International Defense Security & Technology Your trusted Source for News, Research and Analysis
Related Articles
Cyber warfare refers to the use of technology to launch attacks on nations, governments and citizens, causing comparable harm to actual warfare using weaponry. Cyber warfare has developed into a more sophisticated type of combat between countries, where you can destroy critical infrastructure such as power, telecommunications or banking by damaging the computer systems that control those infrastructures.
The growing danger of destructive cyber weapons in the future joint operating environment and the devastating effects they may have in the physical domain has prompted experts to catergorize the cyberweapons as WMD. In his book, Countering WMD, Air War College Professor and WMD expert Al Mauroni specifies three basic conditions that a for weapon systems should meet to be defined as a WMD. Benjamin B. Hatch of United States Air Force argues that modern cyber weapons satisfy those conditions.
The system’s fundamental design is the initial consideration for the system to act as a weapon. To meet this threshold, there are two examples to consider. First, the 2009 Stuxnet worm that damaged the centrifuges involved in Iran’s nuclear program is assessed as the “world’s first digital weapon” and the code was fundamentally designed to cause physical destruction on equipment controlled by computers. Second, Secretary of Defense Carter’s confirmation the United States uses cyber in the form of “cyber bombs” and as a weapon of war further supports an argument cyber code designed to cause destruction in the physical domain has met this initial condition.
The second condition Mauroni set is a determination that the weapon has the “capability to cause mass causalities (defined as more than one thousand injuries or deaths) at a single point in time and space.” The DOD Law of Armed Conflict outlines three examples where cyber weapons could be employed to achieve mass casualties. Specifically, cyber operations that: trigger a nuclear plant meltdown; open a dam above a populated area, causing destruction; or disable air traffic control services, resulting in airplane crashes. These examples demonstrate meeting the second condition.
Mauroni’s final condition is that the WMD should be “defined by internationally accepted conventions as a ‘special’ category of weapons systems.” While there is not currently an international convention, there have been attempts to explore such a possibility. The international community has discussed the broader topic, establishing the current international position that international law and in particular, the U.N. Charter is applicable to acts in and through cyberspace, as published in the 2013 U.N. Group of Governmental Experts (UNGGE) consensus report on cyberspace.
Cyber Weapons
A cyberweapon is a malware agent employed by a state or non-state actors against specific targets for military, paramilitary, or intelligence objectives. The “Tallinin Manual on International Law Applicable to Cyber Warfare” defines a cyber weapon as a “cyber means of warfare” that is capable, by design or intent, of causing injury to persons or objects.
Military Cyber Weapons are software and IT systems that, through Information and Communication Technology (ICT) networks, manipulate, deny, disrupt, degrade, or destroy targeted information systems or networks. Commonly, cyber technology will have dual functions: attack/defense, peaceful/aggressive, legal/illegal.
Cyber Weapon Architecture
Just as missile is comprised of three basic elements, the delivery vehicle (rocket engine), followed by a navigation system (tells it how to get to the target) and finally the payload (the component that causes harm) cyber weapons also contain the same three elements.
Cyber Weapon – Delivery Vehicle
There are numerous methods of delivering cyber weapons to their targets. Emails with malicious code embedded or attached is one mechanism of delivery. Another delivery vehicle is web sites that can have malicious links and downloads. Hacking is a manually delivery vehicle that allows a cyber soldier to place the malicious payload on a target computer, system or network. Counterfeit hardware, software and electronic components can also be used as delivery vehicles for cyber weapons
Cyber Weapon – Navigation System
Just as navigation system guides a missile; it allows the malicious payload to reach a specific point inside a computer, system or network. System vulnerabilities are the primary navigation systems used in cyber weapons. Vulnerabilities in software and computer system configurations provide entry points for the payload of a cyber weapon. These security exposures in operating systems or other software or applications allow for exploitation and compromise. Exploitation of these vulnerabilities may allow unauthorized remote access and control over the system
Cyber Weapon – Payload
The payload of a missile is sometimes called a warhead and is packed with some type of explosive. In a cyber weapon the payload could be a program that copies information off of the computer and sends it to an external source. It can also be a program that begins to ease or alter information stored on the system. Finally, it can allow remote access so that the computer can be controlled or directed over the internet. A “bot” (a component of a botnet) is a great example of a payload that allows remote use of the computer by an unauthorized individual or organization.
This three element architecture demonstrates how advanced and sophisticated cyber weapons are becoming. The architecture creates reusability and reconfiguration of all three components. As one software or system vulnerability is discovered, reported and patched, that component can be removed and replaced while the other two components are still viable. This not only creates flexibility but also significantly increase the productivity of the cyber weapons developers
China Fires ‘Great Cannon’ Cyber-Weapon At The Hong Kong Pro-Democracy Movement
In 2019 China employed a state-operated, distributed denial of service (DDoS) cyber-weapon, aiming online forum used by pro-democracy movement protesters in Hong Kong to help coordinate their anti-government demonstrations. According to a report from Chris Doman, a security researcher at AT&T Alien Labs, the Great Cannon of China started the current attack on November 25 2019. This follows an initial attack on August 31 when the LIHKG forum, the Hong Kong equivalent to Reddit. The forum was targeted as it has been used by members of the Hong Kong pro-democracy protest movement to coordinate demonstrations.
While not as well-known as the Low Orbit Ion Cannon (LOIC), a DDoS tool put to very effective use by the Anonymous hacking group when attacking websites supporting the Church of Scientology and later those opposed to WikiLeaks, the Great Cannon has the potential to be a much more significant threat. It works by hijacking web traffic from users within the boundaries of the government-controlled Great Firewall of China and redirecting that traffic to websites external to it. This is achieved by “injecting” malicious JavaScript code into the insecure HTTP connections of sites visited by Chinese users. This interception allows the operators of the cyber-weapon to target a chosen web resource with a DDoS attack.
A Distributed Denial of Service attack is when a threat actor sends more access requests, of various technical flavors, to a web server than it can handle. The more of these superficially “genuine” requests that are sent simultaneously, the harder it is for the website to function normally. The bigger the attack, the slower the targeted site becomes in dealing with ordinary users trying to connect, ultimately resulting in the site going offline. Some of the biggest and best-known websites have been taken offline by such attacks. Perhaps most notoriously of late when Wikipedia, the seventh most popular site on the planet, was the victim of a massive DDoS attack.
An official statement from LIHKG regarding the DDos attack on August 31, stated that the total number of server requests that day exceeded 1.5 billion. “The enormous amount of network requests have caused internet congestion and overload on the server which has occasionally affected the access to LIHKG. The website data and members’ information are unaffected,” the statement confirmed.
Developing extreme cyberweapons like Stuxnet require extraordinary expertise
Developing such malware takes a lot of resources and skill. The target must first be researched to understand the strength of its defenses and any areas of weakness that may exist. “Those who created Stuxnet needed to know the exact amount of pressure or torque needed to damage aluminum rotors within them, sabotaging the country’s uranium enrichment operation,” said Ralph Langner, considered world’s top authority on the Stuxnet worm.
A ‘weaponised’ exploit must then be created in order to deliver and install the malware on the target, and covert communications must be established back to the attacker in order to await further instructions, or capture data for exfiltration. The discovery of the exploit or malware during any of these phases means that defenses can be put in place disrupting the attack and preventing the mission from being completed.
Stuxnet worm was an unprecedentedly masterful and malicious piece of code that attacked in three phases. First, it targeted Microsoft Windows machines and networks, repeatedly replicating itself. Then it sought out Siemens Step7 software, which is also Windows-based and used to program industrial control systems that operate equipment, such as centrifuges. Finally, it compromised the programmable logic controllers. The worm’s authors could thus spy on the industrial systems and even cause the fast-spinning centrifuges to tear themselves apart, unbeknownst to the human operators at the plant.
It is also clear that, in the years since Stuxnet came to light, developed and developing nations alike have seized on cyber operations as a fruitful new avenue for research and development
Quantum revolution to enable sophiticated cyber weapons
The obgoing Quantum technologies have the potential to spur revolutions in computing, sensing, cryptography and beyond. By taking advantage of those properties, quantum computers can process information in new ways, potentially performing calculations far beyond the reach of even the fastest of today’s supercomputers.
Alongside these benefits is a danger from quantum computing that most people don’t realize is here, now, even though the quantum computers aren’t ready yet. Current cryptographic algorithms are vulnerable to progress of computing technology, development of new mathematical algorithms and progress in quantum computing technology which could break many commonly-used asymmetric cryptographic algorithms in seconds.
Cheap data storage and the proliferation of valuable data online increases the feasibility and incentive for long-term storage of even the most solidly encrypted data. Therefore Encryption is being used to protect everything from classified data to the operations of power plants, water supplies, and financial trading systems. China has been using cyber espionage to steal the online encrypted data of US government and industry.
Hackers working for China, Russia, Iran, North Korea, and other nations are doing reconnaissance, stealing data, and hiding backdoors and malware in the networks of US agencies and military contractors, nuclear power plants and dams, banks, and Nasdaq.
Once quantum computers are available, not only will the most critical data be exposed, but quantum-powered attacks will be able to interfere with important cyber-controlled processes as well. This breaking of Cloaked secrets will enable adversaries to build sophitticated cyber weapons to manipulate or destruct the physical equipment remotely. This offensive strategy is known as a harvesting attack.
