Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

7/18/2018
10:30 AM
Nir Gaist
Nir Gaist
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

From Bullets to Clicks: The Evolution of the Cyber Arms Race

Cyber strategies have become as important as physical weapons in the battle for political advantage. Here's a quick look at four broad categories.

Political actors — including both superpowers and emerging economies — for decades have used cyberattacks, hacks, leaks, and malware to gain a political edge over their enemies and to keep their allies in line. One of the earliest and most notable events involved René Camille, comptroller general of the Vichy French Army and an agent for the French Resistance, who hacked the punched card system used by the Nazis to locate Jews in the early 1940s.

Over time, the scope, scale and sophistication of politically motivated attacks have increased alongside their malicious intentions. In 2004, North Korea trained an army of 500 hackers who sabotaged South Korea's computer networks. Flash forward to the present and the US is accusing Russia of targeting its energy infrastructure.

Cyber strategies have become just as important as physical arms in the battle for world supremacy. Here is a quick look at four broad categories these new cyber forces execute through clicks rather than triggers.

Nation-State Warfare
Political actors are adding cyber weapons to their arsenal since they have a number of distinct advantages over traditional bombs and missiles. They are less expensive (the cost of just one Tomahawk cruise missile hovers around $1.8 million), and attackers can activate them at a moment's notice. Moreover, retaliation is not as likely because attribution is so difficult and loss of life is likely to be far less than in direct combat.

One recent example is the sabotage of missiles and missile programs rather than relying solely on unreliable and expensive antimissile interceptors. This tactic has strategic appeal because the adversary may suspect a technical flaw rather than sabotage. For instance, the US built the so called "left-of-launch" capability aimed at disabling North Korea's nuclear missile systems on the ground prior to launch. In the case of Iran, the US built and deployed project Nitro Zeus as a cyber alternative to full-scale war.

Political-Influence Campaigns
Using cyber means to distribute misinformation and propaganda and instill controversy, confusion, doubt, and anger among targeted populations has grown in popularity. Russia's influence on the US elections (from the Democratic National Convention hack to social media troll farms and millions of ads) is well documented. Overall, Russia is suspected of political meddling in 27 countries since 2004.

Although not as infamous as Russia, other countries have also leveraged cyber tactics for political gains. The United Arab Emirates (UAE) and Qatar stand accused of hacking emails, releasing "dirt" and weaponizing fake news to influence American policy on both Iran and the stance on a UAE-led blockade of its country. Even less industrialized nations, such as Vietnam, are going cyber for political advantage. Vietnam is suspected of hacking and releasing sensitive Philippine documents, including a transcript of a phone call between President Trump and President Duterte, in an apparent attempt to derail the Philippines from strengthening ties with the US and China.  

Spying Campaigns
Many countries with less-than-stellar human rights records have deployed cyber weapons as surveillance tools against their own citizens. These can be homemade or tools purchased from cyber-arms dealers. Examples include: China's focus on dissidents and political activists in Hong Kong, Mexico's hacking and tracking of journalists, Pakistan's surveillance of human rights defenders, and Iran's cyber harassment of protesters.

Nation-State Digital Espionage
In addition to leveraging expensive spies, countries have been using digital espionage for over half a century. With most sensitive data now available in digital format on network-accessible servers, this type of espionage has proven to be extremely powerful and allows for fast access to troves of information. China's hack of the Office of Personnel Management as well as its alleged theft of F-35 blueprints are examples of this type of cyberattack. The US government also engages in spying campaigns, as revealed by Edward Snowden.

What's next? Just like their physical counterparts, cyber arms will continue to become more advanced and pervasive. They are also becoming more "democratized" and accessible to developing countries that we do not normally associate strong military capabilities with. Eventually, cyber weapons will turn out to be more influential than the military in determining world supremacy.

Learn from the industry's most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Register before July 27 and save $700! Click for more info

Nir Gaist is a senior information security expert, ethical hacker, and a gifted individual. He started programming at age 6 and began his studies at the Israeli Technion University at age 10. Nir holds significant cybersecurity experience after serving as a security ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
nirgx
50%
50%
nirgx,
User Rank: Author
7/23/2018 | 9:49:21 PM
Would love to connect !
Would love to connect with the audience during my upcoming live webinar on Wednesday, August 15 @ 11am PST. Here is the registration link - https://www.brighttalk.com/webcast/16267/330296. Topic is "Should More Protection Really Equal More False Positives?"
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/28/2020
The Problem with Artificial Intelligence in Security
Dr. Leila Powell, Lead Security Data Scientist, Panaseer,  5/26/2020
10 iOS Security Tips to Lock Down Your iPhone
Kelly Sheridan, Staff Editor, Dark Reading,  5/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13693
PUBLISHED: 2020-05-29
An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled.
CVE-2020-13173
PUBLISHED: 2020-05-28
Initialization of the pcoip_credential_provider in Teradici PCoIP Standard Agent for Windows and PCoIP Graphics Agent for Windows versions 19.11.1 and earlier creates an insecure named pipe, which allows an attacker to intercept sensitive information or possibly elevate privileges via pre-installing...
CVE-2019-6342
PUBLISHED: 2020-05-28
An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4.
CVE-2020-11082
PUBLISHED: 2020-05-28
In Kaminari before 1.2.1, there is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links. This has been fixed in 1.2.1.
CVE-2020-5357
PUBLISHED: 2020-05-28
Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations contain an Arbitrary File Overwrite vulnerability. The vulnerability is limited to the Dell Dock Firmware Update Utilities during the time window while being executed by an administrator. During this time wi...