Author: euchou@ucsc.edu

Threats In the Cyber World

Cyber attacks nowadays are slowly growing to be more sophisticated, more serious, and more persistent. Ever since the gradual switch in IT infrastructure towards mobility and cloud computing, hackers and large organized cyber crime organizations have proliferated, thriving in this new, “target-rich” environment. Of these many new threats on the horizon, are highly targeted, long-term, international espionage and sabotage-based computer processes: advanced persistent threats.

What Are Advanced Persistent Threats?

Advanced persistent threats (APTs) is a targeted set of stealthy and continuous computer hacking processes, usually used to target specific entities. APTs are defined by its named requirements:

• Advanced: Operators behind the APT have extensive knowledge, tools, and techniques at their disposal. These operators are capable of combining multiple targeting methods and tools to compromise and maintain access to a target.
• Persistent: Operators target specific tasks, steadfast despite there being  financial gains to be made. They do through continuous monitoring and interaction, prioritizing their need to be stealthy and undetected, even if it takes a long period of time.
• Threat: APTs are a threat due their having intent and capability. APT attacks are well-coordinated, executed by highly intelligent operators that are well-funded with a clear goal in mind.

An important distinction to make is that while all APTs are targeted attacks, not all targeted attacks are APTs. Here are some unique traits that set APTs apart from targeted attacks:

• Customized attacks: APTs often use customized tools and intrusion techniques specific for the task they are designated to perform. Some of these tools include the zero-day vulnerability exploit, viruses, worms, and root-kits. On occasion, APTs have been noted to provide a “sacrificial threat”, a threat provided such that when removed, the victim is tricked into thinking the threat has been removed.
• Low-and-slow: APTs occur over long periods of time, during which the attackers operate stealthily, avoiding detection until their goal has been achieved. Where most targeted attacks are opportunistic, APT attacks are more methodical and go to extraordinary lengths to avoid detection.
• Ulterior purpose: In contrast with most run-of-the-mill targeted attacks, APTs are usually funded and used by military and state intelligence. APTs have been known to be used for gathering confidential intel around the world, as well as disrupting operations, destroying technology, and even international sabotage, usually producing far grander results than what initially meets the eye.
• Specificity: Although most computer systems are vulnerable to APTs, the users of APTs are usually very specific about their targets, which usually concerns a very small pool of organizations. APTs have been widely reported to attack government agencies and facilities, defense contractors, and other producers of goods on an international scale.

In addition to these traits, APTs also have a defined set of criteria:

• Objectives: who or what is being targeted, and why?
• Timeliness: how much time is spent doing reconnaissance on your target?
• Resources: what do you need to know in order to carry out the task?
• Risk tolerance: how much are you willing to sacrifice to stay undercover?
• Skills and methods: what tools and techniques will need to be used?
• Actions: what exactly will your planned threat do?
• Attack organization points:  from which points will your threat start at?
• Numbers involved with attack: how many systems will be involved and which have more importance/weight?
• Knowledge source: how much is known about your planned threat?

How do APT attacks operate?

Basic APT attacks tend to be executed in four stages: incursion, discovery, capture, and exfiltration (specifically in this order).

Incursion: attackers break into a targeted network using social engineering or even zero-day vulnerabilities  to infect systems with malware.

• Social Engineering: a technique that baits targeted people to open links or attachments that seemingly come from trusted sources/individuals.
• Zero-day vulnerabilities: security loopholes that usually stem from software. Only very sophisticated attackers use these, as zero-day vulnerabilities are quite hard to discover.

Discovery: attackers take their time and avoid detection while mapping out an organization’s systems and scanning for their confidential data such as exposed credentials.

Capture: attackers capture intel over a long period of time as well as, on occasion, secretly installing malware to configure the control of the environment.

• Control: APTs sometimes take the opportunity to take control of software/hardware systems, such as in the case of Stuxnet. Stuxnet, in addition to capturing intel, also reprogrammed industrial control systems responsible for managing gas pipelines, power plants, oil refineries, etc. APTs are even capable of not just reprogramming, but even destroying said systems.

Exfiltration: captured intel is sent back to the attackers for analysis and further exploitation.

How do we detect APTs?

Although APTS, by nature, are meant to be difficult to detect, they do exhibit a couple of key indicators that can be observed.

• Increases in activity at odd hours, when employees/people wouldn’t usually be accessing the network.
• Discovering wide-spread backdoor Trojans, which are used to maintain access to a system, even if its discovered and the system credentials changed.
• Unexpectedly large flows of data from internal origins to possibly external systems.
• Discovering mysterious data bundles. Attackers typically aggregate data over a period of time before sending it out of the network. These data bundles can be found in places where other data isn’t normally stored.

Why is this dangerous?

Although it has been stated that APTs usually target larger, more important organizations, the threat of it being used on the average Joe’s system is still very much there. As cloud computing and the number of distributive systems increases, so does the number of cyber criminals capable of delivering an APT attack. This is not unlike what happened with nuclear weapons. At first, only countries with massive amounts of funding were capable financially of creating a nuclear weapon. However, as time went on, as information and blueprints and resources started being shared around the world, a number of smaller countries and states started displaying the capability of creating nuclear weapons; the same with APTs. As previously mentioned, APTs used to focus on large organizations such as governments. Nowadays APTs have been seen to target smaller organizations, such as Target Corporation, the second largest discount retailer in the United States (not even first!) According to reports in 2013, Target lost a large number of credit and debit card numbers to an APT, decreasing their sales by almost 50%, with customers even proclaiming their intent to never return. This further accentuates the point that, not only will APTs start being more and more prominent in society due their not just affecting large, even secret organizations, but also easier to execute with the vast knowledge found on the Internet nowadays.

Closing thoughts on APTs

APTs, once used primarily to target high-profile organizations or companies with high-value data, are now becoming more common among smaller and less-prominent companies. As attackers are turning to more sophisticated methods of attack, companies of all sizes possibly even normal users must look to establish rigorous security capable of detecting and responding to these threats. Even then, establishing additional security may not do much, as even basic security measures such as encryption and decryption wouldn’t offer much if an existing APT is monitoring the encryption and decryption processes. Adi Shamir, the godfather of modern cryptography, sums up APTs and their relevance nowadays in a panel session on how cryptography is slowing becoming less and less relevant:

“In the Second World War if you had good crypto protecting your communication you were safe. Today with an APT sitting inside your most secure computer systems, using cryptography isn’t going to give you much protection.”

– Adi Shamir

It’s truly a dangerous world.

References

1. Lord, Nate. “What Is an Advanced Persistent Threat? APT Definition.” Digital Guardian. July 27, 2017. Accessed March 18, 2018. https://digitalguardian.com/blog/what-advanced-persistent-threat-apt-definition
2. Advanced Persistent Threats: A Symantec Perspective. PDF. Symantec.
3. Leyden, John. “Prepare for ‘post-crypto World’, Warns Godfather of Encryption.” • The Register. Accessed March 18, 2018. http://www.theregister.co.uk/2013/03/01/post_cryptography_security_shamir
4. “Advanced Persistent Threats – Learn the ABCs of APT: Part A.” Secureworks. Accessed March 18, 2018. http://www.secureworks.com/blog/advanced-persistent-threats-apt-a.
5. Higgins, David. “​The Growing Challenge of Advanced Persistent Threats.” CSO | The Resource for Data Security Executives. March 23, 2018. Accessed March 23, 2018. https://www.cso.com.au/article/603403/growing-challenge-advanced-persistent-threats/.

“I was raised to love my country. I had no compunction about bombing an enemy if it meant ending the war.”

BIRTH AND EARLY YEARS

American physicist Hugh “Brad” Bradner was born on November 5th,  1915. After spending most of his childhood in Findley, Ohio, Bradner eventually moved out to attend college, graduating from Miami University in Oxford, Ohio. He later earned his Ph. D in physics from the California Institute of Technology in 1941.

Starting in 1941, Bradner worked for two years at the United States Naval Ordinance Laboratory in Washington, D.C. during World War II, where he was tasked with designing and building magnetic anti-shipping mines. Eventually Bradner became bored, even infuriated at the slow pace of activity in the workplace, and requested a transfer.

As per his request, Bradner was transferred to Chicago in February, 1943, where he would start his work on the Manhattan Project.

WORKING on THE MANHATTAN PROJECT

Shortly after transferring to Chicago, Bradner was recruited by Julius Robert Oppenheimer to work on the Manhattan Project at the Los Alamos Laboratories. During his time at the laboratories, Bradner worked in conjunction with other scientists to develop high explosives and exploding bridge-wire detonators for use in atomic bombs, as well as searching for a way to trigger a nuclear chain reaction.

Apart from developing on mechanisms for atomic bombs, Bradner was also involved with designing the new town to be situated around the Los Alamos laboratories, searching Chicago phone directories for businesses which could be put in the town (Bradner apparently forgot to put a bank in the town, so people weren’t able to conveniently manage their finances).

Bradner was given informal permission to record video around Los Alamos during his time working on the Manhattan Project. Though he mostly recorded non-work related activities such as hiking and skiing, Bradner occasionally recorded clips of scientific experiments, one clip being of the RaLa “radioactive lanthanum” Experiment which tested the design of a plutonium-based weapon. Bradner also recorded scientists departing for Trinity, the codename given for the first detonation of a nuclear weapon, in which he himself had also attended.

According to Bradner’s family, Bradner had said on the subject of the usage of nuclear weapons against Japan in 1945, “I was raised to love my country. I had no compunction about bombing an enemy if it meant ending the war.”

POST MANHATTAN PROJECT

After World War II and his time at the Los Alamos Laboratories, Bradner returned to California to become a physics professor at the University of California, Berkeley, as well engaging in research on high-energy physics at the Lawrence Berkeley National Laboratory.

During his off-time, Bradner was pursuing his hobby of diving. This love of diving, along with his intellect and physics knowledge, is what led Bradner to eventually create a neoprene-suit, which could trap water in between the neoprene layer and the body,  warming the trapped water and thereby keeping the body warm. Bradner was eventually nicknamed and known as, “father of the wetsuit”.

Bradner continued his research on nuclear physics at the European Organization for Nuclear Research (CERN) in 1951, and on Operation Greenhouse (a nuclear test series) also in 1951. Eventually Bradner made the jump from nuclear physics to geophysics in 1961, joining the Scripps Institute of Geophysics and Planetary Physics as a geophysicist and becoming a professor of geophysics in 1963.

RETIREMENT and the next great adventure

Bradner eventually retired from Scripps in 1980, but continued research on oceanographic research, as well as doing work on the DUMAND deep ocean neutrino astronomy project, a project for a proposed underwater neutrino telescope to be built in the Pacific Ocean.

On May 5th, Bradner passed away at the age of 92 in San Diego, California, due to complications of pneumonia. This marked the death of a great American physicist who contributed to many great things to American society.

SOURCES

• “Hugh Bradner.” Atomic Heritage Foundation. N.p., 05 Nov. 1915. Web. 07 Jan. 2018.
• Rainey, C. “Wet Suit Pursuit: Hugh Bradner’s Development of the First Wet Suit”. UC San Diego, Scripps Institution of Oceanography Archives, Scripps Institution of Oceanography.
• “The Birth of High-Energy Neutrino Astronomy: A Personal History of the DUMAND Project”. University of Hawaii.
• “Hugh Bradner.” Wikipedia. Wikimedia Foundation, 05 Jan. 2018. Web. 07 Jan. 2018.
• “Trinity (nuclear Test).” Wikipedia. Wikimedia Foundation, 05 Jan. 2018. Web. 07 Jan. 2018.