Security and Privacy in a Networked World/Cyberwars
NOTEː This text uses links to Wikipedia for further reference (and also to outline the public nature of the information provided here).
The Online Battlefield
editIn the information age, waging war also changes. Formal, declared wars between nations and states are replaced by sponsored crime, terrorism and 'special operations'. Special forces and non-lethal weaponry become more important, as do psychological operations, propaganda and manipulation/control of media.
Using IT in a military context today involves various applications, for example
- cryptography
- propaganda and disinformation (including controlling the public on both sides of the 'front')
- communication interception (cyberespionage, both domestic and international)
- communication disruption and sabotage (cyberattacks on infrastructure using e.g. DDOS)
Cryptography has a history that spans far before the Internet age. So does propaganda, albeit the information warfare has gained many new measures with the advent of social media (as exemplified by "Facebook revolutions" worldwide). Cyberespionage has its predecessors in various technologies of the mid-20th century. While communication disruption and sabotage have some ancestors in the pre-IT era, its true potency has only been realized recently - the first widely published case was likely w:en:Stuxnet. However, current threat analyses point out actual attack vectors towards critical infrastructure, e.g. the power grid (the central website of the US Office of Electricity Delivery and Energy reliability, energy.gov, has an extensive section on cybersecurity).
It's been a long way
editWhile military cryptography can be traced back to the antiquity (e.g. w:en:Scytale), the connection with IT was probably first made with w:en:Enigma machine - as many chapters of early history of computers, e.g. the work of w:en:Alan Turing as well as one of the pretenders to the title of the first modern computer, w:en:Colossus computer, were linked to them.
In cyberespionage and surveillance, the recent scandal of NSA has its roots in the w:en:Quadripartite Agreement (1947) (UKUSA) of 1947 and the development of w:en:ECHELON in the 1960s. Earlier, a kind of unspoken rule had dictated avoidance of spying after a country's own subjects - the UKUSA found an elegant bypass in mutual surveillance and subsequent exchange of collected information. It also strived to cover the whole world by assigning areas of responsibility to every participating country (a version of the scheme can be found at http://cryptome.org/jya/echelon-bw.htm).
ECHELON was originally meant to intercept and collect information transferred over short wave radio, but went on to keep pace with evolving technology, gradually also covering telephone, fax, mobile phones and different channels of Internet communication.
Prominent examples of technological surveillance include
- NSA spy satellites (w:en:Canyon (satellite), w:en:Vortex/Chalet and w:en:Mercury (satellite) series) - used to intercept a wide range of radio communications since the 60s
- w:en:Project SHAMROCK - a large-scale interception of telegrams within the US in the 70s
- w:en:Project MINARET - surveillance of electronic communications involving 'suspicious' persons in the US in the 70s
- w:en:Ivy bells - a US Navy, CIA and NSA mission to wiretap Soviet sea cables in the 70s
- w:en:Stellar Wind (code name) - a large-scale data mining and interception programme targetting US citizens since about 2001 (sources disagree on whether it is still active)
- w:en:Turbulence (NSA) - a network traffic interception and cyber-warfare programme of the NSA since about 2005
- w:en:DCSNet - an 'on-the-run' wiretapping system run by the FBI, reportedly capable to intercept most electronic channels in the US
- w:en:PRISM (surveillance program) - a joint US/UK surveillance programme since 2007.
It should also be noted that the US surveillance systems are occasionally also used to help US companies against competitors (some cases are mentioned e.g. here: https://www.fas.org/irp/program/process/991101-echelon-mj.htm).
China and Russia
editThese two countries deserve a special notice for largely defining the state of cyberwar in recent times (along with the US). Both have a long authoritarian state tradition with long history of propaganda and indoctrination at all levels of society, making it easy to turn ordinary citizens into 'cyber-soldiers' (examples include the w:en:Honker Union and w:en:Red Hacker Alliance in China as well as various Russian initiatives like those seen in Estonia in 2007, Georgia in 2008 and currently in Ukraine). Both have also conducted direct operations on other countries' infrastructure (notably w:en:Moonlight Maze by Russians as well as w:en:Titan Rain and w:en:Operation Aurora by Chinese).
It should also be noted that authoritarian regimes have an inherent advantage in information warfare against democratic states - they can freely engage in disinformation under the premise of free speech, while keeping their own subjects more or less effectively within the information sphere of the government. Perhaps the most prominent example is the w:en:Golden Shield Project in China (also known as 'The Great Firewall of China') that filters out information that is deemed unsuitable by government, as well as performs surveillance of traffic.
Additional reading and links
edit- BEECH, Hannah. China’s Red Hackers: The Tale of One Patriotic Cyberwarrior. http://world.time.com/2013/02/21/chinas-red-hackers-the-tale-of-one-patriotic-cyberwarrior/
- CAMPBELL, Duncan. Inside Echelon. http://echelononline.free.fr/documents/dc/inside_echelon.htm
- DUNHAM, Roger C. Spy Sub: Top-Secret Mission to the Bottom of the Pacific.
- HAGER, Nicky. The Secret Power. http://www.nickyhager.info/secret-power-new-zealands-role-in-the-international-spy-network/
- RIJMENANTS, Dirk. Dirk's Weblog: Cipher Machines & Cryptology / Intelligence / Security. http://rijmenants.blogspot.com/
- SONTAG, Sherry, DREW, Christopher. Blind Man's Bluff: The Untold Story of American Submarine Espionage.
- WALTON, Greg. China's Golden Shield: Corporations and the Development of Surveillance Technology in the People's Republic of China. http://www.freerepublic.com/focus/fr/582542/posts
- The Enigma and the Bombe. http://www.ellsbury.com/enigmabombe.htm
- The Great Firewall of China. http://www.greatfirewallofchina.org/
- The Tallinn Manual on the International Law Applicable to Cyber Warfare. https://ccdcoe.org/tallinn-manual.html
Also in Estonian:
- MÄGI, Harri, VITSUT, Lauri. Infosõda: visioonid ja tegelikkus. Eesti Ekspressi kirjastus 2008.
Study & Blog
edit- Study a published case of cyberwarfare and write a short report.