The 21st century is the current century of the Anno Domini era, in accordance with the Gregorian calendar. It began on January 1, 2001 and will end on December 31, 2100. It is the first century of the 3rd millennium.
We can’t tolerate cyber attack happen in election again, President said.
Headline news told that former president Obaman intend to use new technique to reduce other country especially Russia engage the cyber attack to USA during 2016 election of president. The solution is that activate a cyber bomb technique. But this idea did not action yet.
What is a logic bomb?
A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. The technical term so called slag code.
What is slag code?
It is not a virus, but works in a similar pattern. From technical point of view, slag code sounds like a set of instructions inserted into a program that are designed to execute the target action (sounds like “explode”).
Scenario – The technical term so called network exploded. The result of this explosion contains delete data ,corrupt data or have other harmful effects.
Below example (Picture A) shown that only implement a simple command syntax to a windows workstation. The process will consume all the CPU resources until windows OS shutdown. This is the concept idea of a slag code. Do you think similar attack concept can whether be affect the services provider network equipment?
Picture A – slag code
How powerful of the cyber bomb, is it possible?
Above concept can show you that your workstation execute a slag code and result not operation properly. The service get back normal until reboot. What if, the telecommunication services provider receive the slav code crafted by expert. What’s the worst situation is?
Logic Bomb 1 – infectious media (malware)
The logic bomb goal to achieve a destructive result. The infectious media relies on malware. The malware structure will be consists of a executable file ( Agent.exe ). This file is for triggered the wiping function. Besides this file contains a hex string. For example – a hex string display 65B417D8. When we convert the hex code to numeric value, it indicate that this is the date and time of the attack to begin (June 30, 2017 at 2pm local time (2017-6-30 14:00:00)). As soon as the internal system clock on the machine hit 14:00:01, the wiper (agent) was triggered to overwrite the hard drive and master boot record on Microsoft OS of machines and then reboot the system. The malicious code can access and compromise Windows-based systems inside the industrial control network. After a Windows system has been infected, the weapon would be stealthy enough to evade IT security controls while it searches for a target system
Logic Bomb 2 – A persistent attack (the packets being constantly injected)
A persistent attack occurs when the attacker would put bad packets into a router and it would lead to vulnerabilities being exploited/revealed during the process. Significant damage can occur during this attack because packets would be flooded into the router and can end up suspend the routing function.
Remark: These attacks are very complicated to detect.
Logic Bomb 3 – The mistrating attacks
The mistreating attacks can be caused indirectly by directing an irresistible number of packers to the target victim address. Let the victim (router and network) isolated. In the means that the network services will be suspended.
Cyber warfare arsenal (major weapon)
Since this topic we discussed in past , for more details, please see below URL for reference.
Informaiton Supplement – BGP hijack attack
Below idea show a rogue AS falsely advertises a shorter path to reach a prefix P, which causes other AS’es to route traffic destined to the prefix P through the shorter path.
There are four AS’s: AS1, AS2, AS3 and AS4 (rogue).
Each routing daemon’s peers are shown using connections:
- Router 1 peers with router 2 and router 4.
- Router 2 peers with router 1 and router 3.
- Router 3 peers with router 4.
1 – Show router 1 routing entries
BGP table version is 0, local router ID is 188.8.131.52 Network Next Hop Metric LocPrf Weight Path 184.108.40.206 0.0.0.0 0 32768 i 220.127.116.11 18.104.22.168 0 0 2 i 22.214.171.124 126.96.36.199 0 2 3 i
Reminder A: On AS1, the chosen AS path to reach 188.8.131.52/8 is “2 3” (i.e., via AS2 and AS3).
2: Start the rogue AS, the rogue AS will connect to AS1 and advertise a route to 184.108.40.206/8 using a shorter path (i.e., a direct path from AS1 to AS4). Thus, AS1 will choose this shorter path by default.
3. Show router 1 routing entries again
BGP table version is 0, local router ID is 220.127.116.11 Network Next Hop Metric LocPrf Weight Path 18.104.22.168 0.0.0.0 0 32768 i 22.214.171.124 126.96.36.199 0 0 2 i 188.8.131.52 184.108.40.206 0 0 4 i 220.127.116.11 0 2 3 i
We can see AS4’s chosen path and also AS3’s path in the routing information base of AS1.
Since the AS path length to reach 18.104.22.168/8 is smaller through AS4, router 1 chooses AS4 as its next hop.
From technical point of view, it successfully hijack the traffic in BGP network. We known internet routing protocol is using BGP. No suprise, this is only a basic theory. More complex and advance technique is under develop by different countries.
See who show his power to the world.
On our discussion of this topic, I am not going to input key word conclusion on the end of page this time. As we know, above items is my speculation. Believed it or not , the cyber attack atmosphere looks similar with discussion in past.
But bear in mind that any product includes cyber weapon require test and pilot run. These rehearsal looks mandatory since it is hard to foreseen the overall damage effect (including the response of the countries). On the other hand it is a test to know the actual system specification in hostile country. It compared to traditional way become more effective! Hire a spy infiltrate to hostile country is not the way today. Do you agree?
I am going to write more interested topics. Hope you will be interest. See you. Have a nice weekend.