Is there a working mini militia hack

Federal Army

Cyber ​​war, a modern form of threat

In technologically highly developed societies, it is sufficient to bring the control centers of the energy supply, telecommunications, administration or logistics under control or to disable their functionality in order to suddenly and completely destabilize and paralyze a state. Cyber ​​war is the targeted attack on opposing computer systems with specially created malware.

The rapid development of computer technology over the past ten to 15 years has made it possible to build well-functioning and highly complex systems. Today there is almost nothing left that is not controlled in some form from microchips to large computer systems. As beneficial as this technology is, it makes a modern state vulnerable. This high level of vulnerability applies particularly to high-tech societies with closely networked systems.

Power grid out of control

Under this title, the newspaper "Die Presse" read on May 8, 2013: "Hacker attack or software error? A computer breakdown paralyzed the control system of the domestic power grid over the weekend - and nobody noticed." Eight days later, the media reported that the cause of the problem, which had persisted for several days, was neither a hacker attack nor a software error. Rather, it was a routine query of the meter readings of all components of a regional gas pipeline network in Bavaria. For reasons not explained in more detail, this "query to all" jumped over to the Austrian control network of the domestic power supply. The effect was an uncontrollable deluge of data streams. Similar to a "Distributed Denial of Service" attack (DDoS), this led to a temporary paralysis of the control center of the Austrian Power Grid (APG). The task of this company is to ensure that the sensitive balance in the power grid is maintained. The danger of a complete breakdown of the power grid was real, but could be averted by the emergency teams deployed in the power stations and substations.

On the one hand, this incident shows the greatly increased vulnerability of our highly networked systems and their endangerment through completely unpredictable events. On the other hand, the mention of a hacker attack as a possible cause demonstrates that this type of threat, real and serious for a high-tech society, is slowly but surely finding its way into public risk awareness. Security experts have been warning of such scenarios for years. At present, however, a broad knowledge of these potential dangers is not yet everywhere to the necessary extent.

"The war is the continuation of politics by other means"

When Carl von Clausewitz wrote this sentence almost 200 years ago, he could only think of conventional military means in his world at that time. In a nutshell, the offensive deployment of an army was always about destroying the ruling power in a foreign territory in order to then rebuild a new power according to one's own political ideas. To this day, nothing has changed, except that, analogous to the development of military means, not only the opposing power, but to an increasing extent also the area to be conquered was destroyed. This was and is accepted in the consistent pursuit of the political goals.

If until now the use of military means was primarily necessary for penetrating into enemy territory in order to bring the key points of a political and economic system under control or to destroy them, this is no longer necessary today. At least not to the same extent as before. Above all, the physical destruction of key points is not required.

Conventional military means are no longer necessary in order to gain control over key points of a political and economic system - as it also exists in Austria. There are electronic means that can be used extremely efficiently, silently and completely surprisingly. They have the advantage that they leave the opposing infrastructure - i.e. the hardware - largely undamaged, which can thus be used to ultimately achieve the political intentions.

Cyber ​​war

Cyber ​​war has nothing to do with science fiction. Cyber ​​war is the targeted attack on opposing computer systems with specially created computer viruses and special malware. The Taiwanese army has z. B. In July 2000 a troop maneuver under the code name "Han Guang" was carried out. It was assumed that China is launching a cyber attack on civilian and military computers in preparation for taking power in Taiwan. Both the defense of such attacks and the implementation of counter-attacks with computer viruses were trained.

Cyber ​​war - a new form of threat

This form of threat is by no means new. The "Joint Doctrine for Information Operations" of the US armed forces of October 9, 1998 has been downloadable from the Internet for more than ten years (see There the operational principles for attacks with cyber weapons and for defense against them are laid down. At that time the term "Information Operations" (IO) was still used, but nothing has changed in the content of the term "cyber war", which is common today.

In his foreword to the "Joint Doctrine for Information Operations", General Henry H. Shelton attaches the same importance to cyber weapons as to conventional weapon systems and other conventional means of waging war:

Joint Doctrine for Information Operations

"Joint Doctrine for Information Operations, represents a significant milestone in defining how joint forces use Information Operations (IO) to support our national military strategy. Our ability to conduct peacetime theater engagement, to forestall or prevent crisis and conflict, and to fight and win is critically dependent on effective IO at all levels of war and across the range of military operations. " The text passage in Chapter II / 2 on page II-8 is also very informative:

IO Conducted During Peacetime

"Offensive IO-related plans with their associated capabilities may be employed in peacetime to promote peace, deter crisis, control crisis escalation, or protect power. The employment of offensive capabilities in these circumstances may require National Command Authorities (NCA) approval with support, coordination, deconfliction, cooperation, and / or participation by other United States Government (USG) departments and agencies. Military offensive IO must be integrated with other USG IO efforts to maximize synergy, to enable capabilities and activities when needed, and to prevent confusion and fratricide. To integrate offensive efforts, desired objectives should be determined and measures of IO success should be established. " The use of cyber war resources is not limited to the conflict itself. These funds are already used in peacetime and increasingly in the crisis that precedes a conflict.

In addition to military objectives and leadership, the civil infrastructure is clearly one of the primary targets of attack. A surprisingly and resolutely presented, targeted attack at this level can abruptly cut a society off from the supply of essential goods (food, water, energy, medicines, etc.) and the state power to guarantee protection and help as well as to maintain order and security turn off completely.

One has to assume that other powers besides the USA also have similar means at their disposal and use them to pursue their goals if necessary. Organizations with dubious intentions may also have plans and tools in place. These can be extremist political or religious groups as well as criminal organizations. In the latter case, the transition to cyber crime is fluid, although states can also be the target of cyber attacks for the purpose of blackmail. This puts you in the realm of the asymmetrical threat and terrorism.

In the US administration, but also among the governments of Europe and Asia, fear of a cyber war or terrorist attack is rampant in virtual space.

Richard Clarke, Internet security expert under US President George W. Bush, warned against an "electronic Pearl Harbor" years ago; In early 2009, UN Secretary General Ban Ki-moon proposed adding cyber weapons to the list of weapons of mass destruction.

Cyber ​​war characteristics

The geographic distance between the attack base and the target does not matter. The main "mode of transport" for cyber weapons is the Internet.

While there were only 16 million Internet users worldwide in 1995, by the end of 2012 there were 2.5 billion. The increase is rapid. In March 2013, around 39 percent of the world's population (2.7 billion) had an Internet connection. A cyber attack always occurs without warning. No secret service in the world can recognize preparations for attacks and warn of them in good time. An opponent who uses cyber weapons can strike suddenly and hard at any time. These can be government agencies (e.g. to achieve political goals by paralyzing and destabilizing another state), or a handful of extremists or criminals who pursue their own personal goals. A cyber attack is only noticed if it is successful.

A medium-sized business enterprise records around 10,000 attempts to intrude into its own computer network every day. The Austrian Armed Forces registers an average of 40,000 intrusion attempts per day. Given this high number, it is impossible to determine who is carrying out these intrusion attempts and for what purpose. Only when the fire walls and other security devices have been overcome and an attack hits through can specific countermeasures be taken. But then the damage has already occurred.

A cyber attack is not a one-off event. As in a conventional war, the attacks will continue until the purpose of the attacks has been achieved or the attacks can finally be repulsed. Cyber ​​weapons are cheap. According to experts, around ten million euros, half a dozen highly talented IT experts and a development time of one to two years are enough to develop a new cyber weapon. That is a negligible order of magnitude compared to the development effort for conventional weapon systems, which may have a high and pinpoint destructive power, but cannot paralyze and destabilize a state within a few hours.

Cyber ​​weapons efficiency

Cyber ​​weapons have no primary physical destructive effect on the hardware as long as the attack is only directed against the software used in the computer system. If the attack is directed against subordinate subsystems, they can develop a high level of secondary physical destructive power there. Only "STUXNET" (see TD-Heft 2/2011; STUXNET - A Cyber-War attack program?) Should be mentioned as an example, the use of which in 2010 in Iran permanently destroyed over 1,000 centrifuges for uranium enrichment. Cyber ​​weapons are constantly evolving. Almost every week there are reports of new developments in espionage software such as "RedOctober" or "MiniDuke" as well as high-tech pests such as "Flame", "Gauss", "Dugu" etc. There is no absolute protection against cyber weapons, there Due to the constant further development, the state-of-the-art defense systems are constantly faced with new challenges. There is also the human factor, which turns out to be particularly dangerous when it comes to cyber security due to carelessness, ignorance and unintentional mistakes.

Low inhibition threshold

The launching base of a missile can easily be located. An attacking submarine reveals the type and country of origin by its sound signature. In contrast, an attacker in virtual space can definitely expect to be neither identified nor geographically localized. However, there is still a certain residual risk of being discovered. An attacking state would have to reckon with considerable countermeasures in the conventional area if it were discovered. For non-state attackers such as terrorist organizations, which are also often fragmented, this residual risk probably hardly plays a role. From this point of view, cyber weapons can be classified as extremely dangerous. In contrast, "traditional terrorism" looks almost harmless. If a suicide bomber kills a few dozen innocent passers-by, or if a subway train is blown up, it is a tragedy for all those affected and their relatives, the functionality of a state is only slightly affected.

Estonia 2007

This topic first came into the focus of public interest in Europe when cyber attacks in Estonia paralyzed essential parts of the infrastructure (government, ministries, banks, telecommunications and news companies) from April 27 to May 9, 2007. At the time, NATO experts assumed that attacks were controlled by Russia. It has been suggested that some patriotic Russian hackers were at work who felt their pride had been injured because of the relocation of a Soviet memorial and who wanted to take revenge on the Estonians. Whatever the reason, the incident was taken seriously. One year later, on May 14, 2008, the Cooperative Cyber ​​Defense Center of Excellence (CCD CoE), which works for NATO but does not belong to its formal organization, was launched in Tallinn / Estonia. This "Cyber ​​Defense Cooperation Center" provides insights, assistance and expertise on cyber war for NATO. This includes the conception of trainings and exercises, the publication of research results and the development of a legal framework for cyber defense. There are now ten such Centers of Excellence in NATO.

In an international exercise in 2012, the "Blue Team", consisting of eight IT experts from the Austrian Armed Forces and two specialists from the German Armed Forces, was able to gain the highest level of recognition by performing all tasks (defense against hacker attacks, communication work and analyzes for Decision maker) of all exercise participants.

Cyber ​​attack types

The view that only IT specialists are required in a cyber attack is as widespread as it is wrong. It depends on what goals an attacker is pursuing.

A computer system usually consists of a control center and networked workstations, which in many cases control subordinate systems.

Query of data

As long as the aim of an attack is to query data (espionage, etc.), it has no immediate effects. The entire hardware and any downstream systems that may be present remain unaffected, as does the functionality of the system itself. There are only negative effects for the attacked if the information obtained is evaluated and used against the attacked. In such a case, the necessary defense measures (cyber defense) remain limited to cyber space.

Since this type of attack concentrates exclusively on the computer systems, cyber defense teams are required to defend against them. These ICT specialists have the task of containing the attack and preventing further attacks with counter-attacks in cyber space.

Disruption or destruction of downstream systems

The situation is completely different when a cyber attack is directed against the functionality of an institution (company, authorities, infrastructure facilities, etc.). In the case of own countermeasures (cyber defense) in the IT system, it is to be expected that the cyber attack will be continued and nurtured until the target of the attack - the dysfunctionality of the attacked institution - is achieved or the attack through counter attacks in cyber space can finally be repulsed. Irrespective of the defensive measures taken after an attack has taken place, serious consequential damage to the downstream systems can already have occurred after the first attack due to the deactivation of the functionality of the attacked institution. If the real goal is the paralysis and destabilization of a state, the greatest and most catastrophic effect can be achieved with a cyber attack on the power supply to trigger a blackout (see TD issues 1 to 5/2012, "Blackout") and one To carry out a blow to the vital infrastructure.

In this case, you need highly trained cyber defense teams - but not only these. To cope with such a situation, it takes a lot more.

Well-rehearsed repair teams must be available to repair the damage to power plants and substations that occurred after the first attack. Specialists from the IT and technology sector are also required who concentrate on starting up the power supply. These efforts are likely to be hindered or completely destroyed by repeated cyber attacks. In the event of a persistent attack, it may take some time to fend off the attacks once and for all.The attacker has a clear advantage here, as he can choose the time and place in the networked system for further attacks. The element of surprise lies with the attacker. The longer the fight in virtual space lasts and the longer it takes to start up the power grid even after the cyber attacks have been contained, the more pressing the problems caused by the consequential damage caused by a blackout.

What is certain, however, is that in the event of a cyber attack on vital infrastructure, in addition to the group of people from IT and technology already mentioned, a large number of assistants will be required to help the population overcome the bottlenecks in the supply of water and food as well as in the Providing primary health care assistance. Fortunately, Austria has a sufficient number of auxiliary workers in the rescue services (90,000) and fire brigades (340,000), who, if necessary, can also call on 300,000 civilian servants (according to Section 21 of the Civilian Service Act, all of whom have performed civilian service since the introduction of civilian service and have not reached the age of 50) can be significantly increased. The situation is worse when it comes to the number of security forces who, in such a disaster situation, have to maintain internal order and security and provide "PROTECTION & AID" for the population. In addition to the 25,000 police officers available for such missions, there are theoretically 55,000 soldiers from the Austrian Armed Forces. The question is how to deal with this politically agreed number of 55,000 soldiers, if there is sufficient availability, e.g. B. of equipment, motor vehicles, equipment including emergency refueling devices, emergency power generators, batteries, food, medical care, sanitary facilities, etc. will be ordered? In addition, as a result of a blackout, which can be triggered not only by a cyber attack, but also by everyday events, security forces are required to be quickly available and deploy practically "on the spot" (e.g. property protection ) have to go. For this purpose, regular exercises in the operational organization are necessary in order to be able to jointly train the coordinated cooperation in the team for the foreseeable types of operations. From the author's point of view, the prerequisites for this with regard to the current army structure and the design of military service without mandatory repetitive exercises are currently not suitable to adequately counteract this form of threat. This requires a force with a large number of personnel, which can be deployed immediately after mobilization and which is primarily built up according to the territorial principle.

Everyone must be aware of the changed threat situation. The consequences of a large-scale cyber war attack must be thought through to the end and the necessary measures initiated. Only in this way can a minimum of "PROTECTION & HELP" be guaranteed for the population in the event of an emergency until a normal state is restored.

Links on the topic of cyber war

SPIEGELonline on the US / China cyber war -from-china-so-work-die-cyberkrieger-a-884245.html html

ORF Video documentations from TV stations


June 29, 2010: Attack on Berlin - How China is spying on us


October 17, 2012: From digital attack to cyber war


March 6, 2013: Blackout terrorist threat

Author: Colonel a. D. Mag. Udo Ladinig, born 1945, business economist, management positions in international corporations (nine years General Director for Central and Eastern Europe in the British groups Williams and ICI), retired in 2008. Militia officer in the hunter troop. Management functions up to battalion commander, most recently liaison officer in the Lower Austria military command, since 2011 out of service. For many years he has been dealing intensively with the topic of blackout and cyber war with regular appearances as a speaker on these topics in business and in the military environment.