INFORMATION WAREFARE

INFORMATION WARFARE
ITN 261
INFORMATION WARFARE 

What is It?
8 INFORMATION WARFARE

What is it?
Can mean different things to
different people.
Can range from the use of
information resources to gain an
advantage over one’s adversaries
– to full-blown cyber warfare.
For our purposes, we will consider
how cyberwarfare, cyberattacks,
can be used to cripple a nation’s
resources, through the use of
digital attacks.
08 INFORMATION WARFARE

CYBERATTACKS

Cyberattacks can come from anywhere, from other countries (nation state attacks), or even
one lone bad actors. Watch a couple of YouTube Videos on Stuxnet 

(here is one:https://www.youtube.com/watch?v=SAy46DhWW8Y ) and consider the following:

• To whom was the attack attributed?

• What was the intent of the attack?

• How was the attack performed?

• What would have been the result if the virus made the plant explode?

• If you had been the manager at Natanz, what policies or security controls could you have
put into place to have prevented the attack?
08 INFORMATION WARFARE
Cyberattacks can impact all
aspects of critical infrastructure.
Consider 9/11. Not only were our
called “Cyber Command” – a
financial centers impacted, but it
was the first time in U.S. history that
all airplanes flying were immediately
grounded.
Most other large countries have
had information/cyber warfare
organizations for several years.
In response to this threat, the U.S.
has created a new command
military department focused on
both defensive and offensive cyber
warfare.

08 INFORMATION WARFARE

CYBERATTACKS

Common attacks include

hacking users’ home computers
and laptops, turning them into
bots by downloading Trojans
onto their systems. These
botnets (collections of bots) can
then be used to perform
distributed denial of service
(DDoS) attacks on government
facilities and critical
infrastructure.
08 INFORMATION WARFARE

What if a Cyber Attack Resulted in a Loss of Life?

• Just like WannaCry was attributed to North Korea,

NotPetya was attributed to Russian military. 


• While initially believed to be just ransomware, closing

hundreds of millions of dollars to European
organizations, Symantec researchers concluded it was
actually designed to completely wipe systems. 


• This resulted in the U.S. placing sanctions against

Russia. What would have been the likely U.S. response
had this resulted in the deaths of U.S. citizens? The
Petya ransom note – Attributed to Russia. 
 Image: Symantec Read the article at: https://www.zdnet.com/article/russian-
militarybehind-notpetya-attacks-uk-officially-names-andshames-kremlin/





08 INFORMATION WARFARE

NOT PETYA

As mentioned in the Stuxnet video,

once cyber weapons are used against
another country, that country then has
the tools to attack others. Consider
how NotPetry as developed. In April
2017, a hacking team called the
Shadow Brokers hacked into the NSA
and stole tools leveraging Windows
and Linux exploits that NSA hackers
were using to hack into banking
systems. This group (unsuccessfully
attempting to sell the tools) then
began releasing the tools to others.
Read the slide notes: Note that most
of these tools targeted older operating
systems that were still being used by
organizations and were not patched!
08 INFORMATION WARFARE

TAKEAWAY SUMMARY

We are in an era where war will not

be fought on the traditional
battlefield – it will attack the
computers and systems that
manage critical infrastructure, such
as power grids, nuclear power
plants, trains and airports.
Attacks in information warfare are
really no different than those used
against any organization – DDoS
through buffer overflows and
malicious traffic, password
cracking, SQL injection to find
account information, etc.
In most cases, these successful
attacks could have been avoided by
organizations upgrading network
infrastructure to more secure,
newer, versions, and/or patching
their systems.