Cyber security: weapons & targets

 
Read the full Cyberwar feature on p67 of the February issue of Focus. Submit a photo of yourself with the February issue for the chance to win an iPad!

 

 

 

THE MAIN WEAPONS OF CYBER WARFARE

Worms

• Stuxnet was a worm – a self-replicating piece of software that spreads from computer to computer. Where a virus attaches itself to an existing program, corrupting it, a worm can simply sit on a system, not having any effect.
• But many worms carry a payload. Stuxnet did, installing a ‘back door’ to the computer it had infected that allowed it to be controlled from elsewhere on the internet.

Distributed Denial of Service Attack (DDOS)

• The idea here is simple. By swamping a website with requests for information, you can grind it to a halt. Simple, yet effective. A DDOS attack may take place with a little help from a botnet – a network of computers forced to operate under the control of someone else.
• Typically, these are a tool of the trade for cybercriminals. But they can be bought, sold and rented on the open market, leading to speculation that governments have employed their services.

Trojan horse

• This technique is crafty. Here, a piece of software that appears to do something desirable actually turns out to give someone else access to your computer.
• It could steal data, allow your machine to be used as a botnet, or modify files on it.

Semantic hacking

• Here information is altered in a computer system so it looks correct, but is misleading. A system monitoring temperature, for instance, might keep relaying that it’s low when in fact it’s dangerously high.
• So semantic hacking could pose a real threat to industrial processes and national infrastructure.

THE MAIN TARGETS

Infrastructure

• Any system that’s computer controlled is vulnerable to attack.
• A big target will always be the electricity grid, as it affects so many other systems, but there’s also a great deal of automation in the supply of oil and gas.
• Chemical plants often use robotics to carry out work, so meddling with the controls could cause the release of toxic chemicals.

Military

• Modern fighting forces have highly advanced information systems, but that also makes them vulnerable to cyberattack. John Arquilla, a professor of defence analysis at the Naval Postgraduate School in California, says it’s in times of conflict when we’ll really see cyberwarfare come to the fore.
• A pre-emptive cyberstrike on a nation’s command and control system will replace a missile attack – a move from “blitzkrieg to bitskrieg”, as Arquilla puts it.

Information

• One nation may attack another by siphoning off data.
• The GhostNet cyberspying operation, discovered in March 2009, was set up to infiltrate government departments, embassies and even the Dalai Lama’s offices, using a Trojan horse to establish a remote link.
• GhostNet originated in China, though the Chinese Government has always denied any involvement.

Find out more

• The 7 best office gadgets
• 4 simple ways to speed up an old PC