• Choose a category
• All
• Classic-Fiction

Vision was absolutely livid that he was unable to crack this one system. ‘Of course, I then launched a phishing attack on them and I was inside within five minutes, but it’s just not the same.’ What he means by that is that he sent infected emails to company email addresses, and it was but a matter of minutes before one of its many thousands of employees had fallen for the trap. So even if you have an unbreachable digital fortress, you have only overcome one of several major security challenges.

Similarly, these days it is much easier to perpetrate an inside job in a company because of the ease with which data can be collected and stored. We know that Bradley Manning, the man accused of having removed the US diplomatic cables that were subsequently published on WikiLeaks’ website, managed to download all the material onto a CD marked as a Lady Gaga album.

We also know that Stuxnet – to date the world’s most sophisticated virus – must have been planted on its apparent target in Iran’s nuclear facilities by somebody (wittingly or otherwise) infecting the computer systems with a memory stick or CD. Iran’s nuclear operating systems are not connected to the Internet. But they are still networks, and their infection by Stuxnet proved that they were within reach of a professional intelligence agency.

Stuxnet represented a significant escalation in the third major threat: cyber warfare. This piece of malware was so complicated that researchers estimated it must have taken in the region of several man-years to develop, which means that a dedicated team of coding engineers must have been working on it for an extended period. Organised crime does not operate in this fashion. The only entity capable of developing Stuxnet was a nation state with a lot of resources to devote to the design and manufacture of both defensive and offensive cyber weapons. Nonetheless, whoever designed Stuxnet borrowed huge amounts of computer code and techniques from the many tens of thousands of blackhat or greyhat hackers out in cyberspace. Criminal hackers are a great driver of creativity in all areas of the Web’s darkside. Military, private-sector, police and intelligence agencies are always quick to adopt the tools that crackers and hackers are developing.

When Stuxnet was successfully infiltrated into the control system of several nuclear facilities in Iran, the authorities admitted that it led to a major breakdown in the operation of a highly sensitive station. It could have resulted in an explosion. Its existence proves that the doomsday scenarios proposed by the so-called cyber warriors are no longer only theoretically possible. Serious though it was at the time, the attack on Estonia was the equivalent of a playful pre-match kick-about, compared to what Stuxnet heralds.

The cyber warriors are also referred to as cyber securocrats – these are the prophets who warn that the sky is about to fall on our heads. Among the most articulate of this breed is Richard Clarke, who describes the following scenario in his book Cyber War:

By the time you get to the Situation Room, the Director of the Defense Information Systems Agency is waiting on the secure phone for you.

FEMA, the Federal Emergency Management Agency, has reported large refinery fires and explosions in Philadelphia and Houston, as well as lethal clouds of chlorine gas being released from several chemical plants in New Jersey and Delaware.

The National Air Traffic Control Center in Herndon, Virginia, has experienced a total collapse of its systems …

Most securocrats continue by arguing that the only way we can prevent a digital Pearl Harbor or Cybergeddon is to put money into their think-tanks and companies in order to step up research into the threat.

In fact, this is already happening. The Estonian events accelerated the move towards the militarisation of cyberspace. NATO first agreed to create the majestically titled Cooperative Cyber Defence Centre of Excellence in Tallinn in 2005. Despite an enthusiastic reception for the idea of a cyber-war operational