Govt 11: Cybercrime and Cyber warfare (v1.0)

Key reference is Prof Paul Rosenzweig of George Washington University.  

The world woke up in July 2010 to a new era. The cyber mantra up to that point was effects of cyber-attacks would be restricted to the cyber domain. Symantec discovered more than 400 million pieces of malware in 2011 and rendered them harmless. But a new malware arrived in 2010 called STUXNET that ushered the world into a new era. STUXNET was very sophisticated, and managed to penetrate all the defenses, and rendered at least 1000 centrifuges inoperable in the Iranian uranium enrichment plant in Natanz. It required a great deal of insider knowledge of the actual systems involved. It is estimated to have set back the Iranians by at least 2 years in their nuclear quest. More than the actual damage, it was a clear warning by hostile powers to Iran that it was vulnerable. Malware like that could cause immense harm to just about any system controlled by computers including power plants, drones, missiles, aircraft, weapons, dams, water systems, electric GRID, financial institutions, etc. Since computers are ubiquitous, they threaten the whole world. 

The internet was enormously successful because it was simple (and somewhat dumb) and open, transparent, and interoperable and very flexible and very easy to use. Access to it is not controlled. No one person controls it. Anyone can extend it by purchasing a DNS name. Security and identity were not a major focus.  It is therefore vulnerable. There are over 2.5 billion users worldwide. There are over 630 million domain names with 22% in the US. Every minute 1800 terabytes of new information are created. Every 2 days we create as much information as from the dawn of civilization up until 2003!! The network itself is made up of much hardware and infrastructure and physical communication links located across geography and highly distributed and is gigantic.  Anything connected to the internet is potentially hackable.

 There are five features of the internet that make it especially vulnerable. It is borderless - it is hard to control the flow of information across borders. It allows anonymous action and there is also the problem of attribution - identification is hard to do. It allows instantaneous action at a distance. It is an asymmetric system where small actors at low cost can have disproportionate effects.  Lastly all the information is 1's an 0's and there is no distinction between different types. Now a days a lot of attention is being focused on how to defend critical systems from cyber-attacks. At the same time countries or even criminals or hacking groups are devoting a lot of effort to attack the systems of an enemy or ransom or theft target. You as a user should also take actions to protect yourself. 

Malware exploit security flaws in software at the OS, networking, or application level. Once the flaw is known, it could be fixed with a software security update. A newly discovered flaw is very valuable to a hacker. When that attack is launched, it is called a zero-day attack and is frequently used in highly consequential attacks. The first virus to ever infect a PC was a harmless demonstration virus called Brain.A in Jan 1986. Today there is an attack taking place every day. They disable, disrupt, degrade, or destroy. The simplest is a DDoS attack (Distributed denial of service attack). It makes a huge number of fake requests from many infected hosts stealthily controlled by the instigator (called botnets) to overwhelm a website. The website’s data though is fine. Botnets can also do other things like send spam. Web crawlers or spiders may crawl through the internet to capture information like your email address. The Conficker botnet was over 9 million strong!! An infected host tries to spawn itself to other hosts possibly through a email. In Trojan, the malware is hidden inside a legitimate program that you download. Do NOT click on links or open attachments in emails or download programs you are not sure of!! "Phishing" refers to an attempt to steal sensitive information by masquerading as a reputable source with an enticing request to lure the victim in order to trick them. Spear-phishing attacks target a specific victim, and messages are modified to specifically address that victim, purportedly coming from an entity they are familiar with and containing personal information. Spywares are threats that reside for a long time and makes the computer vulnerable to continuous monitoring from the outside including monitoring all keystrokes, turn on webcam, or monitor voice input. A logic bomb is a string of malicious code inserted into a program to cause harm when certain conditions are met. Adware is software that automatically displays or downloads advertising material (often unwanted) when a user is online.

How prevalent are these attacks? We don't really know. Government does not count anymore. A limited study in Canada estimated that there were 80,000 zero day exploits a day. That there were 1.5 million compromised computers on any day. These attempted 21 million botnet connections a day. It is estimated military systems are probed thousands of times and scanned millions of times a day. It was estimated in 2021 that worldwide losses due to cyber-crime could be about 6 trillion dollars a year and could increase to 10.5 trillion by 2025. Intellectual property theft losses constitute a significant part of it. 

A big segment of cybercrimes/fraud is theft of money or identity or documents/information/media of high value. It is endemic and pervasive. Many of these cybercrimes are like regular crimes. Most are covered by existing laws. Some though are much harder to prosecute. The Nigerian scam is an example that is custom tailored to cyberspace that is hard to prosecute. The dupe is promised a large sum but is asked for a small upfront charge that increases over time for various reasons. This is sent to millions of people. Even if only a small percent fall for it, it is still very profitable.  There are many scams. Economic espionage is another driver including intellectual property theft that sometimes originates in China. Many attacks today are launched by organized crime syndicates that are sometimes based in Russia. 

Another category of crimes is computer crimes. Assuming a fake identity that is not allowed by that social media, or an employee emailing a confidential document that was not allowed, hate posts that are not allowed, etc. This is covered by the CFAA (Computer Fraud and Abuse Act). But CFAA likely makes hack back a crime (an aggressive defensive measure a company can use). 

Hacktivism is a phenomenon where many protesters or activists of some policy of government decide to launch a coordinated attack on a country's government website to protest or show their displeasure. This happened in Estonia with a DDoS attack from Russian hackers, and it brought the government to its knees. These typically are simple in form like a DDoS attack or defacement of a website.  Wikileaks and anonymous are other examples which were more sophisticated. Anonymous borders on cyber insurgency. Many more have sprung up. There are also counter "good" groups like the happy Ninjas who focus on fighting these other groups.  Much of the internet is physically in private hands. Corporations that object to some government policy can potentially cause the parts they control to "malfunction". 

Nations are increasingly considering cyberspace as a separate domain for conflict. There is no clear consensus on what exactly it is and its scope. But some form of Cyberwar is inevitable. The pentagon's policy is that if there is a cyber-attack that can be categorized as an act of war then the US will use absolutely any means at its disposal for a proportional response. But the hard part is deciding what is an act of war in cyber space. 

So what are the defenses available? That will have to wait for a later essay.