Between the fake Nigerian princes and the endless computer passwords we need to create (one uppercase and lowercase letter, please), we have all wanted to bomb the hackers.
Last weekend, Israel did just that. The Israel Defense Forces (IDF) claims to have flattened a building used by hackers from Hamas, which has already fired hundreds of rockets at Israel last week.
“We thwarted an attempted Hamas cyber offensive against Israeli targets,” tweeted the IDF Twitter site. “Following our successful cyber defensive operation, we targeted a building where the Hamas cyber operatives work. HamasCyberHQ.exe has been removed.”
A photo accompanying the tweet showed a U-shaped building, with the right wing colored in red, presumably indicating the section that was struck. The IDF provided no details on the Hamas cyberattack, nor on how Israel thwarted it.
What’s amazing isn’t that hackers were identified and attacked, but rather that it hasn’t happened already. Cyberwarfare is now recognized as a new battlefield, just like air, land, sea and space. The U.S. military has created a Cyber Command to coordinate defensive and offensive cyber operations. The Pentagon worries that its newest high-tech weapons, such as the F-35, are vulnerable to hacking. Just as frightening is the potential for a cyber-apocalypse that takes down the electrical grid or the air traffic control network.
It can be argued that if a jet fighter can be knocked out by a virus as easily as an anti-aircraft missile, that makes the people who create and disseminate those viruses legitimate military targets. From World War II to the Balkan Wars of the 1990s, bombers attacked critical infrastructure. If a foreign nation can disable a country’s electrical grid with malicious software rather than high explosives, then it’s difficult to argue that the threat should not be dealt with in the same way as any other military threat.
But there is a problem with that theory. Conventional weapons—the bullets, bombs and shells—are physical objects that leave clues to their origins. You can see the muzzle flash of a rifle, or trace the trajectory of a howitzer shell or ballistic missile, and have some idea of where it was fired from and who fired it.
Except that’s not totally true. Armies have a whole lexicon of euphemisms—“collateral damage,” “friendly fire,” etc.—to explain why they hit the wrong target. How much harder will it be to correctly identify whoever designed a virus, or who breached a computer network, when smart hackers know very well how to disguise their tracks, or even to pin the blame on someone else in a “false flag” operation. Bombing Country A when it was Country B that hacked your network is a major victory for Country B’s hackers.
Similarly, armies wear national insignia both to identify themselves to friendly forces, and to comply with the laws of war that say that soldiers need to be properly marked if they want to be treated as soldiers and not guerrillas or spies. Does a hacker need to wear a uniform to be considered a legitimate military target? We joke about computer geeks living in their parent’s basement, but does that make their parent’s house a target?
Unfortunately, just because an issue is thorny doesn’t mean it will go away. As cyber weapons increasingly resemble conventional weapons in their approach and effects, don’t be surprised to see more hackers meet high explosives.
Image: Flickr/Israel Defense Forces.