by Austin Bay
January 1, 2008
In the computer age -- and 2008 is definitely in the computer age -- the difference between an act of war and crime is often a matter of interpretation as well as degree.
Attack a nation's highways and railroads, and you've attacked transportation infrastructure. You've also committed an obvious, recognized act of war.
An electronic attack doesn't leave craters or bleeding human casualties, at least not in the same overt sense of an assault with artillery and bombs. However, the economic costs can be much larger than a classic barrage or bombing campaign.
Cyberspace has become a much busier and more dangerous place in the last 15 years. Today, entire nations rely on computer networks for communications, economic transfers and information storage. Computers and computer networks are lucrative targets for criminals. This increased economic and information reliance means that in the 21st century targeting a nation's electronic infrastructure is an act of war.
Bankers know this. So do intelligence agencies. Diplomats and political leaders must also come to grips with that reality.
Everyone with a personal computer understands the basic concepts of cyber warfare. Link your laptop to the Internet, and you link to the great collective of the Information Age. You also connect to a digital disease pool populated by viruses that instantly erase electronic brains. That means data is destroyed -- perhaps less messily, but as thoroughly, as an attack with a high-explosive bomb.
You also enter a world where even trusted Websites may leave a "tracking cookie" on your own computer so they can know something about your Internet shopping preferences. There are, however, even more aggressive programs that allow "inquisitive geeks" to follow everything you read and write. These cyber "spyware" programs are a form of cyber spy war. Add more sophisticated digital trickery and additional levels of penetration wizardry, and programs like these could steal secrets from embassies and defense facilities.
Spies and soldiers know cyber attacks aren't new and that institutional computer systems, even large, ostensibly well-protected one like those used by banks, big businesses and government agencies, are also vulnerable. In the early 1990s, a senior National Security Agency staffer told me that individual hackers were constantly trying to penetrate "various government networks." He did not elaborate -- any elaboration would have quickly involved classified material -- but he said NSA analysts had "learned a lot watching these people." Those are cryptic words from a cryptologist in the days when computer-savvy 14 year olds were tapping into their parents' bank accounts.
In late April of this year, the world got a look at the economic and psychological effects of a "massed" cyber attack -- a sophisticated, sustained and coordinated "hack" of an entire country.
Estonia was the victim. Estonia is a "wired society." The country has made Internet access an economic and political priority. Over a period of weeks (April through mid-May), Estonia suffered from what The Washington Post described as "massive and coordinated cyber attacks on Websites of the government, banks, telecommunications companies, Internet service providers and news organizations."
Bank accounts were "probed," email services shut down.
Estonia's minister of defense called the attacks "organized attacks on basic modern infrastructures." According to press reports, Estonia claimed that the attacks originated at the Internet addresses of "state agencies in Russia." Russia denied the charge, attributing the attacks to criminals and vandals.
There is no doubt that the Internet is rife with criminal activity. On Sept. 5, 2007, StrategyPage.com called China "Computer Crime Central." The StrategyPage report focused on "poisoned Websites" that try to steal financial data (like bank account login information). StrategyPage argued that some Internet criminal activity appeared to link to "attacks on Western military and government networks."
Those attacks certainly occur. On Sept. 3, the Financial Times reported that China's military had hacked "a Pentagon computer network" in June 2007. That followed reports that Germany's Chancellor Angela Merkel had complained about Chinese hacking of German computer systems to China's premier.
A criminal act or an act of war? Until 9-11, the U.S. government treated terror as a criminal-type activity to be confronted with a robust law enforcement effort. That approach, however, proved inadequate.