16

I've been extremely sceptical of this new concept of a cyber war. That is, a malicious country or organisation could attack another country by bringing down their network through, say a DDoS or a well targeted virus attack on vulnerable systems. Part of the reason I am sceptical is I don't see it being feasible for a country to cripple another countries' internet systems.

Have there been any recorded cases of this actually happening? Or is it just hype and fear?

Sklivvz
  • 78,578
  • 29
  • 321
  • 428
Thomas O
  • 11,908
  • 7
  • 53
  • 72
  • 1
    Could you define what you mean with the term "cyber war"? Maybe by providing a source? – Christian Apr 08 '11 at 08:42
  • Wouldn't *"Operation Payback"* qualify as such example? – vartec May 14 '12 at 12:46
  • Some background: [Operation Payback](http://en.wikipedia.org/wiki/Operation_Payback) was a DDOS attack by members of [Anonymous](http://en.wikipedia.org/wiki/Anonymous_\(group\)). – Oddthinking Jun 17 '12 at 14:16

3 Answers3

23

Attacking and disabling an entire country's internet system is not that hard. You don't need sophisticated equipment or even a computer to do it.

An elderly Georgian woman was scavenging for copper to sell as scrap when she accidentally sliced through an underground cable and cut off internet services to all of neighbouring Armenia, it emerged on Wednesday.

The woman, 75, had been digging for the metal not far from the capital Tbilisi when her spade damaged the fibre-optic cable on 28 March [2010].

(The news broke today, how could I ignore it?)

More seriously, there are examples of real cyber attacks on level of national conflicts. Perhaps the best documented and most sophisticated is the Stuxnet worm, which was apparently engineered to find its way into facilities associated with the Iranian nuclear program. Wired magazine writes:

The Stuxnet worm was discovered in June in Iran, and has infected more than 100,000 computer systems worldwide. At first blush, it appeared to be a standard, if unusually sophisticated, Windows virus designed to steal data, but experts quickly determined it contained targeted code designed to attack Siemens Simatic WinCC SCADA systems. SCADA systems, short for “supervisory control and data acquisition,” are control systems that manage pipelines, nuclear plants and various utility and manufacturing equipment.

Researchers determined that Stuxnet was designed to intercept commands sent from the SCADA system to control a certain function at a facility, but until Symantec’s latest research, it was not known what function was being targeted for sabotage. Symantec still has not determined what specific facility or type of facility Stuxnet targeted, but the new information lends weight to speculation that Stuxnet was targeting the Bushehr or Natanz nuclear facilities in Iran as a means to sabotage Iran’s nascent nuclear program.

According to Symantec, Stuxnet targets specific frequency-converter drives — power supplies used to control the speed of a device, such as a motor. The malware intercepts commands sent to the drives from the Siemens SCADA software, and replaces them with malicious commands to control the speed of a device, varying it wildly, but intermittently.

The malware, however, doesn’t sabotage just any frequency converter. It inventories a plant’s network and only springs to life if the plant has at least 33 frequency converter drives made by Fararo Paya in Teheran, Iran, or by the Finland-based Vacon.

Even more specifically, Stuxnet targets only frequency drives from these two companies that are running at high speeds — between 807 Hz and 1210 Hz. Such high speeds are used only for select applications. Symantec is careful not to say definitively that Stuxnet was targeting a nuclear facility, but notes that “frequency converter drives that output over 600 Hz are regulated for export in the United States by the Nuclear Regulatory Commission as they can be used for uranium enrichment.”

While the exact author of Stuxnet may not be known, it's tough to imagine any reason a non-nation state actor would engineer such a thing. Therefore, it probably should be considered a cyber war attack.

So will countries ever really declare war over these kinds of attacks? I'm not sure. Cyber attacks are very hard to trace. It's not like planes and tanks emblazoned with flags are rolling over borders. Instead, we're talking about pieces of code that spread themselves to hundreds of thousands of computers - and on most of them, doing nothing. It could be a really interesting field of international law, once one of these attacks actually kills people or otherwise compromises some nation's security.

JavaAndCSharp
  • 105
  • 4
Scott Hamilton
  • 7,975
  • 3
  • 47
  • 43
  • Stuxnet was also lavish with resources for a piece of malware, using more than one previously unexploited vulnerability. That also suggests a country rather than a criminal organization. Last I heard, lots of people thought it was made by Israel, for no convincing reasons I could find. – David Thornley Apr 07 '11 at 02:31
  • 1
    @David I think the main reason Israel is suspected is simply that Israel has shown a willingness to engage in direct action against the nuclear programs of countries around it. Back in the 1981 Israel bombed an Iraqi reactor that was under construction, and they weathered a lot of international criticism for it. Stuxnet would seem to have had a similar aim, but with a much better chance of covering their tracks. Beyond Israel, experts tend to say only the US had the expertise and motive to put the worm together. So go figure. – Scott Hamilton Apr 07 '11 at 03:21
  • 1
    Israel is suspected of lots of things, including being behind [shark attacks](http://www.bbc.co.uk/news/world-middle-east-11937285). – Andrew Grimm Apr 08 '11 at 08:49
  • Since April, there has [been evidence](http://www.informationweek.com/news/security/management/240001297) that the US and Israel were behind Stuxnet. – Oddthinking Jun 17 '12 at 14:14
2

Cyber war is very real- for example see: http://www.bloomberg.com/news/2010-11-29/ahmadinejad-confirms-several-iran-centrifuges-affected-by-computer-virus.html where it is suspected that another country used a virus to cause crippling malfunctions in Iranian uranium centrifuges. Even more high profile is the recent action of Wikileaks to negatively impact the U.S. government. Though some embarrassment was caused- it seems to have been forgotten about as of late. I'd say the real cyber warfare is this use of the Internet's ability to quickly disseminate information. Most advanced armies operate under the precept that the control of information is a vital part of warfare. The crippling of all forms of communication and control is surely on the table of strategic planners, including the devastation of an operating internet by virus or damage to physical facilities. Though we do, and I'm sure will, also see direct physical impacts like the first one I mentioned.

  • @Scott Hamilton- beat me to it by 3 mins :) –  Apr 06 '11 at 23:37
  • Hello, this question needs better references. We don't really trust news sites. – Sklivvz Apr 07 '11 at 06:36
  • @Sklivvz - Good luck finding anything in published journals (maybe IEEE or ACM) as any actual cyber warfare actually in progress is going to be under the guise of national security (i.e. classified). – rjzii May 13 '12 at 18:51
  • 1
    @RobZ since the *claim* comes from, basically, news sources, simply linking to them merely repeats the claim. – Sklivvz May 13 '12 at 19:09
  • @Sklivvz - Well, what do you propose for valid sources for what are likely very classified programs? At least newspapers can do some investigative reporting and disclose what they have found. Assuming they are doing their job properly it is going to be about as good as it gets unless someone leaks paperwork or it is eventually declassified. – rjzii May 13 '12 at 19:12
  • 2
    @RobZ see the other answer - Stuxnet was indeed studied by forensic experts. Also: court cases, official political statements, army material (such as documentation for massively drafting computer experts). In case of negation: a fact by fact negation (i.e. episode X never happened) – Sklivvz May 13 '12 at 19:43
  • @Sklivvz - However, there is no proof that Stuxnet was developed by a nation state (even though they are the likely suspects) and there are also other reasons why the military would be interested in computer experts to include the usual reason of writing software for the military and not necessarily any sort of clandestine operations. Court cases are going to be dubious as well as intelligence operations are usually classified and the same applies to political statements which aren't guaranteed to be forthright and honest for obvious reasons. – rjzii May 13 '12 at 19:51
  • @Skliwz what do u want me to deliver a handcuffed pentagon officer to you? Come on- ur the reason i no longer read this page. the relative swings in ur favor- everyone else's standard up to scrutiny and ur the referee right? –  May 21 '12 at 19:36
2

And to show that Stuxnet definitely wasn't just a one off - Flame

It links to a Kaspersky article that discusses evidence that Stuxnet and Flame are linked, possibly commissioned by the same team, and how Flame is a spying weapon designed to extract sensitive information from Iran.

The long term aspects (2009 to the present) and the scale of Flame (over 20Mb framework for delivery of code, retrieval of data and compromise of systems) show just how much investment has been made into the 'cyber' aspect of war, and these are just the ones we know about!

Rory Alsop
  • 6,237
  • 3
  • 35
  • 49