Page 1 of
2 The worm
that turned on the US By John
Feffer
The Pentagon has traditionally
presented cyber-war as "their hackers" against
"our defenders". Out there, especially in China, a
faceless horde of anonymous computer users are
arrayed against the United States in an updated
version of the "yellow peril".
In 2010,
the Pentagon complained publicly for the first
time about the Chinese government deploying
civilian hackers to go after US targets. These
cyber-attacks date back at least to 1999 when,
after the North Atlantic Treaty Organization
(NATO) bombed the Chinese Embassy in Belgrade,
Chinese hackers launched a slew of "denial of
service" attacks that, among other results, shut
down the White House website for three days.
According to the experts, we're suffering
death by a thousand
hacks. In his book
America the Vulnerable, Joel Brenner starts
out the introductory chapter by bemoaning the
Chinese download of 20 terabytes of information
from the Defense Department in an infamous
maneuver from several years ago.
"To carry
this volume of documents in paper form, you'd need
a line of moving vans stretching from the Pentagon
to the Chinese freighters docked in Baltimore
harbor fifty miles [80 kilometers] away. If the
Chinese tried to do that, we'd have the National
Guard out in 15 minutes. But when they did it
electronically, hardly anyone noticed."
Brenner doesn't address whether the
Chinese actually found anything useful in that
enormous data dump, nor does the former senior
counsel at the National Security Agency talk about
what the United States has stolen from the
Chinese. Threat, after all, sells books (as well
as high-priced intelligence programs and weapon
systems).
Washington is not just worried
about Beijing. The US government loses sleep over
Russians, al-Qaeda sympathizers and even
disgruntled computer nerds on the home front. US
authorities have vigorously pursued Anonymous, the
hacker tribe that has targeted corporate websites
unfriendly to the Occupy movement and to
WikiLeaks.
There's a reason it's called
the Defense Department and not the War Office.
Listen to Washington and you'd think the United
States was simply a healthy body under attack by a
legion of foreign microbes in league with
traitorous parasites within. But several major
news stories over the past week paint a very
different picture of the US government approach to
cyber-war. It turns out that our hands are not
clean at all.
The Barack Obama
administration indirectly confirmed last week,
through a leak in The New York Times, that it had
teamed up with Israel to create Stuxnet, the worm
that burrowed into Iran's nuclear program and
created havoc in its uranium-enrichment
centrifuges.
More disturbing perhaps has
been the administration's attempts to extend
"full-spectrum dominance" to the cyber-world. We
might sound all defensive. But in fact we've been
quite offensive in our actions.
The
Stuxnet worm, part of a secret US program
codenamed Olympic Games, was initially a George W
Bush administration effort. As he passed the
presidential baton onto Obama, Bush urged his
successor to preserve two programs: the Olympic
Games and the drone attacks in Pakistan.
Obama complied on both. The virus was
intended to instruct Iranian centrifuges to
essentially destroy themselves. In 2010, however,
the bug jumped from the Natanz facility in Iran to
the Internet, where it began to replicate wildly,
a programming error that Obama aides blamed on
their Israeli partners. Still, the bug remained
anonymous, and Washington pushed ahead with the
program. Eventually, a new version of Stuxnet
damaged one-fifth of Iran's centrifuges, setting
back the program for an unknown period of time.
The Obama administration has apparently
approved this leak, for it has not issued any
denials. Going into the autumn elections, Obama
the presidential candidate wants to make sure that
the Republicans can't charge him with appeasing
Iran. Stuxnet is the cyber equivalent of
assassinating Osama bin Laden: a mission that
demonstrates that the Obama administration is
daring, is willing to break rules and play dirty,
and operates as if the world is a video game and
Americans have special powers.
But Stuxnet
also raises certain expectations. "Some officials
question why the same techniques have not been
used more aggressively against North Korea," David
Sanger writes in his investigative report. "Others
see chances to disrupt Chinese military plans,
forces in Syria on the way to suppress the
uprising there, and Qaeda operations around the
world."
The Pentagon may have already used
these techniques against the competition. For two
years, the Pentagon's Cyber Command has been
overseeing the development of various cyber
weapons, a process that has recently been
fast-tracked. And the administration just
announced its effort to crowd-source cyber warfare
through "Plan X".
The $110-million program
will solicit proposals from universities and
video-game manufacturers. Plan X's parent agency,
the Defense Advanced Research Projects Agency
(DARPA), is reportedly shifting its cyber-efforts
from the defensive to the offensive.
Since
the end of the Cold War, the United States has
tried to sustain its singular superpower status
through "full spectrum dominance". Such dominance,
according to the Joint Vision 2020 from those
pre-9/11 days of June 2000, means "the ability of
US forces, operating alone or with allies, to
defeat any adversary and control any situation
across the range of military operation".
The spectrum has included cyber-space for
some time. Offensive cyber-tactics fall into five
basic categories: using the Internet to win hearts
and minds; denial of service attacks that
effectively paralyze websites; electronic attacks
on infrastructure such as nuclear power plants;
sabotage through the sale of defective hardware or
software; and operational attacks that accompany
conventional battle plans, as when Israel disabled
Syrian radar systems when it bombed a suspected
nuclear weapons facility in 2007.
Hackers
have long realized that even sophisticated systems
have backdoors. The United States is slowly waking
up to the realization that its basic
infrastructure - power plants, waste-treatment
facilities, indeed anything controlled by a
computer - is vulnerable to hostile take-over.
The search engine Shodan shows all the
different computers you can access online. "One
researcher using the system," according to a
recent Washington Post story, "found that a
nuclear particle accelerator at the University of
California at Berkeley was linked to the Internet
with virtually no security."
I can imagine
a group of hackers over at Fort Meade that the
National Security Agency pays handsomely to map
all the vulnerable points in the infrastructure of
other countries. Even as the United States
scrambles to patch its own leaks, it is no doubt
making plans to breach the cyber-Maginot Lines of
its adversaries.
All's fair in love and
war, you might say. But we ramp up our e-offensive
at no inconsiderable risk to ourselves. Our
cyber-attacks, as with any offensive strategy, can
provoke retaliation. Sanger concludes his Stuxnet
investigation with a cautionary note: "It is only
a matter of time, most experts believe, before
[the United States] becomes the target of the same
kind of weapon that the Americans have used,
secretly, against Iran."
Retaliation, in
this case, comes with a twist. Ordinary citizens
can't send their own unmanned aerial vehicles to
the United States. But some ordinary citizens can
leverage the power of the Internet to hack into US
sites and cause considerable damage.
Head
Office: Unit B, 16/F, Li Dong Building, No. 9 Li Yuen Street East,
Central, Hong Kong Thailand Bureau:
11/13 Petchkasem Road, Hua Hin, Prachuab Kirikhan, Thailand 77110
