The word “cyberwar” comes up quite a lot.
We’ve written about it – the use of the word, that is, not the topic to which it claims to refer – on many occasions.
We don’t much like the word, not least because it gives the impression that the average cyberthreat, such as ransomware that extorts $300, or botnets that can send millions of spams a week from every infected zombie under their control, are somehow unimportant.
The word cyberwar also gives the impression that even large-scale cyberintrusions are, in comparison, unimportant.
But intrusions unrelated to warfare, or nation-states, or cybertroops, include many attacks with far-reaching side-effects, for example: Target’s infamous cash register breach, where 40,000,000 credit card numbers were stolen over several weeks; and the repeated thefts of personal information in South Korea that are already said to have affected 40 million of the country’s 50 million people.
Another problem with the word cyberwar is that once you’ve accustomed your readers to it, you need to find more and more cyberincidents (for want of a better word) that you can describe as “war” rather than merely as intrusions, or malware infections, or hacks, or breaches.
A recent example is the Ukrainian power utility that suffered an outage around 25 December 2015 (which is not Christmas Day in Ukraine, so these were not “Christmas attacks,” whatever you may have read) due to some sort of cyberattack.
We’re still not sure quite who was involved, or why; we’re not sure whether the hackers actually used malware to trigger an outage, or whether the malware found afterwards was merely a symptom of security problems that allowed the outage to happen.
Nevertheless, we’re hearing the C-word applied to that power outage – even though it was geographically quite limited and fairly brief – as though a power outage were inevitably more serious than tens of millions of leaked passwords or stolen identities.
So, if you are cynical of the word cyberwar, as we are, and you enjoy the occasional piece of amusing satire, you’ll love the cute-rodent-of-the-week meme: Cyber Squirrel 1.
This website is a tongue-in-cheek comparison of infrastructure outages known to have been caused by animals, notably squirrels, and those that the site claims can officially be considered nation-state attacks on critical infrastructure.
According to @CyberSquirrel1, the score currently sits at Squirrels 623, USA 1.
(You can probably guess what the 1 refers to. It’s not known whether this attack actually succeeded, or ended up being a handy excuse for Iran’s failed centrifuges, but that doesn’t matter now…the 1, of course, is the Stuxnet virus.)
On a clickable CyberSquirrel map, you can find all sorts of rogue-animal outages, from A to Z.
There’s the Australian eagle that cut off electricity to 2000 households in Western Australia by dropping a sheep’s head onto a power pole, all the way to the Zimbabwean baboons that chewed through transmission cables and knocked local radio station YA FM off the air for two hours, costing it $1200 in ads that couldn’t go to air.
You couldn’t make this stuff up!
The bottom line: we don’t need the C-word to take cybersecurity seriously.
If you’re looking for a few simple things that you can do to get the upper hand on cybercrooks in 2016, why not take a look through the Advent Tips we published to round off 2015?
After all, cybersecurity should be part of your digital life, not just for Christmas.
ejhonda
Anytime a cyber squirrel warrior completes a circuit without an outage, I’d rack that up as a chalk mark in the “USA” column.
Paul Ducklin
Bzzzzzzzzzzt. More like charcoal than chalk :-)
jandoggen
Off topic: Your RSS (header) links consistently kill my RSSOwl 2.2.0 RSS reader, example link for this post: http feedproxy.google.com/~r/nakedsecurity/~s/GmKBLNQZ.vDo/. RRSOwl shows the header and the extract, but if I click such a header link to load the entire article, it bombs. This goes back to my oldest link of 13 Nov. I have several other RSS feeds running over feedproxy.google.com that do not have this issue. RSSOwl is set to use its embedded browser. If I set it to use my default Firefox browser externally, there is no issue.
Mark Stockley
Hi, thanks for letting us know.
Jim
Cyberwar is definitely overused. However, in the Ukrainian incident, it is entirely possible that it really was an act of war. But, barring actual evidence of that, I agree that it shouldn’t be used, even in that instance.
Laurence Marks
The squirrel excuse is used far too often. We had a midnight power outage a few decades back caused by a power-transformer failure.that the power company insisted was due to a squirrel. Squirrels are diurnal; they wouldn’t be awake at midnight.
The power company didn’t want to own up to the fact that we had called them three days earlier reporting that during a windstorm branches were contacting the 440-volt, three-phase secondary output and causing a lot of arcing. This had caused internal transformer damage resulting in the subsequent explosion.
Have you ever seen one of these go? They’re quite dramatic. The top blows off the garbage-can-sized, pole-mounted, oil-filled transformer. Gobs of white-hot metal shoot out the top, followed by smoky, orange flames of burning oil. Then the bottom of the can burns through and flaming oil flows down the pole, puddling at the bottom and starting the pole afire. Before long the entire pole is ablaze. Before long the Fire Department arrives, but they do nothing, unwilling to put water on the 7200 volt primary power lines. Eventually the power company arrives and shuts down primary power, but not until the telephone lines and cable TV cable on the same pole have burned through. It took three or four days to reconstruct. The poor telephone lineman had to splice a 480-pair cable!
Paul Ducklin
I think that sort of commotion would have woken the squirrels, diurnal or not :-) Anyway, my research [*] tells me squirrels are crepuscular, which means that they do a bit of night-shift work.
[*] Wikipedia.
Jim
Crepuscular means twilight times. Except in the land of the midnight twilight (northern Canada in the Northern hemisphere, or maybe southern Chile in the Southern hemisphere, for example), squirrels really do knock off before midnight.
Paul Ducklin
Civil, nautical or astronomical twilight? (Even at Sophos UK, which is about 51N, astronomical twilight never ends in the summer months, so it is never *strictly* dark.)
Jim
:)
jimvs
Eh, more like dawn to dusk with a nap in the middle of the day. They can’t see in the dark much better than we can, but they can see well enough in dim light to find their nuts.
rhkennerly (@rhkennerly)
On Guam it’s brown tree snakes. https://en.m.wikipedia.org/wiki/Brown_tree_snake Anything that long bridges the gap 100% of the time.
Tom
We had an outage about 20 years ago blamed on a squirrel, but I never saw the remains, so charcoal this one as potentially.
John
What about the undersea cables attacked by sharks? :) They are missing from the chart. http://www.wired.com/2014/08/shark_cable/
Paul Ducklin
Errrrr, mamals and birds only, I think. If you’ve got any evidence against Cyberdolphin 2 Unit, bring it on. But dolphins are smarter than the rest, so you migth struggle for proof.