Mar
18

Bot Wars

“China’s cyber-spies have been hacking countries left and right. They were blamed for the enormous data breach at the US Office of Personnel Management that compromised the data of more than 21 million people.” — Samuel Bocetta, CFIF

We’ve all heard of “cyberwarfare”. It gets mentioned in the news along with “cybersecurity” and various attempts by hackers foreign and domestic interfering with our election process, stealing financial and other personal information, sabotaging civilian or military infrastructure, technological espionage, etc. For a little more detail on what “cyberwarfare” entails and the seriousness of the threat, Samuel Bocetta published his recent article “A Layman’s Guide to Bot Wars” at the Center for Individual Freedom.

(Just f.y.i., my last article on this topic was “Cyberattack Risk Assessment” from Aug. 2017.)

Bot: An Internet Bot, also known as web robot, WWW robot or simply bot, is a software application that runs automated tasks (scripts) over the Internet. Typically, bots perform tasks that are both simple and structurally repetitive, at a much higher rate than would be possible for a human alone. (Wikipedia)

Some bots are used for “good” (e.g., search engine spiders), but others can be launched for destructive purposes against targeted individuals or systems. Technically, ransomware and similar cyber attacks by criminal hackers do <not> fall under “cyberwarfare”, though “[n]on-state actors are sometimes recruited for cyberspace operations.” In essence,

“[C]yberwarfare is a sequence of digital attacks intended to disrupt or damage networks or computer systems in a rival nation state…. for the purpose of sabotage or espionage. This includes anything that assists a country in expressing its political will or waging war. Targets may include military facilities, weapons, fuel for jets and planes or any combat elements used to achieve combat objectives.”

How grave is the threat, you ask?

“The largest concern among government officials and intelligence agencies is that cyber attacks could affect vital infrastructure like power grids or banking systems. It was previously believed that no hacker would be sophisticated enough to pull off an attack on the power grid, but this has since changed.

In September of 2017, security firm Symantec alerted the media to a rash of hacker attacks that compromised energy companies in the US and abroad. In a handful of these cases, Symantec said that the hackers had gained [the ability to control] the interfaces power company engineers rely on to send commands to equipment like circuit breakers, enabling them to stop the flow of electricity into homes and businesses.”

Pretty scary stuff, and it can be done suddenly (from the target’s perspective) and remotely! That’s why many nations’ governments are spending crazy amounts of money on cyber defense and cyberwar research. In the U.S., several cybersecurity measures were included in the $700 billion military spending bill just signed by President Trump.

Attackers often hijack poorly-secured computers to use as proxies, thereby making it all the harder to trace the actual perpetrators. Investigators have to study past attacks to detect patterns (of tools and methods used) and establish a “digital fingerprint”. Hopefully, they can then identify the machines being used as “command & control” for the cyber attacks. Once their location is known, a defense can be developed and/or a real-world strike can take them down.

“[A]ll cyber attacks should be taken seriously, but for those who are navigating the murky waters of cyberwarfare, a distinction needs to be made among pranksters, criminal elements and nation state threat actors…. Threat actors differ from other hackers in that they are directly and deliberately responsible for a security incident which impacts an organization’s security protection and sensitive data…. The aim could be to copy sensitive information or physically demolish that information.”

We usually hear about Russia and China’s cyber-espionage efforts, but they’re not alone.

“In November of 2010, a group calling themselves the Indian Cyber Army hacked websites belonging to the Pakistan Army, the Ministry of Foreign Affairs and more as an act of revenge for the Mumbai terrorist attacks. In response, a group calling itself the Pakistan Cyber Army retaliated by hacking the website of India’s Central Bureau of Investigation.

One year earlier, coordinated denial of service attacks against government, media and financial websites in South Korea were traced back to the United Kingdom.

In 2012, seven Iranian nationals were indicted for installing malicious code on a computer that controls a dam in New York State.”

What can we do? On a personal level, there are, of course, free and paid software (e.g., anti-malware) and services (e.g., VPNs) that we regular folks can use to secure our machines, create regular backups, and protect our identities and other information. (Of course, they aren’t impenetrable, either.) Beyond that, we have to rely on ISPs, financial institutions, etc., in the private sector to secure their own systems. We also have to trust the government to secure its installations. That is hardly comforting. As Bocetta says,

“Innovation will be key to thwarting cyberwarfare, but the government sector is notoriously slow in obtaining information and communication technology. This will have to change if America and its allies are to ward off state actors and black hat hackers.

System-level policies should exist for probable cyberwarfare targets and security frameworks should be put in place. Risk management is also a key factor in determining a reasonable and appropriate defense. Facilities should maintain monitoring, security protocols and incident response.”

Despite the huge threat that cyber attacks pose, Bocetta is somewhat optimistic:

“[C]yberdefense exercises like the NATO-backed Locked Shields event send a strong message of assurance. Although cyberwar is a harsh reality, it won’t lead to a digital apocalypse.”

I hope he’s right.