Losing Our Freedom, Bit by Bit:
The Unseen Warby Steve Elwart, IDB Folio Specialist
The Cyber wars have begun. Just like spiritual warfare, you can’t see it, but one day, sooner or later, you will feel it.
—Kurt (anonymous computer blogger)
In many ways, cyber warfare is an unseen war. There are two reasons for this. Most of the technology in cyber warfare is not understood except by a few computer experts. Also, this war is not well covered by the media, because there are no visuals. (You can only take so many pictures of computer screens.)
Cyber warfare is called the “Fifth Battle Space,” with Land, Sea, Air, and Space being the other four. It is the major battle space of the future. When you’re in a war, the primarily obligation is to stop the next attack and the “long pole” in the tent for stopping the next attack is information. Cyber warfare is all about information.
Cyber warfare differs from conventional warfare in several ways. First, the warfare is asymmetric. This means that the attackers and defenders are not equally matched. The attackers are usually a much smaller group that will launch its attacks against a numerically superior target. The target, being a home, business, or nation-state also has to spend much more money to fend off the attack than it costs to develop the cyber attack.
The average computer virus (a type of computer programming also called “malware”) contains 175 lines of code. However, it takes on average 5 to 10 million lines of code to detect and stop that same virus.
It is also difficult to determine who launched an attack. If the attacker knows you can’t find out who launched the attack, it is hard to deter them through intimidation. (This is different from a nuclear war where every missile comes with a re-turn address.)
Cyber warfare also is offense dominant. The Internet was developed with openness in mind. Security did not enter into the equation. Because of this, the defender in a cyber attack will always be playing “catch-up” to the attacker. The attack can come from many directions. It can have devastating effects on a person, a business, or an entire country.
The Effects of Cyber Warfare
The effects of a cyber attack on a nation’s infrastructure can be devastating. ATMs could not dispense money; you couldn’t use your credit card to purchase food, pay bills, or buy fuel for your car. You try to send a message to your family or work-place but you can’t get through because “the computers are down.” A government would not be able to communicate with its citizens or its military. This actually happened in Estonia as a result of a cyber attack by Russia.
A cyber attack could have more dire consequences than the attacks on the World Trade Centers and Pentagon on September 11, 2001. The New York Branch of the Bank of America processes $3 trillion of transactions per day. The GDP of the United States is $14 trillion for an entire year. What would happen if one day’s transactions of this single bank were to dis-appear? You wouldn’t know the how much money you had, what bills were paid or who owned what.
WikiLeaks: Perhaps the best-known incident of information theft has been the WikiLeaks’ release of over 200,000 diplomatic cables. This incident has raised several questions. How could a Private First Class gain access to the classified server network in the first place? Why weren’t security locks placed on the access points to the servers? Where were the safeguards preventing someone from downloading that much data at one time? While much attention is being given Julian Assange, the creator of WikiLeaks, PFC Bradley Manning, the person who stole the records in the first place, is being kept incommunicado in the Brig at the Marine Corps Base in Quantico, Virginia.
Malware implicated in the 2008 fatal plane crash in Spain: Investigators looking into the crash of Spanair Flight 5022 at Madrid International Airport that killed 154 found that the central computer system used to monitor technical problems in the aircraft was infected with malware (a trojan). This computer should have alerted the crew by an audible alarm that the flaps and slats were retracted—not the proper position for takeoff.1
The Stuxnet Virus: The Stuxnet virus has infiltrated Iran’s Bushehr reactor in a directed attack on that facility. Stuxnet amazed—and stunned—computer security experts in its design. It was too large and complex to be easily under-stood. The virus acted like it was taking control of a computer system without the user doing anything except inserting an infected memory stick into the computer. An Internet link was not required. It was the first instance of a virus attacking not only a specific piece of computer hardware, but also a specific computer model—the make and model that was used in the reactor.
The Combatants in the War
Script Kiddies: This is a derogatory term used to describe people of limited computer knowledge that use programs down-loaded from the Internet, called scripts, to attack computer systems and networks.2 Most script kiddies are young and are downloading these scripts “for fun.” The consequences of their actions are limited and they usually end up doing more damage to their own computers than someone else’s.
Organized Crime: People in organized crime are primarily in pursuit of profit and can be understood in terms of a continuation of business by criminal means. The Internet and the growth of electronic commerce offer enormous opportunities to increase illicit profits.
Usually, organized crime figures recruit hackers through money or intimidate the hackers to work for them. Cyber crime alone accounts for nearly $70 million stolen each year. Both the U.S. and Australia are currently pushing to build out their respective cyber workforces. The Australian Department of Defense has also opened a new cybersecurity center in Canberra and the U.S. Congress recently confirmed Lt. Gen. Keith Alexander as the head of U.S. Cyber Command, which will be responsible for all Department of Defense networks.3
Terrorists: According to Dale Watson, the FBI’s Executive Assistant Director for Counterterrorism & Counterintelligence, terrorist groups are increasingly using new information technology and the Internet to formulate plans, raise funds, spread propaganda, and engage in secure communications. Cyber terrorism—meaning the use of cyber tools to shut down critical national infrastructures (such as energy, transportation, or government operations) for the purpose of coercing or intimidating a government or civilian population—is clearly an emerging threat.4
Osama bin Laden showed the importance of the Internet to him when he created a hacker school in his training camp in Yemen. Al Qaeda has also instituted a cyber school in Pakistan to study factory automation systems called SCADA (Supervisory Control and Data Acquisition) systems that control water distribution networks, dams, gas and oil pipelines and nuclear power plants. Seized Al Qaeda laptops had evidence of the terror group probing of websites dealing with the programming and control of SCADA systems within electrical and power company systems.
China: A classified FBI report indicated that the People’s Republic of China has almost 200,000 people that “poses the largest single threat to the United States for cyber terrorism and has the potential to destroy vital infrastructure, interrupt banking and commerce, and compromise sensitive military and defense databases.” During the 2008 United States Presidential Campaign, the Chinese hacked the servers of the Obama and McCain campaigns and downloaded hundreds of thou-sands of pages of information, information that would give in-sight into the mind of the next President of the United States.5
Russia: Russian neighbors Estonia, Georgia, Lithuania and Kyrgyzstan all have suffered cyber attacks from Russia. All four of these attacks occurred in conjunction with physical incursions. This is becoming a more common attack scenario—a cyber attack conducted in conjunction with a physical attack. There have been numerous attacks attributed to Russia on the computer networks at the Pentagon, NASA, university research centers, and defense contractors. Thousands of pages of data were stolen from these entities.6
United States: While the United States constantly complains about attacks from China and Russia on their assets, the U.S. is actually responsible for the largest number of attempted attacks in cyberspace.7 In Kosovo, the United States hacked into the Serbian air defense system and distorted images to deceive the Serbian air traffic controllers. Since as early as 2005, the United States has used cyber attacks to jam Taliban and Iraqi insurgents’ communications devices. In 2007, former President George W. Bush’s administration ordered a cyber attack on cell phones, computers, and other communication devices that terrorists were using to plan and carry out roadside bombs. This attack was coordinated with the surge of military troops.8
Israel: In the nation-state group, Israel at least deserves an honorable mention. Recent facts have surfaced that indicate that Israel was responsible for launching the Stuxnet attack on Iran’s Bushehr nuclear plant. In fact, Israel has a very sophisticated information technology program and is capable of doing substantial damage to a nation’s infrastructure. “Using computer networks for espionage is as important to warfare today as the advent of air support was to warfare in the 20th century,” says Maj. Gen. Amos Yadlin, chief of Israeli military intelligence.9
What Is the Fallout from Cyber Warfare?
There is a danger that one casualty in the war against cyber terrorism is the loss of personal freedoms. The same tools a government uses to combat cyber attacks could be used against their own citizens.
As Thomas Jefferson said, “The natural progress of things is for liberty to yield and government to gain ground.” Government has this habit of slowly limiting our rights to the point that the world we live in would not be recognized by our parents.
The purpose of this article is to enlist you as one of the “watchers on the wall.” To be aware of what is going on. Many of us are dwelling carelessly where we live and need to be more aware of what is going on around us. We also need to hold our leaders accountable for their actions and how they protect our freedoms.
How important is the character and quality of a nation’s leaders? It is extremely important, according to Isaiah. At the time when Isaiah 3 was given, the nation probably was prospering under the wise, godly leadership of King Uzziah (c. 792-740 B.C.) or his successor, King Jotham (c. 750-735 B.C.). How-ever, Isaiah foresaw a time when God would remove the better leaders (Isa 3:1-3), leaving behind mere “babes” who would have no experience in running the institutions of society and no respect for the wisdom of the past. As a result, these “children” would become selfish oppressors (Isa 3:4-5) who would run roughshod over the needs of the poor (Isa 3:14-15).
The lesson is that a leadership vacuum leads to public crisis. That being the case, we as God’s people today do well to prevent that kind of vacuum from forming by praying for our leaders as they exercise their authority, and by raising up and training our children to be outstanding leaders for the coming generation.
This article was excerpted from a presentation given at the 2010 Strategic Perspectives Conference held in Coeur d’Alene, ID. Email firstname.lastname@example.org for more information.
2. Lemos, Robert. “Script kiddies: The Net’s cybergangs.: ZDnet. Retrieved 4/24/07.
3. Australian Cyber Crime Nets $70 Million Annually; http://www.thenewnewinternet.com/2010/05/17/australian-cyber-crime-nets-70-million-annually/.
4. Testimony of Dale L. Watson, Executive Assistant Director, Counterterror-ism/Counterintelligence Division, FBI Before the Senate Select Committee on Intelligence.
5. Woodward, Bob, Obama’s Wars, Simon & Schuster, New York NY, 2010.
6. Senate Committee on Governmental Affairs, James Adams, Cyber Attack: Is the Government Safe? 106th Congress, 2nd session, March 2, 2000..