Cyberweapon
A cyberweapon is defined as any malware or malicious computer code designed to steal sensitive data or inflict harm on a large scale. These digital tools can disrupt critical infrastructure, such as energy systems and healthcare, and have become increasingly prominent in both military and cyber defense strategies. The development of cyberweapons is a global phenomenon, with estimates suggesting that around 120 countries are actively creating these tools. Their usage has evolved from chaos-inducing viruses in the early days of the Internet to sophisticated attacks with strategic objectives, such as the Stuxnet and NotPetya incidents.
Cyberweapons can be categorized as offensive, defensive, or dual-use, depending on their intended purpose. They operate through various modes of action, including file destruction, espionage, and physical sabotage. Despite their efficacy, cyberweapons have limitations, including short lifespans and the potential for unintended consequences. State actors find them appealing due to the plausible deniability they offer, allowing nations to engage in hostile actions while denying direct involvement. As the complexity of cyber threats continues to grow, the integration of cyberweapons alongside traditional military tactics may reshape the landscape of national defense and international relations.
On this Page
Cyberweapon
In cybersecurity and national defense, a cyberweapon is broadly defined as any type of malware or malicious computer code capable of stealing highly valuable or sensitive data or causing harm or disruption on a mass scale. Narrower definitions describe cyberweapons as computer code specifically designed to cause or threaten physical, mental, economic, or functional harm to structures, institutions, systems, or living beings, especially by targeting critical infrastructure or the data it contains to impede, alter, or interrupt its normal operating capacity.
Cyberweapons are an area of increasing military focus, as they can be used in coordination with more conventional tactics to achieve a broader range of potential objectives regarding attacking, neutralizing, or disadvantaging an adversary. Experts estimate that at least one hundred twenty countries are actively developing cyberweapons. According to the National Cyber Power Index 2022, published by the Belfer Center for Science and International Affairs at Harvard University, the ten countries with the most advanced cyber capabilities include the United States, China, Russia, the United Kingdom, Australia, the Netherlands, South Korea, Vietnam, France, and Iran.
Brief History
The early years of the commercial Internet were marked by multiple examples of viruses and other forms of malware that circulated on a mass scale and inflicted major economic damage. One such incident, which is often described as the worst computer virus attack in Internet history, occurred in 2004 and involved malware known as Mydoom. The Mydoom worm infected email systems, using email as a platform for spreading itself and linking infected computers to a centralized network used to carry out distributed denial of service (DDoS) cyberattacks. At its peak, the Mydoom worm was responsible for an estimated 25 percent of all email sent worldwide, and analysts have placed its financial toll at thirty-eight billion dollars, or about fifty-four billion dollars when adjusted for inflation into 2020 dollars.
While this style of attack was common during the initial stages of Internet history, the people responsible for such attacks often lacked tangible goals or objectives beyond causing chaos. As the 2000s continued, both state and non-state actors began to recognize the growing potential and possible strategic utility of cyberweapons as repositories of sensitive, classified, and valuable information became increasingly digitized, and as critical infrastructure systems such as electrical grids and energy pipelines migrated online at accelerating rates.
Observers often cite the 2010 Stuxnet incident as the first example of a cyberweapon being deployed with the specific intent of causing physical damage. Stuxnet, which is believed to have been developed through the cooperative efforts of the United States and Israel, targeted an Iranian nuclear facility with the objective of exploiting previously undetected loopholes in the Windows operating system to disable multiple nuclear systems. The worm is reported to have rendered up to one-fifth of Iran’s nuclear centrifuges inoperable, thus seriously disrupting the country’s suspected ongoing effort to develop nuclear weapons.
In March 2014, Russia launched a massive DDoS attack in Ukraine, which had the effect of disabling Internet access across Ukraine as Russian-backed rebels were engaged in an active military effort to take control of the Crimean Peninsula, which was Ukrainian territory at the time. Analysts state that the attack was at least thirty-two times more powerful than the largest-known DDOS attack in Internet history to that point. Two months later, suspected Russian cyber operatives launched another targeted cyberattack on online Ukrainian election infrastructure as the country’s voters prepared to cast their ballots in a presidential election.
The NotPetya incident, which began in June 2017, has been described as the first large-scale example of ransomware being used as a cyberweapon. Originating from within Ukraine, the NotPetya ransomware quickly established a global footprint. It was disguised as ransomware, which is a type of malware in which cyberattackers seize a network, a computer, or digital files before attempting to extort the owner into paying a ransom to secure the safe release of their property. However, NotPetya’s actual goal was to destroy infected files. It caused damages estimated at approximately ten-billion dollars, with a 2018 assessment by the United Kingdom’s National Cyber Security Center concluding that the incident was almost certainly the work of the Russian military.
In May 2021, a coordinated ransomware attack infected some of the online systems used by Colonial Pipeline to distribute oil from refineries to consumer markets. The attack shut down multiple oil pipelines for several days, resulting in localized energy and gasoline shortages. At the time, the Colonial Pipeline incident was the largest cyberattack on US critical infrastructure ever disclosed to the public, with the event highlighting the growing capabilities of non-state actors to engage in the development and use of cyberweapons. A hacking collective known as DarkSide claimed responsibility for the attack and succeeded in extorting payments from Colonial Pipeline to secure the release of affected digital assets.
The Real Estate Wealth Network experienced a massive data leak in December 2023, giving thieves access to 1.5 billion records. The database contained information about millions of properties, such as the owner's name, address, phone number, and email address, property history, bankruptcy, tax liens, foreclosures, and court judgments. Included among the millions of property owners were celebrities such as Kylie Jenner, Britney Spears, and Nancy Pelosi. Having access to such information could lead to phishing attacks and identity theft. The Real Estate Wealth Network acted quickly to secure the database and notify authorities and property owners of the breach.
Topic Today
Experts use varying systems to classify cyberweapons and their capabilities. One model categorizes cyberweapons according to their purpose, grouping them as offensive, defensive, and dual-use cyberweapons. Offensive cyberweapons are used to initiate attacks intended to cause harm or damage on a mass scale, while defensive cyberweapons are exclusively reserved for preventing or responding to such attacks. Dual-use weapons have both offensive and defensive capabilities.
An alternative model describes cyberweapons in terms of their capabilities across four key areas, including precision, intrusion, visibility, and ease of implementation. The precision factor relates to a cyberweapon’s ability to target a specific system or asset or carry out a single objective. Cyberweapons with higher levels of precision reduce or eliminate collateral damage to unrelated systems or assets, with those with lower levels of precision have a greater likelihood of spreading beyond their intended target(s).
Intrusion describes the level to which the weapon can penetrate its intended target. More intrusive cyberweapons have greater potential to cause damage but are also more readily detectable. Less intrusive cyberweapons tend to have lower ceilings with respect to damage potential but are also more likely to remain undetected for longer periods of time. The concept of intrusion is closely related to visibility, which exclusively considers the cyberweapon’s ability to evade cybersecurity defenses. Cyberweapons with high levels of intrusion but low levels of visibility are considered particularly difficult to develop but have a highly desirable utility profile.
Ease of implementation considers cyberweapons in the context of the resources required to develop them. Resource-intensive cyberweapons are more likely to offer appealing capabilities but carry significant risks. They could potentially be neutralized by adversaries, resulting in the loss of the financial, human, and digital resources that were committed to the weapon’s development. Less resource-intensive weapons have considerable appeal but often carry limited utility or functionality compared to their more elaborate counterparts.
Cyberweapons take many forms, but most harness principles similar to those used by hackers and other malicious actors when creating computer worms, viruses, trojans, spyware, and other forms of malware. Cyberweapons attack targets using three main modes of action: destroying targeted files or systems; conducting espionage and collecting information; and carrying out acts of physical sabotage. The Pegasus spyware platform, described in a 2022 New York Times article as the most powerful cyberweapon in the world, is an information-collecting system reportedly capable of decoding encrypted communications sent or received by virtually any iOS- or Android-powered smartphone.
Experts note that cyberweapons are particularly appealing to state actors because they offer plausible deniability, a term used in political science and diplomacy to describe a situation in which a government or its senior members can credibly deny knowledge of or involvement in a hostile act. For example, a country’s political leadership might claim that a particular cyberattack was perpetrated by a rogue actor or underground hacking group when it was really carried out by military or intelligence assets. Plausible deniability allows countries to carry out overtly hostile acts on rivals or adversaries while also shielding themselves from accountability or direct retaliation. Cybersecurity and cyberwarfare experts also note that cyberweapons are increasingly being used as a supplementary or an adjunct tool alongside conventional military capabilities. In these contexts, cyberweapons can be used to disable or disrupt an adversary’s defenses or critical infrastructure, facilitate stealth and quick-strike attacks, and gain intelligence about an opponent’s capabilities prior to launching wider attacks.
Common cyberweapon targets include electronic and online national defense and military systems, hospitals, and the digital infrastructure controlling water supplies, electricity management systems, industrial symptoms, and transportation systems. Despite their destructive capabilities, cyberweapons also display significant limitations. They inherently have limited lifespans, as they are always designed to exploit specific weaknesses or vulnerabilities that can be remedied once they have been identified. Upon using cyberweapons, perpetrators may provide their targets with the information needed to reverse-engineer similar weapons for potential retaliatory use. State actors may also be reluctant to use certain particularly unpredictable cyberweapons, as these weapons may carry a risk of inflicting unintended damage on the host country’s systems and online assets.
Bibliography
Bergman, Ronen and Mark Mazzetti. “The Battle for the World's Most Powerful Cyberweapon.” New York Times,31 Jan. 2022, www.nytimes.com/2022/01/28/magazine/nso-group-israel-spyware.html. Accessed 16 Mar. 2023.
“Cyber Weapon.” Australian Cyber Security Institute,www.cyber.gov.au/acsc/view-all-content/glossary/cyber-weapon. Accessed 16 Mar. 2023.
Fowler, Jeremiah. "1.5 Billion Records Leaked in Real Estate Wealth Network Data Breach." Security Info Watch, 26 Dec. 2023, www.securityinfowatch.com/cybersecurity/article/53081265/15-billion-records-leaked-in-real-estate-wealth-network-data-breach. Accessed 13 Nov. 2024.
Gerencer, Tom. “The Top 10 Worst Computer Viruses in History.” Hewlett-Packard,4 Nov. 2020, www.hp.com/us-en/shop/tech-takes/top-ten-worst-computer-viruses-in-history. Accessed 16 Mar. 2023.
Halpern, Sue. “How Cyber Weapons Are Changing the Landscape of Modern Warfare.” New Yorker,18 July 2019, www.newyorker.com/tech/annals-of-technology/how-cyber-weapons-are-changing-the-landscape-of-modern-warfare. Accessed 16 Mar. 2023.
Kumar, Davinder. “Cyber Weapons—The New Weapons of Mass Destruction.” United Service Institution of India,2013, usiofindia.org/publication/usi-journal/cyber-weapons-the-new-weapons-of-mass-destruction/. Accessed 16 Mar. 2023.
Orr, Trystan. “A Brief History of Cyberwarfare.” GRA Quantum,1 Nov. 2018, graquantum.com/a-brief-history-of-cyberwarfare/. Accessed 16 Mar. 2023.
Van Wie Davis, Elizabeth. Cyberwar Policy in the United States, Russia, and China.Rowman & Littlefield, 2021.
Voo, Julia, Irfan Hemani, and Daniel Cassidy. “National Cyber Power Index 2022.” Belfer Center for Science and International Affairs,Sept. 2022, www.belfercenter.org/sites/default/files/files/publication/CyberProject‗National%20Cyber%20Power%20Index%202022‗v3‗220922.pdf. Accessed 16 Mar. 2023.