[AfrICANN-discuss] The mouse that roared

Anne-Rachel Inné annerachel at gmail.com
Fri Sep 7 19:25:40 SAST 2007

The mouse that roared

Sep 5th 2007 | NEW YORK
>From Economist.com
Is cyberwarfare a serious threat?

A DECADE or so ago, thinkers and pundits were fond of discussing the
emerging threat of cyber attacks as a matter of international affairs. The
growing reliance of advanced economies on the internet, and the increasing
use of the internet by governments and armies, seemed to offer vulnerability
along with riches and convenience. The scare of the "Y2K bug" seemed to
highlight the danger, at least until it became obvious that the bug was of
no threat to anyone.

Now, despite preoccupation with more old-fashioned sorts of terrorism and
war, is there, again, reason to fret about the cyber sort? Revelations this
year that hackers successfully broke into Pentagon computers, followed by
off-the-record confirmation by officials speaking to the *Financial
Times*this week that the assailants were connected to China's army,
have brought
the issue back to the fore. Reports suggest that the online intruders were
probably engaged in espionage, downloading information. The ability to spy
is threatening enough. But hackers may also discern vulnerabilities in
computer systems and inflict damage. One fear is that hackers who peeked
into the American government's networks could possibly, one day, work out
how to shut them down, at least for a time.
Click Here!]<http://ad.doubleclick.net/jump/daily.economist.com/dailyart;pos=v5_art350x300;sect=news;sz=350x300;tile=1;ord=90118738?>

The Pentagon is presumably better able to protect itself against cyber
attacks than most. Other targets have been shown to be more vulnerable. The
potential impact of cyber-vandalism became obvious this year when Russian
hackers unleashed the biggest-ever international cyber-assault on tiny
Estonia, after the Baltic country caused offence by re-burying a Russian
soldier from the second world war. "Denial of service" attacks, when huge
numbers of visitors overwhelm public websites, crippled Estonian government
computers. Some breathlessly called it the first direct Russian attack on a
NATO member.

The Russian government claimed in that incident that the hackers were
incensed ordinary Russians. But some experts said they saw Kremlin
footprints. In the current Chinese case the script has been repeated; some
at the Pentagon say they can pin the attacks on the People's Liberation
Army. Germany's government has protested to China's rulers, saying it too
was once hacked by the PLA. Other governments, such as the British one, say
that cyber-attacks are increasingly common problems. China, too, says it has
been a victim of cyber-assault, and that it takes the issue seriously. In
all likelihood—as with the more traditional spying of the cold war days—many
countries are attempting some sort of cyber-attacks, while condemning others
who do it.

Some of the more effective cyber snoops and vandals may not be government
employees. Rather, as pirates would once loot on behalf of particular
governments, a few of today's more effective hackers may be freelancers
acting perhaps with tacit official approval. But governments are also
developing capability themselves. A Pentagon report this year on China's
military forces said baldly that the country was developing tactics to
achieve "electromagnetic dominance" early in a conflict. It added that,
while China had not developed a formal doctrine of electronic warfare, it
had begun to consider offensive cyber-attacks within its operational

Cyber-attacks present an attractive option to America's foes, as a form of
guerrilla or asymmetrical warfare. In 2002 the Pentagon ran a war-game with
the evocative title "Digital Pearl Harbour". In it, simulated attacks showed
only temporary and limited effect (for example shutting down some
electricity supplies). But this week's revelation may show that America has
underestimated its Chinese rival.

The legal world has always been slow to keep up with technology, and the
international law of cybercrime is no exception. The first international
legal instrument on the subject was the Council of Europe's Convention on
Cybercrime. It requires members to pass appropriate laws against
cybercrime—including unauthorised access and network disruption, as well as
computer-aided traditional crimes like money-laundering and child
pornography. It also mandates a certain level of law-enforcement to prevent
laxer jurisdictions from becoming cybercrime havens. But its reach is
limited. It came into force in 2004 among just six Council of Europe
members; others have since joined, including America at the start of this
year. No other non-member of the Council of Europe has joined. This means
that the Chinese shenanigans, whatever they were, continue to exist in a
legal netherworld.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.afrinic.net/pipermail/africann/attachments/20070907/b6815ebd/attachment.htm

More information about the AfrICANN mailing list