Unintentional collateral damage when using Cyber weapons

We have seen several cyber weapons in the public. Some of these cyber weapons are used to collect information and some cyber weapons are used to sabotage "specific" targets. Stuxnet is one of the cyber weapons that has been in wide publicity, yet it was just last month that the New York Times had published that Stuxnet malware was used by the United States and Israel.

The Stuxnet malware was discovered in June 2010. This cyber weapon was used to sabotage the PLC and the supervisory control and data acquisitation system. According to the articles that have been published recently the United States and Israel lost the control of their cyber weapon.

FinFisher a german intelligence product had been seen in Egypt. The FinFisher tool was used to gather intelligence on the civilians of Egypt. Did this German company lose their hardware by accident, like did they lose control? Or did they simply sell FinFisher to Egypt. Egypt could have used this product on its civilians during the unrest in Egypt.

Maybe Tunisia, Libya, Bahrain are equipted with similar tools to supress the countries population.

Stuxnet: Affected countries

Stuxnet was made to target Siemens industrial software and equipment. The news only focussed on how the Stuxnet virus targeted and inflicted Iran. We all believe that the Stuxnet malware was made to attack Iran right? There would be no other interests right?

According to the information that has been provided on the Stuxnet wikipedia page the Stuxnet malware affected Iran, Indonesia, India, Azerbaijan, United States, Pakistan. This looks like a weapon that has been running around at free will.


We are preparing for "Cyber warfare"

The news is full with it. Hell, your even on Cyberwarzone right now. There are some people that are against the use of the Cyber warfare term - and they might have their reasons, but when you look to how the world is evolving you just have to agree that Cyber warfare will come. If it is not now according to some - it will be in 10 years.

Cyber warfare is not something new. It is a term that already had been used in the year 1993. In the paper from John Arquilla and David Ronfeldt they provide information about the coming cyber warfare era and the fight about information.

What if we hit the wrong system or worse?

The use of cyber weapons is easy, you order a cyber weapon from a arms dealer. You specify the needs of your product - you pay them. Last month a article got published the China has backdoors in weapon systems from the United States. It would not shock me if the United States would have the same advantages towards China - still this is a serious issue.

Modern malicious code can be purchased with customised features, regular updates and even customer service.Globalisation and the Internet have aided intelligence services and terrorists as much as any other part of society.Cyber defense is still an immature discipline and governments are now seeking to develop a wide range of cyber defense concepts.

The use of weapon always has to be clear. The internet is not a "clear" environment. It keeps evolving and with current technology we are able to fake online identities. What would happen if the United States, Israel, Iran, China or Russia would retaliate the wrong target? We have seen the effect of the Stuxnet virus and more have come.

What would happen if the use of a Cyber weapon on Iran would damage other countries like China or India?

If one of these weapons would succesfully target Critical infrastructures to implict disruption or damage it will have massive effects.

FCW published a article on 23th of April 2010 on Digital Collateral Damage. It is worth a read.

Consider the following

Decrease of (Drinking) water quality resulting in deseases on a national (International ?) scale.

Attack on sewage systems
"Marine life died, the creek water turned black and the stench was unbearable for residents," said Janelle Bryant of the Australian Environmental Protection Agency."

Telecom connectivity disruptions (Takes a minimum of 3 weeks to recover)

Internet disruptions