why cyberwarfare won't become violent…

Cyber espionage is a lot more effective than an all out attack. So why are we being told to brace for the latter rather than deal with the former?

balding hacker

A while ago, I wrote about the overhyped dangers of cyberattacks and the problems with using them to ruin an opponent's infrastructure as imagined by doomsayers on Capitol Hill. And while the media is slowly but surely getting closer down to earth about the threat, a proper scholarly rebuke has been published to give the press even more guidance on what cyberwarfare is really like and why it's not the long anticipated holy grail of asymmetric engagement for rogue nations.

Short version? Since there's a limit on how much an attack would do to a militarily superior enemy, an attacker would have to back up actions in cyberspace with planes, ships, missiles, and even good, old fashioned boots on the ground when a conventional response comes, and the militarily powerful nation states that may be targeted are far from helpless against hackers and malware, and will also launch their own cyberattacks on enemy infrastructure when provoked. So if you really think you could zap a major regional or global player into submission with a virus, you'll need to rethink your strategy…

As mentioned in previous posts, an advanced energy and transportation infrastructure is huge, and though it'll have its vulnerabilities, the sheer number of thoroughly researched and tested exploits it would take to impact even a small part of it would be daunting even for a fully fledged hacker army working around the clock. Salvos in a cyber war would rely on the assumption that the discovered vulnerabilities haven't been patched, many of the targets are exactly what the hackers think they are, and that the exploits won't be detected long enough for all the viruses to open back doors to critical systems while the IP addresses won't change until the green light for the attack is given.

Oh, and once this massive effort is discovered, expect most of the exploits used to get a quick patch, which means that new exploits will have to be found to mount a new attack. Disguising an attack is also getting progressively harder as militaries and intelligence agencies find new ways around obfuscation tools or how to hijack them to trace previously untraceable attacks. And that raises the possibility of cyber war triggering a conventional one if the attack is severe enough or physically hurts the target nation's civilians.

All that said, there may be an important caveat to consider. Both the academic rebuke and the objections to a lot of popular cyberwarfare gloom and doom address the idea of malware being used as a weapon, just like the Stuxnet virus was thought to have been used. In reality, cyberwars may actually employ spyware like the newly found Flame suite which has silently been infecting computers in the Middle East and North Africa for a few years at least. Rather than trying to crudely bludgeon each other's infrastructure, nation states seem to be focused on gathering intelligence to better aim diplomatic brawls and conventional strikes. And that makes a great deal of sense.

Why huff and puff to shut off a power plant two two after months if not years of painstaking effort when you can precisely identify where and how to carry out a attack, or sneak a peek at what your enemy might be planning behind closed doors? It's much easier and more effective anyway since you have fairly well known and difficult to patch attack vectors to exploit, vectors like social media, e-mail, or servers which haven't been properly updated and store easily accessible and weak passwords. Infiltrations can be subtle and last much longer without requiring esoteric knowledge. Unlike we've been told so many times, cyberwar won't get here with a bang but with an insidious whisper, and its main goal won't be to destroy, but to quietly steal.

  archived from wowt
              
# tech // cyber warfare / cybersecurity / espionage / malware


  show comments
latest reads

how to endanger the future of space flight for status and profit

CEOs and space faring powers are treating low Earth orbit as their personal playgrounds, much to the horror of space agencies.
how to endanger the future of space flight for status and profit

why your boss is obsessed with a.i. past the point of sanity

Not only is the C-suite not immune to AI psychosis, they seem to be primed to suffer the worst of it as their employees duck and cover.
why your boss is obsessed with a.i. past the point of sanity

why so many of us are just not that into chatbots

AI adoption is at an all time high, but opinion of AI keeps on tumbling with every poll and study on the subject.
why so many of us are just not that into chatbots

no, your chatbots aren't secretly marxists at heart

But they can and do detect and complain about unfair treatment when asked, according to an experiment by Stanford researchers.
no, your chatbots aren't secretly marxists at heart

how the right wing took over social media

Right wing content has a major advantage on social media. But we can do something about that with a very simple change in our habits.
how the right wing took over social media

no, we still don't know why t. rex had little arms

Popular science outlets continue to do a terrible job of explaining studies on primeval evolution and pretending we have answers we don't.
no, we still don't know why t. rex had little arms