updated 3/5/2012 3:45:51 PM ET 2012-03-05T20:45:51

If you listen to government or military officials, security experts or news pundits long enough — such as on this week's broadcast of "60 Minutes" — you'll be convinced that every single cyberattack is the newest instance of a dawning cyberwar.

Government websites attacked by a group like Anonymous? Cyberwar! A new computer Trojan infiltrating financial systems? Cyberwar! An unexplained computer shutdown at a water-treatment plant? Cyberwar!

Whether or not these attacks are actually cyberwar (the answer is almost always no), a big problem lies with the misconception that all cyberattacks and the entities staging the attacks are equal. The ultimate goal of a hacktivist group is not the same as the goal sought by state-sponsored spies.

Know your enemies

To be sure, every group that attacks has an ulterior motive, but their overall threats to national security and to cybersecurity are very different.

The "bad guys" fall primarily into three groups: classic cybercriminals, hacktivists and state-sponsored spies.

Cybercriminals are financially motivated, says Troy Gill, a security analyst with Gulf Breeze, Fla.-based AppRiver. Cybercriminals may be trying to coerce you into buying their phony goods or services, or attempting to steal your personal or financial information to either resell it on the black market or steal your money directly. Whatever the angle, their sole motive is profit.

The term "hacktivism" is applied liberally to describe the actions of different groups with differing goals, but which usually try to raise political or social awareness of an issue, Gill said, sometimes with elements of humor.

These groups' methods often include distributed denial-of-service (DDoS) attacks, Web page defacement, mirroring — keeping a cloned version of a banned website up to circumvent censorship — and public posting of stolen data in order to embarrass someone.

State-sponsored spies are geared toward helping their country gain a competitive advantage over another, whether militarily, diplomatically or economically. Sensitive information can be stolen from military or government agencies, or from corporations to help the attackers' own domestic industries.

"Some state-sponsored attacks are perpetrated against private companies with the goal of data theft," Gill said. "This data often includes trade secrets that might have been part of the victim companies' competitive advantage. This type of attack could be confused with financially motivated cybercrime because it may be difficult to identify the actual perpetrators."

The real deal


Then there are attacks aimed at disrupting critical pieces of national infrastructure, such as dams, power plants, water-treatment systems, financial trading networks or transport networks.

The only clearly documented instance so far was the 2010 Stuxnet attack, which used a sophisticated computer worm to disrupt an Iranian uranium-processing plant. No one has yet taken responsibility for Stuxnet, but the United States and Israel haven't denied they were behind it.

Such attacks could constitute cyberwar, and to the defense and security experts who worry about such scenarios, it doesn't matter whether the attackers are hacktivists, cybercriminals or state-sponsored hackers.

"Terrorists and adversarial nations are already looking to leverage more than one attack vector at a time," said Damon Petraglia, a cybercrime and information security expert at the University of Connecticut.

"A cyberattack at the time of any natural or man-made disaster becomes far more crippling than a single event," Petraglia explained. "For instance, if a hostile group were to terminate emergency communications during a powerful hurricane, then emergency response [would be] significantly hindered in the ability to provide help and coordinate efforts, creating a far worse situation."

Overlapping categories

Steve Santorelli, a former investigator with Scotland Yard and Microsoft, and now director of global outreach with the Florida-based nonprofit Internet security research group Team Cymru, said the greatest threat to national security might not be so much the type of attack itself, but the way it could be deployed by state-sponsored criminal rings.

"The argument is that states can leapfrog over lengthy and expensive development cycles by deploying sophisticated (and, unfortunately sometimes not-so-sophisticated) tools deep inside interesting networks and explore from 'bolt-holes' inside critical networks," he said. 

"Hacktivists are a serious threat, but we've not seen the same major impact as that caused on a daily basis from 'spies' embedded deep in other networks," Santorelli added. "Classic acquisitive miscreants are causing higher measurable harm to the Internet and its users worldwide, but this is always going to be a game of cat-and-mouse and they are 'only' after your assets, not your technology."

The nature of cyberattacks is always evolving, but these three primary cyberthreat groups have remained fairly constant, as have their primary targets.

The state-sponsored spies may be most likely to conduct cyberwarfare, but the next time you hear someone cry "Cyberwar!" when Anonymous blocks access to a website, there won't be any need to send in military reinforcement — just a need to institute better cybersecurity and countermeasures on the network.

© 2012 SecurityNewsDaily. All rights reserved


Discussion comments


Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments