What do you need to disrupt nuclear facilities of your enemy? A thumb drive.Well, that and a virulent cyber weapon such as Stuxnet that works so effectively that it takes out nothing but its target in a way that is more subtle than explosive.Stuxnet, a seek-and-disrupt cyber missile enshrouded in mystery and first publicly identified in 2010, has been attributed to U.S. efforts to interfere with and slow Iran's nuclear endeavors, according to the New York Times. "You're seeing an evolution of warfare that's really intriguing," said Phil Lieberman, a security consultant and chief executive of Lieberman Software in Los Angeles. "Warfare where no one is dying."
Cyber warfare, while the subject of thrilling movies and espionage novels, isn't quite revolutionary.
"The ability to inhibit [an enemy's] infrastructure has been part of warfare since the dawn of electronic communication," Lieberman said.Cyber missiles are evolving and becoming more sophisticated, targeted and devastatingly effective. And, when done properly and under the radar, you get "outcome without attribution," he said. "That's the beauty of it."
What we're talking about is not your typical click-and-disturb computer virus that most of us update to guard against.It is sophisticated malware that can camouflage itself with the "signature" of innocuous files already in the computer, adjust tactics and adapt their DNA, said Leonid Shtilman, chief executive of Viewfinity in Waltham, Mass."They are exploiting very tricky parts of operational systems.... This is not for amateurs," he said, including that code of this nature would probably take about a year and 15 to 20 people to develop it. "Those cyber attacks are planned by security forces."High-tech weapons, yes, but with low-tech distribution methods. In the case of Stuxnet, the virus entered the system on a thumb drive, according to the New York Times.
Lieberman said there are two distinct categories of target machines: Internet connected and disconnected. With those not connected to the Internet, the attackers have to "parachute in," so to speak. "You leave USB keys on the ground in discrete areas, say a parking lot or coffee shop," where the desired target is likely to pick it up and eventually plug it into the desired entry point to release the code. To make the USB drive more attractive, or "honey pot" it, it might include intriguing content on it or have a distinctive design, Lieberman said.
In addition to outright cyber warfare with guided code missiles such as Stuxnet and now Flame, there's probably a lot of "capture the flag" going on, said Charles Kolodgy, research vice president for security products at IDC in Framingham, Mass. In other words, entities are simply getting into systems, creating administrative profiles and then going dormant.Another area that's likely to be building in activity is "digital privateering," he said.
Kolodgy, who worked in information assurance and signal intelligence during his 16 years with theNational Security Agency, talked about these hackers for hire possibly being given wish lists of targets by governments and corporations. It's what he called the intersection between cyber warfare and cyber crime."Everyone blames nation-states for going in and stealing a technology or intellectual property," he said. "I think it's more this privateer-type thing."
So are there large-scale cyber attacks going on under our noses? Not likely."If the [New York Times] story's accurate, it was intended as a limited operation," Kolodgy said. "This form of cyber warfare is going to be rather scarce. It was a very specific operation."More of what's probably going on, Kolodgy said, is good old intelligence gathering. "We're more dealing in cyber intelligence gathering ... in the shadows like all other intelligence gathering."While all of this is intriguing, what you and I and the rest of the computer-dependent world really need to worry about are low-level criminals, though."The real damage is being done to people individually through cybercrime," Kolodgy said. "So keep your guard up."