Cyberweapon

A cyberweapon is a malware agent employed for military, paramilitary, or intelligence objectives as part of a cyberattack.^[1]

General characteristics[edit]

Requirements for the term vary widely; the most common criteria seem to be for a malware agent which:

Is sponsored or employed by a state or non-state actor.
Meets an objective that would otherwise require espionage or the use of force.
Is employed against specific targets.

Sponsor[edit]

Part of the distinction from other malware is that the agent is sponsored—that is, commissioned, developed, and/or used—not by a black-hat hacker or organized criminal group, but instead by a state or a non-state actor, the latter potentially including terrorist groups and other entities proposed in fourth-generation warfare (4GW) doctrines.

Objectives[edit]

A cyberweapon performs an action that would normally require a soldier or spy, and which would be considered either illegal or an act of war if performed directly by a human agent of the sponsor during peacetime. Legal issues include violating the privacy of the target and the sovereignty of its host nation.^[2] Such actions include (but are not limited to):

Surveillance of the system or its operators, including sensitive information, such as passwords and private keys
Theft of data or intellectual property, such as:
- proprietary information of a business
- classified information of a government or military
Destruction of one or more of the following:
- Data or executable code (programs) on the system, or other connected systems
- Less frequently, damage to or destruction of computer hardware
- In the most extreme case, damage to an electromechanical or process control system such that a serious industrial accident results in loss of life or property beyond the system, or major economic damages.

While a cyberweapon almost certainly results in either direct or indirect financial damages to the target group, direct financial gains for the sponsor (such as the transfer of funds) are not a primary objective of this class of agent.

Target[edit]

Unlike malware used by script kiddies to organize botnets, where the ownership, physical location, and normal role of the machines attacked is largely irrelevant, cyberweapons show high selectivity in either or both of their employment and their operation. Before the attack, cyberweapons usually identify the target using different methods.^[3] Likewise, malware employed by fraudsters for the theft of personal or financial information demonstrates lower selectivity and wider distribution.

Distinctions from viruses and other malware[edit]

Note that self-replication is not a requirement; as such, not all cyberweapons are viruses and not all viruses are necessarily cyberweapons^{[citation needed]}. Without this capability, however, an alternate vector is required to get the agent onto the target system(s). Likewise, compromised access alone, such as that provided by a rootkit, is not diagnostic of the employment of a cyberweapon.^{[citation needed]}

While the term is frequently used by the press,^[4]^[5] some articles avoid it, instead using terms like "Internet weapon" or virus,^[6] mainstream researchers debate the requirements of the term while still referring to the employment of the agent as a "weapon",^[7] and the software development community in particular uses the term more rarely.

Probable cyberweapons[edit]

The following malware agents generally meet the criteria above, have been formally referred to in this manner by industry security experts, or have been described this way in government or military statements.

Duqu
Flame (malware)
Great Cannon
Mirai (malware)
Stuxnet
Wiper (malware)

Control and disarmament[edit]

This section needs expansion. You can help by adding to it. (April 2017)

In 2017 data breaches showed that supposedly secure hacking tools used by government agencies can be obtained − and sometimes exposed − by third parties. Furthermore, it was reported that after losing control of such tools the government appears to leave "exploits open to be re-used by scammers, criminals, or anyone else − for any purpose".^[8]Claudio Guarnieri, a technologist from Amnesty International states: "what we learn from the disclosures and leaks of the last months is that unknown vulnerabilities are maintained secret even after they've been clearly lost, and that is plain irresponsible and unacceptable".^[8]

Also in that year WikiLeaks released the Vault 7 documents series that contain details of CIA exploits and tools with Julian Assange stating that they are working to "disarm" them before publication.^[9]^[10] Disarmament of cyber weapons may come in the form of contacting respective software vendors with information of vulnerabilities in their products as well as potential help with or autonomous development (for open source software) of patches.

References[edit]

^ Sheldon, John B. "Cyberwar". Encyclopedia Britannica. Retrieved 2021-04-06. Attacks can be made against the syntactic layer by using cyberweapons that destroy, interfere with, corrupt, monitor, or otherwise damage the software operating the computer systems. Such weapons include malware, […]
^ Downes, Cathy (2018). "Strategic Blind–Spots on Cyber Threats, Vectors and Campaigns". The Cyber Defense Review. 3 (1): 79–104. ISSN 2474-2120.
^ "Cyber Weapon Target Analysis". 2014-05-26.
^ "Powerful 'Flame' Cyberweapon Torching Mideast Computers : Discovery News". News.discovery.com. 2012-05-30. Retrieved 2012-12-07.
^ "Infosecurity – 2012: The Year Malware Went Nuclear". Infosecurity-magazine.com. Retrieved 2012-12-07.
^ Perlroth, Nicole (2012-05-28). "Virus Infects Computers Across Middle East - NYTimes.com". Iran: Bits.blogs.nytimes.com. Retrieved 2012-12-07.
^ "Infosecurity – Kaspersky looks at the wreckage of Wiper malware". Infosecurity-magazine.com. 2012-08-29. Retrieved 2012-12-07.
^ a b Cox, Joseph. "Your Government's Hacking Tools Are Not Safe". Motherboard. Retrieved 15 April 2017.
^ Fox-Brewster, Thomas. "Julian Assange: Wikileaks May Have Evidence CIA Spied On US Citizens". Forbes. Retrieved 15 April 2017.
^ "WikiLeaks vows to disclose CIA hacking tools; CIA to investigate". SearchSecurity. Retrieved 15 April 2017.

External links[edit]

Articles

Prashant Mali, Jan 2018 Defining Cyber Weapon in Context of Technology and Law
Stefano Mele, Jun 2013, Cyber-Weapons: Legal and Strategic Aspects (version 2.0)
Stefano Mele, 30 September 2010, Cyberwarfare and its damaging effects on citizens
Michael Riley and Ashlee Vance, 20 July 2011, Cyber Weapons: The New Arms Race

[1] Sheldon, John B. "Cyberwar". Encyclopedia Britannica. Retrieved 2021-04-06. Attacks can be made against the syntactic layer by using cyberweapons that destroy, interfere with, corrupt, monitor, or otherwise damage the software operating the computer systems. Such weapons include malware, […]

[2] Downes, Cathy (2018). "Strategic Blind–Spots on Cyber Threats, Vectors and Campaigns". The Cyber Defense Review. 3 (1): 79–104. ISSN 2474-2120.

[3] "Cyber Weapon Target Analysis". 2014-05-26.

[4] "Powerful 'Flame' Cyberweapon Torching Mideast Computers : Discovery News". News.discovery.com. 2012-05-30. Retrieved 2012-12-07.

[5] "Infosecurity – 2012: The Year Malware Went Nuclear". Infosecurity-magazine.com. Retrieved 2012-12-07.

[6] Perlroth, Nicole (2012-05-28). "Virus Infects Computers Across Middle East - NYTimes.com". Iran: Bits.blogs.nytimes.com. Retrieved 2012-12-07.

[7] "Infosecurity – Kaspersky looks at the wreckage of Wiper malware". Infosecurity-magazine.com. 2012-08-29. Retrieved 2012-12-07.

[mb1-8] Cox, Joseph. "Your Government's Hacking Tools Are Not Safe". Motherboard. Retrieved 15 April 2017.

[9] Fox-Brewster, Thomas. "Julian Assange: Wikileaks May Have Evidence CIA Spied On US Citizens". Forbes. Retrieved 15 April 2017.

[10] "WikiLeaks vows to disclose CIA hacking tools; CIA to investigate". SearchSecurity. Retrieved 15 April 2017.

[1]