Heading Off Hackers

Criminals wield computers as cheap, anonymous weapons
WRITER-ID | 1 July 2011

[Diálogo Illustration]

The internet has changed almost all aspects of human life, including warfare. Every political and military conflict now has a cyber dimension, whose size and impact are difficult to predict. computers and computer networks have provided a new delivery mechanism that can increase the speed, diffusion and significance of a national security threat. The constant evolution of information technology tends to leave both cyber law and cyber defense racing to keep up.

What military officers refer to as the “battlespace” grows more difficult to define and defend over time. today, cyber attacks can target political leadership, military systems and citizens anywhere in the world, during peacetime or war, with the added challenge of attacker anonymity.

Cyberspace as a war-fighting domain currently favors the attacker, in contrast to the historical understanding of warfare, in which the defender normally enjoys a significant home field advantage. Further, the terrestrial proximity of adversaries is unimportant because in cyberspace, everyone is a next-door neighbor. And there is little moral inhibition to computer hacking because it relates primarily to the use and abuse of computer code. So there is little perceived human suffering.

In spite of these advantages for the attacker, many analysts remain skeptical of the seriousness of the cyber threat. in part, this is because a real-world outcome is not guaranteed. in cyber warfare, tactical victories amount to a successful reshuffling of the bits — also known as ones and zeros — inside a computer. At that point, the attacker must wait to see if the intended realworld effects occur.

Types of cyber attacks

There are three basic types of cyber attack, from which all others derive:

Confidentiality — This encompasses any unauthorized acquisition of information, including via “traffic analysis,” in which an attacker infers communication content merely by observing communication patterns. Because global network connectivity is currently well ahead of global network security, it can be easy for hackers to steal enormous amounts of information.

Cyber terrorism and cyber warfare may still lie in our future, but we are already living in a golden age of cyber espionage. The most famous case to date is “Ghostnet,” investigated by Information Warfare Monitor, in which a cyber espionage network of more than 1,000 compromised computers in 103 countries targeted diplomatic, political, economic and military information.

Integrity — This is the unauthorized modification of information or information resources, such as a database. Such attacks can involve the sabotage of data for criminal, political or military purposes. cyber criminals have encrypted data on a victim’s hard drive, and then demanded a ransom payment in exchange for the decryption key.

Availability — The goal here is to prevent authorized users from gaining access to the systems or data they require to perform certain tasks. This is commonly referred to as a denial of service (DoS), and encompasses a wide range of malware, network traffic or physical attacks on computers, databases and the networks that connect them.

In 2001, “mafiaboy,” a 15-year-old student from Montreal, conducted a successful DoS attack against some of the world’s biggest online companies, likely causing more than $1 billion in financial damage. in 2007, Syrian air defense was reportedly disabled by a cyber attack moments before the israeli Air Force demolished an alleged Syrian nuclear reactor.

Hacker goals

A cyber attack is not an end in itself, but an extraordinary means to a wide variety of ends, limited primarily by the imagination of the attacker.

Espionage — Every day, anonymous computer hackers steal vast quantities of computer data and network communications. in fact, it is possible to conduct devastating intelligence-gathering operations, even on highly sensitive political and military correspondence, remotely from anywhere in the world.

Propaganda — Cheap and effective, this is often the easiest and most powerful form of attack. Digital information in text or image format, regardless of whether it is true, can be instantly copied and sent anywhere in the world, even deep behind enemy lines.

Denial of service — The simple goal is to deny the use of data or computers to legitimate users. The most common tactic is to flood the target with so much superfluous data that it cannot respond to real requests for services or information. other DoS attacks include the physical destruction of computer hardware and use of electromagnetic interference designed to destroy unshielded electronics via current or voltage surges.

Data modication — A successful attack on the integrity of sensitive data can mean that legitimate users (human or machine) will make important decisions based on maliciously altered information. Such attacks range from website defacement, which is often referred to as “electronic graffiti,” but which can still carry propaganda or misinformation, to the corruption of advanced weapons systems.

Infrastructure manipulation — National critical infrastructures (CI) are increasingly connected to the internet. however, because instant response may be required, and associated hardware may have insufficient computing resources, ci security may not be robust. The management of electricity could be especially important for national security planners to evaluate because electricity has no substitute, and all other infrastructures depend on it. Many ci are in private hands.

Cyber attacks in war

The tactics of war are radically different in cyberspace, and if there is a war between major world powers, the first victim of the conflict could be the internet itself. two broad categories of cyber attacks can exist during a major war:

Military forces — The attacks can be conducted as part of a broader effort to disable the adversary’s weaponry and to disrupt military command-and-control systems.

Civilian infrastructure — These can target the adversary’s ability and willingness to wage war for extended periods, and may include an adversary’s financial sector, industry and national morale. one of the most effective ways to undermine a variety of these second-tier targets is to disrupt power generation and supply. today, militaries can exploit global connectivity to conduct a full range of cyber attacks against adversary ci, deep behind the front lines of battle.

Looking to the future

The internet has changed the nature of warfare. computers are both a weapon and target. As with terrorism, hackers have found success in pure media hype. And the same is true as with weapons of mass destruction – it is difficult to retaliate against an asymmetric attack.

On balance, cyber warfare may favor nations robust in it, but the internet is a prodigious weapon for a weaker party to attack a stronger conventional foe. internetdependent nations have more to lose when the network goes down.

From a defensive standpoint, nations should invest in technologies that mitigate two key hacker advantages: poor attacker attribution and a high level of asymmetry. The often anonymous nature of computer hacking and its very high return on investment can prevent traditional risk mitigation, such as deterrence and arms control.

At this point in history, many governments may feel compelled to invest in cyber warfare, not only as a way to project national power but as the only means to defend their presence in cyberspace.

Kenneth Geers, Naval Criminal Investigative service, is the U.S. Representative to the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE). To learn more about the NATO CCDCOE, visit www.ccdcoe.org.

Cyber Security in the Americas

Latin america and the Caribbean have been preparing for cyber attacks for more than a decade, thanks to the organization of american states (oas), and investments by countries with high internet usage. the oas secretariat of the inter-american Committee against terrorism (CiCte), has conducted regular technical assistance missions and workshops throughout the region since 2004, visiting peru, Dominican republic, Colombia, ecuador, guatemala and others nations in 2010 and 2011. the purpose of the missions is to raise awareness about cyber security and develop a national Computer security incident response team (Csirt) in each country. the Csirts feed into a hemisphere-wide network for detecting and alerting cyber security-related crises, incidents and threats, and helping national law enforcement prosecute cyber criminals.

“It is imperative to expose the necessity of educating the final user, and the necessity of articulation and cooperation, externally and internally, between national actors in charge of managing cyber space threats,” wrote omar J. alvarado, general coordinator of the Csirt of Venezuela (VenCert), in a June 2010 oas newsletter. “each time there are more Certs [Computer emergency response teams] in the world which look to cooperate and join forces to attempt to contain cyber security threats.”

The oas counts 15 Csirt programs established in member states across the hemisphere, and all members participated in the hemispheric Cyber security and Cyber Crime Workshop on regional Coordination and information sharing held May 9-13, 2011, in Miami.

Brazil went a step further in september 2010 when the army’s Cyberwarfare Communication Center contracted a private security firm to provide additional protection to 37,500 computers belonging to the army’s military commands around the country. “We have approximately 60,000 computers throughout the country, and we suffer an average of 100 intrusion attempts each day across our 12 it centers,” said brigadier general antonino dos santos guerra in an interview with security Week. brazilian army operational agents will also undergo training as part of the agreement.

Sources: www.cicte.oas.org, www.securityweek.com

Like this Story? Yes 15
Loading Conversation