Cover
Title Page
Copyright Page
Dedication Page
Contents
Section I Cyber Operations Introduction
I.1 Phases of Cyber Operations
I.1.1 1980s–2002
I.1.2 2003–2012
I.1.3 2013–present
Chapter 1 Cyber Operations
1.1 Cyber Operations Introduction
1.1.1 Cyber – A 21st-Century Collection Channel
1.1.2 Hackers – Pre-Cyber Operations
1.1.3 Cyber and Counter-Terror/Insurgency
1.2 Early Internet and Cyber Operations
1.2.1 Maturing of Cyber Operations – ISIS and Russia
1.2.2 ISIS Cyber Operations
1.2.3 Russian Cyber Operations
1.3 Cyber Operations’ Stage Descriptions
1.3.1 Stage I (late 1990s—~2010)(Community Development)
1.3.2 Stage II (~2010—~2015)(Tactical)
1.3.3 Stage III (~2015 to present)(Tactical and Strategic)
1.4 Cyber Operations Wrap-up
Bibliography
Chapter 2 ISIS and Web-Based Insurgency
2.1 Introduction
2.1.1 Terrorist Development of the Internet for Messaging
2.1.2 ISIS Adaptation of the Internet for Coordination, Command and Control (C2)
2.1.3 ISIS “Emergence” from Cyberspace to form a State
2.2 Cyber-Based Irregular Operations
2.2.1 Three-Phase Insurgency Model with Cyber – ISIS Example
2.2.2 ISIS Insurgency Phases
2.2.3 Counter-ISIS Operations in Cyber
2.3 ISIS and Web-Based Insurgency Wrap-up
Bibliography
Chapter 3 Cyber and Crime
3.1 Cyber and Crime
3.1.1 Cybercrime Definitions
3.1.2 Crimes Against Individuals
3.1.2.1 Cyber-Fraud Reporting
3.1.2.2 Spam
3.1.2.3 Phishing
3.1.3 Crimes Against Organizations
3.1.3.1 Telephony Phishing
3.1.3.2 Ransomware Introduction
3.1.3.3 Ransomware Tools Background
3.1.3.4 Ransomware as a Service
3.1.3.5 Cryptocurrency
3.1.4 Cyber Gangs – Membership Analogy to Organized Crime
3.1.5 Cybercrime Wrap-Up
Bibliography
Chapter 4 Nation-State Cyber Operations
4.1 Nation State Cyber Operations
4.1.1 Advanced Persistent Threats
4.1.2 Nation-State Cyber Operations against Critical Infrastructure
4.1.3 Elements of a Nation-State Cyber Organization
4.1.3.1 Cyber Research Institutions
4.1.3.2 Cyber Engineering and Development
4.1.3.3 Cyber and Clandestine Services
4.1.4 Structure of Nation-State Cyber Operations and Maneuver
4.1.4.1 Cryptocurrencies, Sanctions, and Subversion
4.1.5 Nation-State Cyber Operations Wrap-up
Bibliography
Chapter 5 Russian Cyber Operations
5.1 Russian Cyber Operations
5.1.1 Russian Policy, Tools, and Historical Use of Information Operations
5.1.1.1 Policy, Statecraft Tools, and Cryptocurrency
5.1.1.2 Information Operations, Developing Doctrine, and Russian Cyber Teams
5.1.1.3 Estonia Denial of Service Attack (2007)
5.1.2 Russian Information Operations
5.1.2.1 The Russian Federal Security Service (FSB)
5.1.2.2 Russia and Ukrainian Power System Attacks
5.1.2.3 Foreign Intelligence Directorate (SVR)(APT 29 – Nobelium)
5.1.2.4 2020 SolarWinds (SVR)
5.1.2.5 Military Intelligence Directorate (GRU)
5.1.3 2022 Ukraine Invasion
5.1.4 Russian Cyber Operations Wrap-up
Bibliography
Chapter 6 Chinese Cyber Operations
6.1 Chinese Cyber Operations
6.1.1 Chinese Cyber Doctrine Development
6.1.2 2002–2012 Chinese Cyber Development Phase
6.1.2.1 2002–2007 Operation Titan Rain
6.1.2.2 2009 Operation Aurora
6.1.2.3 2007–2013 Operation Night Dragon – U.S. Gas Pipeline Intrusion Campaign
6.1.3 2012 to Present – Cyber Professionalization
6.1.3.1 Hacking/Cracking Training in China
6.1.3.2 Information Security Ironman
6.1.3.3 Cyber Collections on U.S. Personnel
6.1.3.4 Espionage and Five-Year Plans
6.1.3.5 Information Operations
6.1.3.6 2022 Booz Allen Hamilton (BAH) Cyber Analytic Framework for China
6.1.4 Chinese Cyber Operations Wrap-up
Bibliography
Chapter 7 DPRK Cyber Operations
7.1 DPRK Cyber Operations
7.1.1 DPRK Policy Development
7.1.1.1 Kim Il Sung (1948–1994)
7.1.1.2 Kim Jong Il (1994–2011)
7.1.1.3 Kim Jong Un (2011–present)
7.1.2 DPRK Intelligence Structure
7.1.2.1 Ministry of State Security
7.1.2.2 Worker’s Party of Korea
7.1.2.3 Reconnaissance General Bureau (APT 43)
7.1.3 Example DPRK Cyber Operations
7.1.3.1 Sony Hack (2014)
7.1.3.2 Bangladesh Bank Heist (2016)
7.1.3.3 Operation FashCash (2018)
7.1.3.4 WannaCry Ransomware Attack (2017)
7.1.3.5 Cryptocurrency
7.1.4 DPRK Cyber Operations Wrap-up
Bibliography
Chapter 8 Iranian Cyber Operations
8.1 Iranian Cyber Operations
8.1.1 Iranian Cyber Operations Background
8.1.2 Iranian Cyber Support – Contractors, Proxies, and International Partners
8.1.2.1 Iranian Cyber Contractors (Internal to Iran)
8.1.2.2 Iranian Cyber Proxies (External to Iran)
8.1.2.3 Iranian Cyber Partners (External to Iran)
8.1.3 Iranian Cyber Teams and Targets
8.1.3.1 Iranian Cyber Teams (APTs)
8.1.3.2 2012–2014 Navy–Marine Corps Internet (NMCI) Attack
8.1.3.3 2020 U.S. Elections
8.1.3.4 2022 Albanian Cyber Attack by Iran
8.1.4 Iranian Cyber Operations Wrap-up
8.A Cost of Iranian Cyber Attacks
Bibliography
Chapter 9 Independent Cyber Operators
9.1 Independent Cyber Operations
9.1.1 Hackers
9.1.1.1 Star Wars, Computer Networks, and the Former Soviet Union’s KGB (mid-1980s)
9.1.1.2 Morris Worm (1988)
9.1.1.3 Jester – Air Traffic Control and Telephone Service (1997)
9.1.1.4 Chinese Hacktivists (1998)
9.1.1.5 Maroochy Shire (2000)
9.1.1.6 Slammer and Sobig – Business Systems, Nuclear Power Plants, and Train Signaling (2003)
9.1.1.7 Conficker (2008–2011)
9.1.1.8 Wikileaks (2006 to present)
9.1.2 Hackers in the Russo-Ukraine War (2022+)
9.1.2.1 Independent Operations and the Russo-Ukraine War (2022+)
9.1.2.2 Killnet – Pro-Russian Operations
9.1.3 Independent Cyber Operations Wrap-up
Bibliography
Section I Cyber Operations Summary
I.1 Introduction
I.2 Phases of Cyber Operations
I.2.1 1980s–2002
I.2.2 2003–2012
I.2.3 2013–present
Bibliography
Section II Introduction to Cyber Effects
II.1 Cyber Effects Introduction
II.1.1 Example of Cyber Strategic, Tactical, and Criminal Effects
II.1.1.1 Strategic Cyber Effects
II.1.1.2 Tactical Cyber Effects
II.1.1.3 Criminal Cyber Effects
II.1.2 Wrap-up
Bibliography
Chapter 10 Strategic Cyber Effects
10.1 Strategic Cyber Effects
10.1.1 STUXNET (2010) – Delaying a Nation-State’s Nuclear Program
10.1.2 STUXNET Versus Operation Desert Fox Wrap-up
Bibliography
Chapter 11 Strategic Cyber Effects (2)
11.1 Critical Infrastructure Strategic Cyber Effects
11.1.1 Critical Infrastructure
11.1.1.1 Energy Sector
11.1.1.2 Telecommunications
11.1.1.3 Water
11.1.1.4 Agriculture
11.1.1.5 Rail
11.1.1.6 Election Attacks (IO) (2011s)
11.1.2 Media-Based Cyber Operations
11.1.3 Cyber Espionage Effects
11.1.3.1 Using Cyber to Speed Up the Development of a Fifth-Generation Fighter (e.g., J-31 from F-35 Drawings)
11.1.4 Cyber Strategic Effects’ Wrap-up
11.A Strategic Effect Examples
Bibliography
Chapter 12 Tactical Cyber Effects
12.1 Cyber Tactical Effects
12.1.1 Conventional Example – Denying the Syrian Air Force’s Ability to Operate
12.1.2 Russian Uses of Cyber (From 2007)
12.1.3 ISIS and the Cost of Suppressing a Cyber Entity
12.1.3.1 ISIS and Cyber-Based Attacks
12.1.3.2 Monitoring ISIS
12.1.3.3 Israeli Bombing of Hamas Cyber Operators
12.1.4 Tactical Cyber Effects’ Wrap-up
12.A Cost of Example Tactical Cyber Attacks (Iran)
Bibliography
Chapter 13 Cyber Crime Effects
13.1 Criminal Cyber Effects
13.1.1 Records Theft
13.1.1.1 Cost of a Data Breach
13.1.1.2 Business Records Attacks (2006–2019)
13.1.1.3 2017 Large Exfiltration Attack Example (Equifax (2017) – 143 Million Records)
13.1.2 Cyber Crime Examples
13.1.2.1 Conficker (2011)
13.1.2.2 Silk Road (2013)
13.1.2.3 Bangladesh Bank (2016)
13.1.2.4 Hydra (2015–2022)
13.1.2.5 Ransomware (>2017)
13.1.3 Cyber Criminal Organizations – Gangs and Nation-States
13.1.3.1 Cyber Gangs
13.1.3.2 CONTI Ransomware Group
13.1.3.3 Nation-State Use of Cyber Crime
13.1.4 Cyber Crime Effects’ Wrap-up
Bibliography
Section II Cyber Effects Conclusions
II.1 Cyber Effects Overview
II.2 Cyber Effects’ Wrap-up
Bibliography
Section III Cyberspace Environment and Tools Introduction
Bibliography
Chapter 14 Criminal Cyber Operations and Tools
14.1 Criminal Cyber Operations and Tools
14.1.1 Shadow Brokers’ Tools
14.1.1.1 Criminals Continue to Misuse Cobalt Strike
14.1.2 Malware Loaders
14.1.2.1 EMOTET
14.1.2.2 HIVE Ransomware Group use of Cobalt Strike Example
14.1.3 Botnets
14.1.3.1 Mirai Botnet
14.1.4 Criminal Cyber Tools’ Wrap-up
Bibliography
Chapter 15 Russian Cyber Operations and Tools
15.1 Russian Cyber Operations and Tools
15.1.1 Example Operations’ Attack Paths
15.1.1.1 U.S. Star Wars Missile Defense
15.1.1.2 Moonlight Maze (1990s)
15.1.1.3 Snake Botnet (>2000)
15.1.2 Russian Cyber Operations and Tools
15.1.2.1 Vulkan – Russian Cyber Tools Developer
15.1.2.2 FSB
15.1.2.3 SVR
15.1.2.4 Russian Cyber Operations and the Ukraine
15.1.2.5 Bot Farm Example
15.1.2.6 Russian uses of Wipers against Ukrainian Targets (2022 Invasion)
15.1.3 Russian Cyber Tools’ Wrap-up
Bibliography
Chapter 16 Iran, China, and DPRK Cyber Operations and Tools
16.1 China, DPRK, and Iran Cyber Operations and Tools
16.1.1 Chinese Cyber Operations
16.1.1.1 2011–2013 Operation Night Dragon (CISA, 2021) (China)
16.1.1.2 2019 Great Cannon
16.1.1.3 2021 China Chopper
16.1.1.4 2022 China and Zero-Day Development Based on National Disclosure Law
16.1.2 DPRK Cyber Operations
16.1.3 Iranian Operations
16.1.3.1 2012 Iran and False Flag Operations
16.1.3.2 2020 Monitoring Dissidents through Fake Game Apps
16.1.3.3 2020 Iranian Domain Names for Information Operations Campaigns
16.1.3.4 2022 Hyperscrape – Iranian E-mail Extraction Tool
16.1.3.5 2022 Multi-Persona Operations – “Social Proof” for Implied Validity
16.1.4 Tactical Cyber Tools’ Wrap-up
Bibliography
Chapter 17 Strategic Cyber Technologies – ICS/SCADA, Election Machines, and Crypto Currencies
17.1 Strategic Cyber Technologies
17.1.1 Software Supply Chain
17.1.1.1 Software Bill of Materials
17.1.2 Election Machines
17.1.3 Industrial Control Systems/Supervisory Control and Data Acquisition
17.1.4 Crypto Currency and Sanctions Avoidance
17.1.5 Strategic Cyber Technologies’ Wrap-up
Bibliography
Chapter 18 Cyber Case Studies Conclusion
Section III Cyberspace Environment and Tools Conclusion
III.A Appendix I – Tool Examples
Bibliography
CCS Glossary
Index
EULA