For most of history, conflicts between states have been fought with conventional, physical military means. When the digital revolution occurred, however, governments around the world utilized new technologies to change the stage of conflicts from traditional battlefields to cyberspace.
Cyberspace: the New Battlefield
In cyber warfare, states or non-state actors (e.g. terrorists) attack adversarial computers and information networks for various reasons. The advantages of cyber warfare are easily apparent: Without the typical rules of war, its costs and potential casualties are lesser, while far-reaching effects and damage against the enemy can still be generated, nonetheless. Moreover, while an unprovoked airstrike is seen as a declaration of war, a cyber-attack via a computer worm, virus, or Trojan horse can do significant damage without establishing a sufficient casus belli in the process.
In recent years, cyber warfare has produced spectacular incidents all over the globe and among various protagonists. Whether it is the US, Israel, Iran, Russia or North Korea, each nation continues to advance its modern warfare while exploiting adversarial weaknesses. Most notably, the US and Iran have been on a collision course for many years.
Stuxnet and its Relatives
The now omnipresent US actions against Iran were preceded by years of cyber armament during the Cold War by various world powers. Cyberattacks have been around for more than a decade, mainly for espionage purposes, but they also have the potential for physical destruction. The American NSA and Israel’s Unit 8200 are said to have been responsible for the first major cyber offensive via the Stuxnet computer worm in 2010.
Stuxnet disabled hundreds of centrifuges in a uranium enrichment plant in the Iranian city of Natanz. The attack set Iran’s nuclear program back for several years.
In May 2012, the security company Kaspersky discovered a malware program called Flame. It had attacked computers from the Iranian oil ministry on a large scale and stolen and deleted data. Flame is said to be related to “Stuxnet”, and thus also suspected to be of US-Israeli origin. With its sophisticated attack and defense tools, Israel remains one of the world’s leading nations in cyber warfare, as it also demonstrated two weeks ago during a daring cyberattack on a key Iranian port.
Only a year ago, when Iran shot down a US drone in June 2019, the US is said to have carried out another cyberattack in retaliation. That time, the Revolutionary Guard’s infrastructure, in particular, is said to have been affected.
Iran itself is said to have developed sophisticated cyber capabilities in response to the 2010 Stuxnet virus attack. The latter allows the mullahs to prevent a direct military confrontation with the US as Cyber-attacks that are carried out via proxy are difficult to prove in terms of origin. Since then, Tehran has been repeatedly accused of conducting sophisticated, destructive cyberattacks on its adversaries, including the Shamoon virus attack on Aramco’s Saudi oil company in 2017. The malware hijacked more than 2,000 files on 35,000 computers of the oil giant and replaced them with burning US flags.
Iranian hackers are also linked to continuous attacks on significant banking and training institutions in the United States, as well as critical infrastructure. In 2013, Iranian hackers entered a US dam control system 20 miles north of New York and damaged its operations. The attack only became known two years later.
Iran’s Focus on Cyber Warfare
In 2014 Iranian hackers attacked the Sands Casino in Las Vegas and paralyzed most of the company’s servers. The damage was estimated at $ 40 million. The reason for the attack is said to have been a statement by Sands CEO Sheldon Adelson: in the course of the nuclear dispute with Iran, Adelson suggested that an atomic bomb should be detonated in the Nevada desert as a warning of what could happen to Tehran.
Microsoft reported a more recent attack attempt in October 2019. According to the company, Iranian hackers had attacked Microsoft customer accounts. In addition to government officials and journalists, the targets included Iranian exiles and members of a US campaign team. Moreover, hackers are said to have tried to penetrate the campaign for the re-election of US President Donald Trump, according to a report by Reuters.
Don’t Forget Russia
Besides the American-Israeli-Iranian power players, Russia is also massively involved in the cyberwar. Hardly any country has carried out digital attacks as widely and as spectacularly as the former Soviet Republic. The country expanded its ability to do this relatively early on. In the 1990s, disinformation about the war in Chechnya was first spread online via the internet. Large-scale DDoS attacks followed in the 2000s, attacks in which hostile servers were overloaded with a flood of requests from many computers until they collapsed. In 2007, Russian hackers were responsible for ensuring that computers around the world, coordinated in a botnet, directed their data streams to Estonia’s banking systems and government websites. The result: Nothing went on the screens of users in Estonia, pages were no longer accessible, no money transfers took place. There had previously been a dispute between Russia and Estonia because Estonia had transferred a controversial Soviet war memorial from Tallinn’s city center to a military cemetery. In 2008 Russia also blocked Georgia’s digital infrastructure at the beginning of the Russo-Georgian War, while a Ukrainian nuclear power plant is also said to have been temporarily paralyzed by a Russian attack.
Russia’s arguably most significant coup occurred in 2016 when Wikileaks published multiple internal emails from the US Democrats in the presidential election campaign, which stemmed from a Russian hacker attack. Additionally, as US intelligence confirmed, Russia actively interfered in the election via the spread of fake news and its now well-known troll farms. While the effect of these actions is hard if not impossible to quantify, it is fair to argue that it did not benefit candidate Hillary Clinton.
North Korea Hits Hard With the Sony Hack and More
North Korea is also an actor in the conflict. The latter first became apparent in 2014, when Sony Pictures temporarily stopped the release of The Interview in the US, in which North Korean leader Kim Jong Un is being parodied. Sony Pictures’ computers were previously the target of a hacking attack that stole internal data, including sensitive personal information. US intelligence experts suspect Office 121, North Korea’s elite hacker group, as the perpetrators.
North Korea struck again in 2017. Hundreds of thousands of computers in 150 countries ceased working when ransomware had been installed, all data had been encrypted, and a ransom had been demanded. Mainly private individuals were affected, but also companies such as Deutsche Bahn and Renault, the British health system NHS, the telephone giant Telefónica and the Russian Ministry of the Interior. Users were directed to transfer money using the electronic currency Bitcoin. Otherwise, the PC remained blocked. Shortly after the attack, IT security experts pointed out that the malware code led to the Lazarus group, which is believed to be North Korean intelligence.
It is essential to realize that these attacks are not isolated incidents, but a continuous campaign often planned and orchestrated over long periods. While reports will often refer to “hacker groups,” it is undeniable that the majority of these groups, particularly in totalitarian states, are an avatar for government intelligence and thus under the direction of their respective leaders. Over these last years, the attacks have also become more sophisticated, and with the US election in November, the cyberwar will only escalate further.