cyberarmscontrolblog

International Agreement for Control of Cyber Weapons

Tag: Denial of Service

The Rise of Cyber Nationalism

Countries now have informal gangs of cyber warriors positioned to attack foreign countries. This appears to have happened a number of times. Reports indicate that after the president of Taiwan made a congratulatory telephone call to Mr. Trump, the 45th President elect of the United States, nationalists in mainland China launched a series of cyber attacks against facilities in Taiwan. Since there are so many Chinese in the mainland, and since Taiwan is so small in comparison, one can imagine the severity of the damage. Various news reports (The Diplomat, The Jamestown Foundation, Financial Times) indicate that the current Chinese government is “worried” about the ferocity of these cyber attacks.

Cyber Nationalism

In China, the fear is “cyber nationalism”, the spontaneous development of nationalist “armies” of hackers who attack foreign countries viewed as being antagonistic to China. Below we list various techniques identified as being associated with cyber nationalists.

Malicious Hacking. Attacks may take place against websites of a foreign government in an “enemy” country. Or attacks may take place against foreign newsmedia that publishes information not favorable to the hacker’s home country, its foreign policy, its domestic policy, its leadership, or its government. In general, “hacking” is a broad and less-than-specific term that may refer to a number of actions including (1) Denial of Service (DOS) attacks against a website, thus more or less making it impossible for people to find the website or use it; (2) Introduction of propaganda onto the target website; for example, instead of having its regular home page show up, a defaced home page will show up containing a negative message for readers; (3) Alteration of information on a website, either in a major or subtle way; (4) introducing malicious code onto the target website.

Social Media. A second tactic is to bombard social media with the intended political message. This can be of either the positive or negative variety. “Positive” refers to setting up social media locations, such as a Facebook page, that expresses a point of view compatible with that of the cyber nationalists. “Negative” refers to visiting social media pages of organizations or individuals who have an opposing (or targeted) point of view, and introducing (or bombarding the site with) harsh comments. There are a number of social media sites, but since Facebook is the world’s largest carrier of email, for all practical purposes, these social media wars take place on Facebook.

News Media. An increasing number of online news outlets invite comments on different news stories. Actually, this is a form of customer retention strategy. People will keep coming back to a website if they can “interact” with it. Sometimes these comments can be made anonymously; other times they require registration to identify the commentators. Online registration has a variety of levels of security and authenticity. In most cases, however, it is possible to register with only a reference email account, and email accounts themselves can be false. This makes it possible for trolls to be accredited anonymously, or to even register under more than one identity. These comments in the media can have a significant effect, one would suppose. (We need to take a look at more detailed social science and communications/media research to see if anyone has empirically measured the effects on public opinion and published the results in a scientific journal.)  But for the time being, let’s assume these armies of commentators can have an effect.

Other Examples of Cyber Nationalism

China is not the only country with entrenched cyber nationalists.  Russia is reported to have conducted “information warfare” in connection with its campaign in the Ukraine. (See “Cyber Threats and Russian Information Warfare” published by the Jewish Policy Center; or “Russia’s Information Warfare” published in Politico; or “Russian and the Menace of Unreality: How Vladimir Putin is revolutionizing information warfare” published in The Atlantic; or “Что такое информационная война?” [What is Information Warfare?] published in ВОПРОСИК; or “Информационная война: определения и базовые понятия” [Information warfare: definitions and basic concepts] published in PsyFactor; or “論中共「信息戰」之不對稱作戰” [The Asymmetric Operation/War of PRC’s Information Warfare] . )

And there is no reason to single out Russia or China only. Other countries do the same thing. For Israel, see “Information and Warfare: The Israeli Case” by Gideon Avidor and Russell W. Glenn. India established an “Information Warfare Agency” to counter messages from its dear friends in Pakistan. We can assume that every advanced country has developed an information warfare strategy, or at least is thinking about it. Some countries are better than others.

Issues for Cyber Arms Control

The essential problem of Cyber Nationalism is its informal nature. In cases like China, and reportedly Russia (which are the strongest examples), there is little if any connection between the government and the cyber nationalist movements. What we have is the spontaneous formation of nationalist cyber activists who are willing to cross over international borders and take cyber action in support of their country. In their heart, they are patriots, eager to defend the honor and reputation of their homeland as they see it.

It would be difficult and probably very controversial for any government to crack down on their private citizens because they were promoting their country overseas in cyberspace.

This means that in terms of an international treaty for control of cyber weapons, cyber nationalism would be problematical to include. It would mean that by acquiescing to an international agreement (treaty) nations would need to agree to crack down (arrest; prosecute; punish; fine) their own nationals when they engage in international cyber activism. Even if there were such an agreement, it would be very difficult to enforce from a practical point of view.

  1. How would the government be notified of the violation overseas?
  2. How would it be possible to verify the true identity of the person committing the violation?
  3. What would be the evidentiary requirements in the judicial process?
  4. What would happen if the action taken abroad by a cyber nationalist was considered a crime where it was committed, but not a crime in the country which is the domicile of the alleged offender? (For example, would a United States prosecutor punish an American citizen because they published information on a Chinese website that in China was considered to be illegal, but in the US would be acceptable or even a form of protected speech?)
  5. Given the number of persons involved, how would it be possible from a practical point of view to police the actions of hundreds of thousands of citizens?

The Criminal Element of Cyber Activism. In the above list, we mentioned two general classes of cyber activism expressing cyber nationalism. In most cases, working on social media and making comments on newsmedia websites that themselves invite commentary would not be illegal, regardless of how outrageous or biased the comments. On the other hand, cyber vandalism (denial of service attacks; hacking of websites to change or distort the information there) is definitely illegal, and probably illegal in all countries.

Application to International Treaty

cyber-crimes-treaty-001

Figure 1 Treaty coverage for cyber crimes connected with cyber nationalism.

We can conclude, therefore, that an international treaty might be able to tighten up the enforcement against criminal actions.  Presumably, Country A would be willing to prosecute its citizens who performed recognized cyber crimes in Country B, if Country B was willing to prosecute its citizens who performed recognized cyber crimes in Country A. See Figure 1.

This type of agreement would be difficult to negotiate because the definition of cybercrime changes from one country to another. It would be easier to start with bilateral treaty negotiations, but more effective if a global treaty could be put in place.

 

 

 

 

 

 

Cyber Arms Control and the Middle East

The current situation in the Middle East is a disaster.  Yesterday, Turkey shot down a Russian SU-24M fighter aircraft flying over Northern Syria near the Turkish border.  Although the Turkish and Russian militaries had set up a “hot line” to handle any crisis or emergency, the Turkish side never bothered to contact the Russians.

Supposedly, the Russian aircraft flew into Turkish air space, but inspection of the radar outputs published by Turkey indicate that the amount of time flying inside Turkey could not have been more than a minute, possibly only half a minute or less.

When the aircraft was shot down, it was already back in Syrian air space, which means that the Turks shot their missiles from Turkey into Syria.

The Turks said that they had warned the Russian pilots for at least ten times over a period of 5 minutes.  At those speeds, this means that the Russian pilots were warned about Turkish air space when they were still in Syria, and heading towards Turkish territory.

The Russian pilot who survived the attack reported that no communication from the Turks had been received.

Originally there were two pilots in the SU-24.  Shortly after the aircraft was hit, they pushed the emergency escape buttons, to eject in their seats and parachute to safety.  On their way down, at a time when they could not possibly do any harm to anyone, Turkomen persons started firing on them with machine guns, killing one of the Russian pilots.

To add insult to injury, when two rescue helicopters were dispatched from nearby Russian ships to rescue the pilots, one was shot down, and yet another soldier or more were killed.

After the incident, the Turks rather than contacting Russia, instead went directly to NATO with a complaint, demanding support as part of the mutual defense treaty.  Military analysts in the United States are saying that this was an ambush by Turkey against the Russians.

Some are worried that this may lead to a third world war.  It is a horrible situation.  Fascinating as it may be, this blog is no place to examine the complex realities of the Middle East, Syria, Iraq, Iran, Turkey, Russia, the United States, and all the other players there.

Cyber War in the Middle East Now

The list of cyber weapons that are being used now in the Middle East and across the world is very large.  We can name only a few, and without doubt could not list them all, even if there were inclination or time.

Electronic Battlefield. The United States is operating a gigantic information battlefield in which soldiers or special forces on the ground in Syria and Iraq are receiving more or less real time information from a variety of intelligence sources, including real time information from drones and satellites.  For every American soldier in the battlefield hell of ISIS, there are satellites overhead looking out for them.  These in effect are teams of persons at various US dark sites around the world. Constantly on duty, they monitor US troop movements are look ahead so as to be able to warn of danger.

Social Media War. ISIS has mastered the use of social media to recruit “sleeper” agents inside Western countries.  The recruits go through three phases:  First, there is general curiosity about propaganda available online.  Second, they make an initial contact with a recruiter for the Islamic State.  Sometimes this recruitment period goes on for a long time.  Some persons in the United States have even received gifts of candy and books.  In the third phase, the recruited agent goes over to the dark web, which means that all of their communications are encrypted, and this makes it impossible for the intelligence communities around the world to read what they are doing.  It is during this phase that the sleeper agent is given specific instructions regarding what they are next to do.

Hacking War. Every day the United States receives more than 100,000 attacks from overseas.  These attacks are aimed at either destroying or stealing important information.  Most attacks come from Russia, China, North Korea, and Iran.  These attacks are monitored by the NSA Cyber Command, but it is difficult to keep up with all of the attacks, as many of them are automated.

It often is noted that even now adversaries have the ability to shut down or disrupt the US transportation system, the electricity grid, and financial institutions.  This merely compliments the constant virus and denial-of-service attacks that constantly flood the Internet.

The Internet is one of the greatest advantages of the US economy, but also it is a great factor of weakness.

Prospects for Arms Control

For the time being, the prospects for cyber arms control are not good.  Countries are too busy engaging in the growing war against ISIS, and in defending their own national interests.  Second, the cyber arms race is a time in which countries are working very hard to develop their capabilities.  Countries would rather develop their capabilities, than cut these efforts short by working on a treaty.

For the time being, the US is a global intelligence and cyber superpower, but no one knows how long that situation can last.