Cyber Warfare (5 page)

In preparation for the Russia-Georgia border war in 2007, Russian hackers covertly penetrated the internet infrastructure of Georgia to deploy an array of DDOS attacks, logic bombs, and other cyber tools. Once the hot war began, the cyber weapons disabled the Tbilisi government and paralyzed Georgia’s financial system. The resulting uncerainty lead to a de facto international banking quarantine as international lenders and other payments processors feared infection from the cyber attack.

The United States and Israel designed the Stuxnet computer worm and remotely introduced it into industrial control systems of Iran that were critical to the country’s nuclear program. A long series of unfortunate accidents severely disrupted the Iranian nuclear program. Administration estimates reveal the Iranian nuclear program was set back by a couple of years.

The use of cyber attacks can make espionage appear so widespread and systematic that it creates a climate of insecurity resulting in increased public demands for a robust response. According to a 2013 study, Chinese cyber divisions have conducted espionage operations against nearly 200 American companies since 2006, pirating hundreds of terabytes of data. The Chinese cyber unit, located in Shanghai, apparently have been no direct human collaborators in the targeted companies. The media broadly covered this report coupled with other allegations of rampant Chinese cyber espionage. Enhanced public awareness played a role in the U.S. Department of Justice decision to indict Chinese military intelligence officers for cyber espionage. As a result of the public outcry, calls to engage in offensive cyber operations and take other stiff measures have increased.

Then there are the hacktivists. Hacker groups with ambiguous relationships to nation-states often play a clandestine role in cyber warfare. They provide cover for a government’s cyber activities. They are useful cyber proxies in cyber warfare.

The Russians are notorious for using criminal groups and other hackers with no overt links to the Russian Government. Russian cyber operations against Ukraine this year, Georgia in 2008, and Estonia in 2007 appear to have been carried out for the most part by unassociated hackers—although the affected governments and independent security researchers have charged a relationship exists.

China apparently tolerates and encourages
patriotic hackers
who have disrupted the computer networks of U.S., Japanese, and other organizations at times of diplomatic tension.

Finally, there is the ARAMCO cyber attack. Saudi Aramco, officially the Saudi Arabian Oil Company, most popularly known just as Aramco is a Saudi Arabian national petroleum and natural gas company based in Dhahran, Saudi Arabia. In 2012, the hackers, acting under the direction of the Iranian Government, attacked the websites and communications networks of the energy giant ARAMCO. The Saudi Aramco attack by the Iranians were purportedly carried out by independent hacker groups who infiltrated and disrupted political opposition groups’ websites.

Like many cyber intrusions, one of the computer technicians on Saudi ARAMCO's information technology team opened a scam email and clicked on a malicious link. The hackers were in.

The actual attack began during the Islamic holy month of Ramadan when most Saudi ARAMCO employees were on holiday. On the morning of Wednesday, Aug. 15, 2012, the few employees noticed their computers were acting weird. Screens started flickering. Files began to disappear. Some machines just shut down without explanation.

That morning, a group calling itself
Cutting Sword of Justice
claimed responsibility, citing ARAMCO 's support of the Al Saud royal family's authoritarian regime.

"This is a warning to the tyrants of this country and other countries that support such criminal disasters with injustice and oppression," the group said.

In a matter of hours, 35,000 computers were partially wiped or entirely destroyed. Without a way to pay them, gasoline tank trucks seeking refills had to be turned away. ARAMCO’s ability to supply ten percent of the world's oil was suddenly at risk.

And one of the most valuable companies on Earth was propelled back into 1970s technology, using typewriters and faxes.

In a frantic rush, Saudi Aramco's computer technicians ripped cables out of computer servers at data centers all over the world. Every office was physically unplugged from the Internet to prevent the virus from spreading further.

Oil production remained steady at 9.5 million barrels per day, according to company records. Drilling and pumping of petroleum were automated, but the rest of the operation was in turmoil. Managing supplies, shipping, contracts with governments and business partners—all of that was forced to happen on paper.

Without the internet at the office, corporate email was gone. Office phones were dead. Employees wrote reports on typewriters. Contracts were passed around with interoffice mail. Lengthy, lucrative deals needing signatures were faxed one page at a time.

The company temporarily stopped selling oil to domestic gas tank trucks. After 17 days, the corporation relented and started giving oil away for free to keep it flowing within Saudi Arabia.

The capabilities and scope of cyber attacks are just now starting to become understood by the public at large – in many cases, like Saudi ARAMCO, quite some time after an attack has taken place. These events have raised awareness within the informational technology sector and the government. A common language and lexicon must be established so that security issues can be shared between the private and public sectors, and with law enforcement, without the contrived anxiety, uncertainty and doubt that is perpetuated by politicians.

Chapter Three
The Fourth Dimension of Warfare

Cyber warfare continues to spread online although the spread of malicious online viruses may just be a precursor to the future of war.

"We operate in five domains: air, land, sea, and cyberspace," says Dan Kuehl, who manages information operations at the National Defense University in Washington, D.C. Kuehl admitted in an interview that a proficient hacker entering keystrokes on a computer is one of the new faces of war—
every bit as powerful as tanks and missiles
. Accordingly, Cyber War is now called the
Fourth Dimension of Warfare
.

A cyber war refers to conducting and preparing to conduct, military operations according to information-related principles. It means disrupting if not destroying the information and communications systems. The term is broadly defined to include even military culture on which an adversary relies in order to
know itself
— who it is, where it is, what it can do when, why it is fighting, which threats to encounter first, etc. It means trying to know all about the enemy while keeping the adversary from knowing much about oneself. It means turning the balance of observations and information in one’s favor, especially if the balance of military prowess is not. It means using intelligence so less military capital and labor may have to be expended.

This fourth dimension of warfare involves varied technologies—notably for intelligence collection, processing, and distribution; for tactical communications, positioning, and identification; and for smart weapons systems. This new aspect of warfare has a profound effect on military strategies, tactics, and weapons design. It can be used for defensive or offensive purposes and in all types of conflicts.

As an innovation of conflict, cyber warfare may be the twenty-first century equivalent of what
blitzkrieg
was to the twentieth-century battle fronts. The postmodern battlefield stands to be fundamentally altered by the information technology revolution, at both the strategic and the tactical levels. Even though its full design and implementation require advanced technology, cyber warfare is not reliant on advanced technology per se. A cyber war, whether waged by the United States or other actors, does not necessarily require the presence of advanced technology. The organizational and psychological dimensions may be as important as the technical.

PART TWO
The History and Early Uses of Cyber Warfare

Chapter Four
History of Cyber Warfare

For as long as the internet has been existence, vandals, spies and criminals have tried to exploit it. Early on, computer hacker Kevin Mitnick became a top target for the FBI for breaking into academic and corporate computer systems and causing millions of dollars in damage. After years of avoiding capture, he spent five years behind bars in the 1990s and was ordered to stay away from computers for three additional years while on probation. The
Melissa
and
I Love You
viruses of the late nineties drew widespread attention to expanding cyber threats and jump-started the sale of internet security software that is now a multibillion-dollar industry.

Cyber attacks have grown more frequent and destructive in recent years. One form of hacking — the denial-of-service (DoS) attack — has become a tool of war. The attacks are designed to paralyze websites, financial networks, and other computer systems by flooding them with data from outside computers. A fifteen-year-old Canadian with the moniker
mafiaboy
launched the first documented DoS attack in 2000 against eBay and Amazon.com, shutting some down and wreaking havoc that cost an estimated $1.7 billion. In 2007, entities believed to have been associated with the Russian government or its allies launched a DoS attack against the nation of Estonia. The cyber attack was undertaken as a result of a dispute sparked by the removal of a World War II–era Soviet soldier from a public park. The attacks crippled the Estonia's digital infrastructure, paralyzed government and media sites, and shut down the former Soviet Republic's largest bank. As discussed previously, a massive cyber attack against Georgia is believed to have taken place before Russia's invasion of the country in 2008, crippling the banking system and disrupting cell-phone service.

Government and private Web networks in the U.S. have emerged as frequent targets for those flouting the law. The Pentagon reported some four hundred million attempts to break into its computer systems in 2014, up from just six million in 2006. The intrusions include a successful attempt to hack into the $300 billion Joint Strike Fighter project and copy data about the aircraft's design and electronics systems. The espionage is believed to have originated in China.

Experts say computer criminals in China and Russia have also infiltrated America's electrical grid, covertly installing software with the potential to damage it at any time (naturally, both countries have denied such actions). The Pentagon has plans to quadruple the ranks of its cybersecurity experts, explaining that the country is under cyber attack all the time, every day.

Cyber spies also targeted regular citizens. News Headlines regularly tell of hackers ransacking computer networks for Social Security numbers, banking information and other data that could be used for potential identity theft. In a recent example, officials at the University of California, Berkeley, reported hackers stole the Social Security numbers of nearly all of its students, alumni and others during a six-month breach of the school's computer system. Other computer vandals have caused physical harm. A forum run by the Epilepsy Foundation had to be shut down after online intruders, in perhaps the nastiest prank yet, led visitors to sites featuring bright, flashing images known to potentially trigger seizures. Over recent years, cyber threats have become very diverse, and attacks have become more frequent and successful, highlighting the failure of government agencies and private institutions to protect themselves.

But it was July of 2010 that STUXNET marked the moment when Cyber Warfare became a reality—an attack originating in cyberspace targeting a part of a nation’s critical national infrastructure. The complexity of STUXNET suggests that the governments of Israel and the U.S. were heavily involved in its development. As a result, there are massive implications for how future wars will be fought, with conflict set to be characterized by a dual campaign in cyberspace and reality.

Chapter Five
Significant Events in the History of Cyber Warfare