tag:theconversation.com,2011:/au/topics/denial-of-service-30000/articlesdenial of service – The Conversation2022-03-01T13:44:30Ztag:theconversation.com,2011:article/1778992022-03-01T13:44:30Z2022-03-01T13:44:30ZIntelligence, information warfare, cyber warfare, electronic warfare – what they are and how Russia is using them in Ukraine<figure><img src="https://images.theconversation.com/files/449004/original/file-20220228-25-46ugq6.jpg?ixlib=rb-1.1.0&rect=3%2C0%2C1990%2C1448&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Russian forces have the capability to jam signals from satellites, affecting communications and navigation.</span> <span class="attribution"><a class="source" href="https://en.wikipedia.org/wiki/File:MAKS2015part6-51.jpg">Vitaly V. Kuzmin/Wikimedia</a>, <a class="license" href="http://creativecommons.org/licenses/by-nc-sa/4.0/">CC BY-NC-SA</a></span></figcaption></figure><p>Russia has one of the most capable and <a href="https://www.c4isrnet.com/artificial-intelligence/2021/05/24/a-warning-to-dod-russia-advances-quicker-than-expected-on-ai-battlefield-tech/">technological militaries</a> on the planet. They have advanced intelligence, information warfare, cyber warfare and electronic warfare capabilities. </p>
<p>Russia has used these technologies in recent years in combat <a href="https://www.thedefensepost.com/2018/05/01/russia-syria-electronic-warfare/">in Syria</a> and <a href="https://www.uawire.org/russia-tests-orbital-jamming-system-in-donbas">the Donbas region</a> in eastern Ukraine, and is using them in its current invasion of Ukraine.</p>
<p>The terms “intelligence,” “information,” “cyber” and “electronic” denote distinct but overlapping fields. As a <a href="https://scholar.google.com/citations?user=nNlgxmMAAAAJ&hl=en">cybersecurity professor of practice</a>, I can explain what they are and how Russia is using them in Ukraine.</p>
<h2>Intelligence and counterintelligence in the information age</h2>
<p>The role of intelligence is to gain insight about the enemy’s activity. The role of counterintelligence is to blind the enemy or distort his view. Automation in intelligence surveillance and reconnaissance – key functions of intelligence in warfare – has become a <a href="https://autoisr.dsigroup.org/">common practice for modern militaries</a>. </p>
<p>Intelligence services collect vast amounts of data from <a href="https://theconversation.com/technology-is-revolutionizing-how-intelligence-is-gathered-and-analyzed-and-opening-a-window-onto-russian-military-activity-around-ukraine-176446">open-source intelligence</a> (OSINT) – information collected from news, social media and other publicly available sources – as well as secret sources, and <a href="https://www.afcea.org/content/battling-malign-influence-open">use artificial intelligence to analyze the information</a>.</p>
<p>Russia has reportedly progressed <a href="https://www.c4isrnet.com/artificial-intelligence/2021/05/24/a-warning-to-dod-russia-advances-quicker-than-expected-on-ai-battlefield-tech/">faster at integrating AI in intelligence systems than the U.S. expected</a> them to. It’s impossible to know what information Russia has collected, but its access to OSINT, spy satellites, operatives in Ukraine, powerful computers and experienced analysts makes it likely that Russia has extensive intelligence about Ukraine’s military and political situation.</p>
<h2>Information and disinformation</h2>
<p>Information warfare is the battle waged in the news media and on social media to bolster popular support; persuade and induce the sympathy of potential allies; and simultaneously spread confusion, uncertainty and distrust in the enemy’s population.</p>
<p>Russia has used and is likely to continue to use cyber operations to subvert the Ukrainian government. For example, in the weeks leading up to both the 2014 and 2022 invasions, Ukrainian soldiers were <a href="https://www.politico.com/news/magazine/2022/02/15/10-days-inside-putins-invisible-war-with-ukraine-00008529">targeted with disinformation</a> designed to sow confusion and disorder in the event of an attack. </p>
<p>Russian messaging about <a href="https://www.reuters.com/world/europe/russia-says-it-prevented-border-breach-ukraine-kyiv-calls-it-fake-news-2022-02-21/">“liberating” portions of Ukraine</a> is the disinformation most likely aimed at an international audience, and I expect attempts to legitimize Russia’s actions will continue. </p>
<p>There is an ongoing contest to control the narrative about what is happening in Ukraine. Russia is <a href="https://www.politico.com/news/2022/02/24/social-media-platforms-russia-ukraine-disinformation-00011559">running an active disinformation campaign</a> and I expect it is using AI to find and generate content at a rapid rate. </p>
<p>Some information circulating on social media, like this video <a href="https://gizmodo.com/10-photos-and-videos-from-russias-invasion-of-ukraine-t-1848586587">purporting to show Russian bombers over Ukraine</a>, has been <a href="https://www.wwltv.com/article/news/verify/world-verify/fact-checking-more-viral-videos-from-russia-air-invasion-of-ukraine/536-1c1239bc-a5f9-4d01-9973-f589ebaea63f">proven to be fake</a>. This underscores <a href="https://apnews.com/article/russia-ukraine-technology-europe-media-social-media-123c7975a879b89b85c06877f1f12908">how difficult it is to be certain of the truth</a> with a high volume of fast-changing information in an emotionally charged, high-stakes situation like warfare.</p>
<h2>Cyber warfare</h2>
<p>Cyber warfare entails infiltrating and disrupting the enemy’s computer systems. This includes generating denial of service attacks to block access to websites, breaking into computer systems to steal or destroy data, and taking control of computer systems to disrupt critical infrastructure like power grids.</p>
<p>U.S. and U.K. intelligence agencies reported on Feb. 23, 2022 that hackers based in Russia had <a href="https://www.theguardian.com/world/2022/feb/23/russia-hacking-malware-cyberattack-virus-ukraine">unleashed a powerful new type of malware</a> against targets in Ukraine. The attacks appear to have been <a href="https://www.bloomberg.com/news/articles/2022-02-26/hackers-destroyed-data-at-key-ukraine-agency-before-invasion">targeted at Ukrainian government and telecommunications facilities</a>, including the Ministry of Internal Affairs, and involve the theft and destruction of data.</p>
<p>Russia’s invasion of Ukraine was preceded by <a href="https://www.npr.org/2022/01/19/1074172805/more-than-70-ukrainian-government-websites-have-been-defaced-in-cyber-attacks">several weeks of cyberattacks</a>, including <a href="https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/">an attack that posted a fake ransomware note and then destroyed data</a>. These attacks were part of a multi-year <a href="https://theconversation.com/russia-has-been-at-war-with-ukraine-for-years-in-cyberspace-176221">campaign of cyber warfare against Ukraine</a>, which included attacks on <a href="https://www.wired.com/story/russia-ukraine-cyberattack-power-grid-blackout-destruction/">portions of the country’s power grid</a>. </p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/Bc5mxd4O1SI?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
<figcaption><span class="caption">Chris Krebs, former director of the U.S. Cybersecurity and Infrastructure Security Agency, discusses Russian cyberattacks against Ukraine.</span></figcaption>
</figure>
<p>A rapid response team of cybersecurity experts in the European Union has <a href="https://www.bbc.com/news/technology-60484979">mobilized to assist Ukraine</a> in defending against cyberattacks by detecting when attacks are occurring. The Ukrainian government has also <a href="https://www.usnews.com/news/world/articles/2022-02-24/exclusive-ukraine-calls-on-hacker-underground-to-defend-against-russia">called on the Ukrainian hacker community</a> to help defend the country, by protecting computer systems that control critical infrastructure like the power grid.</p>
<h2>Electronic warfare</h2>
<p>Electronic warfare describes efforts to disrupt or misdirect the enemy’s electronic systems like radar and communications networks. It can include blocking radio signals, <a href="https://theconversation.com/experts-suggest-us-embassies-were-hit-with-high-power-microwaves-heres-how-the-weapons-work-151730">remotely destroying computer circuits</a> and <a href="https://www.thedrive.com/the-war-zone/13549/russia-may-be-testing-its-gps-spoofing-capabilities-around-the-black-sea">spoofing GPS signals</a> to disrupt navigation.</p>
<p>Russia has a long history of controlling the electromagnetic spectrum. Because of Russia’s <a href="https://defensionem.com/russian-electronic-warfare-systems/">advanced electronic warfare capabilities</a>, its force may be able to take down the internet and cell towers using a range of techniques. </p>
<p>Russia has used systems that <a href="https://www.uawire.org/russia-tests-orbital-jamming-system-in-donbas">interfere with the signal reception from satellites</a> in eastern Ukraine. These systems can be used to block communications and disrupt control of drones.</p>
<h2>Mastering new technologies</h2>
<p>The old game of spycraft has taken on new technologies, but I think it is useful to remember that the ability to win wars during revolutions in military affairs is generally determined by the <a href="https://doi.org/10.1017/CBO9780511817335">ability to integrate new technologies</a> into a country’s military and intelligence operations. </p>
<p>Though the Russian military has shown some interesting technological innovations in recent years, it’s not clear whether it has mastered this new way of conducting warfare.</p>
<p>[<em>Like what you’ve read? Want more?</em> <a href="https://memberservices.theconversation.com/newsletters/?source=inline-likethis">Sign up for The Conversation’s daily newsletter</a>.]</p><img src="https://counter.theconversation.com/content/177899/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>I am a Reservist in the U.S. Army.</span></em></p>From jamming satellite signals to spreading disinformation, Russia’s military has sophisticated technologies it’s bringing to the battlefield in Ukraine.Justin Pelletier, Professor of Practice of Computing Security, Rochester Institute of TechnologyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/679802017-01-05T01:39:03Z2017-01-05T01:39:03ZAttackers can make it impossible to dial 911<figure><img src="https://images.theconversation.com/files/148322/original/image-20161201-25660-w3qwu9.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">When calling these people, you want to be able to get through.</span> <span class="attribution"><a class="source" href="http://www.fairfaxcounty.gov/911/aboutus.htm">Fairfax County, Virginia</a></span></figcaption></figure><p>It’s not often that any one of us needs to dial 911, but we know how important it is for it to work when one needs it. It is critical that 911 services always be available – both for the practicality of responding to emergencies, and to give people peace of mind. But a new type of attack has emerged that can <a href="https://arxiv.org/pdf/1609.02353v1.pdf">knock out 911 access</a> – our research explains how these attacks occur as a result of the system’s <a href="https://arxiv.org/pdf/1609.02353v1.pdf">vulnerablities</a>. We show these attacks can create extremely serious repercussions for public safety.</p>
<p>In recent years, people have become more aware of a type of cyberattack called “denial-of-service,” in which websites are flooded with traffic – often generated by many computers hijacked by a hacker and acting in concert with each other. This <a href="https://www.akamai.com/us/en/our-thinking/state-of-the-internet-report/global-state-of-the-internet-security-ddos-attack-reports.jsp">happens all the time</a>, and has affected traffic to <a href="http://www.aba.com/tools/function/fraud/pages/distributeddenialofserviceattacks-ddos.aspx">financial institutions</a>, <a href="http://www.zdnet.com/article/blizzard-hit-with-ddos-disrupting-play-for-gamers/">entertainment companies</a>, <a href="http://www.politico.eu/article/hackers-attack-european-commission/">government agencies</a> and even <a href="https://www.wired.com/2016/10/internet-outage-ddos-dns-dyn/">key internet routing services</a>.</p>
<p>A similar attack is possible on 911 call centers. In October, what appears to be the <a href="http://arstechnica.com/security/2016/10/teen-arrested-for-iphone-hack-that-threatened-emergency-911-system/">first such attack launched from a smartphone happened in Arizona</a>. An <a href="http://www.azcentral.com/story/news/local/surprise-breaking/2016/10/27/phoenix-meetkumar-desai-arrested-cyberattack-911-system/92847226/">18-year-old hacker was arrested</a> on charges that he conducted a telephone denial-of-service attack on a local 911 service. If we are to prevent this from happening in more places, we need to understand how 911 systems work, and where the weaknesses lie, both in technology and policy.</p>
<h2>Understanding denial of service</h2>
<p>Computer networks have capacity limits – they can handle only so much traffic, so many connections, at one time. If they get overloaded, new connections can’t get through. The same thing happens with phone lines – which are mostly computer network connections anyway.</p>
<p>So if an attacker can manage to tie up all the available connections with malicious traffic, no legitimate information – like regular people browsing a website, or calling 911 in a real emergency – can make it through.</p>
<p>This type of attack is most often done by spreading malware to a great many computers, infecting them so that they can be controlled remotely. Smartphones, which are after all just very small computers, can also be hijacked in this way. Then the attacker can tell them to inundate a particular site or phone number with traffic, effectively taking it offline. </p>
<p>Many internet companies have taken significant steps to guard against this sort of attack online. For example, <a href="https://projectshield.withgoogle.com/public/">Google Shield</a> is a service that protect news sites from attacks by using Google’s massive network of internet servers to filter out attacking traffic while allowing through only legitimate connections. Phone companies, however, have not taken similar action.</p>
<h2>Addressing the 911 telephone system</h2>
<p>Before 1968, American emergency services had local phone numbers. People had to <a href="https://www.nh.gov/safety/divisions/emergservices/nh911/pubinfo/documents/history.pdf">dial specific numbers</a> to reach the fire, police or ambulance services – or could dial “0” for the operator, who could connect them. But that was inconvenient, and dangerous – people couldn’t remember the right number, or didn’t know it because they were just visiting the area. </p>
<p>The 911 system was created to serve as a more universal and effective system. As it has developed over the years, a 911 caller is connected with a specialized call center – called a public safety answering point – that is responsible for getting information from the caller and dispatching the appropriate emergency services.</p>
<p>These call centers are located in communities across the country, and each provides service to specific geographic regions. Some serve individual cities, while others serve wider areas, such as counties. When telephone customers dial 911 on their landlines or mobile phones, the telephone companies’ systems make the connection to the appropriate call center.</p>
<p>To better understand how denial-of-service attacks could affect 911 call systems, we created a detailed computer simulation of North Carolina’s 911 infrastructure, and a general simulation of the entire U.S. emergency-call system.</p>
<h2>Investigating the impact of an attack</h2>
<p>After we set up our simulation, we attacked it to find out how vulnerable it is. We found that it was possible to significantly reduce the availability of 911 service with only 6,000 infected mobile phones – just 0.0006 percent of the state’s population.</p>
<p>Using only that relatively small number of phones, it is possbile to effectively block 911 calls from 20 percent of North Carolina landline callers, and half of mobile customers. In our simulation, even people who called back four or five times would not be able to reach a 911 operator to get help.</p>
<p>Nationally, a similar percentage, representing just 200,000 hijacked smartphones, would have a similar effect. But this is, in a certain sense, an optimistic finding. Trey Forgety, the director of government affairs for the National Emergency Number Association, responded to our findings in the Washington Post, saying, “<a href="https://www.washingtonpost.com/news/the-switch/wp/2016/09/09/how-americas-911-emergency-response-system-can-be-hacked/">We actually believe that the vulnerability is in fact worse than [the researchers] have calculated</a>.”</p>
<h2>Policy makes the threat worse</h2>
<p>These sorts of attacks could, potentially, be made less effective if malicious calls were identified and blocked at the moment they were placed. Mobile phones have two different kinds of identifying information. The IMSI (International Mobile Subscriber Identity) is the phone number a person must call to reach that phone. The IMEI (International Mobile Station Equipment Identity) is used to track the specific physical device on the network.</p>
<p>A defense system could be set up to identify 911 calls coming from a particular phone that has made more than a certain number of 911 calls in a given period of time – say more than 10 calls in the last two minutes.</p>
<p>This raises ethical problems – what if there is a real and ongoing emergency, and someone keeps losing phone reception while talking to a dispatcher? If they called back too many times, would their cries for help be blocked? In any case, attackers who take over many phones could circumvent this sort of defense by telling their hijacked phones to call less frequently – and by having more individual phones make the calls. </p>
<p>But federal rules to ensure access to emergency services mean this issue might be moot anyway. A 1996 Federal Communications Commission order requires mobile phone companies to <a href="https://transition.fcc.gov/pshs/services/911-services/enhanced911/archives/factsheet_requirements_012001.pdf">forward all 911 calls directly</a> to emergency dispatchers. Cellphone companies are not allowed to check whether the phone the call is coming from has paid to have an active account in service. They cannot even check whether the phone has a SIM card in place. The FCC rule is simple: If anyone dials 911 on a mobile phone, they must be connected to an emergency call center.</p>
<p>The rule makes sense from a public safety perspective: If someone is having (or witnessing) a life-threatening emergency, they shouldn’t be barred from seeking help just because they didn’t pay their cellphone bill, or don’t happen to have an active account. </p>
<p>But the rule opens an vulnerability in the system, which attackers can exploit. A sophisticated attacker could infect a phone in a way that makes it dial 911 but report it does not have a SIM card. This “anonymized” phone reports no identity, no phone number and no information about who owns it. Neither the phone company nor the 911 call center could block this call without possibly blocking a legitimate call for help.</p>
<p>The countermeasures that exist, or are possible, today are difficult and highly flawed. Many of them involve blocking certain devices from calling 911, which carries the risk of preventing a legitimate call for help. But they indicate areas where further inquiry – and collaboration between researchers, telecommunications companies, regulators and emergency personnel – could yield useful breakthroughs. </p>
<p>For example, cellphones might be required to run a monitoring software to block themselves from making fraudulent 911 calls. Or 911 systems could examine identifying information of incoming calls and prioritize those made from phones that are not trying to mask themselves. We must find ways to safeguard the 911 system, which protects us all.</p><img src="https://counter.theconversation.com/content/67980/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Yisroel Mirsky is affiliated with the department of software and information systems engineering at Ben-Gurion University, and the BGU Cyber Security Research Center. </span></em></p><p class="fine-print"><em><span>Mordechai Guri and Yuval Elovici do not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and have disclosed no relevant affiliations beyond their academic appointment.</span></em></p>‘Denial of service’ cyberattacks are increasingly used to shut down websites. New research reveals that 911 call centers are vulnerable to the threat as well.Mordechai Guri, Head of R&D, Cyber Security Research Center; Chief Scientist, Morphisec endpoint security, Ben-Gurion University of the NegevYisroel Mirsky, Ph.D. Candidate in Information Systems Engineering, Ben-Gurion University of the NegevYuval Elovici, Professor of Information Systems Engineering, Ben-Gurion University of the NegevLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/664932016-10-07T02:22:33Z2016-10-07T02:22:33ZHacked by your fridge: the Internet of Things could spark a new wave of cyber attacks<figure><img src="https://images.theconversation.com/files/140818/original/image-20161007-32691-1n94wtc.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">There will soon be billions of connected smart devices, and they could be turned against us.</span> <span class="attribution"><span class="source">Shutterstock</span></span></figcaption></figure><p>The past few weeks have seen a remarkable and somewhat alarming development in cyber security. It comes in the wake of a distributed denial of service (DDoS) attack that has forced a rethink of how we can deal with attacks of this nature in the future. </p>
<p>The attack was aimed at the <a href="https://krebsonsecurity.com/">Krebs on Security</a> website, a well established source of valuable information on cyber crime. </p>
<p>What was remarkable about this particular attack was the sheer volume of traffic involved. According to the author himself, the attack reached around <a href="https://krebsonsecurity.com/2016/09/krebsonsecurity-hit-with-record-ddos/">620 gigabits per second</a>, which is nearly twice the amount seen in the previous record-breaking DDoS attack. </p>
<p>To put things in perspective, this is like the website being hit by one and a half Blu-ray discs’ worth of data every second. The average DDoS in 2014 involved traffic of around <a href="http://www.scmagazine.com/report-shows-42-percent-of-attacks-leveraged-more-than-1-gbps-of-attack-traffic/article/399206/">7.5Gb/s</a>, and yet only two years later the volume has increased by a factor of 10-15. </p>
<p>The sustained attack eventually forced the website’s DDoS protection provider, Akamai cloud services, which had been providing security for the site free of charge, to admit that it could not handle that sort of attack pro bono, and thus the Krebs on Security site had to move.</p>
<p>However, since the Krebs attack, there has been a claim made of yet another attack that involved more than <a href="http://thehackernews.com/2016/09/ddos-attack-iot.html">1 terabit per second</a> of traffic. </p>
<p>The claim is currently being investigated, and if it is confirmed, it highlights the challenge that organisations face in dealing with massive DDoS attacks. </p>
<p>Apart from the record volume of data involved, the Krebs attack also set an unfortunate precedent by forcing a high-profile security website offline for several days. The attack was successful and has demonstrated the vast potential of this type of weaponised DDoS attack. </p>
<h2>Internet of threats</h2>
<p>This DDoS was also remarkable in terms of how it was executed. Most DDoS attacks use a tried-and-true method called amplification or reflection. This involves using a number of computers on the internet – often in the form of a “<a href="https://theconversation.com/zombie-computers-cyber-security-phishing-what-you-need-to-know-1671">botnet</a>” of compromised computers – to exploit quirks in the internet’s domain name server (DNS) system to turn a small amount of data into a torrent directed at the target website or server.</p>
<p>However, in the Krebs attack, we saw something new: it wasn’t executed by conventional computers, but rather by Internet of Things (<a href="https://theconversation.com/au/topics/internet-of-things-1724">IoT</a>) devices – including innocuous things like digital video recorders and security cameras. </p>
<p>This is an important and worrying development for two reasons. First, the devices themselves are not designed with security as a key focus; convenience and cost are the main considerations. </p>
<p>It is true that many of the IoT devices lack the computational and memory resources that are common in devices such as mobile phones, which reduces their capability from a hacker’s point of view. However, IoT devices are still susceptible to malware, and an enterprising criminal group can build a vast botnet given the time and relatively low investment. </p>
<p>Second, even though their capabilities are lower than a regular computer, they are still more than capable of executing a DDoS attack if employed in sufficient numbers. And those numbers are growing daily. It is expected that more than 50 billion IoT devices will be plugged into the internet by 2020.</p>
<p>Unless the security measures and settings improve significantly in the next four years, there will be literally billions of devices that could be compromised and used for malicious purposes. As Joseph Stalin is reputed to have said: quantity has a quality all of its own.</p>
<p>These IoT DDoS attacks can be mitigated to some extent, but if the attack is well organised then the best we can aim for is damage mitigation. The nature of DDoS attacks makes them very difficult to handle, especially if the instigator is competent. </p>
<p>Presently, we are not ready to handle large scale attacks of this nature. Most organisations, including major financial institutions, would be at least partially crippled by a sustained attack similar to the Krebs one. </p>
<p>The reason for the lack of readiness is simple: the cost involved is, in most cases, beyond the financial capabilities of most organisations. </p>
<p>However, one thing that is more affordable, and thus can be done to increase the readiness, is planning for such attacks. Rather than hoping that nothing significant will happen, it is best to plan for such attacks so that when they occur (and they will), everyone will know what they should be doing to mitigate the damage.</p><img src="https://counter.theconversation.com/content/66493/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Mihai Lazarescu does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>A recent massive distributed denial-of-service attack by compromised Internet of Things devices highlights a growing cyber security threat.Mihai Lazarescu, Associate Professor and head of the Department of Computing, Curtin UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/635442016-08-05T10:01:08Z2016-08-05T10:01:08ZIf two countries waged cyber war on each another, here’s what to expect<figure><img src="https://images.theconversation.com/files/133136/original/image-20160804-513-1eqkv50.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><a class="source" href="http://www.shutterstock.com/pic-124191613/stock-photo-hacker-attack-background.html?src=BSvU_gtuq7pgomeZg_fxDw-1-19">lolloj</a></span></figcaption></figure><p>Imagine you woke up to discover a massive cyber attack on your country. All government data has been destroyed, taking out healthcare records, birth certificates, social care records and so much more. The transport system isn’t working, traffic lights are blank, immigration is in chaos and all tax records have disappeared. The internet has been reduced to an error message and daily life as you know it has halted. </p>
<p>This might sound fanciful but don’t be so sure. When countries declare war on one another in future, this sort of disaster might be the opportunity the enemy is looking for. The internet has brought us many great things but it has made us more vulnerable. Protecting against such futuristic violence is one of the key challenges of the 21st century. </p>
<p>Strategists know that the most fragile part of internet infrastructure is the energy supply. The starting point in serious cyber warfare may well be to trip the power stations which power the data centres involved with the core routing elements of the network. </p>
<p>Back-up generators and uninterruptible power supplies might offer protection, but they don’t always work and can potentially be hacked. In any case, backup power is usually designed to shut off after a few hours. That is enough time to correct a normal fault, but cyber attacks might require backup for days or even weeks. </p>
<p>William Cohen, the former US secretary of defence, <a href="http://www.newsmax.com/Newsfront/William-Cohen-defense-chief-terrorist-attack-power-grid/2015/06/29/id/652742/">recently predicted</a> such a major outage would cause large-scale economic damage and civil unrest throughout a country. In a war situation, this could be enough to bring about defeat. Janet Napolitano, a former secretary at the US Department of Homeland Security, <a href="http://www.offthegridnews.com/grid-threats/napolitano-warns-downed-power-grid-is-inevitable-due-to-cyber-attack/">believes</a> the American system is not well enough protected to avoid this. </p>
<h2>Denial of service</h2>
<p>An attack on the national grid could involve what is called a <a href="http://www.webopedia.com/TERM/D/DDoS_attack.html">distributed denial of service (DDoS) attack</a>. These use multiple computers to flood a system with information from many sources at the same time. This could make it easier for hackers to neutralise the backup power and tripping the system. </p>
<p>DDoS attacks are also a major threat in their own right. They could overload the main network gateways of a country and cause major outages. Such attacks are commonplace against the private sector, particularly finance companies. Akamai Technologies, which controls 30% of internet traffic, <a href="https://www.akamai.com/uk/en/about/news/press/2016-press/akamai-releases-first-quarter-2016-state-of-the-internet-security-report.jsp">recently said</a> these are the most worrying kind of attack and becoming ever more sophisticated. </p>
<p>Akamai recently monitored a sustained attack against a media outlet of 363 gigabits per second (Gbps) – a scale which few companies, let alone a nation, could cope with for long. Networks specialist Verisign <a href="https://www.verisign.com/en_GB/forms/reportcyberthreatstrends.xhtml">reports</a> a shocking 111% increase in DDoS attacks per year, almost half of them over 10 Gbps in scale – much more powerful than previously. The <a href="https://www.akamai.com/uk/en/about/news/press/2016-press/akamai-releases-first-quarter-2016-state-of-the-internet-security-report.jsp">top sources</a> are Vietnam, Brazil and Colombia.</p>
<p><strong>Number of attacks</strong></p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/133098/original/image-20160804-496-1r4cwza.png?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/133098/original/image-20160804-496-1r4cwza.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/133098/original/image-20160804-496-1r4cwza.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=294&fit=crop&dpr=1 600w, https://images.theconversation.com/files/133098/original/image-20160804-496-1r4cwza.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=294&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/133098/original/image-20160804-496-1r4cwza.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=294&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/133098/original/image-20160804-496-1r4cwza.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=369&fit=crop&dpr=1 754w, https://images.theconversation.com/files/133098/original/image-20160804-496-1r4cwza.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=369&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/133098/original/image-20160804-496-1r4cwza.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=369&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption"></span>
<span class="attribution"><span class="source">Verisign</span></span>
</figcaption>
</figure>
<p><strong>Scale of attacks</strong></p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/133100/original/image-20160804-505-1p0xdpd.png?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/133100/original/image-20160804-505-1p0xdpd.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/133100/original/image-20160804-505-1p0xdpd.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=177&fit=crop&dpr=1 600w, https://images.theconversation.com/files/133100/original/image-20160804-505-1p0xdpd.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=177&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/133100/original/image-20160804-505-1p0xdpd.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=177&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/133100/original/image-20160804-505-1p0xdpd.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=223&fit=crop&dpr=1 754w, https://images.theconversation.com/files/133100/original/image-20160804-505-1p0xdpd.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=223&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/133100/original/image-20160804-505-1p0xdpd.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=223&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption"></span>
<span class="attribution"><span class="source">Verisign</span></span>
</figcaption>
</figure>
<p>Most DDoS attacks swamp an internal network with traffic <a href="http://security.stackexchange.com/questions/35571/how-does-a-reflection-attack-work">via the</a> DNS and NTP servers that provide most core services within the network. Without DNS the internet wouldn’t work, but it is weak from a security point of view. Specialists have been trying to come up with a solution, but building security into these servers to recognise DDoS attacks appears to mean re-engineering the entire internet. </p>
<h2>How to react</h2>
<p>If a country’s grid were taken down by an attack for any length of time, the ensuing chaos would potentially be enough to win a war outright. If instead its online infrastructure were substantially compromised by a DDoS attack, the response would probably go like this:</p>
<p><strong>Phase one: Takeover of network</strong>: the country’s security operations centre would need to take control of internet traffic to stop its citizens from crashing the internal infrastructure. We <a href="https://www.linkedin.com/pulse/turkey-shows-hint-what-would-happen-cyber-warfare-william-buchanan?articleId=8214254822041100839">possibly saw this</a> in the failed Turkish coup a few weeks ago, where YouTube and social media went completely offline inside the country. </p>
<p><strong>Phase two: Analysis of attack</strong>: security analysts would be trying to figure out how to cope with the attack without affecting the internal operation of the network. </p>
<p><strong>Phase three: Observation and large-scale control</strong>: the authorities would be faced with countless alerts about system crashes and problems. The challenge would be to ensure only key alerts reached the analysts trying to overcome the problems before the infrastructure collapsed. A key focus would be ensuring military, transport, energy, health and law enforcement systems were given the highest priority, along with financial systems. </p>
<p><strong>Phase four: Observation and fine control</strong>: by this stage there would be some stability and the attention could turn to lesser but important alerts regarding things like financial and commercial interests.</p>
<p><strong>Phase five: Coping and restoring</strong>: this would be about restoring normality and trying to recover damaged systems. The challenge would be to reach this phase as quickly as possible with the least sustained damage. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/133139/original/image-20160804-513-143grda.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/133139/original/image-20160804-513-143grda.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/133139/original/image-20160804-513-143grda.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=356&fit=crop&dpr=1 600w, https://images.theconversation.com/files/133139/original/image-20160804-513-143grda.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=356&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/133139/original/image-20160804-513-143grda.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=356&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/133139/original/image-20160804-513-143grda.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=447&fit=crop&dpr=1 754w, https://images.theconversation.com/files/133139/original/image-20160804-513-143grda.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=447&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/133139/original/image-20160804-513-143grda.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=447&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Mission: recovery.</span>
<span class="attribution"><a class="source" href="http://www.shutterstock.com/pic-354538334/stock-photo-specialists-with-network-cable-macro-photo.html?src=oBinwJXlUrmMHubLWEQt7w-1-34">kirill_makarov</a></span>
</figcaption>
</figure>
<h2>State of play</h2>
<p>If even the security-heavy US is concerned about its grid, the same is likely to be true of most countries. I suspect many countries are not well drilled to cope with sustained DDoS, especially given the fundamental weaknesses in DNS servers. Small countries are particularly at risk because they often depend on infrastructure that reaches a central point in a larger country nearby. </p>
<p>The UK, it should be said, is probably better placed than some countries to survive cyber warfare. It enjoys an independent grid and GCHQ and the National Crime Agency have helped to encourage some of the best private sector security operations centres in the world. Many countries could probably learn a great deal from it. Estonia, whose infrastructure was disabled for several days in 2007 <a href="http://www.nbcnews.com/id/31801246/ns/technology_and_science-security/t/look-estonias-cyber-attack/">following</a> a cyber attack, is now <a href="https://next.ft.com/content/be26fbd2-5005-11e6-88c5-db83e98a590a">looking at</a> moving copies of government data to the UK for protection. </p>
<p>Given the current level of international tension and the potential damage from a major cyber attack, this is an area that all countries need to take very seriously. Better to do it now rather than waiting until one country pays the price. For better and worse, the world has never been so connected.</p><img src="https://counter.theconversation.com/content/63544/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Bill Buchanan does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>How the internet has made us terrifyingly vulnerable.Bill Buchanan, Head, The Cyber Academy, Edinburgh Napier UniversityLicensed as Creative Commons – attribution, no derivatives.