It’s easy to brush these things off as just the stuff of Hollywood movies. But cyber threats like cyberterrorism, cyberwarfare, and large-scale cyber espionage exist IRL too.
While most cybercrimes are performed with financial gain as the goal, cyberwarfare, cyberterrorism, and cyber espionage when used for the first two can have much more damage. The latter can include thousands of lives lost, injury to people, and disruption of society’s ability to maintain order.
To help you understand each of these threats and learn how these can possibly affect people’s lives let’s define each of them.
What Is Cyberwarfare?
There are still no clear criteria or a standard definition that could define a cyber act of war. Although according to a paper by national security experts at the US Congressional Research Service (CRS), there are elements that constitute cyberwarfare.
A cyberattack can be considered an act of war if it is “a state-on-state action equivalent to an armed attack or use of force in cyberspace that may trigger a military response with a proportional kinetic use of force.”
Simply put, it is a war that has migrated into cyberspace. What makes this different from all other forms of cyberattacks is that it is an organized effort by a nation-state against another foreign nation. As such it is well-planned and well-funded.
The goal is the same as that of a war launched using conventional military force. It has the potential for the greatest impact on computer systems, the internet, and people’s lives.
Since nations and their people have become increasingly reliant on computers for their day-to-day activities, an all-out assault by nation-states against each other can have catastrophic effects. Attacks can cripple critical digital infrastructures but it can also include others like triggering a meltdown at a nuclear plant or opening a dam.
What Is Stuxnet?
#Stuxnet 2? Iran Hints Nuclear Site Explosion Could Be A #Cyberattack#cybersecurity #infosec #ITSecurity #hackinghttps://t.co/nRwbrmj9EK pic.twitter.com/dgCcjQi8Xw
— UCSB Information Security (@UCSBInfoSec) July 6, 2020
What many consider a prime example of a cyberwar attack is the Stuxnet campaign against Iran’s nuclear operations.
Considered the world’s first digital weapon, Stuxnet was a computer worm that was designed to target Iran’s nuclear facilities. It was first discovered in 2010, although it had already been silently wreaking havoc in the facilities for a year before its discovery.
What made Stuxnet particularly sinister and unique is that it was the first known virus that could cripple hardware. It reportedly destroyed 1,000 centrifuges in the nuclear facility by causing them to spin faster until they burned themselves out.
You might be wondering how attackers infiltrated such a protected facility. The planned attack initially targeted five outside organizations that were found to be working directly or indirectly with people and thus connected to Iran’s nuclear program. An unsuspecting victim unwittingly helped take the digital weapon into the protected facility via an infected USB.
Once inside the system, the worm spread through Microsoft Windows computers. It then searched the infected PCs for Siemens Step 7, a software used to automate and monitor the facility’s equipment. It altered the instructions sent to the equipment all while sending false feedback reports to the main controller.
Staff monitoring the equipment were thus unaware of what was happening until the equipment began to breakdown and self-destruct. The worm managed to damage plenty more equipment the entire year before it was discovered.
Many believe that the campaign was the work of the US and Israeli governments in an effort to thwart an Iranian nuclear threat, although both countries have denied the claims.
What Is Cyberterrorism?
Cyberterrorism is the use of the Internet to conduct violent acts that result in or threaten, loss of life or significant bodily harm, in order to achieve political or ideological gains through threat or intimidation.#BeVigilant pic.twitter.com/IcwlCjXmZE
— Citizen Support (@CSMechanism) January 7, 2021
Cyberterrorism is basically terrorism using computer technology. It is done by an organized group or actors that may or may not be state-sponsored. The word “crime” and “terrorism” may seem interchangeable but they are not the same.
The motivation for cybercrime is often personal while that of cyberterrorism is often political. A cybercriminal will launch an attack for financial gain, or in certain cases, to cause psychological or physical harm against a targeted person.
On the other hand, according to the CRS paper, cyber terrorism is “the premeditated use of disruptive activities, or threat thereof, against computer and/or networks, with the intention to cause harm to further social, ideological, religious, political, or similar objectives, or intimidate any person in furtherance of such objectives.”
Cyberterrorism Is Designed to Instill Fear
Cyberterrorism is often politically motivated and intended to cause mass disruption. This type of attack aims to demoralize civilians either by destroying property or causing mass casualties. Attacks are designed to instill fear and attract national or international attention, and to pressure a government or a population to conform to certain political, social, or ideological agenda.
According to a United States Institute of Peace special report, there hasn’t been any record of a cyberterrorist attack but a potential threat exists and it is alarming. A cyberterrorist, for example, can cripple emergency services right after a biological attack, contaminate water systems, damage electric power networks, or shut down transport systems.
What Is Cyber Espionage?
The Justice Department and the federal court system disclosed on Wednesday that they were among the dozens of U.S. government agencies and private businesses compromised by a massive cyberespionage campaign. https://t.co/vxPXcBQgGr pic.twitter.com/sB6nSNu6nu
— KOLDNews (@KOLDNews) January 7, 2021
Cyberespionage is a type of cyber attack that involves infiltrating a system or database to steal classified or proprietary information used by government or private organizations. People who conduct these types of operations are called cyberspies.
The goal is to gain competitive, financial, security, and even political advantage over a rival. Cyberspies can target government networks or private companies. Attacks like these are carefully planned since they would need to first identify a target, study their strategies, and find out which information they need to steal.
They may steal intellectual property to sabotage a business’ operations or target classified government information to gain a tactical advantage over another nation.
While some cyberespionage operations are launched to gain access to military secrets while preparing for cyberwar, not all cyber-spying campaigns are for military advantage.
Cyberespionage can also be launched by private organizations against a competing company to sabotage their operations.
Operation Shady Rat
One of the biggest cyber-espionage operations is a campaign that compromised as many as 72 companies and organizations in 16 countries. Operation Shady rat was first reported by McAfee in 2011.
The nefarious campaign was by a single organized group that stole national secrets, business plans, along with other classified information. Among those stolen are email archives, government secrets, negotiation plans for business deals, legal contracts, and designs.
According to reports, the majority of victims were US companies, government agencies, even small non-profits. Other organizations in the list include those in Taiwan, South Korea, Vietnam, Canada, Japan, Switzerland, the United Kingdom, Indonesia, Denmark, Singapore, Hong Kong, Germany, and India.
Notable victims named in the McAfee report are the International Olympic Committee, World Anti-Doping Agency, the United Nations, and the Association of Southeast Asian Nations or ASEAN.
Real-World Threats
Cyberwar, cyberterrorism, and cyber espionage are real-world threats that could affect people’s lives IRL not just in movies. It can have dire consequences if cyber actors get their hands on critical infrastructure or digital weapons.
Most of these attacks start with a phishing email or a malicious attachment targeting individuals, who attackers, hope will facilitate the infiltration into critical systems.