Post
Cancel

The invisible war

I wrote this article in 2018 as part of an assignment in English for my studies. Please forgive my mistakes (if there is any).

Introduction

For many years, computers have been an integral part of our lives. So much so that some people even consider that our smartphones are an “extension of our hands”. Living without the Internet has become almost unimaginable for both individuals and businesses. The thing is, nowadays almost everything is connected: computers, printers, cameras, cars … even pacemakers! And the more you depend on IT, the more vulnerable you are to cyber attacks.

On December 23 in 2015, about 230,000 Ukrainians were plunged into darkness following a gigantic power cut due to malicious softwares. Considering all these facts, we can ask ourselves : Does Cyber warfare have the potential to result in more serious consequences for humanity than warfare using conventional weapons?

Cyberweapons

Could viruses eradicate lives in seconds like nuclear-bombs ? Is it already too late ? Robert Mueller, the Former FBI Director once said : There are two types of companies: those that have been hacked, and those that will be..

Indeed, unlike conventional weapons, malwares are not visible, attacks can come from anywhere. For instance, the 2003 Northeast blackout was initiated by a virus in an energy company (FirstEnergy). The employees couldn’t figured out because they had no alarms to warn them. On the other hand, identifying the authors is a really difficult task: is it initiated by one person? an organized group? hacktivists? a country? a criminal organisation? a bunch of script kiddies ? Who knows?

script kiddies: unskilled individuals *(usually teenagers)* who use scripts or programs developed by others to attack computer systems and networks in order to impress their friends or gain credit in computer-enthusiast communities. Source

Besides, the simple fact to plug in a malicious USB key (like a Rubber ducky) is sufficient to infect a computer and by extension the network to which it is connected. The most used cyber attack is phishing : sending e-mails containing malicious links or attachments such as Word and Excel like documents which actually are Trojan horses.

These types of attacks were used to install a malware which is called BlackEnergy into Ukrainian’s power grid computers.

Mouse cursors on employees’ computers interfaces started to move as if on their own, activating menus and pressing buttons in the control software, opening breakers in the distribution substations, one by one.” (Read: hackers take over power grid computer)

The problem is that those systems were designed to prioritize availability over security and not to be facing cyber attacks.

Furthermore, in a cyber warfare killing people is not necessary because you have them at your mercy. Paralyzing critical infrastructure is a sufficient mean of pressure (for instance, threatening them to cut off electricity during the winter could cause them to die of cold…).

On the other hand, the aim of a virus isn't always to destroy a system. It depends on the attackers’ ambition (spying, stealing informations..).

There’re also the fake news thematic.

The complexity of Cyber War

However, the art of hacking and exploitation of vulnerabilities is a very complex and esoteric discipline. The real elegance of an attack is its planning and execution.

In fact, the result of a cyber weapon execution is not as sure as an airplane bomb. If you drop a bomb or a missile, the damage will be certain. In the case of BlackEnergy attack, the Ukrainians managed to restore power in just six hours. For an industrial company, a cyber attack is not the only threat, and maybe not even the worst (hurricanes, terrorists…etc).

As a matter of fact, even if competent people intended to carry out a cyberattack, it would take them months or even years. Any serious hacker will not rely on luck. In order to ensure that their attack will work, they have to spend thousands of hours for data gathering, identifying weak points of the target(s), conducting specific tests with the same devices and so on.

In other words, they need a lot of skills and resources that only a nation-state or a very wealthy organization could have, and even then, it’s hard to guarantee success.

Conclusion

In conclusion, cyber weapons may have the potential to result in very serious consequences for humanity and is already an additional way to attack countries. A power shutdown in a vast country is not as simple as it seems. Nevertheless, cyber attacks are a threat that countries cannot underestimate.

Nowadays, we can consider that malwares are not as dangerous as conventional weapons. The only question is: for how long ?


Resources

Going further…

This post is licensed under CC BY 4.0 by the author.