New
battlelines drawn in
cyber-space By Victor Kotsev
What is the relationship between the
self-imposed blackout of Wikipedia and the
September 2007 Israeli air raid against an alleged
Syrian nuclear reactor? The sophisticated worm
Stuxnet, dubbed the first cyber-weapon in history?
Or the "cyber-war" between Saudi and Israeli
hackers? And while we are on it, might we add
WikiLeaks and the debates on media freedom?
On Wednesday, a number of leading Internet
media, including Wikipedia and Wired, launched a
protest against two bills, ostensibly intended to
combat Internet piracy, which are making rounds in
the United States Congress - the Stop Online
Piracy Act (SOPA) and the PIPA whose full name has
undergone several transformations but which was
originally called the Protect Intellectual
Property Act.
In a recent editorial, Wired
magazine calls the two "legislation
that threatens to usher
in a chilling Internet censorship regime here in
the US comparable in some ways to China's 'Great
Firewall'." The article expands, "They would
create a terrible precedent that other regimes
could use to justify their own censorship efforts,
potentially fragmenting the Internet into so many
islands." [1]
Rumors of plans to firewall
off parts of cyber-space and to impose tighter
controls over what happens there have been
circulating for some time now. Such a measure may
seem grotesque and improbable (if not downright
impossible), but even more bizarre things have
happened. Let us recall, for example, how the
regime of former Egyptian president Hosni Mubarak
instantaneously "found an off switch for the
Internet" last February. [2]
Fundamentally, other governments'
motivation to try to control cyber-space bears
some similarity to Mubarak's. Over the past 10
years or so, the Internet has grown so much in
significance in most countries that it has become
an inseparable part of daily life. Not only is it
a powerful social medium, but key networks either
depend on it or are connected to it in some way,
and are thus vulnerable to disruption. For a
state, a measure of control over cyber-space is
increasingly becoming an important part of
exercising sovereignty.
The most recent
example of these patterns is this week's
"cyber-war" between Israeli and Saudi hackers. On
Monday, a group led by a pro-Palestinian Saudi
hacker who goes by the name 0xOmar brought down
the websites of the Tel Aviv Stock Exchange and
the El Al airline and published on the Internet
thousands of Israeli credit card numbers. Days
later, Israeli hackers brought down the sites of
the Saudi Stock exchange and the Abu Dhabi
Securities exchange in reprisal, and published
personal information (including credit card
numbers) of thousands of Arabs.
While this
particular exchange seems to have created more
noise than real damage, sophisticated hacking
attacks on various institutions and systems have
grown ever more frequent in the past years.
Hacking, moreover, has become an important part of
clandestine operations and intelligence gathering.
On the more extreme end of things, the
cyber-weapons used against the Iranian nuclear
program illustrate the potential of this type of
"warfare". According to some reports, Stuxnet was
only the most discussed of several potent viruses
unleashed against the Islamic Republic of Iran.
[3] As studies of Stuxnet have shown, these
viruses carry enormous destructive potential, and
could cause staggering damage to key civilian
systems if used imprudently.
Attesting to
their effectiveness, Iran was forced to upgrade
some of its uranium-enrichment centrifuges against
such attacks, [4] and reportedly decided to invest
$1 billion in its own cyber-warfare program. [5]
A clarification is due. While the romantic
popular image of hackers as independent geniuses
who occasionally act in teams for a cause has
persisted, reality, for the most part, is
different. Hacking today has increasingly become
more of a technical matter; the most pure
paradigms for this are military cyber
capabilities. For many years, the leading world
militaries have possessed sophisticated platforms
which allow the remote hacking of radars, enemy
communications, and other networks.
Eli
Lake writing for the Daily Beast, for example,
provides a fascinating account of the Israeli
drone-based platforms allegedly used against Syria
in 2007 and perhaps awaiting an even tougher test
against Iran. [6] In turn, Iran also reportedly
used a similar a system, purchased from Russia, to
down a stealthy American drone last month.
Even the civilian arms of the US and other
governments allegedly possess systems that allow
anybody with a certain amount of basic training to
execute a fairly sophisticated hacking attack
against a remote computer.
For
individuals, save for a select few true geniuses,
hacking has become a matter of crowd-sourcing: not
so different in concept from what WikiLeaks'
founder Julian Assange (a hacker himself) did. In
fact, not only are the tools and methods for
hacking usually acquired almost ready to use, so
is in some cases also the data that hackers claim
to have stolen.
Hacking attacks typically
exploit technical flaws that are ubiquitous and
have already been discovered. This is especially
true about less sophisticated hackers, but even
high-powered government cyber experts such as the
alleged creators of Stuxnet have taken this path.
[7]
Such methods, though fairly crude, are
nevertheless quite effective. Even attacks that
require a fairly low level of competence - for
example, using an "army" of infected personal
computers around the world to "flood" a server
with connection requests - often succeed in
bringing sites and systems down.
The
danger is that practically anybody can be a hacker
in this way, and this brings up the issue of
enforcing discipline in cyber-space with even
greater urgency. In some ways, cyber-war is a
golden opportunity for states to pass restrictive
legislation.
A similar pattern can be seen
in debates about media freedom in the context of
the WikiLeaks revelations, and indeed in several
other types of social debates. Over the past
decades, improved means of travel and
communication have given rise to powerful
decentralized human networks, which in turn have
started to challenge the sovereignty and fixed
borders of traditional states.
A backlash
seems practically inevitable - and it seems that
we are already starting to witness some of that
defensive reaction of governments.
Head
Office: Unit B, 16/F, Li Dong Building, No. 9 Li Yuen Street East,
Central, Hong Kong Thailand Bureau:
11/13 Petchkasem Road, Hua Hin, Prachuab Kirikhan, Thailand 77110
