Skip to main content
Message Font: Serif | Sans-Serif
 
No. of Recommendations: 7
“The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age,” by David E. Sanger, Crown Random House, NY, 2018. In this 357-page hardback, New York Times reporter David E. Sanger reports what is published about cyber espionage, warfare, attacks, and defense, even though most info is classified. Sanger interviewed principals for additional details.

Hacking has been around since the first days of computers. Now nation states see cyber as a tool to spy, steal technology, and harass others. Attacks can be destructive. Cyber is an ideal tool for those taking on major powers. Costs are low and targeted impact can minimize the risk of war. A decade ago three or four nations had cyber forces; now there are more than thirty.

The first event discussed is “Stuxnet.” In 2010, this virus sought to destroy the centrifuges used by Iran to enrich uranium, probably the work of the US or Israel. The centrifuges were isolated from the internet, but the code was introduced probably from a thumb drive, possibly by a “lost” one or by employees willing to cooperate. The code began to circulate on the internet where it was detected by Symantec.

One of the first cyber invasions was in 1998 at Colorado School of Mines, which had Navy contracts to work on nuclear weapons. The Russians hacked in to steal thousands of unclassified materials. The military formed the Information Operations Technology Center in about 2000 to counter future attacks. In 2008, the Chinese penetrated Lockheed Martin’s networks and got plans for the F-35 fighter. That same year, the Russians hacked into the Pentagon’s classified networks by leaving USB drives in the parking lot of a US Base in the Middle East.

Nitro Zeus was a plan to shut down the Iran economy by cyber. It was not used for fear that a counterattack might be directed at the US, where many targets are impossible to protect.

In 2011, Iranian hackers attacked major US banks and financial institutions including JP Morgan Chase, Bank of America, Capital One, PNC Bank, and the New York Stock Exchange. These were primitive denial of service attacks. In 2012, Iran attacked Saudia Arabia’s Aramco. While many were away during Ramadan, they released a virus that erased hard drives on 30,000 computers and 10,000 servers. It took five months to recover.

Edward Snowden is a central figure in much of the story. In 2013, as a contract employee for Booz Allen Hamilton, he copied thousands of NSA Network documents and leaked them to journalists. His trove showed that NSA could break encrypted cell phone data and the VPN net. In Germany, Chancellor Angela Merkel’s cell phone was a target. Snowden fled to Hong Kong and then Russia. In 2010, Chelsea Manning downloaded thousands of military videos and State Department cables and gave them to Wikileaks.

Snowden revealed that NSA had surveillance on 17 AT&T internet hubs in the US and a smaller number of Verizon hubs. In 1858, Britain became the hub of international cables under an agreement between Queen Victoria and President James Buchanan. This arrangement continued as new technologies brought additional cables including fiber optics. Snowden showed that in 2012, 250 Americans and 300 British agents worked at “Global Telecoms Exploitation.”

NSA’s Tailored Access Operations unit invents ways to break computer systems. TAO implants report back to NSA but can alter data or launch an attack. In 2013, TAO’s ANT catalog was published. It included Cottonmouth I, a USB plug that could transmit to a briefcase sized receiver up to 8 miles away. This device allowed tapping into computers not on the internet.

TOA’s tools for hacking into Microsoft systems found by Snowden were gradually published by Shadow Brokers. Suspicions of leakers resulted in NSA personnel submitting to lie detectors. Morale sank. In 2015 the Kapersky antivirus operation in Russia began to report intrusions originated by TAO. Kapersky software detected and neutralized some TAO malware. An NSA employee brought home classified documents where his Kapersky’s antivirus software copied the documents. The Obama White House responded by expelling 35 Russian diplomats. A Russian diplomatic property on Long Island planned to tap into a major telephone trunk line.

In Operation Ivy Bells, in the 1970s, NSA tapped the Soviet Navy’s cables in the Sea of Okhotsk. Recordings were recovered by divers from submarines. A NSA communications specialist told the Soviets in 1980.

China is described in a chapter. They are known for stealing technology, but Sanger mostly reports concerns about Huawei and Lenovo (who purchased IBM’s personal computer business), and their potential to monitor communications through their equipment. McAfee found a China-based group called Shady Rat was behind theft of intellectual property in the US. After publication, officials showed up at Intel facilities in Beijing to inspect business licenses. Perhaps we should appreciate China’s ability to keep reports of its cyber efforts out of the media. In 2009, Google found that Chinese hackers penetrated their network seeking the source code of the search engine as well as Gmail accounts of Chinese human rights activists.

North Korea formed a cyber unit in 1996. Their hackers were sent to China, India, Malaysia, Nepal, Kenya, Poland, Mozambique and Indonesia. Iran taught North Korea that internet connected banks, trading systems, oil and water pipelines, dams, hospitals, and entire cities have many opportunities for attack. They expanded their cyber program in 2014 when Kim Jong-un came to power.

In 2010, the US created Nighttrain, to penetrate communications between North Korea and its operatives in other countries. In 2014, Channel 4 in UK planned a series about Americans and Brits co-operating to free a kidnaped nuclear scientist in North Korea. After a cyber attack, the broadcast was cancelled when financial supporters backed out.

Sony Pictures produced The Interview, a movie that depicted the death of Kim Jong-un. After North Korea objected vigorously, hackers broke in with phishing attacks days before Thanksgiving in 2014. Computers throughout the company were attacked erasing all data. A source began leaking Sony emails containing embarrassing details, contracts, medical records, and Social Security numbers.

North Korea is the maker of the scud missile used by Egypt, Pakistan, Syria, Libya, and Yemen. It is a simple short range missile. In 2016, development of a more complex longer range missile, the Musudan, resulted in many early failures. Efforts to sabotage the program were difficult. The “left of launch” concept implied defective components were supplied. Raytheon told some of the story at industry trade shows.

In 2016, North Korea hacked into the Bangladesh Central Bank and stole $81MM. Earlier North Korea had printed counterfeit $100 bills to finance its operations. The US improved its currency to make counterfeiting more difficult.

Then came WannaCry. North Korea used a hacking tool for Microsoft servers for ransomware spread by phishing. It encrypted user data and demanded $300 in bitcoin to unlock data. Although Microsoft had a patch, many failed to install it. The US government claims to publish 90% of the software flaws it finds, but this was part of the 10% they use to invade other systems. Criminals soon copied the ransomware method for their own purposes.

Historians say the Russian battle style includes attacks on multiple levels using conventional attacks, terror, economic coercion, propaganda, and now cyber. In 2013, Putin’s propaganda center was the Internet Research Agency. Stalin used propaganda to recruit Americans, undermine capitalism and sow fear and distrust. Social media were easily adapted. Topics used to stir disorder included immigration, gun control, and minority rights. They also used paid ads on Facebook and Twitter.

The State Department has a secure high side network for classified information and a low side network for contact with the public. Russians penetrated the low side network with a phishing attack.

The Russian attack on the Democratic National Committee computers in 2015 is covered in a chapter. The FBI knew the DNC system had been hacked, but when agents called DNC, they were referred to a temp. Invaders had time to search files for email contacts. Then they moved to the Clinton election campaign computers. Concerns arose that the Russians had tampered with election results. Pennsylvania lacked paper backup to its voting machines at the time. In Illinois, Russians hacked into voter registration records.

In 2017, Russian cyber attacks shut down the utilities in much of Ukraine while their forces moved into Crimea. Ransomware encrypted data but claimed it could be recovered by payment of $300 in bitcoin. Outdated accounting software allowed hackers to explore business files for months before the attack.

Similar Russian implants were suspected in the American electricity network. The government was reluctant to acknowledge same, but cyber security firms detected them. NATO is unprepared for a cyber attack. They have a nuclear weapons plan, but no expertise in information warfare.

Sanger’s recommendations include negotiating a cyber weapons arms control agreement. We should have a well thought out playbook of measured responses. Faster identification of the source of attacks is needed.

This book tells what is known of cyber attacks in the last 20 years or so. It is well indexed making it an excellent resource for those who want to know more. Mostly it describes the potential for cyber attacks without much in the way of defense. Index. References.
Print the post  

Announcements

When Life Gives You Lemons
We all have had hardships and made poor decisions. The important thing is how we respond and grow. Read the story of a Fool who started from nothing, and looks to gain everything.
Contact Us
Contact Customer Service and other Fool departments here.
What was Your Dumbest Investment?
Share it with us -- and learn from others' stories of flubs.
Work for Fools?
Winner of the Washingtonian great places to work, and Glassdoor #1 Company to Work For 2015! Have access to all of TMF's online and email products for FREE, and be paid for your contributions to TMF! Click the link and start your Fool career.