home

=It Is Highly Likely China, Russia, Israel, And The U.S. Will Remain The Top Cybercrime Players In The Cyber Warfare Game=

**Executive Summary:** It is highly likely cyber warfare will continue to be a major source of information gathering and attack mechanisms for nation-states. China, Russia, Israel, and the U.S. are the top players in the cyber warfare world, and it is highly likely that they will continue to finance cyber initiatives to remain at the top of the list. Each nation continues to fund cyber defensive and offensive programs in order to gain vital information from other countries and protect their own networks. China, Russia, and the U.S. are responsible for causing some of the most predominant cyber attacks currently known, and it is likely Israel played a significant role in developing the Stuxnet worm, which experts consider the most sophisticated cybercrime to date. Looking at the history of each nation’s attacks, it is apparent that their cyber attacks will continue to grow in scope, sophistication, and efficiency.

**Discussion:** //China:// The Third Department of the People’s Liberation Army (PLA), also known as the Technology Reconnaissance Department, is the cyber arm of China[|.] This department is not subject to the jurisdiction of the provincial military district, so the Third Department can conduct cyber operations on computers throughout the world[|.]

The Committee on Foreign Affairs reported to Congress in March 2010 that there are three types of malicious Chinese computer network operations: § Those that gather economic, military or technological intelligence and information, § Those that strengthen political and economic control in China, and § Those that reconnoiter, map and gather targeting information in US military, government, civil infrastructure or corporate networks for later exploitation or attack[|.] General James Cartwright, former commander of U.S. Strategic Command (USSTRATCOM), testified before the U.S.-China Economic and Security Review Commission that China is actively engaging in cyber reconnaissance by probing the computer networks of U.S. government agencies as well as private companies[|.] He also stated that a DDoS attack launched by China against the U.S. on a large scale has the potential to cause cataclysmic harm and could paralyze critical infrastructure on military command and control[|.]

In January of 2010, China infiltrated Google using highly sophisticated means and stole intellectual property[|.] The attacks originated from servers at two schools in China. The servers at Jiaotong University in Shanghai and Lanxiang Vocational School in Shandong Province launched the attacks[|.] It is not clear who ordered the attacks, but the Committee on Foreign Affairs reported that the attack was likely government sponsored[|.]

Finally, China is in the process of developing a smart grid[|.] This leaves the U.S. smart grid vulnerable to attacks from a Chinese nation that wishes to save money on the research and development of their own grid. China showcased its capability to infiltrate the U.S. power grid in April 2009, when the nation penetrated the grid and left behind malware with the capability to shut down the service[|.] It is obvious China puts much time and money into increasing their cybercrime capabilities, and they are very much a major player in the cyber warfare world.

//Russia:// In 1998, Russia became a major cybercrime player, and it is highly likely the effectiveness of Russian cybercrime will continue to rapidly increase. Russia entered the cybercrime scene in 1998 with an attack on the Pentagon, NASA, the Department of Energy, and several universities and research labs. The hack lasted until 2001, and during this time Russia could freely tap into sensitive documents and gain vital military information [|.]

Russia was also responsible for attacks in 2007, 2008, and 2009. In 2007 Russia shut down government Web sites in Estonia[|.] Then in 2008, while in the midst of the Russia-Georgian war, Russia shut down Georgian Web sites for 10 days. This allowed Russia to continue with their military plans and give them the advantage over Georgia[|.] In the same year Russia also compromised highly classified networks at the U.S. Defense Department[|.] Finally, it is highly likely Russia used a DDoS attack on Kyrgyzstan in January of 2009[|.]

It is a well known fact that Russia constantly monitors foreigners by bugging their hotel rooms and intercepting their communications. Russia even spies on its own people, intercepting their emails and tapping their phones[|.] However, sophisticated state-sponsored cybercrime became the leading Russian espionage skill starting in 1998. Russia has a plethora of computer-savvy individuals as more people are graduating with technology degrees and turning to cybercrime[|.] Russia is also no stranger to a corrupt government[|.] This combination leads to a highly sophisticated nation which has access to all the necessary materials to continue increasing cybercrime capabilities.

Laws against cybercrime in Russia are vague and weakly enforced. Although the citizens continue to call for an increase in cybercrime legislation, the government keeps putting it off[|.] According to AEI Critical Threats, Oleg Gordievsky, a KGB colonel who defected to MI6 in 1985, said Russia sometimes offers hackers a job working for the FSB as an alternative to prison. The FSB often uses hackers for domestic and foreign espionage[|.]

Other Russian organizations, such as the Russian spy ring, also point to the increase of Russian cybercrime capabilities. The spy ring was an attempt to “infiltrate [American] policy circles after building false American identities[|.]” The 12 people involved in the spy ring planned to serve on the U.S. federal court as unregistered foreign agents. In this way they could influence foreign policy and report back to Russia so Russia could continue to increase its own cyber abilities while monitoring the U.S. The U.S. caught, charged, and/or deported the individuals back to Russia[|.] However, it is obvious Russian cybercrime capabilities are highly sophisticated, and they will only continue to intensify.

//Israel:// Israel is the sixth largest initiator of cyber attacks on the planet[|,] and the most computerized nation in the Middle East[|.] Mossad and Unit 8200 possess advanced offensive and defensive cyber capabilities. Major General Amos Yaldin, chief of military intelligence, says that Israel has its own team of soldiers and officers that are working on “Internet warfare” teams[|.] Defense Tech reports that Israel is undoubtedly very serious about cyber warfare, as they are serious about security in general[|.] The nation voiced its intent to conquer the cyber world in the 1990s when it allowed convicted hackers to join Unit 8200 instead of going to prison[|.]

Israel attaches great importance to the advancement of their cyber-tactics[|.] According to Defense Tech, Israel is a leader in cyber-warfare planning. Cyber-warfare teams, such as Unit 8200, are a part of Israel’s spy agencies, which have rich experience in traditional sabotage techniques[|.]

The most well known Israeli cyber attack was in 2007 when Israel hacked into Syrian air defense networks and hit the off switch, allowing Israel Defense Forces (IDF) jets to penetrate Syrian airspace undetected[|.] In 2006, Mossad hacked into the computer of a senior Syrian government official and planted a Trojan horse in his computer to gather information about Syria’s Al Kabir nuclear complex[|.]

In 2008, Mossad hacked into Iranian nuclear networks and disrupted nuclear equipment[|.] A leading European analyst reported to the World Tribune on 20 October that the Stuxnet worm, which appeared to target the Bushehr nuclear facility in Iran, likely originated in Israel[|.] It is likely that Israel and/or the U.S. created the Stuxnet worm. Ralph Langer, a German cybersecurity expert, said that Israel, in an operation named “myrtus,” designed Stuxnet and embedded the virus into control systems at the 1,000 megawatt Bushehr reactor[|.] United Press International speculates that Israel’s Unit 8200 created Stuxnet[|.]

//U.S.:// The U.S. is on the top of the list for cybercrime capabilities, just like China, Russia, and Israel. However, the U.S. is also extremely adept at covering its tracks. Information on cybercrimes committed by other countries is readily available, but much less information is available about the U.S.’ capabilities and cyber attacks. On the other hand, one can find much information about the amount of cybercrime the U.S. stops. The U.S. is constantly in the news for having stopped more ZeuS infections[|,] catching the Russian spy ring[|,] and finding the people responsible for almost breaching Akamai Technologies[|.]

Thus, it is obvious the U.S. continues to increase its cybercrime policing abilities. In fact, the Pentagon thwarted more attacks in the beginning of 2010 than it has in previous years[|.] But, is the lack of information about U.S. attacks a sign it is not attacking, or simply a sign it is good at keeping cybercrime a secret? By looking at the sophistication of the CIA’s attack on the Siberian gas pipeline in 1982, as well as the speculation of U.S. involvement in the creation of Stuxnet, it is clear that, even if U.S. attacks are decreasing, the U.S. is still capable of causing cyber destruction. In 1982, Soviet intelligence was working to gain knowledge about the West’s technology and scientific advancements[|.] On top of this, the U.S. wanted to “disrupt the Soviet gas supply, its hard currency earnings from the West, and the internal Russian economy[|.]” Thus, the CIA introduced a computer chip known as “The Logic Bomb” into the Soviet military which then found its way to the gas pipeline. This chip caused the pipeline to increase pressure beyond its capability, causing an explosion[|.] Thomas Reed, former Air Force secretary, called it "the most monumental non-nuclear explosion and fire ever seen from space[|.]" Almost 30 years later, this attack remains one of the top seven worst cyber attacks[|.]

Finally, chances are better than even that the U.S. played a role in developing the Stuxnet worm which attacked Iran’s Bushehr plant in June 2010. The creation of this worm is most likely the brainchild of Israel and/or the U.S. due to their outspoken concerns about the plant and their ability to fund and create such a sophisticated cybercrime weapon[|.] Although who created it still remains speculation, it is clear the U.S. would, in fact, have the capability.

The U.S., therefore, still remains an important cybercrime player. Even if the lack of reports about U.S. attacks means the U.S. really is not attacking, that does not mean America is any less capable of cybercrime. The U.S. has the technology, capabilities, and funding to create dangerous cyber warfare. It is highly likely the information for the creation of cyber weapons is readily available to the U.S. government, therefore the lack of documented attacks in recent years should not cause other nations to think the U.S. has fallen off the cybercrime grid.

**Analytic Confidence:** Analytic confidence for this assessment is medium. Source reliability ranges from medium to high and there is very little conflict among sources. The analysts have minimal knowledge of the subject matter, completed the task in a partnership, and used the Analysis of Competing Hypotheses (ACH). The task was moderately complex and challenging, and the deadline was also moderate.

Phones: (814) 602-3908 or (814) 464-5964
Sources: (sources are also hyperlinked in the assessment)

[11 [] (high) [22 [] (high) [33 [] (high) [44 [] (high) [55 [] (high) [66 [] (high) [77 [] (high) [88 [] (high) [99 [] (high) [1010 [] (medium) [1111 [|http://www.computerworld.com/s/article/9131275/Report_Cybercriminals_have_penetrated_U.S._ electrical_grid?taxonomyId=16&intsrc=kc_top&taxonomyName=networking_and_internet] (high) [1212 [] (medium) [1313 [] (high) [1414 [] (high) [1515 [] (high) [1616 [] (medium) [1717 [] (high) [1818 [] (high) [1919 [] (high) [2020 [] (high) [2121 [] (high) [2222 [] (medium) [2323 [] (medium) [2424 [] (high) [2525 [|http://www.aviationweek.com/aw/generic/story_channel.jsp?channel=defense&id=news/dti/2010/ 09/01/DT_09_01_2010_p42248207.xml&headline=CyberAttack%20Deploys%20In%20Israeli%20 Forces] (high) [2626 [] (high) [2727 [] (high) [2828 [] (high) [2929 [] (high) [3030 [] (high) [3131 [] (high) [3232 [] (high) [3333 [|http://www.aviationweek.com/aw/generic/story_channel.jsp?channel=defense&id=news/dti/2010/ 09/01/DT_09_01_2010_p42248207.xml&headline=CyberAttack%20Deploys%20In%20Israeli%20 Forces] (high) [3434 [] (high) [3535 [] (high) [3636 [] (high) [3737 [] (high) [3838 [] (medium) [3939 [] (high) [4040 [] (medium) [4141 [] (high) [4242 [] (high) [4343 [] (high) [4444 [] (high) [4545 [] (medium) [4646 [] (high)