Governments prepare for 'cyber cold war'

Governments prepare for 'cyber cold war'

Summary: Security experts have warned that governments are regularly monitoring and attacking the critical national infrastructures of other nations

TOPICS: Security

There has been a sea change over the past year in the amount of government-sanctioned cyber-espionage, according to some security experts. They warn that a "cyber cold war" is developing, in which governments are using technology not only for the immediate benefit of gaining intelligence from stolen data but also to probe critical national infrastructures for possible weak points that could be exploited in the event of conflict.

Countries are currently testing the water to gauge the threat and potential for damage posed by their cyber-assaults, according to the 2007 Virtual Criminology Report produced by security firm McAfee.

The use of networks of compromised computers, or botnets, for data theft and intelligence gathering has increased this year, according to Peter Sommer, an expert in information systems and innovation at the London School of Economics. "There are signs that intelligence agencies around the world are constantly probing other governments' networks, looking for strengths and weaknesses, and developing new ways to gather intelligence," said Sommer. "Government agencies are doubtless conducting research on how botnets can be turned into offensive weapons but, before launching a weapon, you need to be sure what the outcome will be — you don't want attacks to spill over to your own allies by mistake."

However, attacks are not limited to any particular countries, or by alliances between countries, according to cyberwarfare watchers. In the McAfee report, Johannes Ullrich, chief technology officer for research organisation the Sans Internet Storm Center, said that most countries hack each other regardless of any supposed allegiances.

Alan Paller, director of research at security training organisation the Sans Institute, concurred. "All nations are doing it to each other. I don't know of any country not doing it," he said. "If it's not for normal espionage, it's for economic espionage. It's a very broad set of countries [involved]."

Paller said attacks against the US military this year — reportedly made by China, although the Chinese have denied responsibility — resulted in the loss of large amounts of data. The data had, in part, been stolen from the NIPRNet, a US military network which is open to the internet and used for the transmission of non-classified documents.

Quoting Major General William Lord, a director of information, services and integration for the US Air Force, Paller said: "China is stealing identities and stealing sensitive terabytes of information from the NIPRNet."

There are signs that intelligence agencies around the world are constantly probing other governments' networks, looking for strengths and weaknesses, and developing new ways to gather intelligence

Peter Sommer, London School of Economics

While the NIPRNet itself does not carry sensitive information, Paller argued that the ultimate aim of such attacks is to "own" the opponent's computer. Probing systems for weaknesses also gives intelligence gains, he said.

As in the Cold War, it is the countries with access to the most resources that are seen to be flexing their muscles. Paller said that, while he had no data on any US attacks on rivals, both China and Russia had launched attacks this year.

"The US Department of Commerce admitted that its computers had been penetrated and had information stolen by China this summer," said Paller, who added that it was difficult to say whether it had been the government or "hybrid groups" of government and other organisations within China that had been responsible for the attack.

Mikhel Tammet, director of the Estonian communication and information technology department, said he believes forces within the Russian government may have initiated and sponsored attacks against his country's critical national infrastructure earlier this year. "It was a political campaign induced by the Russians; a political campaign designed to destroy our security and destroy our society," said Tammet. "The attacks had hierarchy and co-ordination."

While the attacks on Estonia sought to knock out parts of the country's critical national infrastructure by brute force, with both government sites and internet-banking systems targeted, most attacks against other nations are conducted by stealth.

Social-engineering attacks, in which intelligence-gathering organisations target either an individual or group of individuals, can be highly successful.

Nato analysts, quoted in the McAfee report, said that some governments are leaving themselves open to attack. "Many government offices don't even know yet that they are leaking information," said one analyst, who...

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


1 comment
Log in or register to join the discussion
  • Mobile Terrorism The New Front of Cyber-Terrorism

    As the Founder of, I must agree that cyber-terrorism is becoming the new wave of security concern. As a unique angle on this topic, mobile terrorism creates diverse terrain where governments face incredible vulnerability.

    With the 2008 being marked as the year of open source platforms in the wireless industry, mobile terrorism has become a reality of homeland security. In addition to extensive development in open source, the evolving quest towards Universal Mobile Torrents (UMTs) presents a catalyst of mobile malware distribution.

    Mobile terrorism in the context of mass cyber-crime could ultimately cripple cellular communications across entire countries. By targeting the handset level, the greatest level of mobile vulnerability is uncovered. As the technological depth of cyber-terrorists continues to evolve, mobile security will also play a critical role in antiterrorism. As increasing numbers of customers have discarded their landline in favor of cellular phones, handset level vulnerabilities could cripple extensive communications infrastructure at a global level under the right conditions.

    As a security expert, I think that this day may come but I think that UMTs will play an important role in malware distribution in the event of a national/global attack. There is no debating that the future of terrorism has taken on a digital front, the question becomes which side will stay ahead of the technology. Perhaps governments should start recruiting mobile security experts sooner than later.

    Your friendly mobile security guru,
    Eric Everson

    Eric Everson, Founder