The Art of Cyber Warfare, Part 1: The Digital Battlefield
Apr 29, 2008 4:00 AM PT
New-age warfare is here. Governments and Internet security firms are quietly gearing up for the potential onslaught. Don't think that cyber warfare is merely fuel for novel writers. Cyber attacks are being waged in increasing numbers.
Computer network attacks are often perpetrated by gangs of criminal hackers attempting to break into a system for financial gain. However, some criminal hacker groups are starting to test the same strategies on government agencies.
Though political attacks are not as common as those seeking personal and corporate information, cyber attacks for political purposes could just as easily be used as a weapon against governments. A country's national security could be severely threatened by a team of hackers successfully cracking certain computer systems run by government agencies.
Rumbles in Estonia
Perhaps the most notable example of cyber warfare threats was demonstrated last April in an apparent cyber attack on the nation of Estonia. Estonian officials pointed to Russian computers for much of the attacking traffic. But official accounts of the three-week attack stop short of directly blaming Moscow.
"Cyber warfare is not media hype," Tom Kellerman, vice president of security awareness at Core Security Technologies, told TechNewsWorld. "This dark secret is finally out of the bag. The Estonia attacks show what can happen. We've seen a 158 percent increase in cyber attacks. U.S. Department of Homeland Security statistics showed that 37,000 attempted breaches of government and private computer systems were reported in fiscal 2007, which ended Sept. 30, marking a dramatic increase from the 24,000 reported in 2006."
FBI reports from last year show that 108 countries have dedicated cyber attack capabilities, he added. Kellerman also serves on the Commission on Cyber Security for the 44th Presidency and is a former senior data risk management specialist for the World Bank Treasury Security Team.
Beginning April 27, 2007, about 1 million computers worldwide were reportedly used to conduct denial-of-service attacks on Estonian government and corporate Web sites. Over a three-week period, the attacks swamped Estonia's computer network with so much traffic that the government there was forced to shut them down.
The Estonian government reportedly traced much of the attacking traffic to Russian computers and found instructions in Russian on the Internet on how to carry out the attack. The Russian government denied any involvement.
However, one prominent theory among security experts is that Russian hackers were protesting the Estonian government's decision to move a popular monument.
In the aftermath of the attacks, NATO provided the Estonian government with some help in restoring the computer systems and investigating the attacks. Meanwhile, Estonian Defense Ministry spokesperson Madis Mikko likened the cyber attack to more traditional missile assaults on banks or airports, which would clearly be seen as an act of war.
Estonia established independence from the Soviet Union in 1991 and has since become a member of both NATO and the European Union. Earlier this year, it became the first country to allow online voting in a parliamentary election.
Regardless of the reasons behind the Estonian cyber attacks, the fact that it happened should raise the awareness of both enterprise and government officials. This incident is not an isolated matter, and it echoes a much-needed wake-up call.
"Cyber warfare attacks need to be seen in the broader context of increasing irregular warfare and terrorism," Tom Mullen, a member of PA Consulting Group's management team, told TechNewsWorld. He heads the firm's Federal and Defense Services practice. "Nations remain largely unprepared for asymmetric warfare, and the fact that so many recent attacks and campaigns have been successful adds to the need to prepare. The lessons of Iraq, Georgia, Lebanon and now Estonia are that asymmetric attacks work."
The challenge of irregular warfare in general is that it is adaptive, responsive and designed to strike an enemy where it is weak, he explained. Thus, a significant and sustained effort to protect against one tactic -- harden networks, for example -- would merely prompt one's adversary to pursue other tactics. These could include bombings, kidnappings and sabotage.
While some response to hardening computer networks is warranted, it is important to look holistically at risk and not overreact to one tactic, Mullen cautioned. Getting better at understanding the motivation and mindset is as important as strengthening individual areas.
New Attack Fronts
Whether a cyber attack is lodged against a business or a government, the attackers generally use the same methods. The only difference is the intended payload delivery to a targeted system. For instance, hackers can use customized Trojans aimed at government targets.
"We are seeing many cases of government and political Web sites being hacked," Derek Manky, lead cyber threat researcher for Internet security firm Fortinet, told TechNewsWorld. "Top-level domains are being targeted by criminal organizations. We are entering an age where this is a real serious threat."
Manky is concerned about the safety of critical infrastructures within countries. Financial institutions and utility grids are now prime targets of cyber warfare and cyber espionage, said Manky.
He is particularly concerned about the ability of SCADA (Supervisory Control and Data Acquisition) networks to withstand attacks. SCADA is a system used to control and monitor critical infrastructure, such as power, utility and transportation networks.
"Everything today is being integrated to Web 2.0. SCADA is supposed to be isolated from the Internet. But cost efficiencies are allowing WiFi and Web 2.0 applications to expose this grid through remote access," said Manky. "Attackers can use existing methods with inside connections to wage a cyber warfare attack."
March of the Botnets
Two factors that make cyber attacks so potentially dangerous are government sponsorship and the millions of available compromised computers throughout the world.
Some very large criminal hacking groups reside inside Russia. China continues to be the subject of allegations about political cyber activities.
"China is well known to provide safe haven for hacker groups and political activists. Nothing is stopping nations from developing cyber bullets," said Manky.
Security firms that track cyber threat activity see increasing signs of compromised computers being used to remotely wage attacks on a variety of targets. The role of botnets is a keen interest to Phyllis Schneck, vice president of research integration for Secure Computing Corporation.
"My biggest concern is how to protect from deliberate attack to critical infrastructure. We are making some progress, but it is an ever-present threat," Schneck told TechNewsWorld.
She described the role of botnets in waging attacks against governments or specific groups as nothing more than an abuse of the Internet through malware. Every unprotected computer is a potential new botnet member in the attacking cyber army, she concluded. In part 2 of Cyber Warfare: The Digital Battlefield, TechNewsWorld explores more of the threats posed by cyber attacks and what security experts are doing to protect the nation from cyber assaults.