GLOBAL POLITICS: Lessons to be learnt from the Nato –Serbia conflict
The NATO-Serbia conflict was the first chronicled war to demonstrate cyber warfare in
retaliation to US and UK led aerial bombardment. Retaliation from hackers
sympathetic to the Taleban and Al-Qaeda network is expected to follow a similar
pattern
17 October 2001
Within one week of the air assault, Serbia-sympathetic hackers began attacking US
defence computers and defence related businesses. These hackers originated from
across the Eastern block. In the first week of April 1999, the US Department of
Defense computer systems were hit with up to 100 hack attacks a day. John Hamre,
then US Deputy Secretary of Defence, told a closed hearing of Congress that hackers
had found a new way into the Pentagon’s digital networks. Bill Richardson, then US
Energy Secretary, shut down classified computers at three nuclear weapons
laboratories due to fears over cyber-security lapses.
This followed confirmation from the Department of Defense in the US and the NATO
command in Europe that Serbia sympathetic hackers had attacked their computer
network by flooding the network with empty ping packets and computer viruses,
thereby causing a Denial of Service. The US Government was concerned that civilian
facilities within NATO countries were less well prepared than their military
counterparts to deal with cyber attack.
Over two weeks a stream of virus carrying eMails were received by over 100
businesses, public organisations and academic institutions in a number of NATO
member countries. The contents of the messages were normally highly politicised
attacks on NATO's unfair aggression and defended Serbian rights using poor English
language and propaganda cartoons. The messages to the addressee were usually
incorporated in several viruses contained within an attachment. The messages arrived from a range of Eastern European countries. Typically, 25 different strains of viruses
were detected by using commercial off-the-shelf anti-virus software.
Businesses hit in the NATO-Serbia conflict
USA - Leading daily newspapers in business centres like New York and Chicago;
Internet service and access providers; Inter-media communications companies;
Network communities for human and minority rights; Online businesses
UK - International newspaper publishers with world-wide circulation; Academic
institutes with news media affiliations; Major internet access and service providers;
Online businesses
Europe - Germany (Berlin based newspapers); Italy (Milan based newspapers and the
Electronics Institute); Switzerland (Major university IT department)
Sectors were at risk in the NATO-Serbia conflict
Communications, telecoms, healthcare, power generation, power distribution, financial
services and municipal services were at risk and were advised to check their digital
networks for any evidence suggesting the reception of communications from unknown
sources. Such communications could contain embedded viruses designed to become
active at a preset future date or when stimulated by a particular signal.
Impact of misdirected bombing
Following the misdirected NATO bomb on the Chinese Embassy in Belgrade in May
1999, which killed three Chinese journalists, Far Eastern hackers used cyber attack as
a protest. Computer hackers from China, Hong Kong and Taiwan continued mainly to
attack US Government computer systems and US online businesses. The internet
host computers of the Energy Department, Interior Department and the National Park
Service were cracked. The White House web site also came under attack. It was
defaced and was temporarily inaccessible on several occasions.
Sophisticated espionage software tools - Trojans - were the new weapon deployed in
the cyber war between NATO countries and China sympathetic hackers in May 1999.
Trojans were despatched to Western targets from the Far East and were used as a
very effective way of gathering intelligence without risking the exposure of agents.
Protests against NATO countries were also made via floods of eMails. The US
Government was the victim of concerted eMail assaults on their servers in attempts to
overload them on several occasions between April and May 1999. Administrators
were advised to employ anti-spam measures to impede all eMail from China's '.cn'
domain.
Retaliatory digital attacks that could now be expected
The US and UK can expect electronic attacks from Taleban and Al-Qaeda
sympathetic hackers which could be perpetrated on any combination of targets
including:
1. The critical national infrastructure (defined as emergency services, central
government services, transport, telecommunications, utilities, health care and
financial services)
2. Online businesses that may be directly or indirectly affected by malfunctioning communications, piracy, surrogacy (passing off), denial of service or social engineering (suborning employees)
3. Individual citizens, whose privacy may be overrun by a breach in security of
an online service, or who may be made susceptible through electronic identity theft
10 stages in the development of cyber warfare
Experience from the Serbia-NATO conflict in 1999, relevant to the current response from the US and UK to the 11th September terrorist attack, suggests the following sequence of events:
1. Allied forces launch sustained attack
2. Internet and eMail discussion traffic increases. As discussion boards and chat
rooms get busy, dedicated lists and online communities are activated
3. Malevolent groups on both sides plan retaliatory attacks
4. Security services attempt to track activity and anticipate retaliation
5. Owners of digital networks deploy known solutions (firewalls, anti-virus tool kits
and intrusion detection)
6. Purpose-built digital attack weapons are released by malevolents. During the
Serbia-NATO conflict attacks on NATO member countries could be identified
by the following fingerprints:
o Messages from unknown sender
o Unsolicited attachments with political content
o Poor English language spelling and grammar in propaganda
o Cartoon graphics with an anti-NATO theme
7. Commercial and government digital networks are attacked and communication
disrupted; with possible adverse effect on confidence and/or share price
8. Additional malevolent groups from around the world rally to the cause and
escalate type and sophistication of attacks
9. Attempts are made by victim organisations to deny the attacks and meanwhile
damage limitation PR campaigns are launched
10. Digital networks are repaired or replaced via migration to new technologies
As businesses audit and review their digital network security procedures in the
aftermath of the ongoing US and UK bombardment, they face the issue of dealing with
personnel policy, legal issues and comprehensive insurance cover in addition to reinforcing
their IT systems and implementing a bespoke security architecture.
Report by www.mi2g.com
Delicious
Digg
Reddit
Magnoliacom
Newsvine
Furl
Google
Yahoo
Technorati
Comments
Post new comment