Antony Lloyd, The Times:
The strategy being developed by Lord West is not limited to risk assessment; retaliation is part of the package. “We could do what these people do [to us] if we wanted to,” he said. “We’re looking at … the ethics of all of this. If someone dropped a bomb on us, I would have no hesitation in shooting their bloody plane down and giving them a slapping … So we need to think through how we react to these ‘other things’ and the implications.”
The murky world of cyberwar is inhabited by small-time hackers, criminal syndicates and people operating with the support of their government.
“Everything that happens to us is called an ‘attack’,” said a senior official with a lead role in British cyber operations, “[but] most of what we see on a large scale … is about the exfiltration of data — theft, not an attack.” There exists, however, an overlap between the interests of hostile state intelligence agencies and cybercriminal syndicates seeking to steal intellectual data for profit. Russian cybercrime syndicates, better known as partnerka, lead commercial espionage in Europe and are known to have links with Harry and his comrades in the FSB. China has its own dedicated cyber operations headquarters within the People’s Liberation Army but also holds top rank in the league of cyberhostile countries — the list used by Western security companies to warn business clients of cyber-threat.
The West’s nuclear strategy was based on deterrence — the assurance that a guaranteed second strike would prevent a first strike from coming. Yet cyberwar is more complex because the attacks have certain things in common: they are fast, cheap and hard to trace.
“Attribution is unbelievably difficult,” admitted Lord West. “These guys could attack [as if it was from] your site — the attacks would come in from different nodes in a strange way that you can’t even identify. Follow the attack back and it gets to you — but it wasn’t you.”
The sophistication of commercial and state-sponsored activity has developed immensely since the attacks on Estonia and Georgia, with denial-of-service operations now considered relatively low-grade. More worrying is “zero-day malware” — an unidentifiable new generation of Trojan programs that are implanted into a host computer and lie dormant until activated.
“Let’s say that someone has received an e-mail that looks like it’s from someone they know, about a subject they feel comfortable with,” said Ian McGurk, associate director for information security at Control Risks, a security consultancy. “As a consequence they trust the material. If there’s an attachment — a photograph, a Word document, whatever — embedded within that attachment is some sort of malicious code that is going to install itself on the machine. That machine is then compromised, and a Trojan is installed that can search for information.”
As well as transmitting information back to its handler, zero-day malware can also hand a computer to outside control before going on to infect an entire system.
Raimund Genes, the chief technical officer ofTrend Micro, said: “We grew up fearing the mushroom cloud, now we should fear a roomful of hackers with their electricity and internet bills paid for by a government.”