Page 2 of
3 US digs in for cyber warfare By Peter
Lee
One way to get around the problem of
anonymous users employing unbreakable encryption
from multiple devices is the trend around the
world toward requiring real name registration -
stripping anonymity from Internet posters - and
requiring Internet service providers to become
active participants in law enforcement by
monitoring the activities of their customers.
For encrypted documents and communications
using genuinely random numbers - and absent a
mandated, law-enforcement-accessible third-party
repository for private keys (a demand recently
made of RIM, the BlackBerry people, by the Indian
government), the government has to employ either
judicial compulsion or covert means to obtain
information on private keys from individual
computers. Covert means presumably involve
using
a
virus or some other means of access to install a
keylogger. [4] [5]
A while back, the FBI
admitted it had such a program, code-named Magic
Lantern - strictly a research operation, of course
- creating the interesting issue of whether or not
anti-virus software vendors could be dragooned
into modifying their programs to ignore the
officially sanctioned virus.
One plausible
reason for excluding Huawei and ZTE from US
networks would be to deny them a possibly
privileged view of how the legal intercept
cyber-sausage gets made.
Even Western
governments have also expressed an interest in
flipping the dastardly "kill switch" that deprives
Internet users of their precious connectivity and
is the badge of shame for totalitarian regimes.
During the riots in England last year, the
British government thought of taking a page from
the playbooks of former Egyptian leader Hosni
Mubarak and Iranian President Mahmoud Ahmadinejad.
British Prime Minister David
Cameron, in a statement to the House of Commons
earlier today, made reference to and mooted the
possibility that social media could be
"disrupted" or turned off if riots continue.
Services such as Facebook, Twitter and
crucially BlackBerry Messenger - which has been
used by rioters and looters to organize
disruption across the British capital and other
cities in England - could be restricted in a bid
to prevent further violence; present day or in
future warranted situations.
Speaking in
the House of Commons, David Cameron said: "The
free flow of information can be used for good.
But it can also be used for ill" ...
Conservative Tobias Ellwood MP said in
Parliament that police should be given the
option to switch off cell network masts "and
other social networks" used to coordinate
trouble, violence and disorder.
[6]
Putting a kill switch in the hands
of Huawei is probably the biggest US headache.
With more and more sensitive data
encrypted, it is unclear that squatting on a
Huawei switch and copying the flow of 1s and 0s
will deliver Chinese spies a considerable
incremental benefit over the prodigious targeted
hacking operations they are allegedly engaging in
already.
The real danger from a hostile
piece of telecommunications kit would be
disablement in time of crisis or war, as Fred
Schneider, a computer scientist at Cornell
University in New York state, told Technology
Review:
A trigger could be built either into
the software that comes installed in switches
and network hardware or into the hardware
itself, in which case it would be more difficult
to detect, says Schneider. The simplest kind of
attack, and one very hard to spot, would be to
add a chip that waits for a specific signal and
then disables or reroutes particular
communications at a critical time, he says. This
could be useful "if you were waging some other
kind of attack and you wanted to make it
difficult for the adversary to communicate with
their troops", Schneider says.
[7]
There is a good reason Huawei
can't be trusted to deliver clean kit to critical
US infrastructure customers. That is that we now
live in a world in which cyberwar is an acceptable
and legitimate national tactic.
This
Pandora's box of cyberwar has already been opened
...
... by the United States.
Amid
the ferocious Iran-bashing - and "by any means
necessary" justifications for covert action
against that country's nuclear program - that have
become endemic in the West, the true significance
of the Stuxnet exploit has been overlooked by
many, at least in the West.
Stuxnet was
the release of an important cyber-weapon - a virus
that did not simply seek sensitive information or
attempt to disrupt communication, but one that was
reportedly rather effective in damaging a
strategic Iranian facility by an act of sabotage.
It was an act of cyberwar.
As
David Sanger, The New York Times'
national-security adviser, wrote in his White
House-sanctioned account:
"Previous cyberattacks had effects
limited to other computers," Michael V Hayden,
the former chief of the CIA, said, declining to
describe what he knew of these attacks when he
was in office. "This is the first attack of a
major nature in which a cyberattack was used to
effect physical destruction", rather than just
slow another computer, or hack into it to steal
data.
"Somebody crossed the Rubicon," he
said. [8]
In true US imperial style,
Stuxnet was unleashed unilaterally and without a
declaration of war, to satisfy some self-defined
imperatives of US President Barack Obama's
administration.
That's not a good
precedent for other cyber-powers, including China:
to rely on US restraint, or to restrain
themselves.
The Obama administration's
attempt to deal with the issue of its first use of
cyber-warfare seems to go beyond hypocritical to
the pathetic.
There are rather risible
efforts to depict the Stuxnet worm - which caused
the centrifuges to disintegrate at supersonic
speeds - as little more than a prank, albeit a
prank that might impale hapless Iranian
technicians with aluminum shards traveling at
several hundred kilometres per hour, rather than a
massive exercise in industrial sabotage:
"The intent was that the failures
should make them feel they were stupid, which is
what happened," the participant in the attacks
said. When a few centrifuges failed, the
Iranians would close down whole "stands" that
linked 164 machines, looking for signs of
sabotage in all of them. "They overreacted," one
official said. "We soon discovered they fired
people."
According to Sanger, at least
President Obama knew what he was getting into:
Mr Obama, according to participants
in the many Situation Room meetings on Olympic
Games, was acutely aware that with every attack
he was pushing the United States into new
territory, much as his predecessors had with the
first use of atomic weapons in the 1940s, of
intercontinental missiles in the 1950s and of
drones in the past decade. He repeatedly
expressed concerns that any American
acknowledgment that it was using cyber-weapons -
even under the most careful and limited
circumstances - could enable other countries,
terrorists or hackers to justify their own
attacks.
"We discussed the irony, more
than once," one of his aides said. Another said
that the administration was resistant to
developing a "grand theory for a weapon whose
possibilities they were still discovering". Yet
Mr Obama concluded that when it came to stopping
Iran, the United States had no other choice ...
Mr Obama has repeatedly told his aides
that there are risks to using - and particularly
to overusing - the weapon. In fact, no country's
infrastructure is more dependent on computer
systems, and thus more vulnerable to attack,
than that of the United States. It is only a
matter of time, most experts believe, before it
becomes the target of the same kind of weapon
that the Americans have used, secretly, against
Iran.
Head
Office: Unit B, 16/F, Li Dong Building, No. 9 Li Yuen Street East,
Central, Hong Kong Thailand Bureau:
11/13 Petchkasem Road, Hua Hin, Prachuab Kirikhan, Thailand 77110
