The cyberattacks that have been considered form of cyberwarfare were initially fairly benign and focused mainly on propaganda and information propagation. These attacks were reported as a list in 2001 and then again in 2006 during the Hezbolla-Israel conflict when Israel claimed the countries in the Middle East used Russian hackers and scientists for cyberwarfare.
When Israeli forces targeted Hezbolla's broadcast network in order to disable the ability to communicate, Hezbolla, in turn, hijacked vulnerable websites and continued to broadcast their propaganda through these sites.
Hezbolla used the websites to run recruitment videos, post bank account numbers for supporters to donate funds, and for the Hezbolla activities, and were able to run a very successfully propaganda campaign. During the conflict between Estonia and Russia which started in April 2007, over the relocation of a bronze statue of a soldier in Tallinn, cyberattacks are launched from Russia and targeted banks, media, and ministry. Denial of service attacks were primarily used to disable the websites of these institutions, mainly for adding psychological pressure on the government and the citizens of Estonia.
In September 2007, the website of the Kurgi's Central Election Commission was defaced and denial of service attacks were launched on the Internet service providers during the election campaign, and that led to accompanying riots. During the Russia-Georgia conflict in 2008, hacking attacks originating in Russia disabled Georgian information and government websites.
And similarly, North and South Korea have been trading allegations of launching cyberattacks against each other, many involving the disabling of websites since 2009, and as recently as last year.
In the aftermath of the 2010 Mumbai terrorist attacks, India and Pakistani hacking groups operating in different parts of the world attacked websites on government, military and intelligence agencies of each other's countries.
So there are numerous examples of these things going on, but remember that all of these attacks have low intensity and primarily aimed at gaining publicity. The sophistication and impact of cyberattacks has greatly increased by several orders of magnitude beginning in 2010. That's when the came changed, when Iranian nuclear facilities were targeted using the Stuxnet worm.
This worm was a very sophisticated malware that can impact power plants, oil pipelines, and other control systems throughout the globe. Stuxnet targeted the centrifuge of an Iranian nuclear reactors, thousands of which were damaged, rolled back their nuclear program by many, many years.
And in 2011, the command and control of the US fleet of Predator and Reaper drones was compromised when the entire communication system was being eavesdropped using keyloggers. Similarly, there have been an increasing numbers of attacks of Chinese hackers attempting not only to infiltrate US organizations, but for tracking dissidents and stealing proprietary information but also to infiltrate into military computers. So the stakes are getting higher and higher.
Generically, cyberattacks can be classified into four categories. The first is information gathering and espionage.
This typically involves classic reconnaissance and probing of military government and private networks, both trolling for useful data as well as identifying vulnerabilities in the networks and systems.
The primary impetus behind such activities is strategic in that acquiring such data provides technological know-how for exertion of future commercial and military leverage. This enables tracking the activities of key individuals and identifies attack vectors to exploit in case of extreme hostility, which means if war breaks out, they could exploit this vector.
The second results in a disruption of service is by using distributed denial of service attacks, or any of the specific attack vectors. Such disruption can also involve hijacking enemy websites for propaganda and publicity, and these have been the ones which have been most commonly seen thus far.
The third type of attack targets physical systems that are increasingly dependent on information and communication systems. Such attacks aim at disabling the cyber physical system such as programmable logical controllers and security systems that enable the operation of bank teller machines, power-grade sewage processing stations, and whatnot. There was an attack in Australia where the sewage pipes were spewing out sewage onto the lawn of a hotel, instead of actually sucking all of the sewage into the system, creating a lot of stink at the hotel. Now again, this was sending a message to the hotel. It was more of hacktivism than national infrastructure attack, but again, these are the possibilities.
Thus far, there are no reports of casualties from such forms of cyberwarfare that are not complimented by critic attacks. It is not inconceivable to imagine casualties and property damage in the future, if critical infrastructure is targeted wherein our services are disrupted, electric grid is disabled or controlled and train signals are manipulated. These are possibilities that we worry about.
The fourth type of attack for the information warfare by using social media channels and the web for propaganda and influencing public opinion. The power of this has been amply demonstrated, when Iranians used social media and the Internet to organize a protest falling the 2009 Presidential elections and publicize Google repression to gain sympathy around the world. This in turn has sparked protest that similarly leverage the Internet and social media to sweep away the ruling regimes of Tunisia, Egypt, Libya, and Yemen and shook other governments throughout the Middle East and North Africa in the Arab Spring.
No comments:
Post a Comment