By Chris Szul
According to NATO, cyber-attacks range back to 1988 with the Morris worm attacking US computers; however, it wasn’t until 2006 that the US saw a resurgence in cyber-attacks. In 2009, an attack was launched on Israel’s internet infrastructure during military operations. In 2010, Stuxnet was released on Iranian nuclear centrifuges to hinder the nation’s nuclear program. In 2014, a United States utilities control system was hacked into by connecting through an off-site login page. Cyber-attacks are evolving to match the cyber-dependent world they are in and to become more effective tool for conflict.
In 2009, Israel launched a military offensive in the Gaza Strip. During the operation, pro-Palestine forces launched a retaliation attack on to Israel’s internet infrastructure with an estimated 500,000 computers. The magnitude and complexity of the attack during the 2009 operation shows a turning point in cyber-warfare compared to the attacks in the Middle East earlier. The purpose of the attack was to bring down government ran websites in Israel and was launched where there were four waves of attacks on servers in Israel, with each succeeding wave being stronger than the wave before it. Most of the attacks targeted websites with the objective of defacing them to push for their side’s propaganda.
In 2010, the Stuxnet worm was discovered on industrial computer systems. The worm attacked the logic controllers that maintained the centrifuges for separating nuclear material by exploiting a flaw in computer code. The Stuxnet worm can be seen as another turning point for cyber-attacks due to how specialized the worm was. The worm was designed to attack computers that met 3 requirements: using the Windows operating system, containing specialized programs used in maintaining logic control systems of centrifuges, and connection to logic controllers. If the computer did not meet all three requirements, the worm caused little to no harm to the computers; it would remain on the computers, but it would not take any action on them. Instead, it would continue to spread through networks looking for computers with specialized software connected to logic control systems.
In 2014, the Department of Homeland Security and its Industrial Control Systems Cyber Emergency Response Team released a report going over security breaches. One of the breaches involved a public utility service. The attack was sophisticated because it went for the servers hosting the utilities login page for their employees. After the attacker gained access to login details of the employees, they would have had access to the computer systems connected to the company’s network this is due to the fact that all of the computers have remote-access capabilities for the employees to do maintenance on an off site. Also, the Homeland Security team was able to determine that the attacker had breached the network multiple times. It is important to point out that the purpose of the attacker is not known and their breach into the network wasn’t detected until long after they had entered in multiple times. This opens the potential for the attacker to attack at any moment they choose.
These four separate attacks on networks point out a clear evolution in the cyber war field. Three points worth noting in the evolution is the increase in precision over time, the increased potential for damage, and the more strategic the attackers have become.
The attacks are becoming more precise in their targets and evidence of this can be seen in the change of targets from the 2009 attack to the 2010. The 2009 attack was focused on bringing down government run sites with no clear site as a designated target. Hackers attacked sites of their choice that fit the requirements from the objective, while the 2010 attack targeted the exact type of software on computers.
The potential for damage to be done has also had a linear growth among the three cases. In the 2009 attack, most of the attacks were aimed at defacing government websites to push for the attackers agenda. The 2010 attack had larger ramifications because it set Iran’s nuclear program back due to damage on the centrifuges. This attack, while having less of a reach as the 2009 attack, did more damage to the government because they would needed invest more into repairing their centrifuges and restarting their nuclear program. The 2014 attack had the largest potential of damage out of all of them. Shutting down of a public utility would have damaged the US economy and potentially placed the US into conflict with the nation holding the attackers.
The attackers are changing their cyber-strategies. The 2009 attack showed that the attackers opted for a more direct route on completing their objective. The 2010 attack showed that the attackers are looking for a more precise way of carrying out their objective. The 2014 attack shows the potential for attackers to wait until their impact can cause the most damage. This trend shows that the attackers are willing to wait to maximize their impact and to spend more effort on achieving their goals than going after multiple goals with less effort.
NATO. (2013). The History of Cyber Attacks – A Timeline. Retrieved April 12, 2017, from http://www.nato.int/docu/review/2013/cyber/timeline/EN/index.htm
Mandel, R. (2017). Optimizing cyberdeterrence: a comprehensive strategy for preventing foreign cyberattacks(pp. 89-91). Washington, DC: Georgetown University Press.
BBC. (2010, September 26). Stuxnet worm hits Iran nuclear plant staff computers. Retrieved April 12, 2017, from http://www.bbc.com/news/world-middle-east-11414483
Brocklehurst, K. (2014, May 21). DHS Confirms U.S. Public Utility’s Control System Was Hacked. Retrieved April 12, 2017, from https://www.tripwire.com/state-of-security/incident-detection/dhs-confirms-u-s-public-utilitys-control-system-was-hacked/