Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
CraginS
Defender I
‎05-22-2019 08:56 AM
‎05-22-2019 08:56 AM

Network Intrusion by EMail - Tech, Legal, & Ethics Issues

OK, so there is a U.S, Navy Seal undergoing court martial (military criminal trial)  for murder of a wounded prisoner in combat. The Navy Times newspaper kept reporting on leaked documents sealed by the court during the trial. The judge was not happy, and ordered a stop to the leaks. They kept happening.

The lead prosecutor approved a cyberattack on an editor of the paper and on the defense lawyers. The attack involved sending e-mails to the Navy Times editor and to defense lawyers with embedded malware that put remote monitoring  software (spyware) on the recipients' computers. The software infected not only target computers, but also any other to which the targeted recipients forwarded the e-mails.

 

One of the defense layers is an Air Force officer. The Air Force discovered the malware insertion and is now investigating an attack on Air Force networks by the Navy. Read the the report latest on the story in

Why the Air Force is investigating a cyber attack from the Navy

 

Now, on to the questions

 

Tech Question: Since the Air Force uses standard procedures to detect attachments and malware in all e-mails, how did the Navy's malware package make it through to the computers and network?

 

Legal Question: If the Navy sent out this spyware without a court order, how many laws may have been broken, and will anyone pay any consequences?

 

Ethics Question: Did any cyberwarriors in the Navy violate general professional ethics or specifically the CISSP Code of Ethics by participating in this spyware attack?

 

 

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
Reply
0 Kudos
2 Replies
Steve-Wilme
Advocate II
‎05-22-2019 10:23 AM
‎05-22-2019 10:23 AM

Ethics - depends on if they are ISC2 members or associates, however is so yes the first two canons.  Clearly the second is violated, but it would be hard to see how the first isn't seriously undermined by their actions

 

Legal - clearly wiretapping type offences, but this is also hacking of a government organisation, pretty serious.  It would be treates as a breach of CMA and also a national security matter and could be covered under counter terrorism legislation in a UK context.  Pretty sure serving officers in the forces aren't imune from prosecution.

 

Technical - it depends on what the standard procedural and technical controls are, so you'd start from the obvious.  Allowing SMIME, not stripping off all attachments, not blocking 'dangerous' file types, not looking for spoofed attachment types, allowing in encrypted or password protected payloads would all be risks.  They could have used metaspolit to mutate their payload to avoid detection.  And then you have the potential for hyperlinks and magic pixels in the messages that could download content from external web sites.  Then you have the published vulnerabilities which may be unpatched and day zero exploits that could potentially be used.

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
Reply
0 Kudos
vt100
Community Champion
‎05-29-2019 07:56 AM
‎05-29-2019 07:56 AM

This is so wrong on all accounts, but to answer your questions, from my point of view:

 

Technical: depending on the systems employed by the Air Force, they may or may not use threat emulation and this is what is required to catch anything mildly sophisticated. Oftentimes, the signed messages are allowed uninspected to preserve their integrity and assuming certain degree of trust. Most commercial solutions have preset depth of scanning, types of the files, limit size of the data scanned to something like first 4gb with subsequent action of "Allow".

Knowing these limitations, or taking a good guess at what vendor's solution(s) are employed by adversary can aid in bypassing their security measures.

 

Legal: am no expert, but it does seems that a number of laws were violated. Furthermore, even with the court order in place, the adversarial actions between military branches are bound to have a very long reaching repercussions. In the absence of such, it is certainly sounds like criminal activity.

 

Ethical: From the point of view of those actually implementing the hack, it may very well be OK. Before you feed me to the dogs, let me explain my take on it. It's a military operation. Those that execute action are not always, if ever, are aware of the larger picture and are provided with the need to know only data on which to act. Should soldiers pause to think, ask questions and weigh their morality, we'll be living in a Utopian society and no shots will be fired by any member of any military. Alas, this is not so.

 

Those that have issued this order are most definitely in violation of the Code of Ethics.

 

Vladimir Yakovlev, CISSP

higher.intelligence@gmail.com

 

 

Reply
0 Kudos