Pierluigi Paganini April 03, 2012

Article Published on The Hacker New Magazine – April Edition “Cyber_Warfare”

First let’s try to provide a definition of cyber-weapon, to do this I get inspiration from an article written by experts Thomas Rid and Peter McBurney. Correctly define cyber weapon has significant legal and political consequences as well as the security itself. The line between what is a cyber-weapon and what is not a cyber-weapon is subtle.

But drawing this line is important. For one, it has security consequences: if a tool has no potential to be used as a weapon and to do harm to one or many, it is simply less dangerous.

Secondly, drawing this line has political consequences: an unarmed intrusion is politically less explosive than an armed one. Thirdly, the line has legal consequences: identifying something as a weapon means, at least in principle, that it may be outlawed and its development, possession, or use may be punishable.

It follows that the line between weapon and non-weapon is conceptually significant: identifying something as not a weapon is an important first step towards properly understanding the problem at hand and to developing appropriate responses. The most common and probably the most costly form of cyber-attack aims to spy.

The two expert define “cyber weapon” as “a computer code that is used, or designed to be used, with the aim of threatening or causing physical, functional, or mental harm to structures, systems, or living beings“

Over the years many cyber weapons have been identified, without a doubt the most famous of which is the virus Stuxnet, and this has led to introduce many different classification for their qualifications.

An interesting classification of cyber weapons is based on spectrum of action, in this scale we introduce the following categories:

• Low potential end of the spectrum is a malware able to affect systems from outside but that is not able to penetrate the target or to create a direct harm. To this category tools and software to generate traffic to overload a system create damage to its services with a temporary effect (e.g. Denial of Service attack) without damaging.
• Medium potential end of the spectrum, any malicious intrusion  we can identify that is not able to influence the final target that is anyway able to create functional and physical damage. In this category are included generic intrusion agent like malware able to rapidly spread.
• High potential end of the spectrum is an agent that is capable to penetrate the target avoiding any protection creating a direct harm to the victim. That could be the case of a sophisticated malware that could harm a specific system like the virus Stuxnet. Inside this category we introduce a further distinction between  learning agent and intelligent agent. Stuxnet is an intelligent weapon without learning capabilities, maybe this features will be part of next generation of cyber weapons.

Cost and complexity of this cyber threats are related to the category the belong, consider also that behind high potential agents there is a long and considerable content of intelligence used to acquire information on final target and develop the weapon specific for it.

In recent years one of the topics of greatest interest in the international scientific community has been the development of new cyber weapons to use against hostile countries.
What dominates, without any doubt, was the use of viruses and other malware to attack critical infrastructure of the opponents.
The Stuxnet case did school, for sure behind its development there are government structures, most likely in the U.S. and Israel.

Why the use of a cyber weapon has proved a winner?

• First, the disclosure of such agents is silenced for the nature of the vulnerabilities that are exploited. The study of new zero-day vulnerability provides a real advantage to those who attack and the related risks of failure of operations is minimal. We consider that attacks perpetrated in this way, because of the anonymous nature of the offense, allow you to circumvent the approval by the world community to a military offensive.
• The costs involved in developing solutions such as that at issue are relatively low compared to other conventional weapons.
• The choice of cyber weapon allows those who use the solution to remain anonymous until military strategies deem it appropriate. The main strategies that use of such malware are mainly aimed at:
• Probing the technological capabilities of the enemy. The ability of an agent to infect enemy structures is symptomatic of inadequate cyber defense strategy that may suggest additional military options.
• Undermine those that are considered critical structures whose operation depends on the opponent’s vital functions of the governmental structure of a country.
• No doubt regarding the efficacy of these weapons. Events have proved that they are offensive weapons designed with the intent to infect opposing structures. The cyber weapons can be designed to hit specific targets while minimizing the noise related the usage of the weapon that can result in causing the discovery. The vector of infection can be of various kinds, such as a common USB support, being able to hit a very large number of targets in a small time interval.
• Another significant factor is the ability to predict and to observe the development of a cyber weapon by agencies intelligence. In a classical context the development of a conventional weapon can be easily identified through intelligence operations on the ground and via satellite observations can be easily identified a garrison used to develop military systems. The development of a cyber weapon is rather difficult to locate and thus hinder , even a private home may be suitable for the purpose.

To understand the real evolution of cyber weapons will propose again taken from a slide part of the presentation “Preparing for a Cyber ​​Attack” by Kevin G. Coleman.

Easy to understand how is grown over the years the technology in the development of a cyber arsenal and how dangerous are the cyber weapons of the next future.

But what are the objectives to be attacked with weapons of this kind?
The series is very wide, it is known that through a malware can affect any system in which there is a control component. To cite some examples:

• Industrial control systems, particular concern are those components that oversee the operation of such plant for energy production and delivery of services of various kinds, such as water utilities.
• Systems for territory controls
• Hospitals and government controls
• Communications networks
• Defence systems

Several intelligence studies demonstrate that more over 140 countries have a cyber weapon development program, starting from 2006 the the equity investment is a hundred times higher, with a sensible increase in the number of countries that are pursuing this kind of weapon or acquiring knowledge in the sector.

 THE cyber weapon is a unique prerogative of governments?

Unfortunately not, although behind the development of a cyber weapon there is a painstaking intelligence work and investment still large, we must keep in mind that such weapons can also be developed by groups of criminal and hacktivist with unpredictable and disastrous. As anticipated the development of a cyber weapon requires a long process of research, however, groups of hackers and cyber criminals may be able, through processes of reverse engineering, to analyze the sources code of existing weapons modifying it according their design. In this way could proliferate cyber weapons characterized by increasingly complexity and unpredictable behavior.

Let’s clarify that a cyber weapon not necessary must be used with offensive purpose, during last months a news has been circulating in some media about the Fujitsu company has subscribed a contract with the Japanese Ministry of Defense developed for a development of a new virus.
The news confirms therefore the approach introduced in this article, viruses are used as a weapon inside a cyber strategy. I cite this example to the uniqueness of the case. This time the project for the virus development should not be but for the offense purpose but for defense. That is another interesting usage of a cyber weapon, developed to defend systems and track back any cyber threats.

Regarding the project, for an approximate cost of U.S. $ 2.3 million, appears that Japan is keen to have a tool that seeks out infected computers, hopping from PC to PC, and cleans them up.
The debate on the efficacy of the method adopted is open.

Are we ready to face a cyber attack?

No doubt in recent years, international opinion was strongly sensitized on this issue and there have been huge investments in warfare. Numerous studies have demonstrated the need for adequate cyber strategy, defensive as offensive. Unfortunately the news is not good, too many critical infrastructures are still vulnerabilities to attacks carried out with this type of weapon, it is therefore necessary to monitor, with an international collaboration, the development and proliferation of these threats. The key critical infrastructures all over the world must be identified and must be defined a common defense policy … we still have much work to do.

About the Author : Pierluigi Paganini, Security Specialist

CEH – Certified Ethical Hacker, EC Council

Security Affairs ( http://securityaffairs.co/wordpress  )

Email : [email protected]

References

http://www.tandfonline.com/doi/abs/10.1080/03071847.2012.664354