Worst-case scenarios in cyberwarfare

Photo by Ilya Pavlov on Unsplash

By Belton Zeigler, partner, Womble Bond Dickinson

Previous articles have focused on solutions to corporate cybercrime. But what would a catastrophic societywide cyber-issue look like, one that involves cyberwarfare?

Cybercrime is about greed stealing money and defrauding the vulnerable. Cyberwarfare is about military power: confusing, disrupting, and destroying opponents’ assets.

Consider three cyberwarfare examples.

1. At 11:08 a.m. Aug. 15, 2012, a virus planted by Iranian cyber-operatives came to life and permanently destroyed hard drives on more than 30,000 computers and servers owned by the Saudi state-owned oil company Aramco. For months thereafter, Aramco had to conduct its massive global operations without email or electronic records at one point, giving away gasoline and diesel fuel to domestic suppliers because the company had no way to charge them.

In the end, Aramco bought up all hard drive production it could find globally and chartered cargo jets to fly in pallets of hard drives from the Far East to replace the hardware. Full systems restoration took five months. But the data and records not backed up elsewhere were gone forever.

2. On Dec. 31, 2015, Russian cyber-operatives used stolen credentials to shut down much of the Ukrainian electric grid, blacking out service to about 225,000 customers. After disconnecting Ukrainian electric generators and substations, Russian malware programs destroyed the computers and communication systems that the Ukrainian operators needed to use to restore service. Russian malware also flooded utility customer service centers with calls, effectively shutting them down. Other malware destroyed the emergency battery systems meant to allow telephone utilities to stay online during the blackout.

Fortunately, Ukraine’s “outdated” electrical infrastructure allowed manual switching of the power grid in the field, which is what workers did, using radios and cell phones to communicate with central control centers. But the utilities’ sophisticated electrical control systems were ruined and had to be replaced.

3. In 2017, a Russian cyberwarfare attack targeted Ukrainian state-owned businesses, ministries, banks, and infrastructure companies. The malware used was self-spreading, jumping past the targets to destroy or damage the computer systems of international companies like FedEx, DHL, Maersk, and Merck. These companies lost thousands of computers and servers along with any data on them that was not also stored elsewhere. During the first week after the attack, the damage to global businesses was estimated to exceed $5 billion.

From these cyberwarfare examples, we can glean three principles.

  • Even in the limited instances of recent cyberwarfare, malware has shown a nasty habit of spilling beyond intended targets and damaging businesses that thought they were on the sidelines.
  • None of us is ever far from the battle lines. The internet itself provides no checkpoints, border guards, passports, or ports of entry apart from those that we impose ourselves. Every internet-connected computer or router sits on the front lines of global cyberwarfare, what is effectively an undefended international border unless we make it otherwise through the firewalls and perimeter defenses we maintain.
  • It is the nature of cyberwarfare that invasions precede hostilities. The principal weapons for waging cyberwar have to be built in advance within the opponent’s territory, by breaching the opponent’s computer systems and infecting them with malware for future use.

So cyberwarfare units do not wait for the start of conflict to begin their activities. They are breaching computer systems and installing malware in their opponents’ territory every day.

That is what is behind the FBI’s recent notice asking citizens to reset routers in homes and businesses. A Russian cyber-campaign had infected as many as 500,000 personal and business internet routers worldwide. The malware installed on these routers allows operatives to steal passwords and data, to take control of the devices for their own use, or to destroy those devices on command. Resetting the infected routers wipes the malware out of active memory, causing stored malware programs to send messages back to command and control servers seeking a reload. The FBI has identified the servers and seized their internet domains. Now when the infected routers call for fresh malware, it is the FBI that receives the message.

Today, cyberwarfare is part of the strategy, doctrine, and capabilities of militaries around the world. Billions of dollars are being spent, quietly but purposefully, to strengthen U.S. utility, communications, and financial systems, and other critical infrastructure against cyber-threats. But our personal and business computers are equally on the front lines and as accessible to cyberwarfare teams in Russia, Iran, North Korea, or China as we allow them to be. Beyond financial self-protection, there are now purely patriotic reasons to maintain strong internet security, use strong passwords, change them regularly, install software security patches, and take the other steps needed to prevent our computers and routers from being controlled by those who mean to do us harm.

Belton Zeigler, a partner with Womble Bond Dickinson, has a practice focusing on the energy and natural resources sector, as well as cybersecurity. Connect with Belton at linkedin.com/in/beltonzeigler. The author gratefully acknowledges the insights of Allen O’Rourke, co-leader of Womble Bond Dickinson’s Privacy and Cybersecurity Team. Connect with Allen at linkedin.com/in/allenorourke.


Related Articles