That's right, this is why we can't have nice things. Debris from the satellite China destroyed with an anti-satellite missile in January 2007 has finally done what everyone was afraid of: it hit another satellite, possibly causing serious damage.
According to Space.com, the debris from China's 1,600-pound FY-1C weather satellite collided with Russia's tiny "Ball Lens In The Space (BLITS) retroreflector satellite" (we have no idea what that means, either) on January 22.
Like we said, the international community has been worrying about this for a long time. Almost immediately after China shot down its relatively new satellite just to show that it could, it was condemned by the U.S. government for introducing a massive cloud of dangerous debris into the very crowded orbital highways. (The image above shows the debris stream roughly one month after the test, the lone white track represents the orbit of the International Space Station.)
China is believed to have used a modified version of its DF-21 ballistic missile (the same missile on which its DF-21D carrier-killer is based) to smash the satellite orbiting 537-miles above Earth into 2,841 pieces of "high-velocity" debris. That debris has twice passed close to the International Space Station.
To be fair, the United States destroyed an orbiting satellite for similar reasons -- to prove it could -- using a missile lobbed into space by an F-15 Eagle fighter in 1985. That test was reportedly rushed before Congress banned such activities due to the dangers posed by space debris and a desire to avoid militarizing space.
Anyway, the ever growing cloud of space debris and trash is a huge driver behind the U.S. military's push to improve its so-called Space Situational Awareness. Basically, it wants to know what's going on in the vicinity of all of its satellites so that it can steer them clear of a potential collision. Right now, the U.S. and other nations mostly rely on catalogues listing the orbits and last known locations of debris and satellites instead of real-time monitoring.
Sen. John Kerry (D-MA) mentioned the need for "cyber diplomacy" during his confirmation hearing to be the next secretary of state today. No, Kerry wasn't talking about diplomats sending Someecards to one another when he dropped the term on his fellow senators.
He was discussing the need for the international community to develop a host of new standards, or norms of behavior in cyber space.
Kerry was responding for questions from Senate Majority Whip Dick Durbin (D-IL) who called for Kerry's thoughts on the secretary of state's role "in a world where cyber security is our greatest threat."
Kerry said Durbin's description of cyber as the world's greatest threat "hit the nail on the head."
"I guess I‘d call [cyber] the 21st-century nuclear weapons equivalent," said Kerry. "We are going to have to engage in cyber diplomacy and cyber negotiations and try to establish rules of the road that help us to be able to cope with this challenge."
"There are enormous difficulties ahead in that," he added, pointing out that some nations have very different views on what norms of behavior in the cyber world should look like -- a statement echoing those made by U.S. defense officials.
"I think most diplomacy is an extension of a particular nation's interests and in some cases it's an extension of their values," said Kerry. "Sometimes, you're more weighted toward interests than values ... this is one where we're going to find a way to address the interests with other states to somehow find common ground, if that makes sense to you, we're going to have to dig a lot deeper."
Those "interests" he was referring to may have been China's alleged widespread use of cyber espionage as a tool to steal Western business and defense secrets. Russia's -- and China's -- view that it's alright for countries to monitor their citizens Internet behavior and censor what they view online, Pentagon officials have told Killer Apps in the past.
He also called cyber security bills -- legislation that has so far failed to move forward in Congress despite years of attempts -- as a "very small step in trying to deal with this issue."
"Every day while we sit here, right now, certain countries are attacking our systems, they are trying to hack in to classified information, to various agencies of our government, to banking structures -- money has been stolen from accounts and moved in large sums," said Kerry. "There's a long list of grievances with respect to what this marvel of the Internet and the technology age has brought us."
"It's threatening to our power grid, it's threatening to our communications, it's threatening therefore to our capacity to respond and there are people out there who know it," said Kerry. "There are some countries who we are engaged with -- and all the senators know who they are -- who have a very good understanding of this power and who are pursuing it."
Here's what Killer Apps reported in September about U.S effort to establish cyber norms based on the laws of armed conflict and the resistance it's met, especially from Russia and China, according to Eric Rosenbach, deputy assistant secretary of defense for cyber policy.
"There are several countries right now that are very aggressive in cyberspace and are likely trying to create norms [of cyberspace behavior] that would be unstable for the international community because they are so aggressive," Rosenbach said. "It's still not completely clear what's acceptable and what's not acceptable and several nations different than the United States have very aggressive notions of what's acceptable."
Russia and China are focused more on controlling citizens' activities on the internet rather than limiting attacks on nations' critical infrastructure, he said.
"There are other countries, the Chinese and Russians in particular, that don't think the law of armed conflict is the best framework to view these things through and they focus much more heavily on control of information than they do on the security of crucial infrastructure or preventing the destruction of networks."
Rosenbach went on to call this a "nonstarter."
"To say that your model of an international law for cybersecurity is based on controlling media content or what people can say about the government isn't something we're interested in at all," he said. "There are other areas -- in particular, the theft of intellectual property -- because that's a major problem for the United States right now, where there are very different ideas about what's acceptable and what's not."
We talk a lot about China's stealth jets here at Killer Apps because, well, they're interesting. That being said, we haven't heard much about Russia's growing fleet of stealth fighters lately. The fourth Sukhoi T-50 PAK FA, as Russia's stealth jet is called, just completed the longest flight in the type's history.
The fourth T-50 took to the skies for the first time in early December 2012, according to Sukhoi. Then on January 17, the twin-engine jet then made the roughly 4,000-plus mile flight between the Sukhoi factory at Komsomolsk-on-Amur and an airfield just outside of Moscow with "several intermediate stops," according to a Sukhoi press release.
The very first T-50 flew in January 2010, the second in March 2011, and the third in August 2012. The first two jets lacked weapons systems and advanced avionics and were simply used to prove that the T-50's design was sound -- aka, that it would fly. The third jet is reportedly being used to test the advanced sensors, including an Active Electronically Scanned Array (AESA) radar, that are hallmarks of modern stealth jets.
The T-50 isn't quite as stealthy as the United States' F-22 Raptor, against which it's designed to compete. Russian engineers reportedly decided to trade stealthiness for better maneuverability than the Raptor. This tradeoff may also keep the cost of the jet lower -- a key selling point since Sukhoi plans to offer an export version of the T-50 for sale around the world as a competitor to the U.S.-made F-35 Joint Strike Fighter, the only other stealth jet that is currently being marketed worldwide. (We're still waiting to see if China offers up its J-20 or J-31 stealth fighters for sale abroad.)
Sukhoi is already working with India's Hindustan Aeronautics Limited (HAL) to develop a twin-seat version of the T-50 for the Indian air force that would enter production around 2020. The Russian version of the jet is supposed to enter service with the Russian air force later this decade.
Operation Red October -- the newly discovered cyber spying operation that has targeted a range of diplomatic facilities, defense companies, and energy firms around the globe -- may mark an evolution of the cyber black market.
U.S. government officials have been extremely worried about the rise of hackers for hire and the associated markets for cyber crime and espionage tools for, but Red October may be one of the most sophisticated cyber espionage operations conducted by a private group. Since 2007, Red October has been using a virus called Rocra to spy on computers and smartphones used by the employees of everything from diplomatic missions to research facilities -- gathering exactly the type of information that government spy agencies want.
Kaspersky Lab, the IT security firm that announced they had uncovered Red October earlier this week, says that its perpetrators appear to be Russian-speaking, but the lab can't provide evidence that this is an official Kremlin-backed operation. The lab also can't eliminate the possibility that private hackers are responsible. That's right, we may be seeing the rise of private spy agencies, think SPECTRE or whatever Raoul Silva, Javier Bardem's character in the latest 007 film, calls his organization.
"If this is a private cyber espionage network without close state sponsoring or funding -- which seems to be the driving thesis in the Kaspersky report -- than that says something about the new terrain for how actors are working in cyberspace," Laura Galante, an intelligence analyst at IT security firm Mandiant, told Killer Apps.
"We've moved on from kind of this hacker for hire" who simply perform disruptive, denial of service attacks "and now we're into what information can we sell that would be incredibly valuable to a government, and private individuals or groups are willing to take on that kind of endeavor which is definitely riskier and requires significant funding to do," said Galante. "It's almost digital spies for hire."
"I think the big takeaway for most people will be people; this was a sophisticated attack, that's the type of thing that makes people think, ‘do we now have private espionage networks that can provide really targeted information" about high level targets to a government, said the analyst.
Still, this may well be the work of government spies, notes Galante. She points out that Red October is a sophisticated operation that's been going on for five years, meaning that it likely had significant funding and its perpetrators were probably comfortable in knowing there's a low chance they'll be prosecuted.
"To be able to function and get the information that they've supposedly got, you have to be able to operate in an environment immune from imminent prosecution," said Galante. "For something that goes after this type of information, that's a five year long operation, it's really suspicious that a completely private group of entrepreneurial hackers would have the funding to do that and have the same kind of attention to go on that long."
It's also worth noting that Kaspersky researchers found Cold War era Russian espionage slang (who knew that was a thing?) written into Rocra's code. For example, one of Rocra's modules designed to spy on smartphones was named, zakladka, possibly after the Russian slang term for a microphone bug embedded in the wall of an embassy, according to Kaspersky.
If the Kremlin is behind Red October, the discovery would give Western analysts a relatively rare window into Russia's cyber capabilities.
"If the Russian government had close ties or some sort of ability to direct and provide tasking for something like the Red October campaign, that would be the newest point for an understanding of what Russia's capabilities are," said Galante. "It definitely raises suspicions for the U.S. government about the potential of Russia's capabilities; whether we believe they're highly capable or not is the question, but it definitely raises suspicions" about how advanced Russia's cyber capabilites are.
Still, Galante warned against freaking out about the Russians coming after everyone in cyberspace.
"We don't know how capable Russia is, we don't have a lot to point to, and we should look at threats accordingly, seeing demonstrated capabilty and seeing attributed events is something we should look at before we're too giddy to deem a certain country a major threat.
Shocker! It looks like the Russians might be cyber spying on the countries that make up their former empire. IT security firm Kaspersky Lab just announced that it has found a new cyber espionage tool called Rocra.
The malware, active since 2007, targets mostly former USSR states and Eastern European countries, along with a limited number of diplomatic and government installations in Western Europe , North America and other places. It is designed to collect "geopolitical intelligence, credentials to access classified computer systems," and data from smartphones, routers, and even deleted info from removable disk drives as part of an espionage operation dubbed Red October (seriously), according to Kaspersky Lab's announcement.
The lab believes the "attackers have Russian-speaking origins" based on forensic evidence found in the malware and the registration data for Rocra's command-and-control servers. (Hey, it could be Western intelligence posing as Russian speaking spies, who knows.)
More specifically, it looks like Rocra is designed to steal access codes to classified networks at diplomatic missions, research installations, "energy and nuclear groups," and "trade and aerospace targets" (see: defense firms), according to Kaspersky. The bug is installed via targeted email attacks (spear phishing) that convince recipients to open up a Microsoft Office file that installs malware on their machines via a security flaw in Office.
Once on a victim's computer, Rocra looks to steal passwords used to access sensitive information and even steals files from Acid Cryptofiler, cryptography software used by "NATO, the European Union, European Parliament and European Commission since 2011 to protect sensitive information," states the announcement.
"The attackers often used information exfiltrated from infected networks as a way to gain entry into additional systems," reads the announcement. "For example, stolen credentials were compiled in a list and used when the attackers needed to guess passwords or phrases to gain access to additional systems."
The best part: once Rocra is found by a victim and removed, its masters can regain access to the infected computer via a secret "Resurrection module" that has been hidden by Rocra in the machine's copy of Office or Adobe Reader.
The module provides "a foolproof way to regain access to a target system if the main malware body is discovered and removed, or if the system is patched," states the announcement. "Once the [command and control servers] are operational again the attackers send a specialized document file (a PDF or Office document) to victims machines via email which will activate the malware again."
The good news is that Kaspersky Lab reports that it found only about 250 Rocra infections between November 2012 and now. This fairly limited number of infections echoes other advanced spy tools like miniFlame that we've seen recently. miniFlame is a very advanced piece of malware designed to steal loads of information from its victims found on a few dozen specifically targeted computers in the Middle East
Just another day in the world of cyber spying.
Click here to read more on Red October.
John Reed reports on the frontiers of cyber war and the latest in military technology for Killer Apps.