(RNW) - Before Georgia and Russia started shooting at each other,
they were already fighting on the Internet. Georgian government and
media websites had been almost paralysed by hackers following the
so-called 'Distributed Denial of Service' attacks that began weeks
before. Such cyber war techniques constitute an increasing threat, one
that's now being taken seriously by the military.
|
In
1991, the US CIA thought it had scored a home run. Its operatives had
intercepted a cargo of laptop computers destined to guide Iraqi
anti-aircraft guns. So they installed their own software in the laptops
and sent them on their way. During the First Gulf War, the ‘infected'
computers received continuous false information from the Americans,
information that tied the Iraqi army in knots. But, unfortunately for
the CIA, the US Air Force hadn't been informed about this new way of
waging war and bombed the anti-aircraft command centre to dust.
Today,
defence strategists recognise the full importance of computer networks.
Where before carrier pigeons were shot out of the sky or jamming
signals rendered radio communication impossible, telecom centres and
Internet servers have become the prime targets. And in 2007, Estonia
won the dubious honour of being the first obvious victim of a
coordinated cyber attack by Russian hackers.
|
Distributed Denial of Service (DDoS) attacks are intended to shut down
systems or parts of networks by flooding them with traffic. In Georgia,
the attacks left government and media websites almost totally
unreachable. Hackers even placed a photograph on President Mikheil
Saakashvili's homepage showing him looking like Hitler. Since then,
important Georgian sites have been transferred to safe servers.
The attacks on the Georgian servers were most likely the work of
Russian hackers, who may well have had the support of the Russian
secret service: the FSB. But finding evidence of this is not easy says
Eric Luiijf, a consultant with the Defence and Security branch of TNO
(the Netherlands Organization for Applied Scientific Research).
Although attempts to do so shouldn't be ruled out, it's almost
impossible to discover who was responsible for the attacks. Systems
that took part were invaded by cybercriminals and they can be found all
over the world. They could even be in the US; possibly even in the
Netherlands.
Tracing
|
Pyramid structure of a botnet
|
The Internet attack on Georgia was probably committed with the aid of a
'botnet', a network of several thousand computers taken over - without
the owners knowing it - by hackers.
"Such ‘zombie networks' are more than suitable,"
says Frank van Vliet. He's a professional hacker and co-founder of
Certified Secure, an authority in the field of internet security. Van
Vliet says criminals use a DDoS attack as a means of blackmail:
shutting down a commercial website for just one day can cost its owner
an enormous amount of money. Using a botnet as a political instrument
is rarer, but not illogical, says van Vliet:
"You wouldn't even want to dream about what could happen to the
Netherlands if all its Internet traffic was brought to a standstill for
a week."
It's not easy to track such hackers down, especially if they're located in countries low on the radar of international affairs.
"If a German carries out an attack in the Netherlands, he's relatively
easy to locate, because the European Union has agreements for that. But
a German using a network in Zimbabwe would be almost impossible to find
because Zimbabwe would simply refuse to cooperate."
Legal status
Developed countries are well aware of their technological
vulnerability. That's why TNO advises the Dutch Ministry of Defence
about the protection and security of networks. But TNO also
investigates Information Operations, the deployment of cyberwar in a
conflict. It's a largely unexplored field and one about which there's
much uncertainty.
Eric Luiijf says that the judicial side of conflict in the ‘infosphere' is the main problem.
"Think of the consequences of an attack on a defence network that's
also used by a hospital. If that were to harm civilians, it would be a
violation of the Geneva Convention."
That was why Russia, in 1995, called for all computers to be regarded
as weapons. But since then, the subject has never been discussed again.
The position of hackers or computer experts working for the army is also unclear, says Luijf.
"If somebody performs a military deed, the rules of war say he should
be regarded as military personnel. But if a civilian hacker attacks a
military target, what's his status?"
A recent conference about ‘information warfare' reached no clear conclusions.
New ways of waging war
Using a DDoS attack to bring web servers to a standstill is one aspect
of the modern way of waging war. But what about bringing a financial
network to a standstill? Or computer programmes that take over defence
and government networks? Or a digital spy that collects and spreads
sensitive private information? These all exist. They're better known by
such vivid names as Knowbots, Demons and Sniffers.
|
The
first worldwide coordinated cyber attack took place in 1998. With the
aid of the Electronic Disturbance Theatre's (EDT) Floodnet tool, the
Zapatista independence movement in Mexico used a network of
international computer systems and networks to carry out DDoS attacks
on the Mexican government, the Frankfurt Stock Exchange and the US
Pentagon.
|
International legislation on the subject lags hopelessly behind. Can a
cyber attack be answered with a cyber attack? Should NATO members help
a fellow NATO member with a counter attack if it feels threatened in
cyberspace? What consequences are acceptable? International agreements
about this new means of waging war should not be considered ridiculous.
It's why NATO has set up a 30-person strong institute for 'Cooperative
Cyber Defence (CCD) in the Estonian capital Tallinn. And it's why on 1
October, the US Air Force will bring a 'Cyber Command' to life.
(link to source)
