Story

Cyberwarfare: 21st century cyber weapons

States around the world are increasingly going on the digital offensive with a range of sophisticated cyber weapons. Chris Lo looks into the tension surrounding government-backed cyber attacks and investigates how countries are gearing up for a new kind of conflict.

Over the last decade, the world's understanding of cyber security has irrevocably shifted. Where once cyber crime was seen as the domain of mischief-making, basement-dwelling loners, cyber attacks have now been recognised as the complex, pervasive threat that they really are.

Even US President Barack Obama's State of the Union address delivered on 24 January 2012 made mention of "the growing dangers of cyber-threats".

As the secretive cyber world continues to mature, the internet has become the scene of a covert, international battleground, the likes of which has never been seen before. On the new digital frontline, the boundaries between the military, civilian and corporate worlds have been smudged, as governments, companies and individuals ranging from politically inspired 'hacktivists' to black market freelancers vie for the upper hand to pursue their agendas.

Given that hacking has opened up a new frontier of international espionage, sabotage and diplomatic tension, it's no surprise that this new conflict has been nicknamed by many as 'the Code War'.

Cyberwar: from defensive to offensive

"A major cyber attack that came to light in 2010 targeted US companies ranging from Google to investment bank Morgan Stanley."

One of the major shifts to have taken place in the cyber landscape over the last decade is the move by many governments, in the West and elsewhere, to complement their cyber defences with offensive capabilities.

Although the inherent deniability of cyber attacks makes solid information scarce, examples of alleged state-backed cyber attacks in the last few years indicates that countries are increasingly ready and able to wreak havoc on the networks of their adversaries.

Stuxnet, the computer worm that severely disrupted Iran's uranium enrichment facility at Natanz in the second half of 2010, is widely rumoured to have been the result of a collaboration between Israel and the US to set back the Iranian nuclear programme. Stuxnet, which destroyed some of the nuclear centrifuges at Natanz by taking over control systems and speeding up their rotor speeds, marked a sea-change in the perception of cyber attacks.

It highlighted the fact that cyber incursions are no longer designed only to shut down websites and steal digital data, they are now capable of affecting real, physical infrastructure - an ominous precursor for the future.

More recent reports from cyber security firms like Kaspersky Labs and Symantec have also highlighted that Stuxnet may only be one of a family of five cyber weapons developed in tandem. Stuxnet and a recently detected Trojan horse programme called Duqu have been linked to each other and three other malware programmes that have not yet been unleashed.

Duqu itself has been identified as a 'scout' programme that could be used to steal data on industrial control systems in preparation for a full-on cyber assault. It has been described by Symantec as "the precursor to a future Stuxnet-like attack".

The US gears up for cyberwarfare

As well as the credible rumours linking the US to Stuxnet, more signs have emerged which suggest the country's military and intelligence agencies are looking to improve their offensive cyber capabilities.

Perhaps the clearest sign is the recent creation of an entirely new brigade, the 780th Military Intelligence Brigade, dedicated to protecting the US from cyber attacks and, in the words of a US Army statement, "providing new and breathtaking capabilities to our army's already impressive portfolio of war fighting capabilities".

As well as bolstering its own defences against cyber attacks, the US is looking to stay ahead of the pack when it comes to leveraging cyber weapons on the digitised battlefield of the not-too-distant future. Options being explored include methods of extracting sensitive information from other countries' databases without detection, as well as more ambitious plans like disrupting or co-opting enemy networks to sow disinformation or even gain command over enemy control systems.

Despite the level of sophistication required to carry out such attacks, many of these tactics have already been use in Iraq and Afghanistan, according to a senior Pentagon officer who spoke to Time magazine in 2010.

"I shut it down, take away your electricity, take away your radio, infect your phone," the officer told Mark Thompson. "Now you don't know where I'm coming from, or if you do, you can't tell the rest of your force what's going on."

China's cyber mobilisation

The US isn't the only country flexing its cyber muscles. For many countries that have strained relations with the US but cannot match its conventional military firepower, cyber attacks represent a cost-effective and disruptive strategy.

"The US is looking to stay ahead of the pack when it comes to leveraging cyber weapons on the digitised battlefield."

"Knowing this, many militaries are developing offensive cyber capabilities," noted US Deputy Secretary of Defense William J Lynn in 2010. DARPA, meanwhile, notes the cost disparity between cyber attackers and defenders - according to the agency, malware requires an average of just 125 lines of code, while high-grade security programmes often involve up to ten million.

Indeed, much of the US's prioritisation of cyberwarfare has been in response to increasing incursions into US networks by foreign powers. The US Office of the National Counterintelligence Executive, for example, reported to Congress in October 2011 that Russia and China have been hacking into American systems to steal trade and technology secrets.

China, with its impressive economy allowing major (and secretive) investment into covert cyber technologies, has been seen as a particular threat to the networks of countries like the US and the UK. A major cyber attack that came to light in 2010, nicknamed Operation Aurora by security firms, targeted US companies ranging from Google to investment bank Morgan Stanley and defence contractor Northrop Grumman.

The attack was launched from China, leading to accusations that Operation Aurora was a large-scale, government-backed attempt to steal information. Google itself believes the attack's primary aim was to gather information on Chinese human rights activists.

The repercussions of the hacking was further tension between the US and China (Secretary of State Hillary Clinton demanded an explanation from the Chinese Government) and a threat from Google to pull its business out of China entirely.

With disputes like this occurring with increasing frequency, it's easy to see why so many observers have likened the global cyber climate to the tense, hawkish atmosphere of the Cold War.

Cyber weapons, complex issues

There are many factors that make cyberwarfare a much blurrier and more complex prospect than its conventional counterpart. The very nature of cyber security means the advantage is almost always with the attacker, who succeeds by exploiting a single vulnerability, while the defender must monitor the whole network.

With a huge and diverse range of sources from which attacks could be launched, it is also extremely difficult to determine whether a foreign government was even involved.

Governments are hardly likely to launch attacks from their own servers, and obscuring techniques like the use of botnets (a group of infected computers operated remotely) further muddy the water.

As an entirely unprecedented form of conflict, the use of cyber weaponry is forcing policymakers to catch up with technology and find some way of creating a regulatory framework for a new kind of war. In October 2011, the US Joint Chiefs of Staff began reviewing a new doctrine dictating when the country's cyberwarriors would be authorised to go on the offensive, and how.

The doctrine, once adopted, is intended to provide solid guidance on what constitutes an appropriate response to a cyber attack and which of the country's defence organisations would be responsible for making the call, among other issues. "I think that nation states, non-nation state actors and hacker groups are creating tools that are increasingly more persistent and threatening, and we have to be ready for that," said head of US Cyber Command General Keith B Alexander. "So the security frameworks we are putting in place are forward-looking, based on what we are seeing."

Japan's legal dilemma

"Stuxnet and a Trojan horse programme called Duqu have been linked to each other and three other malware programmes."

Japan has been experiencing its own roadblock in the development and use of cyber weapons. The country, along with contractor Fujitsu, is currently developing and testing its first "defensive cyber weapon", a virus capable of tracking down and disabling sources of cyber attacks.

According to reports the virus has proved effective at identifying the source of distributed denial-of-service (DDoS) attacks.

But under the country's current laws, the Japanese Defence Ministry would not be authorised to make use of the weapon, even once completed. As there is no provision for responding to cyber attacks in Japanese legislation, deploying the weapon could be considered a breach of the country's criminal code.

As Japan currently has no proactive defences against cyber attack, the country risks being left behind if this legal hitch isn't addressed soon.

"It'll be too late if nothing is done about the legislation in conjunction with the development of cybertechnology," a senior Self-Defense Forces official told the Yomiuri Shimbun newspaper earlier in January 2012. "Or it may already be too late."

With the natural advantage in cyberwarfare going to the aggressor, the old adage that the best defence is a good offence is being taken onboard by the secretive developers of cyber weapons.

While governments are continuing to experiment with their own defensive and offensive strategies, international tension surrounding this issue is rising, and a full demonstration of what an all-out cyberwar looks like seems to be becoming more and more of a possibility.