My CAJ Experience

I guess the CAJ exam tomorrow will mark the end of this project and therefore the end of my blogging about cyberwar. In a way I am, of course, relieved that I finally concluded another task this semester, but I am also a bit sad for not having an excuse for researching an actually interesting topic on the internet. To end my CAJ project and to get a bit of an overview of my blogposts, I will use this post to resume my work and to talk a bit about what I learned from this project.

In the last few posts (I don't know exactly how many posts I wrote related to cyberwar) I talked about hackers, about what they are doing, their punishments when they get involved in cyberwar, the wish for their recruitment to reinforce cyber security, their targets and the difficulty of tracking them, as well as about a cyber conflict that involved Israeli and Saudi Arabian teams of hackers. I also talked about the two, probably most famous cyber attacks: Stuxnet and The Estonian Cyberwar. Looking at cyberwar from a different angle, I talked about the role timing played in cyber attacks, about a mathematical equation for calculating the perfect moment to attack and about the argument that "a cyberwar won't exist". As cyberwar is also directly linked to cyber security, I introduced a TED talk about cyber security and linked this to preparations for a cyberwar by the U.S as well as to cyberwar games. Last but not least, I tried to link cyberwar to the use of drones by the military and the revolution that could cyberwarfare could lead to in the military.

Looking back at my blogposts I regret that I did not focus on some more aspects of cyberwar. Even though I read about the different cyberwar scenarios that people fear, I never blogged about it. I could have easily linked this to doomsday preppers for example. I would also have liked to talk about an experiment when hackers succeeded in hacking into a car by using radio frequences, or to talk about some more famous cyber attacks.

If I had the chance to start the project all over again, I would start with simply reading a lot about cyberwar. Then I would go on to create a mind map about all the different topics I read about and how they could relate to each other. I would plan my posts better and try to bring them into order before actually putting them online, instead of letting myself be led from one topic to another.

Even so, I have to say that I greatly enjoyed this project. I learned a lot about cyberwar and cyber security, but I also learned a lot in English. Looking back at this project also taught me how important organization is, mainly if a project develops over a period of several weeks or even months.

The U.S prepares for a Cyberwar

http://securityaffairs.co/wordpress/12070/security/how-the-us-are-preparing-to-cyber-warfare.html

In the context of cyber warfare, the US and Israel are generally considered the most advanced countries, as they have allegedly participated in the creation of the first official cyber weapon, Stuxnet, as well as in many other sophisticated cyber-attacks. As both nations suffer an increasing number of cyber-attacks daily and are therefore improving their cyber capabilities. The Pentagon has even announced a major expansion of its cyber army to defend national infrastructures in 2013.

They announced that the Defense Department’s Cyber Command would be increased from 900 to 4000 units and that the resources dedicated to the operations in cyberspace were going to be quadrupled. In addition to the expansion of the Cyber Command, a restructure into three distinct areas, namely

1.      “national mission forces” is responsible for the protection of computer systems that support the nation’s power grid and critical infrastructure.

2.     “combat mission forces” is responsible for offensive operations.

3.     “cyber protection forces” is responsible for Pentagon’s computer systems security.

was planned.

In order to further expand their cyber warfare capabilities, Pentagon has even involved private companies, universities and computer-gaming companies in the development of certain technologies. Mainly now the U.S has started to massively invest in cyber defense, so as to respond to cyber threats and to attain the ability to launch successful cyber-attacks against hostile states.

The goal of one specific project, in cooperation with DARPA, is to develop a new generation of cyber soldiers, AI, able to prevent cyber-attacks and to launch itself strong offensive cyber-attacks. The research program has a duration of five years and will be financed with $110 million.

Not only the US, but governments all over the world are searching for a cyber strategy that provides an optimum balance between a good cyber offense and defense, as most cyber-attacks are characterized by the necessity of an immediate cyber response in order to avoid the destruction of assets and resources.

As cyber espionage, hacking and warfare operations are shifting to cyberspace, the US and any ther government must improve its cyber capabilities.

Cyberwar Games

http://www.optimalrisk.com/Advanced-Cyber-Defence-Services/Cyber-War-Games
http://www.zdnet.com/largest-ever-cyber-wargame-tests-europes-defences-7000028871/

As cyberwar has increasingly gained attention in recent years, the popularity and importance of cyberwar games has been on the rise as well. As experts mention that it becomes more and more apparent that static security measures are one of the greatest risks of sophisticated cyber attacks, agencies are trying to strengthen their ability to recover quickly from cyber attacks and to resume normal operations.

In order to be prepared for destructive cyber attacks, a combination of sophisticated technology and managerial procedures is needed. The reaction of staff in the situational analysis, decision making and communication need the greatest improvement in a crisis. The general knowledge of organisations on cyberwar, their capabilities and their awareness of the threat of cyberwar can be elevated by the simulation of a cyberwar.

 Those war games generally consist of a series of desktop exercises and masterclasses over a period of two days. In the first phase attempts to create a familiarity with the general knowledge on cyberwar and how to manage it. In the second phase the game itself takes place. One team starts to attack the computer system of an organization, which is in return observed and accompanied by mentors through their response to these attacks. The whole process of attacks and counter-attacks are assessed and evaluated. The third phase consists of a workshop in which the war game is analyzed and the performances of different organizations are compared and contrasted.

Recently Europe’s largest ever cybersecurity war games have begun in order to test the cooperation of EU countries in the event of a cross-border cyber attack. More than 200 organisations will take part in this event, including energy companies and telecom operators.

The scale of this cyberwar game should also prove that Europe takes the threat of cyberwar seriously. The whole event is organized by the European Union Agency for the Network and Information Security (Enisa).

16 cybersecurity incidents which were similar to real life cases, were given to the participants. The results were then investigated and analysed by security professionals in terms of confidentiality, integrity and availability of sensitive information.

International Regulation of Cyber-Warfare

Several experts in cyber-security, cyber-intelligence, cyber-warfare and cyber-terrorism gathered in 2013 at an event entitled “International Regulation of Cyber-Warfare”. The fact that the current framework of international law is silent on the concept of cyber-warfare was criticized my many; demanding a regulation of cyber weapons.

The main question remains how exactly the law should be applied to cyber operations. Many referred to the “Tallinn Manual”, created by a group of experts on cyber security, as a possible option for how international law applies to cyberspace. In this manual, several factors that play an important role in classifying a happening in cyberspace as a cyber-attack are elaborated.

Several difficulties that could arise from applying international law to cyber warfare were equally discussed. As an example for this, the discrimination between civilians and combatants was mentioned as being problematic, as this would require that the attack be carried out against a specific group of IP addresses. The requirement of combatants wearing a fixed distinctive sign recognizable at a distance would equally be difficult to meet.

Even so, cyber war now poses a real threat to national security with rising number of cyber-attacks carried out by an increasing variety of actors, including hackers, spies, companies and states.

The experts then discussed the definition of cyber weapons in order to create the possibility of applying international law to their use. They mentioned that cyber weapons must be deployed within the context f a cyber-warfare act, that the purpose of the cyber-attack must be a physical destruction or damage caused directly or indirectly and that the means to achieve this outcome have to involve technological information systems. A cyber weapon is therefore a device of computer instructions used in a conflict between national or non-national actors, with the purpose of causing physical damage to people or equipment.

Even though the event continued with mentions of legal and non-legal nature, underlining the interest of the participants in a regulation of cyber weapons, no decision on how law could be applied was made.

 http://isiseurope.wordpress.com/2013/11/06/international-regulation-of-cyber-warfare/

NEW CAJ: Cyberwar Abstract

The purpose of this CAJ is to provide information on the topic of cyberwar that has become a general topic of discussion recently and about  a potential threat to the future of human beings. In the following blog posts, famous cyber threats will be covered, but the difficulties in defining recent cyberattacks as cyberwar and the probability of the future outbreak of a cyberwar will equally be discussed. Several scientific journals as well as websites dedicated to cyber security and to technology in general, just as TED talks on topics related to cyberwar, served as the sources of information of this CAJ. The research conducted on the topic of cyberwar concluded that greatest difficulty in defining cyberwar is the fact that it is hard to track cyberattacks back to their source and that series of cyberattacks can only be considered an act of war if a nation leads its operation. This further leads to the assumption that the outbreak of a cyberwar is highly unlikely. To further research cyberwar, the different forms of cyberattacks that could be used in cyberwar will be presented and theories about the potential risk of a cyberwar outbreak will be elaborated.

ABSTRACT: “WHEN ZOMBIES ATTACK: MATHEMATICAL MODELLING OF AN OUTBREAK OF ZOMBIE INFECTION”

ABSTRACT: “WHEN ZOMBIES ATTACK: MATHEMATICAL MODELLING OF AN OUTBREAK OF ZOMBIE INFECTION”

The purpose of the article is to demonstrate the flexibility of mathematical models and to prove that modelling can respond to a variety of biological challenges, including outbreaks of zombie infection. To prove this, five mathematical models were taken into consideration. The timescale in each of these models was short, so that the birth and death rates of humans could not influence the outcome of the equations. In addition to that, only humans were considered susceptible to zombie infection in all five models. The first three models conclude with the fact that a coexistence between humans and zombies is impossible, as this will eventually lead to the eradication of humans. According to the fourth model, in which the existence of a cure for zombiism is taken into consideration, humans would be able to survive in low numbers. Only the fifth model, which includes the factor of an impulsive eradication of zombies, would allow humans to survive the outbreak relatively undamaged. Though the scenario of a zombie outbreak is unrealistic, these findings can in real life be applied to examine the allegiance to political parties or diseases with dormant infection.

CAJ: Cyberwar Abstract

The purpose of my CAJ is for me to learn more about cyberwar and about  a potential threat to the future of human beings. In my CAJ I will not only try to cover famous cyber threats, but also the difficulties in defining recent cyberattacks as cyberwar and the probability of the future outbreak of a cyberwar. For getting more information on those topics, I read a lot about cyberwar in various scientific journals as well as on websites dedicated to cyber security and to technology in general, but I equally listened to TED talks on topics related to cyberwar. What I figured out so far is that a big difficulty in defining cyberwar is the fact that it is hard to track cyberattacks back to its source and that series of cyberattacks can only be considered an act of war if a nation is behind its operation. This further leads to the assumption that the outbreak of a cyberwar is highly unlikely. To further research these topics, I will attempt to find out more about the different forms of cyberattacks that could be used in cyberwar. I will equally try to research theories about the potential risk of a cyberwar outbreak.

Death Penalty for Hackers who engage in Cyberwar

After talking about the involvement of hackers in cyberwar, I guess it is quite important to mention what exactely could happen to hackers who involve in cyberwarfare. Well, up to now hackers have been charged with lengthy prison sentences in the U.S, but it seems that they could soon face even harsher penalties, to be more precise: death.

According to a group of military law experts, NATO should have the right and legal justification to use military force against hackers who help other countries launch cyberattacks on the U.S. Even though currently international law prohibits attacks on civilians, even in wartime, the report published by those military experts, called Talinn Manual, advises NATO to drop the legal protection of hackers who help another country sabotage the U.S' computer networks. This report therefore creates the first outline of a set of rules to follow in the event of a cyberwar.

To justify the attack on a civilian, even if he is a hacker betraying his own country, the target would have to pose a serious national security threat. His attack would likewise have to threaten the life and health of other civilians.

Even though the Tallinn Manual depicts what should happen to a hacker in the event of a cyberwar, the report does not answer the question of how to trace a cyberattack back to the attacker. Most hackers use a technique known as “spoofing”, in which they route their attacks through computers around the world, to cover their virtual traces. Another problem of the Tallinn Manual is the fact, that it does not clearly define when a hacker becomes a national threat and loses his their national protection.

While some experts agree that the U.S military should have the right to use physical force against hackers who attempted to threaten their country's population, others are troubled by the report and mentioned that it did not reflect the views of NATO countries.

There has not yet been a decision on whether or not the Tallinn Manual would come into force. Another strategy, the Pentagon's first formal cyber strategy that concluded that cyberattacks from another country could be considered an act of war and merited a lethal response, was released in 2011.

 

My CAJ Topic in General Terms: Cyberwar

My CAJ topic in general terms

My CAJ topic of choice this semester is cyberwar and even though it is quite easy to define this topic, it is quite tricky to find reliable information on cyberwar on the internet, as, according to several science magazines and newspaper articles, there has not yet been a cyberattack that could be considered an act of war.

Generally cyberwar can be defined as a solely Internet-based conflict that takes place through electronic and not physical means. The means of a cyberwar are, of course, cyberattacks which do not only have the power to  disable websites and networks, but they can also disrupt important services, steal classified data or alter data and cripple entire financial systems. Recent developments in robotics, which led to the creation of unmanned vehicles or drones, would even allow cyberattacks of even greater scale if hackers succeed in infesting the sophisticated computer system of those drones.

Furthermore, it is important to know that in order to define cyberattacks as an act of war, it is essential that a government or state admits having played a role in those attacks. As this has, up to this point, never happened in history and as it is extremely difficult to trace cyberattacks back to its source, we cannot yet speak of the outbreak of a cyberwar.

When we talk about cyberwar, it is, however, indispensable to include the topics of cyber security and cyber technology, as both of them are inextricably linked to cyberattacks and therefore to cyberwar in general. 

The role timing plays in cyberwar

http://www.nature.com/news/the-best-time-to-wage-cyberwar-1.14502

An important question when it comes to cyberwar is the question of timing. Should the hacker launch a cyberattack right at the moment he succeeds to enter the target’s computer or should he wait for an even better opportunity to attack? The problem in waiting too long is that the target could become aware of the intruder and fix the vulnerabilities in his computer system.

A new mathematical model that allows users to calculate the ideal timing of a surprise cyberattack has already been invented. An example for this is the Stuxnet worm, which infected an Iranian nuclear enrichment plant and went unnoticed for almost one and a half years. For Stuxnet a immediate attack was not the more rational approach.

If we compare cyberwar to convential warfare then a nation should wait patiently for the right occasion to use cyberweaponry. Terrorists, however, might think quite differently as this and just want to cause as much damage as possible at a random point of time. If the attackers are quite sure that the vulnerabilities in a security system are unlikely to be discovered and patched any time soon, then it would be quite reasonable for them to save their cyberweapons for a high-stake situation. At other times a zero-day cyberattack, in which the target has zero days to prepare for the attack, might be preferable. Stuxnet, for example which relied in four computer vulnerabilities being open at the same time, had to be dispatched as soon as possible.

The important question is whether the use of offensive cyber technology is productive or not. 

Hackers in Cyberwar

Following my attempts to link cyberwar to robotics, I mean to link my CAJ topic to yet another one: Hacktivism. As you all can probably imagine hackers play a central role in the ongoing cyber conflicts and could play an important role in a future cyberwar.

The first example I want to mention is the cyber conflict that took place in 2012 between Israeli and Saudi Arabian hackers, sometimes even whole teams of hackers. During the ongoing cyber conflict, the credit card information of thousands of Israeli credit card holders was revealed on numerous websites. Those attacks lead to counterattacks, which lead to more counterattacks, causing increasing damage to innocent civilians. Hackers attempted to uncover the other hackers’ identities. Meanwhile the following attacks revealed the passwords and e-mails of thousands of people, official websites, including stock exchange sites, were targeted and taken down. Even though these attacks did not physically hurt the residents of both Israel and Saudi Arabia, numerous people suffered partly great financial losses.

As the cyber arms race continues, military thinkers and governmental advisers attempt to persuade the US government to recruit elite computer hackers. John Arquilla, a professor of defence analysis at the US Naval Postgraduate School in Monterey, California, mentions that the brilliance of hacking experts is needed, as the US’ cyber technology is not as sophisticated as the technology its foes use to launch cyber attacks.

The main problem of this plan is that hackers and the government are not quite on good terms, mainly due to the lengthy jail terms for hacking. Arquilla estimates that there are only around 100 master hackers in the world, most of them situated in Asia and Russia. This is another reason why security agencies should exploit the talent and abilities of those genius hackers that are actually willing to work for them. He mentions that it is possible to stop militant organizations such as Al-Qaeda by disrupting their communications.

Arquilla stresses that he did not fear a full-scale cyberwar on the U.S, but instead multiple, small attacks which could lead to hundreds of billions of dollars in losses. Russia, China, even North Korea own highly sophisticated computer systems and know their strategic uses, but the average American system is completely helpless when he is used in some hacker’s botnet. With simply recruiting computer hackers, the U.S military could save millions of dollars and regain its position in the cyber race.

Sources:
http://www.theguardian.com/technology/2012/jul/10/us-master-hackers-al-qaida

http://thenextweb.com/me/2012/01/18/everything-you-need-to-know-about-the-ongoing-israeli-saudi-hacker-struggle/

Have Cyberwarfare and Drones Revolutionized Warfare?

As I already did in my lost blog post, I will try to concentrate on linking my CAJ topic to that of another student, concentrating once again on robotics. While doing some research on cyberwar linked to robotics, I came upon an article in the New York Times, informing about how robotics and cyberwarfare revolutionized warfare.

As proof of this assumption, the Battle of the Coral Sea, in which naval forces from Japan fought against the allied forces of Australia and the US, is mentioned. This was the first act of war in which carrier fought versus carrier, an inevitable result of the development of air, radio and radar technology. In military affairs this battle was considered a revolution. The revolution continued as nuclear and space weapons developed, but the most recent advancements in military capabilities include cyberwarfare and, of course, drones.

The authors of the article believe that the revolutions in military affairs of the 21^st century will be dominated by advancements in software and hardware. They introduce drones as military weaponry able to increase the strike distance of the military, while simultaneously placing no lives at risk. A great problem of these drones, however, is the fact that basic jammers could easily disrupt their ability to function properly.

Just as drones, cybertechnology is a method that succeeds in extending the military’s reach while protecting lives from real harm. A great example for this type of attack is the Stuxnet worm, which I have already introduced in a precedent blog post. Cybertechnology allows hackers to gain access to computers all over the world, even if those don’t have direct Internet access. With the infrastructure currently in place, satellites and fiber cables, a good code could be an extremely effective weapon. This shows that cybersecurity becomes more and more important and should not be underestimated.

Cybertechology and unmanned vehicles both have one great advantage: they make it hard to identify the source of the attack. There is a risk that both technologies will make it easier to wage war, as there are not that many lives at stake any longer. In the future, man sitting in front of computers might be the soldiers of the upcoming wars.

According to the authors, the U.S is doing well in wanting to train new security and cyber professionals. They are worried though, that there is currently an inadequate number of leaders and experienced engineers that develop those future warriors. The authors stress the importance of both robotics and cybertechnology in future warfare, emphasizing that those two cannot be separated. The underlying problem remains, that the nation’s leaders might never know the moral, social and political consequences that the use of cybertechnology and unmanned vehicles in war could lead to.

Drone Wars – When Cyber War becomes Real

In today’s post I will attempt to link my CAJ topic, cyberwar, to the CAJ topic of another student, namely robotics. I followed Bianca’s blog for quite a while and in one of her posts she wrote about drones and military robotics in general. I think that this topic can be linked quite well to cyberwar.

In the last few years an arms race has been going on, specializing in the creation of unmanned military equipment. In 2008, for example, about 12,000 ground robots were used in war. Congress has decided that by 2015, one third of all military ground vehicles are to be unmanned. Just as the with ground robots, Arial drone technology is advancing rapidly.

As I already mentioned in my last blog post, there has been a hype going in about cyberwar, even though the instances of cyberwar that have happened up to now point more to espionage and sabotage than to a real act of war. This would, however, change if these automated war machines were to be hacked and if a virus would suddenly change their intended target.

There have already been situations when military robots have acted erratic and acted upon by external sources such as electronic interferences. This has not yet posed a problem, but if this happened to armed robots, the consequences could be serious. An example for these disturbances are electronic jammers, often used in US vehicles to prevent improvised explosive device (IED attacks) can cause drones flying overhead to crash.

Already now many military, as well as civilian, computer systems are under constant attacks, so we can imagine that it is only a matter of time until automated military systems will be targeted as well. Up to know, luckily, no instances of automated systems being affected by viruses or attacked by hackers have been reported. If somebody would, however, succeed in injecting a code into these systems, allowing them to remote control military drones, a real cyberwar might ine day become reality.

Sources

http://cyberarms.wordpress.com/2011/11/02/drone-wars-when-cyber-war-becomes-real/

There won't be a cyberwar?

http://www.slate.com/articles/health_and_science/new_scientist/2013/09/cyberwar_and_cyberattacks_it_s_really_espionage_subversion_or_sabotage.html

While researching my CAJ topic I recently found an article saying that cyberwar has never existed and probably never will. I generally do not like arguments that try to prove that something will never happen, for the simple reason that we can never say for sure that it won’t.

Anyways, the author of this article reasons that we cannot call the ongoing conflicts in the cyberworld a cyberwar for several reasons. According to him there are three features that are needed for cyber conflict to be considered cyberwar. First of all, the computer breach would need to be violent and able to hurt or kill people. Otherwise, so the author suggests, the attacks could not be described as an act of war. He further mentions that the act of cyberwar would need to be instrumental and compel the other to do something they would generally not even consider doing. Lastly, he mentions that there has to be a political motivation behind those attacks.

If those features define a cyberwar, we have not yet experienced one. Up to now there has been, according to the author, no injured person as a consequence of a cyberattack and there has been no nation yet that has taken credit for a cyberattack. As it is possible to cause an electricity blackout or interrupt a city’s freshwater supply or even to attack industrial control systems though, a cyberwar is definitely possible. Up to now, this has luckily never happened.

The author further explains that cyberespionage, a quite usual activity of cyberattacks, as well as cybersubervsion, the act of using social media to undermine authority, is not and cannot be considered cyberwar. In general he even says that the concept of cyberwar is misleading, as it is not violent, as a real war should be. The last comment he makes on cyberwar is, that the armed forces need to stay focused on fighting and winning the real wars of the future.

Of course I understand the reasoning used in this article and if it all of the author’s facts are true; it is possible that we have yet to experience a real cyberwar. We know, however, that cyberwar could happen in our world that is so dependent on technology. I personally think that one day cyberwar will happen, as it is the perfect opportunity for countries with little power and a small population to fight their opponents.

The difficulties of tracing a cyber attack back to the attacker

What is true for the Stuxnet worm and the Estonian cyberwar is true for most cyber attacks, mostly the sophisticated ones among them.  In general, it is difficult to trace the attacks back to the original attacker and to find the real culprit behind the many attacks on another nation. The reason for this is quite simple. No intelligence service launching attacks on another nation would want to leave footprints that could lead back to them. They would want to deny their involvement in the stealing of data etc. and to proclaim innocence.

In addition to that, the more sophisticated opponents can easily hide their footprints by launching their attacks from a third country. And let’s be honest here: There are a lot of communication facilities around the world that could easily be hacked and used for an attack. China is one of those countries that are especially susceptible to being used as a platform for third-country-cyberattacks. The reason for this are its poorly secured networks, that hackers have no trouble taking over. China’s network is so vulnerable, because security practices are generally poor and because more than 90% of the software used in China is pirated. This makes it hard to obtain security updates and patches. More than three quarters of Chinese computers are generally found infected with malware. Just as vulnerable as the Chinese networks are American universities, as their large networks must be accessible at all times to hundreds, maybe thousands of students. This makes them especially vulnerable to misuse as a platform for cyber attacks on other American facilities.

In short, it can be said that just because an attack can be trace back to China, this does not necessarily mean that China is behind those attacks. The problem is that every nation has certain countries that it suspects of wanting to steal classified data or attack its industrial facilities. If an attack is traced back to one of those countries, the victim might not even think about investigating further for finding the real culprit.

Another aspect of cyber criminality that changed greatly in recent years is the availability of sophisticated hacking tools. In the past only well-established intelligence services had the power to launch cyberattacks. Nowadays, even a small virtual community of skilled cybercriminals could cause the same amount of damage. A large corporation might therefore just hire cybercriminals to steal certain data.

Cyber espionage is probably the form of attack that had benefitted most from the rise of the internet, as “information that once required physical access or recruitment of agents can now be downloaded from afar.” China is continuously copying the U.S military and even developed computer network operations capable of attacking U.S information centres and probably even infrastructure in the event of a conflict. Not only China, but also Russia, France, Israel and even North Korea own similar programs.

Even so, the main goal of all these attacks is to remain unnoticed and to have covered your digital footprints well enough in case the attacks are noticed by the victim. What matters is not really who is attacking, but how to secure data in general. This could be done by authenticating users, encrypting data, regular patching and of course by monitoring the systems for intrusions.

Famous Cyber Attacks: #2 Estonian Cyberwar

http://blogs.law.harvard.edu/cyberwar43z/2012/12/21/estonia-ddos-attackrussian-nationalism/

The Estonian Cyberwar will not go down in history as the first example of a real, full-scale cyberwar, but probably as one of the largest coordinated cyberattacks up to now. It is important to clarify the fact, that the Estonian cyberwar cannot really be classified as cyberwar, as it only had minimal impact on the Estonian economy.

The whole incident started out in 2007 with the Estonian government planning to relocate a memorial of WWII, the Bronze Soldier of Tallinn, from its original place. This led to tensions between the ethnic Estonians and Russian-speaking immigrants in Estonia and even strained relations between Estonia and Russia, as the protests regarding this relocation became more and more numerous.

The whole situation ended with countless cyberattacks, distributed denial of service (DDoS) attacks, on Estonia, which lasted for several days. The main targets of these attacks were Estonian banks, news agencies, private Estonian companies as well as government websites. Though these attacks lead to a slowing-down of commerce and to several hours of offline servers, the real-world damage of these attacks was only minimal.

Evidence suggested that the attacks were of Russian origin, though it was not clear whether the Russian government had played a role in the attacks or not or whether the whole thing was the work of patriotic Russian hackers. Only two years later it was found out that the perpetrators of the attack were members of the Nashi youth group, a state-affiliated organization.

The Estonian cyberwar has not become famous for its scope or uniqueness, but for the fact that it established cyberattacks as a political weapon. Through cyberattacks, a nation achieves the power the silence another nation, to take over its infrastructure and destroys their ability to communicate with the world outside its borders.

We still do not know whether or not a full-scale war could be the result of cyberattacks, or a cyberwar, in that case. What we know is that there is an ongoing arms-race taking place in the cyberworld, but we are unsure about how it could affect the lives of civilians.

CAJ Rhetoric Analysis

http://www.pcmag.com/article2/0,2817,2410931,00.asp

In his argumentative text “Cyber War? Bring It On!” John C. Dvorak undermines the credibility of recent publications mentioning the imminent threat of cyber warfare by making several assumptions seem ridiculous.

The pathos in this argumentative text was only partly convincing, as the author mainly tried to establish his own credibility by undermining the credibility of other authors. Dvorak, for example, stated that none of the assumed cyber terrorists could possibly have the intention to start a cyberwar. This is either due to their close interaction with the “targets” of cyber attacks, or because they simply do not possess the means to start a cyber war.

Dvorak succeeds, however, in making good use of ethos in his article, as he takes on the role of a calming friend who refutes one by one, each claim that believers of the theory of an oncoming cyberwar make. What is even more important, he makes those claims look ridiculous in his readers’ eyes and therefore makes them feel embarrassed for having taken those claims seriously. The effect of this use of ethos is, that readers start to believe that the threat of cyberwar is nothing but simple “fear-mongering”.
The logos in this text is also well succeeded, as Dvorak logically links his ideas with each other and gives detailed explanations for each of his train of thoughts. He mentions, for example, that a similar situation of panic spreading within the population due to a computer programme already happened in the past and that this threat had turned out to be quite harmless. He even gives credit to the usefulness of the momentary situation, in saying that this new threat might lead to improved cyber security.
All in all, the article is quite convincing, though the author could have done a better job in convincing his reader by establishing himself as a more credible personality. 

Rhetoric in: Whoa, Dude, Are We Inside a Computer Right Now?

In his article “Whoa, Dude, Are We Inside a Computer Right Now?” Ben Makuch attempts to open his readers’ eyes to the possibility that the world we live in is nothing but a computer simulation.

In his argumentative article, Ben Makuch makes good use of logos, ethos and pathos and therefore achieves his goal of persuading his readers.

He first establishes the credibility of this theory in mentioning that “people like Nick Bostrom, the director of Oxford University’s Future of Humanity Institute, seriously consider“ this theory and in referring to credible sources such as Rich, “a well-regarded scientist, the director of the Center for Evolutionary Computation and Automated Design at NASA’s Jet Propulsion Laboratory“. After mentioning these reputable sources, Ben Makuch further succeeds in establishing credibility by mentioning general laws, such as Moore’s Law, and by comparing technical findings to mathematical rules and physics.

He simultaneously appeals to the readers’ emotions in proposing that a Korean child could be controlling us right now and in consequently stirring our feelings of fear and panic that this could be the case. Already in the title of his article “Whoa, Dude, are we inside a computer right now?” he starts to build a relationship with his readers and takes on the role of one of their friends, who is just as curious and excited about this idea as we are. By mentioning that “every college student with a gravity bong and The Matrix on DVD“ has had the same idea before, he turns the ideas mentioned in his article into our ideas and makes his readers believe that they already thought like him before.

Makuch’s use of logos is shown in the various examples given for why it would be possible for us to be living inside a computer simulation right now. He first lets his readers know that this theory is not a new one, but has in fact been “kicked around for centuries“. Makuch continues by explaining that according to Moore’s Law computing power doubles every two years and that it will therefore be possible to create a computer simulation of the world we live in right now at some point. Last, but not least, he cites the the observable pixelation of the tiniest matter and the eerie similarities between quantum mechanics, showing how much our world resembles a computer simulation.  

In sum, the author makes perfect use of rhetoric, logos, ethos and pathos, and succeeds in making his article credible, personal and logical.

Famous Cyber Attacks: #1 Stuxnet

In the next few blog posts I would like to introduce a whole new aspect of my CAJ topic: Famous Cyber attacks. With the number of cyber attacks increasing annually, Pentagon has decided to consider cyber attacks acts of war. There are a number of those attacks out there that have become extremely popular; one of them being Stuxnet.

Stuxnet is frequently referred to as the world’s first cyber weapon. The malware, also known as a worm, was first discovered in June 2010 by a computer security firm in Belarus on the computer of one of their Iranian clients. What shocked computer specialists most about Stuxnet was the fact that this piece of malware could control things in the physical, real world. While it is still unclear who created the Stuxnet virus and what exactly the worm was targeting, it is well known that Stuxnet could even make whole motos blow up. The whole program was designed to sabotage and attack control system and consequently allow sabotage in pipelines, nuclear plants and other facilities.

Ever since the first computer was reported to have been infested with the Stuxnet virus, the worm has spread to more than 100.000 machines in 155 countries, though most infections are reported to have taken place in Iran. This explains why the suspected target of the Stuxnet virus is Iran. The worm first spread via an infected usb flash drive and later searches for vulnerable computers on the network in order to keep spreading.

Computer and control system security professionals like Ralph Langner, like many others, suspects that the main target of the Stuxnet attack were one of Iran’s nuclear power plants and an uranium enrichment facility located in the same country. The owners of these facilities, however, refuse to admit that the virus took control over their plants and there is likewise no nation that admits to having created Stuxnet, though the main suspects for this task are Israel and the U.S.A.

What is even more dangerous now than the Stuxnet virus itself is the fact that this functioning piece of malware was released on the internet and is now available for hackers to be further developed. 

Cybersecurity and Cyberwar

http://blog.ted.com/2014/01/16/p-w-singer-on-cybersecurity-how-to-protect-yourself/

In his TED talk, military analyst P.W. Singer addresses cyber security and cyber war.

According to Mark Burnett, a security consultant, the main problem of cyber security, or security in general, are not the government or the industry, but the many individuals making use of technical devices connected to the internet. The government provides standards and enforces regulations and the industry adapts their products to these standards and regulations. The functionality of security systems depends, however, on how the consumers use these products. Apparently most of them do not care about their own security. At least this is what a study named “Perfect Passwords” suggested, which shows that the most common password was “password”.

It is therefore of great importance that the average user changes his attitude towards security. Though the internet might not be completely bad, there is a lot of criminality happening in this virtual world. This leads us to the realization that what we need is proper cyber education. We need to know how to properly use electronic devices without downloading viruses every few minutes.

Here is some of the advice given to internet users (by P.W Singer)

1. Access and Passwords
A good password should be regularly updated, long and consist of a mix of numbers, signs and letters. Using very easy passwords is as useful as not using any password at all, as several free software tools (Cain and Abel, John the Ripper) provide automated password-cracking. Also, the same password should not be used on various websites.
What is most important of all, however, is the fact that your e-mail password should be particularly strong, as you will receive e-mails when you reset all other passwords.

Of course passwords can only protect information up to a certain point, and there is still a high chance of them being cracked at some point, if somebody really attempts to crack them. Certain institutions, such as banks for example, therefore use multi-factor authentication. In multi-factor authentication more than one object or piece of knowledge is required. To access your bank account, for instance, you need to use your card AND type in your password. This of course, is not a 100% secure system…but it is more secure than only using a single password.

2. Systems and Equipment
Many security breaches in equipment are widely known and therefore patches for them are often available online, sometimes even free. By regularly updating browsers and in installing security updates countless cyberthreats can be avoided. Another task that could help protect users from cyberattacks is to secure wireless networks, as those are one of the main targets of cyberattacks. Given all these threats and the limited amount of methods to secure data, all data should be saved on an external hard drive.

3. Behaviour
Most threats to our computer systems enter through carelessness of its users. To avoid vulnerabilities of our systems, it is important to never open or download data from sources we don’t know or can’t verify. Of course it is also recommended to use the highest privacy and security settings available.

How you should behave on the internet?

According to P.W Singer it’s best to not be afraid, but to be wary