Originally published in SPIDER Magazine on
Wars have been fought by man throughout history. When metal hadn’t been discovered, we used sticks and stones; when guns hadn’t been invented we used swords and spears; then came tanks, airplanes, ships and bombs. A new frontier has recently emerged which despite being around for many years, has only recently begun to be used as a weapon – cyberspace.
Cyber warfare to put it simply, is war fought over the internet. The term covers many different types of attacks including tactics like propaganda, espionage, sabotage and vandalism, all of which are an increasingly menacing threat to governments, businesses and individuals alike.
What is cyber warfare?
“Cyber war” is often defined as attacks on ‘virtual’ military and strategic resources, such as a military’s communication channel which functions over the internet or the SCADA system used to remotely administer a power plant. Another term, coined by NATO (North Atlantic Treaty Organization), is iWar, which applies more to a sense of total war, where nothing is off limits. Johnny Ryan, a Senior Researcher at the Institute of International and European Affairs, defines iWar as “attacks carried out over the internet that target the consumer internet infrastructure, such as the websites providing access to online services. While nation states can engage in ‘cyber’ and ‘informationalized’ warfare,” he says, “iWar can be waged by individuals, corporations, and communities.” Getting in to the semantics of “cyber war” vs. “iWar” is perhaps irrelevant to understanding the threat because they are the essentially the same thing being used for somewhat different purposes – they both refer to the internet being used to attack an enemy’s assets to advance one’s own plans, whether the goal be to damage an entire state, a business or an individual.
The most overt cyber war to date erupted during the Russia-Georgia conflict in mid 2008. Attackers targeted Georgian government websites, telecom infrastructure and other network based operations (businesses, banks and other institutions) with attacks mainly consisting of distributed denial of service (DDoS), which are meant to overwhelm the country’s internet-based infrastructure with bogus requests so that genuine requests are not given adequate service. The ham-fisted approach Georgian authorities had to take to protect their networks from DDoS attacks was to cut themselves off from the outside Internet completely. Even though it worked, perhaps also accomplishing the objective of the attacks, this is hardly an ideal solution. Georgian authorities blame state-sponsored hacker groups from Russia, but the Russian government has denied any involvement with the attacks.
While there has not been sufficient proof to convincingly tie the Russian government to the attacks, it is not difficult to imagine cyber war as being part of a country’s military strategy in the 21st century. In fact, both the US and China are openly developing cyber war wings of their respective militaries, both to deal with such an attack should it occur, and to carry out such attacks as well. McAfee, in their annual Virtual Criminology Report (2007) estimate more than 120 countries are leveraging the Internet for “political, military, and economic espionage activities.”
The motivation behind a cyber attack is clear – disrupt infrastructure and induce panic so that an actual physical attack (the traditional kind with tanks and aircraft) is more effective. This tactic is comparable to how the Allied forces bombed German production and communication facilities ahead of time to weaken their actual military defense. Whether it was the Russian government or just patriotic hacktivists behind the attacks on Georgian networks, it is clear they left them more vulnerable to the actual military operation.
Estonia was similarly attacked in 2007. The wave of DDoS attacks lasted 10 days and it is believed they involved nearly a million computers from about a hundred different countries across the world – all part of multiple botnets, working without the knowledge of their owners under the instruction of the bot herder, or controller. Attacked sites included several major banks, one of which—Hansabank—had to shut down operations temporarily and incurred losses of at least $1 million. The ten biggest measured attacks blasted Estonian networks with 90 megabits/second for up to 10 hours each, which is the data load equivalent of downloading a complete copy of Windows XP every 6 seconds.
The US has also been hit with major cyber attacks. A series of attacks targeting several military installations including the Army Information Systems Engineering Command and the Missile Defense Agency were carried out in 2002, which the US government code-named Titan Rain and attributed to China. Major General William Lord from the U.S. Air Force Office of Warfighting Integration said that China downloaded 10 to 20 terabytes of data during the breach. For comparison, the Library of Congress contains about 10 terabytes of data.
“The incidents in Estonia should be viewed as a wake-up call,” says Dr. Eugene Spafford, executive director of the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University. “Whether a cybercrime is staged by a competing nation state, a loosely organized cybercrime business or a lone person, information stored on the networks of governments and nationally-important organizations should be considered high-value targets.”
Much of today’s global economy infrastructure depends upon information systems. From utilities (electricity, water and gas) to transportation, from finance and banking to emergency services to government and military operations – everything depends more or less upon computer networks for handling information. The correct and efficient functioning of these systems is vital for not only carrying out day-to-day tasks but also proactive or reactive measures. For instance, a terrorist attack on a major city paired with a cyber attack on the emergency services and communications infrastructure would cause a significantly greater problem than a terrorist attack alone ever could. The city’s emergency services will be unable to function properly if their communication systems are being attacked by a DDoS attack, leading to possible more casualties due to mismanagement and lack of information. Different scenarios can be imagined endlessly, but the eye-opener is the fact that such a two pronged attack is very possible.
One of the biggest targets perhaps are critical infrastructure systems, such as power plants, banks and transport systems. Systems used to remotely monitor and manage these facilities are vulnerable to outside infiltration, and there is a fear that a hacker might be able to break into these systems and power down whole cities for any length of time. A team of hackers did just that in a staged break-in by the US Department of Energy when they demonstrated how easily a hacker could get in and overload a generator at a power plant, physically destroying it by doing so.
You don’t need to be a sophisticated hacker with exceptional computer skills to carry out a cyber attack – all you need is money and the right connections. For a country, cyber war means no limitations on how it engages an enemy. The cost of waging cyber war is negligible when compared to an all out offensive – for example, renting a botnet (a network of thousands of compromised computers under a hacker’s control, used to carry out distributed denial of service attacks) costs about 10 cents per minute of use, and the rates are falling. Cost varies, of course, depending on the number of bots and overall bandwidth available to the botnet, but overall they are extremely cheap and easy to acquire if one knows the right places. There are no geographical restrictions because every country in the world can be easily reached through the internet, and the actual operation does not always reveal itself to the public.
“There are signs that intelligence agencies around the world are constantly probing other governments’ networks looking for strengths and weaknesses and developing new ways to gather intelligence,” says Peter Sommer, who is an expert in information systems at the London School of Economics.
Cyber war isn’t just limited to denial of service attacks. A hacker who has managed to infiltrate a network can also choose to simply blend into the background and watch, simply monitoring the network and obtaining valuable information regarding its organization. The inhabitants of the network have no idea someone is listening in and carry on as usual, while the hacker can slip in and out without anyone the wiser. In addition, the hacker might also sabotage the workings of the compromised system, in so doing render it useless over a period of days, months or even years. Although this would take time and patience to go unnoticed, the hacker could gradually disable the system by destroying its accuracy. This type of attack could target a missile defense system, for example. But this is not just limited to military systems.
“Hackers could create chaos by manipulating information and electronic systems that the government, the military and private industry rely on,” said Joel Brenner of the United States Office of Counterintelligence Executive. “Water and sewer systems, electricity, financial markets payroll, air and ground traffic control systems… could all be subject to sophisticated attacks by both state-sponsored and freelance terrorists.”
Similar attacks on the transportation infrastructure, or even the financial sector could result in significant disasters or at the very least leave an economy with significant losses. Not to mention the effects of such an attack on government and military facilities. Although such systems may not usually be directly connected to the public internet, security holes or negligence (in this case not just bugs, but unanticipated circumstances as well) may render them vulnerable to outside attack.
The US military’s NIPRNet, for example, which carries non-classified yet critical logistical information such as aircraft locations, emails for the Department of Defence, etc. is connected to the public internet for obvious reasons. It is considered an “Achilles’ heel,” and there is a constant fear of infiltration and disruption from outside sources such as China and even Al-Qaeda.
It is evident that society is moving towards a more “wired” lifestyle, where we are constantly interacting with the ‘Net, be it for financial services, voting or personal work. Estonia, for example, which is globally recognized as a pioneer in e-government practices, serves as a sign of things to come. In a country with 70% of the total population using the internet at home, where 82% of all tax returns are submitted over the Internet and 62% of the population uses internet banking, the effects of a cyber attack can be disastrously crippling – and this was seen during the 2007 attacks. As the advent and availability of technology drives us towards a more and more digital lifestyle, our dependence upon information systems is bound to increase; this raises the likelihood and negative repercussion associated with an attack on such systems exponentially.
It is clear cyber attacks and cyber espionage are a rapidly evolving threat to every country’s national security. Daily attacks on government networks are already in their thousands and are bound to increase over time.
Some countries have already realized this and are working on ways to deal with the increasingly obvious issue, allocating millions of dollars to research and development of advanced e-security systems and response teams. But how exactly can a country deal with a cyber attack, and how can it protect its networks from intruders? How effective are these measures, and are we doing enough to make sure the internet doesn’t break out into an all-out cyber war?
All incidents and statistics mentioned in this article have been carefully verified and validated to the best of this author’s knowledge. Any inaccuracy is purely accidental and greatly regretted.