Extended Project: What Is Cyberwarfare and To What Extent Does It Pose A Significant Threat To World Security and The Future of Humanity?

WHAT IS CYBERWARFARE AND TO
WHAT EXTENT DOES IT POSE A

SIGNIFICANT THREAT TO WORLD
SECURITY AND THE FUTURE OF
HUMANITY?
By
Maurice Yap
Peter Symonds College
Research-based report for the AQA Extended Project Qualification

October 2014
What is cyberwarfare and to what extent does it pose a significant threat to world security and the future of humanity?
ABSTRACT
Cyberwarfare, the use of computers and computer programs and infrastructure as weapons in their own
right, has been reported widely in recent years by the media, but it has generally been below the surface of
mass public attention. Not much is known, by the general public at least, about the hazard it poses to people
around the globe. I have used numerous media, academic and other sources to investigate cyberwarfare
techniques uses now and in the past and the potential threat its use poses in the future. The conclusions the
report have reached are that cyberwarfare does not, at the moment, have the potential to cause mass
destruction through manipulating social infrastructure, but will do quite soon in the future; software firms
and governments have a huge role to play in upholding national security; online censorship is
unsustainable; and many battlefields will soon be incorporating a cyberwar-front.
Where the words China or Chinese are used in my report, they refer to the Peoples Republic of China (Mainland
China) as opposed to the Republic of China (Taiwan).
The PLA is the Peoples Liberation Army, the military of the Peoples Republic of China.
All uses of the dollar currency ($) in this report refer to the US Dollar.
NATO is the North Atlantic Treaty Organisation a military alliance comprising of European and North American
nations including the USA, France, Turkey, the UK and Germany.
Islamic State
The Islamic fundamentalist militant group currently (late 2014) fighting in and controlling large parts of Iraq and
Syria, self-titled in Arabic, ad-Dawlah l-Islmiyyah, is referred to in the media and by government officials by
different names. Islamic State, the English translation of this, has been abbreviated to IS, as in the case of the BBC,
ISIS, by the New York Times, the Guardian and Reuters, or ISIL as is done by US and UK government officials and
previously by the Associated Press agency.
This group is referred to in this report using the acronym, QSIS, for "Al-Qaeda Separatists in Iraq and Syria." The
name, Islamic State, suggests that the group's ideology and activities are to some extent, representative of the religion
of Islam. As most Muslims around the world totally disassociate themselves with their ideology and activities, I feel the
use of this name is disrespectful to them.
ii
TABLE OF CONTENTS
1. Introduction ........................................................................................1
1.1. What is cyberwarfare? .............................................................................................................................. 1
1.2. Significant incidents ................................................................................................................................ 2
1.3. Purpose and execution............................................................................................................................. 2
1.4. History and development of cyberwarfare .............................................................................................. 3
1.5. Electronic warfare .................................................................................................................................... 3
2. Information Warfare .......................................................................... 5

2.1. Propaganda .............................................................................................................................................. 5
2.1.1. Islamic Extremism and QSIS ............................................................................................................ 5
2.2. Internet censorship and filtering ............................................................................................................ 5
2.2.1. Political agenda ................................................................................................................................. 6
2.2.2. Prevention of terrorism .................................................................................................................... 7
2.2.3. Prevention of Digital piracy .............................................................................................................. 7
2.2.4. British ISP pornography and indecent content filter ....................................................................... 7
2.3. Censorship in China - The Great Firewall of China .............................................................................8
2.4. Censorship in North Korea .....................................................................................................................8
2.5. Censorship in Iran ................................................................................................................................... 9
2.6. Censorship in Turkey the aftermath of the 2013-14 Gezi Park protests .............................................. 9
2.7. Opposition to censorship......................................................................................................................... 9
3. Hacktivism ........................................................................................ 11
3.1. Anonymous ............................................................................................................................................. 11
3.2. 2008 South Ossetia War ........................................................................................................................ 11
3.3. Syrian Civil War (2011- ) ....................................................................................................................... 12
4. The use of cyberwarfare techniques by governments ......................... 13

4.1. Cyber-espionage .................................................................................................................................... 13
4.2. Hacking allegations against China ........................................................................................................ 13
4.3. United States of America....................................................................................................................... 14
4.4. United Kingdom .................................................................................................................................... 15
4.5. European Union (EU) ........................................................................................................................... 15
4.6. NATO..................................................................................................................................................... 16
4.6.1. NATO CCDCOE............................................................................................................................... 16
4.7. North Korea ........................................................................................................................................... 16
4.8. China ..................................................................................................................................................... 16
4.9. Iran ........................................................................................................................................................ 17
iii
5. Cybercrime and cyber-terrorism ...................................................... 18

5.1. Koobface and botnets ......................................................................................................................... 18
6. Stuxnet ............................................................................................. 20
6.1. Activities of Stuxnet ...............................................................................................................................20
6.2. The source of Stuxnet ............................................................................................................................ 22
6.3. Why is Stuxnet so dangerous? .............................................................................................................. 23
7. Potential damage to social infrastructure ......................................... 24

7.1. Australian sewage spillage incident ....................................................................................................... 24
7.2. Transport infrastructure ....................................................................................................................... 24
7.3. Energy-related infrastructure................................................................................................................ 25
7.4. Financial sector ..................................................................................................................................... 25
8. Political issues regarding cyberwarfare ............................................ 26

8.1. Industrial cyber-protection ................................................................................................................... 26
8.2. Government publicity ........................................................................................................................... 26
8.3. Legal issues regarding cyber-espionage and cyberwarfare................................................................... 26
9. Concluding points ............................................................................ 28

9.1.1. The future use of computing technology in war ..............................................................................28
9.1.2. The future of cyberwarfare..............................................................................................................28
9.1.3. Information warfare........................................................................................................................ 29
9.2. Conclusion .............................................................................................................................................30
10. Reference List .................................................................................. 31

11. Bibliography .................................................................................... 34
TABLE OF FIGURES
Figure 1: slide show images which were used to deface President Saakashvili's website (Danchev, 2008) ... 12
Figure 2: the illegitimate tweet sent out by the Syrian Electronic Army on The Associated Presss Twitter
account (Foster, 2013) ..................................................................................................................................... 12
Figure 3: the office block in Pudong, Shanghai which is alleged to host Unit 61398 (Reuters, 2014a) .......... 14
Figure 4: an example of a private message sent by Koobface through Facebook (Uwang, 2011) ................... 19
Figure 5: a Siemens Simatic industrial controller, identical to the ones affected by Stuxnet (Ulli1105, 2007)
.......................................................................................................................................................................... 21
Figure 6: a carbon fibre rotor tube (Broad, 2008) .......................................................................................... 22
Figure 7: a still shot from a video of the Aurora test (Zetter, 2007) ................................................................ 25
Figure 8: tweets by three Twitter users about the Israel-Hamas war in 2014 ................................................ 29
iv
1. Introduction
1.INTRODUCTION
The development of computer science throughout the second half of the 20th century has probably been
one of the greatest and most influential feats of human technological achievement. Its impact on the world,
through being the foundation of space exploration; advancing the medical field; revolutionising
entertainment; aiding engineering and architecture and the creation of the World Wide Web make
computers a cornerstone of modern human society.
In that time, computing technology has also been widely used by the worlds militaries. Its digital
communication capabilities have transformed the way armies operate and computer systems in weapons,
such as guided missiles and fighter jets, have helped to reduce collateral damage in times of war.
Increasingly in the past decade however, computing has itself become a weapon. A completely new domain
of warfare has been created, fought not in the seas, on land, in the sky or even in space; it is being fought in
the realm of cyberspace on computer networks and systems. It is cyberwarfare.
1.1.WHAT IS CYBERWARFARE?
The use of computers or the internet to spread propaganda, access classified information, disrupt
electronic surveillance systems, or attack information technology-dependent infrastructure
targets. (Wither, 2008)
Whilst computers are widely used to assist military operations, this report focuses on pure cyberwarfare
politically motivated conflict fought within computer systems themselves.
There are four main areas of cyberwarfare:
Strategic warfare using computers to directly attack civilian infrastructure systems like power
grids, transport systems and water and gas pipelines to cause chaos in a particular territory;
Cyber-espionage covertly gathering intelligence using computers from networks and databases
which can be used for military or political purposes (Crystal, 2005);
Cyber-disruption disrupting and sabotaging the internet and other information systems;
Cyber-terrorism using the internet and computing technology by terrorist groups to spread fear
and destruction (The Economist, 2012a).
This report also discusses the role of computer-based information warfare cyber-attacks which control
and disrupt the availability of information and propaganda. This includes "hacktivism" actions taken by
civilian groups like Anonymous, hacking computer networks to archive political or social objectives.
Information warfare is also a large part of cyber-terrorism, where the internet is used to spread terrorist
groups propaganda. The true extent as to which cyberwarfare is taking place is difficult to trace because in
many cases, attacks go unnoticed. Also, much of it is undertaken by governments and takes place covertly
so information about these activities may not be made public for reasons of national security reasons.
Extended Project 2014 | Maurice Yap 6946
1. Introduction
1.2.SIGNIFICANT INCIDENTS
An early example of a high-impact cyber-attack took place in Japan in July 2000. The countrys
commercial Docomo service was, at the time, providing email access to mobile phones. Emails from an
unknown sender containing malicious code that hijacked users phones, were sent to a very large number of
its users. This contained code which dialled 110 on the phone, Japans emergency number (equivalent to the
UKs 999 or 112). Because this attack became successful on such a massive scale, the entire countrys
emergency phone services became overloaded and unusable.
In September 2007, the Israel Defence Forces (IDF) are alleged to have hacked into Syrian radar
systems to stop them from detecting Israeli fighter jets. This allowed them to carry out a successful series of
airstrikes on Syrian military targets.
The 2008 South Ossetia War between Russian and Georgian forces saw websites of institutions on
both sides taken down through distributed denial-of-service (DDoS) attacks or defaced using a technique
called SQL injection. This incident is explored in chapter 3 of this report.
There was an exchange of cyber-attacks between groups based in Pakistan and India in late 2010. A
group calling itself the Indian Cyber Army attacked Pakistani government websites, in retaliation for the
Mumbai terrorist attacks that happened two years prior. A month later, a group similarly called the
Pakistan Cyber Army attacked India's CBI (Indian equivalent of FBI).
In March 2013, South Korea's three major banks - Shinhan, Woori and NongHyup and broadcasting
stations, KBS, YTN and MBC became victims of a cyber-attack. Over 30,000 computers at these firms were
affected. Public and media speculation suggested that this may have been done by North Korea (DPRK) in
retaliation against US and South Korean military exercises and sanctions imposed on North Korea for
nuclear testing.
Perhaps the most widely known case of cyberwarfare took place in 2010. The Stuxnet computer
virus was discovered on millions of computers around the world and was found to have attacked the Iranian
uranium enrichment facility at Natanz, causing the cessation of nuclear enrichment for several months.
This will be discussed in detail in chapter 6 of this report.
1.3.PURPOSE AND EXECUTION

Generally, only the governments and militaries of nation-states have advance cyber-attack capabilities.
Many, particularly the most sophisticated, of known cyber-attacks are carried out by countries, either
directly through government agencies, or by proxy using state-sponsored hacker groups. Countries known
or widely suspected to use cyber-attacks include the United States, the UK, Israel, Russia, Iran and China.
In 2012, James A. Lewis, who studies cybersecurity at the Centre for Strategic and International Studies
(CSIS) in Washington, said that at least 12 of world's 15 largest militaries are developing cyberwarfare
programs (Shane, 2012).
In peacetime, cyberwarfare techniques are covertly used by government intelligence agencies to achieve
national objectives and protect national interests through espionage and offensive operations. Such
techniques can also be used as part of a war or armed conflict to gain the upper hand on an opponent
through gathering intelligence or disrupting their operations. Furthermore, strategic cyber-attacks targeting
transportation, communication, social infrastructure (e.g. water, gas, electricity) and banking computer
systems can cause economic damage and disrupt civilian life, causing absolute turmoil in a country. In
extreme circumstances, human casualties can also result. This severely undermines the attacked countrys
ability to win a war.
1. Introduction
Because of the strong dependence of many modern economies on the internet, performing DDoS attacks
that make websites and data servers inaccessible to users can quickly cause economic damage to individual
firms; however, attacking nameservers which direct web addresses (URLs) to websites can very quickly
cause great economic damage to a country because it effectively renders all the websites registered to that
countrys top-level domain (TLD) (the last label of a URL, for example, in http://www.psc.ac.uk, .uk is
the British TLD) offline, creating a depression in economic confidence and preventing online-conducted
business to take place. Large-scale DDoS attacks also prevent the flow of information, vital in times of war
and conflict.
1.4.HISTORY AND DEVELOPMENT OF

CYBERWARFARE
Alan Turing, referred to as the father of modern computing, was one of the most important people in the
development of the modern computer. His team at Bletchley Park developed analogue machines using
algorithms to unscramble the Enigma code used by Nazis. This saved many lives and contributed to the
Allied victory. Whilst this was not an offensive use of computing in war, it certainly an important precursor
to cyberwarfare as algorithms (a finite set of mathematical instructions) are the mathematical basis of all
computer programmes. The team also created the worlds first programmable digital computer, Colossus, to
decrypt codes. It could therefore be said that the development of computers stemmed from war.
Since then, Sir Tim Berners-Lees creation of the World Wide Web (internet) in 1989 has revolutionised the
manner in which information spreads. People using it were now are able to discuss and find out news
stories before they were reported in newspapers or on television, which were previously the main sources of
such information (Ai, 2012). Online social media has done a lot for freedom of speech as it has created more
freedom to share ideas and common feelings. The internet, therefore, has been a very important focus for
users of cyberwarfare because of its strong possibilities and capabilities in information warfare.
One of the first known cases of actual cyberwarfare was as far back as 1982. The CIA tampered with a
Canadian computer-control system which was later stolen by the Soviets and used to control a major gas
pipeline. It had been programmed to reset all pump speeds and valve settings to a pressure unbearable for
the pipes after a long period of time. This, according to former Air Force secretary, Thomas Reed, resulted
in "the most monumental non-nuclear explosion and fire ever seen from space." (The Economist 2010)
1.5.ELECTRONIC WARFARE
Whilst not a form of cyberwarfare, electronic warfare (EW) very closely relates to cyberwarfare. EW is the
fight for control of the electromagnetic spectrum, across which radio communications, TV signals, mobile
phones and radar operates. The objective of EW is to make sure friendly forces can use the electromagnetic
spectrum securely and conversely, to stop enemies from using it using techniques like jamming, which
stops radio signals from being broadcast (Miller & De Lia, 2006). The military of the United States has a
very strong focus EW (Association of Old Crows, n.d.).
In 1912, the British Committee of Imperial Defence said that if war were to break out, the military must
quickly destroy German underwater telegraph cables. On 5th August 1914, shortly after the outbreak of
World War 1, HMS Telconia steamed to a position off Emden and cut and reeled in several thousand feet of
German cables under the English Channel. This contributed to the Allied victory because the cables ran to
German allies and agents in Europe and North America. The Germans now only had a single telegraph
cable left, which ran from western Africa to Brazil (the others the previously used were all British owned). It
1. Introduction
meant the Germans were forced to use radio instead, which was very easily intercepted. It caused many
diplomatic, naval and other military coded messages to be received by the admiralty.
EW also was successfully used as part of the Gulf War. On 17th January 1991, coalition forces broadcast
noise and jamming signals that interfered with Iraqi communications airwaves. Within an hour of the start
of this assault, the Iraqi IADS (Integrated Air Defence System) radar system completely collapsed. Within
days, most of their radar-supported SAM (surface-to-air missiles) missiles were out of operation. Many
aircraft flying over Iraq carried and utilised radar signal jammers to protect themselves from detection by
Iraqi radar and SAMs.
In the 21st Century, the vast majority of US casualties in Operations Iraqi Freedom and Enduring Freedom
were caused by RCIEDs (radio controlled improvised explosive devices). They were disguised bombs which
were activated by an insurgent when he called a mobile phone attached to the device. US forces were able to
stop these attacks and save many lives using EW techniques.
2. Information warfare
2.INFORMATION WARFARE
2.1.PROPAGANDA
In a war, propaganda warfare is fighting for representation of the war. Because of its wide access and use,
the internet has become a key battleground for this as it is near impossible to regulate or officiate. Online
propaganda can therefore move very easily and freely. 2012 data shows that 87% of people were connected
to the internet in the UK, as well as 81% in the USA, 42.3% in China and 39% globally (Buzzle, 2012).
During peacetime, it can be used for morally good purposes, for example public health campaigns, morally
neutral purposes like advertising and political activism and bad purposes, for example terrorist recruitment
and deliberate disinformation (Johnston, 2013). Because of the very popular social media platforms that
have been created over the past decade, like Facebook and Twitter, propaganda-generation is becoming
more widespread meaning that propaganda-generation is accessible to all people.
2.1.1.ISLAMIC EXTREMISM AND QSIS

Islamic Jihadist internet forums gained influence after the 11th September attacks on the World Trade
Centre in 2001. As more and more people became influenced by them, the internet became a new and more
accessible platform to spread violent extremist ideas to followers around the world. On 2 nd March 2011, Arid
Uka shot dead two US soldiers at Frankfurt Airport after watching videos of radical preachers and being an
active member of one of these extremist forums (Deutsche Welle, 2014). Many jihadists are also active on
Twitter and Facebook. Propaganda can be generated from all around the world remotely with no physical
contact, making jihadist groups more effective at radicalising Muslims.
In 2014, QSIS widely used social media to gain support, with accounts originating in Saudi Arabia, Kuwait
and other gulf states. Photos and statements were posted on Twitter and Facebook to show operational
strength and territorial advances using pictures of their checkpoints and lists of towns they controlled. On
15th June 2014, images were posted of captured Iraqi security personnel showing their capture and murder.
They became viral and were shared widely around the world. Graphic videos of bombings, suicide missions
and assassinations, were also published, including that of the infamous murder of American Journalist,
James Foley, in August 2014.
Their use of very professionally produced propaganda videos were used to show the world that very well
educated people from western countries had gone to join their operations. Videos in western languages such
as French, German and English, were posted asking Muslims around to world for public support on social
media. The "One Billion Campaign", started by a German QSIS supporter on Twitter, encouraged a billion
posts to be posted in support of QSIS on Twitter, Instagram and YouTube. On 20th June 2014, an Arabic
hashtag appeared on Twitter, #theFridayofsupportingISIS, which was used to ask for supporters to post
videos and photos of themselves with QSIS flags on social media sites. Thousands of posts from QSIS or by
its supporters were posted each day during this period (ongoing at the time of writing).
The BBC (2014) suggests that QSIS posts to spread fear, not to gain general support. It posts nothing about
charity work or social services; instead, violent execution videos, and so isnt meant to appeal to the general
public, but instead, to radical extremist Muslims.
2.2.INTERNET CENSORSHIP AND FILTERING

Many governments censor the internet in their countries to various different extents. There are many
reasons governments choose to restrict information flow on the internet, including securing intellectual
property rights, ensuring national security, preserving cultural norms and religious values and shielding
children from pornography and sexual exploitation.
Governments generally have four options available to them in order to impose censorship:
The first is blocking websites and web pages using technological means. IP (Internet Protocol)
blocking is where all access to target sites is completely blocked by preventing connections to their
web servers. DNS (Domain Name System) tampering is another technique, where there the servers
which direct a URL domain name to a servers IP address (name servers) are tampered with. This is
a technique currently in use by Chinas government.
The second option is removing search results from internet search engines. This is done either
through a formal (often secret) request from the government to search engines, like Bing, Google
and Baidu, to remove search result entries, or if refused, forcing them to do so through legal actions.
Taking down sites by legal action or threat of it by authorities is the third option, however, this
option only works when the website in question is hosted on a server within that authoritys legal
jurisdiction.
The final option is psychologically coercing people into self-censorship being restrictive about
what websites they visit, the terms they search for and what they post online. This is effective when
people know or highly suspect that they are being monitored by the government, and that they could
face legal action, arrest or imprisonment for illegal online activity.
Technical filtering can take place on four levels:
The highest level is done through the countrys connection to the internet backbone (physical cables
and network routers). Governments can program (or force companies to program) these switches to
block certain websites using IP blocking or DNS tampering, as mentioned above.
The next level is through ISPs (internet service providers), who use IP blocking to prevent their
customers from reaching websites.
After this, individual institutions can enforce censorship and filtering by programming internal
network switches and routers. Businesses and academic institutions frequently do this to stop staff
or students from wasting time or bandwidth, to protect their networks from viruses and malware
and to prevent children in schools from reaching adult content.
The lowest level is device-based filtering filtering software on individual devices. It is frequently
used by parents on the devices used by their children, again, to prevent them from accessing content
intended for more mature audiences.
2.2.1.POLITICAL AGENDA
One of the biggest reasons why governments around the world impose censorship is for political reasons.
An example of this was when conservative Russian politicians in 2008 tried to get rid of the dangerous
teen trend of Emo culture through censorship laws. The Duma (Russian parliament), on the grounds of
spiritual and ethical education, decided to heavily regulate Emo-culture websites and blocked many of
them. This supplemented a ban on Emo and Goth fashion from schools and official buildings (Truthloader,
2014c).
The Arab Spring protests and revolutions of the early 2010s saw many governments, including those of
Bahrain, Egypt and Libya, used various forms of internet filtering and censorship to try to stop the spread
and influence of anti-government protests. This was done for the purpose of trying to preserve existing
administrations (Rashid, 2013). Syria was also accused of destroying three of their four national backbone
routers to significantly reduce internet access to its citizens (Truthloader, 2013a).
2.2.2.PREVENTION OF TERRORISM
MI6 used aggressive censorship in 2011 to prevent the spread of terrorist ideas through propaganda and
dangerous information to protect the British public from terrorist attacks (Gardham, 2011). It hacked into
an Al-Qaeda-affiliated website and a magazine produced by the radical preacher, Anwar al-Awlaki, was
replaced with cake recipes by Ellen DeGeneres popular American chat show. Al-Awlaki was a leader of AlQaeda in the Arabian Peninsula (AQAP) who previously lived in the UK and USA.
This magazine, Make a bomb in the kitchen of your Mom, was written to recruit "lone-wolf" Englishspeaking terrorists. It included dangerous information like instructions showing how to make pipe bomb
with a timer, match heads, sugar and a miniature light bulb. Articles by Osama bin Laden and Al-Qaedas
second-in-command, Ayman al-Zawahiri were also removed.
In 2014, the Iraqi Ministry of Communications also used censorship to reduce terrorism by completely
blocking Twitter, Facebook and other social media sites which were widely used by QSIS to spread their
influence. At the time, QSIS had occupied large parts of Iraqs territory.
2.2.3.PREVENTION OF DIGITAL PIRACY

Digital piracy is the illegal distribution of copied copyrighted digital files, predominantly music, commercial
software and films. It is facilitated through online file-sharing sites, BitTorrent-protocol transfer and
physical distribution of, for example, DVDs of pirated films.
In 2014, an agreement between British ISPs and the entertainment industry was announced to reduce
digital piracy. ISPs agreed to send up to four notices to users found to have taken part in digital piracy, with
each notice becoming stronger in tone. To date, ISPs cannot impose sanctions on repeat offenders because
this agreement isn't a legal one. This is an example of an attempt at causing self-censorship to take place as
offenders are faced with civil legal action by entertainment companies.
Technical blocking by the main UK ISPs has also been used in recent years to block websites used for
piracy. In 2013, they were forced, through a High Court order, to stop its users from accessing websites
including The Pirate Bay, KickassTorrents and BeeMP3.
2.2.4.BRITISH ISP PORNOGRAPHY AND INDECENT CONTENT FILTER

Since 1996, child abuse images have been blocked in the UK by the Internet Watch Foundation.
In 2013, David Camerons UK government proposed a compulsory pornography filter to be imposed by
ISPs, which users must voluntarily opt out of by un-ticking a box when purchasing broadband, in order to
stop the corroding" influence of pornography on children and prevent them from accidentally coming
across it. Other than pornography, categories of websites proposed to be blocked included forums, selfharm, alcohol, "extremist related content", anorexia and eating disorder and suicide-promoting. An article
in Buzzle (2012) said that two out of every three childrens parents don't know what they are doing online.
However, such filters are not always successful. The BBC (2013b) reported that on a similar web filter
system, some large pornography websites remain unblocked but sex education websites are blocked. The
writer of this essay has also found that the word, sects is blocked on many public WiFi networks with
family filters, like those in coffee shops and on public transport. Filters are also not difficult for people who
are have more computer-related knowledge to easily get round.
The Open Rights Group (2014) suggests blocking extremist websites make be counter-productive as it gives
the impression that they are being persecuted and oppressed, stirring up sympathy for them.
2.3.CENSORSHIP IN CHINA - THE GREAT

FIREWALL OF CHINA
The Peoples Republic of China is the worlds most populous country and has 600 million internet users. It
has an infamous advanced national filter that censors and filters the internet in the country, affecting all its
internet users. The term, "Great Firewall", which is frequently used to refer to this filter was first used in an
article in the magazine, Wired, in 1997. It is used, according to the government, to prevent content which is
unsuitable for the population," from being within reach. The Great Firewall filters foreign web content that
comes into China, blocking access to "harmful" content, as well as entire domains and particular web pages.
It is recognised by most experts in the field as the world's most advanced national firewall (The Economist,
2013c).
A man named Fang Binxing is known across China as the mastermind behind the Great Firewall. He led the
team of engineers that built the central component of the Great Firewall, called Project 005. It is the most
expensive and critical part of the system and was finished, after two years work, in 2002, at a cost of $60m.
He is extremely unpopular in the country and is widely hated. On Sina WeiBo, the Chinese version of
Twitter, comments are disabled for his tweets because users used to frequently send abusive replies to every
single one of his posts. In 2011, university students in Wuhan pelted him with eggs and shoes when he gave
a speech on their campus.
The technical details of the Great Firewall are a Chinese state secret. It was created in 1999 at the National
Computer Network and Information System Security Administration Centre (now the Ministry of Industry
and Information Technology). Before that, foreign websites like human-rights organisations and Tibet and
Taiwan independence advocates were blocked but were very easily bypassed by knowledgeable users.
Attempts to access Facebook, Twitter or a banned keywords, including names of dissidents and
controversial events like Tiananmen Square massacre, results in a connection error page. A video on
YouTube by Google showed that searching for a banned term using the Googles search engine results in
Google itself becoming blocked for 90 seconds after the search (Google Videos, 2012). Sites and topics
which are blocked currently and have been blocked in the past by the Great Firewall include the Dalai
Lama, reincarnation (because Buddhists believe that the Dalai Lama will be reincarnated into another
person after he dies, which is a big political issue for Chinas Communist Party (Truthloader, 2014c)),
Facebook, The New York Times, and the BBC News website.
In recent years, the Great Firewall has become even more sophisticated: it is able to intercept messages on
chat software from foreign sources, disrupt VPNs and throttle (severely slow down the connection to).
The pro-democracy activist, Ai Weiwei (2012) believes that China is afraid of free discussion. That is why,
he argues social networks are banned and information is deleted. The Committee to Protect Journalists
(CPJ) says that Chinas Citizens are becoming more and more informed and connected with the world and
so longer accept government "propaganda" as factually correct news. They also don't stay silent when lives
being affected by injustice (The Economist, 2013b).
Iran, Pakistan and Vietnam have developed their own Great Firewall-inspired systems.
2.4.CENSORSHIP IN NORTH KOREA

The World Wide Web is largely absent in the Democratic Peoples Republic of Korea (DPRK); only the most
senior leaders in the Workers Party have any sort of access to the internet so that there is no "risk of foreign
defection or ideological infection" to the citizens of the country (The Economist, 2007). IT development in
North Korea, which is severely disrupted by a very unreliable electrical grid, is almost exclusively used for
military, government or industrial purposes (Billo & Chang, 2004).
The Korea Computer Centre, set up in 1990 by Kim Jong-Nam (Kim Jong-Ils eldest son) at estimated cost
of $530 million, is the institution which dictates the countrys IT strategy is the Korea Computer Centre.
The computer experts that work there received training in China, Russia and India and are regarded as
some of the best in the world (Lintner, 2007).
In 2000, North Korea launched a fibre optic cable-connected nationwide intranet network called
Kwangmyong, which means bright" in Korean, and includes a browser, government-monitored email
programme, news articles and a search engine. Those with access to the world internet find information for
Kwangmyong so that useful technical information and data can be accessed by research institutes, factories
and schools without the government losing control of the information flow in the country (The Economist,
2007).
2.5.CENSORSHIP IN IRAN
Most ISPs in Iran are government owned or controlled (i.e. by universities and think tanks) because
independent ISPs are expensive to set up and run as they must be linked to the internet via Satellite. The
Iranian government, like China, filters out a lot of content using ISP-level blocking for ideological and
political reasons. A report by Charles Billo and Welton Chang (2004) suggested that this has caused Iranian
youths, most of whom are ideologically more liberal, to be disgruntled at the governments control, creating
a hacker mentality. This is supported by the fact that the report found that lots of clandestine hacking takes
place in Iran, mostly done by the younger population.
2.6.CENSORSHIP IN TURKEY THE AFTERMATH

OF THE 2013-14 GEZI PARK PROTESTS
In early 2014, the Turkish Parliament, dominated by then-Prime Minister, Recep Tayyip Erdoans Justice
and Development Party (AK), put through a bill which imposed heavy restrictions on the internet. It was
triggered by the leaking of online recordings which supposedly showed bribery, tender-rigging and moneylaundering of and by AK ministers. International commentators argued that the law was brought in as the
government didnt want these to be accessed (The Economist, 2014). The bill enabled the Turkish
Telecommunications Authority (TIB) to block any website without a court order and obliged ISPs to fully
store every single web user's internet activity data for two years and hand over these profiles to authorities
on demand.
2.7.OPPOSITION TO CENSORSHIP
In March 2014, Sir Tim-Berners Lee, the creator of the World Wide Web, said there should be a bill of
rights to protect internet users from excessive government surveillance, similar to the Magna Carta. He
said:
"We need to think about the next 25 years and make sure that we establish the principles that
web 's been based on, principles of openness, principles of privacy, principles of not being
censored." (Truthloader, 2014d)
On 5th June 2014, over 200 websites took part in the Reset the Net campaign. They put a splash screen
on their website's front pages, giving users tips on online privacy and software to ensure end-to-end
encryption. It was done in protest against NSA surveillance, a year after revelations by Edward Snowden
about this.
The US State Department contributes towards the funding and development of technology use to bypass
internet censorship in foreign countries, like highly secure mobile phone networks, internet access points
which can be smuggled into these countries (Rashid, 2013).
Tor Project created OONI-probe (Open Observatory of Network Interference), which is a computer
program which identifies websites which local governments have censored, tampered with or slowed down
access to. Its use by Palestinian news agency, Ma'an, led to a minister resigning three days after it was
shown that certain opposition political websites were blocked.
The UN views disconnecting people from the internet a direct violation of basic human rights (Rashid,
2013).
10
3. Hacktivism
3.HACKTIVISM
Hacktivism is a form of political or social activism where hacktivists try to achieve their respective
objectives by hacking and other forms of disruptive cyber-activity. The two most common methods are
distributed denial-of-service (DDoS) attacks and SQL injection. There are also other methods involving
obtaining secure data like passwords and personal details and files. Most methods used by hacktivists are
illegal.
DDoS attacks involve flooding the servers that target websites are hosted on with an enormous number of
requests to overload them so no one can access it. SQL injection exploits security vulnerabilities in software
to insert SQL code which is later executed. This has, on many occasions, been successfully used to deface
websites.
3.1.ANONYMOUS
The most famous operating hacktivist group is Anonymous. It is a decentralised network of anonymous
hacktivists around the world who cooperate in hacktivism against what they perceive as social injustice,
abuse of power and other issues perceived by members to be immoral. It originated from the 4chan internet
imageboard site in the mid-2000s.
Anonymous attacks start with individual members posting desired targets and justification for them on
forums and social networking sites to be seen by other Anonymous members (known as Anons). Some
posts then gain publicity across the network from Anons sharing them with each other. After targets are
decided, the more technically skilled members of the group carry out relevant technical reconnaissance on
the targeted websites and attempt to steal data. After this has been done, coordinated large-scale DDoS
attacks are carried out by regular Anons on the targeted websites.
An example of an Anonymous attack occurred during the 2014 Football World Cup in Brazil. The group
decided to protest in support of the citizens of Brazil against their governments lack of investment in poor
communities compared to the large amount of money spent on the World Cup. Anonymous performed
DDoS and SQL injection attacks against World Cup sponsors' websites and claimed to have carried out 141
attacks during the campaign. During the attacks, the Bank of Brazil website's front page was defaced and
the following message was placed on it:
"Money and corruption are ruining the land, crooked politicians betray the working man,
pocketing the profits and treating us like sheep, and were tired of hearing promises that we know
theyll never keep." (Truthloader, 2014b)
3.2.2008 SOUTH OSSETIA WAR

During the Russian - Georgian conflict in 2008, coordinated cyber-attacks against Georgia's internet
infrastructure were planned and arranged on Russian Internet forums and subsequently successfully
carried out by Russian or pro-Russian hacktivists.
DDoS and SQL injection attacks were conducted against many Georgian government websites to deface
them or to take them offline completely. It forced Georgia's Foreign Affairs ministry to use BlogSpot to
publish information while other government ministries moved websites onto American servers. One of the
first attacks took place in July 2008, when President Mikheil Saakashvili's website was defaced with a slide
11
3. Hacktivism
show showing him as Hitler, by posting images of similar poses by Saakashvili and Hitler, as seen in figure
1.
A test done conducted by ZDNets Dancho Danchev (2008) shows a significant number of servers for two
particular Georgian government websites down. 26 out of 30 servers based around the world for the
Georgian Foreign Ministrys website, http://mfa.gov.ge, were inaccessible and for the Presidents website,
http://president.gov.ge, 16 out of 30 were down. Georgian news sites and popular websites were also
defaced or attacked. The DDoS attacks were conducted using botnets and a custom-made http flooder tool,
freely available for all internet users to download which required no technical knowledge.
As well as government websites, one of the most popular Georgian hacking forums suffered a long-term
DDoS attack, making it difficult for opposing hacktivists to communicate. Email addresses of government
officials were also distributed, which Russian hackers used to spam with targeted malware attacks using
web links. The objective of this cyber-offensive by hacktivists was to stop Georgia from reaching the world
with real-time information on real-life warfare events (Danchev, 2008). Experts from Estonia were later
flown in to help to secure servers from attacks.
LEFT - FIGURE 1: SLIDE SHOW IMAGES WHICH WERE USED TO DEFACE PRESIDENT SAAKASHVILI'S
WEBSITE (DANCHEV, 2008)
RIGHT - FIGURE 2: THE ILLEGITIMATE TWEET SENT OUT BY THE SYRIAN ELECTRONIC ARMY ON THE
ASSOCIATED PRESSS TWITTER ACCOUNT (FOSTER, 2013)
3.3.SYRIAN CIVIL WAR (2011- )

The Syrian Electronic Army is a group of hacktivists on the side of Syrian government. They hack Twitter
accounts and websites of media organisations which it sees as sympathetic to the Syrian rebels. The hacking
of three BBC Twitter accounts in March 2013 and posting of a graphic video of a beheading to all their
followers exemplifies this. One of their actions also caused a huge economic effect; the Associated Press
Twitter account was hacked and on 23rd April 2013 at 12:07 PM, tweeted:
"Breaking: Two Explosions in the White House and Barack Obama is injured." (Truthloader,
2013a)
It caused the Dow Jones stock market index to drop by $140 billion in 90 seconds.
12
4. The use of cyberwarfare techniques by governments

4.THE USE OF CYBERWARFARE

TECHNIQUES BY GOVERNMENTS
4.1.CYBER-ESPIONAGE
Cyber-espionage is the covert gathering of intelligence from computer networks and databases (Crystal,
2005). The gathering of cyber-intelligence is done mainly by intelligence agencies, but also by criminals.
The information is used by governments and firms to help achieve their objectives, for example,
information about competitors or information about criminals and terrorists. It is done by forcefully
accessing target systems by hacking through vulnerabilities and then copying and sending data back to the
attacker. This forces companies who depend on computer systems to conduct business to use cyber
counterintelligence.
Counterintelligence is protecting against intelligence gathering operations by adversaries. Defensive cyber
counterintelligence consists of a vulnerability assessment; this can be achieved by having a team act as a
foreign adversary and try to breech network defences. The vulnerabilities are then identified and fixed.
Offensive cyber counterintelligence is used to deceive enemy intelligence collectors or gain information
about them through the use of "honeypots", where false electronic data are deliberately left insecure. Most
medium and large companies employ people and use software dedicated to making sure their software is
secure and information can't be stolen.
4.2.HACKING ALLEGATIONS AGAINST CHINA

Over the past several years, several governments, companies and organisations have expressed that they
suspect China of carrying out cyber-espionage and politically-motivated hacking. There has also been much
credible evidence found to suggest that the Chinese government supports and condones hacking through
secret funding for hacking groups. Some of the most advanced computer viruses of the early 2000s
originated in China, including Lion, Adore, and Code Red, which was traced to a university in Guangdong
province.
The Information Warfare Monitor and Shadowserver Foundation (2010) uncovered a malicious Chinese
network it named "Shadow", which was specifically used for the purpose of stealing sensitive and classified
documents from the Dalai Lama's office, official, business and academic computer systems in India, the
UN, and many other institutions. It compromised computers and installed software to upload sensitive
documents to web servers.
In May 2014, five Chinese military hackers were charged with cyber espionage by the US after allegedly
stealing trade secrets from six large energy and metals companies and workers unions for these companies.
It is just one of many complaints by US companies against Chinese hacking. China maintained its innocence
and said that it not only doesn't support hacking, but strongly opposes it.
China has also been accused of using cyber-attacks and hacking to steal technical secrets about the F-35
fighter jet made by the American firm, Lockheed Martin. The Economist (2012a) reported that in 2009,
hackers stole about 24,000 files from the company, and investigators said with a high-level of certainty,
that they had Chinese IP addresses and digital fingerprints, which were identical to those used in previous
attacks.
13

The Economist (2012a), in the same December 2012 piece, reported that China employs thousands of
software engineers to target technologically advanced Fortune 100 companies.
A suspected hacking group within the Peoples Liberation Army (PLA, the armed forces of China), Unit
61398, operates out of a plain office block on top of a military base in a suburb of Shanghai. The BBC
(2013a) reported that it had stolen hundreds of terabytes of data from at least 141 organisations around the
world. China denied this and questioned the evidence that seemed to support these accusations. BBC
reporters and camera crew filming this report were detained by the Chinese police when they tried to film
the unit's base and their footage was confiscated by them.
FIGURE 3: THE OFFICE BLOCK IN PUDONG, SHANGHAI WHICH IS ALLEGED TO HOST UNIT 61398 (REUTERS,
2014A)
4.3.UNITED STATES OF AMERICA

The United States Department of Defence created the United States Cyber Command (USCYBERCOM) in
2009, to oversee all of Americas military operations in cyberspace, including the protection of its own
military computer networks. It began operating in 2010 under the leadership of Gen. Keith Alexander, who
also directed the NSA. The NSA and Department of Defence started working together on the issue of cyberwarfare in late 2008, after a major intrusion into the classified network of the Pentagon's Central Command
using an infected USB memory stick. In April 2009, the Pentagon announced that it had spent over $100
million on repairing damage from cyber-attacks, including this one.
Guidelines for federal agencies carrying out cyber-operations, like the Office of National
Counterintelligence Executive, were created in October 2012, which included that they should help private
firms, especially those responsible for critical national infrastructure and those who are likely targets for
intelligence collection or cyber-attack by foreign organisations. The US military is supported by many
civilian hi-tech companies through services and products, and so may be seen as legitimate targets for
attack by enemies. The government also suggested that these businesses should defend themselves from
cyber-attacks by sharing security information with each other.
14

The government of the US acknowledges its countrys reliance on cyber-infrastructure and that this makes
the country very vulnerable to attack from adversaries. President Barack Obama called America's digital
infrastructure a "strategic national asset," and his administration created new rules and strategies in its
military doctrine for dealing with cyber threats. The International Strategy for Cyberspace, released by the
US government in 2011, said that the United States "will respond to hostile acts in cyberspace as we would
to any other threat," (Washington Post, 2012). The Pentagon permits neutralizing a foreign server from
where a cyber-attack originates. The Economist newspaper (2012a) speculated that Americas Allies will
probably adopt similar military policy.
Jarno Limnell of Stonesoft, a major American computer security firm, said that the US has good offensive
cyber-attack capabilities but has poor defences against it (The Economist, 2012a). In September 2010, 60
private companies and 12 international partners participated in an exercise called "Cyber Storm III", to
simulate a large-scale cyber-attack. It was used to prepare and evaluate Americas defences against such an
event happening in reality.
4.4.UNITED KINGDOM
In the UK, the Government Communications Headquarters (GCHQ) has an "operation centre" for the same
purpose as America's USCYBERCOM. Jonathan Edwards, the head of MI5, said in June 2012 that there had
been an "astonishing" number of cyber-attacks on UK industry, in particular, by exploiting internet
vulnerabilities (British Broadcasting Corporation, 2012).
In 2010, the British government spent 650m launching the National Cyber Security Programme to vastly
improve the UK's cyber security skills and capabilities.
The Intelligence and Security Committee (a group of MPs) told MI5 and MI6 in July 2012, to start covertly
counter-attacking computer networks who have attacked the countrys industry, government or military
using cyberwarfare methods, as opposed to just defending against them. They suggested interfering with
identified hostile systems to disrupt their activities and capabilities and covertly gain intelligence on them.
Their report said that cyber-attacks posed a significant threat to British national security and so defending
against them must be made a priority (British Broadcasting Corporation, 2012).
In September 2013, the Defence Secretary, Philip Hammond, announced that the MoD would recruit a large
number of cyber-security experts as military reservists for the UK to fight off cyber-attacks. They will work
in the Joint Cyber Reserve Unit (JCRU), which will work to protect the British military's data and digital
resources. Because the development of computer technology is happening so rapidly, the MoD must recruit
innovative civilians at the forefront of industry. The advantage of being employed in a reserve unit is that
these people don't have to commit to a full-time military career and can continue to work in their industry.
A series of competitions set up by the Cyber Security Challenge organisation, running since 2010, have been
used by GCHQ and private companies like BAE Systems and Lockheed Martin to recruit people with the
best skills to defend against cyber-attacks. The competitions consist of a simulated large-scale cyber-attack
on the UK that has infected banking systems (so ATMs don't work), transport systems, critical government
networks and the London Stock Exchange and is made to be as realistic as possible. There is a huge demand
in the UK by both the government and industry for people with these cyber security skills.
4.5.EUROPEAN UNION (EU)

In early 2009, France, Germany, the UK, and EU member states, were affected by the "Conficker worm. It
infected Windows computers used in their armed forces and governmental bodies, including the French
Navy, Greater Manchester Police and the British House of Commons. After this and the Stuxnet attack in
15

2010 (explored in the next chapter of this report), the EU boosted their computer defences and improved
cooperation among states to defend against cyber threats.
4.6.NATO
NATO adopted a new cyber defence policy in June 2011 which included coordination between all the states
in its alliance. It said that it needs to improve capabilities to detect, prevent and respond to cyber-attacks
and planned to create a centralised cyber protection department so that it could deal with threats more
quickly and easily. Cyberwarfare was discussed at the 2012 summit in Chicago, where NATO recognised its
growing threat because of quickly advancing sophistication, and so put priority on protecting NATO's
information and communication systems. The members of the Alliance agreed to integrate cyber-defence
into NATO Defence Planning Process.
NATO gives support to member states trying to protect their national infrastructure from attacks by sharing
information and expertise through data and experts. It also strongly cooperates in this area with the EU.
4.6.1.NATO CCDCOE
A centre for training, consultation, research and education in cyber defence and cyber security was created
by NATO in 2008 in a former Soviet Barracks in Tallinn, the Estonian capital. It is called the "Cooperative
Cyber Defence Centre of Excellence" and employs many cyber defence specialists from sponsor nations to
conduct research and to help NATO countries defend against cyber-threats. The sponsor nations are the
Czech Republic, Estonia, France, Germany, Hungary, Italy, Latvia, Lithuania, the Netherlands, Poland,
Slovakia, Spain, the UK and the US, who all provide funding and staff to the centre.
The centre was created after a cyber-attack against Estonia in 2007, which cost the country and other Baltic
states around 20 - 30 million. Web servers of the Estonian government, banks and media were attacked,
forcing the country to briefly disconnect itself from the internet completely. The attacks were triggered by a
decision to move a Soviet-era war memorial in the centre of Tallinn.
4.7.NORTH KOREA
In October 2004, the South Korean Defence ministry said that the North had trained more than 500
computer hackers capable of launching cyber-warfare against its enemies, and that its capability was
estimated to have reached the level of advanced countries (Lintner, 2007). They reported that military
hackers had been put through a five-year course to train them to penetrate and attack the computer systems
of South Korea, the United States and Japan. American observers doubted the DPRKs capabilities and said
that American firewalls could easily block attacks from it. They also said that North Koreas cyber-threat
was not a serious one.
Because of sanctions imposed on the country for various reasons, hi-tech goods for the DPRK have to be
covertly acquired using bogus companies in Hong Kong, Singapore, Taiwan and Thailand.
4.8.CHINA
China has largest conventional military in the world but doesnt have similarly world-leading C4I
(Command, Control, Communications, Computers and Intelligence) capabilities. Because it sees the US and
other NATO countries militaries as computer network-dependent (e.g. intelligence, command-and-control,
guided missiles), it has, from the early 1990s, developed a clear cyberwarfare military doctrine: to defeat the
enemy before even stepping into physical battle by establishing an advantage through information
16

dominance. This can be done by jamming or sabotaging the enemy's information systems to cause bad
judgements or actions, or by creating information blind spots that can be exploited. This would severely
reduce the operational effectiveness of items of equipment that depend heavily on computers and digital
data. The PLA calls this the "informationisation" of war (The Economist, 2012a). It believes that superiority
on the cyberwarfare front is a way to neutralise an otherwise superior enemy.
In terms of defence, China domestically places significant emphasis on the protection of military and
intelligence networks from cyber-attacks, including viruses. For reasons of national security, China is very
secretive about developments in cyberwarfare and their defences from it. There is very little in terms of
unclassified documents.
Because the most cutting-edge and technically advanced products are produced by companies mainly in
North America and Europe, China obtains a lot of IT hardware and software for military use illegally. In
November 2003, Gao Zhan, an ex-researcher at American University, pleaded guilty to exporting
microprocessors for flight control and guided weapons systems to China for their military. US government
permission was needed to export this. Also, in December 2003, Sun Microsystems was fined about
$300,000 for sending a powerful server to a Hong Kong based company in 1997, which was later used by
the PLA for military purposes.
The PLA is known to cooperate with the militaries of North Korea, Russia and Pakistan on cyberwarfarerelated issues and trades and exchanges military equipment with them, but increasingly seeks domestically
produced IT products. It has cyberwarfare training centres in Wuhan, Zhengzhou and Changsha which have
professors and experts in the field. Their curriculum includes computing theory, networks and
communication, cyberwarfare strategy, information gathering and analysis, protection of information
systems and virus attacks. Military exercises simulating cyberwarfare have been conducted by the PLA since
October 1997.
4.9.IRAN
Irans government claims that the country has the second-largest cyber army in the world. In terms of
government funding and human resources for research into IT, the military and defence sector gets priority.
It also collaborates with universities and other academic institutions for research and development of
military-related digital technology. For the past ten years, computing has been included in their Army
Officer training college course.
Because its academic facilities in IT are generally much weaker than those of western countries, Iran has
gained a significant amount of knowledge from its diaspora. In the early 1980s, many Iranians emigrated to
Europe and North America after the revolution to find jobs or escape political persecution. Many of them,
since then, became trained and skilled in engineering or computer science and returned to Iran to open
internet cafes or found other jobs in the technology sector. The military actively targets these skilled people
in its recruiting for cyberwarfare programmes.
Iran has strong technical cooperation links with Russia and India but also is hindered by sanctions, so like
North Korea and China, imports lots of hardware and software from America illegally where domestic firms
or firms in allied countries arent able to produce the equipment they need.
Iran was suspected to be the source of the Shamoon virus which crippled thousands of computers at Saudi
Arabia's Aramco and Qatari's RasGas oil companies in August 2012.
17
5. Cybercrime and cyber-terrorism

5.CYBERCRIME AND CYBERTERRORISM

In the same way as governments conduct cyberwarfare and cyber-espionage, computers and the internet
are also used by many organised criminal, and in many cases, specialist cyber-criminal organisations, like
Shadowcrew, Darkprofits and Carderplanet. It is very attractive to criminals as it is much safer than
conducting traditional violent or physical crime, like burglary, kidnapping or drug trafficking; it is also very
difficult to attribute internet users to real-life people if sufficient countermeasures are taken by criminals,
and it poses no physical danger or threat to the criminal, so long as they are able to maintain anonymity.
Attackers exploit the lack of international law enforcement against cybercriminals as prosecution of cybercriminals rarely takes place.
Specialist cyber-criminal groups actively recruit graduates and expert members of computer societies.
Sometimes, these targets do not know that a criminal group is behind their job offer. The American
government says that cybercrime services by highly-sophisticated criminals are available on the black
market for groups to use. Terrorist groups like Al-Qaeda are unlikely to have any sort of cyber-attack skills
to rival those of governments, however, the emergence of this market means that it can buy them, which is
very dangerous to society. Alternatively, they can also infiltrate cyberwarfare related projects, where a large
number of people needed, like the development of Stuxnet (mentioned later in this report).
Cybercriminals exploit several different tactics to facilitate their crime. Trojan horses are one of the most
popular methods; it is where malicious computer programs containing viruses are disguised as something
else on websites, for example, software updates (e.g. Flash player, Java) or document files. The viruses
themselves can take many forms: some scan the victims computer for sensitive information like financial
details and passwords and then send these back to the originator; some encrypt the victims computer and
demand a ransom for the password before wiping the hard drive, and some add the victims computer to a
botnet.
The use of email messages is also very popular for cyber criminals, with many containing malicious
attachments, malicious code in the text which exploits a security flaw on the device and links to phishing
websites, which trick users into giving up passwords to their online accounts or financial details. Out of the
hundreds of billions of emails sent each day, around 14% are malicious money-generating spam emails (The
Economist, 2010).
The USA is probably the country in the world which is most affected by cybercrime, because of its large
number of internet users, the relative wealth of Americans compared to the citizens of other countries and
the high dependence of the countrys citizens lives on the internet, like shopping, socialising and banking.
Around 98% of the software exploits used by malicious hackers are in American-made software, of which, a
large proportion of users are American. President Obama said that over $1 billion was lost in the US in
2009 due to cybercrime (The Economist, 2010).
5.1.KOOBFACE AND BOTNETS

Botnets are a collection of infected computers, known as bots. They have been infected with a virus which
allows the owner of the botnet, the botherder, to take control of the victims computer and carry out
automated tasks like sending malicious spam emails, solving CAPTCHAs to enable the creation of online
accounts, spreading malware, clicking on lots of internet advertisements to increase the revenues of the
18
5. Cybercrime and cyber-terrorism

website (known as click fraud) and performing DDoS attacks simultaneously with a large number of other
bots, amplifying the effect of the attack. Using automated botnets makes this sort of criminal activity much
more efficient and effective. It also protects the identities of the criminals as bots are used as
intermediaries. Botherders also commonly cooperate with each other to conduct their operations, often
using very complex command-and-control structures.
One of the most infamous cases of a botnet infection was the Koobface computer worm, which affected
many social networking platforms between 2009 and 2010, including Facebook, Bebo, Friendster, Hi5,
MySpace and Twitter. It worked by sending malicious links through these social networking sites as posts
by users or direct private messages, which redirected users to a fake YouTube page hosted on a
compromised server. Because of the familiarity of most social network users with YouTube, these pages
created false trust. When users attempted to watch YouTube videos, they were told to update their Flash
video player, but the download button installed malware instead, which added the victims computer to a
botnet. Successfully infected computers then used their users social network accounts to repost or resend
the links. Because these servers had website URLs which were easily identifiable by experienced internet
users as being illegitimate, URL shortening services like bit.ly or Google's goo.gl were used to cover these
up.
FIGURE 4: AN EXAMPLE OF A PRIVATE MESSAGE SENT BY KOOBFACE THROUGH FACEBOOK (UWANG, 2011)
Koobfaces operators earned over $2 million between June 2009 and June 2010 from the conducting of
illegal activities using these botnets. The Information Warfare Monitors investigative report on Koobface
(Villeneuve, 2010) concluded that the operators of Koobface were skilled experts as Koobface had lots of
technical countermeasures against being caught and against attempts to stop their activities.
19
6. Stuxnet
6.STUXNET
Stuxnet was an extremely complex computer virus which was first discovered in the middle of 2010 by
computer security experts in computer systems controlling power plants, traffic control systems and
factories around the world. Stuxnet was found to have spread to over 60,000 computers by the time it was
first discovered. It was seen by experts as the world's first cyber super-weapon because of its recognisable
function as a weapon made of computer code. Stuxnet was found to have had a vast array of abilities, like
turning up pressure in nuclear reactors and switching off oil pipelines, while simultaneously giving the
human operators or computer monitors information which suggests that nothing is wrong and everything is
operating normally (reality-blocking).
The BBCs report (2010c) about Stuxnet on 26th September 2010 said that a complex computer worm had
infected the personal computers of staff at Bushehr, Irans first nuclear power station, on the Persian Gulf
coast (Sagar, 2011). Chinese media also reported in September 2010 that Stuxnet had spread to China and
infected millions of computers there.
6.1.ACTIVITIES OF STUXNET
Stuxnet was designed to paralyse and sabotage the carbon rotor tubes and the connected centrifuges which
spun and enriched nuclear material (uranium hexafluoride) at Irans Natanz uranium enrichment facility; it
managed to shut down up to 1000 centrifuges there (roughly 20% of all of those in operation there). It was
initially found by The Langer Group to have targeted computerised control systems made by the German
firm, Siemens, which, as well as nuclear plants, are also used in controlling water supplies, oil rigs,
conventional power plants and other industrial facilities. After a few weeks of research about Stuxnet, it was
concluded that Stuxnet was in fact a specifically directed attack. It would only work if a certain program
code (the Natanz centrifuge control systems) was running on the target computer, but remained dormant
without this (Langer, 2011).
Stuxnet consisted of two different sized warheads of computer code. The larger one was an extremely
complex Windows dropper, which spread itself throughout as many computers as possible to reach the
designated targets. It exploited over 20 zero-day vulnerabilities, which are vulnerabilities in software that
their own creators are unaware of (in this case, Microsofts Windows operating system). They are found by
researchers (who look for them) or amateur hackers who may accidentally come across one. Most people
who find zero-days inform the software company of them so that they can repair the vulnerability and
publish it in the programs next update (known as patching). Zero-days can also be sold on the black
market to criminals for cyber-crime and can fetch up to $10,000; it can be assumed that the creators of
Stuxnet purchased some of these from the black market. All of the zero-days used in Stuxnet have since
been patched by the relevant software companies. The droppers role was to inject the second, smaller
warhead (the weapon part) into the centrifuges real-time controllers (the columns of grey boxes in figure
5) from the maintenance engineers laptop. The Dropper had a stolen digital security certificate from a
Realtek driver, which is a factor in why it was easily able to spread so quickly and easily.
20
6. Stuxnet
FIGURE 5: A SIEMENS SIMATIC INDUSTRIAL CONTROLLER, IDENTICAL TO THE ONES AFFECTED BY

STUXNET (ULLI1105, 2007)
The Langer Groups research also found that Stuxnet was very professionally coded and engineered and so
was obviously done by very skilled and experienced people who had insider information and high quality
knowledge and intelligence about the targeted centrifuges. The smaller warhead was found to be even more
technically complex than the dropper. Ralph Langer (2011), the co-founder of the Langer Group, said in a
presentation that it was way above everything that we have ever seen before." It contained 15,000 lines of
code in programming language similar to assembly language (a low-level language that is very similar to
what hardware understands directly) and was fully autonomous, meaning that it could operate totally
independently without any form of input control.
The smaller warhead, which was injected into dozens of centrifuge controllers, was programmed to target
the black carbon-fibre rotor tubes linked to each centrifuge (highlighted in figure 6). By manipulating the
drive-speeds of these rotors, for example, rotating at the fundamental frequency of the carbon tubes,
Stuxnet was able to crack them and eventually make them explode. This was done very slowly and subtly to
confuse engineers. Another part of the warhead manipulated valves in order to change gas pressures inside
centrifuges to cause further problems.
21
6. Stuxnet
FIGURE 6: A CARBON FIBRE ROTOR TUBE (BROAD, 2008)
Another feature of Stuxnet, which has already been mentioned, was a reality-blocker that tricked engineers
into believing that everything was okay, while centrifuges were being attacked. Stuxnet did this by
intercepting input values from all the sensors, for example, temperature gauges, pressure gauges and
vibration monitors, and then giving the monitoring and controlling computer programs fake pre-recorded
data. As well as deceiving human engineers, this also meant that digital safety systems received incorrect
data and wouldnt detect any problems. Pressure relief valves, failed to open under dangerously high
pressures when they should have opened in fractions of a second after detecting an unusually high pressure.
Stuxnet had been preceded in Iran by the Duqu and Flame viruses, both used to spy on Iranian scientists
and officials. Flame was discovered to have sent screenshots and audio recordings of secret email exchanges
and sensitive conversations to its creators. Duqu was a reconnaissance virus and was used to find out
vulnerabilities and other information useful for attacking the targeted industrial systems. There were strong
similarities between the program code of these two viruses and Stuxnet, so may have been written by the
same group of people.
6.2.THE SOURCE OF STUXNET

No party has, to date, openly admitted to being involved in the creation of Stuxnet, however, experts on the
topic, including Ralph Langer, have said that its complexity means it could only have been created by a
nation state (Sagar, 2011; Langer, 2011), namely the United States of America. Langer, The Economist
(2012a) and Pascal Mallet (2010) in an article on Phys.org, have also suggested that the Mossad, Israels
intelligence agency, collaborated with the CIA to produce it. Langer said that the US was the worlds sole
cyber-superpower at the time, and therefore the only country capable of this. This speculation is supported
by the fact that at the time of the attacks, the total destruction of the Israeli state was the foreign policy of
Iran; therefore, Israel saw Irans nuclear programme as a major and significant national threat (the US is a
close ally of Israel). Moreover, a leaked diplomatic cable from Wikileaks showed that Sunni Muslim
countries near Iran, especially Saudi Arabia, wanted the US to stop Iran from becoming nuclear (Wikileaks,
2010). Stuxnet was visibly intended to disrupt Iran's amassing of highly enriched uranium, the essential
ingredient of a nuclear weapon's warhead, and so the ultimate objective of Stuxnet was to prevent Iran from
creating and possessing any nuclear weapons.
David E. Sangers controversial book, Confront and Conceal (2013), claimed that, using information given
by sources within the White House, Stuxnet was a covert Israeli-American joint operation which both
President Bush and President Obama approved of. It also claimed that Stuxnet was part of an ongoing
project by America to utilise cyber weapons against Iran.
22
6. Stuxnet
If the speculation about Stuxnet being an American creation is correct, it shows that the West used
cyberwarfare, either instead of, or in conjunction with economic sanctions, to undermine Irans alleged
ambitions of possessing a nuclear weapon.
6.3.WHY IS STUXNET SO DANGEROUS?

Because Stuxnet attacks Siemens Simatic controllers, it would work in a very large number of
infrastructure facilities, most of which are in North America, Europe and Japan. The way it spread so
quickly showed that such viruses don't need to be physically put onto specific computers using memory
sticks or other physical media, it just needs to be put onto the internet be spread very widely. Another
reason Stuxnet in particular has so much potential danger is that its code is freely available online and free
for anyone to tamper with, use and redesign for whatever purpose they desire.
If a virus similar to Stuxnet was used in an armed conflict in concurrence with a traditional bombing
campaign, a mass "cyber blitz" could enhance the destruction through leaving many people without
electricity, communication, gas or even water. Irans government said after Stuxnets attack on Natanz that
it was afraid to switch on Bushehr, as it had also been infected with Stuxnet and switching it on could lead
to a national electricity blackout. It responded to the Stuxnet attack by asking hackers to help fight back
against the US and the West (Australian Broadcasting Corporation, 2011).
23
7. Potential damage to social infrastructure

7.POTENTIAL DAMAGE TO SOCIAL

INFRASTRUCTURE
Whilst cyberwarfare is used by the governments to achieve intelligence or political objectives, it can also be
used to deliberately cause damage and chaos by taking control of social infrastructure, which Stuxnet is able
to partially do. Siemens Simatic controllers are an example of SCADA (Supervisory Control and Data
Acquisition) systems. They control critical infrastructure facilities like power grids, water systems and gas
pipelines and are very attractive targets to hostile terrorists. The UK is less susceptible than many other
countries to attacks on these systems because its water supplies, power stations and electrical substations
are completely disconnected and independent from the internet and so are subject to a much lower risk of
being subject to a cyber-attack. In contrast, the United States, because of its large area and remoteness of
some of its infrastructure, has a higher dependence on SCADA systems which are linked to the public
internet, since they make facilities cheaper to maintain as they can be controlled remotely.
The Economist newspaper (2012a) suggested in an article in 2012 that the threat by cyber-attack on
physical assets like sewerage, power-grids and transport systems are actually not as vulnerable as is widely
suggested.
7.1.AUSTRALIAN SEWAGE SPILLAGE INCIDENT

In 2000, a man named Vitek Boden hacked into a waste management computer control system in
Maroochy Shire, Queensland, after the council rejected his job application. He used his experience of
working for the company which installed the system to spill millions of litres of raw sewage, which went into
parks, rivers and the grounds of a hotel. It killed marine life and caused a strong unbearable smell for
residents for many weeks.
7.2.TRANSPORT INFRASTRUCTURE
On 5th and 10th June 2014, 13 commercial airliners flying over central European airspace disappeared from
air traffic controllers screens in Germany, Austria, the Czech Republic and Slovakia for up to 25 minutes
each. It later emerged that these disappearances had been caused by military activities, suggested by press
reports to have been conducted by NATO (Reuters 2014b; Truthloader, 2014b). Whilst officials claimed that
there was never any threat or danger posed by this particular incident, the trouble this could have caused
shows the potential damage such capabilities could cause. The loss of ATC in a country would ground all
flights and close its airspace, leading to major economic disruption due to the lack of transport for people
(commuting, tourism) and goods into, out of and across the country. It could even cause the catastrophic
loss of multiple passenger aircraft. ATC systems are, very difficult to hijack in a cyber-attack because of the
fact that most of the computers used are locally connected to a network within an airport or ATC centre.
That doesnt, however, mean that ATC computers are not susceptible to sabotage by adversaries using
computer viruses that have been somehow planted on these computers.
Many rail networks around the world use computerised systems to control signals and points; there is a
potential for these to be hacked, although very few of them are linked to the public internet. Most digital
matrix road signs in the UK are controlled using remote computer systems, like SCADA systems.
24
7. Potential damage to social infrastructure

7.3.ENERGY-RELATED INFRASTRUCTURE
During the 20th century, a lot of attention during warfare has been on attacking and destroying parts of the
electrical grid infrastructure, like pylons, power plants and substations through guerrilla tactics or military
airstrikes. However, in the future, cyber-attacks have the potential to achieve this at very low cost and from
long range; they also have the ability to blow up oil refineries and overload power grids. In the Aurora tests,
run by the Idaho National Laboratory in 2007, researchers exploited remote IP access to send commands to
electrical generators so that they would damage or destroy themselves by changing their operating cycle.
They shook rapidly before smoking, then stopping (CSIS, 2010). This was a controlled simulation of a
cyber-attack on an energy facility.
FIGURE 7: A STILL SHOT FROM A VIDEO OF THE AURORA TEST (ZETTER, 2007)
7.4.FINANCIAL SECTOR
Stock exchanges, bank clearing systems and payrolls in many, especially economically developed countries
are heavily connected to the internet. Compromise of these systems could cause widespread economic
damage on a huge scale, however, they are heavily encrypted and banks and financial institutions place a lot
of focus into making sure these systems are secure. In the US, an organisation called FS-ISAC was set up in
1999 to facilitate the sharing of information between banks to protect their critical computer systems from
cyber-attacks. In 2014, about 20 banks and financial institutions in the UK were subjected to a cyberwarfare
simulation overseen by the Bank of England. This was to test their anti-hacking systems and to find out
whether the IT networks of these banks were sufficiently secure.
25
8. Political issues regarding cyberwarfare

8.POLITICAL ISSUES REGARDING

CYBERWARFARE
8.1.INDUSTRIAL CYBER-PROTECTION
While most governments in developed countries support businesses with cyber-security, it is sometimes
difficult to share information with them, as sensitive information, which on the one hand, could be used to
better defend computer networks and data centres, could also easily be leaked by employees of the firms to
adversaries and therefore compromise national security. Additionally, some techniques that make
companies more technically secure might cause perceived intrusion by the government, for example,
monitoring emails to make sure all employees are following security procedures. It could also be argued
that less trustworthy governments could secretly use industrial intelligence obtained for their own, covert
offensive purposes (The Economist, 2012a).
While cyber-protection legislation may sometimes be appropriate in order to protect the interests of the
country overall, it forces a large financial burden on businesses because in many cases, cyber-security bears
a high cost due to the high level of competition in the labour market for the most skilled computer
technicians and the high cost of software licences. The Republican Party in the United States warned in
2012 that cyber-legislation could unnecessarily become an excessive regulatory burden on industry (The
Economist, 2012a).
8.2.GOVERNMENT PUBLICITY
In the years before this report was written, cyberwarfare had a semi-secret status by western governments,
who were reluctant to publish information about it. More information is currently emerging, so in the near
future, cyberwarfare is likely to become less secretive and more public. Because of the quick rate of
technological development relating to cyberwarfare, policy relating to it is becoming a higher priority for
government discussion in many countries, and there is increasing public pressure for decisive policy in this
area. However, governments may risk a worldwide cyber-arms race if they are too open about what they are
doing and developing.
8.3.LEGAL ISSUES REGARDING CYBERESPIONAGE AND CYBERWARFARE

Cyber espionage is a more attractive method of espionage because it carries much less risk than traditional
methods; human spies smuggling paper or other physical documents out of a country risk capture,
execution or even torture, possibly leading to the loss of very sensitive information to enemies. Cyber
espionage is also difficult to attribute, so officials of countries who have been victims of cyber espionage are
reluctant to make allegations. It is diplomatically very bad to retaliate or speak out against the wrong
organisation or entity. This is often an advantage to the transgressor.
If the identity of the aggressor has been proven however, it is still very difficult for governments to calculate
their response or retaliation to a cyber-attack. Because of the ambiguous status of cyber espionage, it is
difficult to decide what is legal and what is not. While espionage itself is not an act of war or military
26
8. Political issues regarding cyberwarfare

engagement (and never has been), the line between the two is more blurred in cyberspace because
espionage, in many cases, involves some form of cyber-attack. It is therefore difficult to decide, firstly, on
the threshold on a cyber-attack needed to trigger an offensive response and secondly, the type of response
appropriate. For instance, physical violence would probably be seen as disproportionate force, but a trade
war involving sanctions would be mutually damaging to both parties. Also, cyber-attack retaliations on
infrastructure are problematic in the calculation of their effects whether they would cause any physical
injuries or fatalities. At the time of writing this report, cyber-attacks are yet to cause a single human injury.
It is a widely held view that they dont have the potential to be lethal and therefore will never be a form of
war in itself. Martin Libicki of RAND Corporation, a global policy think tank, suggests that cyberwarfare
doesn't directly harm people or destroy equipment, but only "temporarily confuses and frustrates". It only
plays a support function to other forms of warfare (The Economist, 2012a). This is a view argued by Thomas
Rid, in a debate on The Economists website (2013a); he concluded that the threat of cyberwarfare is
overrated. Conversely, in the same debate, the Chief Security Officer of Mandiant, Richard Bejtlich, said
that cyberwarfare can lead to physical destruction and so it does constitute a form of war. He argues that
Stuxnets effects on Natanz could have been worse (Stuxnet only destroyed 10-20% of centrifuges there and
delayed uranium enrichment for a few months before the vulnerabilities were quickly repaired).
Professor Wolff von Heinegg, the former Stockton Professor of International Law at the United States Naval
War College said the following about Stuxnet
"If it was fed into the system by a state and was done for military purposes, that would amount
to a use of force, that under international law, would only be allowed if it was done in self-defence,
or it had some other legal justification." (Truthloader, 2013c):
He concluded that Stuxnet was not an armed attack and so couldnt have triggered Iran's right of selfdefence.
There are currently no internationally agreed explicit rules of engagement in cyberspace (like the Geneva
Convention) and whether it is acceptable to use a physical military response to a cyber-based provocation is
a legally vague.
If attribution capabilities are improved, as they may do in the future, all cyber espionage and cyber-attack
capabilities would become a much higher risk to the aggressor, because they can be located, identified and
held accountable. Getting caught is actually a huge deterrence to states partaking in cyber espionage. It will,
however, be very difficult as they can originate from literally anywhere in the world with an internet
connection, and governments can do their work through proxy groups in foreign countries. On the other
hand, the improvement of attribution will not discourage terrorist groups who do not care if they are
identified. As technology evolves with time, it may be the case that there is no net effect on the ability to
attribute cyber-attacks. Advances will almost certainly affect both sides as technology improves the ability
to attribute, so will it improve the ability to evade attribution, effectively causing a stalemate.
27
9. Concluding points
9.CONCLUDING POINTS
9.1.1.THE FUTURE USE OF COMPUTING TECHNOLOGY IN WAR
Since the First Gulf War in 1990, the importance of integrating computer systems with conventional
equipment and structures has become very apparent. The US-led coalition, with technological supremacy
including micro-technology and advanced computer processors, had a very significant advantage over Iraq,
exemplified by the fact that their jets could outwit air defences, their armoured vehicles could accurately
navigate across the dessert at night and their missile systems had a 90% hit probability on longer range
targets. In the Balkan War of 1999, the 2001 Operation Enduring Freedom in Afghanistan and the 2003
Iraqi Invasion (Operation Iraqi Freedom), the Americans and their allies also used computers to help
conduct large-scale precision-guided missile and bombing strikes. Based on this, it may be expected that
cyberwarfare capabilities may become as important as air superiority has been since beginning of the
Second World War it cannot win a war alone, but it is almost impossible to win if other side has it (The
Economist, 2012a).
As more and more militaries become progressively more dependent on cyber technologies, their computer
systems and networks will become more attractive as targets. Future wars between technologically
advanced militaries will almost certainly have a cyberwar aspect, because dominance here can be used to
gain significant advantages on the battlefield.
Cyberwarfare will significantly change character of war remote-controlled and autonomous robot devices
and drones will have a much larger involvement than they do at the moment, and the emergence and
subsequent importance of the role of a computer hacker will become more and more defined.
My view is that the development and emergence of computer programs as weapons in themselves, is
comparable in terms of magnitude, and maybe even significance, to the creation and development of
nuclear weapons in the mid- 20th Century. Unlike nuclear weapons, cyber-attacks do not carry the
characteristic of (probable) mutually assured destruction (MAD), and so its use carries much less risk to
humanity in general. Maybe the biggest difference between the two is accessibility. The fact that currently, a
teenager in a bedroom with a supermarket laptop could, in theory, literally wipe a large companys presence
off the internet, puts this into perspective.
9.1.2.THE FUTURE OF CYBERWARFARE

Cyberwarfare is currently in its earlier stages of development, but is emerging quickly. Increasingly,
militaries with more focused and decisive policy from their governments will develop cyberwarfare
capabilities, meaning its destructive capabilities will almost certainly become much stronger in the future.
Also, as more people around the world become connected to the internet and computing education becomes
more prominent, more and more people are understanding the principles of computer programming; being
able to program is no longer an exclusive skill known by very few. People in countries around the whole
world, economically developing and developed, are becoming, overall, more IT-literate and are able to use
computers in more advanced ways. Cyberwarfare could become a military practice much more accessible
than conventional firearms shooting, as information about it is freely available online and a large
proportion of the forms of cyberwarfare require no specialist equipment (unlike guns and artillery). This
will mean that militaries will be able to recruit more people who are better skilled, making the whole
domain of cyberwarfare more effective, and subsequently, destructive.
Regarding the potential destructive ability of cyberwarfare tactics on social infrastructure and the
disruption to civilian life in attacked countries, I not only disagree with Rid and Libicki (The Economist,
28
2013a), but in fact believe that the increasing sophistication of such tactics and its potential impact are
massively underestimated. It is true that now, most infrastructure is not connected to the internet and so
has a low-to-non-existent vulnerability to cyber-attacks, however, internet-connected SCADA systems
allowing remote operation will most become much more widely, because of their ability to improve
efficiency, their ability to cut costs, and their improved convenience.
9.1.3.INFORMATION WARFARE
Now, the most visible use of cyberwarfare tactics is through information warfare. While computers and the
internet will almost undoubtedly support the creation and spread of propaganda, they will simultaneously
work against censorship in the future. The advancement of technology will make the structures in place to
bypass censorship much more accessible (in terms of availability and ease of use) to the population and
also, more effective. This will be dangerous to governments, like Chinas, who heavily use internet
censorship. As people become more and more informed by previously censored information which may
directly contradict official facts, they will become more and more angry and rebellious, increasing the
potential for civil unrest and anti-government sentiment and physical action.
The internet will make the world more open, informed and connected. This will allow the general public to
find out more sides of a conflict than they otherwise could through mainstream media, creating public
opinion that is more informed, more balanced and less polarised. The armed conflict between Hamas and
Israel in mid-2014 showed the importance of the internet in influencing public opinion, as supporters of
both sides took to Facebook and Twitter to present their side of and views about the story, and the
information that was widely distributed online presented a much more balanced picture of the conflict that
mainstream news outlets like the BBC, CNN and the Guardian.
FIGURE 8: TWEETS BY THREE TWITTER USERS ABOUT THE ISRAEL-HAMAS WAR IN 2014
29
9.2.CONCLUSION
Because of the rising potential of cyberwarfare, governments should do much more to defend against cyberattacks and increase awareness about them. Doing this through legislation may have a detrimental effect on
the economy by slowing down research and development, but it is certainly, in my opinion, needed for the
greater good, though negative effects of this could be offset through tax breaks or government grants. The
government should encourage software engineering firms to do this as well, if their software has a stake in
national security; training and financial funding could be arranged by the government to help them do this.
We, in the UK, like many other similarly developed and connected countries, widely use networked
computers for official, personal and commercial communications, monetary transactions and data and
information transfer. Our increased reliance on computer technology is inevitable and probably
unstoppable.
With current systems, large-scale cyber-attacks by terrorists that cripple an entire country through blocking
road networks, crashing planes, frying power grids and blowing up oil refineries and nuclear power plants
are still the stuff of fiction books and Hollywood, but in the not-too-distant future, our reliance on
technology, in the technologically developed world at least, will dramatically increase, causing our
vulnerability to such attacks to increase with it. The ability of cyber-attacks to cause total chaos within a
whole country may no longer be an imagined fictional threat, even as soon as within a decade from now.
Right now, cyberwarfare does not pose much of a threat to people in general. Its effectiveness at
undermining world security is also currently quite limited. Computing and other digital technology will
advance quickly in the future, following the strong trend that almost all kinds of technology have followed
throughout human history. Unfortunately, this technological advancement that, on the one hand, improves
humans overall quality of life through convenience, reduction of physical labour and assistance in medical
and scientific breakthroughs, will also be the thing which will cause cyberwarfare to not only be a real threat
to us in the future, but a very severe one indeed.
30
10. Reference List

10.REFERENCE LIST
Please note that citations in the text referring to BBC and CSIS, are abbreviations for British
Broadcasting Corporation and Center for Strategic and International Studies respectively, and are
hence referenced as such below.
AI, W., 2012. China's censorship can never defeat the internet [Online]. Available at
http://www.theguardian.com/commentisfree/libertycentral/2012/apr/16/china-censorship-internet-freedom
[Accessed 13 March 2014].
ASSOCIATION OF OLD CROWS, n.d. Electronic Warfare: The changing face of combat [Online]. Available at:
http://www.myaoc.org/EWEB/images/aoc_library/Government_Affairs/AOC%20report.pdf [Accessed 13 March
2014].
AUSTRALIAN BROADCASTING CORPORATION. 2011. Stuxnet (HUNGRY BEAST). [Online]. [Accessed 10 February
2014]. Available from: http://www.youtube.com/watch?v=7g0pi4J8auQ
BILLO, C. G. & CHANG, W., 2004. Cyber Warfare: an analysis of the means and motivations of selected nation states,
Hanover, NH, USA: Dartmouth College.
BROAD, W. J., 2008. A Tantalizing Look at Irans Nuclear Program [Online]. Available at:
http://www.nytimes.com/2008/04/29/science/29nuke.html [Accessed 24 September 2014].
BRITISH BROADCASTING CORPORATION (BBC), 2010c. Stuxnet worm hits Iran nuclear plant staff computers
[Online]. Available at: http://www.bbc.co.uk/news/world-middle-east-11414483 [Accessed 18 March 2014].
BRITISH BROADCASTING CORPORATION (BBC), 2012. UK spy agencies urged to wage war on cyber enemies
[Online]. Available at: http://www.bbc.co.uk/news/uk-18867643 [Accessed 18 March 2014].
BRITISH BROADCASTING CORPORATION (BBC), 2013a. China military unit 'behind prolific hacking' [Online].
Available at: http://www.bbc.co.uk/news/world-asia-china-21502088 [Accessed 19 March 2014].
BRITISH BROADCASTING CORPORATION (BBC), 2013b. Q&A: UK filters on legal pornography [Online]. Available
at: http://www.bbc.co.uk/news/technology-23403068 [Accessed 19 March 2014].
BRITISH BROADCASTING CORPORATION (BBC), 2014. How Isis is spreading its message online [Online]. Available
at: http://www.bbc.co.uk/news/world-middle-east-27912569 [Accessed 28 June 2014].
BUZZLE, 2012. Q&A: Internet Facts and Statistics [Online]. Available at: http://www.buzzle.com/articles/internetfacts-internet-statistics.html [Accessed 19 March 2014].
CENTER FOR STRATEGIC AND INTERNATIONAL STUDIES (CSIS), 2010. The Electrical Grid as a Target for Cyber
Attack [Online]. http://csis.org/files/publication/100322_ElectricalGridAsATargetforCyberAttack.pdf [Accessed 28
February 2014].
CRYSTAL, D., 2005. 'Cyberintelligence' in The Crystal Reference Encyclopedia. West Chiltington: Crystal Semantics.
[Accessed 22 February 2014 from Credo Reference]
DANCHEV, D., 2008. Coordinated Russia vs Georgia cyber attack in progress [Online]. Available at:
http://www.zdnet.com/blog/security/coordinated-russia-vs-georgia-cyber-attack-in-progress/1670 [Accessed 18
March 2014].
DEUTSCHE WELLE, 2014. Jihad Made in Kosovo[Online]. Available at: http://www.dw.de/jihad-made-inkosovo/a-17874069 [Accessed 1 September 2014].
31
10. Reference List

FOSTER, P., 2013. 'Bogus' AP tweet about explosion at the White House wipes billions off US markets [Online].
Available at: http://www.telegraph.co.uk/finance/markets/10013768/Bogus-AP-tweet-about-explosion-at-the-WhiteHouse-wipes-billions-off-US-markets.html [Accessed 24 September 2014].
GARDHAM, D., 2011. MI6 attacks al-Qaeda in Operation Cupcake [Online]. Available at:
http://www.telegraph.co.uk/news/uknews/terrorism-in-the-uk/8553366/MI6-attacks-al-Qaeda-in-OperationCupcake.html [Accessed 13 March 2014].
GOOGLE VIDEOS. 2012. Observations in mainland China (English) [Online]. [Accessed 3 February 2014]. Available
from: http://www.youtube.com/watch?v=u2GHyVPoVms
INFORMATION WARFARE MONITOR & SHADOWSERVER FOUNDATION, 2010. Shadows In The Cloud:
Investigating Cyber Espionage 2.0 [Online] Available at: http://www.infowar-monitor.net/research [Accessed 4 April
2014].
JOHNSTON, P., 2013. The Internet, Social Media and Propaganda: The Final Frontier? [Online]. Available at:
http://britishlibrary.typepad.co.uk/socialscience/2013/08/the-internet-social-media-and-propaganda-the-finalfrontier.html [Accessed 28 June 2014].
TED - LANGER,R. 2011. Ralph Langner: Cracking Stuxnet, a 21st-century cyber weapon. [Online]. [Accessed 13 March
2014]. Available from: http://www.youtube.com/watch?v=CS01Hmjv1pQ
LINTNER, B., 2007. North Korea's IT revolution [Online]. Available at:
http://atimes.com/atimes/Korea/ID24Dg01.html [Accessed 1 March 2014].
MALLET, P., 2010. Stuxnet worm brings cyber warfare out of virtual world [Online]. Available at:
http://phys.org/news205132978.html [Accessed 18 March 2014].
MILLER, B. & DE LIA, P. J., 2006. 'Electronic Warfare' in Mcgraw-Hill Concise Encyclopedia of Science and
Technology. New York: McGraw-Hill. [Accessed 22 February 2014 from Credo Reference]
OPEN RIGHTS GROUP, 2014. Censorship [Online]. Available at:
https://www.openrightsgroup.org/issues/censorship [Accessed 15 March 2014].
RASHID, F. Y., 2013. U.S. Funds Projects to Bypass Internet Censorship, Government Control [Online]. Available at
http://www.eweek.com/c/a/Cloud-Computing/US-Funds-Projects-to-Bypass-Internet-Censorship-GovernmentControl-737141 [Accessed 10 February 2014].
REUTERS, 2014a. Chinese hackers repeatedly attacked U.S. computers of firms involved in movement of American
troops and equipment, Senate probe reveals [Online]. Available at: http://www.dailymail.co.uk/news/article2759753/Chinese-hacked-U-S-military-contractors-Senate-probe-finds.html [Accessed 24 September 2014].
REUTERS, 2014b. Jets vanishing from Europe radar linked to war games [Online]. Available at:
http://uk.reuters.com/article/2014/06/13/uk-europe-airplanes-safety-idUKKBN0EO1CO20140613 [Accessed 1 July
2014].
SAGAR, D., 2011. 'Iran' in D.S. Lewis & Wendy Slater (eds), The 2011 annual register: World events 2010, Ann Arbor,
USA: ProQuest. [Accessed 22 February 2014 from Credo Reference]
SANGER, D. E., 2013. Confront and Conceal: Obama's Secret Wars and Surprising Use of American Power. New York
City, NY, USA: Crown
SHANE, S., 2012. Cyberwarfare Emerges From Shadows for Public Discussion by U.S. Officials [Online]. Available at:
http://www.nytimes.com/2012/09/27/us/us-officials-opening-up-on-cyberwarfare.html [Accessed 30 June 2014].
THE ECONOMIST, 2007. Weird but wired. The Economist, 3 February.
THE ECONOMIST, 2010. War in the fifth domain [Online]. Available at: http://www.economist.com/node/16478792
[Accessed 10 February 2014].
32
10. Reference List

THE ECONOMIST, 2012a. Hype and fear. The Economist, 8 December.

THE ECONOMIST, 2013a. Economist Debates: Is the risk of cyber-warfare overrated? [Online]. Available at:
http://www.economist.com/debate/debates/overview/256 [Accessed 10 February 2014].
THE ECONOMIST, 2013c. The art of concealment [Online]. Available at: http://www.economist.com/news/specialreport/21574631-chinese-screening-online-material-abroad-becoming-ever-more-sophisticated [Accessed 10
February 2014].
THE ECONOMIST, 2014. Web Conspiracies. The Economist, 15 February.p.28
THE WASHINGTON POST, 2012. What is Americas cyberwar policy? [Online]. Available at:
http://www.washingtonpost.com/opinions/what-is-americas-cyberwar-policy/2012/06/16/gJQAkxgnhV_story.html
[Accessed 30 June 2014].
TRUTHLOADER. 2013a. Syria's Internet blackout and the propaganda war. [Online]. [Accessed 19 March 2014].
Available from: http://www.youtube.com/watch?v=MCQZIS3qVOg
TRUTHLOADER. 2013b. Is the UK porn filter a wider plan for internet censorship? Live debate highlights. [Online].
[Accessed 19 March 2014]. Available from: http://www.youtube.com/watch?v=KZ-Tuhmrxpc
TRUTHLOADER. 2013c. Are cyber attacks the future of warfare? Truthloader LIVE debate. [Online]. [Accessed 19
March 2014]. Available from: https://www.youtube.com/watch?v=T9gc_6zb10s
TRUTHLOADER. 2014b. Planes vanish over Europe, Tony Blair on Iraq, and Anonymous hack World Cup. [Online].
[Accessed 30 June 2014]. Available from: https://www.youtube.com/watch?v=ynir6Nj_HpE
TRUTHLOADER. 2014c. Censorship Fact Hunt #13. [Online]. [Accessed 1 July 2014]. Available from:
https://www.youtube.com/watch?v=8ZT1aC9ZzFA
TRUTHLOADER. 2014d. Tim Berners-Lee's bill of rights - Will it actually happen? [Online]. [Accessed 19 March
2014]. Available from: http://www.youtube.com/watch?v=oPqVqjfVM68
ULLI1105. 2007. Siemens Simatic S7-300. [Online]. [Accessed 17 September, 2014]. Available from:
http://commons.wikimedia.org/wiki/File:S7300.JPG
UWANG, 2011. New Koobface Campaign Spreading on Facebook [Online]. Available at:
http://community.websense.com/blogs/securitylabs/archive/2011/01/14/new-koobface-campaign-spreading-onfacebook.aspx [Accessed 24 September 2014].
VILLENEUVE, N., 2010. Koobface: Inside a Crimeware netwok [Online] Available at: http://www.infowarmonitor.net/reports/iwm-koobface.pdf [Accessed 4 April 2014].
WIKILEAKS, 2010. 08RIYADH649, SAUDI KING ABDULLAH AND SENIOR PRINCES ON SAUDI [Online].
Available at: https://wikileaks.org/cable/2008/04/08RIYADH649.html [Accessed 24 March 2014].
WITHER, J., 2008. "Warfare, Trends in" in Lester R. Kurtz, Encyclopedia of violence, peace and conflict, Elsevier
Science & Technology, Oxford, United Kingdom. [Accessed 22 February 2014 from Credo Reference]
ZETTER, K., 2007. Simulated Cyberattack Shows Hackers Blasting Away at the Power Grid [Online]. Available from:
http://www.wired.com/2007/09/simulated-cyber [Accessed 25 September 2014].
33
11. Bibliography
11.BIBLIOGRAPHY
AHMED, A., 2014. Cyber Warfare and Information Security for India [Online]. Available at:
http://strategicstudyindia.blogspot.co.uk/2014/02/cyber-warfare-and-information-security.html [Accessed 15 March
2014].
BALL, J., 2013. NSA monitored calls of 35 world leaders after US official handed over contacts [Online]. Available
from: http://www.theguardian.com/world/2013/oct/24/nsa-surveillance-world-leaders-calls [Accessed 26 February
2014].
BAY, A., 2009. Cyber Warfare: The Gray Zone Narrows [Online]. Available at:
http://www.creators.com/conservative/austin-bay/cyber-warfare-the-gray-zone-narrows.html [Accessed 30 June
2014].
BLANE, J. V., 2001. Cyberwarfare: Terror at a Click. Hauppauge, NY, USA: Nova Science.
BRITISH BROADCASTING CORPORATION (BBC), 2010a. BBC - History - Alan Turing [Online]. Available at:
http://www.bbc.co.uk/history/people/alan_turing [Accessed 18 March 2014].
BRITISH BROADCASTING CORPORATION (BBC), 2010b. Sampling North Korea's version of the internet [Online].
Available at: http://news.bbc.co.uk/1/hi/programmes/newsnight/8711951.stm [Accessed 28 June 2014].
CORNWELL, R., 2014. US declares cyber war on China: Chinese military hackers charged with trying to steal secrets
from companies including nuclear energy firm [Online]. Available at: http://www.independent.co.uk/lifestyle/gadgets-and-tech/us-charges-chinese-military-hackers-with-cyber-espionage-bid-to-gain-advantage-in-nuclearpower-metals-and-solar-product-industries-9397661.html [Accessed 29 June 2014].
DELIO, M., 2001. Hello 911, I've Got a Virus [Online]. Available at:
http://archive.wired.com/gadgets/wireless/news/2001/06/44545 [Accessed 29 March 2014].
DICKSON, J., 2014. Me and my job. SC Magazine, 2 January.p. 15.
FITZSIMMONS, E. G., 2013. Alan Turing, Enigma Code-Breaker and Computer Pioneer, Wins Royal Pardon [Online].
Available at: http://www.nytimes.com/2013/12/24/world/europe/alan-turing-enigma-code-breaker-and-computerpioneer-wins-royal-pardon.html [Accessed 18 March 2014].
GREENBERG, A., 2012. The Tor Project's New Tool Aims To Map Out Internet Censorship [Online]. Available at
http://www.forbes.com/sites/andygreenberg/2012/04/30/the-tor-projects-new-tool-aims-to-map-out-internetcensorship [Accessed 10 February 2014].
HIRSCH, E. D., et al., 2002. 'Denial-of-service Attack' in The New Dictionary of Cultural Literacy. Boston, MA, USA:
Houghton Mifflin Harcourt. [Accessed 22 February 2014 from Credo Reference]
HORTEN, M., 2014. UK ISPs & music industry broker 4-strikes copyright anti-piracy deal [Online]. Available at:
http://www.iptegrity.com/index.php/digital-britain/964-uk-isps-a-music-industry-broker-4-strikes-copyright-antipiracy-deal [Accessed 16 May 2014].
IMPERVA, 2012. The Anatomy of an Anonymous Attack [Online]. Available at:
http://www.imperva.com/docs/HII_The_Anatomy_of_an_Anonymous_Attack.pdf [Accessed 13 March 2014].
INTERNATIONAL BUSINESS TIMES, 2014. Cyber Warfare Simulation Launched by UK Banks and Financials
[Online]. Available at: http://www.ibtimes.co.uk/cyber-warfare-simulation-launched-by-uk-banks-financials144.5516 [Accessed 30 June 2014].
34
11. Bibliography
KARHULA, P., 2012. What is the effect of WikiLeaks for Freedom of Information? [Online]. Available at:
http://www.ifla.org/publications/what-is-the-effect-of-wikileaks-for-freedom-of-information [Accessed 15 March
2014]
KOPP, C., 2006. Desert Storm - The Electronic Battle [Online]. Available at: http://www.sci.fi/~fta/storm-01.htm
[Accessed 4 April 2014].
LT CDR WESTWOOD USN, J. T., n.d. Electronic Warfare and Signals Intelligence at the Outset of World War I
[Online]. Available at: http://www.nsa.gov/public_info/_files/cryptologic_spectrum/electronic_warfare.pdf
NATO COOPERATIVE CYBER DEFENCE CENTRE OF EXCELLENCE (CCDCOE), n.d. [Online]. Available at:
http://www.ccdcoe.org [Accessed 1 July 2014].
NATO, 2014. NATO and cyber defence [Online]. Available at: http://www.nato.int/cps/en/natolive/topics_78170.htm
[Accessed 1 July 2014].
NEW STATESMAN, 2013. The UK is right to build up its cyber-defences [Online]. Available at:
http://www.newstatesman.com/business/2013/10/uk-right-build-its-cyber-defences [Accessed 10 February 2014].
OFFICE OF THE NATIONAL COUNTERINETLLIGENCE EXECUTIVE (NCIX), 2011. Cybersecurity [Online].
Available at: http://www.ncix.gov/issues/cyber/index.php [Accessed 13 March 2014].
OPEN RIGHTS GROUP, 2012. Internet Censorship and Child Protection [Online]. Available at:
https://www.openrightsgroup.org/ourwork/reports/internet-censorship-and-child-protection [Accessed 15 March
2014].
OPENMEDIA, 2013. Leaked documents reveal extreme Internet censorship plan in the Trans-Pacific Partnership
(TPP) - Internet users around the globe outraged [Online]. Available at: https://openmedia.org/news/leakeddocuments-reveal-extreme-internet-censorship-plan-trans-pacific-partnership-tpp-internet [Accessed 15 March
2014].
OPENNET INITIATIVE, 2007. About Filtering [Online]. Available at: https://opennet.net/about-filtering [Accessed
28 June 2014].
SIGMAN, A., 2008. What children need is censorship [Online]. Available at:
http://www.theguardian.com/commentisfree/2008/nov/11/internet-digitalmedia [Accessed 28 March 2014].
SMITH, T., 2001. Hacker jailed for revenge sewage attacks [Online]. Available at:
http://www.theregister.co.uk/2001/10/31/hacker_jailed_for_revenge_sewage [Accessed 19 March 2014].
SPARKES, M., 2014. Fighting a cyber war from deep beneath London [Online]. Available at:
http://www.telegraph.co.uk/technology/internet-security/10698414/Fighting-a-cyber-war-from-deep-beneathLondon.html [Accessed 21 March 2014].
STONE, M., 2014. The Great Firewall Blocking Facebook In China [Online]. Available at
http://news.sky.com/story/1206329/the-great-firewall-blocking-facebook-in-china [Accessed on 13 March 2014].
SWENEY, M., 2012. Ofcom outlines new anti-piracy rules [Online]. Available at:
http://www.theguardian.com/technology/2012/jun/26/ofcom-outlines-anti-piracy-rules [Accessed 28 March 2014].
TAKAHASHI, D., 2009. Hotspot Shield lets users get around web censorship [Online]. Available from:
http://venturebeat.com/2009/10/20/hotspot-shield-lets-users-get-around-web-censorship-anonymously [Accessed 3
August 2014].
THE ECONOMIST, 2012b. Seek and hide [Online]. Available at: http://www.economist.com/node/21556569
[Accessed 10 February 2014].
35
11. Bibliography
THE ECONOMIST, 2013b. Shifting dynamics of control [Online]. Available at:

http://www.economist.com/blogs/analects/2013/03/censorship-china [Accessed 10 February 2014].
TIME MAGAZINE, 2008. The Hunger Games Reaches Another Milestone: Top 10 Censored Books: The Anarchist
Cookbook [Online]. Available at http://entertainment.time.com/2011/01/06/removing-the-n-word-from-huck-finntop-10-censored-books/slide/the-anarchist-cookbook [Accessed 14 March 2014].
TOR PROJECT, 2007. Who uses Tor? [Online]. Available at https://www.torproject.org/about/torusers.html.en
[Accessed 3 August 2014].
TRIPWIRE, 2014. Cyber Intelligence: From Theory to Practice [Online]. Available at: http://www.tripwire.com/stateof-security/security-data-protection/cyber-counterintelligence-from-theory-to-practice [Accessed 29 June 2014].
TRUTHLOADER. 2014a. First anniversary of Snowden leaks: Websites #ResetTheNet. [Online]. [Accessed 5 June
2014] Available from: https://www.youtube.com/watch?v=Q1gBYFirkGQ
TRUTHLOADER. 2014e. WikiLeaks spied on by the NSA and GCHQ. [Online]. [Accessed 13 March 2014]. Available
from: https://www.youtube.com/watch?v=Gca-J3v6d2k
VINTON, K., 2014. Hacktivist Group Anonymous Targets World Cup [Online]. Available at:
http://www.forbes.com/sites/katevinton/2014/06/18/hacktivist-group-anonymous-targets-world-cup [Accessed 30
June 2014].
WALL, D., 2001. 'Cybercrimes, Computer Crimes, Internet Crimes' in Reader's Guide to the Social Sciences. London:
Routledge. [Accessed 22 February 2014 from Credo Reference].
WAYNER, P., 2012. Security through obscurity: How to cover your tracks online [Online]. Available at:
http://www.infoworld.com/d/security/security-through-obscurity-how-cover-your-tracks-online-206162 [Accessed 3
August 2014].
WIKIPEDIA CONTRIBUTORS, n.d.a. Cyberwarfare [Online]. Available at: http://en.wikipedia.org/wiki/Cyberwarfare
WIKIPEDIA CONTRIBUTORS, n.d.b. List of countries by internet users [Online]. Available at:
http://en.wikipedia.org/wiki /List_of_countries_by_number_of_Internet_users [Accessed 30 June 2014].
WILSON, C., 2008. Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress [Online].
Available at: http://wlstorage.net/file/crs/RL32114.pdf [Accessed 24 March 2014].
36

Extended Project: What Is Cyberwarfare and To What Extent Does It Pose A Significant Threat To World Security and The Future of Humanity?

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Extended Project: What Is Cyberwarfare and To What Extent Does It Pose A Significant Threat To World Security and The Future of Humanity?

Transféré par

Droits d'auteur :

Formats disponibles

WHAT IS CYBERWARFARE AND TO

WHAT EXTENT DOES IT POSE A

Research-based report for the AQA Extended Project Qualification

2. Information Warfare .......................................................................... 5

4. The use of cyberwarfare techniques by governments ......................... 13

5. Cybercrime and cyber-terrorism ...................................................... 18

7. Potential damage to social infrastructure ......................................... 24

8. Political issues regarding cyberwarfare ............................................ 26

9. Concluding points ............................................................................ 28

10. Reference List .................................................................................. 31

Extended Project 2014 | Maurice Yap 6946

1.3.PURPOSE AND EXECUTION

Extended Project 2014 | Maurice Yap 6946

1.4.HISTORY AND DEVELOPMENT OF

Extended Project 2014 | Maurice Yap 6946

2.1.1.ISLAMIC EXTREMISM AND QSIS

2.2.INTERNET CENSORSHIP AND FILTERING

Technical filtering can take place on four levels:

Extended Project 2014 | Maurice Yap 6946

2.2.3.PREVENTION OF DIGITAL PIRACY

2.2.4.BRITISH ISP PORNOGRAPHY AND INDECENT CONTENT FILTER

Extended Project 2014 | Maurice Yap 6946

2.3.CENSORSHIP IN CHINA - THE GREAT

2.4.CENSORSHIP IN NORTH KOREA

Extended Project 2014 | Maurice Yap 6946

2.6.CENSORSHIP IN TURKEY THE AFTERMATH

Extended Project 2014 | Maurice Yap 6946

3.2.2008 SOUTH OSSETIA WAR

3.3.SYRIAN CIVIL WAR (2011- )

Extended Project 2014 | Maurice Yap 6946

4. The use of cyberwarfare techniques by governments

4.THE USE OF CYBERWARFARE

4.2.HACKING ALLEGATIONS AGAINST CHINA

4. The use of cyberwarfare techniques by governments

4.3.UNITED STATES OF AMERICA

Extended Project 2014 | Maurice Yap 6946

4. The use of cyberwarfare techniques by governments

4.5.EUROPEAN UNION (EU)

4. The use of cyberwarfare techniques by governments

Extended Project 2014 | Maurice Yap 6946

4. The use of cyberwarfare techniques by governments

Extended Project 2014 | Maurice Yap 6946

5. Cybercrime and cyber-terrorism

5.CYBERCRIME AND CYBERTERRORISM

5.1.KOOBFACE AND BOTNETS

Extended Project 2014 | Maurice Yap 6946

5. Cybercrime and cyber-terrorism

Extended Project 2014 | Maurice Yap 6946

Extended Project 2014 | Maurice Yap 6946

FIGURE 5: A SIEMENS SIMATIC INDUSTRIAL CONTROLLER, IDENTICAL TO THE ONES AFFECTED BY

Extended Project 2014 | Maurice Yap 6946

FIGURE 6: A CARBON FIBRE ROTOR TUBE (BROAD, 2008)

6.2.THE SOURCE OF STUXNET

Extended Project 2014 | Maurice Yap 6946

6.3.WHY IS STUXNET SO DANGEROUS?

Extended Project 2014 | Maurice Yap 6946

7. Potential damage to social infrastructure

7.POTENTIAL DAMAGE TO SOCIAL

7.1.AUSTRALIAN SEWAGE SPILLAGE INCIDENT

Extended Project 2014 | Maurice Yap 6946

7. Potential damage to social infrastructure

Extended Project 2014 | Maurice Yap 6946

8. Political issues regarding cyberwarfare