When we talk about cyber, we refer to a war spectrum that has moved from the real battlefield to the virtual arena. From sabotage and espionage to economic crime, I will try to explain how cyberwar works and why the “axis of evil” will continue to endanger us in the coming years.
The Prussian military theorist Carl von Clausewitz, (June 1780 to Nov 1831) once said, “war is nothing more than the continuation of politics by other means…” His saying has taken on a different meaning in recent years due to offensive cyber operations taking the place of physical war and complementing diplomatic relations between state and power. In recent months, there has been an increase in cross-border cyber activity: Spain, Britain, and the United States have accused Chinese hackers of stealing information from laboratories developing vaccines for Coronavirus.
The U.S. Department of Justice has announced that it has indicted 5 Chinese hackers and 2 Malaysian hackers who attacked more than 100 companies, organizations, and individuals in 14 countries. Three indictments have been filed against Iranian citizens on hacking charges into U.S. airlines and space companies and spying on opponents of the exile regime. Two Iranian hackers were charged with vandalizing sites in pro-Iranian propaganda following Qassim Soleimani’s assassination this past January.
The surge in this cyber activity is not a momentary trend, but a growing trend. The scope and sophistication of the attacks has increased not only in terms of volume but also in scope and sophistication. The problem was exacerbated by the corona epidemic and its impact on the world economy and international relations.
Moreover, evidence of an increase in cyber activity revealed after officials’ statements in the United States. U.K. Secretary of State, Dominic Raab, often addresses the issue. The Australian Defense Minister, Linda Reynolds, has previously stated that China has increased their cyber activity against Australian businesses in the last two months. Reading these headlines can be confusing.
1. Offensive cyber: Offensive operations carried out by states in cyberspace. Offensive cyber differs from cybercrime in the sophistication and power of the tools used and victims’ selection.
2. APT: An abbreviation for “Advanced Persistence Threat.” A high-level and sponsored offensive campaign carried out by state attackers. Such campaigns can last for many years until they are discovered.
3. State attackers: In the cyber world, it is not customary to directly accuse states and military bodies of hacking. It is complicated to prove a connection between an assault and the assailant. The more skilled the attacker, the more successfully they manage to blur their tracks. Further, the server’s geographical location from which an attack is made has little significance in the cyber world. You can easily have a server in the U.K, but the attacker is an entity in Germany or Iran.
4. Assault groups: In the cyber world, boundaries are blurred. We are used to thinking that the rest of the world operates so that the U.S. is formatted: they have a central unit that carries out cyberattacks against countries. The reality is more complicated – many countries have a mix of military, state body “institutions,” and semi-official militias engaged in cyber activities. In most cases, cyber researchers will give an attack group a name or number, indicate its relationship to officials, the tools it uses, and its motivation. Within these “attack groups”, people can work in a legitimate job and, at the same time, assist their country in cyber activities. For example, the Iranian security researcher, Mohammad Reza Aspergam, who has an active Twitter account and lectures at international conferences, was recently charged with developing cyber tools.
So, who attacks whom and how?
1. Sabotage: The cyberattack is designed to break and damage other countries’ computer systems. Attacks on critical infrastructure have increased dramatically in the last two years. As you may recall, this trend began a decade ago with an attack (attributed to Israel and the U.S.) on nuclear facilities in Iran and continues with Russian attacks on Ukraine’s electricity infrastructure. Recently, Iranian has attacked Israel’s water infrastructure. Israel replied with closing down the entire port of Shahid Rajai.
2. Spying: A good old spy is a much more common activity than destruction. Nations have been spying on each other for years. Today, much of the espionage activity is conducted in cyberspace. Data theft is more accessible, cheaper, and relatively risk-free when you stand behind a keyboard and intrude a service in another country.
3. Influence and Psychological Warfare Campaigns: Countries have always used psychological warfare techniques to gain an advantage over other countries. Cyberspace has given them the means to do so on such a larger scale. Nations can intervene in political processes in other countries without fear. For example, Russian intervention in the Scottish independence referendum, Russian intervention in the Brexit referendum in the U.K., Russia’s involvement in the 2016 U.S. presidential election, along with the upcoming U.S. election for 2020.
4. Regional politics: Countries also want to use force in cyberspace to resolve or escalate regional conflicts. In the summer of 2020, Chinese cyber-attacks on Indian entities occurred immediately after a clash between the two armies. This attack resulted in dozens of deaths in the Ladakh mountainous border area. Ukrainian security services reported in 2019 that Russian hackers were attacking military and police elements in Ukraine. According to reports, the Russian attack group “Gamaredon” has attacked at least 482 critical infrastructure targets in Ukraine without risking overt military action.
5. Industrial espionage: Unlike ‘classical’ intelligence, this activity aims to close the economic gap by stealing intellectual property and then using it to copy technology or gain another unfair commercial advantage. China has been widely blamed by Western companies, universities, government agencies, and technology companies for just this action. When China realized they would not be able to build a stealth bomber, it stole the American F-35 design to shorten development: The J-20, almost a perfect replica of the United States F-35, flies in the Chinese sky.
6. Economic crime: Some countries are in extreme financial distress, which is getting worse due to international sanctions. They are moving to cybercrime to steal and fill their financial needs. North Korea is notorious for using cybercrime for such purposes, and recently launched another campaign designed to steal money from U.S. banks and ATMs.
– North Korea, the senior partner of the Axis of Evil
2020: Test year
The COVID-19 pandemic has created a powerful incentive for countries to break in and spy on each other. The race to be the first to obtain a vaccine has led to espionage incidents related to the theft knowledge from various research laboratories worldwide. Based on the latest trend, we will likely see more cyber campaigns trying to exploit security vulnerabilities.
Aside from the pandemic, 2020 is a year that “invites” widespread political, social, and economic disruption in the United States and, to some extent, in the United Kingdom and Europe. The upcoming U.S. election is likely to lead to an increase in cyber activity, such as attempted hacking against politicians, political parties, voter registration, polling stations, and voting machines.
What will the end result be?
It is expected that states’ activity in cyberspace will continue from now until forever. There is a hope that overtime offensive operations, rules, and regulations will change the cyber realm. For example, the United States has imposed personal sanctions against 45 Iranian hackers working under the Iranian Ministry of Defense and Intelligence auspices. The E.U. has imposed individual sanctions (including foreclosure and travel bans) against six hackers from China, North Korea, and Russia for involvement in the 2017 WannaCry operation. The E.U. has imposed sanctions on Russian hackers who hacked into the Bundestag and Chancellor Merkel’s email accounts in 2015.
We hoped that such actions would calm the area and create more or less fair playing conditions, although it would be naive to expect “cyber-evil” countries like Iran, China, Russia, and North Korea to cease their activities in this area.