Cyber Warfare (6 page)

The Trans-Siberian Soviet Pipeline Sabotage, 1982

Thomas C. Reed, a former Air Force secretary who served on President Ronald Reagan’s National Security Council, wrote about the event in
At the Abyss: An Insider’s History of the Cold War
. He summarized the operation as one example of
cold-eyed economic warfare
. In 1982, the Soviets actively pirated American software programs and technology to be used in the service of the former Soviet Union's gas supply. American intelligence became aware of this activity and in order to sabotage the Soviet efforts and disrupt their economy, the pipeline software utilized to run the pumps, turbines, and valves was programmed to malfunction, after a decent interval, to reset pump speeds and valve settings to produce pressures far beyond those acceptable to pipeline joints and welds. The result was the largest non-nuclear explosion and fire ever seen from space.

While there were no physical casualties from the pipeline explosion, there was significant damage to the Soviet economy. Its ultimate bankruptcy, not a bloody battle or nuclear exchange, helped bring the Cold War to an end. In time, the Soviets came to understand that they had been stealing bogus technology, but now what were they to do? By implication, the Soviets believed every aspect of their infrastructure might be infected. They had no way of knowing which software was sound, which was infected. All was suspect, which was the intended endgame for the operation.

The faulty software was provided to the Russians after an agent recruited by the French and dubbed Farewell provided a shopping list of Soviet priorities, which focused on stealing Western technology. The software, which was
allowed
to be pirated, contained malfunctions resulting in the shutdown of many aspects of the Soviet critical infrastructure.

Kosovo War, May 7, 1999

The Kosovo conflict started in 1998 between Yugoslavian police and military forces and Albanian separatists in Kosovo. As the conflict spread, NATO launched an air strike campaign against Yugoslavia. The air strikes lasted for 78 days, after which Yugoslavia agreed to withdraw its forces out of Kosovo.

This was one of the first military conflicts with an extensive use of cyber activity. Many cyber attacks happened during the 78-day war. However, even though the military conflict ended after the Kumanovo peace treaty, the conflict remained in cyberspace as the cyber war continued between Serbian and Albanian hackers trying to disrupt internet websites and infrastructure of the other side for years. Eventually, NATO became the target as NATO suffered attacks on its computer systems from Serbia.

Estonia, May 2007

The Estonian virtual invasion consisted of distributed denial-of-service attacks. With DDoS attacks, hackers use other people's computers, sometimes halfway across the globe, to wreak virtual havoc. To launch DDoS attacks, hackers first access other people's computers through zombie applications, malicious software that overrides security measures or creates an entry point. Once hackers gain control over the so-called zombie computers, they can network them together to form cyber-armies or botnets. The Estonian attack relied on vast botnets to send the coordinated crash-inducing data to the Web servers. It was complex and efficient.

Hackers believed to be linked to the Russian government brought down the Web sites of Estonia’s parliament, banks, ministries, newspapers, and broadcasters. Cyber warriors blocked the websites of the Estonian government and clogged the country's Internet network. The attacks disrupted the use of Estonia’s websites for 22 days.

Russo – Georgia War, August 2008

Cyber attackers hijacked government and commercial web sites in Georgia during a military conflict with Russia. Russian forces invaded Georgia, preceded by cyber attacks on Georgian government and business websites and network infrastructure, disabling the country's Web-based communication with the outside world.

Cyber attacks continue to grow in number and sophistication each year. In 2006, Russian Mafia group Russian Business Network (RBN) began using malware for identity theft. By 2007, RBN completely monopolized online identity theft. By September 2007, their Storm Worm was estimated to be running on roughly one million computers, sending millions of infected emails each day.

In 2008, cyber attacks moved from personal computers to government institutions. On August 27, 2008, NASA confirmed a worm was found on laptops in the International Space Station; three months later Pentagon computers were hacked, allegedly by Russian hackers.

Financial institutions were next. The State Bank of India—India’s largest bank, was attacked by hackers located in Pakistan on December 25, 2008. While no data was lost, the attack forced the bank to temporarily shut down their website and resolve the issue.

Today, the use of cyber intrusion has grown to become the most potent weapon in many nations’ arsenals. As such, there are now three main methods of cyber warfare that have evolved—
sabotage
,
electronic espionage
, and
attacks on electrical power grids
. The third is perhaps most alarming and the U. S. is especially vulnerable. In 2012, the North American Electric Reliability Corporation (NERC) warned the U.S. electrical grid is susceptible to cyber attacks, which could lead to massive power outages, delayed military response, and economic disruption. Destruction of critical infrastructure will be the goals of hackers shortly.

PART THREE
Present day use of Cyber Warfare

Chapter Six
Major Players

First, a Note on the Hacker Culture

In general, hackers in the West are often anti-government and activists. They’re not usually patriotic, they’re not usually nationalistic, and often the majority of their cyber activities are considered criminal at worst, and cyber vandalism at best. In the East, hackers are pro-government, and their activities are ignored, if not condoned, by their governments. Countries like Iran, North Korea, and China are havens for cyber activity—which are deemed patriotic and nationalistic.

Who are the main actors?

CHINA

Governments have always kept secrets. Governments have always spied. But the dramatic focus on technological advances in cyber espionage and hacking is shifting the battle lines of the 21st century.

Cyber attacks have now joined the traditional weapons of government. Nation-states are exploiting gaps in foreign networks, collecting zero-day vulnerabilities and installing network surveillance as just some of their military and intelligence tactics.

This upsurge in cyber warfare activity is being engaged in openly between the United States and China. In 2015, a secret National Security Agency document uncovered revealed more than six hundred successful attacks by Chinese sources on American private and public networks over a five-year period.

As this cyber war heats up, analysts are now concerned a diplomatic Armageddon could fast be approaching as the two influential countries show no signs of backing down. It is a relationship characterized by mistrust between China and the U.S. The two countries have always maintained a strained relationship when the topic is discussed.

The interests of the two nations are often fundamentally opposed when it comes to issues of cyber activity and its governance. The U.S. plan calls for transparency and freedom of information while China relies upon state control over information in cyberspace. So far, China and the U.S. have restricted their cyber activities to military and economic espionage, rather than other forms of cyber attacks that might give rise to an act of war.

Recently, however, the cyber relationship between the U.S. and China has worsened with authorities engaged in petty responses to continued allegations of cyber espionage. In May of 2014, Attorney General Eric Holder filed hacking charges against five Chinese nationals for infiltrating US commercial targets by cyber activities. In response, the Beijing government suspended a joint working group on cyber security and began a retaliatory campaign against U.S. technology companies operating in China.

China has always denied any such activities, but that changed this year after the publication of their updated
Science of Military Strategy
, an extraordinary military treatise published by the top research institute of the People’s Liberation Army. The treatise acknowledged China's cyber capabilities for the first time. The document contains the military strategy and admits the government is highly motivated in the embracing of cyber espionage and network security.

It reveals that preemptive defenses, precision strike missiles, and cyber warfare, are an integral part of the Chinese military apparatus.

Unsurprisingly, an analysis of the document found the United States is the primary target of the PLA’s cyber warfare efforts.

Clearly, the US is China's main strategic adversary. Beijing believes Washington is actively trying to limit China's economic and military development. The Chinese maintain the United States is restricting its freedom of action internationally by using a broad combination of financial, diplomatic and military pressure.

An analysis of the Chinese policy outlined in the Science of Military Strategy reveals a three-pronged approach to cyber warfare.

First, China splits its cyber operations into three sections:

·
        
Specialized military network warfare forces.

·
        
The PLA's authorized forces such as the Ministry of State Security and the Ministry of Public Security.

·
        
The non-governmental force of hackers who don't officially work for the government but can be called into action when needed—the
patriots
.

It is this third category that is of concern to many rival nation-states given some of the victims targeted by this
unaffiliated
group of
patriots
.

"There is a spectrum of state sponsorship,” says Jen Weedon with FireEye, a world leader in cyber security. “There is certainly activity that we see that appears to be very state directed and then there's activity we see and research we have done on particular actors that indicate there are also contractors doing this activity and everything in between.”

"We have seen some elements of cyber tools, logistics and supply chains. For example, we have seen individual pieces of malware or backdoors that appear to be shared by a lot of different groups and may be getting it from a single source. There's clearly quite an extensive infrastructure behind this behavior," says Sean Sullivan, security advisor at F-Secure. He further argues that while these hacking groups often seem to work in the interests of China, there's no guarantee this will last indefinitely.

The vast majority of Chinese hacking is done by individuals politically sympathetic to China. Not all of it is directed by the state. Why don't Chinese hackers target China? Thus far, the economy is performing too well. Double-digit growth keeps their citizens happy and
patriotic
. Losing control of this talent is something that the Chinese government must be very concerned about.

The blurry line of the law

The Science of Military Strategy treatise elevates the nature of the threat to the United States, the West, and its businesses. It also illustrates the threat posed by the fact Chinese hackers steal intelligence and intellectual property.

Sullivan notes that this is a fundamental difference in how China acts in the cyber arena, when compared to the U.S.

"When the US spies, it does so to level the playing field. In a well-known example, the U.S. spied on Airbus to prevent bribes in the Middle East. But, according to the US, no intellectual property was transferred from Airbus to Boeing. China doesn't see the distinction," he said.

This is an example of how the usual rules and treaties that apply to armed conflicts and intelligence have not been extended to cyber warfare.

"There aren't any international agreements governing
peacetime
intelligence gathering," Sullivan said. "Cyber technologies have changed the nature of intelligence gathering. And perhaps it's time to write some new treaties of what's acceptable and what's not."

Is there a red line that can be crossed
?

The need for such treaties in the cyber realm was underlined in 2015 after the breach at the US Office of Personnel Management (OPM), perhaps the most high-profile case of cyber-espionage in recent times.

The OPM revealed that over 21.5 million federal records had been stolen, including Social Security numbers, education history, employment history, and financial background of federal employees. Later in 2015, the OPM admitted nearly six million fingerprints were also obtained via a different cyber intrusion. FBI Director James Comey said in a US Senate appearance that even his information was likely to have been compromised, showing the full scope of the breach.