Cyber warfare: the battle has barely begun

2 Jun 2011

With the US developing cyber weapons and resolving to treat attacks on its computer networks as an act of war requiring a military response, it is clear that information warfare is occurring across the world at an accelerated pace.

Last year’s attack on Iran’s nuclear facilities via the Stuxnet worm – believed to have been developed by the Israeli secret service – and the recent attacks on military contractor Lockheed Martin’s computer networks are just scratching the surface of what’s really happening.

Just today it emerged that hackers based in China have stolen Gmail login details of hundreds of senior US and South Korean government officials and other Asian officials, as well as Chinese political activists, military personnel and journalists.

The responses of various countries will prove interesting. The US, in particular, has said it will perceive attacks on its networks as an attack on sovereign American soil and will respond, if possible, with conventional military, as well as state-of-the-art cyber force.

“If you shut down our power grid, maybe we will put a missile down one of your smokestacks,” a US military official was quoted as saying in a recent Wall Street Journal article.

The US is understood to have developed a list of cyber weapons, including viruses that can sabotage an adversary’s critical networks. The framework, which classifies these cyber weapons in the same light as an M-16 battle rifle or an Abrams battle tank, clarifies whether the US military needs presidential authorisation to penetrate a foreign computer network and leave a virus.

North Korea is understood to be scouring its universities for computer prodigies to send overseas for training as part of a plan to expand its cyber warfare unit, a defector has claimed. The students and their families will be awarded with special privileges, such as improved living accommodations.

“Computers have become an essential part of daily life not just for individuals and businesses but also for entire nations – performing critical functions in the control and delivery of services in areas such as utilities, transport, communications and also having a significant part to play in readiness and execution of military capabilities – both offensive and defensive,” explained Dermot Williams, managing director of Threatscape.

“So it should come as no surprise that in parallel to the recent growth in ‘cyber crime’ there is also much afoot in the realm of ‘cyber warfare’. In the case of the US, for instance, the news this week that their military planners are exploring scenarios in which a ‘traditional’ military action may be appropriate in response to a cyber attack, and are developing a framework governing the ‘rules of engagement’, gives an indication of the increasing focus and priority they are giving to cyber warfare.”

Tools, weapons and skills of cyber warriors

But what do we know about the tools and skills at the disposal of those involved in cyber warfare, and surely this is only the tip of the iceberg?

“There is no doubt that information warfare has become a high priority for multiple intelligence agencies and new cyber divisions being set up by various branches of armed services around the world. China alone are said to have more personnel involved in electronic warfare than many smaller countries have in their entire military,” Williams continued.

“While we know of many recent cyber incidents that have all the hallmarks of being attacks by or on nation states and their interests and infrastructure (Project Aurora, Stuxnet, RSA/Lockheed breach, Tunisian script injection, Iranian SSL certs, etc), there surely have been many more attacks – both successful and failed – which we do not know about, and probably never will.

“There are also multiple examples of agencies seeking to use intrusive IT methods to spy on their own citizens (Egyptian state services and FinFisher malware, HB Gary and Team Themis, etc) which are just as sinister – or maybe more so.”

Williams said that one of the most interesting issues that arises is that while many elements of IT security (such as strong encryption) are governed by export controls in many countries to prevent them being sold to unfriendly nations and totalitarian states, the development and sale of tools intended to defeat IT security does not seem to be subject to the same controls.

“Out of the industry of providing ‘lawful intercept’ technology (telephone tapping, etc) has emerged a range of companies developing intrusive software tools to aid in the remote monitoring and even penetration of computer systems.

“Yes, there are companies openly developing malware for sale to police forces (one can only wonder which countries allow the use of such tools on their own citizens; the FinFisher case confirms Egypt was one).

“There is even a lawful intercept conference in Prague later this month where multiple firms (including one from the UK and one from Italy) will be exhibiting such products for sale to the police personnel in attendance; their wares are openly promoted on the organisers’ website. And presumably there will be a portion of the delegates attending on behalf of intelligence and military employers.

“And let’s hope that’s all there is – and that well-funded terrorist and criminal organisations don’t manage to find their way in also. But with the strange allegiances at play in certain parts of the world, even that is not impossible.

“If you thought Stuxnet was ambitious in its aims, remarkable in its technology and astonishing in its alleged success – watch this space,” Williams concluded.

“When it comes to cyber warfare, the battle has only just begun …”

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years