In view of the cyber-warfare dimension to the Russia-Georgia
conflict, and the Chinese cyber-espionage ongoing against the west
since c.2003 ("Titan Rain", and so on), how concerned should we in
the UK be about state-sponsored hacking? Raj Samani, vice-president
of communications at ISSA UK, gives his view.
Chinese and Russian electronic incursions against other nations'
Critical National Infrastructures worldwide have been well
publicised. Such concerns about electronic attacks are not limited
to the UK (see National Risk Register 2008, section 2.111).
An article by the Times of India reported that digital attacks
on Indian systems have been traced back to "Internet Protocol
addresses of servers in China believed to be under indirect control
of the People's Liberation Army". In Germany Chancellor Angela
Merkel's office had a number of computers compromised, and this was
blamed on Chinese "hackers".
The list of complaints goes on
Computer espionage is not under the sole ownership of China and
Russia though. Reports of corporations mysteriously owning
intellectual property of their competitors (Kvaerner vs VAI) have
been raised. Other nations are also accused, including Israel, who
on 6 September 2007 launched an air raid on Syria. The question was
why the defence system cannot detect the non-stealthy F15s and
F16s? It is suggested that an electronic attack like the US Suter
system was launched. This invades communications networks, sees
what enemy sensors see and can take the role of systems
administrator so approaching aircraft cannot be seen.
As well as organisations, and nation states, other groups are
also blamed. The Computer Crime Research Centre claims that
Pakistani hackers and terrorists were targeting Indian
infrastructure. Even the US recognises the need for electronic
attack capability by establishing the Air Force Cyber Command which
will "provide combat-ready forces to conduct sustained combat
operations through the electromagnetic spectrum". Although it is
worth noting its future is now in question.
It is clear that electronic warfare is not only conducted by two
nations. The capability and incentive exists for other countries,
corporations, terrorist groups and individuals (see Solo, Nasa,
Pentagon hacks).
However, what real evidence actually exists? The IP addresses
that appear to come from an IP block owned by a certain country?
Maybe not. Unless proper forensic analysis can be done on the
system, we do not know if it perpetrated the attack or was just
another system in an elaborate chain. There is no way of confirming
if it was state sponsored, a blind eye was turned or nothing was
known.
How concerned should we be? Whether the attack comes from the
other side of the world or an insider does it matter? Capability
for attacks exist with individuals (see Mafia boy) just as it does
entire nations, so the bottom line is expect the worst and protect
your infrastructure for all eventualities.