October 6, 2016

The Cyber

Can a secret still be a secret if everybody knows about it? Top brass US intelligence officials, including former NSA director General Michael Hayden, seem to think so. “Stuxnet, no comment!” echoes like a mantra ...

Can a secret still be a secret if everybody knows about it?

Top brass US intelligence officials, including former NSA director General Michael Hayden, seem to think so. “Stuxnet, no comment!” echoes like a mantra throughout the beginning of Zero Days, Alex Gibney’s latest documentary, airing on Showtime November 19th. Unfortunately for the higher-ups at NSA, the secret’s out and pandora’s cyber box has been thrown wide open.

Co-designed by NSA and Mossad to wreak havoc on Iranian centrifuges back in the mid 2000’s, the Stuxnet virus, “the Stradivarius of malware,” has ushered in a whole new world, one in which physical objects in the real world can be turned into targets for sophisticated cyber weapons.

Nations around the world have rules of war IRL—treaties and red lines for nuclear and chemical weapons—but what are the rules of engagement online? Al-Qaeda whistleblower and all-around intelligence guru, Richard Clarke, tells us about the critical need for a new Geneva Convention for cyber warfare.

The Internet began with beautiful dreams of free-flowing information, of unfettered access to all the world’s information, of technology making the world a better place. But behind all the promises and wonders lay hidden vulnerabilities. Now with each hack, each breach, each leak—all spawning thousands of news stories around the world—we’re all being forced to confront the other side of paradise.

This hour, it’s digitally assured destruction, with Walter Isaacson, Richard Clarke, Alex Gibney, Jeremy Allaire, Sara M. Watson and Jonathan Zittrain.

Timeline: Weaponizing the Web

  • 1952: The National Security Administration (NSA) is founded secretly by the Truman administration to surveil communications and provide intelligence to governments.
  • 1952: Israel’s intelligence corps Unit 8200 founded.
  • 1989: Tim Berners-Lee conceives of the internet at CERN.
  • 2007-10: The US and Israel sabotage Iran’s uranium enrinchment facilities at Natanz with Stuxnet, malware coded by the NSA in conjunction with Unit 8200. It’s the first time a cyber attack affects real-world infrastructure. (Reuters)
  • 2009: United States Cyber Command (USCYBERCOM) created under the Obama administration as the “offensive” outgrowth of the “defensive” NSA. (Washington Post)
  • 2010 Iran creates their own cyber command organization, قرارگاه دفاع سایبری‎‎ (The Cyber Defense Command).
  • 2012: Iran’s Cyber Defense Command releases a virus that erases three-quarters of the files at Aramco, Saudi’s national oil company. (New York Times)
  • 2013: Edward Snowden and Glenn Greenwald leak NSA documents, revealing the scope of the U.S. executive branch’s global surveillance powers. (The Guardian)
  • 2015: Obama administration releases official cyber policy. (The White House)
  • 2016: Justice Department indicts seven Iranian hackers for breaking into major US banks and attempting to shut down a dam in NY. (Bloomberg)
  • 2016: Alex Gibney documentary reveals large-scale offensive cyber program, Nitro Zeus. (New York Times)

Extended interviews

Podcast • December 16, 2010

Wikileaks: A Simulation of Net Wars to Come

Click to listen to Chris’ conversation with James Der Derian and Ronald Deibert (37 minutes, 18 mb mp3) With Net thinkers James Der Derian at Brown and Ron Deibert at the Univesity of Toronto, we’re ...

Click to listen to Chris’ conversation with James Der Derian and Ronald Deibert (37 minutes, 18 mb mp3)

With Net thinkers James Der Derian at Brown and Ron Deibert at the Univesity of Toronto, we’re looking for a new lede on the Wikileaks story. Julian Assange, poor devil, is the least of it — even if Bill O’Reilly wants to rip him apart with his bare hands and Vladimir Putin would give him the Nobel Peace Prize. What’s interesting, in this conversation anyway, is the glimpse of an arms race in cyberspace, and the cautionary lesson in the geopolitics of the Internet.

James Der Derian would tell you the next big war could be of the cyber variety. More dangerous than Anonymous vs. Mastercard, it could be Our Worms vs. Yours. The parties could be governments or non-state networks. The targets could be military or civilian — Third World hackers against, say, control-tower computers at Heathrow or O’Hare. And in a paranoid frenzy before attackers are identifiable, it could get out of hand very fast — like World War I, but faster.

Historically speaking, trans-national news services usually corresponded to empires. The spread of imperial power was accompanied by these various news services — Agence France-Presse, even TASS — sort of covered wherever the domain of that state power reached. What’s interesting is this: does WikiLeaks represent any power within the spread of particular networks? Is there an interest here that we need to look at, that’s being furthered to the detriment of the popular will that we tend to see identified with the internet?

… because of the densely interconnected nature of the internet and of control systems, cascading effects can run out of control very fast. You could have the equivalent of a World War I scenario. There a small little incident in Bosnia, the assassination of the archduke, led to a conflagration that killed millions of individuals. What caused that to happen was secret treaties, and that’s why the most recent leaks have created such an uproar. Diplomacy was very much a secret game. Every treaty had a secret article connected to it that said: if you are attacked by country X we will come to your support. It created the effect of a densely networked system [in which] you push one button and the next thing you know Germany had to go to war for Austria… Cascading effects went out of control very swiftly.

Ron Deibert would remind you that the next cyber war won’t exactly be the first one. The conflict in 2008 between Russia and Georgia over South Ossetia involved not only tanks and naval skirmishing, but also a major denial-of-service attack on the Georgian government and banking system.

There is really a geopolitics of cyber space, a competition over this domain, from the idea level all the way down to the system infrastructure. … Most of what we call cyberspace is actually owned and operated by the private sector.

Keep in mind the context behind all this is that we’re moving in a remarkable rate towards a new mode of communicating, just within the last five years. … We’re migrating to this new way of communicating without developing the usual norms and protocols around basic security practices.

There is a kind of a demographic shift happening in cyberspace. It started out very much as an American dream. A West Coast libertarian ethos informed cyberspace in the beginning, because, frankly, that’s where it was invented. But over the last couple of decades it’s migrated outward. Now we’re seeing the highest rates of growth occurring in zones of conflict, in the developing world: there is a migration from the North and the West to the South and the East in cyberspace, and I think that is going to change the character of cyberspace. Most of the groups that we study, cyber-criminals and underground economies, [are] in places like Lagos or St. Petersburg or Shanghai. For individuals in these places, connecting to cyberspaces is a way for them to get out of the structural economic inequalities that they face on a day-to-day basis.

What we’re all wondering is whether the fear Wikileaks has surfaced could mark the beginning of the end of the open Internet. Will American anxiety about Web freedoms come to resemble the Chinese government’s? As the Guardian notes unmercifully, the Hillary Clinton and Barack Obama paeans of a year ago — to information networks that “are helping people discover new facts and making governments more accountable” — read now like “a satirical masterpiece.” We seem, at least, to be looking at first blood between established power in the U.S. and the adolescent romance with a magical, free, transformative Web.