Welcome to The Robin Hood Virus
A Book by Robert Nerbovig

                         Cyber Warfare Combat & Tactics

                                                    The Robin Hood Virus / 171 One of the major concerns of our government is the ability of foreign enemies to sabotage the US power grid, air traffic control systems, financial institutions, military defense systems, and other infrastructure. Several power utilities say they face a barrage of cyber attacks on their critical systems. A report by two Democratic lawmakers found that foreign hackers were trying to bring down the US power grid. More than a dozen power companies said they experienced daily, constant or frequent attempted cyber attacks, according to a 35-page report summarizing their responses. We have the unique ability with The Robin Hood Virus to reside in all of the networks of

                                                    The Robin Hood Virus / 172 major U.S. power companies, air traffic control systems, military networks, and financial institutions waiting to ambush attempted cyber attacks. We have developed a suite of programs we will call "Network Monitor Software" to detect, locate, and enter the offending intruder. We have a program for packet analysis, and also to look inside the packet headers. It is a memory forensic capture and analysis toolkit. It allows for the import of standard WinDD memory dumps which are then automatically reverse engineered and are forensically analyzed electronically using our pre-determined formulas. The software monitors all packet information to determine the source and destination IP addresses of the traffic. The software then will "DNS-ify" the IP address of

                                                    The Robin Hood Virus / 173 the traffic which gives them a name such as "workstation1.iran.tr.com". Our system uses a combination of deep packet inspection (DPI) and behavior analysis to identify applications and protocols in use across the network no matter if they are plain text or use advanced encryption and obfuscation techniques. We have entered and installed our "Network Monitor Software" in most major power grids, air traffic control systems, and financial institutions to monitor all packet activity for intrusion attempts. When our software alerts us that an attack has been attempted we will log the critical specifics of the intruder. We then transmit that data back to our local office. With that data we enter the intruders network, create havoc within that network and all of its' nodes, and give notice that further

                                                    The Robin Hood Virus / 174 attempts to hack into U.S. computer systems will cause catastrophic damage to the offending systems. With this plan we will stop critical cyber attacks to U.S. installations. We will explain how we will utilize this plan to stop cyber attacks to the industrial infrastructure, large industries and distribution centers in a further chapter.
Cyber warfare consists of many different threats: Cyber espionage and Cyber attacks, the latter of which is the top security threat to the United States.
Cyber espionage is the act or practice of

                                                    The Robin Hood Virus / 175 obtaining secrets (sensitive, proprietary or classified information) from individuals, competitors, rivals, groups, governments and enemies also for military, political, or economic advantage using illegal exploitation methods on the Internet, networks, software and or computers. Classified information that is not handled securely can be intercepted and even modified, making espionage possible from the other side of the world. Specific attacks on the United States have been given codename's like Titan Rain and Moonlight Maze. The recently established Cyber Command is currently trying to determine whether such activities as commercial espionage or theft of intellectual property are criminal activities or actual "breaches of national security".

                                                    The Robin Hood Virus / 176
Computers and satellites that coordinate other activities are vulnerable components of a system and could lead to the disruption of equipment. Compromise of military systems, such as C4ISTAR components that are responsible for orders and communications could lead to their interception or malicious replacement. Power, water, fuel, communications, and transportation infrastructure all may be vulnerable to disruption. The civilian realm is also at risk, noting that the security breaches have already gone beyond stolen credit card numbers, and that potential targets can also include the electric power grid, trains, or the stock market. In mid July 2010, security experts discovered a malicious software program called

                                                    The Robin Hood Virus / 177 Stuxnet that had infiltrated factory computers and had spread to plants around the world. It is considered "the first attack on critical industrial infrastructure that sits at the foundation of modern economies".
In computing, a denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root name servers. DoS attacks may not be limited to computer-based methods, as strategic physical attacks against infrastructure can be just as

                                                    The Robin Hood Virus / 178 devastating. For example, cutting undersea communication cables may severely cripple some regions and countries with regards to their information warfare ability.
The federal government of the United States admits that the electric power grid is susceptible to cyber warfare. The United States Department of Homeland Security works with industry to identify vulnerabilities and to help industry enhance the security of control system networks, the federal government is also working to ensure that security is built in as the next generation of "smart grid" networks are developed. In April 2009, reports surfaced that China and Russia had infiltrated the U.S. electrical grid and left behind

                                                    The Robin Hood Virus / 179 software programs that could be used to disrupt the system, according to current and former national security officials. The North American Electric Reliability Corporation (NERC) has issued a public notice that warns that the electrical grid is not adequately protected from cyber attack. China denies intruding into the U.S. electrical grid. One countermeasure would be to disconnect the power grid from the Internet and run the net with droop speed control only. Massive power outages caused by a cyber attack could disrupt the economy, distract from a simultaneous military attack, or create a national trauma.
Cyber Command is the newest global

                                                    The Robin Hood Virus / 180 combatant and its sole mission is cyberspace, outside the traditional battlefields of land, sea, air and space. It will attempt to find and, when necessary, neutralize cyber attacks and to defend military computer networks. The distributed nature of Internet based attacks means that it is difficult to determine motivation and attacking party, meaning that it is unclear when a specific act should be considered an act of war. CIVIL Potential targets in Internet sabotage include all aspects of the Internet from the backbones of the web, to the Internet Service Providers, to the varying types of data communication mediums and network equipment. This would include: web servers, enterprise

                                                    The Robin Hood Virus / 181 information systems, client server systems, communication links, network equipment, and the desktops and laptops in businesses and homes. Electrical grids and telecommunication systems are also deemed vulnerable, especially due to current trends in automation.
Computer hacking represents a modern threat in ongoing industrial espionage and as such is presumed to widely occur. It is typical that this type of crime is underreported.
We have Identified China sites suspected of hacking as four large networks in Shanghai, two of which are allocated directly to the

                                                    The Robin Hood Virus / 182 Pudong New Area. We uncovered the hackers attack infrastructure, command and control, and the tools, tactics, and procedures they use. We identified three key hactivists behind the hacking. These hackers are following orders given to them by others. We entered the four networks in China that we suspected of hacking U.S. Companies and the U.S. Government. We have installed various software programs to monitor the data they are stealing, what the data is and where they are sending it. We are also modifying the stolen data to set up bogus scenarios to confuse possible action against the U.S. Companies and the U.S. Government. "Police in central China have shut down a hacker training operation (Black Hawk Safety Net) that openly recruited thousands of members

                                                    The Robin Hood Virus / 183 online and provided them with cyber attack lessons and malicious software..." "The crackdown comes amid growing concern that China is a center for Internet crime and industrial espionage." It is hard to know what proportion of hacking from China is the work of individuals and whether the government is involved. But some say the high skill level of some attacks suggests China's military or other agencies might have trained or directed the hackers." Diplomatic cables highlight US concerns that China is using access to Microsoft source code and 'harvesting the talents of its private sector' to boost its offensive and defensive capabilities. While China continues to be held responsible for a string of cyber-attacks on a number of public and private institutions in

                                                    The Robin Hood Virus / 184 the United States, India, Russia, Canada, and France, the Chinese government denies any involvement in cyber-spying campaigns. The administration maintains the position that China is not the threat but rather the victim of an increasing number of cyber-attacks. We have entered the extensive network of APT1 who is likely government-sponsored and one of the most persistent of China's cyber threat hackers. We have discovered APT’s intrusions against nearly 150 victims over seven years. We tracked APT1 back to four large networks in Shanghai, two of which are allocated directly to the Pudong New Area. We uncovered APT1’s attack infrastructure, command and control, and modus operandi (tools, tactics, and procedures). We continue to occupy and monitor APT1's networks and activities and we have

                                                    The Robin Hood Virus / 185 modified several of their communications to severely cripple their efforts.
In 2013, Germany revealed the existence of their 60-person Computer Network Operation unit. The German intelligence agency, BND, announced it was seeking to hire 130 "hackers" for a new "cyber defense station" unit. In March 2013, the BND had observed up to five attacks a day on government authorities, thought mainly to originate in China.
The Department of Information Technology created the Indian Computer Emergency Response Team (CERT-In) in 2004 to thwart cyber attacks in India. That year, there were 23 reported

                                                    The Robin Hood Virus / 186 cyber security breaches. In 2011, there were 13,301. That year, the government created a new subdivision, the National Critical Information Infrastructure Protection Center (NCIIPC) to thwart attacks against energy, transport, banking, telecom, defense, space and other sensitive areas.
In June 2010, Iran was the victim of a cyber attack when its nuclear facility in Natanz was infiltrated by the cyber-worm ‘Stuxnet’. Reportedly a combined effort by the United States and Israel Stuxnet destroyed perhaps over 1000 nuclear centrifuges and set Tehran's atomic program back by at least two years. The worm spread beyond the plant to allegedly infect over 60,000 computers, but the

                                                    The Robin Hood Virus / 187 government of Iran indicates it caused no significant damage. Iran implemented solutions to the worm and is purportedly now better positioned in terms of cyber warfare technology. The Iranian government has been accused by western analysts of its own cyber- attacks against the United States, Israel and Gulf Arabs, but deny this, including specific allegations of 2012 involvement in hacking into American banks.
With ongoing tensions on the Korean Peninsula, South Korea's defense ministry stated that South Korea was going to improve cyber-defense strategies in hopes of preparing itself from possible cyber attacks. In March 2013, South Korea's major banks – Shinhan Bank,

                                                    The Robin Hood Virus / 188 Woori Bank and NongHyup Bank – as well as many broadcasting stations – KBS, YTN and MBC – were hacked and more than 30,000 computers were affected; it is one of the biggest attacks South Korea has faced in years. Although it remains uncertain as to who was involved in this incident, there has been immediate assertions that North Korea is connected, as it threatened to attack South Korea's government institutions, major national banks and traditional newspapers. North Korea's cyber warfare capabilities raise the alarm for South Korea, as North Korea is increasing its manpower through military academies specializing in hacking. Current figures state that South Korea only has 400 units of specialized personnel, while North Korea has more than 3,000 highly trained hackers; this

                                                    The Robin Hood Virus / 189 portrays a huge gap in cyber warfare capabilities and sends a message to South Korea that it has to step up and strengthen its Cyber Warfare Command forces. Therefore, in order to be prepared from future attacks, South Korea and the United States will discuss further about deterrence plans at the Security Consultative Meeting (SCM). At SCM they plan on developing strategies that focuses on accelerating the deployment of ballistic missiles as well as fostering its defense shield program, known as the Korean Air and Missile Defense.
MI6 reportedly infiltrated an Al Qaeda web site and replaced the recipe for a pipe bomb with the recipe for making cupcakes. On 12

                                                    The Robin Hood Virus / 190 November 2013, financial organizations in London conducted cyber war games dubbed 'Walking Shark 2' to simulate massive internet-based attacks against bank and other financial organizations.
Cyber warfare in the United States is a part of the American military strategy of Proactive Cyber Defense and the use of cyber warfare as a platform for attack. The new United States military strategy makes explicit that a cyber attack is an act of war. In 2013 Cyber warfare was, for the first time, considered a larger threat than Al Qaeda or terrorism, by many U.S. intelligence officials. China has plans of "winning informationised wars by the mid-21st century".

                                                    The Robin Hood Virus / 191 They note that other countries are likewise organizing for cyber war, among them Russia, Israel and North Korea. Iran boasts of having the world's second-largest cyber-army. The United States Department of Defense sees the use of computers and the Internet to conduct warfare in cyberspace as a threat to national security. The United States Joint Forces Command describes some of its attributes: Cyberspace technology is emerging as an "instrument of power" in societies, and is becoming more available to a country's opponents, who may use it to attack, degrade, and disrupt communications and the flow of information. With low barriers to entry, coupled with the anonymous nature of activities in cyberspace, the list of potential

                                                    The Robin Hood Virus / 192 adversaries is broad. The United States has used cyber attacks for tactical advantage in Afghanistan.
Cyber counter-intelligence are measures to identify, penetrate, or neutralize foreign operations that use cyber means as the primary trade craft methodology, as well as foreign intelligence service collection efforts that use traditional methods to gauge cyber capabilities and intentions. The NSA knew about a flaw in the way that many web sites send sensitive information and regularly used it to gather critical intelligence. This flaw appears to be one of the biggest in Internet history, affecting the basic security of as many as two-thirds of the worlds web sites.

                                                    The Robin Hood Virus / 193 Its discovery and the creation of a fix by researchers prompted consumers to change their passwords, and very large computer companies to provide patches for their systems. With this flaw the NSA was able to obtain passwords and other basic data that are the building blocks of the sophisticated hacking operations at the core of its mission, but at a cost. Millions of ordinary users were left vulnerable to attack from other nations’ intelligence arms and criminal hackers.
Hunting Flaws
The NSA and other elite intelligence agencies devote millions of dollars to hunt for common software flaws that are critical to stealing data from secure computers. Open-source protocols like Open SSL, where the flaw

                                                    The Robin Hood Virus / 194 was found, are primary targets.
NSA Spying
The revelations have created a clearer picture of the two roles, sometimes contradictory, played by the U.S.’s largest spy agency. The NSA protects the computers of the government and critical industry from cyber-attacks, while gathering troves of intelligence attacking the computers of others, including terrorist organizations, nuclear smugglers and other governments. The potential stems from a flawed implementation of protocol used to encrypt communications between users and websites protected by Open SSL, making those supposedly secure sites an open book. The damage could be done with relatively simple scans, so that millions of machines could be

                                                    The Robin Hood Virus / 195 hit by a single attacker.
Exploiting Flaw
Questions remain about whether anyone other than the U.S. government might have exploited the flaw before the public disclosure. Sophisticated intelligence agencies in other countries are one possibility. Our team discovered the flaw in Open SSL over 2 years go and instituted a patch preventing cyber attacks by those who would take advantage of the flaw. If criminals found the flaw before our patch they could have scooped up troves of passwords for bank accounts, e-commerce sites and email accounts worldwide.

                                                    The Robin Hood Virus / 196

     Diversion total to date    $1,100,000,000
     Donation total to date     $995,000,000

The Robin Hood Virus
 Home Page |  Virus, Hospital Infection |  Team, Device, and Location |  Wall Street Infection
 Hospital Foundation Startup |  World-Wide Military Tactics |  Exposing Terrorist Activities
 Hacking the Hackers |  Computer Infection Definitions |  Cyberwarfare Combat & Tactics
 Major Oil Cartel Price-Fixing |  Funding Large Political Donations |  Stealing The Robin Hood Virus
 Contact Us

This site is designed and maintained by: Turquoise Software