Humans have always loved war, and the cybernetic environment is no exception. First hacking attack happened in 1986. Clifford Stroll, US astronomer, had been working as a system administrator in the Lawrence Berkley National Laboratory. He was tasked with checking the 75 cent discrepancy in the payment system, and before long, he discovered a hacker.
Acting all on his own – despite repeatedly requesting assistance of FBI, CIA, NSA and AFOSI – he identified a hacker who had breached over 400 governmental computers. Hacker, who called himself Urmel, real name Markus Hess – a West Germany citizen – was selling information to KGB for 54 000 USD. He was arrested and received only 20 months of conditional penalty. His colleauge was far less lucky – he was found dead, burned in the forest, and his death declared a suicide. But while this was an interesting espionage story, an outright cybernetic attack of one country on another would have to wait for a decade.
First APT (Advanced Persistent Threat) where a hacking attack of one state against another had been documented was Moonlight Maze, discovered in 1999. Forensical analysis had shown that the napad had been active from 1996., and originated in Russia. It had compromised NASA, Pentagon, Department of Energy, and other governmental agencies. A question appeared of whether US were under attack, and if a war should be declared. Instead, US embassy travelled to Moscow, where they were introduced to a very friendly general. He was so friendly that he confirmed GRU (Glavnoje Razvjedivateljnoje Upravljenije) was behind the attacks – but he disappeared the next day. Of course, GRU were just doing their job – even today, United States are spying on its European allies such as Germany and European Union in general. Most significantly, Denmark helped the US spy on Angela Merkel. At any rate, the attacks stopped, only to resume two months later. This led to the US deputy to Minister of Defense, John Hamre, stating that cyberwarfare is a real threat.
Hacking developed quickly. While for a long time, it was done simply to obtain information, hacking had been destructive – physically destructive – for some time. This aspect of hacking was introduced in particular with Stuxnet, a worm which targeted SCADA (Supervisory Control and Data Acquisition) systems used in the Iranian uranium enrichment programme. Stuxnet, discovered in 2010., utilized four 0-day vulnerabilities (zero-day, the vulnerability unknown to the producer) to spread throughout the supposedly isolated network of uranium enrichment facilities in Natanz. There, it activated only when it found a certain combination of hardware and software, and slowly accelerated the enrichment centrifuges in order to destroy them while displaying previously recorded data to hide its presence. Important aspect of this attack was the fact that a cybernetic attack had destroyed something in the physical world.
Stuxnet itself was a combined work of the US TAO (Tailored Access Operations, today Computer Network Operations, a part of NSA), and Israeli Unit 8200 (part of Israeli Defense Forces). TAO is also connected to the Equation Group, which is classified as APT (Advanced Persistent Threat). This group targets Russia, Iran, Pakistan, Syria and India by using various weaknesses.
Escalation happened during the war in Ukraine. Russian hacker group Sandworm – suspected to in reality be Unit 74455 of Russian Intelligence Service (GRU) – undertook a cybernetic attack against multiple targets within Ukraine during 2015. and 2016. Attacks hit the Ukraine’s electricity distribution network, leaving the country without power. Also attacked were the railway company Ukrzaliznytsia, as well as ministries of Infrastructure, Defense and Finances. Attacks, aside from data acquisition, also aimed at disabling the services as in each case data was erased after being acquired. But there was no response at all, showing that hacking attacks, regardless of their extreme potency, can be carried out with no repercussion.
Only on 19th October 2019. did the US convict, in absentia, six GRU officers for participation in cybernetic attacks, including ones in the Ukraine, 2017 French Presidential Elections, NotPetya ransomware, attack on winter Olympics in 2018., attempt at hacking the Organization for Banning of Chemical Weapons, and attacks on Grusia in 2018. and 2019. Council of the European Union changed the Decision on measures against cybernetic attacks, and introduced sanctions against two Chinese citizens who had worked with state-sponsored hacking team APT10, four Russian citizens working for GRU, one Chinese company with connections to APT10, one North Korean company with connections to APT38, and the Main Center for the Special Technologies of GRU, that is, Sandworm.
That these decisions had shaken Russia was proven when it undertook a hacking attack named SolarWinds, compromising 18 000 users of the SolarWinds Orion programme, including several Fortune 500 companies, US Governmental agencies (including Pentagon, Home Security etc.), UK Governmental agencies… US and UK governments stated that the attack was carried out by the APT29, Russian hacking team in service of SVR, which often acts in concert with Sandworm and APT28 (that is, GRU’s Unit 26165).
United States had tried to protect networks, with the first directive (NSDD-145) being passed in 1984., warning of extreme vulnerability of the systems to hacking. Ironically, the initiative had been started by the President Ronald Reagan after watching the movie WarGames, where a young hacker nearly causes a World War III by breaking into the NORAD computer. What is even worse is the fact that the movie had, in fact, accurately described the state of cybernetic security in the United States, and even the world, at the time – there was none. Movie was heavily based on descriptions (and advice) of William Ware, then-director of RAND think tank. As early as 1967., Ware attempted to give a dose of security to ARPANet, but as priority was to make the system functional, his advice mostly fell by the wayside.
When NSA was functionally beheaded after the fall of the Soviet Union, another movie – Sneakers, written by the same scenarists who had written the WarGames – provided inspiration for the newly-chosen director of the NSA, Rear Admiral John Michael McConnell. Yet it was only after 2001. that US cybernetic forces started developing in earnest.
Cybernetic Warfare Today
Situation today is of the “good news, bad news” sort. Good news is that states are aware of the situation, and the danger brought by the extremely computerized systems of public and other infrastructure. Bad news are that the number of cybernetic attacks is in continual increase, be it those sponsored by the states or by private entities. European Union and the United States both had employed measures for protection against cybernetic attacks.
Problem of cooperation is large one. States continually spy on each other, including allies. US NSA had, in partnership with Danish intelligence agency FE, spied on its European allies. But the US had used this cooperation to also spy on Danish politicians and businessmen, which Denmark revealed in Operation Dunhammer.
Future is not bright either. Between 2017. and 2020., state-sponsored cybernetic attacks had increased by 100%, and over 40% of the attacks included hybridization where physical property was attacked in addition to data.
5 thoughts on “Cybernetic Warfare”
Reblogged this on Defense Issues.