Jelle Van Haaster - Cyber Guerilla

Cyber Guerilla

Jelle van Haaster

Rickey Gevers

Martijn Sprengers

AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO

Syngress is an imprint of Elsevier

Syngress is an imprint of Elsevier

50 Hampshire Street, 5th Floor, Cambridge, MA 02139, United States

Copyright 2016 Elsevier Inc. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or by any means, elec-tronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publishers permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions .

This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).

Notices

Knowledge and best practice in this feld are constantly changing. As new research and experience broaden our understanding, changes in research methods, professional practices, or medical treat-ment may become necessary.

Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information, methods, compounds, or experiments described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.

To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein.

British Library Cataloguing-in-Publication Data

A catalogue record for this book is available from the British Library

Library of Congress Cataloging-in-Publication Data

A catalog record for this book is available from the Library of Congress

ISBN: 978-0-12-805197-9

Publisher: Todd Green

Acquisition Editor: Chris Katsaropoulos

Editorial Project Manager: Anna Valutkevich

Project Manager: Priya Kumaraguruparan

Designer: Mark Rogers

Typeset by Thomson Digital

About the Authors

Jelle van Haaster , LL.M. University Utrecht, BA War Studies, Faculty of Military Sciences, is an award-winning writer, software programmer/developer, and speaker. He is an offcer in the Royal Netherlands Army and has a diverse background in legal, military, and technical defense matters. Jelle recently developed an award-winning software app for effectively utilizing social media during military operations, and he is the author of multiple scholarly IT-Law, IT, and military-operational publications. He is currently completing his multidisciplinary PhD thesis on the future utility of military Cyber Operations during conficts at the Netherlands Defense Academy and University of Amsterdam.

Rickey Gevers is currently Chief Intelligence Offcer at the security frm Redsocks. He has been responsible for numerous revelations regarding high-profle security incidents both national and international. He was, amongst others, the frst person to discover key logger used by Dutch law enforcement agencies and uncovered several criminal gangs and their operations. As an expert in technical matters he has been frequently consulted or hired as lead investigator, including in some of the largest security incidents the world has ever seen. Rickey appears frequently in Dutch media and has hosted his own TV show called Hackers .

Martijn Sprengers is an IT security advisor and professional penetration tester who is special- ised in conducting covert cyber operations, also called red teaming. He performs digital threat actor simulation by using real world tactics and techniques to infltrate complex IT environments for his clients. With his vast knowledge of offensive security he helps international organisa-

tions to strengthen their preventive security measures, increase their detection capabilities and prepare themselves for real attacks. He holds an MSc in computer security, performed research on password encryption techniques and has written multiple articles in the feld of IT security, cybercrime, and cryptography.

Foreword

In the days of yore, an occupying force only had to worry about other occupying forces, thus fo-cusing their efforts on defensive posture. As internal conficts loomed, and guerilla forces began to strike in unilateral and seemingly decentralized movement, occupiers realized their greatest weaknessthat their enemy was within.

During Guerre dAlgrie (195462), French forces found themselves stumped by the effective- ness of the initial wave of guerilla style warfare across Algeria. Although outnumbering their counterparts, Front de Libration Nationale (FLN), The French found themselves in a conun- drum: give up its occupied territory or eliminate the threat. They chose the latter and won the battle, but lost the war by means of popular opinion. Whether by design or coincidence, French forces were seen as aggressive and abusive in their response, and FLN reached the goal they had set from the beginning: Libration .

With the conceptualization and implementation of the Internet came a new era of warfare. Be-ing able to communicate with people around the world at will changes the defense scope and methodology. While the French forces had to deal with and understand an enemy which was confned within a border, security forces now have to deal with and understand an enemy that claims none. The Arab Spring started on the streets of Sidi Bouzid, Tunisia, but spread like wildfre across social media. The power of the people, and its information propagation, toppled governments and hierarchies.

Attribution becomes nearly impossible as attackers adapt with every failed mission, evolving their tactics and combining their experiences as groups meet and merge. It only takes a team of 410 to cripple an infrastructure if members are designated roles, where each member can in-dependently focus on their strong points and research is combined. From information gathering and reconnaissance, to exploit development and social engineering, they continue to expand on attack methodologies while defensive forces struggle to keep up.

Alas, the era of the cyber guerillas.

Hold out baits to entice the enemy. Feign disorder, and crush him.Sun Tzu Hector Monsegur (Sabu)

Preface

Confict used to be about borders. A long time ago, we would defend ourselves by living in cities surrounded by walls. Those walls kept enemies away. Over time, the walls around cities become higher, longer, and wider. The longer and wider these walls, the more invisible they became, marking areas of wealth, prosperity, power, and belief systems. Eventually, those walls became borders. And, for hundreds of years, confict was about borders. Conficts were about conquering land or converting people from their belief system to another belief system. Confict and war have always been fueled by technology. Technology like gunpowder, steel blades, and fghter jets. The staggering possibilities of technology always seem to shine at their strongest during periods of war. War has been a real driver of technology. And technology has driven war.