Cyber wars

permalink e-mail story to a friend print version

Published 28 November, 2008, 15:28

The Pentagon’s top secret computer networks have been increasingly under serious cyber attack, which, according to insider information, can pose a serious threat to U.S. national security. The so-called “malware” strike is thought to be coming from Russia, creating further tensions in an already volatile relationship.

Yahoo StumbleUpon Google Live Technorati

del.icio.us Digg Reddit Mixx Propeller

Although military computer networks are regularly under threat and attempts at breaking through their security systems are not unusual, U.S. military representatives indicate that the recent one was something out of the ordinary. The piece of malware used within it was specifically designed to target military networks.

According to insider Pentagon sources, quoted by the Los Angeles Times, the attack struck hard at networks within U.S. Central Command, the headquarters that oversees U.S. involvement in Iraq and Afghanistan, and affected computers in combat zones. The attack also penetrated at least one highly protected classified network. Nevertheless, officials refuse to point out the full extent of damage inflicted.

U.S. military experts have refused to clearly point out the source of the cyber attack, therefore shying away from saying whether they blame an individual hacker, or the Russian government as a whole for backing the worm’s spread throughout the army’s systems.

The seriousness of the situation is amplified by the fact that Pentagon officials took the unprecedented step of notifying President Bush of the cyber attack concerns. In the light of ever-growing tensions between Russia and the U.S., the question of cyber warfare is an increasingly potent one. With U.S. plans to install a missile defence system in Eastern Europe, the new strategic object and its technology could become a target for further attacks.

Precautions

To prevent the rapidly-spreading worm from affecting an even larger amount of systems in the Security Department’s network, several precautionary measures have been put into place. The use of thumb drives, CDs, flash media cards and all other removable storage devices has been banned. This is done to keep the worm from multiplying further within the military nets.

The ban originates from an internal U.S. army email and is signed by the U.S. Strategic Command. The suspension, which covers everything from external hard drives to floppy disks, was supposed to take effect immediately until further notice. And, although for central Pentagon offices, this may be just a minor inconvenience, for those working in the field it changes the whole basis of activity. With bandwidth scarce in remote locations, the military used to be heavily reliant on takeaway storage devices.

The malware which has currently become a headache for U.S. military officials is a virus known as agent.btz. It has circulated around private U.S. computers for months, but has only recently infiltrated governmental and military computers. This variation of the “SillyFDC” worm spreads by copying itself to portable storage devices. When the infected drive or disk is plugged into a second computer, the worm replicates itself again – this time on the PC.

“From there, it automatically downloads code from another location. And that code could be pretty much anything,” says Ryan Olson, director of rapid response for the iDefense computer security firm.

Cyber security is a constant concern for the U.S. government, which tries to counter new virtual threats as soon as they emerge. The government-led information technology giant Cyber Storm tests every other year the defense capabilities of the Defense Department and dozens of other federal and state agencies, private companies and even some foreign governments.

Nevertheless, the realities of cyber warfare are such that new and innovative threats emerge almost constantly, and any coordinated effort to counteract them is almost certainly going to be outdated before it begins.

Cyber combat – how useful is it?

During the Ossetian conflict in August 2008, a series of sweeping cyber attacks were launched against Georgia. However, some analysts point out that virtual warfare is more of a nuisance than an actual potent military threat.

Experts, who closely observed cyber warfare developments during the Caucasus conflict, noted that the attacks were impressively well coordinated. According to Richard Cloven, an information technology expert, the hackers knew exactly which websites to attack “and how to take them down” for maximum damage to be caused.

The Grey Goose team said the attacks were led by two Russian hacker forums, StopGeorgia.ru and Xakep.ru. However, as any user of the Russian internet will point out, these resources are dedicated to open discussion of hacker-wannabes. The real masterminds behind cyber attacks are unlikely to keep a public profile.

“The forums spent a significant amount of time discussing the merits and drawbacks of different kinds of malware, including traditional Distributed Denial of Service tactics and tools,” the team said in a report released Oct. 17.

An intricate “kill chain” was developed on the forums. It included recruiting novices, keen to participate in internet attacks on Georgia, developing lists of potential targets, selecting the appropriate malware to use and then, after careful planning, launching the attacks from all possible cyber fronts.

RT itself, which, as the time, was the only international resource pointing out that Georgia initiated the conflict, suffered two cyber attacks over the course of the 5-day war. According to RT’s sources, the first attack was a trial one, while the second one would have cost up to a quarter of a million dollars. Such resources can hardly be sought on open online communities.

Nevertheless, analysts point out that in the context of the Georgian conflict, the cyber attacks were more of an unfortunate nuisance than an active threat. The Georgian military and government do not strongly rely on information technology and the internet, which cannot be said for the U.S. So, the same sort of virtual warfare could be catastrophic for the U.S.

“Our critical infrastructure systems are fundamentally dependent on the Internet and IP-based technology,” said Howard Schmidt, a former cyber security adviser to the White House who is now a professor at Atlanta University.

So, with the Georgian example being a recent display of how coordinated, swift and effective independent Russian cyber warfare can be, it is no wonder that the recent increase in attacks on the Pentagon causes increased concern. The anxiety is enlarged by all the arrows pointing to Russia.

China: red alert

Last spring, the Pentagon issued a report, pinpointing China as its most serious cyber threat. The plentiful single computer intrusions, originating in China, “require many of the skills and capabilities that would also be required for computer network attack,” U.S. defense officials said.

But, as in the case with the cyber attacks in Georgia, the exact authors of the attacks as well as their exact origin, remains a mystery.

“It is unclear if these intrusions were conducted by or with the endorsement of the People's Liberation Army or other elements of the People's Republic of China government,” the report said.

According to the U.S. military, the cyber threat from China is not limited to the Pentagon, or even the governmental system. The attacks are a danger to elements of the U.S. commercial sector, such as banking, which are especially fragile in the light of the growing global financial crisis.

5/5 (1 votes)