Review From User :
As I write this John Bolton and Trump seem to be planning a major war with Iran. They are not paying attention to the incredible damage that can be done by state-sponsored or even independent actors to infrastructure by cyber-attacks. Iran caused millions in damage to Saudi oilfield computers; Russia virtually shut down Estonia for more than a week to punish them for their support of Ukraine; the U.S. and Israel wrecked havoc on Iranian centrifuges with a cleverly designed malicious worm; Iran caused millions in damages to Sheldon Adelson's empire after he made injudicious remarks regarding nuclear war and Iran; the list goes on and on.Â
The web is used to wage war and spy on, coerce, and damage other countries. Israel and the U.S. is want to derail the Iranian nuclear weapons program. India wants to prevent Pakistani terrorists from using smartphones to coordinate attacks. Brazil has plans to lay new fiber cables and develop satellite links so its Internet traffic no longer has to pass through Miami. China does not want to be dependent on the West for its technology needs. These new digital conflicts pose no physical threat-no one has ever died from a cyber-attack-but they serve to both threaten and defend the integrity of complex systems like power grids, financial institutions, and security networks.
What makes these attacks so problematic is that they can be designed to hide the source and can be initiated from virtually anywhere. The U.S. is so dependent on the Internet that even the slightest upheaval in some router farm could make bank deposits unavailable, the electrical grid unreliable, just to mention a few potential problems.Â State-backed hacking initiatives can shut down, sabotage trade strategies, steal intellectual property, sow economic chaos, and paralyze whole countries.
Segal insists that MAD (mutually assured destruction - the bedrock of nuclear war prevention) applies here as well, i.e., that countries would be afraid of massive retaliation were they to engage in widespread harm to another country. Insidious targeted attacks could be more useful and determining where they are coming from is often a laborious and time-consuming process.
Hacking tools themselves can come back to haunt their creators. "Cyber-security firm SymantecÂ discovered that Chinese hacking group,Â APT 3 acquired National Security Agency (NSA) hacking tools used against them in 2016 to target U.S. allies. APT 3 is responsible for various attacks on the United States and has been tracked by the NSA for over a decade. Symantec does not believe the group stole the U.S. code, but rather acquired it from an NSA attack on its computers. APT 3 then used the hacking tools in cyber-attacks involving five countries in Europe and Asia. This is not the first time U.S. agencies' cyber weapons have fallen into the wrong hands." (from Adam Segal's blog, May 10, 2019) Those hacking tools remain viable almost indefinitely and are impossible to eradicate
The issues raised by Segal are mind-boggling. The cyber-attack by the North Koreans for example were supposedly in retaliation for SONY's production of a sophomoric comedy ridiculing the North Korean leader. 200 TB of emails and information was retrieved and then used as blackmail to force SONY to not release the movie. What role should states play in such an attack. For that matter what state did SONY belong too They are a multi-national corporation. What nation should be responsible for its defense
The attack on Estonia by the Russians in 2007 raises additional issues. Russia (or its non-state actors) complained about the removal of a statue in Tallinn. Estonia refused to back down and soon a huge denial of service attack began that virtually shut down the country for about three weeks. Estonia is one of the most wired countries in the world having decided following the fall of the Soviet Union that it would be the most effective and economical way to build infrastructure in the new country. They had a strong cadre of programmers and IT people. Access to the Internet is considered a basic human right there. Western and Estonian analysts were confident the attacks came from a Russian source but were they state coordinated or simply vandals. And since Estonia was a member of NATO, what was NATO's responsibility in helping t defend against an attack on Estonian infrastructure Ultimately, several western countries helped in thwarting and reducing the effects of the attacks and the resulting permanent damage was minimal, but for a while the country was at a virtual standstill. The Estonian response has been to develop a large volunteer (larger than their army) group of IT specialists who help to defend their cyber infrastructure.
In the DDOS attacks on Georgia, the Russians claimed these were independent folks just wanting to express their opinions. So the freedom to launch cyber-attacks has now morphed into freedom of expression.The situation there was different, everyone having learned from Estonia and Georgian traffic was routed through the U.S. with help from Poland and Estonia. Whether that made the U.S. complicit in the conflict or not was problematic.
Hacking of social media has become extremely sophisticated and the U.S. is woefully behind except as used by a certain U.S politician who dominates the Twitter world. The technique is to drown out the opposition. China used massive troll tweets and bots to overwhelm any discussion of opposition to their regime in Tibet. The Russians spread disinformation, anything to provoke and incite assorted groups. The idea is to confuse and promote their POV to the exclusion of others while preventing any kind of rational or reasonable debate on any issue. Doctored photos are spread about the opposition and soon it becomes impossible to separate reality from the simulated.
Ultimately Segal is optimistic, forecasting that if not pacific, the world will at least have come to terms with cyberspace and information will flow freer and be less dangerous. I remain more skeptical.Â
Media Size : 8.6 MB