Today we finish our story on the history of cyber warfare.
Edward Snowden (May 2013)
Attributed to Edward Snowden. The target was the National Security Agency of the United States. Snowden was a former CIA employee, who, while working for Booz Allen Hamilton as a contractor to the NSA, copied and leaked NSA information, particularly the computer exploits that the NSA used abroad and in the United States for surveillance and information gathering. The information was released to a select group of reporters for the Washington Post, the Guardian, Der Spiegel, and the New York Times. The publication of these exploits was considered to be damaging to the NSA’s ability to continue to gather information critical to the security of the United States. Snowden was motivated by a personal opposition to the illegal surveillance of US citizens by the NSA. Snowden fled the United States, first to Hong Kong and later to the Russian Federation. A controversial figure considered by some to be a traitor, others to be a hero and whistle-blower, he still lives in exile in Russia.
German Steel Mill (2014)
Attributed to an unknown group of experienced hackers. From the level of skill required, it would seem to be a nation-state sponsored attack. Target was a steel manufacturing facility in Germany. This attack was initiated by a spearphishing campaign that gave the attackers access to the business network. They were able to pivot to the SCADA systems of the factory, and disable controls causing significant damage to a blast furnace. This an instance where the level of damage was equivalent to a conventional military operation, thus rising to the level of cyber warfare.
Turla aka Uroburos or Snake (2014)
Attributed to Russia. Targets were in the United States, western Europe, and the Ukraine. This was a long running surveillance campaign that was started in 2005.
Dark Hotel (2014)
Attributed to China. Targets were business executives from Japan, Hong Kong, Taiwan, China, Russia, Korea. This surveillance exploit seemed to have the ability to follow targeted travelling executives from hotel to hotel. Undetected since 2006.
Regin (2014)
Attributed to Britain and the US. Targets include US and British enemies and allies in Europe. Persistent since 2002. One of the surveillance exploits revealed by Edward Snowden.
Equation Group (2014)
Attributed to the US, developed by the same group responsible for Stuxnet and Flame. This exploit has the ability to infect the firmware of hard drives, among other interesting tricks.
Sony Pictures Attack (2014)
Attributed to North Korea. Targeted Sony Pictures Corporation in Japan. Apparently in retaliation for the release of the movie The Interview, which satirized North Korean leader Kim Jong-un. the attackers released emails and other information, including unreleased movie files. They were also able to destroy computer systems, similar to the Shamoon attack.
Ukrainian Electrical Blackout (December 2015 and December 2016)
Attributed to the Russian Federation, as part of the conventional military campaign in eastern Ukraine by ethnic Russian separatists which support of the Russian army. The electric utility was first breach in December 2015 cut power to 225,000 people in western Ukraine. By the following year, December 2016, the cyber attackers had extended their intrusion and increase their control of the power grid, and were able to take over the power distribution system again.
Mossack Fonseca (April 2016)
Attributed to unknown hacktivist group. Targets were clients of the law firm. 2.6 terabytes of stolen information was released to German newspaper Suddeutsche Zeitung. This trove of 11.5 million documents showed a pattern of illegal tax avoidance. Many prominent individuals including elected government officials from several countries were exposed.
I hope that you found this series as interesting as I did when I was researching for this article. The long section of links below covers most of the attacks we outlined her in much more detail. And I must recommend the documentary video Zero Days if you really want to understand the Stuxnet attack.
More information:
- Cyberwarfare and International Law – ISSA Journal (PDF)
- Cyberwarfare – Wikipedia
- Real Cyber Warfare: Carr’s Top Five Picks
- The world’s 10 most dangerous cyberwarfare attacks
- Ukraine’s power outage was a cyber attack: Ukrenergo
- Zero Days – Documentary About Cyber War
- Spy vs.Spy vs.Spy – What Countries are using Cyber-espionage Tactics?
- Mossack Fonseca
- Arab Spring
- Kyrgyz or Tulip Revolution
- Ghostnet
- Stuxnet
- Bradley (Chelsey) Manning
- US vs. Manning
- Flame
- Shamoon
- Edward Snowden
- German Steel Mill
- Wikileaks
- Operation Aurora
- Titan Rain
- 2007 cyberattacks on Estonia
MAR
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com