The Future of War

Cyber-war – the way of the future?

Governments are increasingly preparing themselves for an internet-based attack on their essential service infrastructure, say security experts

Jonathan Richards from the Times Online

The prospect of inter-governmental cyber-war was something for which countries needed to be increasingly prepared, security experts said today.

An attack launched by an army of zombie computers which could disable a country’s computer systems and cut off its essential services could “definitely” be pulled off by a Government, they said.

The comments come in the wake of allegations by Estonia that Russian authorities were responsible for a wave of attacks on Estonian government websites designed to make the Baltic state’s systems crash and paralyse its infrastructure.

If the attacks, which Estonia claims can be traced to internet protocol (IP) addresses associated with Russian authorities, are found to be linked with the Kremlin, it would be the first known instance of one state ‘declaring cyber-war’ on another.

“The US Department of Defence (DoD) is definitely preparing for something like this,” Ihab Sharaim, chief security officer at Mark Monitor, a computer security firm, said.

“If they weren’t, they wouldn’t be doing their job properly,” Mr Sharaim said, adding that an “increasingly sophisticated” array of technique were at cyber-criminals’ disposal to disguise the origin of so-called ‘distribution denial of service’ (DDOS) attacks.

Many of the successful DDOS attacks were generated from within Baltic States and Russia, Mr Sharaim said, before specifying that none so far were known to have been endorsed by a Government.

In February hackers, possibly based in South Korea, attempted to bring down at least thre of the 13 computers which help manage global internet traffic, including one operated by the DoD.

A Defence Department official was quoted in Network World at the time as saying: “We have to be able to respond. We need to be in a co-ordinated response.”

Peter Wollacott, chief executive of Tier-3, which advises governments on the security of their computer systems, said: “Officials are increasingly concerned about the vulnerability of essential services such as water and gas which are dependent on IT and the ability of terrorists to bring them down.”

“Whether it’s a group of university students setting up a ‘botnet’ or someone more ideologically motivated, all those possibilities are there.”

An attack of the sort suffered by Estonia, where a website or websites crash under a deluge of visits, is known as a ‘distributed denial of service’ (DDOS) attack.

A vast army of ‘zombie’ computers known as a ‘botnet’ comes under the control of a master computer which directs the zombies, or ‘bots’, to visit a chosen website simultaneously, causing it to wilt under the sheer weight of traffic.

In most cases the zombie computers that participate in such attacks do so without their owners’ knowledge, the virus which co-ordinates the attack having arrived in an e-mail attachment or while the owner was visiting a website.

Experts said, however, that it would be easy to confuse the originators of such attacks with the computers who were merely victims of the botnet, and were receiving orders from a master computer elsewhere.

“This traffic may appear to be coming from Russian computers, but the Russians would likely say that their computers – if they are involved – are being directed to visit Estonian sites against their will,” Paul Vlissidis, technical director at the security firm NCC said.

“In any case these days there are mitigating techniques against such attacks,” Mr Vlissidis went on. “What you can get what is essentially a type of router which sits in front of a site and analyses the traffic.”

“If the router senses a pattern in attempted visits – for instance that the volume is unusually large for a certain time, it can direct the requests elsewhere down a ‘cyber black hole’.”