Digital warfare - the new global arms race

The WannaCry ransomware attacks that hit about 150 countries have been linked to a group connected to North Korea. One of the first cyber attacks by nation states, the Stuxnet computer worm that infected the system of Iran's Natanz uranium enrichment
One of the first cyber attacks by nation states, the Stuxnet computer worm that infected the system of Iran's Natanz uranium enrichment plant in 2010, was the subject of a documentary, Zero Days.PHOTO: ZERO DAYS
The WannaCry ransomware attacks that hit about 150 countries have been linked to a group connected to North Korea. One of the first cyber attacks by nation states, the Stuxnet computer worm that infected the system of Iran's Natanz uranium enrichment
The WannaCry ransomware attacks that hit about 150 countries have been linked to a group connected to North Korea.PHOTO: AGENCE FRANCE-PRESSE

Insight finds out that from Stuxnet to WannaCry, nation states are exploiting vulnerabilities in a wired world for their own ends

Seven years ago, a USB drive infected with the Stuxnet computer worm found its way into Iran's Natanz uranium enrichment plant.

There, likely plugged into computers by unsuspecting engineers, the worm wreaked havoc, taking control of the uranium centrifuges and causing them to spin themselves to failure.

The use of the worm, which was reportedly developed by the United States and Israel, is widely regarded by cyber security experts as one of the first cyber attacks carried out by nation states. A documentary was even made about Stuxnet, called Zero Days, and it was screened in Singapore last year.

There have been other attacks since the one using Stuxnet in 2010. Last December the capital of Ukraine suffered a blackout for over an hour after cyber attackers hacked into the utility company and took power offline.

In 2015, the US Office of Personnel Management, the agency that manages America's federal civil service, discovered that hackers had swiped biometric data, such as fingerprints, of 5.6 million government employees.

Both incidents are suspected to be the work of nation states - Russia and China respectively.

The latest WannaCry ransomware attacks that began on May 12, and infected banks, hospitals and government agencies in about 150 countries, have shown links to a group connected to North Korea. As the digital space becomes a bigger part of daily life, such digital incursions will only become more apparent and frequent as countries use cyberspace to further their objectives.

"It's a natural extension of state activity and state-influenced activity, there is nothing illogical about it. (States) are simply responding to the technical capabilities," Sir John Scarlett, former head of the British intelligence service MI6, said earlier this month.

Sir John, who is now senior associate fellow at the Royal United Services Institute for Defence and Security Studies in the United Kingdom, was speaking at a panel discussion on digital warfare at the St Gallen Symposium in Switzerland.

He added that it was important to understand the motivations surrounding different forms of cyber attacks in order to best defend against them.

There are three main types which can be carried out by nation states or cyber criminals:

• Cyber espionage, where the primary intent is to stealthily gather and steal as much data as possible.

• Cyber attacks, where the intent is to harm systems, disrupt, deny or destroy the data and networks.

• Cyber crime, which uses the same digital tools as the former two but the intent is to generate financial gain.

Speaking at the same St Gallen conference, Ms Shira Kaplan, CEO of cyber security firm Cyverse, added that vulnerabilities in cyberspace would increase as digitalisation sped up, pointing out that by next year, there are going to be more than 20 billion devices connected to the "Internet of Things".

"Everything from our phones to our wallets, financial systems, nuclear plants, are going to be connected to the Internet, and that means a big risk," said Ms Kaplan, who was an intelligence analyst with the Israeli Defence Force.

STATE-SPONSORED ATTACKS

And as states move to exploit these vulnerabilities, this is already resulting in a "cyber arms race", where states are identifying digital weaknesses and developing cyber weapons that can be used to exploit them.

For instance, the perpetrators that deployed the WannaCry ransomware reportedly used a hacking tool developed by the US National Security Agency (NSA) to gain access to computers.

"It's completely inevitable. Obviously some actors are going to be already very advanced like the Russians, US and Israel - others will also be pulled into this arms race," said Ms Kaplan, in a separate phone interview with The Sunday Times last week.

And unlike physical attacks, state-sponsored cyber attacks are often difficult to prove or attribute.

"State-sponsored attackers thrive on stealth, denial and deception. The anonymity of Web-based attacks means that nation states can operate via puppet actors, which make it extremely difficult to prove links between individual hacks and state intelligence," said Mr Jeffrey Kok, CyberArk's director of Asia-Pacific and Japan.

These state actors can plant hidden malware on system networks which might remain untouched or dormant for years to achieve their goals, Mr Kok said.

Because state-sponsored attacks are hard to prove, this could "increase the propensity" of states to conduct cyber attacks, said Dr Michael Raska, from the S. Rajaratnam School of International Studies. "At the same time, as cyber defences also increase, it will be very difficult for lower-end hackers to operate," he added, pointing out that attacks will become more sophisticated and have more severe impacts.

According to Verizon's latest Data Breach Investigations Report, 18 per cent of data breaches last year were conducted by state-affiliated actors.

Public-sector entities comprised 12 per cent of all breach victims, the third-largest group after financial and healthcare organisations.

Already, cyber attacks are having ramifications in the physical world - the WannaCry ransomware hit Britain's National Health Service particularly hard, causing widespread disruptions and interrupting medical procedures across hospitals in the United Kingdom.

A nightmare scenario would be when such attacks cause a loss of human life.

Experts say organisations and governments should adopt the mindset that they already have been breached and install appropriate security to mitigate the risk.

"The question is, how quickly can you detect what is crawling in your system and how can you minimise the damage?" said Ms Kaplan.

The weakest link is most often human, said Mr Jerry Tng, vice-president of IT management software provider Ivanti in the Asia-Pacific.

He added that employees and IT users "need to receive ongoing training to help them spot potential attacks" such as phishing e-mails.

"For organisations that work in critical environments, (they need) to make sure that senior managers are aware that they also could be targeted for very specific cyber attacks," he said.

A version of this article appeared in the print edition of The Sunday Times on May 21, 2017, with the headline 'Digital warfare - the new global arms race'. Print Edition | Subscribe