CYBER WARFARE describes conflict across networks and computer systems, usually between countries with opposing political or financial positions. Regardless of what motivates the conflict, the Internet is typically its battlespace, or theater of operations. The targets are often large data centers that are strategically placed, and the goal is to either attack or defend classified information of political, economic or military significance.
Unsurprisingly, malicious software plays an important role in such campaigns, with many programs developed expressly for capturing, altering or destroying data. But the origin of these tools, as well as their adaptability, stealthiness and overall performance, separate them from malware in the common wild, which can often be remedied with commercially packaged solutions. “Military-grade malware,” as it is often called, is resistant to traditional antivirus (AV) software. It’s proficiency in avoiding detection is unmatched, and cyber espionage is made possible with many of its elements.
The following are documented examples of malware used specifically in cases of cyber warfare:
Discovered by security researchers in March 2010, this malicious software program is now classified as a computer worm because of its ability to replicate using USB drives and other removable media. In its early days, however, Stuxnet’s primary target appeared to be Iran, compromising nearly 60% of its computers. It would later target the programmable logic controllers (PLCs) of large processing plants. Stuxnet would go on to destroy nearly 20% of the centrifuges in Iran’s nuclear plant before its eventual detection and removal. The product of a collaboration between the United States and Israeli governments, it wound up spurring out of control and prompting a series of retaliatory attacks from the Iranian government.
Widely considered one of the most robust cyber espionage suites to ever hit the Internet, this package was known for lifting a user’s credentials, file system data and browsing history. Perhaps a tool made for secret agents, it is also the quintessential weapon for cyber warfare given its discretion at tracking diplomats and research personnel across the globe. Red October captured the identities and locations of important figures for nearly five (5) years before it was finally discovered and neutralized. Sixty (60) domains were subsequently taken down, and both the executable files and server registration data suggested the minds behind Red October may have been from Russian origins.
Unlike the aforementioned programs, Shamoon was a boisterous threat often described as being “cocked and pointed” at Saudi Arabia’s energy sector. Its primary function was transporting data back to the intelligencer, and afterward, erasing the hard disk it had come in contact with. Shamoon particularly targeted the boot files of the Windows operating system, ultimately preventing the hard disks of those devices from booting again. Its exorbitant use and recovery costs would eventually dub it the “biggest hack in history,” justified by the claim of freedom. The oppressive rule of the Al-Saud regime is said to have fueled this cyber attack.
Who Controls Cyber Warfare?
While many cyber attacks are often claimed by particular groups (especially when a ransom is involved), few of the larger scale occurrences have yet be affirmed or publicly ousted as state efforts. But there is a commonly held belief that world powers have access to resources beyond compare. It can be argued, therefore, that cyber warfare, like its traditional and physical counterparts, is at the sole discretion of those who legislate or govern. Whether striking, defending or preparing for attack, reliable data is key, and classified information is even better.