Internet privacy and security course
Aa font
AA font size
About translation
Previous Next
Cyber-warfare, cyber diversions and cyber terrorism

Chapter 13

Cyber-warfare, cyber diversions and cyber terrorism

Cyber-warfare and cyber diversions

Many people still dismiss cyberwarfare as a subject of science fiction or a figment of imagination while being unaware of what this word actually means. But cyber-warfare is not a fevered fantasy, this is a reality we will all have to live in, and the better you understand what cyber-warfare is and how it is waged, the better you are equipped for it.

Using a cyber weapon, one can cause nuclear accidents, disrupt all kinds of communications including cellular and satellite connection, paralyze traffic, electricity supply… and yes, this is not a joke.

“I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones.”
Albert Einstein

There is a common misconception that attacks on websites, virus development and information attacks are what cyber-warfare is about and therefore it shouldn’t be seen as a serious threat. The abovementioned is not cyber-warfare yet. However, when the nearest nuclear station has a leak and some radioactive material gets discharged into the air, the cellular service and electricity supply is disrupted this is what real cyber-warfare is about.

We admire computerization that has occurred across the board, often missing one simple truth: while offering ample opportunity, it entails serious threats. This is perfectly understood by the cyber armies of different countries.

According to the news reports, in 2012 the U.S. intensified its investments in the development of attacking malicious software. In 2014 Russian Defense Minister Sergey Shoygu signed the order to set up a cyber-warfare division unit under the General Staff of the Russian Federation, followed later by the establishment of a cyber army. Similar cyber-warfare units exist in many countries, with the most cutting-edge ones in Russia, U.S., China, Israel, North Korea and Great Britain.

The activity of a cyber army involves three key components:

  • Protection
  • Intelligence
  • Attack

A perfect example would be a hacking into Huawei Technologies servers, a Chinese networking and telecommunications equipment and services company, by the U.S. National Security Agency, rleaked by Edward Snowden. This cyber espionage allowed the U.S. to organize the total surveillance of the citizens in China and other countries the equipment was shipped to (including Iran, Pakistan, Cuba).

It’s a bit harder to give an obvious example of cyber protection as it usually comes down to putting comprehensive preventive measures in place. For instance, a model of isolated Internet has been set up in Russia over the past years. It is usually presented to the society as a solution in the event of Russia becoming disconnected from the international Internet network. But it can also be used for isolation in case of consistent cyber-attacks.

Attack includes offensive action either using malicious software or doing without it. A clear example of attacking software would be Stuxnet, the malicious worm capable of physically damaging the critical infrastructure of nuclear sites. Stuxnet was used to sabotage and decommission the centrifuges at the Natanz uranium encrichment plant (Iran) setting back the Iranian nuclear program by two years. Allegedly, Stuxnet was designed by the intelligence services of U.S. and Israel.

Do you know how this type of attack was made possible? An unwitting Siemens employee stuck an infected USB flash drive in his machine. A blatant violation of security rules which Siemens actually confirmed to be their employee’s oversight.

Let me share another example of cyber diversion. In December 2015 the BlackEnergy trojan was used in a power grid attack on Ukraine’s energy suppliers “Prikarpatyeenergo” and “Kievoblenergo”, and over 80 thousand Ukrainians were cut off from power supply for several hours as a result. The attackers demonstrated a high level of coordination, extensive expertise and technical equipment, it was a consummately professional government-level cyber diversion. By the way, the infection was propagated by an email that contained the compromised document accessed on the computer of a corporate network.

One can infer from the examples above that usually (though not always) attacks are performed using simple and straightforward methods, and that they can be prevented with mere vigilance. The BlackEnergy trojan was carried in a document sent by email, Stuxnet – through a USB flash drive stuck into a workstation, it was no rocket science.

This course won’t teach you how to guard against cyber-warfare threats since as you have probably seen for yourself, this is a task executed at the government and intelligence services’ level. But we can tell you how to help your country become better protected.

First of all, you have to understand your role in cyber-warfare. You will most likely be used as a tool for spreading malware, just as in the example with the Siemens employee.

On the big screen an attack on some significant sites is performed through a network scan, search for vulnerabilities and subsequent hacking. However, in practice the majority of key systems are isolated. An isolated system doesn’t have access to the Internet and it is impossible to attack it from there, often the physical access to it is protected by the security service, but as any system out there it is composed of devices that tend to require replacement or repairs from time to time.

For instance, malicious software can be installed during the development/supply process. Suppose, a nuclear power plant requires a replacement of some component. Is it possible tha