We’re Officially in the Age of CyberWarfare

We’re Officially in the Age of MalWar.

In the first week of June, NY Times Reporter David E. Sanger published an article titled “How a Secret Cyberwar Program Worked.” This article was actually a sneak preview into David’s new book that has now been released titled: “Confront and Conceal” This claim was far from unbelievable as many CyberSecurity professionals, (myself included) had already guessed that the United States and/or Israel had to be behind the “Stuxnet”, and also the newfound “Flame” viruses.

What was unbelievable was that this was published at all, especially by a United States citizen. This borders on the line of treason and if it was 20 years ago, anyone reporting this to the world would have been called a traitor and brought up on federal charges. For at the past few years, we have been living in a new age, the age of “CyberWarfare”.

Through Mr. Sanger, The New York Times revealed — a report citing anonymous “sources” involved in the program — that two White House administrations and Israel collaborated to create the Stuxnet worm and deployed it to attack an Iranian nuclear facility. According to the Times, the operation dubbed “Olympic Games” began during the George W. Bush administration, when frustration over Iran’s developing nuclear program was at a fever pitch in 2006. The CIA had tried more traditional means of sabotaging Iran’s nuclear facility, attempting to get faulty and even booby-trapped parts set to explode into the facility, but with little success.

In the last few years of the Bush presidency, a bit of code called a beacon was developed and smuggled into the Iranian facility. Its job was to gather information on the SCADA computer systems, essentially creating an electronic map that would then be sent back to the National Security Agency. The beacon did its job and its findings, coupled with some follow-up research and experimentation in a joint effort between Washington and Israel, yielded the development of Stuxnet. The idea behind the worm was to infiltrate the systems that control centrifuges, which spin at high speeds to separate uranium molecules. The virus would vary the speeds of the spinning machines rapidly, speeding them up and slowing them down in quick succession until the delicate parts gave way under the stress.

Iran’s centrifuges first began spinning out of control for no apparent reason in 2008, but no damage was done. Bush left office and pressed the new President Obama to preserve “Olympic Games.” The 44th President took his predecessor’s advice and continued the operation. Stuxnet was designed to interact with the Siemens SCADA computer equipment that Iran was known to use in their “secret” uranium enrichment plants. (“SCADA” stands for Supervisory Control and Data Acquisition.)

In 2010, the worm escaped the confines of the Iranian plant, apparently on an engineer’s personal laptop. It soon began to propagate itself on the Internet, and when discovered by security researchers, it made worldwide headlines. Even with the cat out of the bag, Obama pressed on and shortly thereafter the worm took down nearly 1,000 centrifuges. Several years after President Bush had marked Iran in his infamous “Axis of Evil” State of the Union speech, the United States and Israel had launched a successful attack to do real (if only temporary) damage to the country’s infrastructure. The weapon started on a USB thumb drive and the ammunition was a chunk of code – the initial tools of CyberWarfare.

The main problem with Iran knowing who is behind the attack is of course the threat of retaliation. The threat of Cyber Retaliation is going to be a major problem because it doesn’t cost as much to write some malicious code as it does to strengthen a military. Iran has just created its own Computer Emergency Response Team, and it will not be long before it begins training and enlisting malicious coders to help it mount a retaliation.

CyberWarfare doesn’t just break down the importance of geographic boundaries, it also strips away the prominence of political boundaries and nation-states themselves. Just as terror networks driven by ideology rather than nationalism changed how we think about national and global security, CyberWarfare further decentralizes those threats. Fifteen years ago, the simplest way to launch a strike on Iran’s infrastructure (to say nothing of planning for Iran’s likely retaliation) might have involved a supersonic bomber taking off from a base in Missouri, dropping a payload and heading back home. The resources to pull off that single bomb run have required many years, several big defense contracts and several billions in taxpayer dollars to create. That means that the barrier to entry for engaging in global warfare was pretty much restricted to nations. Now, in the age of MalWar, that bar has been lowered dramatically.

While worms like Stuxnet and the recently discovered Flame are believed to be so complex that they could only have been created with the backing of a large government, that won’t be true forever, and it may not even be true any longer as I write this, if it ever was.

In fact, as Data Center Pro and MIT’s Technology Review point out, hackers have already begun to learn from Stuxnet, and some of the worm’s code even showed up in TDL-4, the so-called “indestructible” zombie botnet. This means the confusing array of hacks, DDOSes and defacements perpetrated by Anonymous, AntiSec and other groups (if you can even call them that) with a dizzying variety of names, structures, associations and motives could be just the beginning.

Many of the world’s Industrial Control Systems like those Stuxnet infiltrated are woefully short on anti-virus and basic security protection, and the foundation for launching CyberWarfare on them is now loose in the wild. It may not be long until a now unknown group conducts an attack on a power plant to make a political statement, or takes down a sewage treatment plant.

(This article was based on a GroovyPost.) article by Eric mack