Nation-state-sponsored cybercrime may have a bright side. It might be a way to discourage the proliferation of nuclear weapons.
Since the Cuban Missile Crisis in 1962, the world has feared and prepared for a full-scale, global nuclear war. In the US, the fear drove a brisk business in the building of backyard fallout shelters. Families rediscovered preserving food (my dad even began making an interesting beer that included banana peels and raisins and resulted in a 15% alcohol volume) and the Bulletin of Atomic Scientists began publishing the Doomsday Clock that always showed we were within minutes or seconds of total annihilation. Nuclear non-proliferation agreements created a “Nuclear club” consisting of a handful of countries that had developed weapons systems dedicated to keeping anyone else from joining. Israel and North Korea are two of the non-members who flaunt international controls and Iran wants to join them.
But developing nukes is very expensive, time-consuming, and fraught with dangerous experimentation. It requires hundreds if not thousands of highly trained physicists, engineers, and technicians and, as in the case of Iran and North Korea, can result in devastating economic sanctions from other nation-states with their own nuclear arsenals. Moreover, the potential for a successful attack is unlikely. The most reliable warhead delivery system, the US Trident II submarined-based missile, has a 50 percent chance of system failure. North Korea’s reliability numbers are much lower. That puts the investment in a highly questionable light.
On the other hand, a relatively poor county can launch a cyber-attack with just two hackers with an internet connection and a couple of laptops. Combined with the lack of cybersecurity awareness worldwide, an attack can notably be successful, but potentially as devastating as a tactical nuclear strike and it would pay for itself with a handsome profit.
That seems to be the lesson North Korea has learned. In one case announced in February 2021, the United States Department of Justice (DoJ) has estimated that a trio of state-funded hackers stole $1.3 billion in cash and cryptocurrency that went directly into military operations.
“There’s a lot of baggage, obviously, that comes with nuclear weapons use,” said Pano Yannakogeorgos, a clinical associate professor at New Your University’s Center for Global Affairs. “Currently, there’s no real taboo over the use of cyber. We’ve seen countries allegedly use it. The United States allegedly targeted the Iranian nuclear enterprise using a very tailored piece of malware to disrupt and damage (illegal) nuclear equipment.”
Yannakogeorgos said that cyber warfare is now “spinning out of control” as malware developed by nation-states is ending up in the hands of independent criminal enterprises and is now disrupting global shipping, pharmaceutical production, and national infrastructure. The ransomware intrusion of the Colonial Pipeline informational network may be Russian, but not be state-sponsored. The source is the Russian criminal organization, DarkSide, which sells malware packages available to any and all. They rarely participate directly in cybercriminal efforts.
The full interview with Yannakogeogos can be heard on Crucial Tech
Yannakogeorgos said governments are condemning operations within sovereign borders, “But it’s not the same kind of response as if it were a nuclear exchange. I think it is more likely that cyber weapons will be used versus nuclear weapons.”
To conduct cybercrime, he said, you need just a couple of people “hovered around a keyboard, churning out phishing emails. That’s pretty low-level kind of stuff.” To pull a real attack on a nation’s infrastructure you need a team of more than engineers. You need people that understand the science behind the nuclear process, power facilities, the information technology environment, and ICS industrial
He said to target something like Iran’s nuclear development program you’ve got to build the entire system you are targeting. That represents a huge investment in personnel and equipment.
That’s why the Colonial intrusion failed because it was targeted at the informational, not the operational networks. The gang seemed unaware they were air-gapped making it unlikely that Russian intelligence was involved. While the remaining danger is spreading the malware to spread to customers through invoices and email, the Colonial defenses seemed to identify and contain the infection quickly. The depth of the infection went is yet to be revealed and Colonial begged off any interviews for the time being.
In the end, the known nuclear countries are not going to abandon their nuclear weapons. But analysts say “rogue” countries, in particular, North Korea and Iran, and even China and Russia are focusing their cyber activities to less destructive and more in the area of establishing a financial benefit to them. That may be both the good news and the bad news.