Skip to main content

Pentagon declares cyber attacks ‘acts of war’

the-pentagon-cyber-attackThe Pentagon has officially declared that cyber attacks on US computer systems, networks and infrastructures can constitute an “act of war,” reports the Wall Street Journal. This means that if another country hacks US-run digital properties, traditional military force could be used in retaliation.

The decision is part of the federal government’s first formal strategy against cyber threats. More details about the strategy will emerge sometime next month, when unclassified portions of the plan are released to the public.

Following a breach of a US military computer system in 2008, the Pentagon has been on a mission to form an official response to cyber threats, which could affect everything from subway systems to nuclear reactors. The computer network at the Pentagon itself was recently under siege. And just this weekend, defense contractor Lockheed Martin admitted that its systems had been hacked.

By making it public that cyber attacks could instigate a traditional attack by the US military, with bombs and guns, the Pentagon hopes to deter possible attackers. Or, as one military official succinctly put it: “If you shut down our power grid, maybe we will put a missile down one of your smokestacks.”

It is not yet clear, however, what type of cyber attack would justify the use of military force. One policy that is reportedly gaining popularity is that of “equivalence,” a sort of eye-for-an-eye strategy through which “use of force” would only be employed if the cyber attack also caused death, or significant damage, disruption or destruction.

The new strategy is not without its inherent complications. For instance, it can often be difficult to know for sure who waged a cyber attack, which makes the use of force far more risky, politically speaking. Among the many questions stirred by the new strategy is how the US would respond to an attack that originates from non-governmental entities, i.e. cyber-terrorists, or hackers otherwise independent of a particular government. (Of course, we all know how the US responds when an “act of war” is launched by an analog terrorist.)

Regardless of the current details, the need for a cyber attack strategy is obvious. According to the military personnel who have seen the Pentagon’s strategy in its entirety, the rules laid out will abide by the standard Laws of Armed Conflict, and mesh with the strategies of international allies.

Editors' Recommendations

Andrew Couts
Former Digital Trends Contributor
Features Editor for Digital Trends, Andrew Couts covers a wide swath of consumer technology topics, with particular focus on…
Cyber attack targets Illinois water station, damages water pump
water plant shutterstock

A hacker or group of hackers managed to infiltrate the network of a water station in Springfield, Illinois, and caused damage to a water pump, reports the Washington Post. The attack appears to be the first time a cyber attack has caused this kind of damage to a computer system in the US. The attack was first discovered on Nov. 8, when a municipal water district employee discovered a problem with the city's Supervisory Control and Data Acquisition System (SCADA). As Wired reports, the system repeatedly turned on and off, which caused the water pump to burnout. A technician later discovered that its system had been infiltrated, possibly as early as September.The attack appears to have been launched from an IP address located in Russia, though it's possible that the hacker or hackers who waged the attack are physically located elsewhere, and simply waged a proxy attack to make it appear as though Russia was the base of operations. Access to the water plant's system was done by hacking into the network of the software vendor that makes the SCADA system. Usernames and passwords for the water utility were stolen, and used to access the utility's system remotely. It is possible that other SCADA systems are at risk of intrusion, or may have already been breeched."It is unknown, at this time, the number of SCADA usernames and passwords acquired from the software company’s database and if any additional SCADA systems have been attacked as a result of this theft," according to a report of the incident obtained by Joe Weiss of Applied Control Solutions. Weiss read this portion of the report to Wired.So far, the name of the software company that was hacked has not been released, but we do know that it is a vendor in the US. According to Weiss, the company that was hacked could have access to user login information, not only for utility companies, but also for the systems that control US nuclear weapons.Officially, the Department of Homeland Security is keeping its lips tight on the matter. They have so far refused to say that the burnout of the water pump was a direct cause of the hack. And they say there is not yet any reason to be worried about more destructive consequences resulting from the breech.“DHS and the FBI are gathering facts surrounding the report of a water pump failure in Springfield, Illinois,” said DHS spokesman Peter Boogaard in a statement. “At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety.”The breech of this SCADA system is the first time an industrial control system has been infiltrated in the US. The most direct comparison is the breech of a uranium enrichment plant in Iran that was carried out through the use of the infamous Stuxnet worm.
[Image via Andrey Kekyalyaynen/Shutterstock]

Read more
UN among victims of biggest series of cyber attacks ever

News of yet another computer security breach has emerged which appears to be so monumental that the word ‘hack’ seems inadequate - how about a mega-hack? Or simply a thwack?
According to a Reuters report on Wednesday, security company McAfee believes it has uncovered the largest series of cyber attacks yet, with 72 big organizations from around the world hit. McAfee said it thought a single “state actor” perpetrated the intrusions, and though it refused to name names, Reuters said that “one security expert who has been briefed on the hacking said the evidence points to China.”
Among the victims are the governments of the US, Taiwan, India, South Korea, Vietnam and Canada; the United Nations; the Association of Southeast Asian Nations (ASEAN); the International Olympic Committee (IOC); the World Anti-Doping Agency; and a large number of companies, including those in the defense and high-tech industries.
The ongoing attacks are believed to have been carried out over a period of five years, beginning in 2006. McAfee discovered the extent of the intrusions in March of this year.
The company said that hackers had, for example, infiltrated the computer system of the UN Secretariat in Geneva three years ago, hiding undetected for some two years while secretly examining vast swathes of confidential data.
McAfee believes some of the security breaches lasted a month while one, on the Olympic Committee of an unnamed Asian nation, continued sporadically for almost two-and-a-half years.
In a report issued by McAfee on Wednesday that was examined by Reuters, Dmitri Alperovitch, the security company's vice president of threat research, wrote: “This is the biggest transfer of wealth in terms of intellectual property in history. The scale at which this is occurring is really, really frightening. Even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators.”
He continued: “What is happening to all this data ... is still largely an open question. However, if even a fraction of it is used to build better competing products or beat a competitor at a key negotiation (due to having stolen the other team's playbook), the loss represents a massive economic threat.”
And evidently in no mood to mince his words, he added: “Companies and government agencies are getting raped and pillaged every day. They are losing economic advantage and national secrets to unscrupulous competitors.”
All of the victims have been notified by McAfee and are now in touch with local law enforcement agencies.
Recent cyber attacks by hacking groups Anonymous and LulzSec have been getting a lot of attention, but they somehow pale into insignificance when put up against the scale of this latest, more sinister, mass security breach, carried out by what McAfee is calling one “state actor.”

Read more
US gov’t building hacker army for cyber war

The US National Security Agency hopes to hire a mass of "cyber warriors" this year, and another large group next year, to help the country fight the increasingly intense international cyber war, reports Reuters. To find new recruits, representatives from the NSA, Department of Defense, Department of Homeland Security and NASA, will be attending the annual DEF CON hacker conference in Las Vegas, which takes place this weekend.Started in 1993 by hacker Jeff Moss (aka Dark Tangent), DEF CON is the preeminent meet-up for US hackers. The four-day conference costs $150 — in cash only — to attend. There is no registration, no credit cards allowed, which keeps everything anonymous. About 10,000 computer savvy individuals are expected to attend this year's conference.The NSA spy agency hopes to find skilled individuals willing to help the United States conduct itself — both defensively and offensively — in the growing global cyber war, which is gaining combatants and victims more and more each day. (Sources who attended last year's DEF CON tell us that members of the US nation security complex were also in attendance then, as well, with similar recruiting goals.)Hacker groups like LulzSec and Anonymous are running amok over the websites of corporations, and stealing classified documents from high-level trans-governmental organizations like NATO and the International Monetary Fund. More nefarious digital underground players — people like government-sponsored hackers from countries in eastern Europe, Russia, Iran and China — have allegedly breached some of the most sensitive systems in the US, like the Pentagon. It is to fight these enemies that the NSA and other US security agencies hope to build a hacker army."Today it's cyber warriors that we're looking for, not rocket scientists," said Richard "Dickie" George, technical director for the NSA's cyber-defense branch, in an interview with Reuters. "That's the race that we're in today. And we need the best and brightest to be ready to take on this cyber warrior status." Problem is, many hackers live outside the law, or at least in its shadows; many are disestablishment players who believe that working for the US government is tantamount to surrender, or at least really lame. Still, some hackers have crossed over to the other side. In fact, DEF CON founder Moss is himself now a member of the Department of Homeland Security's Advisory Council. Plus, getting paid to do what you love is a luxury many in this world will never experience, especially when that thing involves high-level security clearance and serious national security issues that are straight out of an action movie.Besides, says George, "we have a wonderful atmosphere, we have great people and we have the hardest problems on Earth. And we need help, the country needs help." Care to join?
[Image via]

Read more