Curricula - Knowledge - Navigation

Cyber-warfare – How the battlefield went digital

The cold war is long over, but covert intelligence operations on foreign soil have not subsided. It’s through digital means, that a new face of extraterritorial sabotage has emerged.

Spies and intelligence agents, wiretaps and classified documents; thanks to our extensive training through Hollywood movies, these things seem to us purely cinematic, the elements of a more or less intriguing political thriller. But things like that really do exist. It’s not unheard of that countries spy on, manipulate or sabotage each other to reach their goals. Only nowadays, it’s less and less of nightly break-ins and stolen briefcases and more, hacked computers. Computers one can spy on, computers one can take over, computers one can misuse to cause physical damage.

It’s the late 2000s, the Iranian regime has intensified its nuclear program, producing radioactive fuel for use in powerplants. Many fear it to be only a pretence to develop nuclear weapons, which could very well be used to threaten the US, Israel, as well as its regional rival, Saudi-Arabia. Unfortunately for the regime, progress of the program is severely stifled as centrifuges used for Uranium enrichment keep braking time after time. What exactly is the cause for the damaged centrifuges is unclear, as data the technicians read out seems perfectly normal. What is clear, is that the costly problems with these essential parts constitute a considerable setback for the Iranian nuclear program. Doubt is spreading over whether the Islamic Republic has the expertise to run such a complex high-tech operation. The fault, however, lay not with the Iranian scientists; the problems were of a more sinister nature.

Although there has never been indisputable proof, it is highly likely that cyber-security experts of Israeli and US intelligence agencies joined forces to develop the computer-worm that later became known as “Stuxnet” so it can infiltrate the Iranian nuclear facility Natanz and sabotage its operations. Stuxnet spread into the computer system of Natanz and manipulated the control unit of the Uranium centrifuges so they would spin faster than intended. The increased speed led to much higher wear of the centrifuges, essentially breaking them and slowing down a vital part in Iran’s nuclear program. This constitutes one of the first acts of cyber-warfare.

The details of the operation are truly alarming. The Natanz nuclear facility was completely airgapped, meaning, there was no direct connection between it and the internet. Therefore, the worm must have been physically introduced into the system by foreign agents and/or unknowing technicians, who carried an infected USB-drive into the facilities and caused the worm to spread by connecting it to a system computer. As security measures in such a location are extremely tight, it must have been an incredibly difficult and elaborate act to carry out.

Stuxnet’s make-up is exceptionally complex. While it is not uncommon for malware to leverage unknown vulnerabilities in computer code, so-called zero-days, for their attacks, it is usually only one such vulnerability that is exploited, since these are awfully hard to find. Stuxnet, however, used four zero-days, an unprecedented number in only one piece of malware. Such extensive knowledge of previously unknown computer code exploits undoubtedly points towards a big team with considerable financial support.

Another piece of the puzzle is Stuxnet’s apparent will to stay in operation undetected as long as possible. When it was finally discovered in 2010, the worm had already destroyed about one-thousand Uranium centrifuges, about one tenth of the whole inventory of Natanz. The reason why it could go unnoticed for so long, is a clever trick it played on supervising technicians. The personnel were aware that there existed some problem with the centrifuges, since their failure rate was extraordinarily high, but the cause of the problem remained a mystery for many months, since there were no malfunctions to be observed when looking at machinery data. Stuxnet fed the technicians fake monitoring data, that showed everything functioning as usual, while in reality, it increased centrifuge speed, so they would be rendered unusable in a relatively short period of time.

All of these facts indicated to experts that Stuxnet was developed and smuggled into the compound through agents of a nation state, most likely the US and/or Israel. The complexity of Stuxnet’s code suggests that a high level of sophistication in cyberwar-abilities, in addition to great amounts of manpower and capital, must have been used to create it.

Almost 60% of all affected computers were located in Iran, which suggests that Iran, and more specifically, the control units at Natanz, had been the principal target of the operation, as Stuxnet’s code only looked for special components made by Siemens, used for complex control processes, like those in a nuclear facility.

After infecting the network at Natanz, the worm spread further over the internet, possibly because an employee had connected a thumb-drive or laptop to the internal system, infecting their own computer, which they then used to go online. From there, it spread over the world, further propagating, but lying dormant when targeted hard- and software was not detected. Only as the worm unintentionally spread over the internet and attacked similar systems could it finally be exposed by computer security experts. Had this not occurred, Iranian nuclear technicians might still be none the wiser about why their centrifuges kept on breaking, and the world would have never learned about any of this.

Secret operations like this one will only become more common in the future. They can be carried out cheaper than full-blown military manoeuvres and are easier to justify, since there is much less danger for the personnel planning and executing such an operation. In most cases they cannot be traced back to their source, so whoever launches a cyberattack can do so without having to expect a retaliatory attack. Obviously, there are ways to come to a logical conclusion of who set up an attack and for what purpose, but without concrete proof, one can only speculate.

Much like drones have not replaced jet pilots, cyberwarfare will in all likelihood not make traditional armed forces obsolete, but complement them, making possible new forms of attacking and manipulating the enemy’s infrastructure and defence systems.

International conflicts will become even more chaotic, as cyber-attacks occur without anyone ever knowing about them. A power plant could blow up without anybody but the perpetrators knowing the cause, and without any consequences for attacking a sovereign nation. International intelligence activities have been a messy field from the start and they will only become more complicated when parties can attack one another without leaving behind any physical evidence.

Aside from cyberwarfare on the country-vs-country level, operations like Stuxnet also threaten the general population of the world. In the case of Stuxnet, the worm found a way on the internet, infecting thousands of control units that its makers never had in mind. Its propagation in the open also made it relatively easy for any hacker to get their hands on the code, alter it, and use it for their own purposes. Terrorists could utilise Stuxnet and other forms of invasive code to take down critical infrastructure, resulting in real-world damages and even direct harm to humans. In any case, means of cyber-warfare will not solve anything. They are simply another weapon in the arsenal of militaries, intelligence agencies and anybody else who has the will and the ability to make use of them.