And so, we will look at what some of these motivations are for these countries. And there are several reports attributed to Chinese military officials, specifically discusses the need for China to devise cyber-warfare techniques to target enemy financial network, civilian electricity grids, and telecommunication networks. While installing malware on systems, ahead of launching cyber attacks, in a 2009 investigation by researchers at the University of Cambridge and the University of Toronto, a massive espionage network was discovered originating from China, that it infiltrated at least 1,200 computers in 103 countries, including many embassies, foreign ministries, and government offices, as well as the Dalai Lama's Tibetan exile centers in India, Brussels, London, and New York. In 2009, Chinese hackers reportedly launched an attack that penetrated computers of more than 30 companies, including Google and Yahoo. These attacks were camouflaged by multiple levels of encryption, allowing hackers to operate undetected for long periods of time. Attack vectors including a generic explorer remote code execution exploit were downloaded by email or instant message links. The militia then infected websites, hackers stole intellectual property, gained access to the email messages of human rights activists, and monitored their behavior.
The attacks purportedly came from Taiwan, but were traced back to Mainland China. So assigning attribution is often a very serious challenge.
For instance, let us consider the recent attack where purported attacks from North Korean hackers was done on the Sony studio. The attribution of that was never clear, but it was being attributed by different people to different organizations, including North Korea, including some hacker groups, including Russia, but it's never clear. And there's another example that the Taiwanese hacker could've attacked and purported attacks through electronic media.
But someone in Mainland China was actually responsible for that. So this misattribution is becoming a huge challenge.
In traditional warfare this is different. Where there's warfare between countries, where the enemy's identity is more or less readily discernible, not all attacks aim to disable computing and network infrastructure. And equal devastation is caused by use of social media for propaganda, manipulation of public opinion, and incitement of violence, hatred, and national, nation-state public disharmony. And so, we look at what this propaganda and social warfare can do.
The internet has amplified terrorist effectiveness many fold by enabling distribution of shared ideologies to a much wider population. For example, social networks are employed to foster member kinship, fuel member zeal and to act by propagating ideas about martyrdom and revenge. Public internet allows loosely connected terrorist groups to aggregate, forming larger networks. They're distributed, layered, and more redundant, and consequently more resistant to leadership changes and disruption, and even detection.
The ability to recruit members from population centers for terrorist acts are to be committed, rather than transporting operatives globally, give the terrorists a strategic advantage. That's another consequence of cyber warfare and the internet.
There is evidence that terrorists' reach is widening. And this can be seen from attacks across the globe, in Egypt, India, Indonesia, Pakistan, Russia, Spain, UK and the US. An important element in terrorist fight strategy is mobilizing public opinion. To sustain themselves, terrorist organization need sympathizers to willingly provide resources and logistic support, as well as to perpetrate their crimes.
Terrorist groups are able to launch effective propaganda using the internet, gaining influence over international affairs, including the flow of information, public opinion, and politics. And efforts intended to locate and share terrorist websites have been largely unsuccessful over the last ten years. The websites are able to crop up elsewhere. Counter-narratives are being used extensively to negate terrorist messages but with limited success.
Another source of threats come from sociopolitical groups operating independently or under direct patronage from national governments, which are very large threats. They have large social following and they're used for both propaganda and attacks. For instance, during Israel's great Gaza offensive in the Winter of 2009, a Moroccan based Islamic group hacked into a Israeli registration server and poisoned the routing table of popular domains to reel out users to a page featuring hacker-created anti-Israel messages, rather than launch a typical dos attack. Likewise, following the November 2008 attacks in Mumbai, hackers in India and Pakistan defaced government-sponsored web sites in Pakistan and Indian web sites respectively, throughout one another's national networks. Most such attacks can be categorized in news sensors drawing minimal attention to their respective causes. And affecting only specific government websites that are often quickly resolved.
However, deliberate attacks to disable a critical portion of national government web presence can affect communication between government and the citizens, demoralizing the citizens and destabilizing governments. These attacks reflect an even more disturbing trend with long-term ramification, especially as they links to political conflicts in nations. Within hours of the start of the Russia-Georgia war in 2008, Russian based cyber attackers disabled and defaced Georgian government web sites. The attacks were encouraged and facilitated by a Russian patriotic hacker group called Nashi and launched by seemingly ordinary citizens who could not be probably employed by the Russian government or military. While there is evidence that Russia was the source of the attack, no conclusive proof confirms Russian government involvement.
What was clear is that ordinary Russian citizens participated in the attacks. The hacker groups provided the resources and information to perform the attacks. And a large number of Russian citizens and expats launched them.
A similar attack in May 2007 was launched by Russian hackers against Estonian government websites was response to uprooting of a World War II memorial bronze statue, which was commemorating Russian military losses in the campaign to drive the Germans from the region in World War II. Numbers of attack participants can play an important role in such attacks.
Now, this raises an important question. As the disparity in internet availability is breached between developed and developing countries, countries with larger populations can expect to have a future strategic advantage. China and India, with populations of more than a billion each, will be powerful forces in citizen-led attacks. Ironically, botnets, which are blamed for many recent attacks, will be critical in shifting the strategic cyber warfare balance, as nations attempt to create botnets using resources from other countries to bridge this disparity. As a disparity in internet availability is bridged between developed and developing countries, countries with larger populations can expect to have a future strategic advantage.
The key question that we face, however, is how do we classify these attacks by ordinary citizens participating in these political conflicts? Are they criminals? Are they warriors? Are they patriots? The answer is neither obvious nor easy, but I see this implication in terms of law enforcement and international justice.
And that's something we need to ponder over. And these are the attacks that we have seen, but there's future battle that we need to worry about.
So let's look at some of these.
No comments:
Post a Comment