It’s a spectre that’s long been feared: a cyberattack on a country’s national infrastructure. But it recently became a reality. Andy Ridgway looks at the escalating cyberarms race
Read the full Cyberwar feature on p67 of the February issue of Focus. Submit a photo of yourself with the February issue for the chance to win an iPad!
THE MAIN WEAPONS OF CYBER WARFARE
- Stuxnet was a worm – a self-replicating piece of software that spreads from computer to computer. Where a virus attaches itself to an existing program, corrupting it, a worm can simply sit on a system, not having any effect.
- But many worms carry a payload. Stuxnet did, installing a ‘back door’ to the computer it had infected that allowed it to be controlled from elsewhere on the internet.
Distributed Denial of Service Attack (DDOS)
- The idea here is simple. By swamping a website with requests for information, you can grind it to a halt. Simple, yet effective. A DDOS attack may take place with a little help from a botnet – a network of computers forced to operate under the control of someone else.
- Typically, these are a tool of the trade for cybercriminals. But they can be bought, sold and rented on the open market, leading to speculation that governments have employed their services.
- This technique is crafty. Here, a piece of software that appears to do something desirable actually turns out to give someone else access to your computer.
- It could steal data, allow your machine to be used as a botnet, or modify files on it.
- Here information is altered in a computer system so it looks correct, but is misleading. A system monitoring temperature, for instance, might keep relaying that it’s low when in fact it’s dangerously high.
- So semantic hacking could pose a real threat to industrial processes and national infrastructure.
THE MAIN TARGETS
- Any system that’s computer controlled is vulnerable to attack.
- A big target will always be the electricity grid, as it affects so many other systems, but there’s also a great deal of automation in the supply of oil and gas.
- Chemical plants often use robotics to carry out work, so meddling with the controls could cause the release of toxic chemicals.
- Modern fighting forces have highly advanced information systems, but that also makes them vulnerable to cyberattack. John Arquilla, a professor of defence analysis at the Naval Postgraduate School in California, says it’s in times of conflict when we’ll really see cyberwarfare come to the fore.
- A pre-emptive cyberstrike on a nation’s command and control system will replace a missile attack – a move from “blitzkrieg to bitskrieg”, as Arquilla puts it.
- One nation may attack another by siphoning off data.
- The GhostNet cyberspying operation, discovered in March 2009, was set up to infiltrate government departments, embassies and even the Dalai Lama’s offices, using a Trojan horse to establish a remote link.
- GhostNet originated in China, though the Chinese Government has always denied any involvement.
Find out more