Lentis/Cyberterrorism and Cyberwarfare

IntroductionEdit

Cyberterrorism and cyberwarfare involve attacks against information stored on computers and networks with the intention of inflicting harm. With ever-increasing advancements being made in technological fields, acts of cyberterrorism and cyberwarfare are only becoming more prevalent in our world today.

HistoryEdit

The Zimmermann TelegramEdit

Zimmermann Telegram

In January of 1917 during World War I, Britain intercepted and deciphered a telegram, now known as the Zimmermann Telegram, from German Foreign Minister Arthur Zimmermann to the German Minister of Mexico. The Zimmermann Telegram proposed a German-Mexican alliance against the United States, where Mexico would regain lost territory in Texas, Arizona, and New Mexico. [1]


Up until this point in World War I, the United States had remained fairly neutral. However, the American citizens were outraged when the telegram was portrayed in the press, causing the United States to declare war on Germany on April 6.


What is now known as cyberwarfare can be traced all the way back to 1917, when Britain intercepted and decoded a message that not only changed the course of World War I, but also changed the course of history.


The CreeperEdit

Creeper, the first known computer virus, was written in 1971 by Rob Thomas in Cambridge, Massachusetts.


Programmers in the 1970's were no different than programmers today in their desire to test their systems and check their code, and that was the intent of Creeper. Once Creeper got into a computer, it produced a message onscreen: "I'm the Creeper. Catch me if you can!“ Later, the anti-virus program, Reaper, was written to catch Creeper. [2]


At the time, Creeper wasn't known as a "virus", since computer viruses hadn't existed before that point.


Modern CyberthreatsEdit

StuxnetEdit

[O]ne of the great technical blockbusters in malware history.

Vanity Fair, April 2011

The Stuxnet virus is a computer worm found in 2009 in critical infrastructure software systems around the world. It is known as the most sophisticated computer malware to date. Its target was Iranian Uranium enrichment facilities, and Stuxnet reportedly did damage to two major nuclear facilities in Iran [3]. The United States and Israel are rumored to be responsible for the attack. There is no direct evidence, but diplomatic cables posted on WikiLeaks and other government correspondence support these claims [4]

Stuxnet attacked what are called Supervisory Control and Data Acquisition (SCADA) systems. SCADA systems are specialized software to control industrial infrastructure, including nuclear power plants, power grids, train switches, and gas pipelines. These systems are often outdated and not written with security in mind. Further, there is no economic incentive to replace them with more secure software. Doing so would require large costs, heavy planning, and little to no added benefit once completed [5].

Other AttacksEdit

Malware by categories on March 16, 2011.

SCADA attacks are not the only type of cyberthreat today. There are numerous examples of attacks from hacker groups and individuals, all with varying motives. Some are to attack a particular company or corporation, some are to prove the weakness of systems, and some are even practical jokes.

Citibank had over 200,000 accounts compromised, with hackers stealing names, credit card numbers, and email addresses, simply by altering numbers in a URL [6]. Sony had over a million passwords stolen for its PlayStation Network accounts, exploiting a simple web vulnerability. Further, the hacker group responsible for the attack, LulzSec, claimed the passwords were stored unencrypted, or in cleartext form, considered an egregious misuse of handling of private information [7]. The same group, LulzSec, also hacked [[w:Public Broadcasting Service|PBS]’s website and posted a fake story indicating the late rapper Tupac Shakur was still alive. The group took offense to a PBS documentary about the leak of U.S. diplomatic cables posted on the WikiLeaks website [8].

Potential Danger in the FutureEdit

There are many cyberthreats, from ones against critical infrastructure to ones against government and corporate websites. SCADA attacks on critical infrastructure have the most potential for disaster in the future. For example, the United States has extensive missile defense capabilities. But a hacker could hijack our nuclear launch system and launch our own missiles against us, or even take control of a power grid and cause blackouts, chaos, and confusion. In 2007, researchers at the Idaho National Laboratory identified a vulnerability in the power grid. A video of the danger was leaked to CNN, and shows a large diesel generator blowing up in smoke, all from a cyberattack [9].

As seen above, many companies and software systems today do not take cybersecurity as a serious matter. Many considered the storing of cleartext passwords by Sony to be a violation of security principles and customer’s trust of their handling of private information. Many SCADA systems do not take security or hacking into account even at all. Siemens’ Simatic WinCC SCADA system used a default password “hard-coded” into the software, meaning it was not mutable by the software users. To add, it was posted online in product forums since 2008. The Stuxnet virus exploited a default password weakness to weaken Iran’s nuclear enrichment capabilities [10].


FacebookEdit

There are over 800 million active users on Facebook, 75% of whom are located outside the United States and 50% of whom log on to Facebook on any given day. [11] Since Facebook is free to join for anyone with an email account, it is a quick and accessible tool for cyber-terrorists. It has become common for governments and terrorist organizations to monitor Facebook for updates that contain valuable information. By piecing together information from multiple service-members' Facebook accounts, foreign entities are sometimes able to determine schedules, locations, and intended actions of military units. In August 2009, the Marine Corps placed a ban on the use of the unclassified portion of the Marine Corps Enterprise Network (MCEN) for social networking purposes. In March 2010, the United States Marine Corps released a memo which canceled the ban. According to the memo, Marines are allowed "limited personal use" of the MCEN but they must "strictly adhere to sound operational security measures." [12]


Facebook provides an electronic interface for much of the world to connect and communicate ideas. This creates an environment where information is virtually endless. File uploads and downloads on Facebook happen nearly constantly. Facebook users upload 250 million photos and install more than 20 million apps every day. The average user has 130 friends. [13] In addition to issues related to the social and psychological effects of Facebook, the endless exchange of information provides numerous opportunities for cyber-attacks and espionage.

WikiLeaksEdit

WikiLeaks is an organization that collects and disperses sensitive or controversial information from anonymous sources around the world. WikiLeaks has released documents revealing corporate, federal, and international secrets in the name of free speech. Spokesperson Julian Assange claims that "free speech is what regulates government and what regulates law." Assange further claims that law and government are derived from the flow of information and that this process is protected under national and international legislation.


WikiLeaks has become a very controversial organization in the last two years. Some social groups believe that WikiLeaks is simply exercising freedom of the press, while others believe they are disrupting national security. On his profile from TED.com, Julian Assange is called "...one of the world's most visible human-rights activists."[14] Julian Assange has stated several times that WikiLeaks will do everything in its power politically, legally, and technologically to protect its sources and that it will attempt to maximize the political impact of its leaked material. This claim has been challenged by many in popular media.


In one of its most controversial leaks, WikiLeaks posted video of a 2007 Apache Helicopter airstrike. The clip, entitled "Collateral Murder," was decrypted from US Army footage and showed a group of non-combatants, including two Reuters photographers, being fired upon by the Apache's 30-mm cannon. According to Assange, between 18 and 26 people were killed in the attack.[15] In an April 2010 interview with Stephen Colbert, Julian Assange was criticized for having edited the video, omitting certain details (including the fact that some of the men killed had been armed), and entitling the video "Collateral Murder." Colbert claimed that these discrepancies should redefine the leak as an editorial, since they "...emotional[ly] manipulate" the public's opinion.[16] Julian Assange countered by claiming that the order to engage was given before the US soldiers properly identified the group.


WikiLeaks has become a well-known entity around the world. The US government has banned its employees from viewing classified documents publicized through WikiLeaks, and it claims WikiLeaks has damaged national security.[17] Still, many groups celebrate and support WikiLeaks. In addition to TED.com, groups such as Anonymous have defended Julian Assange and WikiLeaks.[18]

WikiLeaks has become a major player in the world of cyber-terrorism. It has gained widespread support and equally widespread disdain from people in all social groups. Many view it as a menace, but many find it to be an essential tool for checking the power of corporate and government entities.

Relevant Social GroupsEdit

Several relevant social groups need to be addressed regarding cyberterrorism and cyberwarfare.

GovernmentsEdit

Governments store top secret information in what is thought to be high security places. However, internet attacks are made almost daily. If the wrong person hacks the right information, governments could be in huge trouble. Safety and security is at stake here.

MilitariesEdit

It’s becoming easier and easier for the enemy to find out where military troops are stationed. For example, a simple post on facebook from a soldier to his wife saying “We’ll be in Afghanistan tomorrow, then coming home” can give away huge amounts of information when pieced with other things that the enemy already knows. This puts our military in very dangerous situations.

Private CorporationsEdit

Private Corporations are extremely vulnerable to cyber attacks. For example, this past June, hackers acquired the personal information of about 360,000 of Citi's credit card holders. Citi notified customers of the breach and began issuing new credit cards to the affected customers. Citi said it has implemented “enhanced procedures” to prevent a recurrence of the breach, but didn’t elaborate.[19]

Ordinary CitizensEdit

Recently, lots of cyber attacks have been coming out of China. However, these hackers are not associated with the Chinese government or military. They're basically young, male, patriotic Chinese citizens, demonstrating their power and intelligence. Citizens can also be the victims of cyberwarfare, such as having an email account hacked.[20]

HackersEdit

Hackers range from genius computer programmers to people who are actually employed by the government to obtain and decode highly classified information. Internet hackers are becoming more prevalent as advancements in technology are being made daily.


ConclusionEdit

An appetite for instant gratification plus ever-expanding technology equals opportunity. Opportunity for good, harm, and everything in between. As advances in technology are being made daily, cyberterrorism and cyberwarfare are becoming increasingly more common in our world today. What our future holds in these regards? Only time will tell.


ReferencesEdit

  1. The Zimmerman Telegram: Bringing America Closer to War. http://historymatters.gmu.edu/d/4938
  2. Staedter, T. (2011, March 16). First computer virus, creeper, was no bug. http://news.discovery.com/tech/first-computer-virus-creeper-was-no-bug-110316.html
  3. Zetter, Kim. (July 11, 2011). How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History. Wired. Retrieved From http://www.wired.com/threatlevel/2011/07/how-digital-detectives-deciphered-stuxnet/all/1.
  4. Jamison, Jane. Israel, U.S. Behind Stuxnet Computer Virus Attack on Iran/Will Reactor “Melt-Down?” Right Wing News. Retrieved From http://rightwingnews.com/israel/israel-u-s-behind-stuxnet-computer-virus-attack-on-iran-will-reactor-melt-down/.
  5. Finkle, Jim. UPDATE 3-U.S. probes cyber attack on water system. Reuters. Retrieved From http://www.reuters.com/article/2011/11/19/cybersecurity-attack-idUSN1E7AH1QU20111119.
  6. Wilson, Dean. Citibank was hacked by altering URLs. The Inquirer. Retrieved From http://consumerist.com/2011/06/how-hackers-stole-200000-citi-accounts-by-exploiting-basic-browser-vulnerability.html.
  7. Ragan, Steve. LulzSec: Sony was asking for it – millions of records compromised (Update 2). The Tech Herald. Retrieved From http://www.thetechherald.com/articles/LulzSec-Sony-was-asking-for-it-millions-of-records-compromised-(Update-2).
  8. Kanalley, Craig. PBS Hacked, Claims ‘Tupac Alive’ in New Zealand. The Huffington Post. Retrieved From http://www.huffingtonpost.com/2011/05/30/pbs-hacked-tupac-alive_n_868673.html.
  9. Finkle, Jim. UPDATE 3-U.S. probes cyber attack on water system. Reuters. Retrieved From http://www.reuters.com/article/2011/11/19/cybersecurity-attack-idUSN1E7AH1QU20111119.
  10. Zetter, Kim. SCADA System’s Hard-Coded Password Circulated Online for Years. Wired. Retrieved From http://www.wired.com/threatlevel/2010/07/siemens-scada/.
  11. Facebook Statistics. Retrieved December 4, 2011, from Facebook: http://www.facebook.com/press/info.php?statistics
  12. Responsible and Effective Use of Internet-Based Capabilities. Retrieved December 4, 2011, from Marines.mil: http://www.marines.mil/news/messages/Pages/MARADMIN181-10.aspx
  13. Facebook Statistics. Retrieved December 4, 2011, from Facebook: http://www.facebook.com/press/info.php?statistics
  14. TED Conferences LLC. (2010, July). Julian Assange: Whistleblower. Retrieved December 4, 2011, from TED Ideas Worth Spreading: http://www.ted.com/speakers/julian_assange.html
  15. Assange, J. (2010, July). Why the World Needs WikiLeaks. (C. Anderson, Interviewer). Retrieved from http://www.ted.com/talks/lang/en/julian_assange_why_the_world_needs_wikileaks.html.
  16. Assange, J. (2010, April 12). (S. Colbert, Interviewer). Retrieved from http://www.colbertnation.com/the-colbert-report-videos/270712/april-12-2010/julian-assange.
  17. TPM Media LLC. (2010, December). TPM Document Collection. Retrieved December 4, 2011, from TPM: http://talkingpointsmemo.com/documents/2010/12/ombs-email-to-government-agencies-about-wikileaks-access.php?page=1
  18. "BBC News - Police arrest 'hackers' in US, UK, Netherlands". Bbc.co.uk. 2011-07-19. Retrieved 2011-08-30.
  19. Rudy, M. (2011, June 21). Citi: Over 360,000 credit card accounts hacked, more than initially reported. http://www.cardratings.com/citi-over-360000-credit-card-accounts-hacked-more-than-initially-reported.html
  20. Jasper, W. (2011, April 15). china accelerates cyber attacks, espionage. http://thenewamerican.com/world-mainmenu-26/asia-mainmenu-33/7135--china-accelerates-cyber-attacks-espionage
Last modified on 19 March 2012, at 20:55