Cybersecurity Threats: Cyberwarfare, Espionage, and Crime

Posted on Jan 13, 2025 in Architecture

Cyberweapons

  • Cyberweapons are non-kinetic weapons that are still able to inflict damage.
    • Example: The North Korean attack on Sony because of *The Interview*.
      • Russian cyberwarriors shut down Georgian government websites before their kinetic attack when they moved into South Ossetia and began a brief war with Georgia.
        • They also targeted communications and financial systems.
  • Nonlethal forms of attack include:
    • Shutting down government websites, disabling servers, making private emails public, and disrupting communications.
    • More than 50 states are using these to attack military systems and civilian infrastructure.
  • Problems:
    • Difficulty in asserting jurisdiction, attributing responsibility, and enforcing rules.
    • Example: Al Qaeda used the Internet for disseminating propaganda, recruiting and training members, raising funds, conducting surveillance on targets, and communication.
    • Might lead to attacks on the stock market.
    • It is hard to identify the person doing the attack and to discern the nature of the attack.

Cybercrime

  • Most cybercrime is unreported by businesses that do not want to upset consumers or shareholders.
  • Cybercrime is lucrative.
    • Example: Zeus in the UK and US stole approximately $70 million by using a virus to infect computers, which would allow them to gain passwords for online bank accounts.
  • It is transnational in character.
    • Problems: Perpetrators are protected from prosecution due to loopholes in the law of the state where they operate or the indifference or ineffectiveness of local police and prosecutors.
      • They are reluctant to devote scarce resources to catch a cybercriminal in another state.

Cyberespionage

  • Spying in cyberspace.
  • Gaining unauthorized access to computers, networks, and control systems to collect secret or proprietary information or to alter data.
  • Originally, one could only gain access to information through physical access or an internet connection, so it could easily be prevented by having an air-gap (keeping them disconnected from the internet).
  • Example: The U.S. military has over 1,000 computers connected to the Secret Internet Protocol Router Network (SIPRNET), an air-gapped network used to transmit classified information and orders among military units. This was hacked in 2008 by Russia, which used spyware to jump to air-gapped computers with human assistance, where it was able to get into the most secure network through infected thumb drives.
  • There is no way to enforce a cyber agreement.

Cyberterrorism

  • So far, terrorist organizations use the internet to spread fear or to disseminate propaganda.
  • They also use it to gain intelligence on potential targets (to see weaknesses in facility structure as well as predict the cost or failure of an attack).
  • They use it to gain money through fake charities and for-profit businesses.
  • They have the ability to plan and coordinate activities quickly and cheaply.
    • A form of encryption called steganography involves hiding messages in graphic files.
  • Terrorists do not attack because the whole point of their operations is psychological and intended to promote fear in their target audience.

Cyberwar

  • U.S. Cyber Command
      • 1) Secure military networks and support traditional military activities with operations in cyberspace.
      • 2) Integrate the cyber resources that currently exist in the different branches of the military.
      • 3) Work with allies, other government agencies, and industry to develop common responses.
  • Cyber Threat Intelligence Integration System
    • Meant to issue warnings when a threat appears likely or a computer breach is spreading.

Hacktivists

  • Hackers with a political agenda.
    • Example: In the Russia and Georgia case, Russia did not claim responsibility for the cyberattacks but instead blamed it on hacktivists who were upset with the Georgian government’s response to the aspiration of South Ossetians to independence (too well-coordinated and extensive not to have come from the Russian government).

Information as a Tool of War (and Challenge)

  • Information can only be useful if it is relayed in a timely manner.
  • The US military has equipped itself to collect and process information as an integral part of its war-fighting abilities (e.g., finding Osama bin Laden).
  • Problem: Often there is too much data that national intelligence agencies have problems finding the right pieces of information and using them effectively.
  • Example: Persian Gulf War.

Cyberspace

  • The internet is only one part of it. Cyberspace can also render kinetic weapons ineffective or shut down essential services in major cities.
  • It also includes laptops, desktops, all of the computer networks across the globe, and all of the things they connect and control.
  • Origins of the internet: Military.
  • 1988: First attack on the internet.
  • Weapons:
    • Worms: A sub-class of viruses that can spread without human action.
    • Viruses: Self-replicating programs that require human action to spread.
    • Trojan horses: Malicious software hidden within a legitimate program.
    • Denial of service attacks: Bombarding servers with messages to make them crash.
    • Phishing: Rogue emails and websites that trick people into revealing password information.

Malware, Botnets, Logic Bombs, Stuxnet

  • Malware: Viruses, worms, Trojan horses.
  • Botnet aka cybersecurity’s WMD: Network of private computers infected with malware that can be taken over without the owner’s knowledge.
    • Goals: Delay, disrupt, corrupt, exploit, destroy, steal, modify information.
    • Can send spam which contains viruses or other malware.
    • DDOS: Distributed denial-of-service where on command, computers in the botnet can be made to send simultaneous requests to a single website, overloading it and making it unavailable to other legitimate users.
  • Packet Sniffers
    • Used to intercept packets of information as they travel across the internet.
    • Example: FBI Carnivore program.
  • IP Spoofing
    • Forging the source address of a message so that it appears to have originated elsewhere.
      • Every packet has a source and recipient as indicated by the Internet Protocol (IP addresses), and this can be used as an offensive attack.
  • Logic bombs: Will “remain dormant in an enemy system until a predetermined time, when it will come to life and begin eating data,” causing malfunctions. **Planted during peacetime to be used during wartime.**
    • Can be inserted into software as it is being developed.
    • Cyberwar tactic.
  • Stuxnet: First cyberweapon to cause physical damage, used by Israel/US intended to slow down Iranian nuclear development.

Cyber Weapons and International Cooperation

  • An international agreement designed to limit cyberweapons would likely conflict with the privacy rights of individuals and the intellectual property rights of both individuals and corporations.
  • A different approach would be prohibiting the use of cyberweapons. International law already prohibits states from launching cyberattacks except in self-defense.