The difference between cyber crime, cyber espionage, and cyber war is often just a matter of a few keystrokes, as they use the same techniques. Richard Clarke, chairman of Good Harbor Consulting, highlighted this during his keynote at the RSA Europe 2010 conference in London.
Cyber Crime
Cyber crime is not just a theory; it happens every day. Clarke explained that just two weeks ago, there were arrests of a cyber cartel in the US. However, those arrested were students acting as mules. These mules simply open a bank account and allow money to flow in and out of it, being the lowest level in the cyber crime hierarchy.
Clarke elaborated that these cartels are often based in Moldova, Estonia, Belarus, or Russia. After lengthy investigations involving warrants to search computers and servers, crimes are traced back to these countries. However, cooperation from these countries is often nonexistent, making them effective cyber sanctuaries. As long as attacks happen outside their borders and cyber criminals provide kickbacks to the police, local authorities turn a blind eye. This complicity can extend further, with governments using these cyber criminals to attack other nations while maintaining plausible deniability.
Clarke compared this to the issue of money laundering. Countries traditionally involved in laundering money were approached with norms and enforcement standards to prevent the problem. When they failed to comply, they were threatened with consequences such as currency devaluation. The same approach can be applied to cyber crime, he suggested. If these countries don't meet the standards, we could limit or monitor traffic in and out of them. Currently, little is being done, and cyber crime remains profitable.
Corporate Cyber Espionage
Cyber criminals break into networks to steal identifications, money, and credentials. Cyber espionage comes in two forms, with industrial espionage being the first. Major corporations hire business intelligence firms to gather information on their competitors, often ignoring the sources of this intelligence. Stolen items typically include industrial designs, chemical formulas, new product information, and aerospace data.
Clarke cited the recent Google hack, which affected 3,000 other US companies, all of which had updated security measures in place. Many of these companies spend tens or hundreds of millions annually on cybersecurity. However, most US companies that knew they had been attacked were informed by an external source. When data is stolen, it remains on the network, making detection difficult. Terabytes of information could be exfiltrated without obvious signs.
He shared an incident where a sophisticated cyber research facility discovered a hack and could only stop it by disconnecting their systems. Every countermeasure they implemented was met with a counter-attack, keeping them offline for days. If this happens to advanced companies, less sophisticated organizations are undoubtedly losing critical data, including source codes for operating systems and routers.
Cyber Warfare
The line between cyber espionage and cyber warfare is thin, Clarke explained. The same techniques apply. Cyber warfare involves accessing networks with the intent to damage, disrupt, or destroy. The US conducted an experiment demonstrating that they could manipulate a SCADA system to cause a generator to explode, showcasing the potential consequences of such attacks.
Clarke mentioned potential dangers, such as derailing trains, blowing up generators, or melting power lines. He speculated that the recent pipeline explosion in San Francisco could have been caused by similar means. Control systems can be manipulated to appear normal while being sabotaged.
Financial institutions and stock exchanges are also vulnerable. Clarke referred to an incident where the US stock exchange experienced extreme volatility, which could have resulted from a cyber attack. Their solution was to pretend it never happened.
The Stuxnet attack is the first known malicious SCADA system attack, using four zero-day vulnerabilities. It was narrowly targeted at Siemens Win CC systems, functioning like a guided missile.
Preparing for Cyber Warfare
Clarke emphasized that while cyber war isn't imminent, nations are readying their cyber tools for potential conflicts. For instance, instead of using a cruise missile, they could launch a cyber attack. He couldn't envision a scenario where the US or the UK would engage in war with Russia or China.
Clarke also pointed out that Stuxnet targeted Iran, a nation under scrutiny for its nuclear weapons program. Sanctions have been imposed to prevent Iran from producing nuclear weapons. In a hypothetical conflict involving the US, Israel, and Iran, cyber attacks could cripple systems in the US. Cyber defense remains weak globally.
Clarke urged a shift in focus from offensive cyber war to defensive strategies. Countries need plans and strategies for defending against cyber attacks.
The Future of Cyber Peace
Clarke concluded by asking about the prospects of cyber peace. He advocated for treaties and agreements akin to nuclear arms treaties. Although these processes take time, starting them is crucial. Cyber arms control agreements could enhance global safety.
Lastly, Clarke proposed reconsidering network architecture. Instead of merely investing in security solutions, he suggested funding research into new protocols and possibly developing a more secure internet.
