North Korea, Iran, Syria – asymmetric cyberwar is here to stay

Small nations have been attacking the US for years. Why has nobody noticed until now?

Until last week very few beyond a handful of security titles, a few cybersecurity vendors and the middle pages of the New York Times paid much attention to the growing issue of small nations with big cyber-ambitions.

Suddenly, seemingly out of nowhere, one of these, the Democratic People's Republic of North Korea (DPRK), is accused by the US Government of launching a destructive no-holds barred cyberattack on a major Hollywood firm and there is amazement and not a little scepticism.

Is this wariness justified or is there something else at work here?

When major cyberattacks or breaches occur it's now normal for a dozen of more security firms to offer up spokespeople or quotes from in-house experts, but the moment of the major but under-reported 2013 attacks on South Korea was very different. Seemingly struck dumb, few firms said anything. This was a local issue and nobody could see an angle that interested them, a curious contrast to the attack on Sony which has taken over some newsfeeds to an almost hysterical level.

The odd thing is that major cyberattacks by small nations on US firms are not new, it's just that nobody's been particularly interested until the victims started being more famous names. In 2012, Iran was widely believed to have been behind a series of vast DDoS attacks directed at the US finance and banking sector, serious enough to make it impossible to customers to log on to online accounts, and yet coverage was muted. There was no argument about whether private US Government private briefings on Iran's involvement were plausible because there was basically no debate at all.

More recently, came Operation Cleaver, an alarmingly complex cyber-campaign directed mainly at US energy firms, again also attributed to Iran by the FBI in a sort of reverse Stuxnet few would have once have thought possible from such a deprived state in the midst of economic sanctions.

Ditto, a series of increasingly serious nuisance attacks since 2011 claimed by the Syrian Electronic Army (SEA), that country's centrally-directed but geographically dispersed (Turkey, Lebanon, Jordan) campaign to keep the country's regime in the news. People downplay these attacks as little more buzzing insects but try telling that to the hundreds of major brands that only weeks ago noticed their pages redirecting to a landing page promoting the SEA after a cunning redirection attack.

Tell it indeed to the New York Times that in 2013 was humiliatingly locked out of its website for a day by the same attackers or Twitter and Google that rushed the introduction of two-factor authentication to their services fend off the growing number of account takeovers by this group.

Ponder that the next time you log on to the Twitter or Gmail using 2FA - without the SEA attacks that option might still not exist.

There is a basic issue of acceptance at work here. People joined up the dots for a while and then moved on, bored by 'just another cyberattack' (JAC). People have a habit of noticing these incidents when it can be fitted into a pre-exisiting narrative about how the world works. In the case of DPRK v Sony, it's a movie studio versus a bizarre regime, an almost comic-book stand-off that has inevitably drawn in the US Government as the scale of the attack became clear.

But what matters is not simply whether North Korea had a connection to the attack but why people find it so hard to believe such a thing possible. North Korea is a primitive Stalinist hold-out, a joke regime that kills its own people but would it really bring a large US-based company to its knees?

Frankly, it is time for people to grasp that such a thing is possible, not only by the DPRK but, if they choose to do such a thing, by several other nations as well. This should not be that surprising. Unlike the military world of stealth $70 million-a-pop stealth fighters, remote-controlled drones and cruise missiles, cyberspace is a much more level 'asymmetric' battlefield. Even the smallest nation or group can cause trouble in cyberspace with a small team of skilled hackers and there's no simple way of reliably attributing attacks let alone stopping them.

For now 'it wasn't us' is a plausible defence against what few mechanisms of retaliation exist such as sanctions, arrest warrants, and the banging of fists on tables behind closed doors. Proving an attack's point of origin beyond doubt is incredibly difficult, not helped by suspicion over the US's motives in an era where the NSA is supposedly punching all the important buttons.

People need to acclimatise to the fact that the Sony attack is only the beginning and future attacks will surely take in other countries and organisations unless nations hurry up with some kind of code of behaviour and protocol for resolving disputes. This is already being discussed and eventually will arrive in some form because the alternative is a free-for-all.

Until then, buckle up because the list of victims could turn out to be as surprising as it will be dangerously de-stabilising.

Join the CSO newsletter!

Error: Please check your email address.

Tags new york timessecuritysony

More about FBIGoogleindeedNSASony

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts