In the midst of the ongoing protests in Hong Kong, Google announced that it disabled 210 YouTube channels associated with “coordinated influence operations” in…
Growing up in the nineties, television and film made me believe that hackers could do anything. I pictured an emaciated Russian teenager typing on the keyboard of his multiple monitor display, green text scrolling down a black screen. Those scrawny fingers could assume identities or muddle up traffic lights. They were the dark practitioners of mysterious arts. Those were the early days of the web, though, when it was all still a bit wild west. It was before the September that never ended. The internet is supposed to be safe and established these days. Surely internet security experts, with their ever increasing budgets, are on top of all this.
But, as the Internet has gotten larger, deeper and more powerful, so too have its mavericks.
Hacking has never sat so openly in the public eye. Whether their cause be anarcho-policitical, like Anonymous, or more comedic and malicious, like LulzSec, hackers are taking on and embarrassing some of the largest and most powerful entities in the world. While Anonymous claims to defend free speech and whatever cause it’s decided to adopt that week, and Lulzsec targets any and everyone, simply for the “lulz”, neither should be underestimated.
Both have proven that they are more than capable not only of directing brute DDoS attacks, but also of more finessed forms of espionage. Both openly flaunt their victories, both often publicly announce their targets. Both have shown tremendous resistance to any attempts made by authorities to shut them down. At the same time, they have put out a call to come together to combine in full out cyber war against government, corporate and bank secrecy and security across the world. They have called it Antisec. Nevertheless, there are also many rumours flying around about infighting between the two groups.
Despite their capabilities and public profiles, Anonymous and LulzSec are groups of (assumed) private citizens. They are without large scale financial backing and their resources are limited. As cyber superiority becomes more and more important, so governments take ever-increasing notice. For an example of how this kind of modern warfare — when fought between nation states — may look, we need only to think about what happened only a year ago, in what was possibly one of the most dangerous acts of cyber warfare in history.
I am talking about Stuxnet.
Stuxnet was a worm which emerged in June of 2010, a sophisticated self-replicating computer virus designed with intelligence agency precision and military implications. It was first discovered by an obscure information security company from Minsk, called VirusBlokAda, because an Iranian client’s computer would not stop rebooting.
Upon inspection by security experts world-wide, it quickly became clear that Stuxnet was a worm like no other, employing many zero-day exploits and multiple programming languages ( It also became clear that it was written by multiple programmers).
Without delving into the details, Stuxnet initially spread via flash drives, using four different zero-day Microsoft Windows exploits and one of two stolen genuine digital signatures (from Realtek and JMicron) to hide itself.
Following this, it spread inside private networks. Once infected, Stuxnet remained hidden, only coming into play when on a computer that runs the appropriate industrial based Siemens software, and following this, only when that computer was connected to a Programmable Logic Controller (PLC).
PLC’s are the digital computers used for automated electromechanical processes, like turning valves on and off, timing traffic lights, or in this example, spinning uranium centrifuges in nuclear power plants. It installed itself on the PLCs, and was programmed to only affect and modify PLCs that met the specific parameters of those involved in the Iranian uranium enrichment infrastructure.
When the worm’s targets were discovered by cyber security experts, the mailing systems that might warn them were systematically DDoSed. Iran has not fully revealed the extent to which Stuxnet has damaged their nuclear program, but we know that it has made a significant impact.
This was a cyber attack which was specifically intended to hamper Iran’s development of nuclear energy and/or weapons, a far cry from the usual financial or symbolic aims of rogue hackers. The resources required to create such a worm imply a strong motive with governmental power behind it. It even had a few fail-safes included that would prevent it from spreading beyond its intended targets, such as an expiry date set for 2012 and limiting each computer to only infecting three more. Despite these fingerprints of government involvement, there is no way of telling where exactly Stuxnet came from. Certain elements within the programming suggest American involvement, while there are many Hebrew references within the code, suggesting a possible Israeli origin. The origins of Stuxnet, though, are currently bound to rumour and speculation.
Stuxnet is now available online for anyone to inspect, modify and potentially use. Of course, all the zero-days are now closed, and the certificates are no longer genuine, so it’s not quite as dangerous as it sounds.
Some have called Stuxnet the Hiroshima of cyber-warfare, one act that redefines the landscape in such a way that war can never be the same again.
Although this may be a bit of an exaggeration, the meaning is clear; Stuxnet was artificially limited, and was picked up and tackled by the best in the world. It was only ever going to hamper nuclear progress. It was effectively non-lethal. The next, or current, attack of a similar kind could be something far more nefarious. There is no oversight, and only a handful of precedents, for how these attacks can play out. Much as a biological virus can get out of control, so too can a digital virus.
While technology can be used to expose (Wikileaks), protest (Anonymous), organise (social media empowered activism) or ridicule (Lulzsec), perhaps we are forgetting who sits at the forefront of new technological developments.
Where publicly known hacker collectives — depending on your viewpoint — are proving slightly embarrassing or inspirational, government sponsored cyber-warfare can pose a very real threat to targeted nations or groups. Behind the doors of corporate and government superpowers, we simply don’t know what weapons and tools are being developed. On this new battlefield, where nations like the USA and China have already taken steps, we can only wait and see what kind of collateral damage may occur.