On February 11, the Washington Post reported that a forthcoming National Intelligence Estimate has concluded that the United States is the target of "massive, sustained" cyber-espionage campaigns that threaten its economic future.
The new NIE has not been publically released, so it is not clear specifically which attacks or threats it documents, but the most visible recent attack comes from a cyber-militia labeling itself Iz a-Din al-Qassam Cyber Fighters. In September of last year, this group announced that it had launched an attack on a collection of U.S. banks in retaliation for the "Innocence of the Muslims" (the video that ignited violent protests across the Middle East on September 11, 2012). Al-Qassam's attack is one of the largest and most persistent distributed denial of service (DDOS) attacks on record, dwarfing the 2007 Russian cyber-militia attack that crippled Estonia. Authorities have described al-Qassam's capabilities as military-grade and speculated about the organization's ability to disrupt the already ailing U.S. economy. This month, after nearly six months of persistent attacks, cybersecurity experts have largely concluded that al-Qassam is a front organization created to screen an Iranian cyberassault on the U.S. financial system.
Whether or not the new NIE references the al-Qassam-Iran campaign, the attack is representative of a technique countries are increasingly using to strike at the United States and other countries -- one that has so far proven nearly impossible to defend against or deter. The stratagem involves surreptitiously building autonomous citizen hacker groups and using them to deflect responsibility for attacks originating directly or indirectly from the state sponsor. While it may seem implausible that this simple technique would work, over the last decade states have regularly used it to shield a variety of aggressive acts from legal or diplomatic reprisal, and it is becoming clear that this approach to cyberwarfare is harming the U.S. economy just as the Post reported.
Although seldom discussed, state use of cyber-militias has become a significant dynamic in international relations. As the cyber revolution has matured, cyber-militias have become the key to the most lucrative piratical strategy in history. Over the last decade, a large proportion of global commerce and military infrastructure has moved into cyberspace. Commercially, the developed world has transferred a large proportion of its physical industry offshore and refocused on developing intellectual property, almost all of which is stored online; at the same time, financial transfers have moved from paper to computer networks. Militarily, the plans for major weapon systems are developed on computers, and when fielded, the weapons are controlled by chips linked directly or indirectly to cyberspace. Strategically, electric grids, gas pipelines and other critical infrastructures are now controlled from cyberspace. In recent years, states that have been able to tap into this cyber trove have substantially improved their financial and military positions.
As states have attempted to seize and manipulate the wealth and weapons stored online, the reason so many have turned to cyber-militias is that they muddle attribution. The basic problem for countries hoping to use cyberweapons for profit and influence is the same one that prevents them from using conventional weapons: Other states frown on nations that use force or fraud against their neighbors. While it is more difficult to determine the source of a cyber-raid than a conventional attack, attribution is often still possible. Even when victims cannot trace attacks using cyber-forensics, there is a good chance they can do so using more traditional methods. For states hoping to steal or destroy their opponents' online property, attribution creates a bothersome deterrent. Indeed, there are few acknowledged cases of state-backed cyber-raids against other countries.