Sean Anthony Eddy/Getty Images
Militaries have fielded countless deadly weapons, ranging from muskets to tanks, and recently nations have leveraged the power of the internet in what is colloquially known as cyber warfare. Armies can now wage information wars by hacking into private servers and stealing information, spying on hijacked devices, and directly destroying federal property — everything Bond-era spies did, but executed remotely.
However, these tactics are also part and parcel with run-of-the-mill hackers and independent hacktivist groups, so what’s the difference? A cyber attack occurs when any hacker, solo or otherwise, commits a cybercrime against a target, be they an individual civilian or a company. In contrast, cyber warfare occurs when government-backed organizations attack other nations using computers and the internet. Moreover, government and military foundations such as critical infrastructure or financial institutions are common targets, but there are always exceptions to the rule.
With this in mind, you might think you have a solid grasp on what constitutes an everyday cyber attack and what counts as an act of cyber warfare, but the difference isn’t always cut and dry. Every example of cyber warfare is also an example of a cyber attack, but not every cyber attack is cyber warfare. Here are ten of the most advanced cyber warfare tools armies have at their disposal.
Pugun Sj/Getty Images
People usually hack into someone else’s computer or server to steal data of some kind. It could be their credit card information, social security number, passwords, or usernames. If it’s sensitive data, hackers want it — the more sensitive and potentially classified, the better.
Cyber warfare through data theft occurs just like any other kind of data theft hack. Someone sneaks their way onto a protected device, usually by tricking the victim into downloading a malicious program or phishing for their login credentials, and then the hacker goes to town once the infection sets in. Since they steal data, the culprit generally downloads the files for their own use.
Many public, government, and government-backed entities store digital warehouses worth of data, so they are prime targets for hackers, including foreign governments gunning for those secrets. North Korea, for instance, has been linked to espionage attempts across the globe, including South Korea’s chemical industry and Spain’s aerospace sector. More recently, Russian hackers allegedly tried to sneak into Ukrainian law enforcement networks to obtain files that documented Russia’s purported war crimes during the invasion.
However, not all acts of cyber warfare target government or tech entities. In 2018, an Iran-linked hacker group stole login credentials connected to 76 universities, and the Chinese-backed Double Dragon has been known to target everything from healthcare providers to video game developers. Knowledge is, after all, is power, and some countries are willing to do anything to gain as much power as possible.
When a hacker worms their way into a system or server, they are usually looking for something to profit from. Perhaps their pilfered files can be sold or used to perpetuate credit card fraud. However, some people aren’t looking for anything logical like that, as some cyber attacks leave little more than a trail of destruction in their wake.
This is what happens when hackers start deleting critical information. Data deletion begins like standard cases of data theft. A cybercriminal accesses a system via phishing, a backdoor program, or another virus. Once they’re in, the hacker has full access to sensitive files, but instead of trying to blackmail their victim, the hacker just deletes everything. Since many businesses rely on computers, this can have a devastating effect.
In 2012, one of the world’s largest oil producers, Saudi Aramco, suffered a critical blow. CNN reports that 35,000 computers were bricked in only a few hours, leaving the company unable to distribute anything. To prevent further damage, computer technicians across the globe took the caveman approach and literally ripped cables out of servers. While Saudi Aramco’s drilling and pumping were automated and unaffected, documents ranging from shipping manifests to government contracts had to be rewritten by hand and refaxed one sheet at a time.
While the perpetrators were never caught, CNBC notes that history repeated itself in 2017 in the Saudi region with a similar data-eating virus. Then, in 2019, Saudi Aramco’s main facility was hit by drone strikes. While the latter wasn’t an example of cyber warfare, many governments pointed fingers at Iran, which if true, could imply they were behind the 2012 attack, too.
Digital currency theft and economic disruption
The internet has changed the face of money. You don’t have to visit a bank teller or ATM to deposit a check anymore, just take a photo of a slip of paper and the money will be sent to your account. You don’t even need checks or credit cards either, just a phone linked to your bank. However, since everyone — including governments — can access their money more easily, thieves can steal it more easily, too.
Lifting cash from someone else is a common cybercrime. All a hacker needs to do is access private information from an individual or company, and they have all the illicit bank access they could ever want. For instance, a cybercriminal could steal credit card numbers using keyloggers, or bank credentials through phishing scams. Solo hackers do this to individuals on a daily basis, so is it any wonder why governments are so afraid that foreign nation-backed hackers could do the same to them?
Financial analysts who work at stock exchanges live in constant fear of cyber attacks, so they employ their own armies of hackers as a countermeasure. It only takes one attack to cripple an economy, and while countries haven’t faced this problem yet, analogous examples of cyber warfare demonstrate the potential aftermath. For instance, in 2022 NBC reported that the Secret Service accused hackers working for the Chinese government of stealing over $20 million worth of COVID relief funds, and The New York Times investigated claims that hackers tried to make away with almost $1 billion from Bangladesh’s central bank in 2016.
The crypto industry has been through numerous ups and downs. However, during the initial cryptocurrency boom — when the price of one bitcoin was through the roof — many hackers used the situation to their advantage, including those who received paychecks from foreign governments.
While it was once common for hackers to ransom their victims’ data for the low cost of several bitcoins (which were valued at hundreds of thousands to millions of dollars), many resorted to what is referred to as cryptojacking. The term, as a portmanteau of cryptocurrency and hijacking, refers to the practice of hackers who take control of their targets — such as computers, smart devices, and even entire servers — to mine for crypto.
You are probably wondering what is so dangerous about a hacker using your computer or an online server to mine for crypto. In fact, you’re probably wondering why you shouldn’t beat them to the punch and employ your computer for some crypto mining yourself. That thought belies a misunderstanding of how crypto is manufactured. The process requires a ton of hardware resources, so much so that unless your computer is idle, it can grind other programs to a standstill.
Cryptojacking thereby can act as a one-two punch that cripples public systems while also earning the hackers some extra money on the side. Just look no further than the 2022 attack on the U.S. Merit Systems Protection Board, as reported by The Washington Post. Iranian government-backed hackers cryptojacked the network, preventing federal workers from posting any grievances. Of course, the hackers also planted more classic cyberespionage kits in the board’s system, but the attack worked — partially because nobody expected it.
Ransoming someone else’s digital property is a hacker’s bread and butter. The bigger the target, the larger the payout, and you can’t get much bigger than critical infrastructure.
Probably the most common form of ransoming data starts with ransomware. Once the program is uploaded into its target — usually by tricking users into clicking on an infected link or attachment — ransomware starts encrypting all the data it can find. After that’s done, the hacker provides an ultimatum — pay up to decrypt the data or say goodbye to all your files. Most people either know someone who was the victim of ransomware or have read a story about a company that was. While many ransomware perpetrators are lone hackers, some are backed by governments for the purpose of cyber warfare.
The WannaCry worm of 2017 is arguably the most infamous example of ransomware in history, as it attacked computers with vulnerable SMB ports that weren’t up to date on Microsoft protection updates. Hundreds of thousands of computers were infected. Eventually, the U.S. Department of Justice charged a hacker group backed by the North Korean government with creating the virus.
CNN reports that another devastating cyber attack occurred in 2021 when Colonial Pipelines was held hostage by ransomware. Colonial Pipelines had to shut down to contain the damage, and since around half of all gasoline used on the East Coast originates from this company, the malware hobbled the whole region. While this attack wasn’t an example of cyber warfare — the apolitical group DarkSide was responsible — it demonstrated how ransomware could shut down an entire country or region.
Many modern devices are connected to the internet, and the number grows every day. This includes game consoles, televisions, Ring cameras, and cat litter scoopers, as well as public and privatized services such as transportation. In the right hands, an online program could tell your boss you’re going to be late because of a delayed train. In the wrong hands, an online program could cause that train delay.
Sabotaging computer systems starts off like any other form of cybercrime. A hacker sneaks into a server or computer, and once inside, the criminal has full access to their target’s files. However, instead of copying or encrypting the data, they start futzing with files that control specific systems. Imagine if a hacker deleted the files that told your personal computer’s cooling fans to speed up under high processing loads and to shut down if it gets too hot. This act would make your PC cook itself the next time you booted up “Cyberpunk 2077.” Cyber warfare sabotage works like that, but on a larger scale.
One of the most infamous examples of cyber warfare sabotage occurred in 2010, when the Stuxnet worm targeted the automation controls of Iranian nuclear centrifuges, destroying one-fifth of the country’s collection. While the program’s origin is largely unknown, the running theory is that Israel or its Mossad agency was to blame. More recently, the Russia-backed hacker group Fancy Bear has been busy sabotaging targets. The organization infected an app designed to aid Ukrainian artillery units with target allocation. Thanks to Fancy Bear’s meddling, the app sent location data to Russian military forces, which resulted in the destruction of numerous howitzers.
Personal data-based sabotage
In many ways, the internet is one big public forum where everyone can voice their opinion about everything. As such, you are bound to run into critics sooner or later. Common sense says you shouldn’t let these opinions get under your skin, and no matter what anyone says about you, you should never retaliate. Clearly, nobody ever told cyber warfare hackers that.
Hackers often use personal information against their targets. This could be as straightforward as hacking into a database to obtain someone’s social security number or personal address, or it could only involve research in order to find compromising Twitter posts. Anything and everything can be weaponized in the hands of a cybercriminal, but things really ramp up when they’re working for a government’s payroll.
Russia has come under fire multiple times for allegedly intimidating anyone even remotely critical of Vladimir Putin. According to AP News, the hacker group Fancy Bear tried to log into the accounts of many journalists and post their personal and private messages on the web for anyone to see because they said something negative about Putin. In addition, Politico reports that former Republican National Committee member Elliott Broidy once accused Qatar of bankrolling a campaign to leak his personal emails on the internet. However, his evidence is far more circumstantial.
The internet is so inundated with information that separating fact from fiction can be a full-time job. A little research goes a long way, but even that might be enough when groups of talented hackers are being hired to weave webs of lies. Out of all the forms of cyber warfare in this article, media manipulation is probably the most straightforward since it doesn’t require any actual hacking. Just post a lie about anything, and someone somewhere is bound to believe it, especially if it gels with their preconceived beliefs. Propaganda is a common weapon during times of war, and thanks to the magic of the internet, producing propaganda is possibly easier than ever.
As with its alleged intimidation tactics, Russia is supposedly a major source of disinformation, and these claims have only grown in recent years. For instance, ever since Russia started invading Ukraine, President Volodymyr Zelensky has been in Russia’s crosshairs. NPR reported on the infamous deepfake video that allegedly showed Zelensky urging Ukrainian forces to surrender, and Russian hackers also hijacked radio stations to produce rumors that Zelensky was in critical condition.
However, arguably the most dangerous examples of cyber warfare disinformation came from the “Cyber Caliphate,” a group of supposed Islamic State supporters who threatened the wives of U.S. soldiers and took down France’s TV5Monde station. Not only were these examples of actual hacking — the latter almost completely destroyed the TV station — but they successfully tricked people into thinking Islamic terrorists were to blame. In truth, these were once again the actions of Russian hackers — perhaps even Fancy Bear, yet again — according to reports from the BBC and AP News.
Social engineering and election meddling
The 2016 U.S. election will go down in history for a multitude of reasons, most notably because of the rumor that Russia meddled in the process to get then-candidate Donald Trump elected. Regardless of whether you believed those claims or not, the 2016 election gave U.S. citizens a glimpse into how a little cyber warfare can turn a country into a battlefield where lines are drawn across political allegiances.
The group charged was none other than Fancy Bear, but that wasn’t the only time these hackers tried to swing elections in Russia’s favor, as observed by Wired. In 2019, the organization allegedly started attacking U.S. Democrat organizations, and Fancy Bear doesn’t just target U.S. entities. The Guardian reported that the group was linked to 2017’s attack on the then-French presidential candidate Emmanual Macron, leaking mailboxes worth of internal campaign emails to the internet.
However, these are far from the only means of election meddling. In 2022, ABC 7 revealed that Chicago’s Champaign County was hit with a DDoS attack that temporarily slowed the ballot counting process. While not as potentially dangerous as true election meddling — and not necessarily a form of cyber warfare since the perpetrators remain unknown — this DDoS demonstrated that there’s more than one way to undermine a democratic election.
Electrical power grid attacks
Thierry Monasse/Getty Images
Electricity makes the world go round, and we rely on it for our daily lives. Many can’t even use their stoves without electricity. If a nation wants to demoralize an enemy, they only have to take down an electric grid, because if a government can’t defend critical infrastructure, what hope do we have of the government protecting us?
At its core, an electrical power grid attack is a specialized form of cyber sabotage. A hacker breaches a system that controls a power grid via any number of viruses, and then they start flipping digital switches. Unlike the more generalized examples of sabotage, electrical power grid attacks invariably result in the power grid going down, leaving untold numbers of civilians — and important services such as hospitals — in the dark.
In 2015, the U.S. Cybersecurity & Infrastructure Security Agency linked Russian hackers to malware that took out electrical grids for many Ukrainian customers. One year later, Wired reported that a similar attack occurred, rendering a large portion of the Ukrainian capital of Kyiv without power. These alleged Russian hackers also have set their sights on the U.S. In 2018, the Department of Homeland Security claimed that Russian hackers gained control of numerous electrical grid control rooms across the U.S., according to The New York Times. The hackers could have caused blackouts, but the security technicians uncovered the attack before it caused any damage.