Written By: Noah Gamer
On March 20, 2013, a piece of "wiper" malware designed to destroy data on hard drives and make them impossible to reboot, was launched against three South Korean media organizations and four banks. The virus, which the U.S. Computer Emergency Readiness Team (US-CERT) called "low sophistication—high damage" was designed specifically to disable two types of South Korean antivirus engines.
The wiper, which has come to be known as "DarkSeoul," poses little threat to U.S. computers. It does, however, reinforce the importance of purchasing and regularly updating virus protection software. It also shows how concerned officials are about the threat of an international cyber war.
Mysterious Origins of DarkSeoul
DarkSeoul was delivered to South Korean banks through e-mails that were said to contain credit card information about two weeks before the virus actually started to function. Instead of downloading credit card numbers, recipients downloaded the wiper virus, which became active at 2 p.m. KST on March 20.
On more than 30,000 computer screens, a message appeared: "Please install an operating system on your hard disk." Some media outlets reported that a graphic of three skulls popped up onscreen along with the words, "Hacked by Whois Team." Then cash machines stopped operating. Master boot records were deleted from the affected hard drives, and the computers could not be rebooted.
Some have speculated that DarkSeoul came from a North Korean cyber-crime laboratory, but no real evidence has linked the wiper back to Seoul's northern neighbor. However, because many experts agree that North Korea does have the ability to construct and deploy cyber attacks, the incident has raised fears of just how much damage a cyber war could cause throughout the world.
The Tallinn Manual
Coincidentally, just a few days before DarkSeoul was deployed, NATO released a manual called "The Tallinn Manual on the International Law Applicable to Cyber Warfare." The manual is designed to provide international legal guidance on how countries can respond to a cyber attack. However, critics argue that the document gives countries the legal ability to respond to computer virus attacks by shooting missiles.
How bad does a cyber attack have to be before a nation can mount an armed counterattack? Two years ago, the U.S. Department of Defense said that a cyber attack that shut down the U.S. electrical grid would warrant a missile launch in response. The Tallinn Manual says that attacks that cause physical or personal damage can warrant a military response, but U.S. military lawyers have argued that an attack that caused catastrophic financial losses, such as an attack that disabled Wall Street, could also warrant a military counterattack. The manual ultimately said that each country can individually decide the threshold of economic damage that would be sufficient to start a war.
This interpretation could cause problems for the U.S., which has its own cyber warfare program. The Stuxnet virus, which was launched by the U.S. in conjunction with Israelis against Iran's Natanz nuclear reprocessing plant, could have been interpreted by Iran, according to the Tallinn Manual, as an act of war. Also, the Tallinn Manual gives countries leeway to launch preemptive strikes if they find that a cyber attack is "imminent." Considering all of these possibilities, it's easy to see how a cyber attack could easily precipitate a dangerous armed conflict.
The Potential for Cyber Damage
CIA Director Leon Panetta described the potential damage that a cyber war could inflict as a "Cyber Pearl Harbor," according to ABC news. Prolonged power outages, power grid collapse and irreparable Internet disruptions could hinder food shipments as well as keep machines from dispensing cash. Other cyber specialists fear that hackers could figure out a way to open American dams, releasing devastating walls of water into American communities.
US-CERT advises all users and administrators who control critical infrastructure and key resources in the U.S. to assume that an attack will eventually occur against their enterprises. These organizations should develop resilient network models designed both to minimize damage and restore critical systems as quickly as possible. Even small businesses need to make sure their antivirus and security solutions are up-do-date. In today's world, the possibility of a cyber attack is not so much a question of if, but when.
About the Author: Noah Gamer is a driven business leader with experience in Internet marketing, Web software development and security software. Currently, he develops Internet strategy and directs global SEO for Trend Micro.