25 November 2008


During the disastrous crisis in South Ossetia1, we received a glimpse on the state of cyberwarfare. I've occasionally heard breathless references to this, but so far the "main weapon" seems to consist of distributed denial of service attacks:
NY Times Blog: Besides the bloody shooting war going on between Georgia and Russia, there’s another, quieter battle going on in cyberspace. The Georgian government is accusing Russia of disabling Georgian Web sites, including the site for the Ministry of Foreign Affairs.


The attacks are structured as massive requests for data from Georgian computers and appear to be controlled from a server based at a telecommunications firm, he said. This kind of attack, known as a distributed denial of service attack, is aimed at making a Web site unreachable. It was first used on a large scale in 2001 to attack Microsoft and has been refined in terms of power and sophistication since then. The attacks are usually performed by hundreds or thousands of commandeered personal computers, making a positive determination of who is behind a particular attack either difficult or impossible.
It's been noted (in comments to the above post) that "mere" DDoS attacks probably were the work of enthusiastic supporters of the Russian war effort, and not the Russian military itself. Such attacks were not significant to the Georgian war effort, partly because internet penetration in that country is very limited.

According to the PBS documentary on cyberwarfare (see below), a much more alarming prospect is something like the Slammer (or "Sapphire") worm.
SearchSecurity.com: While Slammer choked many Internet service providers and networks over the weekend, it didn't have a destructive payload, said David Litchfield, a well-known vulnerability-finder and co-founder of Next Generation Security Software, which is based in Sutton, England. "It could have been so much more nasty," he said. "It appears they wrote it to prove a point."

Slammer exploits the six-month-old SQL Server Resolution Service buffer overflow flaw that Litchfield discovered. While the worm isn't destructive and only attacks Windows 2000 systems, it can gum up networks by generating massive amounts of traffic. It then scans random IP addresses looking for other vulnerable servers.
One of the more vulnerable targets of cyberwarfare is a class of machines known as systems control and data acquisition (SCADA). These are computer systems used for monitoring real-time industrial or communications processes, such as oil refineries or telecom switching. Because of the complexity and integration of such systems, they are usually connected to the internet, and often through cellular communications. Hence, there is a risk that a future terrorist attack could avoid bombs entirely and attack a SCADA that was critical to, say, the functioning of a subway system.

This is discussed in a few interviews at the PBS page on SCADA vulnerabilities. The general tenor of the interviews is that there seems to be little evidence that a technology exists for penetrating SCADA systems en masse.

1 [UPDATED] Impartial information on the South Ossetian War of August 2008 is quite difficult to come by, but one trustworthy source is "All Parties in August/South Ossetia Conflict Violated Laws of War," Human Rights Watch (23 Jan 2009)

Additional Sources
(From How Stuff Works)

Labels: , , ,


Post a Comment

<< Home