Introduction
900 years ago, Genghis Khan and his army formed the largest empire in human history by shooting arrows from the back of the horses. 500 years ago, The House of Lancaster beat The House of York in the War of Roses using swords, armor, and siege weapons. 150 years ago, the north won the American civil war using cannons, rifles, and revolvers. 100 years ago, the allied won the great war using rifles, machine guns, tanks, aircraft, and chemical weapons. And 70 years ago, the allied won the second world war, the deadliest conflict in human history that ended with nuclear weapon use. But World War II was different from any other human conflict. For this part, it was not solely won on the backs of superior weaponry and brute force, but also through intelligence and more importantly the use of computers.
Alan Turing, the father of modern computer science made his contributions to the war not on the frontlines but in Bletchley Park, UK. He devised numerous techniques for speeding the break of the German ciphers, including the improvement of the pre-war Polish bombe method, which could find the settings for the German Enigma Code. Winston Churchill once said that Turing made the single largest contribution to the Allies’ Victory.
Future Warfare
This changed the way we’d fight battles in the future. One that involves the use of logic and code. For these wars will be fought online. Cyberwarfare had an incredible advantage over traditional warfare which is anonymity. Using VPNs, tor, anonymizers, etc government and non-government entities can launch huge attacks without ever revealing their identity. And if the enemy doesn’t know who is attacking them, they cannot retaliate.
But can cyberwarfare be as effective as traditional warfare? Think about all the infrastructure that our societies rely on. The financial sector, energy sector, air traffic control, and healthcare to name a few can easily fall prey to cyberattacks. And it’s not limited to infrastructure, countries can greatly influence the ideology of society through the use of what is called the soft-power.
One such attack was discovered in 2010.
Stuxnet
Stuxnet is a computer worm. This means malware that could replicate itself and infect other computers in the network. It was first identified in Belarus and soon security analysts and businesses grew concerned over its spread as it had infected millions of computers worldwide. It had infected computers in almost all countries. But one country, in particular, Iran. This wasn’t a mere coincidence, it was by design. A normal computer worm would spread using a method or two like file sharing or email transfer. But Stuxnet had 7. Also, make a note of something called Zero Day. This is a security exploit in the software that the attackers are aware of but not the developers. Zero Days are a very rare occurrence and are worth hundreds of thousands on the black market. It is called so because when the vulnerability/exploit is discovered, the developer had spent zero days fixing it. Stuxnet had 4 Zero Days. An unprecedented.
The spread of the worm did not exploit normal user information or cause any data breach. It waited patiently and did nothing until it infected a very specific target of the Natanz Uranium Enrichment Plant in Iran. The plant had several centrifuges that were used to enrich high-grade Uranium to produce weapons of mass destruction and make Iran a nuclear state. The target was the PLCs manufactured by Siemens that monitored the RPM of the centrifuges which were about 6300 RPM. When it reached its target, it did nothing. Nothing but collect data, every log that every PLC would output for 13 days straight. Then it sprung into action by increasing the spin rate by several times the intended speed and then slowing it down to just 2 RPM for 15 minutes each. With these variations in the spin rates, the centrifuges broke down. But this cannot go unnoticed. Can it? Well, it certainly did as Stuxnet cleverly replayed the data it collected upon its arrival at the target. Stuxnet would repeat this routine just once a month. This resulted in damage to 1000 centrifuges over months significantly slowing down Iran’s nuclear ambitions.
Iran’s Response
In retaliation against Stuxnet, Iran assembled a group of cyber experts and launched several attacks against American Financial institutions. In a 2013 report, General William Shelton, who heads Air Force’s cyber operations declined to comment on the 2010 attack but said Tehran had clearly increased its efforts in that arena after the 2010 attack. So much so that we’re getting news headlines like these, “UK, US condemns Iran for ‘unprecedented’ cyber attack against Albania”. This clearly shows that Iran not only improvised its infrastructure which it claims to not fall prey to attacks like Stuxnet in the future but also assembled a group of cyber criminals that it uses to carry out these attacks.
Conclusion
We can see that no one took the responsibility for the attack leads us to conclude that the attackers involved are Type 2 attackers. We could also see the use of passive attack when Stuxnet first infected the systems at Natanz Plant and did nothing but record data. This could also be seen as the reconnaissance phase which paved the way for a successful active attack on the PLCs. We could also see the use of social engineering which is computer-based because introducing these malicious codes into the network does require a certain degree of manipulation. Also, we observe the clever use of computer worms to spread malicious code across the nodes in the network. The attackers put in the effort to include 4 zero days to make sure that the system would not have a single point of failure.
Like what you read? Check out other cool stuff down here:
