Occasionally, cyber attacks make the news: on August 6, 2009, Twitter was disrupted by a denial of service attack as a Georgian blogger known as Cyxymu was targeted; only a few months earlier, another denial of service attack, thought to have originated in North Korea, disrupted U.S. and South Korean government sites. In 2005 and then again in 2007, Brazilian power grid was disrupted by unknown parties. And when they do, these events spark public interest and attention from legislators, both of which quickly fade, however. But those large scale events belie the constancy of dangers posed: threats do not go away simply because media attention shifts —i n fact, they grow when the spotlight is turned off. But neglect and a lack of understanding of the threats creates enormous vulnerabilities.
Large scale instances of theft of personal information do not just go away — data on millions of Americans can be used by bad actors in cyberspace to register domains for terrorist sites and other forms of identity theft, all without the knowledge of the victim, until the unwitting individual is arrested. Malware surreptitiously installed on a user's machine can turn the computer into zombie server of malicious code, not only infecting other machines, but also serving virtually anything that the botnet controller wishes to place on it.
If this book will scare you into turning off your modem, then Jeffrey Carr's purpose in writing Inside Cyber Warfare: Mapping the Cyber Underworld will be accomplished. Carr wants shine light at the problem and to raise the level of awareness of these threats, making the book, which is really more like a text book than a journalistic account, ideal reading for anyone interested in policy-making and those starting out in cyber security.
The cyber world provides numerous opportunities for sharing information and networking, but it also offers an ideal space for virtually undetectable espionage and criminal activities. It is the ultimate force multiplier: a cyberspy can engage in espionage, information gathering and even attacks and escape without detection; a single person, therefore, who is highly skilled can have a tremendous impact. Though some believe that cyber crime and cyber warfare are unrelated, it is often the case that cyber crime serves as a training ground for cyber warfare and espionage activities as both activities use many of the same methods and practices.
But tracking bad actors in cyber space and responding to acts of cyber warfare are difficult: what happens when a country is being attacked from a platform that sits within its own borders, as was the case with the Korean DdoS of July 2009? And the mere fact that a network in one country is used in an attack on another does not prove that the host country had anything to do with the attack: in 2008 servers located in Texas were used to attack Georgia websites. Explanations are unclear.