The Cyberwar is Coming
// Posted by David on 05/28/2015 (4:20 PM)
I found the articles we read for this assignment to be particularly fascinating and thought-provoking. In all of my climate-related classes, research, and study, water and water resources are often cited as the likely catalysts for the next great wars, and their arguments are all terribly logical and believable. The experts all say that we’re starting to see signs of this now. For example, “last summer, Isis accused the Turkish government in Ankara, headed by Recep Tayyip Erdogan, of deliberately holding back the Euphrates through a series of dams on its territory, lowering water levels in Lake Assad by a record six metres. Isis was apoplectic.”
However, after reading “How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History,” I really started thinking that maybe wars over water will be undermined by directed malware wars. With Stuxnet, as noted in “The Code War,” the way it worked was “not unlike the enriched uranium the Iranians were working on, but in software form: expensive, highly refined munitions that formed the core of an extremely sophisticated weapons system.”
Attacks like these could very well lead to the next great wars. They are “unobtrusive, can be constant, and they’re invasive. “As the reading shows, these attacks have already started. If Iran had retaliated, or retaliates, what will it look like? Developers designed malware with the ability to tap into Iran’s nuclear centrifuges and alter the speed at which they work. What’s keeping someone or a government from exploiting that ability to an apocalyptic end? Why not? If we can, we should, right? If malware this mischievous can be created and unleashed it in the name of data gathering, sabotage, spying, whatever – and something goes wrong, what kind of collateral damage will there be? As we read, with Stuxnet, there were some friendly fire (assuming that there were some infections in the country(ies) responsible for the attack) accidents. Computers worldwide were infected – even some in the US. “The victims bleed personal data and intellectual property.”
What sectors in the US have unique vulnerabilities like the one exploited in Iran? Likely a lot! Everything is automated these days. Everything is a computer or has a computer. Even the business card dropped off by a bulk water sales rep today had a computer in it.
The image doesn’t do it justice, so here:
Could Diamond Springs unleash malware into this guy’s business card and sabotage his operation? It has a USB port. This item likely has a variety of weaknesses.
Additionally, should the U.S. be using these methods for domestic data gathering? Whether or not they should be, they do. In the example laid out in “The Code War,” with Freedom Hosting, they acquired a warrant and implanted surveillance software. In doing so, broke up a huge child pornography operation. This is good. However, if the FBI, CIA, NSA, ABCDEFG want to do the same to my computer because I visited a site of an organization critical of the American government, is that right? No. To answer my above question, no, just because we can doesn’t mean we should. These attacks aren’t going anywhere. In fact, Edward Snowden reveled that “the NSA budget included $25.1 million for “additional covert purchases of software vulnerabilities,” suggesting that they both buy zero-days and roll out their own internally.”