by Bobby Akart
The capabilities and scope of cyber attacks are just now starting to become understood by the public at large – in many cases, like Saudi ARAMCO, quite some time after an attack has taken place. These events have raised awareness within the informational technology sector and the government. A common language and lexicon must be established so that security issues can be shared between the private and public sectors, and with law enforcement, without the contrived anxiety, uncertainty and doubt that is perpetuated by politicians.
Chapter Three
The Fourth Dimension of Warfare
Cyber warfare continues to spread online although the spread of malicious online viruses may just be a precursor to the future of war.
"We operate in five domains: air, land, sea, and cyberspace," says Dan Kuehl, who manages information operations at the National Defense University in Washington, D.C. Kuehl admitted in an interview that a proficient hacker entering keystrokes on a computer is one of the new faces of war—every bit as powerful as tanks and missiles. Accordingly, Cyber War is now called the Fourth Dimension of Warfare.
A cyber war refers to conducting and preparing to conduct, military operations according to information-related principles. It means disrupting if not destroying the information and communications systems. The term is broadly defined to include even military culture on which an adversary relies in order to know itself — who it is, where it is, what it can do when, why it is fighting, which threats to encounter first, etc. It means trying to know all about the enemy while keeping the adversary from knowing much about oneself. It means turning the balance of observations and information in one’s favor, especially if the balance of military prowess is not. It means using intelligence so less military capital and labor may have to be expended.
This fourth dimension of warfare involves varied technologies—notably for intelligence collection, processing, and distribution; for tactical communications, positioning, and identification; and for smart weapons systems. This new aspect of warfare has a profound effect on military strategies, tactics, and weapons design. It can be used for defensive or offensive purposes and in all types of conflicts.
As an innovation of conflict, cyber warfare may be the twenty-first century equivalent of what blitzkrieg was to the twentieth-century battle fronts. The postmodern battlefield stands to be fundamentally altered by the information technology revolution, at both the strategic and the tactical levels. Even though its full design and implementation require advanced technology, cyber warfare is not reliant on advanced technology per se. A cyber war, whether waged by the United States or other actors, does not necessarily require the presence of advanced technology. The organizational and psychological dimensions may be as important as the technical.
PART TWO
The History and Early Uses of Cyber Warfare
Chapter Four
History of Cyber Warfare
For as long as the internet has been existence, vandals, spies and criminals have tried to exploit it. Early on, computer hacker Kevin Mitnick became a top target for the FBI for breaking into academic and corporate computer systems and causing millions of dollars in damage. After years of avoiding capture, he spent five years behind bars in the 1990s and was ordered to stay away from computers for three additional years while on probation. The Melissa and I Love You viruses of the late nineties drew widespread attention to expanding cyber threats and jump-started the sale of internet security software that is now a multibillion-dollar industry.
Cyber attacks have grown more frequent and destructive in recent years. One form of hacking — the denial-of-service (DoS) attack — has become a tool of war. The attacks are designed to paralyze websites, financial networks, and other computer systems by flooding them with data from outside computers. A fifteen-year-old Canadian with the moniker mafiaboy launched the first documented DoS attack in 2000 against eBay and Amazon.com, shutting some down and wreaking havoc that cost an estimated $1.7 billion. In 2007, entities believed to have been associated with the Russian government or its allies launched a DoS attack against the nation of Estonia. The cyber attack was undertaken as a result of a dispute sparked by the removal of a World War II–era Soviet soldier from a public park. The attacks crippled the Estonia's digital infrastructure, paralyzed government and media sites, and shut down the former Soviet Republic's largest bank. As discussed previously, a massive cyber attack against Georgia is believed to have taken place before Russia's invasion of the country in 2008, crippling the banking system and disrupting cell-phone service.
Government and private Web networks in the U.S. have emerged as frequent targets for those flouting the law. The Pentagon reported some four hundred million attempts to break into its computer systems in 2014, up from just six million in 2006. The intrusions include a successful attempt to hack into the $300 billion Joint Strike Fighter project and copy data about the aircraft's design and electronics systems. The espionage is believed to have originated in China.
Experts say computer criminals in China and Russia have also infiltrated America's electrical grid, covertly installing software with the potential to damage it at any time (naturally, both countries have denied such actions). The Pentagon has plans to quadruple the ranks of its cybersecurity experts, explaining that the country is under cyber attack all the time, every day.
Cyber spies also targeted regular citizens. News Headlines regularly tell of hackers ransacking computer networks for Social Security numbers, banking information and other data that could be used for potential identity theft. In a recent example, officials at the University of California, Berkeley, reported hackers stole the Social Security numbers of nearly all of its students, alumni and others during a six-month breach of the school's computer system. Other computer vandals have caused physical harm. A forum run by the Epilepsy Foundation had to be shut down after online intruders, in perhaps the nastiest prank yet, led visitors to sites featuring bright, flashing images known to potentially trigger seizures. Over recent years, cyber threats have become very diverse, and attacks have become more frequent and successful, highlighting the failure of government agencies and private institutions to protect themselves.
But it was July of 2010 that STUXNET marked the moment when Cyber Warfare became a reality—an attack originating in cyberspace targeting a part of a nation’s critical national infrastructure. The complexity of STUXNET suggests that the governments of Israel and the U.S. were heavily involved in its development. As a result, there are massive implications for how future wars will be fought, with conflict set to be characterized by a dual campaign in cyberspace and reality.
Chapter Five
Significant Events in the History of Cyber Warfare
The Trans-Siberian Soviet Pipeline Sabotage, 1982
Thomas C. Reed, a former Air Force secretary who served on President Ronald Reagan’s National Security Council, wrote about the event in At the Abyss: An Insider’s History of the Cold War. He summarized the operation as one example of cold-eyed economic warfare. In 1982, the Soviets actively pirated American software programs and technology to be used in the service of the former Soviet Union's gas supply. American intelligence became aware of this activity and in order to sabotage the Soviet efforts and disrupt their economy, the pipeline software utilized to run the pumps, turbines, and valves was programmed to malfunction, after a decent interval, to reset pump speeds and valve settings to produce pressures far beyond those acceptable to pipeline joints and welds. The result was the largest non-nuclear explosion and fire ever seen from space.
While there were no physical casualties from the pipeline explosion, there was significant damage to the Soviet economy. Its ultimate bankruptcy, not a bloody battle or nuclear exchange, helped bring the Cold War to an end. In time, the Soviets came to understand that they had been stealing bogus technology, but now what were they to do? By implication, the Soviets believed every aspect of their infrastructure might be infected. They had no way of knowing which software was
sound, which was infected. All was suspect, which was the intended endgame for the operation.
The faulty software was provided to the Russians after an agent recruited by the French and dubbed Farewell provided a shopping list of Soviet priorities, which focused on stealing Western technology. The software, which was allowed to be pirated, contained malfunctions resulting in the shutdown of many aspects of the Soviet critical infrastructure.
Kosovo War, May 7, 1999
The Kosovo conflict started in 1998 between Yugoslavian police and military forces and Albanian separatists in Kosovo. As the conflict spread, NATO launched an air strike campaign against Yugoslavia. The air strikes lasted for 78 days, after which Yugoslavia agreed to withdraw its forces out of Kosovo.
This was one of the first military conflicts with an extensive use of cyber activity. Many cyber attacks happened during the 78-day war. However, even though the military conflict ended after the Kumanovo peace treaty, the conflict remained in cyberspace as the cyber war continued between Serbian and Albanian hackers trying to disrupt internet websites and infrastructure of the other side for years. Eventually, NATO became the target as NATO suffered attacks on its computer systems from Serbia.
Estonia, May 2007
The Estonian virtual invasion consisted of distributed denial-of-service attacks. With DDoS attacks, hackers use other people's computers, sometimes halfway across the globe, to wreak virtual havoc. To launch DDoS attacks, hackers first access other people's computers through zombie applications, malicious software that overrides security measures or creates an entry point. Once hackers gain control over the so-called zombie computers, they can network them together to form cyber-armies or botnets. The Estonian attack relied on vast botnets to send the coordinated crash-inducing data to the Web servers. It was complex and efficient.
Hackers believed to be linked to the Russian government brought down the Web sites of Estonia’s parliament, banks, ministries, newspapers, and broadcasters. Cyber warriors blocked the websites of the Estonian government and clogged the country's Internet network. The attacks disrupted the use of Estonia’s websites for 22 days.
Russo – Georgia War, August 2008
Cyber attackers hijacked government and commercial web sites in Georgia during a military conflict with Russia. Russian forces invaded Georgia, preceded by cyber attacks on Georgian government and business websites and network infrastructure, disabling the country's Web-based communication with the outside world.
Cyber attacks continue to grow in number and sophistication each year. In 2006, Russian Mafia group Russian Business Network (RBN) began using malware for identity theft. By 2007, RBN completely monopolized online identity theft. By September 2007, their Storm Worm was estimated to be running on roughly one million computers, sending millions of infected emails each day.
In 2008, cyber attacks moved from personal computers to government institutions. On August 27, 2008, NASA confirmed a worm was found on laptops in the International Space Station; three months later Pentagon computers were hacked, allegedly by Russian hackers.
Financial institutions were next. The State Bank of India—India’s largest bank, was attacked by hackers located in Pakistan on December 25, 2008. While no data was lost, the attack forced the bank to temporarily shut down their website and resolve the issue.
Today, the use of cyber intrusion has grown to become the most potent weapon in many nations’ arsenals. As such, there are now three main methods of cyber warfare that have evolved—sabotage, electronic espionage, and attacks on electrical power grids. The third is perhaps most alarming and the U. S. is especially vulnerable. In 2012, the North American Electric Reliability Corporation (NERC) warned the U.S. electrical grid is susceptible to cyber attacks, which could lead to massive power outages, delayed military response, and economic disruption. Destruction of critical infrastructure will be the goals of hackers shortly.
PART THREE
Present day use of Cyber Warfare
Chapter Six
Major Players
First, a Note on the Hacker Culture
In general, hackers in the West are often anti-government and activists. They’re not usually patriotic, they’re not usually nationalistic, and often the majority of their cyber activities are considered criminal at worst, and cyber vandalism at best. In the East, hackers are pro-government, and their activities are ignored, if not condoned, by their governments. Countries like Iran, North Korea, and China are havens for cyber activity—which are deemed patriotic and nationalistic.
Who are the main actors?
CHINA
Governments have always kept secrets. Governments have always spied. But the dramatic focus on technological advances in cyber espionage and hacking is shifting the battle lines of the 21st century.
Cyber attacks have now joined the traditional weapons of government. Nation-states are exploiting gaps in foreign networks, collecting zero-day vulnerabilities and installing network surveillance as just some of their military and intelligence tactics.
This upsurge in cyber warfare activity is being engaged in openly between the United States and China. In 2015, a secret National Security Agency document uncovered revealed more than six hundred successful attacks by Chinese sources on American private and public networks over a five-year period.
As this cyber war heats up, analysts are now concerned a diplomatic Armageddon could fast be approaching as the two influential countries show no signs of backing down. It is a relationship characterized by mistrust between China and the U.S. The two countries have always maintained a strained relationship when the topic is discussed.
The interests of the two nations are often fundamentally opposed when it comes to issues of cyber activity and its governance. The U.S. plan calls for transparency and freedom of information while China relies upon state control over information in cyberspace. So far, China and the U.S. have restricted their cyber activities to military and economic espionage, rather than other forms of cyber attacks that might give rise to an act of war.
Recently, however, the cyber relationship between the U.S. and China has worsened with authorities engaged in petty responses to continued allegations of cyber espionage. In May of 2014, Attorney General Eric Holder filed hacking charges against five Chinese nationals for infiltrating US commercial targets by cyber activities. In response, the Beijing government suspended a joint working group on cyber security and began a retaliatory campaign against U.S. technology companies operating in China.
China has always denied any such activities, but that changed this year after the publication of their updated Science of Military Strategy, an extraordinary military treatise published by the top research institute of the People’s Liberation Army. The treatise acknowledged China's cyber capabilities for the first time. The document contains the military strategy and admits the government is highly motivated in the embracing of cyber espionage and network security.
It reveals that preemptive defenses, precision strike missiles, and cyber warfare, are an integral part of the Chinese military apparatus.
Unsurprisingly, an analysis of the document found the United States is the primary target of the PLA’s cyber warfare efforts.
Clearly, the US is China's main strategic adversary. Beijing believes Washington is actively trying to limit China's economic and military development. The Chinese maintain the United States is restricting its freedom of action internationally by using a broad combination of financial, diplomatic and military pressure.
An analysis of the Chinese policy outlined in the Science of Military Strategy reveals a three-pronged approach to cyber warfare.
First, China splits its cyber operations into three sections:
· Specialized military network warfare forces.
· The PLA's authorized forces such as the Ministry of State Security and the Ministry of Public Security.
· The non-governmental force of hackers who don't officially work for the government but can be c
alled into action when needed—the patriots.
It is this third category that is of concern to many rival nation-states given some of the victims targeted by this unaffiliated group of patriots.
"There is a spectrum of state sponsorship,” says Jen Weedon with FireEye, a world leader in cyber security. “There is certainly activity that we see that appears to be very state directed and then there's activity we see and research we have done on particular actors that indicate there are also contractors doing this activity and everything in between.”
"We have seen some elements of cyber tools, logistics and supply chains. For example, we have seen individual pieces of malware or backdoors that appear to be shared by a lot of different groups and may be getting it from a single source. There's clearly quite an extensive infrastructure behind this behavior," says Sean Sullivan, security advisor at F-Secure. He further argues that while these hacking groups often seem to work in the interests of China, there's no guarantee this will last indefinitely.
The vast majority of Chinese hacking is done by individuals politically sympathetic to China. Not all of it is directed by the state. Why don't Chinese hackers target China? Thus far, the economy is performing too well. Double-digit growth keeps their citizens happy and patriotic. Losing control of this talent is something that the Chinese government must be very concerned about.
The blurry line of the law
The Science of Military Strategy treatise elevates the nature of the threat to the United States, the West, and its businesses. It also illustrates the threat posed by the fact Chinese hackers steal intelligence and intellectual property.
