In the recent past, misuse of cyberspace has cast its long shadow on the political arena, on the perceived strategic paradigm related to the national interests of many countries, and the financial matrix.
In Bangladesh, we have also seen the violation of our cyber domain through the carrying out of the cyber heist of Bangladesh Bank reserves and also the misuse of social media for furthering terrorism.
We have also witnessed allegations of misuse of US cyberspace by Russia with regard to hacking of the Democratic National Committee and other campaign-related sites. The US presidential process has also been affected through damaging revelations by the media of Donald Trump’s clever manipulations, which not only enabled him to avoid paying income tax, but also provided details of his sexual activities.
Similarly, there have been well-timed disclosures about Hillary Clinton’s misuse of the internet as well as the manner in which the Clinton Foundation is being run. It has been suggested that Russian President Vladimir Putin, through such a measure, was not just probing the US digital systems, but also trying to ascertain how far he could go in sowing distrust within the US presidential “free and fair election” process, viewed by citizens of the United States as the most important cornerstone of democracy.
Many analysts following the US presidential election are hoping to breathe a collective sigh of relief on November 9, the day after the election.
They are hoping that things will settle down. Unfortunately, many cyber experts are of the opinion that the danger is just beginning, and the 2016 election is a warning of darker hacks to come.
FBI Director James Comey has sought to reassure US citizens that the American decentralised voting system was just too “clunky” for any one or two breaches of cybersecurity to affect the outcome. One is tempted to observe that small changes can also have a big effect. We should not forget that the 2000 US presidential election was decided by just 537 votes in Florida.
Authorship attribution for cyber crimes and cyber attacks is a major problem for all law enforcement agencies. We have witnessed this through the Bangladesh Bank cyber heist
From that point of view, some cyber analysts have indicated that in a tight race, cyber actors do not need to create major disruption. In this context, a few of them are suggesting that hacking leading to affecting the voting process in a few counties in Pennsylvania or Florida, two big battleground states that use electronic voting, but in some precincts do not use verifiable paper audit trails to confirm results, could directly affect results.
Other election pundits have also observed that Pennsylvania and Florida are not alone within this template. 13 other states apparently also lack paper audit trails in either all or some voting locations.
In any case, if the US is unable to tackle any such problem in the coming days, it will most likely affect their credibility. As a result, US strategists, according to media reports are trying, on a priority basis, to build better defenses, including legislating minimum cybersecurity standards for party and campaign-related websites. One can only hope that those associated with this dynamics will be successful.
Furthering national interest priorities through the use of cyberspace is not new. Many countries over the years have used this as a weapon to further their own agenda. It would be useful at this point to recall some of them.
In June 2013 Tom Donilon, the White House National Security Adviser travelled to Beijing and met with top Chinese officials. The meeting took place just days after a major attack allegedly implicating the Chinese Army was uncovered.
According to an American security company Madiant, “Cyber Unit 61398,” attached to the People’s Liberation Army was involved in massive operations targeting US government and corporate computers.
During these attacks, reams of sensitive information, including results from clinical trials, blueprints, pricing documents, and negotiation strategies were stolen. These revelations came just two months after an attack in South Korea, where more than 30,000 computers and servers at the country’s two largest broadcasters, one cable channel, and three banks went out of commission and customers were unable to access their accounts for hours.
After first pointing fingers at North Korea, and then China, the confused South Korean Communications Commission finally observed that it was difficult to identify the perpetrators. However, following these cyber attacks in the first half of 2013, the national government committed itself to the training of 5,000 new cyber security experts by 2017.
The computer worm known as Stuxnet reportedly also ruined almost one-fifth of Iran’s nuclear centrifuges by disrupting industrial programmable logic controllers (PLCs) in a targetted attack generally believed to have been launched by Israel and the US, although neither has publicly acknowledged this.
In early 2013, massive breaches of computer security by the NSA were revealed, including deliberately inserting a backdoor in a NIST standard for encryption and tapping the links between Google’s data centres. These were disclosed by NSA contractor Edward Snowden.
This has brought to the forefront the need to give more attention to computer security, also known as cybersecurity. This IT security is the protection of information systems from theft or damage to the hardware, the software, and to the information in them, as well as from disruption or misdirection of the services they provide.
It includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data, and code injection or due to malpractice by operators, whether intentional, accidental, or being tricked into deviating from secure procedures.
This field is of growing importance due to the increasing reliance on computer systems and the internet in most societies with particular reference to the wireless networks, such as the bluetooth and Wi-Fi. To this has been added the growth of “smart” devices, including smart phones and televisions.
It is important for everyone to understand that attacks against the computer system may be carried out in different ways. They generally include the backdoors method, or the denial of service attacks method, or the direct-access attack method whereby an unauthorised user gaining physical access to a computer might be able to directly copy data from it or compromise security by making operating system modifications, installing software worms, covert listening devices, or using wireless mice.
Attack method may also include eavesdropping. This is the act of surreptitiously listening to a private conversation, typically between hosts on a network. The FBI and the NSA in the US have particularly used this method to eavesdrop on the systems of internet service providers.
All these methods are used to particularly target websites and applications that accept or store credit card numbers, brokerage accounts, and bank account information. These are prominent hacking targets. In this context, we need to address the issue of conflict of laws with regard to use of cyberspace. There is no global cyber law or cybersecurity treaty that can be invoked for enforcing global cybersecurity issues.
Authorship attribution for cyber crimes and cyber attacks is a major problem for all law enforcement agencies. We have witnessed this through the Bangladesh Bank cyber heist.
Consequently, governments, individually as well as globally, need to take on the required regulatory role urgently.
Muhammad Zamir, a former Ambassador, is an analyst specialised in foreign affairs, right to information, and good governance, and can be reached at [email protected]