Skip to main content

Rapid escalation of the cyber-arms race

The potential damage from cyber-attacks is rapidly becoming more extensive

Codenamed Locked Shields 2015, Nato officials say it was the "most advanced ever live-fire cyber-defence exercise".

Four hundred cyber-warriors from 16 countries last week responded to a scenarioin which computer networks came under attack from another state's hackers.

The scenario was based around the idea of "hybrid conflicts", just below the level of war, in which one state both carries out espionage and disrupts the communications and operations of another, tied in with other activities.

The countries portrayed in the scenario were fictional, but it is hard to interpret this as anything other than thinking about Russia, which is seen as having pioneered hybrid conflict in Ukraine and, before that, Georgia.

The exercise itself was taking place in Estonia, which was subject to its own cyber-attack.

But the ability to carry out significant - even destructive - cyber-attacks is spreading rapidly: all part of a cyber-arms race accelerating rapidly not just between Nato and Russia but also beyond into other states and even non-state actors.

Just before Christmas, Sony Pictures got hacked.
Physical damage

The intrusion was attributed by the US to North Korea and linked to the release of the studio's film The Interview, in which North Korea's leader was featured as being killed.

The cyber-attack did not only expose embarrassing corporate secrets but also wiped company computers, rendering them as useful as a brick.

Computer espionage has been happening for years, but the destructive element was another sign that states are increasingly willing to deploy malware that does real physical damage and to link their cyber-attacks to physical threats (in this case against cinemas showing the film).

In North Korea's case, cyber-weapons are a vital part of the country's arsenal.The film The Interview is thought to have provoked a cyber-attack on Sony

"Cyber-hacking is a crucial part of their asymmetric military capabilities. They have been pursuing it for such a long time with unbelievable levels of concentration, support and investment," says Kim Heung Kwang, a former computer science professor in North Korea who left for the South.

"That's how they have been able to foster this in such a lopsided shape compared to everything else in the country."

He says a military unit that had 500 personnel when it started in 1998 has now grown to more than 3,000.

This kind of wiper attack, which renders computers unusable, was first seen on a large scale in 2012, when staff at the oil company Saudi Aramco tried to switch on their computers.

US officials believed this attack was, like the Sony hack, state-sponsored, in Saudi Aramco's case by Iran.

But, if so, it was almost certainly simply a response to attacks on Iran itself - including most famously the Stuxnet virus, which damaged Iranian centrifuges over an extended period and is widely believed to have been the joint work of the US and Israel.
Stuxnet virus:

Stuxnet was first detected in June 2010 by a security firm based in Belarus, but may have been circulating since 2009.

Unlike most viruses, the worm targets systems that are traditionally not connected to the internet for security reasons.

Instead it infects Windows machines via USB keys - commonly used to move files around - infected with malware.

Once it has infected a machine on a firm's internal network, it seeks out a specific configuration of industrial control software made by Siemens.

Once hijacked, the code can reprogram so-called PLC (programmable logic control) software to give attached industrial machinery new instructions.
Rapid proliferation

What surprised cyber-experts is the speed with which cyber-attack capabilities are now proliferating.

No-one was surprised that the first tier of cyber-states - the US, UK, China, Israel and Russia - were capable of carrying out destructive attacks on infrastructure, but the speed with which others - such as Iran - were able to do the same has caused consternation and is a sign of how far cyber-attack can be a force-equaliser between different nations who might otherwise have wildly different capabilities.Cyber-attacks have the potential to shut down cities

Capabilities are also spreading to non-state actors. Criminals have long used ransomware to extort money from people or else see their computers locked.

But terrorist groups may also now be toying with more than just low-level disruptive attacks that deface or take off-line websites.

France's TV5 Monde saw the real-world effects of a cyber-attack when it was taken off air by people who claimed to belong to the "cyber-caliphate" affiliated to the group calling itself Islamic State.

There are fears the use of destructive attacks against industrial control systems - like Stuxnet - could also spread.
Closing down a city

At a recent Cyber Security Challenge, Dr Kevin Jones, from Airbus, showed mehow a model city connected up to the internet could have its power switched off remotely.

"Unless we put a security architecture in place, this is very possible," he says.

A German government report said a steel mill had been damaged by a cyber-attack last year - the perpetrators were unknown.

Dr Jones believes the attackers got in through the regular corporate infrastructure, although it is not clear how far they deliberately targeted the control systems for the blast furnace that was damaged.

When it comes to the cyber-arms race, are Western countries still in the lead?

Some argue the top end of cyber-espionage tools may well still be in the hands of the US.

The security firm Kaspersky Labs, for instance, recently revealed the work of hackers they called the Equation Group, who were highly sophisticated.Edward Snowden raised the public profile of Britain's cyber-activities

"The Equation Group are masters of cloaking and hiding," says Costin Raiu, director of the Global Research and Analysis Team at Kaspersky Labs, pointing to the ability of the group to get inside the firmware of machines and then launch highly advanced attacks.

"This is insanely complicated to be honest," he says.

Kaspersky Labs will not directly point the finger, but the widespread assumption is that the Equation Group is linked to America's National Security Agency (there are links with the codes used in Stuxnet as well).

Documents released by the American whistle-blower Edward Snowden have also raised the profile of Britain's cyber-activities.

"GCHQ has formidable resources," says Eric King, of the group Privacy International, whose concern lies in the lack of a transparent framework of accountability over offensive hacking.

"In the last year and a half, we've seen their malware. The depth of the work and where they are going is very formidable."

He says: "We have non-existent policies, practices, legal safeguards to oversee this." (GCHQ always maintains its activities are lawful and subject to oversight).
Commercially available

Another concern is the way in which such some of these cyber-espionage capabilities are now commercially available and being used by more authoritarian states.

"Companies are providing surveillance as a consultancy service," says Mr King, who adds foreign law enforcement and intelligence agencies can then use the bought services to hack dissidents and activists based in the UK.

The capabilities may be spreading to more and more actors but a small handful of states still operate at the highest level.

One senior Western intelligence official believes the Russians are already ahead of the US and UK - partly because of the level of resources, mainly people - they throw at finding and exploiting vulnerabilities.

That official, of course, may be bluffing, but they also said they did not think it would be long before the Chinese had also not just caught up but moved ahead.

Comments

Popular posts from this blog

Why States Still Use Barrel Bombs

Smoke ascends after a Syrian military helicopter allegedly dropped a barrel bomb over the city of Daraya on Jan. 31.(FADI DIRANI/AFP/Getty Images) Summary Barrel bombs are not especially effective weapons. They are often poorly constructed; they fail to detonate more often than other devices constructed for a similar purpose; and their lack of precision means they can have a disproportionate effect on civilian populations. However, combatants continue to use barrel bombs in conflicts, including in recent and ongoing conflicts in Africa and the Middle East, and they are ideally suited to the requirements of resource-poor states. Analysis Barrel bombs are improvised devices that contain explosive filling and shrapnel packed into a container, often in a cylindrical shape such as a barrel. The devices continue to be dropped on towns all over Syria . Indeed, there have been several documented cases of their use in Iraq over the past months, and residents of the city of Mosul, which was re

Russia Looks East for New Oil Markets

Click to Enlarge In the final years of the Soviet Union, Soviet leader Mikhail Gorbachev began orienting his foreign policy toward Asia in response to a rising Japan. Putin has also piloted a much-touted pivot to Asia, coinciding with renewed U.S. interest in the area. A good expression of intent was Russia's hosting of the Asia-Pacific Economic Cooperation summit in 2012 in Vladivostok, near Russia's borders with China and North Korea. Although its efforts in Asia have been limited by more direct interests in Russia's periphery and in Europe, Moscow recently has been able to look more to the east. Part of this renewed interest involves finding new export markets for Russian hydrocarbons. Russia's economy relies on energy exports, particularly crude oil and natural gas exported via pipeline to the West. However, Western Europe is diversifying its energy sources as new supplies come online out of a desire to reduce its dependence on Russian energy supplies . This has

LONDON POLICE INDIRECTLY ENCOURAGE CRIMINALS TO ATTACK RUSSIAN DIPLOMATIC PROPERTY

ILLUSTRATIVE IMAGE A few days ago an unknown perpetrator trespassed on the territory of the Russian Trade Delegation in London, causing damage to the property and the vehicles belonging to the trade delegation , Russian Foreign Ministry Spokeswoman Maria Zakharova said during the September 12 press briefing. The diplomat revealed the response by the London police was discouraging. Police told that the case does not have any prospects and is likely to be closed. This was made despite the fact that the British law enforcement was provided with video surveillance tapes and detailed information shedding light on the incident. By this byehavior, British law inforcements indirectly encourage criminals to continue attacks on Russian diplomatic property in the UK. Zakharova’s statement on “Trespassing on the Russian Trade Mission premises in London” ( source ): During our briefings, we have repeatedly discussed compliance with the Vienna Convention on Diplomatic Relations, specif