Phil Taylor

Phil Taylor is a Weekend Herald and New Zealand Herald senior staff writer.

Battlefield of the future

A secret war is being waged that is changing the nature of conflict. The internet is the new combat zone, where nation strikes against nation, spy against spy and corporation raids corporation.

Late last year Australia and the United States declared the cyber realm to be part of their military alliance. The declaration reflects the seriousness with which both countries view the computer-based threat.

It is recognition, the United States Defence Secretary, Leon Panetta said, "of what I have been saying time and time again, that cyber is the battlefield of the future".

ASIO director-general David Irvine had earlier given a similar warning: "The whole concept of cyber attacks as an act of war [was] a serious threat not being seriously considered."

Expect New Zealand's allies to be waging cyber war as well as defending against attacks.

"We're all going to have to work very hard not only to defend against cyber attacks but to be aggressive with regards to cyber attacks as well," said Panetta, "and the best way to accomplish that is not only on our own but by working with our partners."

Which raises questions about the role of New Zealand, an inactive member of the ANZUS alliance since 1985 but an important link in the Echelon spying system the country operates along with the United States, Canada, Britain and Australia.

The ANZUS treaty states that an armed attack in the Pacific on any of the countries would require each nation to respond "to meet the common danger", while the US military has warned that a cyber attack could result in a real world military attack.

To date, known cyber attacks on sensitive US networks have involved data theft, such as 24,000 files from a US defence contractor in July.

The development of the cyber realm and its use in espionage and conflict has prompted a reconsideration of what constitutes an act of war and debate about whether, or how often, that line might have been crossed.

Weeks before Russian bombs began falling on Georgia in 2008, a co-ordinated barrage of millions of requests (known as distributed denial of service, or DDOS, attacks) overloaded and effectively shut down Georgian servers. It was the first time a known cyber attack had coincided with a shooting war.

The US has acknowledged considering using cyber attacks in the raid that killed Osama bin Laden in Pakistan and the American-led strikes against Libya.

The attacks would have aimed to break through the firewalls of those governments' computer networks to sever military communications links and prevent the early-warning radars from gathering information and relaying it to missile batteries.

The proposals were rejected before they reached senior political levels of the White House but, according to an unnamed senior Defence Department official quoted by the New York Times, they were "seriously considered because they could cripple Libya's air defence and lower the risk to pilots".

Officials baulked, fearing that such a transparent intervention might set a precedent, in particular for Russia or China, to follow.

But the heavyweight of such nefarious warfare is the 2010 Stuxnet computer worm, which reportedly wiped out part of Iran's nuclear centrifuges and set back its ability to produce nuclear fuel. Though no entity has acknowledged being the source, some evidence suggests it was an American-Israeli project.

The drone-like virus was a game-changer. Radically different and far more sophisticated than software security experts had seen, it spread panic that it might be capable of bringing industrial society to a halt.

Stuxnet the name an anagram of letters found in its code was 20 times the size of the previous champ of malicious software, the Conficter worm. For the first time it came not with a forged digital signature but with a real one stolen from Realtek, one of the most trusted names in the business. When this was shut down, the virus reappeared with another real signature from another trusted company.

Digital signatures are like passports for software, proof of identity at the border between one machine and another. This virus, wrote Michael Joseph Gross in Vanity Fair, "might as well have been carrying a cop's badge".

With its stolen seal of authenticity, the self-replicating virus foraged through thousands of computers around the world.

It was searching for grey plastic boxes the size of a pack of crayons, called programmable logic controllers (PLC), tiny computers most people have never heard of but which lie at the heart of modern life.

PLCs regulate machinery in factories and power plants, open and shut valves in water pipes, change traffic lights from red to green, dollop out the cream in cookies and speed and slow the spinning of uranium centrifuges.

It was initially feared it may be a generalised attack on all controllers. "If the factories shut down, if the power plants went dark," wrote Gross, "how long could social order be maintained?"

Who would write such a program? And why?

Clues soon emerged. There were few infections in the US and Europe but many in Asia, primarily in India and Indonesia and, significantly, in Iran.

The work that had gone into the virus suggested the hand of a government.

A vulnerability not previously detected and one that a program's creator does not know exists is called in the world of computer security "a zero day". It is such a rare event that it can sell on the black market for big money. Stuxnet exploited not one zero day but four.

An expert in coding styles estimated that at least 30 programmers helped write the virus. Another expert estimated it took six months to build. Clearly, not the work of a solitary hacker.

Later it was asserted that Stuxnet's second warhead was hunting for an installation identical to a specific kind of centrifuge cascade at Natanz, Iran's nuclear plant. Once detected, the worm ran rogue code to alter the speed of the frequency converter drives. If the drives were connected to centrifuges, this could damage or destroy the machines.

Stuxnet answered some questions about how cyber attacks could be weaponised while avoiding collateral damage. In other words, designed to take out the power station but not the hospital.

The malware carried features designed to limit collateral damage not normally seen in hacks - such as a self-destruct date (June 24, 2012) on which the Stuxnet worm is set to erase itself from every infected machine. Such features, it is argued, further show the hand of "responsible" Western government.

The Stuxnet worm represents a new world with a new range of uncertainties.

"Will Iran feel that it has been attacked and retaliation is therefore justified?" asks physicist David Albright, president of the Institute for Science and International Security.

Albright told Vanity Fair he worries that deployment of tactics such as Stuxnet is being done without effective oversight or accountability.

While there are clear rules for conventional war, no such conventions exist for cyber war.

Stuxnet was the star of a disturbing trend. internet security company Symantec reported that 286 million malicious programs were detected during 2010, a 93 per cent increase in web-based attacks.

In response, New Zealand this year set up the National Cyber Security Centre, tasked to protect government systems, plan and respond to attacks and help providers of critical national infrastructure improve security against cyber attacks.

Steven Joyce, Communications and Information Technology Minister, gave as good a hint about the unfolding future as the Government is likely to, when it launched its cyber security strategy in June.

"Some of the most advanced and persistent cyber attacks on governments and critical infrastructure worldwide are thought to originate from foreign military and intelligence services or organised criminal groups," he said.

It is a subject governments necessarily say little about. The National Cyber Security Centre sits within the secretive Government Communications Security Bureau (GCSB) which runs the satellite interception stations at Waihopai in Marlborough and Tangimoana (Manawatu), key components of the Echelon signals intelligence network.

Intercepted communications are filtered using key words and phrases, analysed by GCSB staff and shared with international partners.

Otago University associate professor Dr Hank Wolfe, a specialist in cyber security, cyber forensics and cryptology, says there will be regular attempts to breach security and the GCSB is an obvious target "because they have relationships with the corresponding American agency and the SIS has a relationship with the CIA and so on".

"While they don't share all information, they do share some and, if an attacker could get in, they may find that useful. That's the logic of it."

Information collected was protected by sophisticated encryption and this too, says Wolfe, is an area of constant battle between those developing encryption and those seeking to bust it.

That association provides New Zealand with allies but also potentially makes the country a target.

Jazz Coleman, a Kiwi musician resident in France where he was awarded that country's equivalent of a knighthood for his contribution to contemporary music, has claimed officials told him during a visit to China that Waihopai, the communications spy base near Blenheim, would be targeted in event of war between China and the United States.

That's plausible, says Wolfe. Australia, which has listening stations near Geraldton, 400km north of Perth and at Alice Springs, and New Zealand, along with Japan would pick up information of interest to the Chinese.

"Taking those out would probably clear the way for China if there was an issue like that."

Cyber warfare is a hidden industry but one, Wolfe says, which will be bigger than most people realise. The United States has planners who run through war games testing scenarios and cyber attacks will loom large in this.

"It is a really important aspect of war in today's world. If you can disable communications through cyber means ... you can cripple a target. They will be running through all kinds of plans and trying to develop new attack strategies for each of those plans."

Theories linking Israel and the United States with the Stuxnet worm attack on Iran's nuclear programme made sense, says Wolfe, but conclusive proof was unlikely. "It makes sense but who knows short of a whistleblower and such whistleblowers may well end up dead."

The more sophisticated the perpetrator of a cyber attack, the lower the prospect of detection. "I'm sure that China, America, England, Australia and maybe New Zealand have whole bunches of people who are working on this and they know how to cover their tracks in addition to how to do successful attacks. They are trying it on their own closed systems to see how it works.

"This is happening all the time and I would be really surprised if most of these countries don't have a fairly large commitment to this activity.

"It's always about the prize. The Chinese will devote a hell of a lot more to America than they will to New Zealand in their efforts to crack codes or pick up electronic intelligence, because the prize is bigger.

"Everyone thinks Microsoft is the most insecure software package but it is not. What it is, is the biggest target in the world because such is its usage, hacking a Microsoft product can provide millions of people for the hackers to deal with."

It makes Microsoft look bad when they are not, says Wolfe. "They are the big target because they are the big prize."

Western analysts suspect China began its campaign of cyber espionage about a decade ago with attacks on US government agencies. Commercial organisations too are believed to be constantly targeted.

It took the 2007 hack of US Defence Secretary Robert Gates' computer for Washington to take cyber-espionage seriously, while in the same year German chancellor Angela Merkel reportedly confronted Chinese premier Wen Jiabao after hackers from China gained access to computers in her office and Germany's foreign, economic and research ministries.

Public awareness followed when in 2010 Google started talking about Operation Aurora, the name given to persistent intrusions the previous year into the company's Chinese servers and Wikileaks' releases began of classified US diplomatic cables, which suggest that China is leading the charge into cyber espionage.

Operation Aurora gathered source code, the virtual DNA of a web application. Malware writers could use that to find vulnerabilities that potentially could let them change the functions of the company's products.

After Google woke up to the possible ramifications, it boosted its small pre-Aurora security operation to 200 people.

Wolfe suspects New Zealand companies are not doing enough to safeguard themselves because they think it won't happen to them.

The 2010 Computer Crime and Security Survey conducted by Otago University found that New Zealand companies are going against the international trend and the evidence of steadily increasing risk by spending less on cyber security.

Of the 167 survey respondents 15 per cent were spending between 5 per cent and 10 per cent of their IT budget on security, down from 18 per cent in 2007. The trend among US companies is to increase spend on cyber security with 22 per cent spending between 5 per cent and 10 per cent of IT budget, up from 19 per cent over the same period.

"You need to consider what are the subconscious assumptions that companies bring to the issue of foreign cyber-attacks on their networks," a senior senate staffer told Vanity Fair.

"They act like they don't really believe that a bank could get completely taken out, or that a tech giant could get its whole lunch eaten, because it sounds as fictional as 9/11 would have sounded before it happened."

- NZ Herald

© Copyright 2014, APN New Zealand Limited

Assembled by: (static) on red akl_a1 at 26 Jul 2014 00:23:33 Processing Time: 747ms