There is a posting at Aljazeera about cyberwarfare that reads like a Clive Cussler Techno-thriller novel [try Polar Shift]. There is the intrigue and secrecy associated with hacking and the security defying exploits of hackers that make your taming of Microsoft Word’s formating ribbon look like what it is – tedious child’s play. But cyber-warfare has now moved into a much more serious domain because the US Defense Department is on the brink of publishing a policy paper that would make foreign cyber attacks equivalent to acts of war and subject to conventional weapons counterattack. Clive’s next novel, say Blackhacker War, might have insidious terrorists tripping a conflict between the US and China by creating invisble proxy attacks originating in each country.
This may seem farfetched but consider the evidence of vigorous ongoing and largely commercial cyber attacks:
Lulzsec June 2011 – has repeatedly hacked into the Sony BMG network stealing over 1million passwords and associated files. In addition it has been able in past few weeks to hack into the PBS website, Nintendo and InfraGard, an FBI affiliated security firm.
Heartland Systems, 2009– was hacked and tens of millions of credit card transaction were accessed by outsiders
Hannaford Store , 2008 – another hack attack that gains access to credit card information and transaction. Resolution is in the courts.
CitiGroup, June 2011 – bank accounts hacked with over 200k customers affected.
HealthNet, 2009 – many breaches are simple physical security lapses as in this 1.5 million records heist. There are almost as many physical heists as cyber-hacking schemes. Note the fine by Connecticut state government is a fraction of the $3million value of the financial data stolen alone.
NASDAQ, Feb 2011 – the target appears to be external executive database with 10,000 listings not the trading systems.
City Sights NY, Dec 2010 – 100k credit card data succumbs to SQL Injection attack.
Several Sites, June 2010 – many sites are spreading agent for malaware using SQL Injection attack
But what is more disturbing is the extent of attacks that can be called country to country cyber-warfare:
Stuxnet, July 2010 – the cyber-attack credited to Israel/US against the control system for centrifuges used by Iran in purifying uranium for its “peaceful purposes”.
Comodo infiltration, March 2010 – Iranian hacker/Revolutionary Guard breached Italian SSL security certificate site. This is a serious breach because the the security certificates created which can be used to create sophisticated phishing attacks. Worse, other Comodo sites have proved vulnerable to continuing attacks.
Lockheed/Martin, May 2011 – continued attacks against Lockheed may have tripped the US Defense Department policy announcment. The incursion is serious because of the methods used- using stolen RSA SecurIds
Google, May 2011- following January 2010 hacks this is a serious recurrence
Several China attacks, 2005-2010 – Increasingly sophisticated attacks against government,defense and other agencies worldwide
The Dilemma, April 2011 – joint ventures with US security and communication firms are silent entry points
The Dilemma II, June 2011 – warnings seem to have little impact on Chinese activity
In short, as warfare goes to drones and sophisticated electronic driven measures, the use of cyberspace and the dismantling of opponents cyber and electronic control systems becomes ever more sweet as targets. Why not just penetrate the various electronic and computer systems,quietly siphon data and have the worms available to disable an enemies command and control resources. The Art of War says plan surprise attacks. Either ye Editor is reading too much Clive Cussler, or the Chinese have hit on a cheap way to balance out the US Military power.