Hi, I am Rafay Baloch, a security researcher, author and a public speaker.

Cyberwarfare: The 21st Century Battlefield


Note: This article was originally published in "Safety & Security Today Quarterly Magazine Apr-June-2019.

We are living in an age of technology revolution which already has and will continue to fundamentally change the way we live, work and interact with each other as a society. Technology has brought a lot of good, however, at the same time technology has created problems with regards to security and privacy. Technology has also changed the way a war is waged as fighting a conventional war these days has almost unbearable costs in terms of human lives, economy, resources, and international legitimacy. Another important distinction is that enemy is visible in conventional warfare, whereas in cyberwarfare this is not the case. Therefore, in contrast - cyberwarfare is effective and cheap.



Evolution of Warfare

Conventional Warfare: During the First and Second World War, the belligerents fought in three major domains of warfare; air, land, and sea. Under the conventional warfare doctrine, millions of combatants were recruited and deployed on the battlefield with armor and artillery under the cover of air forces to mount mass invasions of enemy countries, for example, the invasion of Poland, France, and the Soviet Union by Germany.

The Nuclear Age: The era of Conventional Warfare abruptly ended by the development of a nuclear bomb by the United States under the Manhattan Project. The United States decided to use its newfound weapon of mass destruction against Germany, however, the German Army was defeated before the bomb could become operational. The US then deployed its nuclear bombs against the cities of Hiroshima and Nagasaki in Japan, killing a vast number of innocent people, believed to be in hundreds of thousands. The repercussions of a nuclear war were made evident and as the US lost its status as the sole nuclear power on earth in 1946 as the Soviet Union built its own nuclear bomb, a paradigm of strategic parity and restraint was enacted. Although the countries couldn’t fight directly after the Korean War, a worldwide cold war was fought in Vietnam, Afghanistan, the Middle East, and South America.

 Hybrid Warfare: When the Cold War finally ended in the early 1990s with the collapse of the Soviet Union, the dynamics of the global conflicts changed drastically as the world become unipolar with the United States as its sole superpower. The newly born Russian state felt humiliated at such a defeat and decided to invent a new type of warfare with which to restore its lost power. It, therefore, invented a new doctrine called ‘Hybrid Warfare’ which borrowed three elements of the ‘Cold War’; the proxy warfare, political warfare and economic warfare, while integrating them with two new domains of modern warfare, the information Warfare, and cyberwarfare. These elements together created Russia’s hybrid warfare doctrine which was later adopted by many countries including India to be used against Pakistan.

Enter Cyberwarfare: Cyberwarfare refers to the use of digital attacks, like computer viruses and hacking by one country to disrupt the vital computer systems of another, with the aim of causing damage, death, and destruction. Future wars will see hackers using computer code to attack an enemy’s infrastructure, fighting alongside troops using conventional weapons like guns and missiles. Governments are increasingly aware that modern societies are so reliant on computer systems to run everything from financial services to transport networks that using hackers armed with viruses or other tools to shut down those systems could be just as effective and damaging as traditional military campaign using troops armed with guns and missiles. Unlike traditional military attacks, a cyber attack can be launched instantaneously from any distance, with little obvious evidence of any build-up, unlike a traditional military operation, such as the attack would be extremely hard to trace with any certainty to its perpetrators, making retaliation harder.

Cyberwarfare refers to the use of digital attacks, like computer viruses and hacking by one country to disrupt the vital computer systems of another, with the aim of causing damage, death, and destruction.

As a result governments and intelligence agencies worry that digital attacks against vital infrastructure -- like banking systems or power grids will give attackers a way of bypassing a country’s traditional defenses and are racing to improve their computer security. However, they also see the opportunity that cyber warfare capabilities bring, offering a new way to exert influence on rival states without having to put soldiers at risk. The fear of being vulnerable to the cyber weapons of their rivals plus a desire to harness these tools to bolster their own standing in the world is leading many countries into a cyber arms race. Moreover, the US elections in 2016 became controversial as allegations of Russian meddling in the elections were popularized which in turn directly affected the US democratic institutions by undermining their credibility and integrity. By combining elements of cyberwarfare and information warfare, the Russian intelligence services allegedly manipulated public sentiments in favor of Donald Trump while severely hurting the repute of his arch rival, the Democratic Party candidate, Hillary Clinton. Russia, a country with major diplomatic and demographic trends working against it made people of United States lose trust in their most fundamental democratic process i.e. elections. This method was also seen during high profile events like the attempted coup in Turkey (in 2016), Arab Spring protests in Egypt, Tunisia, and Syria as well as during important referendums like Brexit and the Scottish referendum etc.

There are various types of cyberwarfare operations being carried out today.

Cyber Espionage: It is the theft of classified data stored on secure computers.

Cyber Sabotage: It is the destruction of classified, highly important data stored on secure computers and networks to cause disruption, confusion, and loss, for example, Stuxnet.

Cyber Intelligence: It is the use of cyber mediums to collect intelligence or to perform counter intelligence operations.

Cyber Terrorism: It is the use of instruments of cyberwarfare to carry out or facilitate acts of terrorism through logistical, economic or by means of propaganda and intelligence gathering. While cyber counterterrorism is a subject that deals with developing capabilities to defeat cyber terrorism, terror financing and to disrupt and infiltrate terrorist networks online.

Cyber – Economic Warfare: Using cyberwarfare to induce economic loss to a state or a private enterprise. The hacking of Sony’s STEAM gaming service by North Korean hackers caused severe loss to the Japanese company. It can also be used in conjunction with a kinetic operation to cause psychological collapse, confusion, and chaos by carrying out distributed denial of service attacks at a massive scale.

Cyberwarfare – Perception & Reality

In cyberwarfare, the gap between perception and reality is still very high as it is often argued that cyberwarfare does not result in any physical destruction or human causalities. A lot of experts therefore argue that cyber war is an incorrect terminology rather it should be referred as cyber espionage or cyber terrorism. However, there are instances where people died directly as a result of cyber-espionage. For example: 

There were multiple reports pertaining to Ukrainian Artillery Soldiers getting their mobile phones infected by a variant of FANCY Bear X AGENT Implant which was distributed on Ukrainian military forums packed within another legitimate Android application developed by Ukranian artillery officer which enabled forces to more rapidly process targeting data for the Soviet era D30 Howitzer employed by Ukrainian artillery soldiers. The infected mobile app upon installation was used to obtain geo locations after which artillery fire was launched. Open source reporting indicates that Ukrainian artillery forces lost over 50% of their weapons in the 2 years of conflict and over 80% of D-30 howitzers, the highest percentage of loss of any other artillery pieces in Ukraine’s arsenal.

Another notable example worth mentioning is the compromise of Ukranian power company Prykarpattyaoblenergo which reported an outage on Dec 23, 2015 in mid of winters which left about 230,000 Ukrainians without power in bone-chilling cold. The attack was carried out by compromising the domain controller and from there pivoting into SCADA systems which tripped the power breakers and disabled UPS systems. 

To exacerbate the effect a TDoS (Telephone Denial of Service attack) was launched on electrical grid’s call centers in order to delay the company from noticing the full scale of the attack. The attack was tackled in a span of 6 hours if this attack had persisted long enough Ukraine would have been dealing with human casualties.

Parallel Internet

Nations are increasingly worried about this new type of warfare and are adopting new measures in order to counter propaganda and subversion. For example, North Korea has completely isolated its audience from accessing the internet by building a parallel internet of its own and by restricting access to global internet only to the limited subset of people and that too after special authorization. The only way of transmitting subversive information into North Korea is via radio on South/North Korean border, thus limiting the number of ways to indoctrinate the North Korean people against their leadership. 

China, on the other hand, has implemented The Great Firewall of China (GFW) which acts as a trade protectionism strategy for promoting local services. GFW applies various techniques for blocking internet traffic and has been pretty effective in blocking the majority of Proxy/VPN based services as well. Over the years, some bypasses have been reported. However, China keeps on proactively fixing them. GFW to a large extent has successfully restricted and prevented the majority of Chinese population from accessing the US-based services and has successfully provided alternative services such as Tencent Video for YouTube, Tencent Weibo (Twitter), WeChat (WhatsApp) etc. This was done for preventing US-based companies from collecting information pertaining to the behavioral traits about their population and prevent them from building psychometric profiles based upon which their opinions can be swayed and enticed to cause a digital insurgency against the Chinese government. 

5th Generation warfare is aimed at influencing the perception of the people to sway their opinions about a certain issue through disinformation and propaganda while using the offensive Cyberwarfare operations to inflict damage and punishment in times of hostilities.

Russia, on the other hand, has not been as stern as North Korea and China, however, it has been slowly following a similar path towards creating its own internet. In April 2018, Russia blocked Telegram, a well-known messaging application for not being able to comply with court orders which required Telegram to give access to encrypted messages. In an attempt to block Telegram, ISPs blocked about 16 million IP addresses which lead to collateral damage and resulted in the unavailability of a wide range of other Google Services. This happened due to the fact that Telegram was using a technique known as Domain Fronting for serving content via Google Cloud servers. By using Domain Fronting the legitimate Telegram servers were hiding behind legitimate high reputation Google Cloud servers, more specifically Content Delivery Networks (CDN). In the following days, Google blocked domain fronting facility.

Russia at present is in the process of testing the parallel internet which upon execution will convert the entire internet into the intranet, this means that users will only be able to access government controlled local services. In order to accomplish this, all the traffic will be re-routed to Government controlled internet exchange points whereby any traffic originating from Russian source to any foreign destination will be blocked. This in critical times will ensure that Russian users are not subject to any propaganda or disinformation campaigns as well.

It will also disrupt communications of compromised machines to their command and control if placed outside Russia. Furthermore, Russia has also taken steps to build its own Root DNS server which will make sure that Russian local services hosted at .ru top level domain will still work even if .ru top level domain is removed from the ICANN database.

Conclusion 

Traditionally information warfare was being fought through airborne leaflets, loudspeakers etc. However, due to vast adoption of social media it became easier to collect psychographics and spread propaganda. However, since countries like China and Russia are building their own internet which in critical times can be completely segregated, in that case, psychological warfare will revert to traditional techniques.

If Russia’s parallel internet initiative materializes, we will fall back to traditional propaganda and disinformation methods such as airborne leaflets, radio, and loudspeakers. The 5th Generation warfare is aimed at influencing the perception of the people to sway their opinions about a certain issue through disinformation and propaganda while using the offensive cyberwarfare operations to inflict damage and punishment in times of hostilities. States which are not prepared or are too slow to catch up will soon be left at a severe disadvantage whereby they will be unable to defend themselves if attacked by a fifth-generation cyber weapon.

No comments:

© 2016 All Rights Reserved by RHA Info Sec. Top

Contact Form

Name

Email *

Message *

Powered by Blogger.