Dyson College of Arts and Sciences
Issue link: http://dysoncollege.uberflip.com/i/633753
Estonia's attack was essentially a flood of requests to connect to numerous Estonian servers that caused the massive denial-of-service conditions that kept the sites from being able to operate normally. The attacks emanated from Russia, and in the early days of the attack, many source addresses for the invading computers represented IP web addresses of servers located in Russia, some of which were located in government facilities. While the attack essentially prevented everyday commerce to continue, they nevertheless did not result in physical damage of any kind. Several years later in 2010, the now infamous Stuxnet digital weapon, produced in by the U.S. in collaboration with Israel, was launched against the Iranian regime in Natanz during 2010. The technology essentially installed malware disguised as industrial control system (ICS) updates to disrupt industrial programmable logic controllers (PLCs) operating the German-built centrifuges. The malware was covertly distributed via the Internet and into the ICS hardware, subsequently disrupting thousands of centrifuges by causing the mechanism governing their rotation spin rate to be removed, leading to such fast rotations that the centrifuges quickly became damaged and unusable. Stuxnet was kept secret for several years until news broke that the Stuxnet weapon was part of a larger secret U.S. program. 31 The level of sophistication and engineering that went into Stuxnet was considerable; however, once launched, the Iranians had access to its source code which, together with other attack programs developed by the U.S. including Flame and Duqu, represented a massive transfer of technological know-how that was made public when Edward Snowden released classified NSA documents citing U.S. governmental concern over the release of the malware, effectively schooling the adversary on new techniques and tools to use in couter-attacks. 32 In April, 2012, Iran again became the victim of a cyber-attack, later known as Wiper, which attacked hard disks at the Oil Ministry's headquarters in Tehran. The attacking software functioned by gaining access to the Master Boot Record, and wiping it clean, before deleting other system files. When attacked computers were rebooted, they remained inoperable due to their operating systems being deleted, rendering them useless. Thinking that the attack emanated and was related to the earlier Stuxnet virus, Iran ultimately benefitted and was able to leverage what it learned benefit from the attacks since it has the source code of the virus, which it could possibly use later against other nations if it wanted. In August 2012, more than 30,000 computers at Saudi Aramco were targeted by a virus similar to Wiper that caused a massive DDOS (distributed denial of service) attack that caused the systems to be inoperable for 10 days. Labelled Shamoon "wiper" virus, the attack—using an approach vector similar to Stuxnet & Wiper, Iran is thought of as being the culprit behind the attack on their long-time nemesis—Saudi Arabia. Former NSA boss General Keith Alexander claimed that the attacks on Middle Eastern energy company Saudi Aramco were, "a wake-up call for everybody". 33 During March 2013, South Korean computer networks running three major South Korean banks and two of the country's largest broadcasters were attacked, causing disruptions in that nation's financial and media industries. Dubbed DarkSeoul, the attack is thought to have come from North Korea, with training by China, although no corroboration has been proved. 34 70