The United States government is certain that a recent series of cyber-attacks against American banks was carried out by Iran in retaliation for sanctions and online attacks orchestrated by the United States, computer experts told The New York Times in a report published late Tuesday.
“There is no doubt within the US government that Iran is behind these attacks,” said James A. Lewis, a computer security expert who used to work for the US State and Commerce departments.
Since September, the attackers have reportedly hit a series of American banking websites — including Wells Fargo, HSBC, Bank of America, Citigroup, US Bancorp, BB&T, Fifth Third Bank, PNC and Capital One — using distributed denial of service attacks, or DDoS, attacks.
Security experts had been warning that a US adversary could use a cyberweapon to destroy power plants, water treatment facilities, or other critical infrastructure assets here in the United States, but the Stuxnet story showed how the American military itself could use an offensive cyberweapon against an enemy.
The Pentagon launched its much-anticipated “Strategy for Operating in Cyberspace” in July 2011, it appeared the US military was interested only in protecting its own computer networks, not in attacking anyone else’s. Today, the US Air Force budget request for 2013 included $4 billion in proposed spending to achieve “cyberspace superiority,” according to Air Force Secretary Michael Donley.
Much of the cyber talk around the Pentagon these days is about offensive operations. It is no longer enough for cyber troops to be deployed along network perimeters, desperately trying to block the constant attempts by adversaries to penetrate front lines. The US military’s geek warriors are now prepared to go on the attack, armed with potent cyberweapons that can break into enemy computers with pinpoint precision.
The new interest in attacking enemies rather than simply defending against them has even spread to the business community. Like their military counterparts, cybersecurity experts in the private sector have become increasingly frustrated by their inability to stop intruders from penetrating critical computer networks to steal valuable data or even sabotage network operations. The new idea is to pursue the perpetrators back into their own network.
DDoS attacks disrupt service to customers of a website by directing, all at once, a deluge of traffic to the site. This is effected by way of a botnet, a “zombie” network of computers infected with a virus that can be remotely controlled by the hacker. According to experts cited in the report, the malware that created the botnet, Itsoknoproblembro, was hishgly sophisticated and, unlike other botnets, virtually untraceable.
A cyberweapon could take down computer networks and even destroy physical equipment without the civilian casualties that a bombing mission would entail. Used preemptively, it could keep a conflict from evolving in a more lethal direction. The targeted country would have a hard time determining where the cyber attack came from.
Achieving “cyber superiority” in a twenty-first-century battle space is analogous to the establishment of air superiority in a traditional bombing campaign. Before strike missions begin against a set of targets, air commanders want to be sure the enemy’s air defense system has been suppressed. Radar sites, antiaircraft missile batteries, enemy aircraft, and command-and-control facilities need to be destroyed before other targets are hit. Similarly, when an information-dependent combat operation is planned against an opposing military, the operational commanders may first want to attack the enemy’s computer systems to defeat his ability to penetrate and disrupt the US military’s information and communication networks.
Some writers foresee a dangerous new world, created by the United States and Israel with the deployment of Stuxnet and, of course, the Iran's retaliation, if it is proven accurate; countries around the world can now argue that it is legitimate to use malware pre-emptively against their enemies. One danger is that US adversaries, notably including Russia and China, may now cite the use of Stuxnet and the Iran's retaliation to support their argument that an international treaty regulating the use of cyberweapons may be needed. The United States has long opposed such a treaty on the grounds that it would undermine its own technological advantages in cyberspace and could also lead to efforts to regulate the Internet in ways that would harm freedom of expression and information.
It is now obvious that adversarial actions in cyberspace have fundamentally changed warfighting, crime, espionage, and business competition. Our institutions must adapt to this new reality, and quickly, or we will face the danger of cyber chaos and anarchy.
By Guylain Gustave Moke