Cyberwar? What Cyberwar?

December 13, 2010

Ladies and Gentlemen, put down the keyboards, stop reading the screen for a moment, and take a deep breath. I’ll wait.

Ok. Now that you’ve done that, you can relax with the knowledge that we are not currently — nor have we ever been in — a “cyberwar” with any foreign power or group. Yes, including China. So far there have not been any verified examples of cyberwar of any kind.

At this point, you probably either think me crazy or correct, but really when we get down to it, this is because our views differ on what the exact meaning of the word “war” is. Now we’re done with the Op-Ed for the moment.

War is commonly defined as a conflict between two parties, usually two states or the agents thereof. When a country such as the United States goes to war, typically a declaration of war is created by Congress. Once in a war, a participant is expected to be hostile to an enemy, attack targets, and attempt to win objectives. Espionage, on the other hand, is another bag of tricks altogether. Espionage is defined by the following:

Espionage: the use of spies by a government to discover the military and political secrets of other nations. (

So what makes cyberwar cyberwar and what makes cyber-spying cyber-spying? Well the difference on what crosses into where really depends on your interpretation of what an act of war is.

Does stealing plans for a fighter jet constitute an act of war? (JSF Plans Stolen)
Does breaking into confidential and sensitive email accounts count?(Operation Aurora)
What about unauthorized access of government systems?(GhostNet)

These acts are all acts of espionage. A foreign spy or spys are collecting information about the United States by stealing it through computers, and to many people, these acts should be interpreted as acts of war. Attacks aren’t limited to the United States, however. In fact, a 2008 cyberattack originating from inside Russia against Georgia is the closest thing to a cyberwar the world has yet seen.

The 2008 conflict in South Ossetia generated a flurry of speculation in online communities about cyberwar attacks originating in Russia against the government services of Georgia. A good article explaining some of what happened is available here from ZDnet, but the basics are that before and during the Russian occupancy of Georgia, such devastating cyberattacks were launched that during the invasion the Georgian government’s technological infrastructure and online presence were decimated during their attack. Officially the Russian government is not implicated. The attacks were instead attributed to a network known to rent out botnets and provide “bulletproof” hosting to malware domains was used — The Russian Business Network. The RBN is widely accepted to have some sort of political ties to the Russian government.

It would be so easy to just jump from here to the conclusion that Russia is responsible for this, but you can’t make that conclusion in good faith — and here’s an example why:

Recently, a group of users from 4chan have been distributing a hivemind (voluntary botnet) DDOS application known as the Low-Orbit Ion Cannon, or LOIC. LOIC is one of hundreds of out-of-the-box denial of service programs made by hackers and distributed among the less skilled “Script Kiddies”. These widely-availible tools were recently used to cripple Paypal, Visa, and Mastercard to the point where transactions were being affected all over the world. These websites handle much more traffic per day than the Georgian government does.

This demonstrates that a cyber-milita can be built in a day with a few vigorous posts on a message board urging hacktivism (a form of activism leveraging computer hacks or denial of service attacks). 4chan’s “anonymous” is particularly good at this, as it has demonstrated, and patriotism is a powerful force. Perhaps it was lone hackers, script kiddies, or teenagers with access to these simple tools that attacked Georgia out of patriotism, not solely a sinister network selling botnets to the Russian government.

Another oft-touted example of cyberwar is the stuxnet virus. Stuxnet was an act of espionage. Sure, it could have been used as a cyberwar tool if its authors had come out and declared its purpose and target from the beginning. Otherwise it is simply a very targeted attack against countries using specific SCADA control systems running a uranium centrifuge at specific frequencies. Nobody knows who wrote it. With this sort of evidence and the anonymity, this super-virus is a textbook case of sabotage.

Back to the Op-Ed:

The media and security companies must stop this fear-mongering. I shouldn’t be reading about cyberwar in the news every day or hear radio advertisements for cyberwar prevention solutions.

“Cyberwar” might sell papers and security consulting gigs, but it makes people scared and causes them ask all the wrong questions, like “Why are we not at war with China if they are launching these Cyber-War attacks?”. We should be asking — “How are we defending our country against sabotage and espionage?”. Cyber-war and its negative connotations simply encourage a hostile attitude between the United States and China in a already-tense political climate and misinform the public about computer security issues. Instead of “Cyberwar attacks” and “cyberwar”, perhaps call it espionage or cyber-espionage if you really need the cyber prefix that much.