Cyber Warfare

Cyberwarfare is any virtual conflict initiated as a politically motivated attack on an enemy’s computer and information systems. Waged via the Internet, these attacks disable financial and organizational systems by stealing or altering classified data to undermine networks, websites and services.

Cyberwarfare is also known as cyber warfare or cyber war.

Cyber warfare involves the actions by a nation-state or international organization to attack and attempt to damage another nation’s computers or information networks through, for example, computer viruses or denial-of-service attacks.

Cyberwarfare involves the following attack methods:

1. Sabotage: Military and financial computer systems are at risk for the disruption of normal operations and equipment, such as communications, fuel, power and transportation infrastructures.

2. Espionage and/or security breaches: These illegal exploitation methods are used to disable networks, software, computers or the Internet to steal or acquire classified information from rival institutions or individuals for military, political or financial gain.

On the flip side, systems procedures are continuously developed and tested to defend against cyberwarfare attacks. For example, organizations will internally attack its system to identify vulnerabilities for proper removal and defense. A common perception of a hacker is that of a teenage geek who fools breaks into computer systems for fun. While this perception was perhaps once true, modern cyberwarfare involves well trained, well funded professionals backed by nation states. Examples, such as the Stuxnet virus, are given by some experts to demonstrate that much more is happening behind the scenes, and that the front lines in future wars will be digital.

After land, sea, air and space, warfare has entered the fifth domain: cyberspace.

The big issue with cyber warfare is it’s often very hard to work out who launched the attack. Of course, we are able to assume and use some intelligence to uncover which country, state or group may have been responsible, but it’s easy to mask an identity online, and it’s equally easy to hide the true source of hacks, malware infections and other attack methods.

Military organisations and intelligence agencies have even been known to enlist the help of freelance criminals and other groups to launch an attack on their behalf, making it even trickier to pin down the perpetrator and punish them appropriately.

Is anyone under cyber warfare attack?

The answer, if you go by the dictionary definition, is an unequivocal yes. Along with most Western countries there are concerted cyber-attacks pretty much daily against government organisations and enterprises alike. But are we engaged in a cyberwar? Not according to the ‘clear and unambiguous’ attribution requirement.

We know that Russia and China are developing cyber weapons to use in any future cyber conflict, and the US, France and Israel are just as active as nation states leading the way in this endeavour. But that doesn’t mean we can say any of these countries are using them, although we know they have the capability and have done so in the past. Stuxnet, for example, was a joint venture between Israel and the USA to destroy Iran’s nuclear programme capability.

What weapons are used in cyber war?

Primarily, the weapons are not dissimilar to those we see being used in criminal attacks all the time. So, there are DDoS botnets to serve up denial of service attacks that can disrupt if not actually take strategic servers out of play. As in many data robberies, DDoS can be used as a resource diverting smokescreen for other activity on the network. Social engineering and spear phishing attacks are also weaponised to introduce an attacker into the system of an adversary. Assuming they don’t already have a mole to do it for them, yes the insider threat is a very real weapon in the cyber warfare armoury

Stuxnet is a great example of how multiple layers of attack can be successfully used. An inside man, mole or unknowing worker, physically inserted an infected USB stick into an air-gapped system. Malware using multiple zero-day exploits searched for specific software controlling centrifuges, and one located reprogrammed them to spin dangerously fast then slow, for a period of several months. Eventually the centrifuges broke, and more than 1,000 machines were effectively destroyed.

No weapon is more coveted than the zero-day exploit that targets a vulnerability nobody, other than the attackers, are aware of yet. Stuxnet used multiple 0days, with a dark market value in the millions, to ensure success. These are the secret weapons of the cyber arms race, more likely to be denied than proudly declared as defiant threats to would-be aggressors.

False flags

The only cyber weapon that is perhaps even more dangerous and disruptive than the zero day is the false flag. We know that, for example, the attack by the so-called ‘Cyber Caliphate’ claiming to be affiliated to ISIS on a US military database was a false flag operation by the Russian state-sponsored hacking group APT 28. Why does this matter? Because the US retaliated with kinetic attacks on cyber communication channels and drone strikes against human targets in Syria.