Cyber Warfare: Reality or Box Office Hit?

Randy Nash

The specter of cyber warfare has reared its ugly head in the media again. Some experts seem to think that the future is here, and battles will be fought and won via the Internet. But how much of this can be considered actual warfare, and how much is hype? Randy Nash searches for a working definition of cyber warfare, looks at the historical profile of attacks, and discusses the potential of a devastating electronic Pearl Harbor.

The threat of cyber warfare has been brought forth again by the media; not only in news outlets but also in the entertainment industry. But is this threat real or imagined?

What Is Cyber Warfare?

To properly assess the risk, we first need a working definition of what cyber war is and how it might manifest. There is much disagreement about the term and its actual definition, and varying degrees in the types of cyber attacks that might be perpetrated. I think cyber warfare has some critical characteristics. First, warfare is considered the process of military struggle between two nations or groups of nations. Warfare generally includes attacks against critical communications channels, and against the military and civilian population resulting in loss of life. Next, the cyber aspect can be considered to refer to the realm of electronic communication. So I think we can summarize the definition of cyber war as follows: cyber war (Cyber warfare): the process of military struggle between two nations or groups of nations conducted via various forms of electronic communications, or the Internet, resulting in the disruption of communications and/or loss of life.

What Is It Not?

Okay, we have a definition of cyber war, but what are other forms of cyber threats that would not fit into the definition of cyber warfare? Here’s a list of some online threats that I don’t feel fall into the warfare category:

Cyber vandalism: This is primarily the “script kiddies” that consider defacing a website to be “hacking.” I think of this as electronic graffiti. This is low-level harassment.

Civil disobedience or hacktivism: Hacktivism or Electronic Civil Disobedience (ECD) generally takes some form of Denial of Service (DoS) attack against the website of some target, usually political in nature. Those who consider themselves hactivists claim that hacktivism is the fusion of hacking and activism; politics and technology. More specifically, hacktivism is described as hacking for a political cause. Furthermore, hacktivists claim that Electronic Civil Disobedience (ECD) is a legitimate form of nonviolent, direct action utilized to bring pressure on institutions engaged in unethical or criminal actions. Within the electronic environment, ECD aims to disrupt the operation of information and capital flows of carefully selected target sites without causing serious damage.

Cyber crime: Cyber crime can take many different forms; theft of intellectual property, extortion based on the threat of DDOS attacks, fraud based on identity theft, espionage, and so on.

While each of these types of activities is criminal in nature and might constitute an aspect of cyber warfare actions, they do not constitute cyber war by themselves. These actions, while criminal in nature, are generally not going to cost lives or affect military operations.

What is the Real Threat?

The threat comes primarily from nation states with the will, motive, and technology to launch attacks against the United States. In fact, nations that do not possess a powerful military are probably more likely to choose this form of attack because of its much lower cost of implementation (think “asymmetric warfare”). The most obvious avenues of attack would be against our nation’s critical infrastructure, so the government formed a body to analyze any threats against our infrastructure. This body, originally known as the President’s Critical Infrastructure Protection Board (PCCIB), is now known as the National Infrastructure Advisory Council (NIAC) and operates within the U.S. Department of Homeland Security. This council provides the President with advice on the security of the critical infrastructure sectors and their information systems. Over time, the sectors identified as belonging to the critical infrastructure have changed.

Historical Precedents

Just as our understanding of this critical infrastructure has changed and matured over time, so has the threat. These threats have existed for some time. Back in May 1998, all seven members of the L0pht (Brian Oblivion, Kingpin, Mudge, Space Rogue, Stefan Von Neumann, John Tan, and Weld Pond) famously testified before the Congress of the United States that they could shut down the entire Internet in 30 minutes.

NOTE Selected transcripts are in the section entitled “WEAK COMPUTER SECURITY IN GOVERNMENT: IS THE PUBLIC AT RISK?” MAY 19–20, 1998—COMMITTEE ON GOVERNMENTAL AFFAIRS.

Shortly after this testimony, the first distributed denial-of-service (DDoS) attacks appeared. The first well-documented DDoS attack appears to have occurred in August 1999, when a DDoS tool called Trinoo (described below) was deployed in at least 227 systems, of which at least 114 were on Internet2, to flood a single University of Minnesota computer. This system was knocked off the air for more than two days. In the following months, Yahoo!, Amazon, Buy.com, CNN, and eBay were all hit with similar attacks. These commerce sites suffered large financial losses during the downtime because of these attacks. Today, incredibly large and complex botnets exist that can be used to launch a variety of attacks against multiple targets.

The current focus of these botnets appears to be primarily SPAM and DDoS attacks, but they could easily be used in cyber warfare activities. Other attacks of historic significance include the following:

Solar Sunrise: Solar Sunrise is the name given to a series of attacks against the Pentagon and MIT in February 1998. The Department of Defense called these attacks “the most organized and systematic attack to date.” The DoD actually declared the U.S. to be in a state of “cyber war.” These attacks appeared to be originating from Russian-owned IP address space, so the attack was considered to be “state-sponsored.”

Moonlight Maze: Moonlight Maze refers to an incident in which U.S. officials accidentally discovered a pattern of probing of computer systems at the Pentagon, NASA, Energy Department, private universities, and research labs that began in March 1998 and went on for nearly two years. It seems that these hackers had been able to access tens of thousands of files (including maps of military installations, troop configurations, and military hardware designs). The Defense Department traced the attacks back to a mainframe computer in the former Soviet Union.

Titan Rain: Titan Rain is the name given to a well-organized Chinese military hacking effort against the U.S. military. The hackers, believed to have been based in the Chinese province of Guangdong, are thought to have stolen U.S. military secrets, including aviation specifications and flight-planning software. These attacks apparently started in 2003 and lasted until 2005.

Current Situations

Much of the news related to cyber warfare tends to be a bit “sensational”. For example:

Russia accused of unleashing cyber war to disable Estonia, Estonia hit by “Moscow cyber war”, Cyber war: Russia vs. Estonia.

All this sounds very dramatic and serious, but let’s look at the details. On April 27, officials in Estonia relocated the “Bronze Soldier,” a Soviet-era war memorial commemorating an unknown Russian who died fighting the Nazis. This led to political furor among ethnic Russians and to the blockading of the Estonian Embassy in Moscow.

The event also marked the beginning of a large and sustained distributed denial-of -service attack on several Estonian national Web sites, including those of government ministries and the prime minister’s Reform Party. There were no attacks against any critical infrastructure or services. This was simply a political statement. At the most, I’d refer to this event as hacktivism, and most likely launched by a group of hackers that have no affiliation with any government agency. It seems there was no cyber war after all. But wait, that’s not all: America prepares for “cyber war” with China!

Is Cyber war really that imminent? Are we about to fall under an attack of bits and bytes? A report in the UK branch of ZDNet proclaimed Cyber warfare “a reality in 12 months.”

Unfortunately, that report was back in January 2004. The article is a good source of information about the types of vulnerable systems that may be attacked, but their predicted timeline is way off. .

Cyber Warfare—An analysis of the means and motivations of selected nation states For a more measured appraisal, I recommend this report, which was written in response to a grant provided by the Department of Homeland Security. This report is an assessment of potential foreign computer threats to information technology networks in the United States. This is one of the most level-headed write-ups I’ve seen to-date.

Looking to the Future

There should be little doubt that future wars will inevitably include cyber warfare tactics. It is increasingly apparent that other nations are gearing up to take advantage of the ever-increasing complexity and inter-connected nature of various national infrastructures.

Current efforts at security computer systems and networks will likely prove to be insufficient to prevent such future attacks. The U.S. military has been developing cyber warfare strategies for some time.

It appears that even Al Qaeda has been developing cyber war capabilities. With our enemies working toward this goal, we obviously cannot overlook the possibilities. The scenario in the movie Live Free or Die Hard might seem farfetched, but the potential exists for some of the attacks portrayed in that movie (although it won’t be nearly as easy as it seemed on the big screen). I’m hoping that somewhere in either our government or military cyberdefense forces we have our own John McClane?