Cyberwar: How Nations Attack Without Bullets or Bombs
It’s hard to know when and where cyberwarfare occurs, and by whom.
(Bloomberg) -- Russia, along with Iran, China and the U.S., is among the world’s leading practitioners of cyberwarfare -- state-on-state hacking to gain strategic or military advantage by disrupting or destroying data or physical infrastructure. Unlike combat with bullets and bombs, cyberwarfare is waged almost entirely with stealth and subterfuge, so it’s hard to know when and where it’s occurring, or whether full-scale cyberwar is on the horizon. Russia’s warning of “consequences” for countries that interfere with its military invasion of Ukraine has raised alerts for possible cyberattacks.
1. What are the hallmarks of cyberwarfare?
A cyberattack that disables essential services, such as telecommunications or electricity, might raise suspicions that a state or its proxies was behind it. So might the sheer scale of an attack, even if the direct target is private industry. Even disinformation campaigns, such as Russia’s targeting the 2016 U.S. president election, can be thought of as a softer but still damaging type of cyberwarfare. One incident that’s become public and is generally agreed to be an act of cyberwarfare was the so-called Stuxnet attack, which was discovered in 2010 and involved computer code that destroyed as many as 1,000 nuclear centrifuges in Iran. The New York Times reported that this was a joint operation between the U.S. and Israel code-named Olympic Games.
2. What forms can it take?
Infecting a computer system with viruses or worms, disabling it with a flood of messages (a denial of service attack) or stealing data could be considered acts of cyberwarfare, depending on the context and the impact. Ransomware attacks are generally perpetrated by criminal syndicates in pursuit of financial rather than geopolitical goals. But the ransomware attacks on Colonial Pipeline Co., operator of the biggest U.S. gasoline pipeline, and JBS SA, the world’s largest meat producer, in the first half of 2021, were traced to groups based in Russia, which has been accused of offering safe haven to criminal hackers as long as they steer clear of targets based in Russia or its allies.
3. What recent events could have been cyberwarfare?
Russian state-sponsored hackers are suspected of being behind the alteration of software belonging to Texas-based SolarWinds Corp., which was disclosed in December 2020. The hackers used the SolarWinds breach and other methods to infiltrate at least nine agencies of the U.S. federal government and about 100 companies. The U.S., the U.K. and other allies formally blamed China for the hacking of Microsoft Corp.’s Exchange email servers, an attack that exploded over the course of two weeks in late February and early March 2021. The attack exposed tens of thousands of victim email systems, including those of health-care facilities, manufacturers, energy companies and state and local governments.
| Attack | Target | Suspect | Description |
|---|---|---|---|
| Stuxnet (2009-10) | Iran | U.S./Israel | Disabled Natanz uranium-enrichment site by making centrifuges spin uncontrollably and break apart |
| Shamoon (2012) | Saudi Arabia | Iran | Destroyed data at Saudi state oil company, Saudi Aramco; blamed on hacker group Sword of Justice, thought to be sponsored by Iran |
| WannaCry (2017) | Global | North Korea | Ransomware froze thousands of computer systems, including at corporations and the U.K.’s National Health Service, demanding $300 in Bitcoin from each victim |
| NotPetya (2017) | Ukraine | Russia | Shut down Ukraine’s electrical grid; blamed on Sandworm, a group of hackers affiliated with Russia’s military intelligence agency |
| SolarWinds (2020) | U.S. | Russia | Snuck malware onto software used by government agencies and Fortune 500 companies to give hackers a backdoor to spy on their servers |
4. Why all the worry?
Nobody has ever witnessed a true cyberwar, with escalating attacks and counterattacks in the digital realm perhaps accompanied by military combat in the real world. (A 2019 Israeli airstrike on a building in the Gaza Strip may have been the first real-world response to a cyberattack; Israel said Hamas, the Islamist Palestinian group that controls the territory, was using the building as a base for the cyber operation.) Warring nations could shut down each other’s power grids (as Russia did to Ukraine in 2015 and 2016), wipe out data centers, scramble bank records to cause financial panic, interfere with the safe operations of dams and nuclear plants and blind radar and targeting systems of fighter jets. Had the Stuxnet attack failed, the U.S. was ready with a broad cyber battle plan against Iran that would have taken out its power grids, the New York Times reported.
5. Aren’t attacks on civilians supposed to be off-limits?
Real-world military confrontations are guided by rules of war that date back centuries and are meant to reduce civilian suffering. The Tallinn Manual, published in 2013 by a think tank affiliated with the North Atlantic Treaty Organization, was an attempt to apply those rules to cyberwarfare -- defining which targets are off-limits (schools and hospitals, for example) and under what circumstances a country can respond to a hack attack with military force. But the manual carries no official weight.
6. Who are the players?
The Council on Foreign Relations says 34 nations are suspected of sponsoring cyberattacks since 2005, with China, Russia, Iran, and North Korea behind more than three-quarters of them. The U.S. is by far the biggest target of significant cyberattacks -- including those on government agencies, defense contractors or high-tech companies -- followed by the U.K. and India, according to a review of data kept by the Center for Strategic & International Studies.
7. Are actual soldiers involved?
Sometimes. Nations including the U.S. have cyberwarfare units to conduct intelligence-gathering operations and support military missions. A Russian hacking group suspected in the 2020 hack of U.S. government systems, known as Cozy Bear or APT29, is “almost certainly part of the Russian intelligence services,” according to a joint advisory by U.S., British and Canadian security agencies. North Korea’s hacker army, which specializes in cybercrimes that earn money for the ruling regime, is believed to have begun as part of the military. That North Korean army netted the reclusive state almost $400 million through at least seven attacks on cryptocurrency platforms in 2021, according to the blockchain research firm Chainalysis.
8. What kind of defenses are possible?
Early in his term, U.S. President Joe Biden moved to shore up the security of the U.S. power grid, providing incentives for electric companies to overhaul their protections against cyberattacks. The broader White House plan included securing the highly specialized computers also used by municipal water utilities, gas pipeline operators and others. In 2018, under President Donald Trump, the U.S. eased rules on “offensive cyber operations” aimed at “defending the integrity of our electoral process.” The effort reportedly included sending direct messages to individual Russians behind disinformation operations letting them know that they had been identified.
The Reference Shelf
- QuickTake explainers on the SolarWinds hack and the ransomware attacks on JBS and Colonial Pipeline.
- The Cyber Operations Trackermaintained by the Council on Foreign Relations.
- A Wired magazine article on how Russia used Ukraine as a cyberwar “test lab.”
©2022 Bloomberg L.P.