A history of cyper-warface, cyber-espionage and cyber-propaganda


History pages | Editor | Correspondence

(Copyright © 2012-2021 Piero Scaruffi)

The 20th century opened with the rise of a new kind of warfare, aerial warfare, and the 21st century followed suit, opening with the rise of a new kind of warfare. Just like the airplane changed the way wars are fought, and who wins them, software is now changing the way wars are fought and who wins them. The difference, so far, is that cyberwarfare has not killed anyone directly the way an aerial bombing does. It has been used for espionage and sabotage. But it is likely that the power with the best cyberweapons will end up dominating the world, precisely because it will be able to sabotage and spy on the other powers. After all, "intelligence" and "terrorism" have always tools useful to winning wars, but traditional spies and traditional saboteurs had to work very hard to steal very little, whereas software can work 24 hours a day, relentlessly, and, when it finally is given the opportunity, steal millions of documents in seconds.

During the "fake news" crisis that started with Donald Trump and Brexit in 2016, it has also become clear that cyberwarfare is not only about cyberterrorism and cyberespionage but also about "cyber-propaganda". Hitler, Mussolini and Stalin were masters of information warfare before they were masters of military warfare. The difference of course is that software can propagate by itself, and very quickly.

The first major military "doctrine" that includes cyberwarfare is credited to Russian general Valery Gerasimov, who wrote an article in 2013 in a Russian magazine about hybrid warfare, which should include cyberwarfare.

The USA is the country where computer "viruses", "malware" and the likes were first used on a large scale. The first computer virus (or, better, "worm") was unleashed in 1988 by a student at Cornell University, Robert Tappan Morris, but the real alarm for politicians rang when in 1999 a 15-year-old teenager, Jonathan James, hacked the US Department of Defense. Both were sentenced lightly (neither spent time in jail). Robert Tappan Morris went on to become a respected startup founder, venture capitalist and MIT professor. Jonathen James committed suicide in 2008 when he was suspected of another hack.

The first major case of cyber-espionage was "Moonlight Maze" in 1998: Russian hackers stole countless documents from US military bases. Later the Chinese stole the plans of the F-35 fighter jet from Lockheed Martin, a fact that Lockheed realized only in 2007 (and those plans were probably used to design China's J-20 fighter jet).

Russia became using "cyberweapons" (not just cyber-espionage) when Putin started targeting the former Soviet republics: there was a massive cyberattack on Estonia in April 2007; and in August 2008, during the Russian invasion of Georgia, Georgia suffered a similar massive cyberattack. In October 2008 the NSA (National Security Agency) discovered that Russian software had infiltrated the Pentagon itself (using an incredibly simple system: leaving infected USB drives around until a Pentagon employee picked one up and plugged it into a Pentagon laptop). In December 2009 Google realized that China had infiltrated its computers ("Operation Aurora").

Far from being simply a victim, in 2005 the USA (in collaboration with Israel) engineered one of the most spectacular cyber-attacks: Stuxnet (aka "Operation Olympic Games"), a software that sabotaged the Iran's nuclear facilities until mid 2010.

Knowing that other countries would soon be able to do the same thing to the USA, the USA established a Cyber Command under the command of general Keith Alexander (2009).

In 2011 Iran responded to Stuxnet by targeting at least 46 major financial institutions in the USA and the Bowman Avenue Dam. In 2012 Iran unleashed the "Shamoon" malware on Saudi Arabia's oil giant Saudi Aramco. In 2013 the attacker was a contractor working at the NSA, Edward Snowden, who used software to steal thousands of confidential documents. Some of those documents, published in 2014 by the New York Times and Der Spiegel, showed that the NSA had infiltrated Chinese companies, including the headquarters of Chinese telecommunications giant Huawei.

North Korea rose to prominence in the world of cyberwarfare in March 2013 when its hackers successfully attacked South Korea's organizations. In November 2014 a group called "Guardians of Peace" hacked Sony and demanded the deletion of a satirical comedy about North Korea's dictator Jong-un Kim. The USA eventually blamed North Korea but the case remains open as many cyber-experts suspect it was an "inside job" by a Sony employee. North Korea's biggest success stories were the theft of millions of dollars from Bangladesh's Central Bank (2016) and the theft in South Korea of US plans to decapitate the North Korean regime (2017).

Russia set up Glavset (Internet Research Agency) in 2013 in St Petersburg to carry out cyberwarfare. Russia's campaign against Ukraine, following the invasion and annexation of Crimea in 2014, started in earnest with a cyberattack on Ukraine's power grid in December 2015 which left 230,000 Ukrainian families in the dark for several hours. But Russia had already attacked Ukraine with a massive misinformation campaign. That was the prelude to Glavset's operations in the USA itself: in 2015 Glavset began working on influencing the US presidential elections. At the same time another Russian agency, GRU (the Russian CIA), was working in the same space and in March 2016 its hackers successfully embarrassed the Hillary Clinton campaign by publishing confidential emails. The two agencies continued to work to make sure that Donald Trump (a crook somehow affiliated with Putin) would become president (in November 2016 Trump ended up losing the election by three million votes but becoming president on a technicality).

Again, the USA was not just a victim. In February 2015 Kaspersky Lab (a Russian firm) published a detailed report about the "Equation Group", widely considered being NSA agents, and about the technology that led to Stuxnet. And in August 2016 a group known as the Shadow Brokers posted on the Internet malware produced by the NSA. One of these NSA malware tools was Eternal Blue, which hackers (possibly from North Korea) used in April 2017 to attack computers around the world, notably in Britain and Russia (computers that had not installed the patch to protect from Eternal Blue). On May 12, 2017, the worldwide WannaCry ransomware used this exploit to attack unpatched computers. Then another NSA contractor, Harold Martin, stole a huge trove of data before he was arrested in October 2016 (whether he was a member of the Shadow Brokers or not is still unknown). In 2016 North Korea's Musudan missile tests kept failing because of a successful US cyber-operation.

But 2016 will be remembered as the year when the Russians staged a massive form of "implicit" propaganda on the Internet. It started with the the millions of messages in favor of "Leave" (of Britain leaving the European Union) spread by Russian "trolls" on social media, and it ended with a similar operation targeting Hillary Clinton. Both worked. That's when it became clear that cyberwarfare is not only about cyberterrorism and cyberespionage but also about "cyber-propaganda" at a distance. In 2018 a former Cambridge Analytica employee, Christopher Wylie, revealed that Cambridge Analytica, using a software developed by Aleksandr Kogan at Cambridge University, had stolen the private information of millions of Facebook users and used it to manipulate political elections. That was the equivalent of a cyberweapon used within a civil war.

There's been an expansion of cybercrime (with many cases of ransomware), but also of cyberpolice: in 2018 Ukraine arrested Gennady Kapkanov, who set up the "Avalanche" network used by more than 200 cybercriminals around the world, and in 2019 Georgia arrested Alexander Konovolov, the ringleader of the GozNym cyber-crime gang which stole millions from banks.

The first major case of ransomware that got "weaponized" to hurt a country took place in June 2017, when the malware NotPetya caused damage mainly in Ukraine but also in several Western countries.

Perhaps even more disturbing was the fact that in 2020 a Florida teenager, Graham Ivan Clark, masterminded a massive Twitter hack against some of the world's richest and most influential people and companies. For fun.

International cyberwarfare has only increased since then: in 2019 Iran's banks were attacked and information about 15 million accounts was stolen and published online and the New York Times revealed an extensive program by the USA to attack the Russian power grid with malware; in 2020 Russian hackers breached multiple US government agencies (the "SolarWind" hack); in 2021 Microsoft accused China of a state-sponsored cyber-attack on Microsoft Exchange servers worldwide, Russian hackers "DarkSide" disrupted a major fuel pipeline of the USA (the Colonial Pipeline), and Russian hackers "REvil" unleashed a ransomware attack on the software firm Kaseya.

(Copyright © 2021 Piero Scaruffi)
See also my timeline of Cyberculture and Hacker Culture