At what point does a cyber-attack become an act of war?
My question is prompted by this week’s news that a highly sophisticated malware program called Mask has spent the last six years stealing valuable intelligence from supposedly secure government and diplomatic computers around the world.
Researchers are certain that Mask itself was produced by a government. Intrusions by one country into the networks of another have become so common that it’s reasonable to wonder whether all this cyberwarfare is warfare. The time to think about this is now, when these battles are still in their adolescence. Because how we fire back will depend in part on whether we think we’re at war.
Russia’s Kaspersky Labs, which discovered Mask, calls it more sophisticated than Flame, previously considered the gold standard in cyber-espionage. (All the world believes that the United States and Israel jointly developed Flame, along with its earlier cousins Stuxnet and Duqu, in order to attack the Iranian nuclear program, and perhaps other Middle Eastern targets as well.) Mask, like Flame, is principally a surveillance program. It steals files and keystrokes and encryption keys, and it was designed to operate for a long time undetected.
So are most malware programs, of course. Mask, however, is in a class of its own; Kaspersky’s detailed report uses adjectives such as “special” and “elite” in describing its capabilities. The most interesting aspect of the program, also known as Careto, may be its ability to target files with unknown extensions. These, Kaspersky suggests, “could be related to custom military/government-level encryption tools.”
Actually, that is a relatively benign possibility. These files could also hold the data for surveillance satellites — or details of presidential security.
Such grim possibilities help explain why the U.S. has ramped up its ability to engage in both offensive and defensive cyber-operations. According to the Washington Post, President Barack Obama has issued a top-secret directive ordering the creation of the means to undertake cyber-attacks in any part of the world “with little or no warning to the adversary.”