Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

11:55 AM
Connect Directly

Strategic Cyber Warfare Heats Up

It's "anything goes," according to renowned hacker the Grugq, who drew a bright line between cyberwar and cyber warfare at this week's virtual Disclosure Conference.

When tens of millions of Korean pop music sensation BTS superfans descended on the Internet in June in support of Black Lives Matter, some described them as a virtual army. But for renowned hacker the Grugq, the impact of that army was very real. By taking online action to support racial justice at the behest of BTS, their fans were engaging in the kind of cybercraft that analysts often attribute to nation-states, he said.

"People with this level of devotion, who spend $50 on a lightbulb that's the same color as their neighbor's lightbulb and can be controlled by the management of the band, these people are operating in cyberspace. I think that's awesome. But that also means that cyber power belongs to a K-pop band," Grugq said in his opening keynote on the subject of cybercraft and cyber warfare at the virtual Disclosure Conference on Wednesday. 

Related Content:

Stop Saying 'Digital Pearl Harbor'

Collateral Damage: When Cyberwarfare Targets Civilian Data

Special Report: Computing's New Normal, a Dark Reading Perspective

Grugq drew a bright line between cyberwar, which uses Internet-connected computing devices in the service of a traditional war with real-world impact on infrastructure and lives, and cyber warfare, which, as part of cybercraft, has allowed nation-states to engage each other antagonistically without directly killing people. 

"'Cyber' used to mean that it only gave you strategic surprise," which is why cybercraft is so often compared to the Japanese attack on Pearl Harbor, he said. "But now cyber warfare is [the ruleless game] Calvinball. Anything goes."

This rapidly changing environment is a core part of Grugq's definition of cybercraft as "applied cyberpower" – the ability to use the Internet to create advantages and influence events in the real world across the realms of diplomacy, information, military, and the economy. Essentially, the interconnectedness of the components that gird almost every aspect of society also makes it significantly easier and cheaper to exploit them. 

It's not just Grugq expressing concern over the state of cyber power. The rapid evolution of environments that promote the exchange of information, whether or not factual, makes it easier to manipulate those environments — and to affect the thinking of large groups of people, according to RAND in an October 2019 report.

Three key findings of the RAND study support Grugq's analysis. First, national security increasingly relies on institutions that can help mediate the deluge of information available online by better educating people against social manipulation. Second, Big Tech and the private-sector influence billions of people and can wield their cyber power in ways that previously only nation-states have been able to. 

And third, networks will become the domain of conflicts, as state actors develop networks to "avoid attribution and strengthen their virtual societal warfare capabilities against retaliation," the study says.

"It will be much more difficult to understand, maintain an accurate portrait of, and hit back against a shadowy global network," the report's authors wrote.

Another way to put it is to think of how the application of cyber power has led to exploiting "cognitive vulnerabilities," says Herb Lin, computer security policy expert and research fellow at Stanford University's Center for International Security and Cooperation.

"The idea is not to hack the vulnerabilities in the computer but to hack the vulnerabilities inside the brain" by exploiting our biases and expectations, Lin said. Look no further than the fake Russian hack of the Michigan voter registration database from earlier this week, which turned out to not be a hack at all because the information it contained was already publicly available. 

"This is a new environment, and it's one that we don't understand very well," he says.

That lack of ability to get consumers to "slow down and think," as Lin and others have put it, serves two purposes, said Grugq. It exploits the kinds of societal divisions that have been worsening in the United States and elsewhere, and it decreases the morale of the people being exploited — whether or not they know it.

"Battles stop when the people fighting them choose to stop," he said. "That's a much lower bar to reach than destroying the capability to fight or the will of the nation to fight."


Seth is editor-in-chief and founder of The Parallax, an online cybersecurity and privacy news magazine. He has worked in online journalism since 1999, including eight years at CNET News, where he led coverage of security, privacy, and Google. Based in San Francisco, he also ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
9/6/2020 | 1:32:41 PM
Great reporting
Great reporting. I can't usually make it to these kinds of conferences, so I rely on second hand accounts, and you've done a great job. I'm featuring this article in the upcoming OSIRIS Brief as especially noteworthy and useful to decision makers and military strategists. Not only are TheGrugq's insights helpful, as a current practicioner, but your additional research adds context and iinformation I am sure people working in this field will appreciate.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can ...
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one....
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and ...
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices f...
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `outpu...