The ghost in the machine
America has been under foreign cyber attack before. But the Washington Post reports that recent attacks have become serious enough to issue a "rare public warning to the power and utility industry ... a CIA analyst this week said cyber attackers have hacked into the computer systems of utility companies outside the United States and made demands, in at least one case causing a power outage that affected multiple cities." Although at least some of the reported intrusions were by "computers belonging to foreign governments or militaries", the targets this time were, significantly, commercial. "Cyber extortion is a growing threat in the United States, and attackers have radically increased their take from online gambling sites, e-commerce sites and banks, which pay the money to prevent sites from being shut down and to keep the public from knowing their sites have been penetrated, said Alan Paller, research director at the SANS Institute."
In the recent past, many cyber attacks have been directed at government information resources. For example, in mid-2005, a Washington Post blog noted that Britain, Canada and Australia had all been subjected to an attack. "Just hours after British cyber-security officials issued a highly unusual warning that hackers are launching targeted attacks against U.K. government agencies and high-profile British corporations, their counterparts in Canada and Australia issued similar alerts."
But coordinated multi-tier attacks, that is to say attacks directed against different levels of society, first came into prominence during Russia's cyber-attack on Estonia. "The Kremlin’s assault on Estonia is intensifying on four levels of varying sophistication. These include: cyber attacks from within Russia’s Presidential Administration against the Estonian presidency’s and government’s electronic communications; political demands, backed by economic sanctions threats, to change the Estonian government; siege laid by Kremlin-created organizations to the Estonian Embassy in Moscow; and instigatory coverage of the April 27-29 violent riots of Russian youth in Tallinn by Russia’s state television." Estonia marked the combined arms approach to cyberwarfare. To hacking were added the pressure of street gangs, coercive diplomacy and traditional media black propaganda. Cyber-attacks were no longer a standalone weapon conducted by some geeky misfit in a basement. Rather, cyber-attacks became part of a full spectrum of offensive weapons in which the distinction between the "virtual" and the "actual" was eliminated. In Estonia, not only could your database be wiped out, your teeth could also be knocked in by a well delivered Russian punch to your face.
The recent attacks on US "online gambling sites, e-commerce sites and banks" were a blow delivered at the soft-underbelly of its society. They interestingly combined cyber-attacks with traditional blackmail: the victims kept quiet about the penetration of their systems in order not to panic their customers. This prevented the target society from even being aware it was under attack. This also meant the targets could be defeated in detail as each faced the assault alone. Nor were the attacks delivered frontally, or blindly. They were customized to their individual weaknesses. Some attackers probably attempt to recruit employees or ex-employees from the system who know the weaknesses. In 2005, "Britain's National Infrastructure Security Co-ordination Centre said hackers were devising increasingly sophisticated attacks that appear to be custom-made for each target, focusing on individuals who work with sensitive data with e-mails that appear to originate from trusted contacts, news agencies or government departments." Attacks on information systems had been integrated into the traditional military cycle. No longer were they pranks conducted by some pimply teenage prodigy: they were now part of a process which included pre-attack reconnaissance, execution and exploitation.
In late 2007, France reported it was under attack by Chinese information assault forces, just after other Western governments had reported the same thing.
"French information systems fell prey to cyber attacks "involving China", similar to those reported by the US, British and German governments, a top French security offical told AFP on Saturday. "We have indications that our information systems were the object of attacks, like in the other countries," the Secretary-General of National Defence (SGDN) Francis Delon said, confirming a report published in French newspaper Le Monde.
"We have proof that there is involvement with China. But I am prudent. When I say China, this does not mean the Chinese government. We don't have any indication now that it it was done by the Chinese People's Liberation Army," he added.
If it was the Chinese government -- and the centralized control of computer resources in that country make it unlikely to be anything else -- then the attacks would have been the work of what the Strategy Page called the "Three Headed Monster": the "NET Force" corresponding to a general staff; the "Red Hackers Union" (RHU). These are several hundred thousand patriotic Chinese programmers and Internet engineers who wished to assist the motherland -- all behind the Golden Shield Project (also known as The Great Firewall of China) manned by 30,000 Ministry of Public Security employees to keep the targets from repaying Beijing in kind. But whether it was China's Three Headed Monster or the more shadowy, but presumably equally formidable Russians, the attacks on France and other Western countries represented the intrusion of a major force which the average denizen on the Internet would be hard-pressed to resist.
Terrorist organizations, Russia and China, to name but a few, have clearly grasped the potential for information warfare and have developed sophisticated doctrines for its employment. Unencumbered by legacy newspapers, huge television networks, and an entertainment industry still divided into guilds -- institutions used to wage "information war" in 20th century style -- China, Russia and Islamic radicalism were free to invent new modes of information combat. Both the "NET Force" and the cyber-Jihad come at a time when the American concept of public diplomacy still focused on scheduling interviews on talk shows. The true beneficiaries of revolutionary technology may be those who were free of the weight of the old.
One of most dangerous aspects of the new enemy information warfare strategy is its ability to attack the subsidiary and smaller units of Western social organization. Attackers don't need to take down a sophisticated and protected target like the NSA or a multi billion-dollar bank. Instead, they can focus on the medium-sized financial institution, online gambling site, adult movie rental service, credit card company, health fund or social networking site. Like the Blitzkrieg of the 1940s, enemy cyber-attack forces can concentrate on the weakest points of a society, avoid its Maginot Lines, and worm their way in, gaining more entry points and trusted identities with the passage of time. Equally disturbing is the apparent way in which computer attacks have been combined with the traditional methods of subversion like blackmail and possibly the recruitment of insiders to compromise the system. A company with the best computer defense systems may still be vulnerable to the application of old fashioned threats against its employees. In any contest between a small company and China's "Three Headed Monster" the odds are stacked agaisnt the company.
A stock blogger at the Washington Post wonders if the financial markets are next.
With the rising tide of cyber attacks on the infrastructure over the past year or so, and the vulnerability of the power grid, transportation systems, and big banks becoming increasingly clear, investors have to wonder how secure the exchanges are from extortion or efforts to manipulate the markets by individuals or organized groups. The London Stock Exchange suffered a cyber attack this past June. Such attacks frequently originate from overseas, sometimes supported by foreign governments, and perpetrators can be next to impossible to track down and bring to justice.