It’s a sign of the growing importance of cyber warfare, Lisa Monaco, President Obama’s homeland security and terrorism adviser, recently announced the creation of a new intelligence unit to “coordinate analysis of cyberthreats.” Called the Cyber Threat Intelligence Integration Center (CTIIC), the new agency rapidly pools and disseminates data on cyber breaches. The idea is to coordinate and analyze information about disparate cyber attacks from a single agency working with other defense and intelligence agencies. The CTIIC is modeled on similar government efforts to fight terrorism.
The announcement follows a highly visible cyber attack at Sony, which Monaco called “a game changer.” But Sony is not the only company to have been affected cyber attacks. The list of companies that have been targeted by cyber attacks includes Anthem, insurer to government agencies, and private entities such as eBay, Facebook, and Google. Last year, U.S. officials said that acts of cyber espionage were directed at the U.S. Transportation command, an agency responsible for moving U.S. troops and military equipment around the world. According to the officials, there were 50 attempted hacks of the agency between 2012 and 2013. The eclectic nature of the targets is testimony to the fact that successful corporations and government agencies are equal fodder for hackers.
The new agency’s creation is proof that cyber warfare is the new nuclear weapon. The 9/11 attackers targeted the World Trade Center towers because they were symbols of American economic might and capitalism. But the towers were physical structures. The ceaseless shift of offline entities into online services has made it possible for hackers to cripple entire economies and businesses. And the U.S. is late to the game when it comes to defense.
According to a Reuters report, China was responsible for stealing terabytes of sensitive data, from usernames and passwords, from the State Department in 2011. The report cited secret U.S. department cables obtained by Wikileaks that outline Byzantine Hades — a series of cyber attacks by China’s People Liberation Army. Registered in Chengdu, the sites used a postal code specific to the PLA Chengdu Province, First Technical Reconnoissance Bureau, an electronic espionage unit of the Chinese military. Reconnaissance bureaus are part of the PLA’s Third Department, which oversees China’s electronic eavesdropping, according to an October 2009 report by the U.S.-China Economic and Security Commission. According to the commission, at least six technical reconnaissance bureaus, including the Chengdu Unit are focused on the activity.
Another report, this time by the U.S. Defense establishment, outlines the uses of cyber capabilities for PRC military operations in three key areas. First, they allow data collection through exfiltration. Second, they can be employed to constrain adversary actions to slow response time by targeting network-based logistics, communications, and commercial activities. Third, they serve as a force multiplier when coupled with kinetic attacks during times of crisis or conflict. The report further quotes two Chinese military doctrinal writings — Science of Strategy and Science of Campaigns — which espouse information warfare. Both journals are thin on specifics for achieving information superiority but outline a potential line of attack and synergies between military and cyberware preparations.
To understand cyber warfare, it is necessary to change the context of a physical battlefield to a virtual one. In a physical battlefield, military formations are clearly visible. Using the markers in a physical battlefield, commanders can map out a strategy to defeat enemy on the ground and blocking their exit routes. In an online war, however, communication and economic routes are attacked. This is because technology has become an increasingly important conduit to transmit messages and value in society. Size and economic might are irrelevant in cyber warfare. In some ways, you could say that cyber warfare is the great equalizer.
Here are three military warfare terms explained in terms of their cyber warfare equivalents.
The DDoS Blitzkrieg
Blitzkrieg is a German concept that emerged during the Second World War, when German troops would deploy significant force and artillery to launch coordinated lightning attacks on unsuspecting enemies. The intent of the attack was to defeat enemies by paralyzing them and disrupting normal functioning. The Distributed Denial of Service or DDoS attacks follow a similar strategy. Launched from multiple computer systems at the same time, DDoS paralyzes a website through multiple service requests.
The site ends up caught in a bind because it cannot handle the multiple requests at the same time and ends up becoming extremely slow in its operations or crashing. Different forms and kinds of DDoS attacks have varying degrees of effects on a website’s operations. Internet open source advocate Richard Stallman referred to DdOS as “Internet’s Street Protests” and well-known hacktivist group Anonymous started a petition on the White House website for classifying DDoS as a form of “Occupy Protest” on the Internet.
Russia launched a wave of DDoS attacks against Estonian websites in 2007 at the height of a tense dispute between the two countries over the relocation of a Soviet Second World War memorial. The attacks crippled the websites of government organizations, major newspapers, and financial institutions in Georgia. Russia again launched a similar blitzkrieg of attacks against government websites during its disagreements with Georgia in the same year. This time, the attacks also served as a form of psychological warfare as hackers left messages supporting Russia on the hacked websites. Closer home, a terrorist organization called Al Qassam claimed responsibility for attacks on major financial institutions, such as JP Morgan Chase and Wells Fargo, back in 2012. The U.S. government said that Iran had attacked U.S. institutions in retaliation to being disconnected from the international SWIFT transactions system.
The coercion of social media
Disruption and manipulation of communication channels is not a new strategy. During World War II, the Nazis used radio to inflate their troops’ morale and deflate that of enemy soldiers. In more recent times, social media serves a similar strategy. The barbaric ISIS regime is a perfect example of social media use to coerce specific behavior patterns from supporters and enemies.
Although it uses medieval force to impose its will, ISIS has a relatively sophisticated social media strategy which it uses to engage with supporters and spread terror amongst its enemies. The group is active on social media channels and blogs and uses them to disseminate information about its ideology and state. For example, blogs maintained by Western females who have traveled to Syria to become wives of Jihadis describe life within its borders. The slick videos produced by the state and disseminated through online media serve two purposes: They attract potential recruits to the state and strike terror against enemies.
In the now famous video where it burned a Jordanian air pilot alive, ISIS wanted to scare Arab states in the United States’-led coalition from participating in it. Of course, it had the opposite effect. But, still, recruiting for the group, which occurs mainly through social media channels, has stepped up in recent times.
Several other states have realized the power of social media channels in cyber warfare. Assad cut off Internet access to several areas at the height of the Syrian civil war. Turkish president Recep Erdogan blocked Twitter access to quell the Gezi Park protests and avoid a repeat of the Arab Spring.
The deception of spear phishing
Spear phish emails are fraudulent emails that deceive the recipient into disclosing confidential data. According to a 2011 Reuters report, spear phishing is a common tactic used by Chinese hackers to compromise accounts of employees of major U.S. government organizations. Two former national security officials told Reuters that the Chinese actively engage in “target development” for spear phish attacks by combing the Internet for details. For example, they use signatures found commonly in military establishments — VIR (Virtual Regards) or Very Respectfully to lure unsuspecting employees into responding to their emails or clicking on specific links.