Computer criminals don't instill the same fear and dread that street criminals do. They don't lurk around in dark corners, waiting for you with a knife. They don't violently break into your home and steal your TV.
They don't execute the crime. Their code does.
So, when looking at cyber attacks around the world, it's the weapon that should send shivers down our spines - not just the cyber criminal.
Think of a sophisticated malicious code - coined as malware - as a standard weapon. For example, when you give a gun to an angry Girl Scout with no shooting experience, she has the same capacity to inflict harm to others as a highly trained naval officer does. Sure, the officer knows how to handle the weapon with more skill, but the gun is key. The accessibility of the weapon is what makes it dangerous.
We can think of malware the same way. The most brilliant coder in the world cannot stop the fact that powerful malware is now accessible to less skilled coders.
In June 2010, the highly powerful and truly revolutionary computer worm, Stuxnet, was discovered. Stuxnet targeted a specific industrial control system, and the systems it infected were concentrated primarily in Iran - most likely to deter Iranian efforts to successfully enrich uranium. In the two years following the discovery of Stuxnet, two other powerful and sophisticated pieces of malware were discovered: Duqu and Flame. Duqu, discovered in September 2011, was information?stealing software written, in part, in an unknown and highly sophisticated coding language. In May of this year, Flame was found in approximately 1,000 machines across the world, concentrated in the Middle East, to serve as a mechanism for cyber espionage.
Together, these three programs have altered standard means of warfare and coercion. And, together, they have created weapons that have trickled down to cyber criminals everywhere.
Just as the Girl Scout has the capacity to use the power of a gun, a less skilled coder has the power to use design techniques from Stuxnet and its contemporaries for his own malicious endeavors.
This is concerning because it increases the likelihood of instances of cyber attacks. Stuxnet, Flame and Duqu are all believed by some to be state?sponsored or government?affiliated due to their complexity and alleged political motives. As Americans, we haven't been too afraid, because, while Stuxnet damaged the Iranian nuclear program, we were at home happily doing some online shopping. Now, however, we should be afraid. But if individual cyber criminals, who target regular web users, have access to the design philosophy of this sophisticated malware, Internet users should fear for the security of their online accounts and information.
Is government utilization of computer malware as a tool of international warfare worth the fact that it enables hacking groups to target local web users? It makes the cyber world a much more dangerous and complicated entity, and moving forward, it will be difficult to create effective regulation.
Lines of code now yield the same potential for damage as standard weapons, but with a twist. Without leaving any human casualties, code can infect computers and disable their functions, spy on others and steal immense amounts of valuable information. Though the cyber criminal will never be as scary as that sketchy figure in the alleyway, it's about time we start shaking with fear when we hear about the sophisticated malware that is roaming the cyber world. After all, now it's out to get you.
--
NeenaKapur is a sophomore majoring in International Relations. She can be reached at Neena.Kapur@tufts.edu
