of global data every two years meant it would now fully embrace AI to unmask spies and identify cyberattacks.
The world’s biggest spy agencies in the United States, China, Russia, and Europe are in a race to embrace the might of the technological revolution to bolster their defensive and offensive capabilities in the cyber realm. This process is moving toward a more continual monitoring approach as is now often using Cyber-Intelligence and aspects of Cyber-warfare. Consequently, there is a growing realization in some Intelligence agencies that the Spy Agents' job is changing and some aspects of spying is gradually becoming redundant.
Cyberspace can now be used by a lot of electronic and IT systems, to the Internet of Things which is connected many of the traditional mechanical systems to robotics for monitoring, observation, and analysis. These processes can be used to monitor and spy on the seas, skies, streets, phones, emails, and conversations of targeted individuals.
AI now can be used to monitor the enemy or friends, intelligence services, and their correspondence. All data can be collected and analyzed by machines using different systems and processes such as cognitive computing. This uses self-learning and pattern recognition for data analysis of natural language processing and can copy the way an individual’s brain works, Wittgenstein would have approved!
Now drones can be used to assassinate agents and operators. Malware and machines can spy on systems, people, and on a leader’s mobile conversations, texts, and emails. Therefore, in some eyes, you no longer need an agent to Spy as we can now use aspects of Cognitive Computing (CC) to get deeper into a target's mail, conversation and actions. CC has been used to refer to new hardware and/or software that mimics the functioning of the human brain and helps to improve decision-making and can be used to monitor a target. In this sense, CC is a new type of computing with the goal of more accurate models of how the human brain/mind senses, reasons, and responds to stimuli. CC applications link data analysis to adjust content for a particular type of audience.
As such, CC hardware and applications strive to be more effective and more influential by design but CC can also be used to monitor and interpret a governmental decision-making process and to alter and add bias if required. So the 2nd oldest profession will soon have far fewer jobs than in the past and some say OO7 will be taught by such learning games OO-ISpy.com.
Alex Younger a previous head of MI6, said, “The digital world is a very interesting combination of an existential threat and a golden opportunity”. “The information revolution fundamentally changes our operating environment. In five years’ time, there will be two sorts of intelligence services: those that understand this fact and have prospered, and those that don’t and haven’t. And I’m determined that MI6 will be in the former category.
“The third and most important part of British intelligence is the surveillance agency GCHQ, which in partnership with the US National Security Agency, is responsible for scooping up most of the intelligence through tracking phone calls, emails, chat lines, and other communications.”
The Internet companies not only faced a backlash from customers concerned about their privacy but were displeased on discovering that, in spite of their cooperation, the agencies were accessing their information anyway through backdoor channels.
The UK is now repurposing its intelligence services with a £1.5bn annual top-up for Intelligence and Security. Espionage techniques have evolved beyond the old methods of the 1970s and earlier of bugging rooms or tapping phone lines; today’s Watergate wouldn’t come from breaking into an office building, it would come from cracking an email server or a corporate network. Already, we’re seeing these threats escalate in the political world, from the Democratic National Convention (DNC) email hack to a spear-phishing campaign targeting US officials, to last year’s surge of sophisticated cyber-attacks against the State Department.
Cyberattacks have made it increasingly possible for foreign governments, international and local hackers to affect and change media and propaganda and alter election results. In 2014, as Ukraine prepared for a crucial vote to decide the Presidency, government cyber experts found Russian hackers had breached its election computing infrastructure. The hackers knocked out the entire system that tallied the votes. The attack was detected and repaired, but then, just as the vote results were about to roll out, a virus was found that would have called the election for radical nationalists. Red Sky Alliance discovered this and reported on the hack before other firms knew what was happening. Our Ukrainian-born analyst was watching this closely and using his language ability to stay ahead of the false reporting.
However, there is also definitely a social effect in the US where a lot of working people, are rebelling against the ruling establishment elite who have had an increasing grip on power through institutions and the media for at least the past 40 years.
Literally, hundreds of millions of dollars are being spent conducting opinion polls across the States, many of which tend to have a built-in bias. This tends to ensure that their primary function is as a propaganda message often in the interests of those commissioning the polls. This is the lesser-known use of the Malware message.
- Internet protocols are now nearly 30 years old, and the Web has grown dramatically in scale and it has acquired hundreds of additional protocols and extensions, making it increasingly complex to manage.
- Around 53% of the world population now has an Internet connection.
- The Internet continues to grow day by day making McLuhan's Global Village almost a reality.
People will be so connected via the Internet that it has been suggested they will be able to create new digital "nations" with other people who share their interests.
- In 1995 Internet use was less than 1% of the world population. By 2005 it hit its first Billion users. Today’s Internet world users are 4.7 billion.
- By 2025 it is thought that this will rise to 6/7 billion 75/80% of the global population.
Global connectivity has really arrived in the past 20 years. This is significant because like previous industrial geo-political and macro-economic revolutions this one reminds us that the age of connectivity is in its infancy, and most of the changes have yet to come.
By the end of this year, there will also be around 4.2 billion connected things, everything from smart cars, smoke detectors, door locks, industrial robots, streetlights, heart monitors, trains, wind turbines, even tennis racquets, and toasters. As digital technology continues to spread to the poorest parts of the world criminal and extremist groups operating here and there will also increasingly be given access to the new technology.
Taking a brief look at the history of spying, digital technology should make it easier to track down and uncover illegal syndicates and bring them to justice, unless they are run by governments who have their own agenda and use cyber-privateers to do their malware, collection, electronic spying, and data theft and message adaption and propaganda.
The rise of city-states and empires meant that each needed to know not only the disposition, character, and morale of their enemy but also the loyalty and the general sentiment of their own population. Early Egyptian pharos [some 5,000 years ago] employed espionage agents to ferret out disloyal subjects and to locate tribes that could be conquered and enslaved. In Ancient Rome, major political players had their own surveillance networks, which provided them with information about the schemes of those in power.
The Roman Empire possessed a fondness for the practice of political espionage. Spies engaged in both foreign and domestic political operations, gauging the political climate of the Empire and surrounding lands by eavesdropping in the Forum or in public market spaces. Seventy years before Christ’s birth, the politician and orator Cicero frequently lamented that his letters were being intercepted. "I cannot find a faithful message-bearer," he wrote to his friend, the scholar Atticus. "How few are they who are able to carry a rather weighty letter without lightening it by reading."
In the Middle Ages, the Roman Catholic Church was more powerful than most governments, and it had a powerful surveillance network to match. Religious confessions and the confession boxes were used to monitor and spy on local communities.
The court of Elizabeth I was fertile ground for scheming and spies, and Francis Walsingham's job was to keep the monarch one step ahead of her adversaries. Many modern espionage methods were established by the Elizabethan spymaster Francis Walsingham. Walsingham's staff in England included the cryptographer Thomas Philippines, who was an expert in deciphering letters and forgery, and Arthur Gregory, who was skilled at breaking and repairing seals without detection. In May 1582, Walsingham’s team intercepted letters written by the Spanish ambassador to England, regarding a conspiracy to invade England and install Mary, Queen of Scots to the throne.
- Walsingham came up with a way to prove she was a threat to the queen. They had all of her mail opened but led her to believe that she had a secret means of correspondence through letters hidden in a beer keg.
- Walsingham gathered and added evidence of Mary's involvement in rebellious plots. She was later of course put on trial for treason and beheaded.
Throughout the late eighteenth and early nineteenth centuries, American industrial spies roamed the British Isles, seeking not just new machines but skilled workers who could run and maintain those machines. One of these artisans was Samuel Slater, who has worked and memorized patent information, secretly emigrated to America in 1789, posing as a farmhand and brought with him an intimate knowledge of the Arkwright spinning frames that had transformed textile production in England. He set up the first water-powered textile mill in the US and soon became very wealthy and owned over a dozen mills. President Andrew Jackson called him “the father of the American industrial revolution”. He was called ‘Slater the Traitor’ by the British.
Two decades later, the American businessman Francis Cabot Lowell talked his way into a number of British mills and memorized the plans to the Cartwright power loom. When he returned home, he built his own version of the loom and became one of the most successful industrialists of his time. The efforts of Thomas Digges, America’s most effective industrial spy, got him repeatedly jailed by the Brits, and praised by George Washington for his “activity and zeal.”
Not that the British did not have a long history of commercial theft themselves. In 1719, in Derby, Thomas Lombe set up what’s sometimes called the first factory in the United Kingdom, after his half-brother made illicit diagrams of an Italian silk mill. Lombe was later knighted. In the nineteenth century Britain’s East India Company, in one of the most successful acts of industrial espionage, sent a botanist to China, where he stole both the technique for processing tea leaves (which is surprisingly complex) and a vast collection of tea plants. That allowed the British to grow tea in India, breaking China’s stranglehold on the market.
Recently revelation that intelligence agencies have been gathering user data directly from nine of the largest Internet companies, including Google and Facebook, has shocked and partially surprised many Americans and Europeans. But, considering the history of spying, maybe it shouldn't have.
Decades before the agency was collecting massive amounts of phone and Internet records, it was collecting telegraph records in an operation that raises similar legal issues and worries about lack of oversight.
During August of 1945, US Army representatives met in secret with the country’s three major telegraph companies, ITT World International, RCA Global, and Western Union. They explained that the Army Signal Security Agency wanted copies of all telegrams sent to and from the United States. World War II was coming to a close and the top-secret, multinational Manhattan project had proven the power of foreign intelligence. Executives from the three companies agreed to comply, provided they were assured by then-Attorney General Tom Clark that it was not illegal for them to do so. There is no record any such assurance was officially given, but the operation went ahead anyway.
The telegraph operation, codenamed SHAMROCK, was a massive undertaking in the time before digital data storage: Once a day, beginning in late 1945, the Army sent couriers to telegraph offices in New York; Washington, DC; San Francisco; and San Antonio to pick up all their international telegrams, which were stored at first on hole-punched paper and later on reels of magnetic tape.
Analysts then sifted through the communique, looking for encrypted intelligence and evidence of Soviet spying. For the next two decades, the program continued in secret, often even from the top staff of the NSA. This was, impart the model for PRISM, which Snowden exposed.
However, a current example might be Samsung, for instance, is known for being a “fast follower” in its consumer business, which really means that it is adept at copying other companies’ good ideas. That’s not the same as theft, but evidence from its recent patent trials with Apple shows that Samsung’s response to the iPhone was, in large part, simply to do it “like the iPhone.”
Today Malware in its simplest form is similar to the way in which phone systems were originally used to listen to phone calls or to copy them. Malware, short for malicious software, is any software used to disrupt computer operations, gather sensitive information, gain access to private computer systems, and can engage in many other options including displaying unofficial counter-advertising.
Malware is defined by its malicious intent, acting against the requirements of the computer user, and does not include software that causes unintentional harm due to some deficiency.
Spyware or other malware is sometimes found embedded in programs supplied officially by companies, e.g., downloadable from websites, that appear useful or attractive, but may have, for example, additional hidden tracking functionality that gathers marketing statistics.
Malware is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, Trojan Horses, ransomware, spyware, adware, scareware, and other malicious programs. It can take the form of executable code, scripts, active content, and other types of spy software.
Some Categories of Malware
- Virus - Software that can replicate itself and spread to other computers or are programmed to damage a computer by deleting files, reformatting the hard disk, or using up computer memory.
- Adware - Software that is financially supported (or financially supports another program) by displaying ads when you are connected to the Internet.
- Browser hijacking software - Advertising software that modifies your browser settings (e.g., default home page, search bars, toolbars), create desktop shortcuts, and displays intermittent advertising pop-ups. Once a browser is hijacked, the software may also redirect links to other sites that advertise, or sites that collect Web usage information.
- Spyware - Software that surreptitiously gathers information and transmits it to interested parties. Types of information that is gathered include the Websites visited, browser and system information, and your computer IP address. Spyware is software that aims to gather information about a person or organization without their knowledge and that may send such information to another entity without the consumer's consent, or that asserts control over a computer without the consumer's knowledge.
Spyware can collect almost any type of data, including personal information like internet surfing habits, user logins, and bank or credit account information. Spyware can also interfere with user control of a computer by installing additional software or redirecting web browsers. Some spyware can change computer settings, which can result in slow Internet connection speeds, unauthorized changes in browser settings, or changes to software settings.
We now use malware and spyware in many different environments, technologies and military equipment, and maritime vessels at sea and in port. See https://redskyalliance.org for our extensive collection of maritime cyber threat reports.
Potential applications of this electronic technology include anti-personnel weapon systems, potential missile defense systems, and the disabling of lightly armored vehicles such as cars, drones, watercraft, and electronic devices such as mobile phones from hundreds of miles off the coast from the country being monitored by the Defender.
The Pentagon is now begun to upgrade the potential of such vessels and is researching technologies like directed-energy weapons and railguns to counter maturing threats posed by a missile and hypersonic glide vehicles. These systems of missile defense are expected to come online in the mid to late-2020s.
During the last 35 years, all of our secrets and the enemy’s secrets have been stored inside computers. This makes the use of cyberattacks more Spy necessary. Cyberwar remakes old assumptions about national security and military engagement. Old metrics such as troop numbers or missile inventories become outdated. Cyber-warriors aren’t as easy to track as nuclear weapons or naval warships. And unlike in the Cold War, when the US and the Soviet Union were the only powers capable of exacting serious damage, cyberwar is inexpensive. Any nation might emerge as a threat, and the identities of the true combatants are never quite clear.
The new era of cyberwar became public knowledge in 2012, when US intelligence officials leaked details of the malware Stuxnet, which took place a few years before the leak, was a piece of malicious software that American and Israeli forces developed to sabotage Iran’s nuclear weapons development.
The virus infected some 300,000 computers, but it became active only in a fraction of them. Unlike the assassinations of Iranian scientists, which Israeli forces – probably its intelligence agency, the Mossad, performed, Stuxnet’s effect was invisible. Stuxnet marked a new chapter in the annals of international confrontation: the first known instance of a computer attack that aimed for results in the physical world, rather than stealing data or clogging online traffic. Reflecting on the importance of cyberwar, the Pentagon said it would ramp up its hacking capabilities.
Paying a hacker to steal secrets can be a cheap way to gain valuable intelligence. Consider Su Bin, a Chinese hacker living in Canada. He was indicted in 2014 for stealing US military secrets. He targeted several military planes, amassing a stockpile of hundreds of thousands of documents, including drawings, wing measurements, and flight-test data for the C-17 flight transport aircraft. While US taxpayers invested $3.4 billion to develop the C-17, Su Bin’s project to steal 630,000 related documents cost a mere $450,000.
Many observers suspect that China's apparent compliance with the China/US cyber agreement represents little more than a shift in tactics that is probably temporary. Other observers suspect that Chinese hackers may have simply redirected their efforts to other, more valuable, or more vulnerable targets in other countries.
Weaponized Social Media
War, as the 19th-century military theorist Carl von Clausewitz famously put it, is simply the continuation of politics by other means. Social Media, by democratizing the spread of information and erasing the boundaries of time and distance, has expanded the means, transforming war to an extent not seen since the advent of the telegraph.
Social Media, particularly Twitter at present is used a propaganda tool. The 2012 Gaza conflict was “the first Twitter war”, spokesmen for Israel and Hamas each posted up to 90 times a day and changes some of the news stories to suit their views.
Electronic voting systems are another problem for democracies. More often than not, electronic voting systems are nothing but bare-bone, decade-old computer systems that lack even rudimentary endpoint security. Despite the recurring discussion on electronic voting vulnerabilities that occurs every four years, only limited attention is given to the systemic problem undermining American democracy.
To hack an election, the adversary does not need to exploit a national network of election technology. By focusing on the machines in swing regions of swing states, an election can be hacked without drawing considerable notice. Voter machines, technically, are so riddled with vulnerabilities that hacking an election is easy.
The electronic voting systems popularized in the United States in the early 2000s have been repeatedly proven vulnerable and susceptible to attacks that are so unsophisticated, a high school student could compromise a crucial county election in a pivotal swing state with equipment purchased for less than $100, potentially altering the distribution of the state’s electoral votes and thereby influencing the results of the Presidential election.
The United States e-voting system is so vulnerable that a small group of one or a few dedicated individuals could target a lynchpin district of a swing state, and sway the entire Presidential election. Previous close elections similar to the one this November are for instance: in 1960, John F. Kennedy only had 112,727 more votes than Richard Nixon. The 2000 election between George W. Bush and Al Gore was similarly contentious and it may have depended on a few hundred votes.
If the attacker has access to the administrative card or if they can infect a machine with malware that will spread onto the administrative card, then they can spread malware onto multiple machines and increase their sway over an election.
Cyber Warfare
Since Russia’s cyberattacks on Estonia, US spies, and security researchers say Russia is particularly skilled at developing hacking tools. Some malicious software linked to Russia by security researchers has a feature meant to help it target computers on classified government networks usually not connected to the Internet.
The virus does this by jumping onto USB thumb drives connected to targeted computers, in the hopes that the user, such as US military personnel, will then plug that USB drive into a computer on the classified network. It has been almost a decade since the smartphone emerged, introducing the new age of always-on mobile connectivity, and networked devices now already outnumber the people on the planet.
This Internet of Things creates new levels of complexity for those enforcing cybersecurity and creates new opportunities for cyber-spies. This new world order might also allow far greater surveillance of individuals by governments. A UCLA engineer notes that ever-cheaper data storage could allow public officials to record and catalog everything that happens online.
A newly discovered piece of malicious code dubbed Duqu is closely related to the notorious Stuxnet worm that damaged Iran’s nuclear-enrichment centrifuges. The code can monitor messages and processes, and look for information including the design of so-called SCADA systems (for “supervisory control and data acquisition”). These are computer systems that are used at industrial plants and power plants to control things like pumps, valves, and other machinery.
Like Stuxnet, which infected thousands of computers in 155 countries last year, Duqu got aboard victim computers by means of a stolen digital certificate, a cryptographic code that authenticates a piece of software on a target machine.
From power smart grids to the “Internet of Things,” the potential targets of cyber warriors are now multiple. Premeditated, politically or socially motivated attacks against a computer-dependent society could be orchestrated by foreign powers and affect nations at any level: from the availability of utilities to denied access to important financial and medical information to causing a significant impact on national GDPs.
An oil pipeline in Turkey was cyber attacked and exploded in 2008. The pipeline was super-pressurized and alarms were shut off. By hacking security cameras, attackers were able to hide the blast from the control room that, unaware, was unable to respond promptly. Another attack on a German steel company demonstrated how, by simply infiltrating the information systems running the plant, hackers could cause major damage.
Accountability is hard to prove when cyber weapons are used. By using several proxies or infecting computers indirectly, it is difficult to trace back to a particular malicious hacker or organization on any form of attack. Even if a culprit is found, it is hard to accuse a nation of a deliberate act of war, especially due to lack of a legal framework. Accordingly, more than 140 countries have funded cyber weapon development programs.
Conclusion
Some of the numerous larger-scale cyber-attacks can be intuitively considered acts of cyberwar. With many countries large and small investing in cyber warfare, it is impossible not to think of the use of “information warfare” as a new form of terrorism. Information warfare goes beyond simply attacking computers and communications networks, as a computer-literate terrorist can wreak havoc causing physical destruction and harm to populations.
The Internet can be turned into a weapon used against targets by terrorists hidden in cyberspace to carry out cyber violence and disruption while being physically located elsewhere. Computer-related crimes, as an extension of terrorist attacks, have the potential of bringing catastrophic side effects.
Several experts believe the malware, which was initially described as not particularly sophisticated, could now determine the future of warfare as well as global electronic connectivity. This next such revolution, for the 21st century, will challenge the economic implications of the nation-state. Certainly, as more people work for multinational firms and get to know more people from other countries, our sense of justice and government crime is being woken and engaged.
The ability of nations, corporates and individuals to monitor and Spy on us will improve often without the need or direct use of Human Spies. The Internet of Things will allow detailed monitoring of foreign and competitive organizations and individuals, such that The Internet of Things becomes the new Spy.
But do not underestimate the value and need for humans to interpret and analyze such data and reporting. Machines can process a lot of data, but can they be trusted to do the entire job themselves? Remember the past when SIGINT was the new thing, plenty of HUMINT were retired and later networks were once again needed and rebuilt? The value of experienced intelligence offices can never be underestimated.
Red Sky Alliance has been analyzing and documenting cyber threats and groups for over 9 years and maintains a resource library of malware and cyber actor reports available at https://redskyalliance.org at no charge. Many past tactics are reused in current malicious campaigns.
Cyber attackers have become brazen and are attacking governments and critical institutions that were previously somewhat out of bounds. Shutting down any agency or company for any length of time would be devastating creating havoc in the legal system and could bankrupt many small to medium businesses. An ounce of prevention is ALWAYS worth a pound of cure. Red Sky Alliance strongly recommends ongoing monitoring from both internal and external perspectives. Internal monitoring is common practice and very important, however, external threats are often overlooked and can represent an early warning of impending attacks. Red Sky Alliance can provide both internal monitoring in tandem with RedXray dark web notifications on external threats to include, botnet activity, public data breaches, phishing, fraud, and general targeting.
Red Sky Alliance is in New Boston, NH, USA. We are a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com.
Interested in a RedXray subscription to see what we can do for you? Sign up here: https://www.wapacklabs.com/RedXray
- Reporting: https://www.redskyalliance.org/
- Website: https://www.wapacklabs.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Comments