Is the world on the brink of cyber war?

A spokesperson for the Iranian military said this week that the country viewed cyber war as MORE dangerous than physical attacks.

Iran has already been victim of a cyber attack designed to damage equipment at its Busehr nuclear plant. The attack is thought to have been ordered by the U.S.

"We have armed ourselves with new tools, because a cyber war is more dangerous than a physical war," said Abdollah Araqi, deputy commander of ground forces in the Islamic Revolutionary Guard Corps (IRGC).

But is this paranoia - or a justifiable fear of a new kind of invisible war?

[Related: Watch Cybergeddon here]

President Obama was the victim of cyber crime in 2008, with hackers rifling through his campaign website and stealing emails in an attack the President described as a ‘powerful reminder’ of the scope of cyber crime.

But the President is also widely suspected of having personally issued orders regarding the Stuxnet worm, a sophisticated attack which targeted Iran’s Busehr nuclear plant, with the aim of destroying equipment by spinning it out of control.

David Sanger’s book Confront and Conceal alleges that the President was not only fully aware of the attack, he ordered it to continue after the worm spread beyond the initial computers it was built to target.

[Related: Security flaw leaves a billion PC users at risk]

America is widely thought to be the ‘world leader’ in cyber weaponry - with a history of hi-tech attacks that stretches back to a CIA attack on a Russian oil pipeline, thought to be have been blown up with corrupted software in 1982. One of the predecessors of the internet, ARPANET, was funded by a wing of the U.S military.

The same wing’s successor, DARPA  - the Defence Advanced Research Projects Agency - is currently soliciting bids for a new Plan X capability to help with ‘managing cyberwarfare’.

Defence companies are open - at least off the record - about the fact there are ‘black’ versions of the defensive software and hardware they sell to governments and private enterprise.

These are the test-beds built to refine cyber weapons. More than 100 nations are thought to be developing some kind of cyber weapon capability.

‘It’s a very complex problem,’ says Kevin Haley, Norton’s Director of Security Response, ‘There need to be treaties about cyberspace, and more rules around this. There needs to be more regulations - and more enforcement of existing laws.’

At present, cyberspace is something of a Wild West - with states able to disown cyber attacks as the work of rogue individuals.

As a result, it’s often difficult to tell whether ‘cyber war’ is an illusion dreamed up by defence companies - or whether it’s already happening.

Chinese hackers penetrated Nasa systems including ones used to manoeuvre the International Space Station. The Chinese government has always denied any association with such cyber attacks, but it is suspected of having been behind cyber attacks stretching as far back as 2003 and the sustained ‘Titan Rain’ attacks against US companies. 

[Related: The story behind Cybergeddon]

In 2011, U.S. government accounts were penetrated by hackers in China, after their Google Mail accounts were hacked. The targeting of government officials led many to suspect the Chinese government was involved - and the attacks originated in Jinan, home of the Chinese army’s ‘Technical Reconnaissance Bureaus.’

'Blaming these misdeeds on China is unacceptable,' said Chinese foreign ministry spokesman Hong Lei after the attacks.

'Hacking is an international problem and China is also a victim. The claims of so-called support for hacking are completely unfounded.'
Google’s Mail service now has a specific warning that states, ‘We believe state-sponsored attackers are attempting to compromise your account.’

'When we have specific intelligence—either directly from users or from our own monitoring efforts—we show clear warning signs,’ Google said in a blog post. ‘Today, we’re taking that a step further for a subset of our users, who we believe may be the target of state-sponsored attacks.'

A series of linked attacks by Russian cyber attackers blacked out banks, newspapers, comment websites and government websites in Estonia in 2007, after a dispute between the two countries over the relocation of a Soviet-era grave marker.

It was widely speculated that the Kremlin had ordered the attacks.

With other attacks, the sheer sophistication of the software hints that nations must have been involved. Run-of the-mill hackers don’t spend $1 million up front on software - the amount the Stuxnet worm is thought to have cost to develop. It is thought to have taken at least six months to create.

Stuxnet is thought to have been part of a family of related malicious software packages - including Duqu, used to steal data from computers in the Middle East, all created by governments, perhaps the United States in collaboration with other powers. In cyber war, governments will have a serious advantage over smaller groups.

But the sheer unpredictability of ‘rogue’ hackers may give them an advantage the lumbering machinery of government can’t deal with.

‘The challenge with hacktivist groups,’ says Norton’s Director of Security Response, Kevin Haley, ‘Is that they are a non-state actor. So far, they haven’t achieved great things - they have stolen people’s logins and passwords and launched denial of service attacks. But we don’t know where they will attack - or what.’