It starts out as banter on Internet Relay Chat (IRC); on one end, a teenager programs a small program called a botnet, and instructs it to begin pinging your IRC client with lots of packets. You find a little botnet script yourself and retaliate. The war begins, albeit 1 versus 1. In military terms, that's how wars start. While individual users laugh and watch how they kept you off an IRC channel and poof! -- you're eliminated -- from a computer screen. That was over 15 years ago. Today it's no longer 1 PC versus 1 PC or 100 v. 100. Now it scales into the millions with command and control from a BlackBerry. This time, somebody is going to get hurt.
A private war becomes public
Denial of Service attacks are generally one of activists or individuals that have a warped reason or a political point they want to make, often with unknown rationale. The evolution of this became the learning ground of cyber terrorism and eventually all out war between nations via the internet - nation vs. nation. The goal is achieving serious economic and social impacts and not just infiltrating two or three university servers that used to be compromised by amateur hacks, fanning out to a few hundred computers. Geeks in dungeons are now in uniform and they don't take prisoners or feed you.
Militarization of the Internet
For the past several years, military and intelligence organizations have been upgrading their abilities to safeguard their networks from attack by anyone or any nations. It's the modern version of the Cold War, truly preparing for a global cyber launch of World War III. Don't think in terms of the United States vs. Cold War era rivals that will start it. It will be nations on their own continent fighting each other, expanding to continent v. continent. Or a country that considers itself under attack by other means such as trade sanctions or ideological differences sets the conditions for using the internet as a weapon.
The board game becomes real
Imagine the board game Axis and Allies evolved into 21st century digital world. (Even they are on Twitter!)
With over 1.6 billion people now accessing the internet, more being added daily and the evolution of I.P. addressing I.P. to IPV6, the network world will becoming more complex. Routers that routinely pass traffic at 40- to 100 GB per second are available for peanuts. Terabyte versions are now on the leading edge and low cost. A government purchasing gray-market terabyte routers, switches, encryption software and cloud servers are probably already in the arms dealer's inventory sitting on a shelf beside bomb detonators. In the not too distance future, Petabyte technology is coming to a local PC near you. Cheaper than any smart bomb to put it succinctly.
It's happened before, it will again
Users simply do not know that their PC has been taking control of by remote operated program (bots, etc.) and is about to be used for an attack. The coordinated launch at specific targets, many simply didn't see it coming occurred with the attacks on the countries of Estonia and Georgia are well documented.
How big can this war potentially get? Could it be possible to destroy an entire nation’s economy and commerce? Yes and right now if the correct resources and teams decided to enable such an attack. A government may not even want to start the war, but it happens anyway. This sort of scenario doesn't have the emotional impact a thermo-nuclear war does and thus a simple set of keystrokes sends a different variation of electrons on their way to the target and the attack is initiated at a lower level of decision making rather than the leader of the nation.
The defending nation doesn't even get an email declaring war; it just starts with a click of a mouse button or set of instructions sent by a cell phone. This type of war is becoming easier to wage with less sophistication or rationale. Within the U.S. Government, the debate is over; it wants to ensure that a cyber war can be won and defeated if attacked. Is any country ready to defend itself? That depends on how reliant upon the Internet that country is for commerce. Many are -- and those countries are the most vulnerable.
Can't we just pull plug?
Yes – if you knew where each attacker computer, specific core router and switch that initiated the attack is, you could stop it - after it began, with a significant delay before it ceased. There are new techniques that do help prevent certain types of cyber war attacks, but will not stop all of them. The benefits of the open Internet network of connectivity also become its Achilles' heel.
What does the scenario look like?
Let's take a virtual country as the target. It has a population of 40 million people, and is a member of the G-20 with approximately 75 diverse access points that connect Internet traffic to the world. An attacker could flood the network with sufficient resources from all continents. The goal however wouldn't be the actual network links themselves, but all the institutions that the population uses. Targeting every bank with e-commerce and similar large corporate infrastructures would come first, then secondary targets like state, provincial and municipal websites. A surge in mass email hits servers across the country. The government relies extensively on department web portals to operate many of its required functions. Thousands of legitimate email and applications now can't get from the government servers to the people it truly needs to do business with. Companies and individuals file their tax returns online, submit benefit claims, and report agriculture data, etc, through the many different web sites. The internal government network might not be affected, but all extranets, B2B and other portals would be. The network connectivity into the country is the attack route to those targets. If we pulled the plug on the routes, then attacker has achieved one of its goals of isolation. The military network would not be affected, but what good is a fighter jet or battle tank against hundreds of fiber network switches hunkered down somewhere in foreign lands surrounded by millions of civilians?
The country has 10 regional incumbent telecommunications carriers (consisting of 5 major players) which supply over 75% of the connectivity commercial enterprises and governments rely upon for all Internet services. The government will need their help and that takes time.
The targets therefore become easier to coordinate such an "invasion". Trace routing and mapping each network is easier than building a single battle tank. Phase two begins. The unknown bots, Trojan horses, and viruses, ghost spam email from within the country's Internet users would begin to systematically hit to the same institutions and portals. The network begins to buckle under intense management load and systems begin to fail and the management crisis to pull the plug and thus financial ruin begins.
World War II was almost six years long. If an all out assault was brought upon the network there is no accurate repair time. If a complete meltdown occurred, and every provider and government agency had the resources, let's estimate it least seven days before the infrastructure would fully recover. In that time period, the economic damage might equal the total Canadian cost of the Second World War; approximately $20 billion (Canada and the Cost of World War II – Robert C. Bryce) or more. The imaginary country's trade exports at a rate of just under a billion dollars a day and imports just over $700 nillion per day worth of goods from other nations. The impacts would go beyond your PC being wiped out for an evening chat.