Category Archives: Cyber-warfare

Rise of SaaW?

There are a couple of interesting articles on Stuxnet out recently. This article poses the astonishing possibility that it was a directed attack at the Iranian Bushehr nuclear plant. The arguments given, however, are highly circumstantial.

This article also puts forth the notion that Stuxnet was likely created by some government.

Is this the first instance of SaaW, software as a weapon?


Nico Popp suggests that incidents such as the recent Google hack may lead to governments and large corporations adopting a form of Mutually Assured Destruction cyber defense.

On one hand there is a lot of sense in this, especially for governments. However I suspect retaliation would be more of a economic (or worst case military) nature.

At some level that’s exactly what is going on with the Google case. Google obviously believes that the Chinese government is behind the attack and Google has retaliated by threatening to stop censoring content in China, even at the risk of getting thrown out of the country. Of course now they seem to be backing down and both sides are now looking for a face saving compromise.

But one problem with the MAD theory of cyber-warfare is that you most often don’t have any idea who to retaliate against. At least not with sufficient degree of certainty.

So for now, MAD looks pretty unlikely in the cyber-warfare game.

What’s not being said

I usually find what’s not being said far more interesting than the platitudes that are uttered. According to this article Google and China are negotiating a face saving compromise to allow Google to remain in China. What is being said is that this is about the level of censorship. What is not being said, and what is probably really the truth is that this is really all about the Chinese government hacking Google.

I mean seriously. Google China censored content from day one and now it all of a sudden decided to “do less evil”? As Corporal Nobbs likes to say “pull the other one, it has bells on it”.

No, what changed is that the government has hacked Google and gotten caught doing it, and probably affected some high-level Google execs.

Here is my prediction; the face saving compromise will involve a little easing of the censorship rules, a promise not to hack Google any more, and Google quietly giving some sweetheart deals to some high-level Chinese officials.

The big kill switch

There is a troubling bill being drafted by Sen Rockefeller that would give the US government the power to essentially kill the internet (at least the US corner of it). The bill would give the government the ability to order all private systems deemed “critical” to be disconnected during an “emergency”.

I am simply not confident of the governments ability to properly define “critical” and “emergency”, much less make the proper decision as to whether or not throwing the big kill switch will make matters better or worse. I think the government needs to demonstrate much more core competency in the computer security space before they are entrusted with this kind of power.

Those darn kids

Bruce Schneier dismisses North Korean government involvement in the recent DDOS incident, as well as some others in the past:

It was hyped as the first cyberwar, but after two years there is still no evidence that the Russian government was involved. Though Russian hackers were indisputably the major instigators of the attack, the only individuals positively identified have been young ethnic Russians living inside Estonia, who were angry over the statue incident.

Poke at any of these international incidents, and what you find are kids playing politics. Last Wednesday, South Korea’s National Intelligence Service admitted that it didn’t actually know that North Korea was behind the attacks: “North Korea or North Korean sympathizers in the South” was what it said. Once again, it’ll be kids playing politics.

Oh those darn kids.

I would point out that absence of evidence is not the same as evidence of absence. True, there is no smoking gun linking the Nork military to the recent attacks, but it certainly would not be inconsistent with the recent spate of insane saber rattling by them either.

I also find it curious that Mr. Schneier does not mention the cyber-attacks against the Republic of Georgia that happened in exact timing with the military invasion by the Russians. Boy those darn kids seem to be Johnny-on-the-spot when it comes to backing the actions of dictatorial regimes.

Counter argument on cyber-security

This is an interesting article by Evgeny Morozov that posits a counter argument on cyber-security. The gist is that the cyber-warfare drums are being beaten by those with much to gain by the user investing in cyber-warfare capability.:

The age of cyber-warfare has arrived. That, at any rate, is the message we are now hearing from a broad range of journalists, policy analysts, and government officials. Introducing a comprehensive White House report on cyber-security released at the end of May, President Obama called cyber-security “one of the most serious economic and national security challenges we face as a nation.” His words echo a flurry of gloomy think-tank reports. The Defense Science Board, a federal advisory group, recently warned that “cyber-warfare is here to stay,” and that it will “encompass not only military attacks but also civilian commercial systems.” And “Securing Cyberspace for the 44th President,” prepared by the Center for Strategic and International Studies, suggests that cyber-security is as great a concern as “weapons of mass destruction or global jihad.”

Unfortunately, these reports are usually richer in vivid metaphor—with fears of “digital Pearl Harbors” and “cyber-Katrinas”—than in factual foundation.

While the author makes some good points, there are some disturbing phrases such as this one (emphasis added):

Much of the cyber-security problem, then, seems to be exaggerated: the economy is not about to be brought down, data and networks can be secured, and terrorists do not have the upper hand. But what about genuine cyber-warfare? The cyber-attacks on Estonia in April-May 2007 (triggered by squabbling between Tallinn and Moscow over the relocation of a Soviet-era monument) and the cyber-dimension of the August 2008 war between Russia and Georgia have reignited older debates about how cyber-attacks could be used by and against governments.

I find it interesting that the Russian invasion of Georgia would be described in such terms. It says a lot really.

The article is worth reading and we should be careful not to get carried away by the hype. Skepticism is always warranted. But I feel the complacency suggested by the author is unwise. The time to prepare defenses is when there is not an immediate danger. For when there is one, it may be too late.

The genie is out of the bottle. Cyber-warfare will happen to someone. To not prepare for it is to invite it to happen to us.

The tweet revolution?

If the people if Iran ultimately win their freedom, will this be the tweet revolution? Twitter is apparently playing a critical role in the resistance effort:

The U.S. State Department even reportedly weighed in, with an unnamed official telling Reuters Tuesday that it had asked Twitter not to “shut down its system in Iran.”

Early on Monday, bloggers outside Iran began posting and tweeting links to Web proxy servers that Iranians could use to dodge censorship — and others put up how-to guides for setting up even more proxies.

Many Twitterers were changing their “location” setting to Tehran and their “time” to +0330 GMT in order to confuse Iranian Web censors seeking to squelch in-country postings.

I am fascinated by the tatic of people setting their Twitter profile to mislead the government thugs trying to track down the resistance leaders.