Cyberspace and the changing nature of warfareStrategists must be aware that part of every political and military conflict will take place on the internet, says Kenneth Geers. Practically everything that happens in the real world is mirrored in cyberspace. For national security planners, this includes propaganda, espionage, reconnaissance, targeting, and – to a limited extent – warfare itself. Strategists must be aware that part of every political and military conflict will take place on the internet, whose ubiquitous and unpredictable characteristics mean that the battles fought there can be just as important, if not more so, than events taking place on the ground. Aggressive cyberwarfare strategies and tactics offer many advantages to their prospective employers, and current events demonstrate that cyber conflict is already commonplace around the world. As a consequence, national security leadership must dramatically improve its understanding of the technology, law, and ethics of cyber attack and defense, so that it can competently factor cyberwarfare into all stages of national security planning.Cyberwarfare: Strategy The internet's imperfect design allows hackers to surreptitiously sur·rep·ti·tious adj. 1. Obtained, done, or made by clandestine or stealthy means. 2. Acting with or marked by stealth. See Synonyms at secret. read, delete, and/or modify information stored on or traveling between computers. There are about 100 additions to the Common Vulnerabilities and Exposures (CVE (Common Vulnerabilities and Exposures) A list of information security exposures and vulnerabilities sponsored by US-CERT and maintained by the MITRE Corporation. ) database each month.1 Attackers, armed with constantly evolving malicious code, likely have more paths into your network and the secrets it contains than your system administrators can protect. The objectives of cyberwarfare practitioners speak for themselves: the theft of research and development data, eavesdropping Secretly gaining unauthorized access to confidential communications. Examples include listening to radio transmissions or using laser interferometers to reconstitute conversations by reflecting laser beams off windows that are vibrating in synchrony to the sound in the room. on sensitive communications, and the delivery of powerful propaganda deep behind enemy lines (to name a few). The elegance of computer hacking lies in the fact that it may be attempted for a fraction of the cost – and risk – of any other information collection or manipulation strategy. Cyberdefense is still an immature discipline. Traditional law enforcement skills are inadequate, and it is difficult to retain personnel with highly marketable technical skills. Challenging computer investigations are further complicated by the international nature of the internet. Finally, in the case of state-sponsored computer network operations Computer Network Operations (CNO) is a U.S. military doctrinal term which comprises computer network attack, computer network defense, and related computer network exploitation enabling operations. , law enforcement cooperation will be either Potemkin or nonexistent non·ex·is·tence n. 1. The condition of not existing. 2. Something that does not exist. non . The maze-like architecture of the internet offers cyber attackers a high degree of anonymity In anonymity networks (e.g. Tor, Crowds, Tarzan, etc.) it is important to be able to measure quantitatively the guarantee that is given to the system. The degree of anonymity  globalization globalizationProcess by which the experience of everyday life, marked by the diffusion of commodities and ideas, is becoming standardized around the world. Factors that have contributed to globalization include increasingly sophisticated communications and transportation and the internet have considerably strengthened the ability of anyone to follow current events, as well as the power to shape them. Transnational subcultures now spontaneously coalesce co·a·lesce intr.v. co·a·lesced, co·a·lesc·ing, co·a·lesc·es 1. To grow together; fuse. 2. To come together so as to form one whole; unite: online, and influence myriad political agendas, without reporting to any chainofcommand. A challenge for national security leadership is whether such activity could spin delicate diplomacy out of control.Cyberwarfare: Tactics Increasingly, governments around the world complain publicly of cyber espionage.2 On a daily basis, anonymous computer hackers secretly and illegally copy vast quantities of computer data and network communications. Theoretically, it is possible to conduct devastating dev·as·tate tr.v. dev·as·tat·ed, dev·as·tat·ing, dev·as·tates 1. To lay waste; destroy. 2. To overwhelm; confound; stun: was devastated by the rude remark. intelligencegathering operations, even on highly sensitive Adj. 1. highly sensitive - readily affected by various agents; "a highly sensitive explosive is easily exploded by a shock"; "a sensitive colloid is readily coagulated" political and military communications Military communications, or Signals, is a field of military activities, tactics and equipment dealing with communications. First of all, military communications are battlefield (combat) communications, including intercommunication with a higher command or country's , remotely from anywhere in the world. Cheap and effective, propaganda is often both the easiest and the most powerful cyber attack. Digital information, in text or image format –and regardless of whether it is true – can be instantly copied and sent anywhere in the world, even deep behind enemy lines. And provocative information that is removed from the Web may appear on another website in seconds. The simple strategy behind a DoS attack See denial of service attack. is to deny the use of a computer resource to legitimate users. The most common tactic is to flood the target with so much superfluous data that it cannot respond to real requests for services or information. Other DoS attacks include physical destruction of computer hardware and the use of electromagnetic interference See EMI. , designed to destroy unshielded Adj. 1. unshielded - (used especially of machinery) not protected by a shield unprotected - lacking protection or defense electronics via current or voltage surges.3 Data modification is extremely dangerous Exteremely Dangerous is a 1999 four part series for ITV starring Sean Bean as an ex-MI5 undercover agent convicted of the brutal murder of his wife and child who goes on the run to try and clear his name. He sets out to follow up a strange clue sent to him in prison. , because a successful attack can mean that legitimate users (human or machine) will make an important decision(s) based on maliciously altered information. Such attacks range from website defacement A website defacement is when a Defacer breaks into a web server and alters the hosted website or creates one of his own. A message is often left on the webpage stating his or her pseudonym and the output from "uname -a" and the "id" command along with "shout outs" to his or (often referred to as “electronic graffiti,” but which can still carry propaganda or disinformation dis·in·for·ma·tion n. 1. Deliberately misleading information announced publicly or leaked by a government or especially by an intelligence agency in order to influence public opinion or the government in another nation: ) to database attacks intended to corrupt weapons or Command and Control (C2) systems. National critical infrastructures are, like everything else, increasingly connected to the internet. However, because instant response is often required, and because associated hardware may have insufficient computing resources, security may not be robust. The management of electricity may be especially important for national security planners to evaluate, because electricity has no substitute, and all other infrastructures depend on it.4 Finally, it is important to note that almost all critical infrastructures are in private hands.Chechnya 1994: Propaganda In the internet era, unedited news from a war front can arrive in real-time. internet users worldwide play an important role in international conflicts simply by posting information, in either text or image format, to a website.Since the earliest days of the World Wide Web, pro-Chechen and pro-Russian forces have waged a virtual war on the internet, simultaneous to their conflict on the ground. The Chechen separatist movement in particular is considered a pioneer in the use of the web as a tool for delivering powerful public relations public relations, activities and policies used to create public interest in a person, idea, product, institution, or business establishment. By its nature, public relations is devoted to serving particular interests by presenting them to the public in the most messages. The skillful skill·ful adj. 1. Possessing or exercising skill; expert. See Synonyms at proficient. 2. Characterized by, exhibiting, or requiring skill. placement of propaganda and other information, such as the number to a war funds bank account in Sacramento, California, helped to unite the Chechen diaspora.5 The most effective information, however, was not pro-Chechen, but anti-Russian. Digital images of bloody corpses served to turn public opinion against perceived Russian military excesses. In 1999, just as Kremlin officials were denying an incident in which a Chechen bus was attacked and many passengers killed, images of the incident appeared on the web.6 As technology progressed, internet surfers watched streaming videos of favorable Chechen military activity, such as ambushes on Russian military convoys.7 The Russian government admitted the need to improve its tactics in cyberspace. In 1999, Vladimir Putin, then Russia's Prime Minister, stated that “we surrendered this terrain some time ago ... but now we are entering the game again.” Moscow sought the help of the West in shutting down the important pro-Chechen kavkaz.org website, and “the introduction of centralized military censorship regarding the war in the North Caucasus” was announced.8 During the second Chechen war The Second Chechen War is a military campaign conducted by Russia starting August 26 1999, in which Russian forces largely recaptured the separatist region of Chechnya.[4] (1999-2000), Russian officials were accused of escalating the cyber conflict, by hacking into Chechen websites. The timing and sophistication so·phis·ti·cate v. so·phis·ti·cat·ed, so·phis·ti·cat·ing, so·phis·ti·cates v.tr. 1. To cause to become less natural, especially to make less naive and more worldly. 2. of at least some of the attacks suggested nationstate involvement. For example, kavkaz.org (hosted in the U.S.) was reportedly knocked offline simultaneous to the storming by Russian special forces of a Moscow theater under siege by Chechen terrorists.9Kosovo 1999: Hacking the military In globalized, internet-era conflicts, anyone with a computer and a connection to the internet is a potential combatant. NATO's first major military engagement followed the explosive growth of the web during the 1990s. Just as Vietnam was the world's first TV war, Kosovo was its first broadscale internet war.As NATO NATO: see North Atlantic Treaty Organization. NATO in full North Atlantic Treaty Organization International military alliance created to defend western Europe against a possible Soviet invasion. planes began to bomb Serbia, numerous pro-Serbian (or anti-Western) hacker groups, such as the Black Hand, began to attack NATO internet infrastructure. It is unknown whether any of the hackers worked directly for the Yugoslav military; regardless, their stated goal was to disrupt NATO's military operations.10 The Black Hand, which borrowed its name from the Pan-Slavic secret society that helped to start World War I, claimed it could enumerate To count or list one by one. For example, an enumerated data type defines a list of all possible values for a variable, and no other value can then be placed into it. See device enumeration and ENUM. NATO's “most important” computers, and that through hacking it would attempt to “delete all the data” on them. The group claimed success on at least one U.S. Navy computer, and stated that it was subsequently taken offline.11 NATO, U.S., and U.K. computers were all attacked during the war, via denial-of-service and virus-infected email (25 different strains of viruses were detected).12 In the U.S., the White House website was defaced de·face tr.v. de·faced, de·fac·ing, de·fac·es 1. To mar or spoil the appearance or surface of; disfigure. 2. To impair the usefulness, value, or influence of. 3. , and a Secret Service investigation ensued. While the U.S. claimed to have suffered “no impact” on the overall war effort, the UK admitted to having lost at least some database information.13 At NATO headquarters in Belgium, the attacks were a public relations and propaganda victory for the hackers. The NATO public affairs website for the war in Kosovo, where the organization sought to portray its side of the conflict via briefings and news updates, was “virtually inoperable inoperable /in·op·er·a·ble/ (in-op´er-ah-b'l) not susceptible to treatment by surgery. in·op·er·a·ble adj. Unsuitable for a surgical procedure. for several days.” NATO spokesman Jamie Shea blamed “line saturation” on “hackers in Belgrade.” A simultaneous flood of email successfully choked NATO's email server. As the organization endeavored to upgrade nearly all of its computer servers, the network attacks, which initially started in Belgrade, began to emanate from all over the world.14Middle East 2000: Targeting the economy During the Cold War, the Middle East often served as a proving ground for military weapons and tactics. In the internet era, it has done the same for cyberwarfare.In October 2000, following the abduction Abduction Balfour, David expecting inheritance, kidnapped by uncle. [Br. Lit.: Kidnapped] Bertram, Henry kidnapped at age five; taken from Scotland. [Br. Lit. of three Israeli soldiers, blue and white flags and a sound file playing the Israeli national anthem were planted on a hacked Hizballah website. Subsequent pro-Israeli attacks targeted the official websites of military and political organizations perceived hostile to Israel, including the Palestinian National Authority Noun 1. Palestinian National Authority - combines the Gaza Strip and the West Bank under a political unit with limited autonomy and a police force; created in 1993 by an agreement between Israel and the PLO Palestine Authority, Palestine National Authority , Hamas, and Iran.15 Retaliation from Pro-Palestinian hackers was quick, and much more diverse in scope. Israeli political, military, telecommunications, media, and universities were all hit, and the attackers also targeted sites of pure economic value, including the Bank of Israel The Bank of Israel (Hebrew: בנק ישראל) is the central bank of Israel. The Bank of Israel is located in Jerusalem, with a branch office in Tel Aviv. , e-commerce sites, and the Tel Aviv Stock Exchange Tel Aviv Stock Exchange Israel's only stock exchange. . At the time, Israel was more wired to the internet than all of its neighbors combined, so there was no shortage of targets. The .il country domain provided a well-defined list that pro-Palestinian hackers worked through methodically.Wars often showcase new tools and tactics. During this conflict, the “Defend” DoS program was used to great effect by both sides, demonstrating in part that software can be copied more quickly than a tank or a rifle. Defend's innovation was to continually revise the date and time of its mock Web requests; this served to defeat the webcaching security mechanisms of the time.16 The Middle East cyberwar Refers to hostile attacks and illegal invasions of computer systems and networks. See information warfare. demonstrated that internet-era political conflicts quickly become internationalized. For example, the Pakistan Hackerz Club penetrated the U.S.-based pro-Israel lobby AIPAC AIPAC American Israel Public Affairs Committee AIPAC Advanced Interconnection Technology for Electronics for Portugal (ESPRIT project 7502) , and published sensitive emails, credit card numbers, and contact information for some of its members,17 and the telecommunications firm AT&T was targeted for providing technical support to the Israeli government during the crisis.18 Since 2000, the Middle East cyberwar has generally followed the conflict on the ground. In 2006, as tensions rose between Israel and Gaza, pro-Palestinian hackers shut down around 700 Israeli internet domains, including those of Bank Hapoalim, Bank Otsar HaHayal, BMW BMW in full Bayerische Motoren Werke AG German automaker. Founded as an aircraft engine manufacturer in 1916, the company assumed the name Bayerische Motoren Werke and became known for its high-speed motorcycles in the 1920s. Israel, Subaru Israel, and McDonalds Israel.19 U.S. & China 2001: Patriotic hacking On April 26, 2001, the Federal Bureau of Investigation's (FBI) National Infrastructure Protection Center (NIPC (U.S. National Infrastructure Protection Center) Originally organized in response to Presidential Decision Directive 63 (PDD-63), functions of the NIPC were moved to the U.S. Department of Homeland Security (DHS) Information Analysis and Infrastructure Protection (IAIP) Directorate. ) released advisory 01009:“Citing recent events between the United States and the People's Republic of China (PRC), malicious hackers have escalated web page defacements over the internet. This communication is to advise network administrators of the potential for increased hacker activity directed at U.S. systems…Chinese hackers have publicly discussed increasing their activity during this period, which coincides with dates of historic significance in the PRC…” 20Tensions had risen sharply between the two countries following the U.S. bombing of the Chinese embassy in Belgrade in 1999, and after the midair collision of a U.S. Navy plane with a Chinese fighter jet over the South China Sea in 2001, followed by the prolonged detainment of the American crew in the PRC. Hackers on both sides of the Pacific, such as China Eagle Alliance and PoizonB0x, began widescale website defacement, and built hacker portals with titles such as “USA Kill” and “China Killer.” When the cyber skirmishes were over, both sides claimed defacements and DoSs in the thousands.21The FBI investigated a Honker Union of China (HUC HUC Hebrew Union College HUC Hydrologic Unit Code HUC Health Unit Coordinator HUC Hook-Up & Commissioning HUC Human Use Committee (Army test and evaluation process) HUC Hackers Union of China HUC Hardwood Utilization Consortium ), 17-day hack of a California electric power grid test network that began on April 25th.22 The case was widely dismissed as media hype at the time, but the CIA CIA: see Central Intelligence Agency. (1) (Confidentiality Integrity Authentication) The three important concerns with regards to information security. Encryption is used to provide confidentiality (privacy, secrecy). informed industry leaders in 2007 that not only is a tangible hacker threat to such critical infrastructure possible, it in fact has already happened.23 On the anniversary of this cyber war, as businesses were bracing for another round of hacking, the Chinese government is said to have successfully called for a stand-down at the last minute, suggesting that Chinese hackers may share a greater degree of coordination than their American counterparts.24Estonia 2007: Targeting a nation-state On April 26, 2007, the Estonian government moved a Soviet World War II memorial out of the center of its capital, Tallinn, in a move that inflamed public opinion both in Russia and among Estonia's Russian minority population.Beginning on April 27, Estonian government, law enforcement, banking, media, and internet infrastructure endured three weeks of cyber attacks, whose impact still generates immense interest from governments around the world. Because Estonians conduct over 98 percent of their banking online, the impact of multiple distributed denialofservice (DDoS) attacks, that severed all communications to the country's two largest banks for up to two hours and rendered international services partially unavailable for days at a time, is obvious. Less widely discussed, but likely of greater consequence – both to national security planners and to computer network defense personnel – were the internet infrastructure (router) attacks on one of the Estonian government's ISPs, which are said to have disrupted government communications for at least a “short” period of time.On the propaganda front, a hacker defaced the Estonian Prime Minister's political party website on April 27, changing the homepage text to a fabricated government apology for having moved the statue, along with a promise to move it back to its original location.25 Diplomatic interest in this cyber attack was high in part due to the possible reinterpretation re·in·ter·pret tr.v. re·in·ter·pret·ed, re·in·ter·pret·ing, re·in·ter·prets To interpret again or anew. re of NATO's Article 5, which states that “an armed attack against one [Alliance member] “shall be considered an attack against them all.”26 Article 5 has been invoked only once, following the terrorist attacks of September 11, 2001. Potentially, it could one day be interpreted to encompass cyber attacks as well.Summary All political and military conflicts now have a cyber dimension, whose size and impact are difficult to predict. Attackers have at their disposal a wide variety of effective cyberwarfare strategies and tactics. Above all, the internet is vulnerable to attack. Further, its amplifying power means that future victories in cyberspace could translate into victories on the ground. Both state and nonstate actors enjoy a high return on investment in cyber tactics, which range from the placement of carefully crafted propaganda to the manipulation of an adversary's critical infrastructure. Five case studies suggest that it is no longer a question of whether computer hackers will take national security planners by surprise, but when and under what circumstances. To summarize the lessons learned:The conflict in Chechnya demonstrated the strength of the internet to disseminate unpredictable and influential propaganda. During the war over Kosovo, nonstate actors attempted to disrupt military operations through hacking, and were able to claim minor victories. The Middle East cyber war quickly became globalized, and brought targets of pure economic value into the conflict. In 2001, simmering tensions between two countries spilled over into a “patriotic” hacker war, with uncertain consequences for national security leadership. The politicallymotivated cyber attacks on IT-dependent Estonia brought unprecedented attention to cyber security from governments around the world. The internet is changing much of life as we know it Life As We Know It is an American television drama on the ABC network during the 2004-2005 season. It was created by Gabe Sachs and Jeff Judah. The series was based on the novel Doing It by British writer Melvin Burgess. , to include the nature and conduct of warfare. At times, cyber tools and tactics will favor nations robust in information technology, but the internet is a prodigious tool for a weaker party to attack a stronger conventional foe. As with terrorism and weapons of mass destruction Weapons that are capable of a high order of destruction and/or of being used in such a manner as to destroy large numbers of people. Weapons of mass destruction can be high explosives or nuclear, biological, chemical, and radiological weapons, but exclude the means of transporting or , the dynamic, asymmetric, and stillevolving nature of cyber attacks makes all aspects of cyber defense – including detection, analysis, investigation, prosecution, retaliation, and more – critical questions for national security planners to answer.Kenneth Geers is the U.S. Representative (Naval Criminal Investigative Service  This article or section needs copy editing for grammar, style, cohesion, tone and/or spelling.You can assist by [ editing it] now. ), Cooperative Cyber Defense, Center of Excellence, based in Tallinn, Estonia.1 CVE List Main Page, http://cve.mitre.org/cve/index.html.2 See, for example, Cody, Edward. “Chinese Official Accuses Nations of Hacking+, Washington Post, September 13, 2007, http://www.washingtonpost.com/wpdyn/content/article/2007/09/12/AR2007091200791_pf.html#.3 “Electromagnetic bomb," Wikipedia, http://en.wikipedia.org/wiki/Electromagnetic_bomb.4 Divis divis devils shown as cat-headed men with horns and hooves. [Pers. Myth.: Barber & Riches] See : Devil, Monsters , Dee Ann. “Protection not in place for electric WMD WMD white muscle disease. +, UPI UPI abbr. United Press International , March 9, 2005, http://www.globalsecurity.org/org/news/2005/050309electricwmd.htm.5 Thomas, Timothy L. “Information Warfare in the Second (1999-Present) Chechen War: Motivator for Military Reform,” Foreign Military Studies Office, Fort Leavenworth, 2002, and in Chapter 11 of Russian Military Reform 1992-2002, Frank Cass Publishers, 2003, http://leavwww.army.mil/fmso/documents/iwchechen.htm.6 Goble, Paul. “Russia: Analysis from Washington a Real Battle on the Virtual Front,” Radio Free Europe Radio Free Europe (RFE), broadcasting organization established in 1950 with the stated mission of promoting democratic values and institutions. Its original purpose was to broadcast news to countries behind the "Iron Curtain" during the cold war. / Radio Liberty, October 11, 1999, http://www.rferl.org/features/1999/10/F.RU.991011135919.asp.7 Thomas, see above.8 Goble, see above.9 Bullough, Oliver. “Russians Wage Cyber War on Chechen Websites,” Reuters, November 15, 2002, http://seclists.org/isn/2002/Nov/0064.html.10 “Yugoslavia: Serb Hackers Reportedly Disrupt US Military Computer,” Bosnian Serb News Agency SRNA sRNA abbr. soluble RNA , March 28, 1999 (BBC BBC in full British Broadcasting Corp. Publicly financed broadcasting system in Britain. A private company at its founding in 1922, it was replaced by a public corporation under royal charter in 1927. Monitoring Service, March 30, 1999). 11 Ibid.12 “Evidence Mounts of Pro-Serbian internet Attack on NATO Countries," mi2g, April 19, 1999.13 Geers, Kenneth. Hacking in a Foreign Language, Black Hat 2005, http://www.blackhat.com/presentations/bhusa05/bhus05geersupdate.pdf.14 Verton, Daniel. “Serbs Launch Cyberattack on NATO,” Federal Computer Week, April 4, 1999, http://www.fcw.com/print/5_62/news/691301.html.15 For example, the ZoneH website lists 67 such defacements from pro-Israeli hacker m0sad during this time period.16 Geers, Kenneth. Cyber Jihad and the Globalization of Warfare, Black Hat, 2004, http://www.blackhat.com/presentations/bhusa04/bhus04geers.pdf.17 “Israel lobby group hacked,” BBC News, November 3, 2000, http://news.bbc.co.uk/2/hi/middle_east/1005850.stm.18 Page, Barnaby. “ProPalestinian Hackers Threaten AT&T,” TechWeb News, November 11, 2000, http://www.techweb.com/wire/story/TWB20001110S0010.19 Stoil, Rebecca Anna and Goldstein, James. “One if by Land, Two if by Modem,” The Jerusalem Post, June 28, 2006, http://www.jpost.com/servlet/Satellite?cid=1150885871095&pagename=JPost percent2FJPArticle percent2FPrinter.20 IWS See iPlanet Web Server. The Information Warfare Site, http://www.iwar.org.uk/infocon/advisories/2001/01009.htm.21 Wagstaff, Jeremy. “The internet could be the site of the next China-U.S. standoff,” The Wall Street Journal, April 30, 2001, http://online.wsj.com/article/SB98856633376453558.html?mod=googlewsj, and Allen, Patrick D. and Demchek, Chris C., “The Cycle of Cyber Conflict,” Military Review, March-April 2003.22 Weisman, Robyn. “California Power Grid Hack Underscores Threat to U.S.," June 13, 2001, http://www.newsfactor.com/perl/story/11220.html.23 Nakashima, Ellen and Mufson, Steven. “Hackers Have Attacked Foreign Utilities, CIA Analyst Says,” Washington Post, January 19, 2008, http://www.washingtonpost.com/wpdyn/content/article/2008/01/18/AR2008011803277_pf.html.24 Hess, Pamela. “China prevented repeat cyber attack on US,” UPI, October 29, 2002, http://www.upi.com/view.cfm?StoryID=200210291219245101r.25 This case study relies on some data available exclusively to the CCDCoE. 26 The North Atlantic Treaty Noun 1. North Atlantic Treaty - the treaty signed in 1949 by 12 countries that established NATO , Washington D.C., April 4, 1949, http://www.nato.int/docu/basictxt/treaty.htm. Photos1. Chechen Press on Russian military activities2. 1911: The Black Hand, Version 1.03. Vandalized Hizballah website4. A pro-Palestinian hacker portal5. The downed EP-3 on Hainan Island6. Interest remains high7. Physical destruction in Tallinn8. How the attack appeared in cyberspace 
|
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion