Security has long since turned from an amateur hacking contest into a business with criminal masterminds, but every time you find yourself writing down such a statement a nagging doubt squeaks from the back of one’s mind. Is this trite assumption actually true?
They might not exactly be amateurs, but the hackers who carry out their craft for reasons other than profit have recently made a comeback. A few weeks back it was an entire country – Estonia - that found itself under concerted electronic attack. The motivation was allegedly political resentment by Russian nationalists over Estonia’s removal of a war memorial, and the backers were claimed to be the Russian government itself.
This week it has been the turn of the Chinese military to come in for a broadside from the US Department of Defense over claims that it is pursuing electronic warfare as a strategic method of offence against the US and its allies. Accusations of this ilk against China are not new, though this is the first report to put them into context as deliberate acts.
These are extraordinary claims; two sovereign governments attacking the infrastructure, companies and individuals of another as an act of e-aggression. But let’s wonder aloud on the implications of all this.
1. Such attacks rely to some extent on the ability of attackers to remain anonymous. On the Internet proof is hard to pin down once an attack has happened.
2. Such attacks also rely on a lack of adequate defence, or the belief that security can be overcome in old-style hacking or denial-of-service terms.
3. If military and other vital infrastructure uses the Internet, or parts of it, for communication, is that infrastructure not immensely vulnerable to such attacks? Or, is this vulnerability not an example of naïve use of modern computer networks by experts who should know better?
4. Should state-backed cyber-attacks be feared for their potentially high economic cost? Presumably, states would fear counter-attacks, so this is hard to assess.
The reality of cybercrime is not that in future one type of e-criminality will give way to another, but that anything goes. New types of criminality will appear, overlapping one another. For now it is the money-makers with their Trojans and spam that catch our attention, but the political hackers could be the wave to watch out for.
The future will be messy until these questions are answered. Policy makers might one day fear such vulnerability for its economic cost almost as much as they fear the human costs of old-style killing wars today.