Opinion A code for chaos

A 2007 FBI report asserted that 108 countries had at least some offensive cyberwarfare capabilities. And there has been widespread speculation that a secret cyberwar “arms race” is under way as a number of countries build sophisticated software and hardware attack capabilities. Most recent wars and military engagements,like Russia’s quarrel with Estonia in 2007 or with Georgia in 2008,have been accompanied by a “cyberwar” engagement,in which government and financial websites have been targeted.

What was the earliest case of cyberwarfare?

In his book At the Abyss,Thomas C. Reed,a former secretary of the US air force,described how industrial control software was covertly added by the US to equipment being shipped to the Soviet Union from Canada. When the equipment was installed in a trans-Siberian gas pipeline in June 1982,it suddenly went haywire,touching off a huge explosion and fire.

But security experts have been concerned about potential cyberattacks since the 1970s,during the early days of the Arpanet,the military predecessor to the Internet. There was great concern about a network connection — a now old-fashioned 9600-baud modem — that had been installed by scientific researchers linking Moscow and the United States,via a mathematics research centre in Vienna. When national security officials discovered the link,financing to the centre was cancelled.

How is Stuxnet different?

Stuxnet is the first widely-analysed malware programme that is intended to jump from Windows-based computers to a specialised system used for controlling industrial equipment,like electric power grids,manufacturing plants,gas pipelines,dams and power plants. Previously,most high-profile cyberattacks have focused on websites and corporate or military networks.

That’s true when it comes to proven cyberattacks. There has also been speculation about possible sabotage. For example,The Los Angeles Times reported in 2001 that intrusions into the network that controlled the electrical grid were traced to Guangdong,China. Later electric grid attacks have often included allegations that the break-ins were orchestrated by the Chinese.

In the case of Stuxnet,what are arguments for and against Israel’s involvement?

Ralph Langner,a German security researcher,pointed out that it appeared that Stuxnet had been tailored to attack a nuclear facility. Several hints suggest Israeli authorship,including a possible allusion to the Book of Esther,which describes Jewish retaliation against Persians,and a number,19790509,that appears to refer to the date of the execution of an Iranian Jew by a firing squad in Tehran.

Many analysts have said it is unlikely that an Israeli or American operation would leave such blatant clues. Someone could want to plant evidence pointing incorrectly to Israeli involvement. Most specialists say the authorship may never be discovered.

What kind of attack do computer security experts fear most?

There has been widespread fear about attacks that jam or damage large financial networks,the electric power grid,power plants,transportation systems and such modern infrastructure.

In many cases,the first step in securing these systems has been to ensure that they are entirely separated from the Internet. However,in many cases they use internal networks based on the Internet protocol,as well as common computing equipment,like Microsoft and Intel-based computers. That means they remain potentially vulnerable to a “sneakernet” attack,in which a malicious programme is physically carried in.

Can this kind of attack be done by a lone hacker?

In the case of Stuxnet,computer security specialists generally agree that it was not the work of one person but rather a team of sophisticated programmers. Many who have examined the malicious code have stated that it would have required an organisation with substantial financial resources to develop,test and then release such a programme. Certainly nations with cyberwar capabilities are potential suspects,but they are not the only possible creators. China,Israel and the Palestinians are all known to have irregular cyberarmies of motivated hackers with significant skills.