CHAPTER 4: THE PRESENT AND THE FUTURE

“Kill with a borrowed knife” is one of 36 Chinese Stratagems.⁵⁰ Is commercially available malware such a knife? Granted, governments cannot really control what hackers are doing and their entrepreneurial drivers, but can that be influenced?

Governments, being aware of the strengths and weaknesses of their adversaries, are hurriedly forging cyberwarfare conventions and agreements.⁵¹ Although everyone is aware of the threat, nobody wants to be engaged in full-blown cyberwarfare with a technically savvy adversary. Besides, engaging in cyberwarfare on a state level may constitute a declaration of war, and conventional warfare, especially among the superpowers, is highly undesirable to all.⁵²

There is a way, however, to maintain deniability and yet engage in a cyber conflict, through the deeds of “rogue hackers.” This could be done through indirect influences, such as propaganda, relaxed or non-existent laws regarding creating and distributing malware, and making tools of hacking directly available to the less technically savvy masses when the time is right.

The phenomenon of hacktivism – described earlier in this pocket guide – could be manipulated and turned against the state adversary while the government can deny an act of cyberwar.⁵³ The scale and magnitude of cyberattacks on Estonia and Georgia using DDoS attacks suggests that many individuals were involved in the attacks, and it also suggests that somehow the tools of these attacks were readily available to them. In this case, the malware attacks were conducted in one cyber carpet bombing effort, and the hacktivist leaders claimed responsibility while the Russian government actively denied participation.⁵⁴

The same situation is currently happening between China and the US, but in a slow, deliberate motion. Since 2003, an extensive cyber-penetration effort by Chinese hackers, called Titan Rain, has continuously been targeting US research, military, and commercial networks.⁵⁵ There is a large variety of commercial and free malware toolkits available for wannabe hackers in China, who are backed by Maoist ideology and no repercussions for infiltrating American military and civil infrastructures … as the Chinese government denies the involvement.⁵⁶

To be fair, the United States, UK, and Australia probably have a similar strategy in place, including manipulation of hacktivist culture and making malware easily accessible when the time is right. In fact, the military of the US is actually looking into the “botnet” paradigm as a deterrent and an attack mechanism in the case of a cyber conflict.⁵⁷

And, of course, internal political motivation can be reason for cyber-attacks. Hacker groups Anonymous and LulzSec have launched attacks targeted at NASA, the CIA and Sony Pictures to steal confidential data and disrupt operations.⁵⁸ In February of 2010 Australian government websites were brought down by the Anonymous online community using DDoS attacks. These attacks were launched in response to proposed web censorship regulations.⁵⁹

These widespread attacks could be accomplished only with the use of commercially available or free malware toolkits.

⁵⁰Carr, Jeffrey. Inside Cyber Warfare: Mapping the Cyber Under world. O'Reilly Media, 2009. p.174.

⁵¹ Rauscher, Karl Frederick, and Andrey Korotkov. “Russia-U.S. Bilateral on Critical Infrastructure Protection: Working Towards Rules for Governing Cyber Conflict: Rendering the Geneva and Hague Conventions in Cyberspace.” “An advance publication of this paper was presented at the Munich Security Conference, February 4-6, 2011.” New York, NY: The EastWest Institute, 2011.

⁵² Schneier, Bruce. “Cyberwar.” Schneier on Security. June 4, 2007. www.schneier.com/blog/archives/2007/06/cyberwar.html (accessed May 20, 2011), and Lt. Com Matthew Skeletov via Carr, Jeffrey. Inside Cyber Warfare: Mapping the Cyber Underworld. O'Reilly Media, 2009. p.47.

⁵³ Krapp, Peter. “Terror and Play, or What Was Hacktivism?” Grey Room no. 21 (Fall 2005): 70–93. Academic Search™ Premier, EBSCOhost^® (accessed May 14, 2011).

⁵⁴ Carr, Jeffrey. Inside Cyber Warfare: Mapping the Cyber Underworld. O'Reilly Media, 2009. pp.3, 15, 18, 37.

⁵⁵ Stiennon, Richard. Surviving Cyberwar. Lanham, MD: Government Institutes, 2010. p.42.

⁵⁶ Hagestad II, William. “China: A Comparative Analysis of Government & Nationalistic Threat Vectors.” Central Ohio InfoSec Summit, Columbus, OH. 2011.

⁵⁷ Williamson III, Charles W. “Carpet bombing in cyberspace: Why America needs a military botnet.” Armed Forces Journal. www.armedforcesjournal.com/2008/05/3375884 (accessed May 26, 2011).

⁵⁸ Sapre, Omkar. “Cyber underworld: How it works.” The Times of India. September 22, 2011. http://timesofindia.indiatimes.com/tech/enterprise-it/security/Cyber-underworld-How-it-works/articleshow/10075465.cms (accessed September 23, 2011).

⁵⁹ Ibid.