Tag Archives: Cyber War

Pentagon points cyber espionage finger at China

The Pentagon have released a new report on cyber espionage that points an accusing finger at China.

“China is using its computer network exploitation (CNE) capability to support intelligence collection against the US diplomatic, economic, and defense industrial base sectors that support US national defense programs,” the report says.

“In 2012, numerous computer systems around the world, including those owned by the US government, continued to be targeted for intrusions, some of which appear to be attributable directly to the Chinese government and military,” the report continued.

Although it’s hard to know with any certainty, part of the reason for China’s more and more brazen hacking activities might be that there aren’t any international rules that determine how the US, or other countries for that matter, can react to a cyber attack.

North Korea orchestrated massive cyber attack on South Korea – and Japanese city mistweets missile strike

Tensions in South East Asia are high at the moment, due to North Korean posturing, and recent events show that the internet is very much becoming part of the simmering conflict between the dictatorship and the surrounding nations.

One incident that shows this is the revelation that North Korea was behind a powerful cyber attack last month that targeted broadcasters and banks in South Korea.

According to the South Korean Korea Internet and Security Agency (KISA) the attack came from the North Korean military intelligence agency.

“It was a premeditated, well-planned cyber attack by North Korea”, a KISA spokesman said.

KISA said that the attack had been prepared for at least eight months and identified the origin of the attack as six computers in North Korea.

The North Korean attack used malware, which infected computers and wiped the contents of their hard drives.

According to KISA, 48,700 machines, including PCs, automatic teller machines at banks and servers were affected by the malware.

Some people might think that it’s a good thing that South Korea isn’t a member of NATO. The organisation recently saw the release of the Tallinn Manual on how nations can/should react to cyber attacks. And it’s more than likely, that the recent North Korean malware attack would be ample reason for South Korea to launch missiles at the location of the six North Korean computers.

A bit further to the East, officials in the Japanese city Yokohama must be holding their heads in shame these days.

In what might go down in the history books as one of the biggest mistweets of the seven-year history of Twitter, the official Twitter account of Yokohama erroneously reported that North Korea had launched a missile attack on Japan. The tweet stayed up for 20 minutes, giving Yokohama’s 42,000 followers plenty of time to get heart attacks, frantically sign wills and do whatever people do, when they think their world is about to end.

Yokohama later released an apology for the tweet on its website, saying that it had prepared the tweet just in case.

If you’re Doug Olenick, you’re probably surprised that the world is still standing.

Can your country kill a hacker in a cyber war?

The frontline of a coming war? Cyber warfare raises a number of questions about  who can be defines as the enemy.
The front-line of a coming war? Cyber warfare raises a number of questions about how you define the enemy.

Wars moving from blowing stuff up to a fight for information, using the internet instead of missiles, has created a marked shift of who is on the front-line in the 21st century. It has also meant that the rules of engagement from previous centuries no longer apply. It created new questions like: can a nation kill an enemy hacker? If your country is a member of NATO, then the answer seems to be…maybe…

Recently, a group of hackers found itself in the midst of a media storm. The group in question is called PLA Unit 61398 and it was identified as being behind cyber attacks on hundreds of companies around the world The revelation came in a recent report by the American information-security company Mandiant .

In their report on PLA Unit 61398, Mandiant stipulated that the Chinese government must to some extent have known what the hackers were up to.

“The details we have analysed during hundreds of investigations convince us that the groups conducting these activities are based primarily in China and that the Chinese government is aware of them,” Mandiant said in the report.

“Either they are coming from inside Unit 61398, or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighbourhood,” Kevin Mandia, founder and chief executive of Mandiant, told The New York Times.

In other words: the hackers were – at least to some extent – working with the blessing of the Chinese Government. The reason could be that PLA Unit 61398’s attacks seemed to have a specific focus: information that could benefit both Chinese companies and the Chinese government.

Of course, China has denied any sort of involvement, saying it itself had been the victim of malicious cyber attacks.

And it might have been. and the attacks might even have come from somewhere deep in the US military system, which has previously been involved in cyber warfare.

As reported by Ars Technica, the US Military were, for instance, partly responsible for developing the Stuxnet virus, which targeted Iranian nuclear facilities.

Until now, the world has (luckily) yet to see a full-out cyber-war between nations, but the possibility has left military commanders throughout the world scratching their heads.

The reason is that a cyber-war is not actually fought in a physical world. It’s a new way of fighting that has given the commanders even more grey hair than the war on terror.

In conventional warfare, someone does something physical to something that’s part of your war machine; say blow up your tank, for example. This is great, because it’s definitely an act of aggression, meaning that you can, in turn, blow up something belonging to them.

You might be tempted to let this ‘something’ be your enemy’s entire country. Luckily, there is a Geneva Convention, which gives you a rough outline of how much you can blow up. It’s the idea of a proportionate response. But the convention was created at a time when enemies usually had countries.

Which is why I personally think the war on terror has given the Americans the problems/oppotunities it has. If your enemy turns out not to have a country, hell, he might not even have a tank, then what are you going to blow up? And if he hasn’t got a country, then how do you treat him?

One possibility is to do what the US did, which was basically to call in their lawyers, create a legal country called ‘Terroristland’, based on a really skewed interpretation of the Geneva convention, give anyone fighting in Iraq and Afghanistan a passport to Terroristland and then sail it straight into the Bermuda Triangle of human rights.

But at least the people in Terroristland had the common decency to blow your stuff up.

That’s not the case when it comes to the front-line soldiers of the 21st centuries potential cyber-wars, the hackers, who are more likely to be looking for information about your stuff that blows stuff up.

So how do you deal with hackers? What sort of rights do they have? Well, the Geneva conventions doesn’t really apply – hell, the convention is from a time long before Alan Turing was being prosecuted by the British Government for being homosexual (included as an example of how all governments – not just the US – have always had a knack for disregarding human rights)

The answer to this question is still in the wind, but some agencies and organisations have tried to come up with something approaching one.

NATO is one of these. As if often the case for NATO, the solution is to make a special division that deals with this sort of thing and then let them get on with writing a really long, ambiguous report. The division in question here is the Cooperative Cyber Defence Centre of Excellence (for reasons that must surely be an in joke, the acronym for this is NATO CCD COE).

The NATO CCD COE commissioned a group of experts to look at cyber-warfare, which they did in the The Tallinn Manual on the International Law Applicable to Cyber Warfare (TMILACW).

In the TMILACW, the experts offer the following answer to whether or not hackers can be seen as enemy combatants:

“A cyber operation by a State directed against cyber infrastructure located in another State may violate the latter’s sovereignty. It certainly does so if it causes damage.”

So if a cyber attack carried out by agents of country a brings down a plane belonging to country b, everything is clear – it’s definitely a military attack.

So does this merit a military response?

The TMILACW says yes, as long as the response tries to balance “[…] the level of harm inflicted and certain qualitative elements of a particular cyber operation.”

But how about attacks like those carried out by the Chinese hackers, who were after information, not bringing down planes or causing traffic lights to change colour, causing crashes?

“Acts of cyber intelligence gathering and cyber theft,” or “cyber operations that involve brief or periodic interruption of non-essential cyber services,” do not fall into this “armed attack” category.

It’s worth to note that TMILACW is in no way binding, so it’s up to the various members of NATO to decide if they’ll use its recommendation as words of gospel, or if they’ll make their own rules.

But for now, at least, it’s not likely that your country is going to be sending missiles after anyone with a laptop. Which is probably a good thing – especially when you consider how much software you find in an average missile these days.