The Cyberweapons Club: Easy, Cheap & Available… Spurs New Arms Race
By: Terresa Monroe-Hamilton
The Wall Street Journal has a great article out on cyber warfare and the weapons it entails. In recent years, countries across the globe have spent billions on facilities that house the means to wage war electronically. You can be a major player on the geopolitical scene even without nuclear weapons. Joining the cyberweapons club is easy, cheap and open to anyone with a computer and money.
Digital warfare was brought to life when numerous countries carried out successful computer raids… the US was one of those countries. Now, a digital arms race is in full swing with countries all over the globe amassing huge troves of malicious code and nasty methods of breaching networks. You’ve got everything from the simplest of programs that use emails that have a single word misspelled, that ask for a password or for you to open an attachment, to more advanced code that utilizes Twitter handles.
In what I consider to be a faux agreement that means about as much as the Iranian deal, the US and China just signed a limited agreement to not conduct various forms of cyber attacks against each other. These have to do with corporate raids and domestic companies. But government espionage is still on the table and fair game. What a joke.
We’ve already seen a great deal of movement in this arena. Take Pakistan and India for example. They are nuclear rivals and hack each other all the time. Estonia and Belarus fear Russia and are working feverishly to build some kind of defense against the Russians. Good luck with that. Denmark, the Netherlands, Argentina and France are all developing offensive computer weapons. Everyone is getting ready for a new frontier on the battlefield.
There are now over 29 nations who have units dedicated to hacking other countries. 50 countries or so have actually purchased canned hacking software that they use for domestic or international surveillance. The US is said to have one of the most advanced operations out there. I’m not so sure of that. I believe that Russia, China, Iran and North Korea all have us beat hands down. As do the Israelis.
Invasive digital attacks are used to mine data and steal information. Computers can be erased at will. Whole networks can be disabled. In one instance, nuclear centrifuges were destroyed. These techniques are used for good and bad reasons. But it’s like Pandora’s box… now that it is out there and growing, nations must not only be defensive, they have to be offensive on this front.
More worrisome attacks are coming our way. Cyberweapons that take down electrical grids, disable domestic airline networks, jam Internet connectivity, erase money from bank accounts and confuse radar systems are being developed. Instances of probing in these areas have already occurred in the US and it is only a matter of time before a major attack comes in these areas. Many of our enemies already have their software on systems throughout the US, quietly lurking until they are triggered for whatever reason. It’s a ticking time bomb.
Our military strategies and tactics will have to change with these new developments if we are to survive. Attacks like these are almost impossible to entirely stop or to trace. To face off against these new threats, we will have to have highly trained units that fight this battle 24 hours a day. Many are already in place and working the issue. I’m just not convinced they will be fast or good enough.
Dozens of countries are now armed to the teeth with cyberweapons. Some Defense Department officials compare the current moment to the lull between the World Wars when militaries realized the potential of armed planes. I believe we are already in World War III and just don’t seem to grasp it yet.
Speaking of war, Syrian hackers have been at it already in that country, looking into the doings of the rebel militias, stealing tactical information and then using that intelligence to attack them. It’s been effective and efficient. With the aid and advice of the Russians, the Syrian government is using high tech as well as on the ground military maneuvers to annihilate their enemies.
As for the US, we know what some countries are up to, but as for many of them, we have no clue. I would say we are in the dark as to a great deal that our enemies have accomplished in the cyber arena. That’s a deadly mistake. In fact, I don’t think anyone, other than the new Axis of Evil (Iran, Russia and China) know exactly how skilled our enemies are in cyber espionage and warfare. You would think that the NSA, CIA and FBI would have a better grasp on all of this, but they don’t.
The new battlefields out there will be comprised of hard military assets, intelligence services and cyber armies. You already see this in the big boys out there: the US, China, Russia, Iran, North Korea and Israel.
The Chinese are masters at hacking. They are infamous for low-tech phishing schemes that trick people into granting them access to their networks. That’s probably how they hacked the Office of Personnel Management. A contractor fell for an innocuous looking email and presto! The Chinese cracked the network and gained access to more than 21 million people’s information. China of course lied. That’s one thing about all these spying nation states… they all lie.
The Chinese army has whole divisions that are devoted to cyber warfare. They believe in unconventional warfare and have been very busy at pushing boundaries abroad. They are very good and very covert. In fact, they even fix what they break on the way in. You never even know they are among you.
China opposes the militarization of cyberspace or a cyber arms race, said Zhu Haiquan, a spokesman for the Chinese Embassy in Washington, adding China “firmly opposes and combats all forms of cyber attacks in accordance with law.” Yeah, well… it depends on what “law” means. And once again, they lie.
On to the Russians… they are very good as well and have just as many units dedicated to cyber warfare as the Chinese. The Russians love to go after diplomatic and political data. They are very good at tailored emails that ensnare their victims. They have dug into the networks at the Pentagon, State Department and White House, also using emails laced with malware, according to security researchers and US officials. The Russian’s have stolen Obama’s daily schedule and his diplomatic correspondence. The Russians say nyet, but of course, they lie.
“Russia has never waged cyber warfare against anyone,” Andrey Akulchev, a spokesman for the Russian Embassy in Washington, said in a written statement Friday. “Russia believes that the cybersphere should be used exclusively for peaceful purposes.” They always deny – lying is second nature to the Russkies.
US spies and security researchers say Russia is particularly adept at developing hacking tools. Some malicious software linked to Russia by security researchers has a feature meant to help it target computers on classified government networks usually not connected to the Internet. They have a virus that literally jumps onto USB thumb drives, just waiting for a user to plug it in on a classified network. It’s ingenious and evil.
The Russians are subtle. They will hide stolen data in a whole host of ways. They’ll mix it into normal network traffic. They know just how to fool most cyber security defenses. For instance, they have a piece of malware that hides its communications in consumer web services. The code downloads its instructions from a set of Twitter accounts. It then exports the data to a commercial storage service. Since corporate cyber security systems don’t block traffic to and from these sites, this can be very effective.
But the Iranians go even further. They aren’t content with just stealing information… they use cyberweapons to destroy computers. They’ve done it at least twice. Government investigators believe Iranian hackers implanted the Shamoon virus on computers at Saudi Arabia’s Saudi Aramco, the world’s largest energy firm, in 2012. The Aramco attack erased 75% of the company’s computers and replaced screen images with burning American flags. The attack didn’t affect oil production, but it rattled the company as it gave away the extent of Iran’s cyber capabilities. Ostensibly, the move was in retaliation for the alleged US-Israeli attack on Iran’s centrifuges utilizing the Stuxnet computer worm.
Director of National Intelligence James R. Clapper has said that the Iranians used malware to destroy computers last year at the Las Vegas Sands Corp. The owner, Sheldon Adelson, is a major critic of the Iranian government.
The US also contends that Iranian hackers have taken down websites of numerous US banks in DOS attacks. This was in response to a YouTube video on the Prophet Mohammed supposedly. More likely, it had to do with economic sanctions and the Stuxnet attack.
In 2012, Iran announced the creation of the Supreme Council of Cyberspace charged to oversee the defense of Iran’s computer networks and develop “new ways of infiltrating or attacking the computer networks of its enemies.” Since Obama has inked the suicidal nuclear deal with Iran, cyber attacks have slowed somewhat, but that won’t last long. There are no illusions that Iran is in any way an ally to the US. They have aligned with Russia and China to eventually war with us. Tehran appears “fully committed” to using cyber attacks as part of its national strategy.
Let’s peek at the NoKos, shall we? Of course, their latest claim to fame is the Sony hack. It was in retaliation for the movie, “The Interview,” which portrayed their trollish leader in a less-than-favorable light. In it, Kim Jong Un gets offed. No big loss. The retaliatory hack was arguably one of the most successful nation-state breaches ever. Many suspect an inside job since the malware was implanted directly on Sony computers. This allowed the NoKos to steal and destroy data at will. South Korea has also said that the North Koreans have attempted to hack one of their nuclear reactors, as well as a television network and a major bank. The NoKos haven’t denied anything. They don’t care who knows or accuses them.
Looking for work? Defense contractor Northrop Grumman Corp. has advertised for a “cyber operations planner” to “facilitate” offensive computer attacks with the South Korean and US governments, according to a job posting listed online. The scope is undisclosed and probably above all of our pay grades.
I keep hearing the US has the most advanced operations. But as I said before, I highly doubt that. The NSA is touting itself as the “crown creator of cyberespionage.”
In a spectacularly treasonous move, former National Security Agency contractor, Edward Snowden. leaked documents that showed the NSA had implanted malware on tens of thousands of foreign computers. That allowed the US government secret access to data and potentially the industrial control systems behind power plants and pipelines. Color me skeptical, but who knows?
US Cyber Command now has nine “National Mission Teams” with plans to build four more. Each are comprised of 60 military personnel that will “conduct full-spectrum cyberspace operations to provide cyber options to senior policy makers in response to attacks against our nation,” a Pentagon spokesperson said. The Navy, Army, and Air Force will each build four teams, with the Marines building a single unit. Each will have a “separate mission with a specific focus area,” though these have so far remained secret.
In 2014, the Netherlands announced it would begin training its own Internet troops through a domestic cyber security company, called Fox-IT. The head of the Dutch armed forces, Major Gen. Tom Middendorp, said in a symposium the group should be prepared to carry out attacks, not just block them, according to a Dutch media report. The Netherlands’ military strategy, laid out in various documents, refers to hacking as a “force multiplier.”
In 2013, Denmark’s Defense Ministry began allocating about $10 million a year for “computer network operations,” which include “defensive and offensive military operations,” according to government budget documents. That amount is just 0.24% of the Danish defense budget.
There are a lot of software engineers out there producing canned systems for private parties. It’s a seller’s market out there and countries are paying top dollar for cyber warfare software. A document leak on the Italian firm Hacking Team revealed the company had sold its surveillance tools to dozens of countries, including Sudan, Egypt, Ethiopia and Azerbaijan. Money is king and everyone has a price. Our own FBI is evidently a customer of the Hacking Team who promotes their product as “the hacking suite for governmental interception.” It’s the perfect tool for exploiting holes in software to gain access to computers and mobile devices.
States aren’t the only players. About 30 Arabic-fluent hackers in the Palestinian territories, Egypt and Turkey are building their own tools to hit targets in Egypt, Israel and the US, according to researchers.
In August, the US used a drone to kill Islamic State hacker Junaid Hussain in Raqqa, Syria, showing the extent to which digital warfare has upset the balance of power on the modern battlefield. The British citizen had used inexpensive tools to hack more than 1,000 US military personnel and published personal and financial details online for others to exploit. He helped sharpen the terror group’s defenses against Western surveillance and built hacking tools to penetrate computer systems as well.
All this cyber warfare and espionage is making national security and cyberweapons experts very nervous. A really big and debilitating attack could come at any time and we would pretty much be powerless to stop it. We just have no idea what the bad guys are capable of. “What we can do, we can expect done back to us,” said Howard Schmidt, who was the White House’s cyber security coordinator until 2012. The US is thinking, “Yeah, I don’t want to pull that trigger because it’s going to be more than a single shot that goes off.”
The jokes on us… that trigger has already been pulled. Let’s just hope the US isn’t home to the walking dead because of it. Because the cyberweapons club is so easy, cheap and available… we are watching a new arms race take off. The US is not in the forefront of this race and we had better hustle to catch up and overtake our enemies. Cyberspace is the new battlefront.