Publikationen Detail

isolating cyberterrorism and cybercrime from the general context of international information security is, in a sense, artificial and unsupported ... it is primarily motivation that distinguishes acts of cyberterrorism, cybercrime, and military cyberattacks … [without knowing the motivation one cannot] qualify what is going on as a criminal, terrorist or military-political act. The more so that sources of cyberattacks can be easily given a legend as criminal or terrorist actions.

This reflects what has long been presumed to be a basic assumption of cyber power in Russia, China and perhaps elsewhere: non-state actors can be used by the state, overtly or covertly, to execute plausibly deniable cyber attacks.

Even with the most advanced intelligence-collecting abilities, it is unlikely that a proficient cyber attacker can be positively identified. Some forms of attack are easier to attribute than others, in particular computer-network exploitation (usually computer espionage and the theft of sensitive data). As data has to be ‘exfiltrated’ (that is, it has to travel back to the perpetrator), such attacks are more readily traceable. This means, however, that states have an interest in maintaining or tolerating proxy organisations that could be implicated in this type of activity and other forms of attack, such as distributed denial of service, which can be conducted by an average computer user with the right tools. That these can be damaging in their own right was most famously illustrated in the purported Russia-based attacks on Estonia in 2007, which severely disrupted many Internet-based services (including e-mail and banking). Denial-of-service attacks are generally more difficult to attribute than network-exploitation attacks.

Although data theft represents a direct threat to national security (and private business), network-exploitation attacks are also the basis for one of the most dangerous types of cyber attacks, the unnoticed planting of hidden ‘logic bombs’. These hidden files or software packages are relatively small and, as they do not need to communicate, are extremely difficult to locate. Once triggered, the logic bombs can be massively destructive: in 2008, for example, a logic bomb planted by a disgruntled employee in the network of US mortgage giant Fannie Mae would have wiped out all 4,000 servers if it had been allowed to detonate.4 A former US secretary of the Air Force and senior adviser to President Ronald Reagan has claimed that the CIA used a logic bomb in 1982 to destroy a Soviet gas pipeline...