Virus, Hospital Infection
Team, Device, and Location
Wall Street Infection
Hospital Foundation Startup
World-Wide Military Tactics
Exposing Terrorist Activities
Hacking the Hackers
Computer Infection Definitions
Cyberwarfare Combat & Tactics
Major Oil Cartel Price-Fixing
Funding Large Political Donations
Stealing the Robin Hood Virus
Welcome to The Robin Hood
A Book by Robert Nerbovig
Cyber Warfare Combat & Tactics
The Robin Hood Virus / 171
One of the major concerns of our government is the ability of foreign enemies to sabotage the US power grid, air traffic control systems, financial institutions, military defense systems, and other infrastructure.
Several power utilities say they face a barrage of cyber attacks on their critical systems. A report by two Democratic lawmakers found that foreign hackers were trying to bring down the US power grid. More than a dozen power companies said they experienced daily, constant or frequent attempted cyber attacks, according to a 35-page report summarizing their responses.
We have the unique ability with The Robin Hood Virus to reside in all of the networks of
The Robin Hood Virus / 172
major U.S. power companies, air traffic control systems, military networks, and financial institutions waiting to ambush attempted cyber attacks.
We have developed a suite of programs we will call "Network Monitor Software" to detect, locate, and enter the offending intruder. We have a program for packet analysis, and also to look inside the packet headers. It is a memory forensic capture and analysis toolkit. It allows for the import of standard WinDD memory dumps which are then automatically reverse engineered and are forensically analyzed electronically using our pre-determined
formulas. The software monitors all packet
information to determine the source and destination IP addresses of the traffic. The software then will "DNS-ify" the IP address of
The Robin Hood Virus / 173
the traffic which gives them a name such as "workstation1.iran.tr.com". Our system uses a combination of deep packet inspection (DPI) and behavior analysis to identify applications and protocols in use across the network no matter if they are plain text or use advanced encryption and obfuscation techniques.
We have entered and installed our "Network
Monitor Software" in most major power grids, air traffic control systems, and financial institutions to monitor all packet activity for intrusion attempts. When our software alerts us that an attack has been attempted we will log the critical specifics of the intruder. We then transmit that data back to our local office. With that data we enter the intruders network, create havoc within that network and all of its' nodes, and give notice that further
The Robin Hood Virus / 174
attempts to hack into U.S. computer systems
will cause catastrophic damage to the offending
systems. With this plan we will stop critical cyber attacks to U.S. installations. We will explain how we will utilize this plan to stop cyber attacks to the industrial infrastructure, large industries and distribution centers in a further chapter.
METHODS OF ATTACK
Cyber warfare consists of many different
Cyber espionage and Cyber attacks, the latter of which is the top security threat to the United States.
ESPIONAGE AND NATIONAL SECURITY BREACHES
Cyber espionage is the act or practice of
The Robin Hood Virus / 175
obtaining secrets (sensitive, proprietary or
classified information) from individuals,
competitors, rivals, groups, governments and enemies also for military, political, or economic advantage using illegal exploitation methods on the Internet, networks, software and or computers. Classified information that is not handled securely can be intercepted and even modified, making espionage possible from the other side of the world. Specific attacks on the United States have been given codename's like Titan Rain and Moonlight Maze. The recently established Cyber Command is currently
trying to determine whether such activities as
commercial espionage or theft of intellectual
property are criminal activities or actual "breaches of national security".
The Robin Hood Virus / 176
Computers and satellites that coordinate other activities are vulnerable components of a system and could lead to the disruption of equipment. Compromise of military systems, such as C4ISTAR components that are responsible for orders and communications could lead to their interception or malicious replacement. Power, water, fuel, communications, and transportation infrastructure all may be vulnerable to disruption.
The civilian realm is also at risk, noting that the security breaches have already gone beyond stolen credit card numbers, and that potential targets can also include the electric power grid, trains, or the stock market.
In mid July 2010, security experts discovered a malicious software program called
The Robin Hood Virus / 177
Stuxnet that had infiltrated factory computers and had spread to plants around the world. It is considered "the first attack on critical industrial infrastructure that sits at the foundation of modern economies".
In computing, a denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root name servers. DoS attacks may not be limited to
computer-based methods, as strategic physical
attacks against infrastructure can be just as
The Robin Hood Virus / 178
devastating. For example, cutting undersea
communication cables may severely cripple some
regions and countries with regards to their
information warfare ability.
ELECTRICAL POWER GRID
The federal government of the United States admits that the electric power grid is susceptible to cyber warfare. The United States Department of Homeland Security works with industry to identify vulnerabilities and to help industry enhance the security of control system networks, the federal government is also working to ensure that security is
built in as the next generation of "smart grid"
networks are developed. In April 2009, reports
surfaced that China and Russia had infiltrated the U.S. electrical grid and left behind
The Robin Hood Virus / 179
software programs that could be used to disrupt the system, according to current and former national security officials. The North American Electric Reliability Corporation (NERC) has issued a public notice that warns that the electrical grid is not adequately
protected from cyber attack. China denies intruding into the U.S. electrical grid. One countermeasure would be to disconnect the power grid from the Internet and run the net with droop speed control only. Massive power outages caused by a cyber attack could disrupt the economy, distract from a simultaneous military attack, or create a national trauma.
Cyber Command is the newest global
The Robin Hood Virus / 180
combatant and its sole mission is cyberspace, outside the traditional battlefields of land, sea, air and space. It will attempt to find and, when necessary, neutralize cyber attacks and to defend military computer networks. The distributed nature of Internet based attacks means that it is difficult to determine motivation and attacking party, meaning that it is unclear when a specific act should be considered an act of war.
Potential targets in Internet sabotage include all aspects of the Internet from the backbones of the web, to the Internet Service Providers, to the varying types of data communication mediums and network equipment. This would include: web servers, enterprise
The Robin Hood Virus / 181
information systems, client server systems, communication links, network equipment, and
the desktops and laptops in businesses and homes. Electrical grids and telecommunication systems are also deemed vulnerable, especially due to current trends in automation.
Computer hacking represents a modern threat in ongoing industrial espionage and as such is presumed to widely occur. It is typical that this type of crime is underreported.
CYBERWARFARE IN CHINA
We have Identified China sites suspected of hacking as four large networks in Shanghai, two of which are allocated directly to the
The Robin Hood Virus / 182
Pudong New Area. We uncovered the hackers attack infrastructure, command and control, and the tools, tactics, and procedures they use. We identified three key hactivists behind the hacking. These hackers are following orders given to them by others.
We entered the four networks in China that we suspected of hacking U.S. Companies and the U.S. Government. We have installed various software programs to monitor the data they are stealing, what the data is and where they are sending it. We are also modifying the stolen data to set up bogus scenarios to confuse possible action against the U.S. Companies and the U.S. Government.
"Police in central China have shut down a hacker training operation (Black Hawk Safety Net) that openly recruited thousands of members
The Robin Hood Virus / 183
online and provided them with cyber attack lessons and malicious software..." "The crackdown comes amid growing concern that China is a center for Internet crime and industrial espionage."
It is hard to know what proportion of hacking from China is the work of individuals and whether the government is involved. But some say the high skill level of some attacks suggests China's military or other agencies might have trained or directed the hackers."
Diplomatic cables highlight US concerns that China is using access to Microsoft source code and 'harvesting the talents of its private sector' to boost its offensive and defensive capabilities. While China continues to be held responsible for a string of cyber-attacks on a number of public and private institutions in
The Robin Hood Virus / 184
the United States, India, Russia, Canada, and France, the Chinese government denies any involvement in cyber-spying campaigns. The administration maintains the position that China is not the threat but rather the victim of an increasing number of cyber-attacks. We have entered the extensive network of APT1 who is likely government-sponsored and one of the most persistent of China's cyber threat hackers. We have discovered APT’s intrusions against nearly 150 victims over seven years. We tracked APT1 back to four large networks in Shanghai, two of which are allocated directly to the Pudong New Area. We uncovered APT1’s
attack infrastructure, command and control, and modus operandi (tools, tactics, and procedures). We continue to occupy and monitor APT1's networks and activities and we have
The Robin Hood Virus / 185
modified several of their communications to severely cripple their efforts.
CYBERWARFARE IN GERMANY
In 2013, Germany revealed the existence of their 60-person Computer Network Operation unit. The German intelligence agency, BND, announced it was seeking to hire 130 "hackers" for a new "cyber defense station" unit. In March 2013, the BND had observed up to five attacks a day on government authorities, thought mainly to originate in China.
CYBERWARFARE IN INDIA
The Department of Information Technology created the Indian Computer Emergency Response Team (CERT-In) in 2004 to thwart cyber attacks in India. That year, there were 23 reported
The Robin Hood Virus / 186
cyber security breaches. In 2011, there were 13,301. That year, the government created a new subdivision, the National Critical
Information Infrastructure Protection Center (NCIIPC) to thwart attacks against energy, transport, banking, telecom, defense, space and other sensitive areas.
CYBERWARFARE IN IRAN
In June 2010, Iran was the victim of a cyber attack when its nuclear facility in Natanz was infiltrated by the cyber-worm ‘Stuxnet’. Reportedly a combined effort by the United States and Israel Stuxnet destroyed perhaps over 1000 nuclear centrifuges and set Tehran's atomic program back by at least two years. The worm spread beyond the plant to allegedly infect over 60,000 computers, but the
The Robin Hood Virus / 187
government of Iran indicates it caused no significant damage. Iran implemented solutions to the worm and is purportedly now better positioned in terms of cyber warfare technology. The Iranian government has been accused by western analysts of its own cyber-
attacks against the United States, Israel and Gulf Arabs, but deny this, including specific allegations of 2012 involvement in hacking into American banks.
CYBERWARFARE IN SOUTH KOREA
With ongoing tensions on the Korean Peninsula, South Korea's defense ministry stated that South Korea was going to improve cyber-defense strategies in hopes of preparing itself from possible cyber attacks. In March 2013, South Korea's major banks – Shinhan Bank,
The Robin Hood Virus / 188
Woori Bank and NongHyup Bank – as well as many
broadcasting stations – KBS, YTN and MBC – were hacked and more than 30,000 computers were
affected; it is one of the biggest attacks South Korea has faced in years. Although it remains uncertain as to who was involved in this incident, there has been immediate assertions that North Korea is connected, as it threatened to attack South Korea's government institutions, major national banks and traditional newspapers. North Korea's cyber
warfare capabilities raise the alarm for South Korea, as North Korea is increasing its manpower through military academies specializing in hacking. Current figures state that South Korea only has 400 units of specialized personnel, while North Korea has more than 3,000 highly trained hackers; this
The Robin Hood Virus / 189
portrays a huge gap in cyber warfare capabilities and sends a message to South Korea that it has to step up and strengthen its Cyber
Warfare Command forces. Therefore, in order to be prepared from future attacks, South Korea and the United States will discuss further about deterrence plans at the Security Consultative Meeting (SCM). At SCM they plan on developing strategies that focuses on
accelerating the deployment of ballistic missiles as well as fostering its defense shield program, known as the Korean Air and Missile Defense.
CYBERWARFARE IN THE UK
MI6 reportedly infiltrated an Al Qaeda web site and replaced the recipe for a pipe bomb with the recipe for making cupcakes. On 12
The Robin Hood Virus / 190
November 2013, financial organizations in London conducted cyber war games dubbed 'Walking Shark 2' to simulate massive
internet-based attacks against bank and other
CYBERWARFARE IN THE UNITED STATES
Cyber warfare in the United States is a part of the American military strategy of Proactive Cyber Defense and the use of cyber warfare as a platform for attack. The new United States military strategy makes explicit that a cyber attack is an act of war. In 2013 Cyber warfare was, for the first time, considered a larger threat than Al Qaeda or
terrorism, by many U.S. intelligence officials. China has plans of "winning informationised wars by the mid-21st century".
The Robin Hood Virus / 191
They note that other countries are likewise organizing for cyber war, among them Russia, Israel and North Korea. Iran boasts of having the world's second-largest cyber-army.
The United States Department of Defense sees the use of computers and the Internet to conduct warfare in cyberspace as a threat to national security. The United States Joint Forces Command describes some of its attributes:
Cyberspace technology is emerging as an
"instrument of power" in societies, and is becoming more available to a country's opponents, who may use it to attack, degrade, and disrupt communications and the flow of information. With low barriers to entry,
coupled with the anonymous nature of activities in cyberspace, the list of potential
The Robin Hood Virus / 192
adversaries is broad. The United States has used cyber attacks for tactical advantage in Afghanistan.
Cyber counter-intelligence are measures to
identify, penetrate, or neutralize foreign operations that use cyber means as the primary trade craft methodology, as well as foreign intelligence service collection efforts that use traditional methods to gauge cyber capabilities and intentions. The NSA knew about a flaw in the way that many web sites send sensitive information and regularly used it to gather critical intelligence. This flaw appears to be one of the biggest in Internet history, affecting the basic security of as many as two-thirds of the worlds web sites.
The Robin Hood Virus / 193
Its discovery and the creation of a fix by researchers prompted consumers to change their
passwords, and very large computer companies to
provide patches for their systems. With this flaw the NSA was able to obtain passwords and other basic data that are the building blocks of the sophisticated hacking operations at the core of its mission, but at a cost. Millions of ordinary users were left vulnerable to attack from other nations’ intelligence arms and criminal hackers.
The NSA and other elite intelligence agencies devote millions of dollars to hunt for common software flaws that are critical to stealing data from secure computers. Open-source protocols like Open SSL, where the flaw
The Robin Hood Virus / 194
was found, are primary targets.
The revelations have created a clearer picture of the two roles, sometimes contradictory, played by the U.S.’s largest spy agency. The NSA protects the computers of the government and critical industry from cyber-attacks, while gathering troves of intelligence attacking the computers of others, including terrorist organizations, nuclear smugglers and other governments. The potential stems from a
flawed implementation of protocol used to encrypt communications between users and websites protected by Open SSL, making those supposedly secure sites an open book. The damage could be done with relatively simple scans, so that millions of machines could be
The Robin Hood Virus / 195
hit by a single attacker.
Questions remain about whether anyone other than the U.S. government might have exploited the flaw before the public disclosure. Sophisticated intelligence agencies in other countries are one possibility. Our team discovered the flaw in Open SSL over 2 years go and instituted a patch preventing cyber attacks by those who would take advantage of the flaw. If criminals found the flaw before our patch they could have scooped up troves of passwords for bank accounts, e-commerce sites and email accounts worldwide.
The Robin Hood Virus / 196
Diversion total to date $1,100,000,000
Donation total to date $995,000,000