World War 3: Cyber Space

We’ve all heard about the “pending” or potential for World War 3.  Something think it to be sooner and others think it will come later.  I think it is already upon us.

Wars are typically fought in a “domain” – there are five domains:  Ground, Sea, Air, Space, and Cyber Space.  Cyber Space is easily the most abstract of them all but think of it this way:  Every email you send, every piece of information you transmit, traverses through Cyber Space – it is broken down into ones and zeros in the form of electrons, radio waves, or photons and physically transmitted across a physical medium from one physical point to another.  This is Cyber Space.

Many of my colleagues, myself included, feel that World War 3 has already started in Cyber Space.  All the signs of the opening phases of war are there:  Reconnaissance, probing defenses, and even engagements.  The players are China, North Korea, Iran, Russia, and the United States, even ISIS – to name only a few.  Sure, no bullets are flying and there haven’t been any confirmed injuries or loss of personnel directly from these actions but it is only a matter of time before things escalate to that.

Reconnaissance and Probing Defense

Incidents like the Office of Personnel Management breaches could very easily be filed under reconnaissance by China into US personnel that potentially work for the US Government and the families of those individuals.  The records of everyone who has requested a US Federal Security Clearance in the past 10 years – 22 million records – were exfiltrated by Chinese hackers.  China reports that they have arrested the hackers involved in the hack but who knows what the hackers did with that data over the 6 months between the breach and the claimed arrests and who has that data now.

In September 2016, Bruce Schneier wrote that “Someone Is Learning How To Take Down The Internet“.  This goes above the typical probing of an organization’s firewall and jumps up to attacking key infrastructure on the Internet to take down large portions of the Internet for seemingly strategic purposes.  Later that year, in October, it happened, but only briefly.  Friday, October 21st the United States saw a massive DDoS, mostly from the Mirai botnet, that took down key DNS infrastructure, mostly on the East Coast that caused effective outages of large businesses – Amazon, Twitter, Netflix, Tumblr, Reddit, and Paypal – to name a few.  This attack was briefly and wasn’t stopped by the defenders but merely ceased by the attackers – some could say it was a show of force or in layman’s terms – a capabilities demonstration.

You can see the impact of the Spamhaus DDoS on the London Internet Exchange on the 23rd. Source: Cloudflare

The October 2016 attack wasn’t the first time we’ve seen an attack that targeted core Internet infrastructure instead of a particular organization.  In 2013, Spamhaus was targeted by a DNS amplification attack that started at 10 Gbps, jumped to 90 Gbps and then fluctuated between 30 and 90 Gbps.  Cloudflare stepped in to block it and it eventually stopped that day.  The following day the DDoS jumped up to 120 Gbps.  When the attackers realized they weren’t putting a dent in Cloudflare’s resourced they diverted their efforts and started attacking core Internet infrastructure upstream from Cloudflare.  This ultimately resulted in some tier 1 bandwidth providers (the providers that provide the actual backbone of the Internet its bandwidth) saw a DDoS of 300 Gbps.

The 2016 Spamhaus DDoS was later one-upped in 2014 by a 400 Gbps NTP amplification attack.

Cyber Space Engagements – The Next Step

I could go on about Stuxnet or the public approval by DoD officials for the development of Cyber Weapons that could potentially impact human life but that’s just pointing out the obvious.  The bigger actions here are conceptual in their existence.  That is, the concept exists AND it is highly possible. Honestly, if a country isn’t engaged in this concept, then they are definitely behind the power curve.  However we don’t know if any country is doing any of this because it is all done in secrecy, if it is being done at all.

The concept is that at the onset of the physical aspect of World War 3 is that instead of bombing the enemy and their infrastructure into oblivion we just flip a switch and the enemy’s critical infrastructure – electricity, municipal, and communications – are entirely disabled with no hope of quick recovery by the defending nation.  The 2016 film “Snowden” made a brief mention of this by alleging that the US Government was involved in gaining covert footholds into foreign communication and infrastructure control systems for the purposes of monitoring and as an option “in case of war”.  Imagine the effectiveness of a military that could disable the opposition’s critical infrastructure within a few minutes without a single bomb being dropped and no collateral damage at the onset of war.  It’s entirely possible today and any key nation that isn’t trying to establish and maintain such footholds would be very much behind the power curve.

This isn’t a new concept either.  Shane Harris wrote about this exact concept in 2009.

If World War 3 escalates, these cyber engagements will occur with an increasing frequency.  Whether or not we hear about them depends on the secrecy of the programs surrounding them and of course the impact it has on public infrastructure.  It could very well be the spark that starts World War 3 in the four other domains – ground, sea, air, and space.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.