Cyber Weapons:Basic Concepts,General Weapons and Specialized Weapons
Wu Guofa
Completion Date: 2020Year8Month3Day
Release Date: 2020Year10Month30Day
Abstract:This article first introduces the basic concept of cyber weapons, the agencies in the United States that develop cyber weapons (CIA, NSA, US Army Cyber Command, and five major agencies); it then introduces commonly used general cyber weapons and important specialized cyber weapons developed by these agencies.
Keywords:United States, Cyber, Cyberspace, Cyber Weapons, CIA, NSA
Cyberspace and Cyber Weapons
In Wu Guofa’s article “Cyberspace: Meaning, Composition, and Characteristics”, the definition of cyberspace is given as follows:
Cyberspace is a constantly changing domain within the four domains (land, sea, sky, and space), composed of relatively independent networks formed by electronic information technology facilities and the information within them. The networks here include computer networks (including internal networks, local area networks, wide area networks), the Internet, communication networks (including communication networks on Earth and communication networks between Earth and artificial entities on other celestial bodies), as well as computers, embedded processors, and supporting equipment in the network systems; the information here is broadly defined data generated, stored, changed, extracted, shared, used, and output using electronic and electromagnetic spectra.
Cyber Weaponsare specialized weapons used in cyberspace to attack enemies. “Cyber Weapons” were previously referred to as “Internet Weapons”. However, Internet Weapons attack computer networks and the Internet, while cyber weapons attack not only computer networks and the Internet but also communication networks. On July 23, China’s “Tianwen-1” Mars probe established a communication network with the ground control station, which belongs to the cyberspace network rather than the Internet. On July 27, “Tianwen-1” sent back a photo of the Earth and the Moon taken together to the ground control station.
Now, great power competition has unfolded in cyberspace encompassing land, sea, sky, and space. The United States not only controls the global Internet and China’s Internet but also has built a powerful cyber force and developed a large number of cyber weapons.
Chinese authorities must be fully prepared to respond to US cyber weapon attacks.
Agencies in the United States Developing Cyber Weapons
The major national agencies in the United States developing cyber weapons are as follows:
l Central Intelligence Agency, CIA;
l Federal Bureau of Investigation, FBI;
l National Security Agency, NSA;
l Defense Intelligence Agency, DIA;
l US Army Cyber Command, USACC.
They have developed over100,000 cyber weapons, including computer viruses and Trojan programs.
Among them, the agency that develops the most cyber weapons is the CIA.The CIA’s cyber weapon arsenal is codenamed Vault, meaning “vault”.
In early 2017, WikiLeaks obtained a “copy of intelligence” from a male US citizen claiming to be a CIA member, containing documents from the CIA’s Cyber Intelligence Center. The leaker was named Joshua Adam Schulte. This intelligence contained8,716 files, 943 attachments, 7,818 web pages, and700 million lines of source code. This is the content of the CIA’s cyber weapon vault “Vault 7”.
On March 7, 2017, WikiLeaks began to publicly disclose the dark history of the CIA hacking team in batches under the codename “Vault 7”. This time, the methods, targets, meeting records, overseas operation centers, and almost all hacking tools of the CIA hacking team were exposed. This is the largest scale of secret leaks in CIA history.
On March 12, 2017, the CIA issued a statement regarding the documents leaked by WikiLeaks, stating that they did not conduct electronic surveillance on American citizens.
The US Army Cyber Command has about3,000 “cyber weapons”. The US Army Cyber Forces have flexible and diverse tactics and means of attack. In cyber warfare, the US Cyber Command can quickly defeat enemies and even eliminate them.
Types of Cyber Weapons Developed by the United States
The United States has developed a wide variety of cyber weapons.The commonly used cyber weapons include the following8 types:
(1) Computer Virus
A computer virus is a computer program that can damage computer software and hardware, computer data, computer networks, and computer-controlled systems.
Computer viruses have characteristics ofself-replication, automatic propagation, stealthy action, and activation after being dormant.
(2) Trojan Program
A Trojan program is a piece of malicious code hidden in a normal computer program with special functions. Trojan programs can obtain and send passwords, destroy and delete files, record keystrokes, and carry out pre-set destructive actions. Trojan programs are used by cyber soldiers and hackers toremotely controlenemy computers, manipulating infected computers.
Trojan programs are not strictly computer viruses because they cannot self-replicate or automatically propagate.
(3) Logic Bomb
A logic bomb is a malicious computer program or a piece of malicious code within a complete program that is activated when pre-set conditions are met. The functions of a logic bomb are determined in advance by the program’s designer. Therefore, a logic bomb can have any functionality of a computer program, of course, destructive functionality, which is the purpose of the logic bomb’s designer.
For system administrators and computer users, suchlogic bombs are like buriedmines or timed bombs, causing great harm.
(4) DoS (Denial of Service)
DoS is the abbreviation for Denial of Service. The action that causes DoS is calledDoS attack. The purpose of a DoS attack is to make a computer or network unable to provide normal services. DoS attacks refer to maliciously attacking the flaws in network protocols or directly exhausting the resources of the attacked object through brute force; the most severe consequence is the paralysis of the computer or the collapse of the network.
Representative DoS attack methods include Ping of Death, TearDrop, UDP flood, SYN flood, Land Attack, and IP Spoofing DoS.
(5) Various Malicious Programs
The above four types of cyber weapons are all malicious computer programs. Most cyber weapons consist of malicious computer programs.
Among them, there is a type of malicious program that can harm the nervous system, visual system, etc. of people next to the computer, likebiological weapons.
(6) Electromagnetic Pulse Weapons
Electromagnetic pulse (EMP) is a sudden, broadband electromagnetic radiation high-intensity pulse used todestroy enemy computers and other electronic devices,attack tanks, ships, missiles, and other weapon control systems. Therefore, electromagnetic pulses are a type of cyber weapon.
(7) High-Power Microwave Weapons
Microwave signals with an average power of over one kilowatt or peak power in the hundreds of kilowatts are called high-power microwaves (HPM). High-power microwaves candestroy enemy computer networks, thus becoming a type of cyber weapon.
(8) Special Sensors
Sensors (Transducer, Sensor) are detection devices that can sense the information of the measured entity and convert this information into electrical signals or other forms for transmission, storage, processing, display, etc. Sensors with special functions can become cyber weapons, interfering with and destroying enemy computer network systems.
General Cyber Weapons Technology Developed by the United States
There are many types of general cyber weapons developed by US agencies. Here are10 important general cyber weapons and technologies:
(1) Technology for Implanting Trojans in Chips
US cyber weapon development agencies cooperate with computer chip manufacturing companies topre-implant Trojan programs in computer chips, thus solidifying Trojan programs in the chips. The harm to computers and devices using such chips is enormous, and the specific harm is determined by the implanted Trojan program.
(2) Remote Implantation Technology for Trojan Programs
US agencies have developed remote implantation technology for Trojan programs, capable ofimplanting Trojan programs into distant enemy computer systems. This implantation technology is undetectable, making it difficult for enemies to defend.
For example, the CIA-developed Frog Prince is a fully functional remote implantation integrated system. The Grasshopper system targets Windows systems for Trojan remote implantation.
(3) Wireless Delivery Devices for Trojan Programs
US agencies have developed wireless delivery devices for Trojan programs. These devices come pre-installed with Trojan programs. When these devices are close to enemy targets, the Trojan programs are wirelessly delivered to the enemy’s computer systems and important equipment.
(4) Remote Activation Technology for Trojan Programs
US agencies have developed remote activation technology for Trojan programs, which uses special devices to emit electromagnetic signals or send triggering signals through wireless networks.
(5) Wireless Insertion of Malware Technology
For special networks that are not connected to the Internet (military networks, national security networks, etc.), US agencies have developed technology to wirelessly insert malware into these network systems. With this technology, US agencies can achieve “entry without a network”, while enemy networks have no secrets to keep.
(6) Technology for Drones to Disrupt Networks
US agencies have developed technology to sendhigh-energy microwaves(HPM) from drones to destroy or shut down enemy computer networks, causing paralysis of enemy computer networks.
(7) Technology for Attacking Enemies with Electromagnetic Pulses
US agencies have developed malicious electromagnetic pulses in cyberspace. These pulses canattack tanks, ships, missiles, etc., disrupting the computer control programs of weapon systems, leading to severe consequences, even self-destruction.
(8) Technology for Attacking Enemies with Special Sensing Devices
The US Cyber Forces have developed special sensing devices based on the principles of sensors. By deploying these sensing devices deep into enemy territory, they can interfere with and destroy enemy hardware devices silently, paralyzing the enemy’scommand and control systems andstrike systems.
(9) Non-material Biological Weapons Attacking Enemies
US agencies have developed non-material biological weapons in cyberspace. Thesebiological weapons are not bacteria or viruses, but malicious computer programs embedded in computer terminals. These biological weapons can damage the brain nerves and visual cells of people sitting next to the computer. The serious consequences are self-evident.
(10) Technology for Controlling Smart (4G, 5G) Phones
US agencies have developed technology for controlling smart (4G, 5G) phones. For phones using Google’s Android system and Apple’s phones (which include all phones in China), this technology can turn phones on and off, steal information, control phone cameras, and eavesdrop on surrounding conversations, sending information, photos, and recorded conversations back to relevant US agencies.
Specialized Cyber Weapons Developed by the United States
US intelligence agencies CIA, FBI, NSA, DIA, and the US Army Cyber Command have developed numerous specialized cyber weapons targeting specific objectives to achieve specific purposes.
Below, we list14 types of specialized cyber weapons developed by US agencies:
(1) Fluxwire
Fluxwire is a large, complex network attack platform developed by the CIA.Fluxwire utilizes backdoors in operating systems to attack and control Windows, Unix, Linux, MacOS, and 9 other operating systems (covering all mainstream operating systems) and their supporting software and hardware, capable of:
l Recording keystrokes and collecting usernames and passwords for websites, emails, and online banking accounts;
l Stealing data from computer systems and sending it back to the CIA;
l Modifying data in computer systems to cause abnormal operation or even crashes;
l Deleting important information from computer systems.
(2) SparrowHawk
SparrowHawk is a keyboard logger developed by the CIA for cross-platform architectures and Unix-based systems. This weapon is suitable for major Unix distributions, including FreeBSD, Solaris, etc., with x86 and SPARC chip architectures.SparrowHawk can:
l Collect target user keystrokes;
l Format the collected data;
l Send the collected data back to the CIA.
(3) Umbrage
This is a network attack platform developed by the CIA for team use. CIA technicians use this platform to collect a large number of publicly available network attack techniques and hacking tools, identifying and collecting usable code and data in leaked information to form a cyber weapon database. This database can be used for:
l Investigating and collecting evidence of enemy network attack activities;
l Modifying weapons (malicious software) in the database to attack enemies;
l Launching “false flag” network attacks against enemy systems, deliberately leaving traces to mislead others, achieving the purpose of confusing the enemy and framing others.
(4) Turbine
This is malicious software developed by the NSA. Once implanted in enemy computer systems, Turbine allows the NSA to gaincomplete operational and control rights over the compromised computer:
l Recording keystrokes and collecting usernames and passwords for websites and emails;
l Controlling the target computer’s microphone to record nearby conversations;
l Controlling the target computer’s camera to take photos of what is in front of the computer;
l Logging user browsing data and able to interrupt file downloads and block website access;
l Accessing data stored on USB drives connected to the computer.
(5) Turmoil
This is a data monitoring sensor network developed by the NSA to monitor various data transmitted over the entire Internet. Turmoil can:
l Automatically identify the type of data being monitored based on the “selector”;
l Analyze the monitored data;
l Send useful data back to the NSA.
(6) Suter Project
This is a project started by the US Air Force in 2001. The implementation of this project enables the Air Force to:
l Monitor and obtain target information detected by enemy radar;
l Take over enemy electronic information systems by sending data streams to them, causing enemy radar antennas to turn away from US aircraft and other entities;
l Launch attacks through the electromagnetic spectrum,infiltrating enemy time-sensitive system networks, such as missile launch systems, to disrupt and destroy them;
l Allow Air Force cyber soldiers on aircraft toaccess enemy computer networks for monitoring and operations;
l Attack andpenetrate enemy command and communication networks, manipulating them to cause total failure.
(7) Improvise
This is a toolkit developed by the CIA for data collection and theft. It supports mainstream operating systems like Windows, Mac OS, and Linux. Depending on different operating systems and attack targets, this weapon also defines names with a strong bar flavor: Margarita, Dancefloor, Jukebox. Improvise can:
l Collect data from computer systems;
l Process the collected data.
(8) HammerDrill
This is a cyber weapon developed by the CIA, using CD/DVD (optical disk reading and writing) as the medium for infection, capable of:
l Infecting target systems by writing malicious code to disks;
l If the target system is using Nero to burn software, it will install the Trojan program on the newly burned disk.
(9) Pterodactyl
This is a weapon developed by the CIA for invading certain embedded single-board computers.Pterodactyl controls target computers through embedded single-board computers or real-time control systems, causing serious harm to enemy real-time control systems.
(10) HarpyEagle
This is developed by the CIA specifically for Apple routers Airport Extreme and Wi-Fi devices Time Capsule, designed to remotely or locally obtain root(highest) permissions and implant rootkits, i.e., Trojan programs.
(11) Packrat
This is a software suite developed by the CIA, integrated from open-source or commercial tools for automatic surveillance, applicable to various service systems like VMWare Workstation, VMWare ESXi, VirtualBox, OpenStack, KVM/QEMU, Docker, AWS, Google Compute Cloud, etc.
(12) WeepingAngel
This is a Trojan implantation tool component developed jointly by the CIA and Britain’s MI5 (Military Intelligence, Section 5) targeting smart TVs. The first victim was Samsung televisions in South Korea. This tool component can:
l After infecting smart TVs with malware, it hijacks the shutdown operation, keeping the program running in the background, making users mistakenly believe the TV is turned off;
l Then, it activates the microphone, recording nearby conversations;
l Finally, it sends the recorded content back to the CIA’s backend server.
(13) Hacking Tools Related to Android Systems
The CIA has developed several exploitable vulnerabilities targeting Android systems. These vulnerabilities have been edited, making it difficult for ordinary Android experts to discover them. The CIA has developed hacking tools that utilize these vulnerabilities. Here are some typical hacking tools:
l HAMR: A tool exploiting browser vulnerabilities targeting Android systems.
l Anger Management: A tool for gathering vulnerable browser plugins on Android systems to provide for executing vulnerabilities with the HAMR tool.
l Orion: A tool exploiting vulnerabilities in the Android system’s webkit.
l Freedroid: A tool for extracting data from Android systems.
In addition, there are many other tools that exploit browser vulnerabilities, such as Barracuda, Flame Skimmer, Spearow, Dragonfly, etc.
(14) Hacking Tools Related to iOS Systems
The CIA has developed many hacking tools targeting Apple’s iOS operating system. Here are four important hacking tools:
l Nightskies: A tool for implanting Trojan programs targeting iOS systems.
l Mcnugget: A tool for implanting Trojans for task management and control on iOS systems.
l Adderall: A tool for extracting files and kernel cache content from iOS devices.
l NightVision: A tool for reading and recording data from the iOS system’s kernel storage.