I’ve always been fascinated by Hollywood movies depicting elite hackers getting into restricted government systems, stealing data, and causing chaos. But this is not fiction anymore. There’s a whole phenomenon that exists beyond the world of ‘hacking’, and when executed in a planned and co-ordinated manner, can be termed as ‘cyber warfare’, that is, a war in the cyberspace.

When we talk of warfare, the first image that comes to mind is a conventional war, fought by an army equipped with conventional weapons and tactics, causing physical damage and loss. However, in the case of cyber warfare, there could be a single person or a team deployed with the intent of affecting the cyberspace of a country. Such individuals would then embark upon defacing government websites, stealing private and financial data and trying to cause as much damage as possible within the shortest amount of time. As we become more reliant upon computers for our daily work, we become more vulnerable to attacks originating from cyber-space. Computers are insecure, even in the presence of high-end security systems, and governments must ensure that their data is secure. According to a 2007 report by McAfee, over 120 countries were in the process of practicing government-sponsored cyber espionage against other countries.

Cyber warfare can be conducted in several forms. It can be a cyber-breach/espionage, in which the attackers can gain access to sensitive and confidential information. This can be achieved by a hacker who is daring enough to break into the government’s systems, or by a specialised and dedicated team deployed by a country. If the impact of the attack is severe enough to affect the common man; it is termed as cyber terrorism. Such an attack can be made on the financial market, aviation industry, power plants etcetera.

Putting things into a realistic perspective, there have been several cases so far, even involving our own country. In late 2010, a group of hackers by the name of ‘Indian Cyber Army’ hacked over 36 Pakistani government websites, including Pak Army, Ministry of Foreign Affairs, etcetera. As a retaliation, a group named ‘Pakistan Cyber Army’ hacked India’s Central Bureau of Investigation (CBI) website. This is not the first time these two countries have indulged in skirmishes in the realm of cyber-warfare – it has been going on for a while now. A famous incident of cyber warfare was witnessed in 2010, when Iran’s cyberspace was infected with the American ‘Stuxnet’; it targeted the control systems used in Iran’s industrial sector, including (nuclear) power generation. It was termed as the first cyber super weapon.

A further development of the ‘Stuxnet’ cyber-weapon was ‘Flame’. It is a modular malware discovered in 2012, targeting computers running Microsoft Windows OS. The program is being used in a cyber espionage campaign targeting the Middle East. Kaspersky Lab called it ‘the most complex malware ever found’. It can spread to other systems via a local network or a USB stick. ‘Flame’ is capable of recording video via webcam, audio, screenshots, keyboard activity and even Skype conversations. It can turn infected computers into Bluetooth beacons, which can attempt to download information from Bluetooth devices nearby. Once information is collected, it is sent to any one of the several command and control servers spread throughout the world. Iran was once again the main target of the aforementioned cyber-weapon. In previous years, we have witnessed an increase in the frequency of cyber attacks targeting Iran, unfortunately, it all ties in with the current geo-political climate of the region.

The US has also been a victim of cyber terrorism, as DDoS (Distributed Denial of Service) attacks were carried out against several governmental websites of the United States and South Korea. And just recently, the infamous hacker group ‘Anonymous’ has been quite active in the cyber warfare scene. For instance, they recently declared a cyber war against North Korea and actually succeeded in hacking into their cyberspace.

In order to identify these hacking attempts as crimes, we need laws, rules, and policies. There are a number of laws and acts in the US which identify a cyber crime, and define the basis of prosecution for anyone indulging in such activity. The most noteworthy is CFAA, the Computer Fraud and Abuse Act. It defines what a protected computer is, and what is meant by invading or breaking into computers, including government computers, and what types of cyber crimes are there and the penalties for violation of the rules of this act. Aaron Schwartz was charged under the same act, a rather famous case in internet history; his crime was mass-downloading articles from JSTOR. Aaron committed suicide while he was under trial.

Today, the US considers cyber warfare as a threat larger than terrorism. Every real-world incident calls for added online security, as there have been incidents in which cyber attacks were followed by an actual dispute. A cyber attack might be difficult to carry out, but once executed successfully, the consequences are distressing. Countries are not sitting idle, and have upped their security systems and protocols. They have set up ‘cyber counterintelligence’ or countermeasures, which can be used as a warning and prevention system against cyber attacks. The US started carrying out reviews of the federal government’s cyber security plans in 2009, keeping in view the increasing risks of cyber attacks. A bill was also proposed, which gives the government the right to shut down the internet in case cyber protection is required on a massive scale. That’s an example of how powerful cyber warfare prevention countermeasures could be.