Predicting a Digital Pearl Harbor

This spring we saw the first example of what an Informational Warfare Attack against a country might look like. Estonia came under a loosely organized attack from Russia Websites on April 27th. This action appeared to be in response to the removal of a Russian monument. The attacks appeared to be limited to internet infrastructure targets and simple in design. Most of the attacks where limited to denial of service (DoS) attacks with posting on Russian sites on how to craft DoS scripts and what IP addresses to use. It played on the Nationalism sprit of the average Russian to attack Estonia under the banner of attacking “Estonian Fascists”. I am not attempting to enter into a political discussion between Estonian and Russia, but list some of the facts that have been reported about the incident. Since Estonia was not attacked directly by another Government this incident is being referred to as a Cyber Riot.

The incident that we saw in Estonian demonstrated the effectiveness of Internet attacks against another country. This was one of first documented cases of an attack at this level. The trends show that a full scale Digital Pearl Harbor attack is not only possible, but it is a question of when. What was lacking in this attack was the sophistication required to attack the integrity of systems and make changes. This attack only was able to deny access to key systems.

A more recent large scale attack was launched against sites in Italy. The attacks where based on a Russian made exploit kit called Mpack which provides the attackers a management console to show which exploits are effective and which Domains are susceptible. While this attack was believed to be gang related it does demonstrate the level of sophistication that has been developed. If this type of tool was deployed in a botnet farm the results could be devastating. Recently “Operation Bot Roast” conducted by the FBI uncovered a botnet containing over a million computers. The Italian attack was only based on about 6000 compromised computers.

Although the ability has been demonstrated to launch a denial of service attack against another country it will be a number of years before a sophisticated attack can be coordinated to attack critical infrastructure sites to impact a country. To be able to target Wall Street and be able to corrupt the “Trading Platform” or target the control systems of nuclear power plants.

Based on past studies I predict that within the next 10 to 15 years we will see a full scale sophisticated attack against another country as an alternative to a conventional military action. The USAF has recently added Cyberspace to its mission and it is charge with developing surgical attack tools along with protecting US National Internet assists.


Links for additional information:

http://www.nytimes.com/2007/05/29/technology/29estonia.html?ex=1338091200&en=80d1358e48b6740b&ei=5088&partner=rssnyt&emc=rss

http://www.guardian.co.uk/technology/2003/feb/20/security.onlinesupplement

http://www.dickdestiny.com/blog/2007/06/electronic-pearl-harbor-for-day-idiot.html

http://www.computerworlduk.com/management/security/cybercrime/news/index.cfm?newsid=3561

http://www.computerworlduk.com/management/security/cybercrime/news/index.cfm?newsid=3514

http://www.msisac.org/webcast/05_05/info/05_05presentation.swf