In 2010, Iran’s uranium enrichment centrifuges were attacked and rendered useless through a computer virus that became known as Stuxnet. It was the first case in which a hacker attack, coordinated by nations (presumably the US and Israel), hit a large military target in the “real world.” A worldwide race to create or acquire cyber weapons was then just taking shape.
Fast forward to last week (11 years later), Ukraine was hit by a massive cyber-attack that targeted government websites. Posted to websites for the country’s Ministry of Foreign Affairs, Cabinet of Ministers and Security, and Defense Council, was a message written in Ukrainian, Russian and Polish that read, “Ukrainian! All your personal data was uploaded to the public network. All data on the computer is destroyed, it is impossible to restore it. All information about you has become public, be afraid and expect the worst. This is for your past, present and future.” This cyber-attack was in the middle of a huge physical military build-up by Russia on the Ukraine eastern border. Was this cyber-attack in conjunction with a military invasion? Time will tell.
Microsoft Security team said late on 15 January that dozens of computer systems at an unspecified number of Ukrainian government agencies have been infected with destructive malware disguised as ransomware. This disclosure suggests the potential that the attention-grabbing defacement attack on official websites was a diversion. The full extent of the damage remains unclear, as does the exact identity of the attackers. While Russian state-sponsored hackers have been suspected to be behind the attacks, subsequent findings point to a group linked to Belarus intelligence. Belarus and Russia are close allies. The incident has increased tensions within the region and globally as other countries come to the defense of Ukraine.
The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) shortly thereafter released a cybersecurity advisory providing an overview of Russian state-sponsored cyber operations, including commonly observed tactics, techniques, and procedures (TTPs).
The previous US Secretary of Defense (DoD) warned back in 2010 on the dangers of a possible large-scale digital attack against the US with the possibility of causing death and destruction in the real world. The threat was called at the time “Cyber Pearl Harbor.” DoD cautioned if that cyber-attack happened, the US would retaliate not only digitally, but with any kind of weapons, it deemed necessary, including nuclear missiles.
This “Cyber Pearl Harbor,” i.e. a war between nations initiated by a cyber-attack of great proportions, obviously has not occurred. What was then theorized on a global scale has been reevaluated as tactics of constant cyber-attacks and at varying levels.
The biggest powers in these confrontations are today the US, China, Russia, Iran, and Israel. According to a researcher at the Department of War Studies at King’s College, London, these countries produce offensive cyber capabilities and are able to apply them on a global scale. They have been directly operating or sponsoring puppet groups private (in an attempt to camouflage the origin of the actions). Malicious groups carry out operations such as theft of technological secrets, espionage, sabotage of critical infrastructure, and dissemination of false information.
An example of this was the theft of American industrial secrets by Chinese hackers supposedly between and 2013. According to a survey by Foreign Affairs magazine, this generated annual losses between US$ 80 billion and US$ 200 billion to the US and enabled China to move forward with its industrial program “Made in China 2025.” Another example occurred between 2014 and 2015 when Russia reportedly used hackers to destabilize the Ukraine election and bring down the country’s electricity grid, leaving more than 80 thousand people without power.
Studies find that race is motivated by geopolitical disputes. Cybernetic conflicts do not arise from the virtual universe itself. They are based on geopolitical disputes that already occur in the “real world.” Thus, as they see their rivals exploring cyber capabilities, more and more countries outside the circle of traditional powers begin to buy or develop their own resources. This movement has been generating, since the middle of 2015, a global race for cyber weapons. Countries such as Vietnam, Turkey, UAE, France, South Korea, India, and Pakistan started by buying technology from private companies and are now developing their own cyber resources. These ‘resources’ are often intended for regional disputes, according to King’s College.
Since there is a ‘new’ battlefield, the question is posed; “What are cyber weapons?” In military terms, the ‘weapons’ are called “artifacts.” It is all about computer programming codes that infect the systems of opposing nations. They are used to steal information, destabilize communications, destroy or disable equipment, bring down electrical networks, among other military objectives. As a comparison, conventional warfare has similar objectives as physical weapons serve as support to extract information from the enemy, disable weapons and systems of communication and destabilize chains of command and control. In other words, they are computer “viruses” that operate with different degrees of complexity. These are malware (malicious software), exploits (pieces of software that take advantage of a design defect in other software), and techniques such as denial of service (when a website goes down due to excessive, purposeful simultaneous access).
Nations can use anything from simple malware and techniques known and used by common cybercriminals, to advanced cyber weapons. Some of these “artifacts” are extremely complex and expensive. They allow hacking into computers and cell phones without users clicking on a suspicious link or opening a file, they are called “zero clicks.” They are also hardly traceable and have a whole structure of equipment and personnel to function.
The low risk of enemy retaliation encourages these malicious cyber-actions. “You have margin maneuverability, which the cybernetic dimension provides. You cause damage to your opponent, you have an advantage for yourself – you steal technology and develop a state-of-the-art fighter, for example – and the cost of this, from a geopolitical, diplomatic or even economic sanction point of view, is low”, said King’s College. The most effective US response scenarios to cyber-attacks to date has not involved planes, armored vehicles, ground troops, or much less have taken the form of a nuclear attack.
In 2014, Sony Pictures decided to make a film satirizing North Korea’s leader Kim Jong-un. Hackers from Pyongyang hacked into the company’s servers and publicized a series of compromising e-mails from the movie industry. Afterward, they threatened to make more “terrorist” attacks. We don’t believe there has been another derogatory film since; so it worked. But back then, former US President Obama publicly blamed Kim Jong-un and lifted the first economic sanctions in history in response to a cyber conflict against North Korea. North Korea’s actions ceased soon after. The following year, the US managed to reduce the theft of American technology by Chinese operators by confronting President Xi Jinping in a diplomatic meeting. Thus, the cyber arms race appears to differ in at least one aspect from the conventional or nuclear arms race: that of deterrence. In general, a country tries to improve its conventional military capability when it sees the nation's neighbor arming herself. The idea is to avoid being attacked. But that does not necessarily happen in cyber conflict. The US has a very high capacity for cyber conflict and yet remains the target of numerous attacks. In other words, the cyber conflict between nations is more similar to the dynamics of crime and espionage than to the dynamics of war. That’s because, like crime, cyber-attacks cannot be eradicated, but kept at acceptable levels.
Last year, an alleged Russian hacker group, linked to the Russian government, attacked a US energy pipeline (Colonial Pipeline). This caused panic among consumers and fuel shortages at stations. The current US president reportedly told the Russian president that attacks on critical US infrastructure were beyond the limits tolerated by his administration and citizens. Subtly, he threatened to take the same kind of cyber conflict measures against Russia as it did with North Korea. Russia claims it does not allow hacking actions. Russia publicly denies involvement and point to independent criminal groups. However, these criminals are hardly ever arrested, which leads international analysts to speak of collusion or even partnership (though recently the REvil group was allegedly arrested by Russian authorities).
Although other smaller attacks on the US have been carried out later by Russian groups, it is still not possible to know exactly what the long-term effect of the Biden threat will be.
Destabilization of political systems
The targets of cyber weapons are not just industrial secrets, critical infrastructure, and command and control systems. One of the most important aspects of conflict in cyberspace is misinformation.
Yes, we are dealing with “fake news” on social networks – when they are broadcast by governments (directly or through private companies or
A recent example is a strong investment in social media advertising by China to publicize the idea that the origin of the Covid pandemic- would be the United States and not Wuhan.
According to an October report 2021 in the Independent newspaper, Beijing has been claiming on social networks and media linked to the country that the virus had arrived in China in a shipment of lobsters from the country. The United States.
However, the most concrete examples of disinformation campaigns were Russia’s alleged attempts to influence the outcome and discredit the US electoral process. First by hacking the Democratic National Party (DNC) in 2016 and using social media to spread information favorable to Donald Trump. Then, trying to discredit the election of Donald Trump in 2016, according to a US investigation. US intelligence has also accused Iran of having launched a secret campaign of disinformation to try and avoid the election of Trump in the last electoral cycle, due to his policy of total pressure against Tehran.
“Bots” are often used in these current attacks and are automated accounts on social networks or through teams of “human” experts who control several profiles at the same time; or even by a mixture of these two resources. These bots then try to provide visibility to a specific narrative which denounces the content of political rivals en masse. The bots are excluded by the algorithms of social networks. One of the most sophisticated of these teams is the IRA (an acronym for Internet Research Agency) , which became popularly known as the “St. Petersburg Troll Factory,” supposedly linked to the government Russian. It allegedly has about 80 operators and a monthly budget of $1.2 million. According to western analysts, in addition to meddling in the US election campaign, the Troll Factory would have carried out disinformation actions in the Brexit process (Britain’s exit from the European Union in 2020, approved in a referendum in 2015), in a referendum in the Netherlands in 2015 and in the German elections of 2015. It was even the target of offensive cyber actions by the US.
According to the report by 2016 of the Program for Democracy and Technology at UK’s University of Oxford, the number of countries where companies similar to Fábrica de Trolls operate in disinformation campaigns rose from 9 in 2016 to 19 in 2020, which included Brazil. Oxford makes no distinction, however, whether the actions in these countries came from national groups or from other nations.
Using Brazil as an example, it has defense systems against cyber-attacks subordinated to the Institutional Security Office, the Ministry of Defense and the Armed Forces. The idea is to protect the foremost Brazilian critical infrastructure, and the next strategic military equipment and command and control structures. Brazil is not typically involved in geopolitical conflicts, which reduces the possibility of cyber-attacks by foreign nations. However, according to cyber and military analysts, nations very close to Brazil already have offensive capabilities for cyber conflicts, such as Colombia, Venezuela, Chile, and Mexico. In most cases, the ‘artifacts’ are used in the fight against organized crime, but, in theory, it is not possible to guarantee that they will not be used in other contexts in the future. Brazilian public security forces already made contact with companies supplying artifacts and infrastructure for cyber offensive actions. But there is no public information that the technology has been acquired. Judiciary authorities are currently investigating the origin and legality of alleged disinformation campaigns in Brazil. But in general, the cyber threats that most concern citizens and businesses come from common crimes, such as ransomware (blocking computer networks for extortion) and phishing (hacking computers for data theft).
Whether you describe Latin America, Europe, Asia or Africa – the new battlefield has become the Internet. This battlefield is as serious as a land, sea or air battlefield.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or firstname.lastname@example.org
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.wapacklabs.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings