The ‘real’ war game in the cyber space

by Sohini Bagchi    Feb 14, 2013

cyber war

How would you deal with somebody who is developing a new plague and also its vaccine under the same roof? The situation is just as tricky in the cyber warfare space. In a recent post on MIT Technology Review titled: “Welcome to the Malware-Industrial Complex”, the author, Tom Simonite brings up the sharp paradox existing in the cyber space. On the one hand, some of the State governments and organizations are preaching about cyber security, while on the other, they are developing new computer weapons and driving a black market in what is fashionably known as “zero-day” bugs. The author says the result could be “a more dangerous Web for everyone.”

Invading the cyber space
Today not many governments indulge in a conventional attack. They prefer to launch a series of virtual attacks through the cyber space as part of their ‘peace making’ agenda, which can not only be conducted in a silent way, but is also economically viable. And the consequences are equally or even more disastrous – both politically and economically.

The worst case scenario, as Simonite points out in his article is “governments, contractors, and researchers are developing cyber-weapons that could put businesses and ordinary Internet users at risk”. As in the recent case of China and the U.S, where both the nations blamed each other that business and media houses in their respective nations have been attacked by the opponent hackers.

In 2010, a new era of ‘zero day’ warfare began, when security researchers discovered a malware, known as Stuxnet. Though it was never acknowledged publicly, most believe it’s a project of the U.S. and Israeli intelligence that was carefully designed to infect multiple systems needed to access and control industrial equipment used in Iran’s nuclear program.

Zero day trade
Today, almost daily, reports surface that new zero-day exploits are being bought and sold in the underground marketplace, with price tags that typically range from $50,000 to $200,000. A McAfee report observes that the zero day exploits is a huge business across the world, or rather the next frontier of organized crime quickly creeping up on the illicit drug trade as one of the most lucrative criminal enterprises in the world and this is no exaggeration.

Simonite mentions in his article that these “zero day exploits are the most visible part of a new industry that in the years to come is likely to swallow growing portions of the U.S. national defense budget, reshape international relations, making the Web less safe for everyone.”

Zero-day exploits to an extent are valuable because they can be used to sneak software onto a computer system without detection by conventional computer security measures, such as antivirus packages or firewalls. Criminals might do that to intercept credit card numbers. An intelligence agency or military force might steal diplomatic communications or even shut down a power plant, says the article.

“Hackers often have distinctive styles in the way they attack. They might use certain protocol, IP addresses, malicious software file names or try to exfiltrate information from specific ports on computer switches,” mentions Eugene Kaspersky, CEO of Kaspersky Labs. He informs that today thousands of people including governments, businesses, agencies and individuals are involved in the zero day exploit trade and it is increasingly becoming a profitable business, where they sneak spy software onto suspects’ computers or mobile phones.

Even worse, there are no law directly regulating the sale of zero-days in US or elsewhere, so some traders pursue it quite openly. Several companies are similarly up-front about their involvement in the trade, as Simonite notes that the French security company VUPEN states on its website that it “provides government-grade exploits specifically designed for the Intelligence community and national security agencies to help them achieve their offensive cyber security and lawful intercept missions.”

At the same time, the absence of a globally recognized definition for cyber weapons makes the situation even more challenging to distinguish a cyber weapon and its objectives. Of course no government agency has gone on the record as saying that it is involved in zero days trade. But U.S. defense agencies and companies have begun to publicly acknowledge that “they intend to launch as well as defend against cyberattacks, a stance that will require new ways to penetrate enemy computers” according to Simonite.

A global threat
The U.S. is not the only nation that is investing in cyber warfare capabilities. China, Russia, North Korea and Iran are also involved with similar activities stating that they are “improving their presence in cyberspace”.

In his article, Simonite quotes US-based cyber security expert Sujeet Shenoi who believes that every country makes weapons. unfortunately, cyberspace is like that too. His program trains students for government jobs defending against attacks. However, developing powerful malware introduces the dangerous temptation to use it, says Shenoi, who fears the consequences of active strikes against infrastructure. “I think maybe the civilian courts ought to get together and bar these kinds of attacks,” he says.

Official sources state that at least 140 countries are developing cyber weapons, and the number of cyber warfare operations has dramatically increased. “Every war is fought with proper weapons and in cyber warfare we are assuming relevant importance of the use of cyber weapons, tools and software used to offend enemies in cyberspace. But despite the high inflationary usage of the term “cyber weapon”, today there is no formal and legal definition for it, believe experts.

Globally the cost of cyber attacks to businesses is about $380 billion a year, according to a McAfee report. The potential theft of intelligence, economic and military secrets is ironically forcing governments and organizations worldwide to make cyber security a top priority and a long term option.

All is not lost
At the same time, all is not lost. Security vendors are constantly coming up with advanced security solutions and programs and Chief Security Officers of enterprises are already on alert, implementing measures to prevent hackers from breaking into their systems and networks.

“The focus today should be on quick detection and response. Every organization should follow the five steps include, minding the gap between business and IT security, identifying targets, evolving key security control, adding newer delivery mechanisms and repeating and reviewing the security measures frequently,” recommends Lawrence Orans, Research Director, Gartner Inc., adding that these activities should be rigorous to keep cyber criminals at bay.

Howard A. Schmidt, Cybersecurity Coordinator for President Barack Obama believes that there is no permanent solution to completely eradicate cyber war. But Governments themselves should improve resilience to cyber incidents and reduce cyber threat. “Launching a cyber war should not an objective of any nation, but governments need to have cyber security units comprising highly trained personnel to help themselves in defending against sophisticated and agile cyber threats and cyber incidents, whether caused by malicious activity or natural disaster. They should also appoint cybersecurity specialists for coordinating the nation’s cybersecurity policies and activities.”

To reduce threats Schmidt suggests that governments globally should work with their allies, while strengthening law enforcement capabilities against cyber crime. They should initiate national awareness and education campaign to promote cybersecurity as well as develop joint cybersecurity policy framework to strengthen international partnerships in the days to come.