The Technological Revolution of the past two decades has brought about dramatic changes. We now live our lives online, with our work mostly conducted behind computer screens. Manual labor has been replaced with complex computer systems that can automatically control large pieces of infrastructure. While it has improved our lives in many ways, it has also left us vulnerable to a new danger.
Cyberattacks have become commonplace, with DDoS attacks and data leaks now imprinted into the popular consciousness. In May 2017, the WannaCry ransomware exploded across the globe. The attack hit the U.K.’s National Health Service particularly hard, forcing the closure of some emergency rooms. Just over a month later, NotPetya sprang out of nowhere to attack large institutions and national infrastructures around the world.
To Petya or to NotPetya
Attribution is tricky business. Security researchers pour through the malware’s code for any traces of identification, and publish their best guesses at who was behind an attack. WannaCry was widely viewed as a means of extortion for personal gain by the attacker — even if it is was poorly developed. When NotPetya first struck, it appeared as if it was more of the same.
— Motherboard (@motherboard) June 30, 2017
There were signs though that something else was going on. Researchers found that NotPetya’s code indicated that even if you paid the ransom, your files may never have been hidden behind the attacker’s encryption. Instead, you make the payment and NotPetya could completely erase your data. The wide-ranging list of victims coupled with the potential to completely erase data suggested that might not have been a tool for extortion.
Instead, NotPetya may have been an act of cyberwarfare.
What Is Cyberwarfare?
Dictionary.com defines war as “a conflict carried on by force of arms, as between nations or between parties within a nation; warfare, as by land, sea, or air.” War has always had quite a clear definition. If military forces started to physically attack then there was little doubt that you were at war. The economic impact of war can be severe as was evidenced in Germany at the end of the First World War.
That’s without including the human cost of war as physical attacks will inevitably lead to many people losing their lives.
Cyberwarfare relies not on physical attacks but on digital ones instead. The Oxford English Dictionary defines cyberwar as the “use of computer technology to disrupt the activities of a state or organization.” It is for this reason that many experts dispute that cyberwarfare actually constitutes war. Instead, they believe that cyberwarfare is better viewed as a sophisticated version of sabotage or espionage.
However, as our connection to always-on digital technology continues to deepen, the effects of acts of cyberwar can be disastrous, and even deadly.
Acts of Cyberwar
We may never be sure whether the outbreak of NotPetya was an act of cyberwar or not. However, it wouldn’t be the first time that cyberwarfare has been caught in plain sight. Governments, businesses, and hacktivists around the world have started using the relatively cheap weapons of cyberwar to advance their own agendas.
The comparative ease of deploying these attacks is what has made them such a regular occurrence. From ransomware-as-a-service to low-cost DDoS attacks, the weapons of cyberwar are easy to come by. They can be purchased in relative anonymity and deployed from the other side of the world almost instantaneously. The outcomes of such attacks can often be categorized as either propaganda, espionage, or sabotage.
Not all wars cross national borders. It is entirely possible for a war to break out between citizens of a single country. The same can be said of cyberwar. A recent episode of the podcast Reply All looked at how Russia’s President Vladimir Putin used the blogging platform LiveJournal to spread propaganda and silence dissenters.
LiveJournal’s servers were originally based in the United States, so a Russian businessman purchased the platform, bringing the data under Russia’s control. As of April 2017, any blog on the platform with more than 3,000 daily visitors is classed as a media outlet. As a media outlet it can not be published anonymously, preventing any dissenters from gaining a large following.
It isn’t only national governments that use the internet for propaganda. The extremist group ISIS is well known to use the internet to radicalize and recruit. They even exploited the sensationalist online media by publishing horrifying videos that could be easily shared — acting as recruitment material, and furthering their goal of terrorizing innocent people.
The hacking collective Anonymous used cyberattacks to directly undermine ISIS’s online presence. Their actions eventually pushed ISIS largely out of mainstream digital space and onto the dark web. This mirrored the on-the-ground attacks that aimed to isolate ISIS in specific geographic spaces to limit their influence.
Since the Edward Snowden leaks, it has become increasingly clear that governments around the world are using digital technologies to spy on their own citizens. By weaponizing the data we create every day online, these governments may also be committing acts of cyberwarfare. While a large amount of the uproar around the Snowden leaks was due to the NSA eavesdropping on its own citizens, they also used mass surveillance to spy on countries around the world.
Germany’s Chancellor Angela Merkel was even found to have been included in their wide-reaching net. She later went on to compare the NSA to the repressive East German secret police force, the Stasi.
NATO explores the rules of cyber spying https://t.co/lT6dj9WzOb
— Sky News (@SkyNews) June 13, 2017
Just as there isn’t a clear definition of cyberwar, whether cyber espionage constitutes an act of cyberwar is still up for debate. Traditional espionage occurs all around the world, by many counties, regardless of their at-war status. However, many economies have come to rely on digital technology and the internet. Corporate espionage and attacks to undermine a country’s businesses and economy could be viewed as acts of cyberwar.
Many of the types of attack that could most affect you are likely to fall under this category. Data leaks, the loss of sensitive information, and the takedown of critical websites are all acts which directly breach your own security, along with long term damage to businesses and the economy.
Nowhere has the potential effect of cyberwarfare been more strongly felt than in the 2016 U.S. Presidential Elections. Donald Trump’s victory in the race was a surprise to many, and came after multiple damaging data leaks from the Democratic National Committee (DNC). The whistleblowing site WikiLeaks published over 20,000 emails from the DNC which pointed to bias and corruption.
The leak was widely believed to have been as a result of Russian state-sponsored hacking. Unsubstantiated links to the Russian government have subsequently dogged the incumbent President. The difficulty in attributing the origin of the attack is one of the main reasons this is still an ongoing issue.
The last decade has seen more critical infrastructure come online with automation taking control of previously labor-intensive manual processes. However, connecting critical infrastructure to the internet can be risky business. One of the most infamous worms to have been found in the wild was Stuxnet — a technologically advanced worm that used stealth tactics and malware to infect computers that controlled Iran’s nuclear machinery. The outcome was that the infected controllers would allow the nuclear centrifuges to spin too fast and tear themselves apart.
Its complexity indicated that it was developed by a nation-state at great cost. Due to its political commitment to disable Iran’s nuclear ambitions, the worm is generally believed to have been developed by the U.S. in partnership with Israel.
What Can You Do?
In times of war, one of the most direct ways of getting involved is to join the military. Modern cyberwars present a different challenge. Often the enemy isn’t known, and their location could be well hidden. They may be a loose collective like Anonymous, or a nation state. Direct action against an unknown and invisible enemy may be almost impossible. However, there are ways that we can minimize the impact of cyberwar.
Campaign for Cybersecurity as a Priority
The main aims of acts of cyberwar are either to steal information or sabotage economies and infrastructures. While there are clear benefits to bringing critical infrastructure online, the rapid pace has led to a lack of focus on security. It’s clear to see just in the sheer volume of data leaks, hacks, and ransomware attacks that are reported on a regular basis. And those are just the ones that we know about.
The regulations around war are clear and largely unambiguous. Government spending on defense often eclipses all other budgetary considerations. The same cannot be said of cyberwar and defense. Businesses are often not regulated on their digital security and as a result don’t treat it as a priority. The fact that government agencies go out of their way to develop dangerous cyber weapons and then allow them to get stolen also doesn’t help. Letting your Representative know that digital security is important not just for you as an individual, but for the interests of National Security is sure to pique their interest.
Even if you don’t believe you can make a difference, remember it wouldn’t be the first time that online activism came out on top.
Fortunately you aren’t powerless against these attacks. By taking precautions to protect yourself in the event of a data breach or digital attack, you minimize your risk.
- Keep your computer and smartphone up to date.
- Manage your passwords securely using a password manager.
- Turn on Two-Factor Authentication.
- Keep protected with antivirus software.
- Beware of online scams and threats.
- Back up your files regularly.
- Sign up for data leak notifications.
Are You Prepared for Cyberwar?
While the internet has democratized knowledge, it has also created a new digital battleground. Low barriers to entry mean that these new weapons are available to anyone — not just nation states and wealthy organizations. Misdirection, propaganda, and even fake news are rife across the internet.
Many of the easy-to-exploit vulnerabilities that have led to large numbers of cyberattacks could easily be remedied with investment. Critical infrastructure like health care, transport, energy, and security are too important to allow to run out of date operating systems, not securely backup their data, or have emergency plans in place. While that may be out of your control, you can secure your digital existence to minimize the impact of cyberwar on you and your family.
Are you worried about the fallout from a cyberwar? Or do you think the concern is overblown? What do you think we should be doing differently? Let us know in the comments below!
Image Credits: Olivier Le Queinec/Shutterstock