Indian Defence Review

Cyber warfare refers to politically motivated hacking to conduct sabotage and espionage. It is a form of information warfare sometimes seen as analogous to conventional warfare although this analogy is controversial for both its accuracy and its political motivation1.

U.S. Government security expert Richard A. Clarke, in his book Cyber War (May 2010), defines “cyberwarfare” as “actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption.” The Economist describes cyberspace as “the fifth domain of warfare,” and William J. Lynn, U.S. Deputy Secretary of Defence, states that “as a doctrinal matter, the Pentagon has formally recognized cyberspace as a new domain in warfare . . . [which] has become just as critical to military operations as land, sea, air, and space.”2

In 2009, President Barack Obama declared America’s digital infrastructure to be a “strategic national asset,” and in May 2010 the Pentagon set up its new U.S. Cyber Command (USCYBERCOM), headed by General Keith B. Alexander, director of the National Security Agency (NSA), to defend American military networks and attack other countries’ systems. The EU has set up European Network and Information Security Agency (ENISA), which is headed by Prof. Udo Helmbrecht, and there are now further plans to significantly expand ENISA’s capabilities. The United Kingdom has also set up a cyber-security and “operations centre” based in Government Communications Headquarters (GCHQ), the British equivalent of the NSA.

In the U.S. however, Cyber Command is only set up to protect the military, whereas the government and corporate infrastructures are primarily the responsibility respectively of the Department of Homeland Security and private companies.

In February 2010, top American lawmakers warned that the “threat of a crippling attack on telecommunications and computer networks was sharply on the rise.” According to The Lipman Report, numerous key sectors of the U.S. economy along with that of other nations, are currently at risk, including cyber threats to public and private facilities, banking and finance, transportation, manufacturing, medical, education and government, all of which are now dependent on computers for daily operations.3

The Economist writes that China has plans of “winning informationised wars by the mid-21st century”. They note that other countries are likewise organizing for cyberwar, among them Russia, Israel and North Korea. Iran boasts of having the world’s second-largest cyber-army. James Gosler, a government cybersecurity specialist, worries that the U.S. has a severe shortage of computer security specialists, estimating that there are only about 1,000 qualified people in the country today, but needs a force of 20,000 to 30,000 skilled experts. At the July 2010 Black Hat computer security conference, Michael Hayden, former deputy director of national intelligence, challenged thousands of attendees to help devise ways to “reshape the Internet’s security architecture”, explaining, “You guys made the cyberworld look like the north German plain.”4

An undeclared war in cyberspace is now being fought between two broad groups, reminiscent of the cold war years. On the one side are the perceived victims, who are mostly Western nations. South Korea, Israel, Saudi Arabia and India are also fellow-victims because of their close relations with the West, especially the U.S. arrayed against them are Russia, China, and North Korea.

Iran is a recent entrant to the club, and is said to be slowly acquiring the prowess to cause damage to Israeli networks. Its might was revealed in an attack last year against what is described as the world’s largest oil producer Saudi Aramco, when data on 30,000 computers was erased and substituted with the image of a burning American flag.5

Reports of hacking of several Israeli government websites fit in with the analysis that the country’s sworn enemies will continue to target its installations, both on land and in cyberspace. Pakistan is one of the lesser members of this infamous club. Its main objective is to annoy India. Because of its limited knowledge and resources its impact in this game has been minimal.

Chinese hand in every cyber transgression

Dominant in the global cyber conflict scenario is the overwhelming suspicion against China. The latter has vehemently denied any involvement in episodes in which investigation by experts in cyber security had traced back sources of attack to Internet Protocol (IP) addresses belonging to some Chinese cities, especially Shanghai.6

The White House, paranoid about the Chinese hand in every cyber transgression, has gone to the extent of providing a list of suspect addresses in that country to Internet Service Providers (ISPs) in the U.S. Some information culled out from intensive research has actually pointed fingers at the People’s Liberation Army (PLA). Information is so specific that a Unit 61398 of the PLA located in Shanghai’s Pudong district is mentioned as the culprit.7

Canadian researchers mentioned a Chinese network, GhostNet, a few years ago as having been behind the compromise of some Indian networks. The Pakistani hand in the defacement of some Indian official websites from time to time has been rightly dismissed as an amateurish attempt to cause discomfiture to us. Nevertheless, we need to keep a close watch.8

Significant is the fact that it is not government machinery alone that is the target. Private commercial establishments, especially leading banks, have suffered great dislocation and loss of reputation in the past few years. Last month there was a calculated offensive against the American Express computer network that lasted two hours, during which access to its lawful customers was denied. Known as the Denial of Service (DoS) attacks this has become the most favourite weapon to disrupt commercial routine on any busy day.9

Cyber counterintelligence

Cyber counter-intelligence are measures to identify, penetrate, or neutralize foreign operations that use cyber means as the primary tradecraft methodology, as well as foreign intelligence service collection efforts that use traditional methods to gauge cyber capabilities and intentions.10

On 7 April 2009, The Pentagon announced they spent more than $100 million in the last six months responding to and repairing damage from cyber attacks and other computer network problems.

On 1 April 2009, U.S. lawmakers pushed for the appointment of a White House cyber security “czar” to dramatically escalate U.S. defenses against cyber attacks, crafting proposals that would empower the government to set and enforce security standards for private industry for the first time.

On 9 February 2009, the White House announced that it will conduct a review of the nation’s cyber security to ensure that the Federal government of the United States cyber security initiatives are appropriately integrated, resourced and coordinated with the United States Congress and the private sector.

In the wake of the cyberwar of 2007 waged against Estonia, NATO established the Cooperative Cyber Defence Centre of Excellence (CCD CoE) in Tallinn, Estonia, in order to enhance the organization’s cyber defence capability. The centre was formally established on 14 May 2008, and it received full accreditation by NATO and attained the status of International Military Organization on 28 October 2008. Since Estonia has led international efforts to fight cybercrime, the United States Federal Bureau of Investigation says it will permanently base a computer crime expert in Estonia in 2009 to help fight international threats against computer systems.

One of the hardest issues in cyber counterintelligence is the problem of “Attribution”. Unlike conventional warfare, figuring out who is behind an attack can be very difficult. However former Defence Secretary Leon Panetta had claimed that the United States has the capability to trace attacks back to their sources and hold the attackers “accountable.”

Incidents of Cyber Hacking

On 21 November 2011, it was widely reported in the U.S. media that a hacker had destroyed a water pump at the Curran-Gardner Township Public Water District in Illinois. However, it later turned out that this information was not only false, but had been inappropriately leaked from the Illinois Statewide Terrorism and Intelligence Centre.11

On 6 October 2011, it was announced that Creech AFB’s drone and Predator fleet’s command and control data stream has been keylogged, resisting all attempts to reverse the exploit, for the past two weeks. The Air Force issued a statement that the virus had “posed no threat to our operational mission”.12

In July 2011, the South Korean company SK Communications was hacked, resulting in the theft of the personal details (including names, phone numbers, home and email addresses and resident registration numbers) of up to 35 million people. A trojaned software update was used to gain access to the SK Communications network. Links exist between this hack and other malicious activity and it is believed to be part of a broader, concerted hacking effort.13

Operation Shady RAT is an ongoing series of cyber attacks starting mid-2006, reported by Internet security company McAfee in August 2011. The attacks have hit at least 72 organizations including governments and defence contractors.14

On 4 December 2010, a group calling itself the Pakistan Cyber Army hacked the website of India’s top investigating agency, the Central Bureau of Investigation (CBI). The National Informatics Centre (NIC) has begun an inquiry.

On 26 November 2010, a group calling itself the Indian Cyber Army hacked the websites belonging to the Pakistan Army and the others belong to different ministries, including the Ministry of Foreign Affairs, Ministry of Education, Ministry of Finance, Pakistan Computer Bureau, Council of Islamic Ideology, etc. The attack was done as a revenge for the Mumbai terrorist attacks.15