Nation-state-sponsored cybercrime may have a bright side. It might be a way to discourage the proliferation of nuclear weapons.
Since the Cuban Missile Crisis in 1962, the world has feared and prepared for a full-scale, global nuclear war. In the US, the fear drove a brisk business in the building of backyard fallout shelters. Families rediscovered preserving food (my dad even began making an interesting beer that included banana peels and raisins and resulted in a 15% alcohol volume) and the Bulletin of Atomic Scientists began publishing the Doomsday Clock that always showed we were within minutes or seconds of total annihilation. Nuclear non-proliferation agreements created a “Nuclear club” consisting of a handful of countries that had developed weapons systems dedicated to keeping anyone else from joining. Israel and North Korea are two of the non-members who flaunt international controls and Iran wants to join them.
But developing nukes is very expensive, time-consuming, and fraught with dangerous experimentation. It requires hundreds if not thousands of highly trained physicists, engineers, and technicians and, as in the case of Iran and North Korea, can result in devastating economic sanctions from other nation-states with their own nuclear arsenals. Moreover, the potential for a successful attack is unlikely. The most reliable warhead delivery system, the US Trident II submarined-based missile, has a 50 percent chance of system failure. North Korea’s reliability numbers are much lower. That puts the investment in a highly questionable light.
On the other hand, a relatively poor county can launch a cyber-attack with just two hackers with an internet connection and a couple of laptops. Combined with the lack of cybersecurity awareness worldwide, an attack can notably be successful, but potentially as devastating as a tactical nuclear strike and it would pay for itself with a handsome profit.
That seems to be the lesson North Korea has learned. In one case announced in February 2021, the United States Department of Justice (DoJ) has estimated that a trio of state-funded hackers stole $1.3 billion in cash and cryptocurrency that went directly into military operations.
“There’s a lot of baggage, obviously, that comes with nuclear weapons use,” said Pano Yannakogeorgos, a clinical associate professor at New Your University’s Center for Global Affairs. “Currently, there’s no real taboo over the use of cyber. We’ve seen countries allegedly use it. The United States allegedly targeted the Iranian nuclear enterprise using a very tailored piece of malware to disrupt and damage (illegal) nuclear equipment.”
Yannakogeorgos said that cyber warfare is now “spinning out of control” as malware developed by nation-states is ending up in the hands of independent criminal enterprises and is now disrupting global shipping, pharmaceutical production, and national infrastructure. The ransomware intrusion of the Colonial Pipeline informational network may be Russian, but not be state-sponsored. The source is the Russian criminal organization, DarkSide, which sells malware packages available to any and all. They rarely participate directly in cybercriminal efforts.
The full interview with Yannakogeogos can be heard on Crucial Tech
Yannakogeorgos said governments are condemning operations within sovereign borders, “But it’s not the same kind of response as if it were a nuclear exchange. I think it is more likely that cyber weapons will be used versus nuclear weapons.”
To conduct cybercrime, he said, you need just a couple of people “hovered around a keyboard, churning out phishing emails. That’s pretty low-level kind of stuff.” To pull a real attack on a nation’s infrastructure you need a team of more than engineers. You need people that understand the science behind the nuclear process, power facilities, the information technology environment, and ICS industrial
He said to target something like Iran’s nuclear development program you’ve got to build the entire system you are targeting. That represents a huge investment in personnel and equipment.
That’s why the Colonial intrusion failed because it was targeted at the informational, not the operational networks. The gang seemed unaware they were air-gapped making it unlikely that Russian intelligence was involved. While the remaining danger is spreading the malware to spread to customers through invoices and email, the Colonial defenses seemed to identify and contain the infection quickly. The depth of the infection went is yet to be revealed and Colonial begged off any interviews for the time being.
In the end, the known nuclear countries are not going to abandon their nuclear weapons. But analysts say “rogue” countries, in particular, North Korea and Iran, and even China and Russia are focusing their cyber activities to less destructive and more in the area of establishing a financial benefit to them. That may be both the good news and the bad news.
Lou Covey is the Chief Editor for Cyber Protection Magazine. In 50 years as a journalist he covered American politics, education, religious history, women’s fashion, music, marketing technology, renewable energy, semiconductors, avionics. He is currently focused on cybersecurity and artificial intelligence. He published a book on renewable energy policy in 2020 and is writing a second one on technology aptitude. He hosts the Crucial Tech podcast.
Last I heard, decompilation of Stuxnet made it pretty clear that both US and Israeli intelligence teams contributed to the code that brought down Iran’s uranium enrichment centrifuges. Those countries, as well as many others, analyze numerous widely-deployed software packages (most notably operating systems and management software) and catalogue flaws which can be developed into zero-day hacks.
Those flaws remain viable zero-day hacks because the nation-states do not report those flaws back to the software vendors, and the vendors can’t fix problems they don’t know about.
Prior to the mid-90s, the US government (at least) had been in the habit of reporting flaws to vendors, in the hope of securing US assets against foreign intrusion. That seemed to change as US-based software (most notably Microsoft’s code) was deployed internationally, and by the early 2000s their representatives at various security standards groups seemed to switch from being assistive to being obstructive. This change is most notable if you look at underlying cryptographic algorithms on either side of that divide.
In the 70s, when IBM released DES (Data Encryption Standard), it was noted that just about any initialization vector (seed) would work as long as both ends used the same one. IBM insisted that this was _the_ initialization vector to use, but wouldn’t say why. Years later it was discovered (a) the US government had decreed that was the vector to use and (b) that just about any other initialization vector would be subject to differential cryptanalysis (a rather arcane form of code-breaking). When DES was first adopted, there was little to no published research about differential cryptanalysis – it was an unknown art in the private sector. Compare that with NSAs 21st century interference with the Elliptical Curve pseudo-random number generator where they _intentionally introduced_ a vulnerability that allowed them to better predict the numbers that would be generated in producing cryptographic keys.
With Snowden’s release of NSAs code stash, it became public knowledge that NSA was more interested in exploiting flaws than in eliminating them. This was probably motivated by their desire to access foreign systems in support of their avowed mission, but it has enabled the very form of asymmetric warfare you’re describing in this article.
In short, it is the cyber-security practices of the large nation states that has crafted, rather than remediated, this problem.