The case study: cyber camouflage scenario

by Milica D. Djekic

The military doctrine would suggest to us how camouflaging on the battlefield could be from strategic importance in order to prevent your army from the potential enemy’s attack. Being camouflaged would not mean that you would give up from combating, but rather you would keep on with your activities and stay invisible to your opponent. Even the intelligence community can understand the significance of the good camouflage for a reason those folks would collect the findings in secret. We should also pay attention to that even the modern threats would take advantage of the good camouflage and they would so commonly deal with those options at least on the user’s experience basis. So, why should we get aware of today’s camouflage opportunities and why is it important to adopt more or less best practice for doing so? As it’s well known, the war is a game being played by a certain number of competitors who could deal as a group or independently.

When we say the word “war” we would usually mean that’s something happening in the physical domain and it includes the soldiers, weapons and some sort of commands. As we are progressing as a human kind – we would notice that the physical world is not only that interesting for competition and many quite skillful individuals would try to obtain some sort of privileges dealing with the cyberspace. For such a purpose – it’s quite suitable to mention that such a kind of the game could cover on playing “show and hide” within the internet. As it’s known, even the entire armies with growing threats such as organized crime networks and terrorist groups would more or less rely on cyber technologies. In other words, your computer with the web connection could become the micro-battlefield and as army staffs would cope with the good camouflage trying to prevent themselves from harm – you should also think how to protect your IT asset from being assaulted. In this review, we would attempt to discuss how to camouflage in the cyber battlefield could get conducted and why it’s important to know how to prevent our resources as well as discover the bad guys and their intelligently organized communications.

One of the best-known ways to protect your data is through encryption techniques. At this stage, we would not try to explain any cryptographic algorithm, but rather attempt to provide a good insight into how encryption tools could serve at the user’s level. The modern cryptographic solutions would deal with the software offering a chance to transform our information from plaintext to the ciphertext applying the certain encryption tool. Once you get encrypted information – you could easily decrypt it using the same tool and coping with the same cryptographic key.

The question here would be how this sort of transformation matters in the practice. What’s so important to know is that you could use the wide spectrum of communication channels in order to transfer your encrypted messages as well as its cryptographic key. The options being available for such a purpose are different and there are so many key management techniques that could get help in order to deal with your encryption key. In this case, we would talk about the scenario the bad guys could easily apply and that’s sharing the encrypted messages through remote access capacities and managing the cryptographic key using the Darknet communications which are encrypted as well.

In such a scheme, it’s not very difficult to realize that the hackers – let’s say – working to some terrorist organization could try to remotely exchange the information that could get encrypted, while the key would go through some other means. We would try to define this method of information sharing as desktop to desktop because it’s not about the device to device for a reason the computers would not communicate with each other directly, while they would rather use some internet route attempting to correlate two or more distant devices.

In other words, we would discuss how it’s feasible to make a breach to someone’s machine or – in this case – the double breach using the hacking tool with the remote administration options. This sort of scenario could be especially useful within the organized crime and terrorist groups because then they would share data using the remote access opportunities. The encrypted files would get applied in such a case in order to leverage the confidentiality of the information sharing and as it’s obvious this sort of communications could serve for so many camouflage purposes. The question here would be how we could try to overcome this sort of protection. As we are familiar with – it’s not easy at all to track the terrorist communications and in this case – such a kind of information sharing could go deep into several levels.

Today so many hacking tools would cope with the remote administration options and in so many cases – you would need someone’s IP address in order to access that device. It’s quite clear that the bad guys would exchange their endpoint details and they would continue maintaining such a communication. This would certainly be the big challenge to a defense community which is supposed to go at least a step ahead of the threats. In the practice, there would be present so many scenarios and once you discover a terrorist’s computer – you could try to proceed with this sort of schematic investigation.

The role of this review is to make some sort of insight on how cryptography could get used by malicious actors as well as suggest how remote access options could get exploited by the bad guys. We all are aware of the severity of the modern threats and it’s quite clear that looking for some criminal or terrorist rings is more like digging in the darkness. On the other hand, if we cope with this scenario – we would gain some sort of awareness how stuff could appear in the practice and in such a case our digging in the darkness could get less time-consuming. Finally, there is still the concern of how to decrypt the messages, but that’s less worrying once you get an opportunity to deal with the endpoint users.

About the Author

A frequent contributor to Cyber Defense Magazine, and since Milica Djekic graduated at the Department of Control Engineering at University of Belgrade, Serbia, she’s been an engineer with a passion for cryptography, cybersecurity, and wireless systems.
Milica is a researcher from Subotica, Serbia. She also serves as a Reviewer at the Journal of Computer Sciences and Applications and. She writes for American and Asia-Pacific security magazines.
She is a volunteer with the American corner of Subotica as well as a lecturer with the local engineering society.