A Brief History of Cyberwarfare

By November 1, 2018 Cybersecurity Readiness

The United States of America is becoming increasingly more vulnerable to threats from cyberwarfare. In early October, it was revealed that almost all of our Department of Defense’s weapons that have been tested between 2012 and 2017 have “mission critical” cyber vulnerabilities. In one of the reported penetration exercises, it took a two-person team little more than a day to gain full control of the weapons system they were testing. Now consider if a nation-state was actually performing a twofold attack on the DoD and our communications nationwide. This reality underscores the need for multi-layered, long-term cyber defenses against the most sophisticated threat actors now more so than ever before.

Cyberwarfare can be defined as the use of computer technology to sabotage the electronic or physical assets of a state or organization. This has been seen through the use of viruses, worms, malware, ransomware, and denial-of-service (DoS) or distributed denial-of-service (DDoS) attacks. In the last eight years we have seen a variety of examples of cyber warfare:

History of Cyberwarfare

2010

2010, Stuxnet: This was the first genuine cyberweapon which was designed to inflict physical damage. It reportedly ruined almost a fifth of Iran’s nuclear centrifuges.

2014

March 2014, Russian DDoS attack against Ukraine: This is the second time Russia allegedly coordinated military and cyber-attack. A DDoS attack 32 times larger than the largest known attack disrupted the internet in Ukraine while Russian-armed pro-Russian rebels were seizing control of the Crimea.

May 2014, Russia vs. Ukrainian election commission: Three days before Ukraine’s presidential election, a Russia-based hacking group took down both Ukraine’s election commission and a back-up system. The attack was an attempt to create chaos and aid the pro-Russian candidate.

2015

June 2015, Russia vs. German parliament: German investigators discovered that hackers had infiltrated the computer network of the German Bundestag. Germany’s domestic intelligence service, the BfV, later said that the attack was performed by Russia and that they were seeking information on the workings of the Bundestag, German leaders, NATO, and others.

June 2015, China vs. United States Office of Personnel Management: The records of 21.5 million employees and unsuccessful applicants to the United States government were stolen from the U.S. Office of Personnel Management. U.S. government sources believe that the hacker was the government of China.

2016

December 2016, second Russian-caused power outage in Ukraine: It is thought that Russian hackers hid in a power supplier’s network undetected for six months before taking the power offline. The power cut amounted to about a fifth of Kiev’s power consumption that night being lost. This attack happened almost one year to the date of the December 2015 cyber-attack which cut off power to 225,000 people in western Ukraine.

2017

May 2017, WannaCry: This attack is estimated to have affected more than 200,000 computers across 150 countries. WannaCry was a ransomware cryptoworm which targeted computers running Microsoft Windows.

June 2017, NotPetya: This is the first major instance of weaponized ransomware. The NotPetya malware was disguised as ransomware but its goal was to destroy files. While the attack originated in Ukraine, it quickly spread worldwide. It is still unsure as to exactly how much damage was dealt during this attack, but it is estimated that the total damage was over $10 billion USD.

Cyber warfare is increasingly focusing on critical infrastructure such as transportation systems, banking systems, power grids, hospitals, and other important industries. This means that a hacker could cause widespread power outages, such as in Ukraine, that could cause hospitals and homes to lose electricity for an undeterminable amount of time or a hacker could cause major flooding by opening up a dam. A hacker could prevent communication, whether just to cause mass panic or to specifically prevent military communications.

This introduces an unprecedented risk towards our way of living. Do we have a cyber border to match our physical borders? How do we declare war when we are unsure as to the perpetrator? War is no longer being declared, it is being acted out in the shadows of the internet where nations can have plausible deniability.  While the rules of engagement in cyberwar may still be undefined, that doesn’t mean we shouldn’t do everything possible to protect ourselves, our technical assets, and critical infrastructure.