July 10, 2009: Now that the United States has a national Cyber Command, to defend the U.S. from Internet based attacks, more people are thinking of fighting back. But some of the military Cyber War experts, who have been deep into Internet based combat for years, point out that it's not enough to defend, you have to attack. This brings up a number of problems. First, there's the problem of finding out who made the attack, so you can accurately target your counter strike. This problem was made very clear when you consider a series of attacks on neighbors of Russia. Three times in the last two years, Russian computer hackers (and cyber crime gangs) shut down Internet service in a neighboring country that had offended the Russian government. Back in 2007, it was Estonia. Last year it was Georgia (whose leader had regularly insulted Russian leader Vladimir Putin, often in a very personal way.) This year it's Kyrgyzstan, which is resisting Russian attempts to control world access to Kyrgyzstan's oil and natural gas fields.
Estonia concluded that the weeks of Cyber War attacks it endured two years ago were not an act of war. Or, rather, the attacks were not carried out by the Russian government, but at the behest of the government by Russian hackers angry at Estonia. Some Internet security researchers believe that the attacks were the result of efforts by a small number of hackers, who had access to thousands of captive (or "zombie") PCs. Some of the zombies were located in Russian government offices. But that's not unusual, as government PCs worldwide tend to be less well protected than those in large corporations. It is believed that other governments are behind similar attacks that temporarily shut down politically embarrassing web sites. This is becoming very common, and often the attacks are ones where only a particular government would benefit.
Russia used the same technique last year against Georgia, although this time the DDOS attacks were preceded by a well planned Information War campaign against Georgia (and in favor of Russia.) The Georgia Internet operations were accompanied by Russian troops invading as well. This was more of a raid, than an actual march of conquest. Both the Russian CyberWarriors, and combat troops, did a lot of damage in Georgia, and then withdrew. The current operations in Kyrgyzstan are apparently meant to intimidate, and persuade the Kyrgyz to do an oil deal that is favorable to Russia. So far, this CyberBullying tactic seems to be working.
Chinese Internet based espionage has been going on for years. Some of the attacks have been traced back to Chinese government computers. But how do you respond? It's possible that there has already been a response. Espionage is a two way street, and the United States certainly has the resources (in terms of talented Internet engineers and hackers) to do the same kind of snooping against Chinese computers. If so, like the Chinese, there would be no admission of such activities. That's how espionage is done, in the dark, with denials all around.
But the biggest problem, according to military Cyber War commanders, is the difficulty in making it clear to political leaders, and non-expert (in Internet matters) military commanders, what the cyber weapons are, and the ramifications of the attacks. Some types of attacks are accompanied by the risk of shutting down much, or all, of the Internet. Other types of operations can be traced back to the source. This could trigger a more conventional, even nuclear, response. Some attacks use worms (programs that, once unleashed, keep spreading by themselves.) You can program worms to shut down after a certain time (or when certain conditions are met). But these weapons are difficult, often impossible, to test "in the wild" (on the Internet). By comparison, nuclear weapons were a new, very high-tech, weapon in 1945. But nukes were easy to understand; it was a very powerful bomb. Cyber weapons are much less predictable, and that will make them more difficult for senior officials to order unleashed.
So the first order of business is to develop reliable techniques to quickly, and accurately, educate the senior decision makers about what they are about to unleash. This would begin with the simplest, and cheapest, weapons, which are botnets, used for DDOS attacks. In plain English, that means buying access to hundreds, or thousands, of home and business PCs that have had special software secretly installed. This allows whoever installed the software that turned these PCs into zombies, to do whatever they want with these machines. The most common thing done is to have those PCs, when hooked up to the Internet, to send as many emails, or other electronic messages, as it can, to a specified website. When this is done with lots of zombies (a botnet), the flood of messages becomes a DDOS (Distributed Denial of Service) attack that shuts the target down. This happens because so much junk is coming in from the botnet, that no one else can use the web site.
But there are even more dangerous cyberwar weapons out there. You can unleash worm and virus software modified to take advantage of largely unknown Internet vulnerabilities, that allow the user access to many business, government and military computers. This sort of thing is called, "using high value exploits" (flaws in code that are not yet widely known). These exploits are a lot more expensive, and require more skill to use. Currently, a major source of exploits are hackers for hire. These are skilled hackers, who know they are working on the wrong side of the law, and know how to do the job, take the money, and run. This situation has developed because organized crime has discovered the Internet, and the relatively easy money to be made via Internet extortion and theft.
It is believed that those nations that have Cyber War organizations, maintain arsenals of exploits. But these have a short shelf-life. Nearly all exploits eventually come to the attention of the publisher that created the exploitable software, and gets fixed. Not every user applies the "patches", so there will always be some computers out there that are still vulnerable. But that makes "zero day exploits" (discovered and used for the first time) very valuable. That's because you can use these exploits on any computer with the flawed software on it. Thus it is expensive to maintain an exploits arsenal, as you must keep finding new exploits to replace those which are patched into ineffectiveness.
Most of the Internet combat so far has been done under peacetime conditions. In wartime, it's possible (especially for the United States) to cut off enemy countries from the Internet. Thus potential American foes want to maintain an official peacetime status, so the United States cannot use its ability to cut nations off (or nearly off) from the Internet, and remove easy access to American (and Western) targets. Thus the need to make attacks discreetly, so as to make it more difficult for an enemy to target stronger attacks against you, or threaten nuclear or conventional war.