Nation-state driven cyber attacks are routinely conducted on a global scale to defend national sovereignty and project national power. We are living in the cyber era, human conflict is involving also the fifth domain of warfare, the cyberspace. As never before disputes take place with blows of bits, militias of every government are developing cyber capabilities dedicating great effort for the establishment of cyber units.
Security firm FireEye published another interesting research titled “World War C” that describes the effort spent by governments in cyber warfare context, the document analyzes in detail the different approaches adopted by various countries in conducting nation-state driven cyber attacks. Security experts highlight the intensification of state-sponsored attacks for both cyber espionage and sabotage purpose, campaigns such as Moonlight Maze and Titan Rain or the destructive cyber strikes on Iran and Georgia have signed the evolution of the military doctrine.
“Cyberspace has become a full-blown war zone as governments across the globe clash for digital supremacy in a new, mostly invisible theater of operations. Once limited to opportunistic criminals, cyber attacks are becoming a key weapon for governments seeking to defend national sovereignty and project national power.”
In the arsenal of government militias are entering strongly DDoS tools, spyware and computer viruses, nation-state driven cyber attacks are considerable an optimal option by governments for the following reasons:
As explained in the study the attribution of responsibility for a cyber attack is a very hard task, FireEye experts correctly highlighted that to uncover the perpetrators is necessary to apply a multi layered approach based on forensic “reverse-hacking” techniques, build a deep knowledge of “patterns” of attack, evaluate the geopolitical context of cyber attacks aims associated to specific government.
“A cyber attack, viewed outside of its geopolitical context, allows very little legal maneuvering room for the defending state,” “False flag operations and the very nature of the internet makes tactical attribution a losing game. However, strategic attribution – fusing all sources of intelligence on a potential threat – allows a much higher level of confidence and more options for the decision maker,” “And strategic attribution begins and ends with geopolitical analysis.” said Professor Thomas Wingfield of the Marshall Centre, a joint US-German defense studies institute.
“The biggest challenge to deterring, defending against, or retaliating for cyber attacks is the problem of correctly identifying the perpetrator,” said Prof. John Arquilla, Naval Postgraduate School
“Attribution” for a nation-state driven cyber attack is difficult due to similarity with methods adopted by single individuals, organizations, or state-sponsored hackers. States are often mistakenly identified as non-state entities, and vice versa. Another dangerous phenomenon that we are assisting is the growth of number of cyber mercenary groups close to governments that are structured as cyber criminal gangs but that are able to offer hacking services to involve in nation-state driven cyber attacks.
“cybercrime organizations offer anyone, including governments, cyber attack services to include denial-of-service attacks and access to previously compromised networks.” states the World War C report.
FireEye experts analyzed the Nation-state driven cyber attacks identifying the tactics and characteristics for the offensive in various regions:
New players are entering the arena of cyber warfare strongly, countries such a North Korea, Iran and Syria have demonstrated to represent a serious menace also for the most industrialized super power, this is the democracy of the new military doctrine. Examining most advanced countries in cyber warfare, China is considered responsible for the largest number of Nation-state driven cyber attacks, it uses high-volume noisly cyber attacks mainly for cyberespionage.
On the other end U.S., and Israel, providing the most advanced technologies, are able to conduct more sophisticated and surgical cyber operations, Stuxnet and Duqu are just a couple of examples of products of joint effort spent by the two governments. The Russian Government is considered one of the entities with major cyber capabilities, like Israel and US it is able to perform sophisticated nation-state driven cyber attacks, but little is known about the internal organization of its cyber units. According to rumors, a group of hackers that report directly to the President is the core of Russian cyber command that has operated in stealthily way in cyberspace against hostile governments and on the domestic front against opponents of the regime.
“Though relatively quiet, Russia appears to be home to many of the most complex and advanced cyber attacks FireEye researchers have seen. More specifically, Russian exploit code can be significantly stealthier than its Chinese counterpart—which can also make it more worrisome. The “Red October” campaign, including its satellite software dubbed “Sputnik,” is a prominent example of likely Russian malware.” states the report
FireEye’s World War C ends proposing a list of factors that could influence the cyber security landscape in the medium term:
Information warfare is ongoing …
(Security Affairs – Nation-state driven cyber attacks, cyberwarfare)