Security

Non-State Cyberweapons

When it comes to non-state cyberweapons, there are some significant differences between them and state-funded devices/software. While the funding and manpower of non-state cyberweapons are certainly reduced, the potential consequences and reach of the weapons are still present. As cybercrime is quickly rising in the hands of often unskilled users, I feel that non-state cyberweapons will expand in both usage and power.

First, I will talk about the Low Orbit Ion Cannon (LOIC), initially developed by PraetoxTechnology to be used in network stress-testing. In recent years, the LOIC has become open-source and used by well-known hacker groups such as Anonymous. An image of the software is shown below.

(Wikipedia, 2020)

The LOIC, which reminds me of the weapon in the PC game Command & Conquer, is both easy to use and effective, allowing DDOS attacks to be performed by even novice users. The LOIC achieves its goal by saturating servers with UDP, HTTP, and TCP packets, thus disrupting operations. While organizations have made excellent strides in defending against DDOS attacks, we still see examples of this sort of thing often, such as during the launch of the new Xbox, when many retailer’s websites shut down due to the dramatic increase in users; while this isn’t technically an attack, the LOIC would operate quite similar to it. For the cost of the LOIC, I would rate it low due to the ease-of-use and wide-availability of the software. At the same time, the purpose of the cyberweapon would be medium, as DDOS attacks can be stopped with several security settings, policies, and software.

Next, I will discuss Wiper, which first was reported in late-2011/early-2012. Wiper attacks computer systems to the point that they are not recoverable (wiped); this malware initially infected systems in various businesses in Iran. Similar to the Flame attack, Wiper differed due to the increased damage done of the cyberweapon, potentially rendering systems completed unsalvageable. Interestingly, the Wiper cyberweapon lived up to its name in that any evidence of the creators were also destroyed (Raiu, 2013). Wiper had some of the same characteristics of the Flame attack as well, causing speculation of the Wiper attack’s originality for some time. For the cost of the Wiper, I would rate it at low due to the ease-of-use and wide-availability of the software, while the purpose of the cyberweapon would be high, as such an attack has no real financial gain to be made and merely seems to want to watch the world burn, so to speak.

Finally, I will explore the cyberweapon, Mirai. Miria, initially thought to be the work of a hostile nation-state, was later found to be created by three friends in 2016 to be used to attack rival Minecraft hosts. The Mirai botnet quickly grew out of control and hijacked thousands of systems, affecting large regions of the Internet. What is fascinating about botnets is their ability to form into a supercomputer of sorts, granting the processing power of unsuspecting host computers to those who control them. After the Mirai botnet grew beyond the original creator’s expectations, they released the code into the wild; this is often done to entice other hackers into using the code, thus providing the original creators’ plausible deniability (Fruhlinger, 2018). For the cost of Miria, I would rate it low due to the ease-of-use and wide-availability of the software, while the purpose of the cyberweapon would be high, as, at the time, the actual intelligence needed to craft the weapon was surprisingly low, yet inflected severe consequences. With proper funding for the ‘Miria’ of the future, I would shiver at the damage that could be caused.

References

Wikipedia. (2020, December 01). Low Orbit Ion Cannon. Retrieved December 16, 2020, from https://en.wikipedia.org/wiki/Low_Orbit_Ion_Cannon

Cloudfare. (n.d.). What Is The Low Orbit Ion Cannon (LOIC)? Retrieved December 16, 2020, from https://www.cloudflare.com/learning/ddos/ddos-attack-tools/low-orbit-ion-cannon-loic/.

Fruhlinger, J. (2018, March 09). The Mirai botnet explained: How IoT devices almost brought down the Internet. Retrieved December 16, 2020, from https://www.csoonline.com/article/3258748/the-mirai-botnet-explained-how-teen-scammers-and-cctv-cameras-almost-brought-down-the-internet.html

Rid, Thomas. 2013. Cyber War Will Not Take Place. Oxford University Press, Inc., USA.

Raiu, C. (2013, November 18). Destructive Malware – Five Wipers in the Spotlight. Retrieved December 16, 2020, from https://securelist.com/destructive-malware-five-wipers-in-the-spotlight/58194/.

Categories: Security

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s