Cyber War: The Next Threat to National Security and What to Do About It Read Online Free PDF Page B
Author: Richard A. Clarke
rerouted their attacks, appearing as packets from China. In addition to a Moscow-based master controller for all the botnets being used in the attacks, servers in Canada, Turkey, and, ironically, Estonia were also used to run botnets.
Georgia transfered the President’s webpage to a server on Google’s blogspot in California. The Russians then set up mock presidential sites and directed traffic to them. The Georgian banking sector shutdown its servers and planned to ride out the attacks, thinking that a temporary loss of online banking was a better bargain than risking the theft of critical data or damage to internal systems. Unable to get to the Georgian banks, the Russians had their botnets send a barrage of traffic to the international banking community, pretending to be cyber attacks from Georgia. The attacks triggered an automated response at most of the foreign banks, which shut down connections to the Georgian banking sector. Without access to European settlement systems, Georgia’s banking operations were paralyzed. Credit card systems went down as well, followed soon after by the mobile phone system.
At their peak, the DDOS attacks were coming from six different botnets using both computers commandeered from unsuspecting Internet users and from volunteers who downloaded hacker software from several anti-Georgia websites. After installing the software, a volunteer could join the cyber war by clicking on a button labeled “Start Flood.”
As in the Estonian incident, the Russian government claimed that the cyber attacks were a populist response that was beyond the control of the Kremlin. A group of Western computer scientists, however, concluded that the websites used to launch the attacks were linked to the Russian intelligence apparatus. The level of coordination shown in the attacks and the financing necessary to orchestrate them suggest this was no casual cyber crusade triggered by patriotic fervor. Even if the Russian government were to be believed (namely, that the cyber storm let loose on Georgia, like the previous one on Estonia, was not the work of its official agents), it is very clear that the government did nothing to stop it. After all, the huge Soviet intelligence agency, the KGB, is still around, although with a slightly different organizational structure and name. Indeed the KGB’s power has only increased under the regime of its alumnus, Vladimir Putin. Any large-scale cyber activity in Russia, whetherdone by government, organized crime, or citizens, is done with the approval of the intelligence apparatus and its bosses in the Kremlin.
If it was, as we suspect, effectively the Russian government that asked for the “vigilante” DDOS and other cyber attacks as a stand-alone punishment of Estonia and later conducted them as an accompaniment to kinetic war on Georgia, those operations do not begin to reveal what the Russian military and intelligence agencies could do if they were truly on the attack in cyberspace. The Russians, in fact, showed considerable restraint in the use of their cyber weapons in the Estonian and Georgian episodes. The Russians are probably saving their best cyber weapons for when they really need them, in a conflict in which NATO and the United States are involved.
For years U.S. intelligence officials had thought that if any nation were going to use cyber weapons, even in the small ways demonstrated in Estonia and Georgia, the likely first movers would be Russia, China, Israel, and, of course, the United States. The nation that joined that club in the summer of 2009 came as a surprise to some.
It was a little after seven p.m. in Reston, Virginia, on the last Monday in May 2009. Outside, the rush-hour traffic was beginning to thin on the nearby Dulles Airport Access Road. Inside, a flat screen at the U.S. Geological Survey had just indicated a 4.7 magnitude earthquake in Asia. The seismic experts began narrowing in on the epicenter. It was in the northeastern corner
Georgia transfered the President’s webpage to a server on Google’s blogspot in California. The Russians then set up mock presidential sites and directed traffic to them. The Georgian banking sector shutdown its servers and planned to ride out the attacks, thinking that a temporary loss of online banking was a better bargain than risking the theft of critical data or damage to internal systems. Unable to get to the Georgian banks, the Russians had their botnets send a barrage of traffic to the international banking community, pretending to be cyber attacks from Georgia. The attacks triggered an automated response at most of the foreign banks, which shut down connections to the Georgian banking sector. Without access to European settlement systems, Georgia’s banking operations were paralyzed. Credit card systems went down as well, followed soon after by the mobile phone system.
At their peak, the DDOS attacks were coming from six different botnets using both computers commandeered from unsuspecting Internet users and from volunteers who downloaded hacker software from several anti-Georgia websites. After installing the software, a volunteer could join the cyber war by clicking on a button labeled “Start Flood.”
As in the Estonian incident, the Russian government claimed that the cyber attacks were a populist response that was beyond the control of the Kremlin. A group of Western computer scientists, however, concluded that the websites used to launch the attacks were linked to the Russian intelligence apparatus. The level of coordination shown in the attacks and the financing necessary to orchestrate them suggest this was no casual cyber crusade triggered by patriotic fervor. Even if the Russian government were to be believed (namely, that the cyber storm let loose on Georgia, like the previous one on Estonia, was not the work of its official agents), it is very clear that the government did nothing to stop it. After all, the huge Soviet intelligence agency, the KGB, is still around, although with a slightly different organizational structure and name. Indeed the KGB’s power has only increased under the regime of its alumnus, Vladimir Putin. Any large-scale cyber activity in Russia, whetherdone by government, organized crime, or citizens, is done with the approval of the intelligence apparatus and its bosses in the Kremlin.
If it was, as we suspect, effectively the Russian government that asked for the “vigilante” DDOS and other cyber attacks as a stand-alone punishment of Estonia and later conducted them as an accompaniment to kinetic war on Georgia, those operations do not begin to reveal what the Russian military and intelligence agencies could do if they were truly on the attack in cyberspace. The Russians, in fact, showed considerable restraint in the use of their cyber weapons in the Estonian and Georgian episodes. The Russians are probably saving their best cyber weapons for when they really need them, in a conflict in which NATO and the United States are involved.
For years U.S. intelligence officials had thought that if any nation were going to use cyber weapons, even in the small ways demonstrated in Estonia and Georgia, the likely first movers would be Russia, China, Israel, and, of course, the United States. The nation that joined that club in the summer of 2009 came as a surprise to some.
It was a little after seven p.m. in Reston, Virginia, on the last Monday in May 2009. Outside, the rush-hour traffic was beginning to thin on the nearby Dulles Airport Access Road. Inside, a flat screen at the U.S. Geological Survey had just indicated a 4.7 magnitude earthquake in Asia. The seismic experts began narrowing in on the epicenter. It was in the northeastern corner