(Media feature by BBC Monitoring on 30 June )
A dispute over a Russian war memorial in Estonia in April 2007, which escalated into a diplomatic row between the two nations, is regarded by NATO as the first outbreak of cyber warfare.
The internet is emerging as a theatre in warfare, with the conflict between Georgia and Russia in 2008 being matched by attacks on internet services in both countries.
The aftermath of the June 2009 Iranian presidential election, where street protests coincided with attacks on websites belonging to Iranian government, media and opposition groups, brought the issue of the internet as a theatre of conflict to the fore.
Governments are now taking cyber security seriously, with the UK announcing its strategy on 25 June 2009, while reports have emerged of a disagreement between the USA and Russia over a treaty for cyber warfare.
Emergence of cyber warfare
The dispute between Russia and Estonia over the decision to move a Russian war memorial in Tallinn in April 2007 resulted in a month-long attack on Estonian web assets belonging to both government and businesses, forcing NATO to consider cyber warfare as a new type of asymmetric conflict with the potential to damage crucial state infrastructure.
On 30 April 2007, Estonian newspaper Eesti Paevaleht quoted Minister of Justice Rein Lang as saying that many of the attacks were coming from Russian state-owned servers.
Subsequent research showed that attacks may also have originated from Russian private web users, ethnic Russians in Estonia and from the wider diaspora. Estonian business newspaper Aripaev noted on 6 August 2007 that the means to attack Estonian web servers was being sold on Russian web forums for up to 150 dollars.
In an official communiqué from NATO's April 2009 summit, the alliance said that it had activated its Cooperative Cyber Defence Centre of Excellence in Estonia and would "accelerate our cyber defence capabilities in order to achieve full readiness".
Cyber defence is an integral part of NATO exercises, the alliance communiqué said. As well as NATO's Cyber Defence Centre, the UN's International Telecommunications Union has also launched IMPACT, the International Multilateral Partnership Against Cyber Threats, based in Malaysia.
Georgia: Using the power of the crowd
The war between Russia and Georgia in July and August of 2008 was also characterized by attacks on web-based assets belonging to both sides.
Writing for US-based technology website Zdnet in August 2008, online security consultant Dancho Danchev noted that attacks on Georgian government websites were so sustained, that the president.gov.ge site was moved to servers in the United States, while the Georgian Ministry for Foreign Affairs re-launched its website with a Blogger account.
Much like the Estonian attacks, Danchev said that the cyber attacks against Georgia may have originated from official sources, but combinations of activists with access to botnets and "copycat script kiddies" (juvenile hackers) intensified the conflict.
Danchev noted the difficulty in pin-pointing the source of these attacks. The very nature of Distributed Denial of Service attacks (DDOS, using infect computers around the world as part of remotely-controlled botnets) means that the perpetrators can go undetected and unpunished.
Russian newspaper Moskovskiy Komsomolets claimed an "unqualified victory" in the "internet war". The paper, which had come under a DDOS attack itself, said on 12 August 2008 that Georgian hackers had attempted to shut down the entire Russian .ru domain, while "a unique kind of flash mob" had turned on Georgian and Western websites.
"Netwar" in Iran
The disputed Iranian presidential election not only saw large numbers of protesters taking to the streets of Tehran and provincial cities, but it also saw a widespread campaign of so-called "netwar" carried out on the internet, both from inside Iran and elsewhere.
In a rapidly changing situation, the government filtered access to opposition, foreign media and social networking sites, while activists took part in denial of service attacks against government web assets and promoted the use of proxy servers which allowed users to bypass state restrictions.
Both sides were able to use readily available tools in order to achieve their goals. One of these was the London-based pagereboot.com service, originally intended as a device to automatically refresh pages on auction site eBay. Using the service repeatedly against a website can make it unusable to other users, effectively crippling it.
Site owner Ryan Kelly noted pagereboot was being used to block access to websites after messages spread on micro-blogging service Twitter urging web users to use the service against Iranian web services.
On 21 June, Persian blog aggregator Balatarin accused the Iranian government, of embedding code into pages of the Fars News Agency. This code would send via pagerefresh multiple requests to the Balatarin site without the user's knowledge.
Subsequently, Kelly wrote on his blog: "It is for this reason I have decided to take the site offline again. This tool can be effectively used as a 'weapon' by both sides, and while I fully support the protestors fighting for their freedom against an unjust state, I cannot allow it to be used to attack websites promoting free speech."
Cyber war strategies
During the Russia-Georgia conflict, Russian newspaper Moskovskiy Komsomolets noted that there are no international agreements regarding cyber attacks. Even if perpetrators were identified, the paper said, it would be impossible to bring them to justice.
A New York Times report on 27 June noted that discussions between the United States and Russia have revealed fundamental differences over the need for a treaty over cyber warfare.
While both sides agree that cyber warfare is a growing threat, they differ on the need for an agreement, the NY Times said. Russia is seeking a ban on countries using malicious codes to attack other nations, while the US is resisting calls to allow governments to censor the internet, arguing that any proposed treaty would only regulate state actors.
As the June 2009 Cyber Security Strategy of the United Kingdom document published by the Cabinet Office points out, states form only part of the combined risk to national and business web interests, with criminal groups and terrorists also posing threats.
According to a report by internet security company Symantec, the greatest threat to internet systems still comes from criminals rather than states, with 4.7m computers being hijacked in Europe, the Middle East and Africa in 2008.
Source: BBC Monitoring research 30 Jun 09
Comments