Cyberwarfare, Part I: State-Sponsored Hacking

As long as countries have existed, they’ve looked for ways to dominate each other through warfare and whatever other means they can find. War aims to weaken or destroy an adversary – and, these days, as so much of life and finance have moved online, war’s moved online, too. Cyberspace is now often viewed as a new fifth domain of war, alongside land, sea, air, and space.

There are many forms of cyberattacks with geopolitical goals. One thing they often have in common: it’s hard to know exactly who the attackers were. That means governments can deny responsibility, it’s hard for defenders to respond, and it’s hard for citizens to decide who’s telling the truth. In some cases, attacks are never made public, and it’s likely that some attacks are never even discovered.

Also, the attacks are often (though not always) “asymmetric”: a small group of attackers with modest resources can do disproportionate damage, whether on their own or with the encouragement of their governments. (This has clear historic precedent: for centuries, semi-independent “privateers” like Sir Francis Drake were authorized by their governments to attack foreign ships just like pirates did.)

Cyberwarfare’s relatively low cost and difficult traceability makes it attractive to many attackers – so it seems likely it’ll get worse before it gets better.

The rest of this week’s article explores some of what’s (probably) known about cyberwarfare against a country’s information systems, networks, and data assets, based on hacking by technically smart attackers. We’ll take a look at some key attacks and their likely sources. Next week, we’ll consider cyberwarfare through influence campaigns aimed at disrupting and dividing societies through social media.

One of the first major cyberwarfare attacks was the Stuxnet worm in 2010, widely reported as having been created by U.S. and Israeli intelligence services. Stuxnet infected Iran’s uranium enrichment facility at Natanz, damaging over 1,000 centrifuges and significantly delaying Iran’s nuclear program.

A wide and diverse array of attacks have followed, with many governments implicated and many nations victimized. These have included network break-ins aimed at stealing high-value data and compromising national and defense infrastructures; denial of service attacks taking a country’s crucial services offline; ransomware attacks encrypting key data; and attacks against a country’s flagship private businesses, regional and local governments, or medical services.

The non-profit Center for Strategic and International Studies (CSIS) maintains a database of attacks that have been made public. It’s an unnerving read. Just a few examples cited by CSIS:

• An apparent wave of North Korean cyberattacks on critical infrastructure and industries in 17 countries, using malware similar to the code used to attack Sony Pictures in 2014 (after it released a movie portraying an assassination attempt against the country’s leader).
• The 2017 NotPetya attack against Ukrainian financial, energy, and government sectors that ultimately spread to 60 countries – an attack the U.S. and U.K. claim was launched by the Russian military as part of its efforts to destabilize the Ukrainian government.
• The October 2018 indictment of 10 Chinese intelligence officers and their recruits for allegedly conspiring to steal sensitive commercial aerospace information and technology from U.S. companies.
• The August 2012 Shamoon cyberattack disabling Saudi Aramco, Saudi Arabia’s state oil company, widely viewed as an Iranian government retaliation for previous attacks. This has been followed by increasingly dangerous follow-on attacks from unidentified state actors, including one in 2017 that nearly caused a large petrochemical plant explosion by compromising the company’s U.S.-built industrial control systems.

While some of these attacks have specific strategic targets, once they’re unleashed, many can cause wider damage. For example, the WannaCry ransomware attack – allegedly launched by a hacker on a North Korean “government-sponsored hacking team” – hit some 200,000-plus computers in 150 countries.

Nothing personal, but yours could have been one of them. That’s just one more reason to keep your computer up-to-date and protected by advanced anti-malware software like Sophos Home Premium – even if you haven’t annoyed a single government anywhere on Earth.