2008 - Year of the first cyber-war?

Information Warfare, Computer Network Attacks and Electonic Warfare

Most of us know bsically what is meant by the phrase 'hacking into a computer'. Roughly, this can happen through a number of different ways. The simplest is by getting someone with access to a computer system to give the hacker a username and password. A slightly more sophisticated method is to try to crack a password through brute force. This can be accomplished if the hacker writes some code to try every possible combination of keystrokes to discover a password. Another method is by using 'sniffer' code to watch keystrokes on an unencrypted network - if a user is logging on, the sniffer can pick up the keystrokes in their password.

What about computer viruses?

Computer viruses are bits of code which have found their way into a computer system. One of the most popular ways for viruses to enter into a system is through an email attachment. Instead of the attachment being a harmless file, it is, in fact a virus. Once a virus is inside a computer system it can do all sorts of things. It can immediately attempt to run commands on the infected computer - performing activities such as erasing the hard drive, corrupting data or disabling key features of the operating system. Other viruses look for email address or other computers on the network and send themselves to those machines. Still other viruses, called 'logic bombs' may sit quietly and wait for a particular event on their host computer until they act, or send back reports to their creators - others may wait for a particular date and time to act, potentially knocking out key systems all in one shot.

Pre-installed viruses

Harmful or malicious code does not necessarily need to enter after the system has been up and running. Logic bombs could already be present in the software which is shipped with a computer, pre-installed in chip firmware or directly wired into the hardware. Conspiracy theorists may delight in telling us that every single Intel chip ever sold has a secret 'self destruct' code built into it.

China cyber attacks - recent warnings

In December of 2007, Jonathan Evans, the Director-General of the MI5 branch of the UK's intelligence service sent a confidential letter to chief executives and heads of security at 300 financial and legal firms to inform them that they could find themselves subject to espionage and electronic attacks from 'Chinese state organisations'. Comments by most security experts limit the threat to industrial espionage and attempts to crack passwords of key sites.

International law experts are thinking about whether or not an attack on a computer or network constitutes a use of force. Is the use of force just a physical act - for example, the use of radar to acquire a plane as a target is considered to be a hostile act - a use of force.

In any case, it's clear that the ability exists to conduct espionage, erase or alter data, hinder or disable systems which are used for communications, banking or even public utilities.

2008 may not be the year in which a state openly attacks another another through these methods - but it seems likely we won't have to wait too long to see it occur.

In the meantime, check your virus detection software. You don't want to be blamed for starting an international incident because a hacker has used your computer to attack the Pentagon.

For more information

Infowar.com
http://www.infowar.com/

Rand.org -cyberwar
http://www.rand.org