Posts Tagged ‘David E. Sanger’

What Should Be Done

July 24, 2018

The first part of this post is taken from the Afterword of “THE PERFECT WEAPON: War, Sabotage, & Fear in the Cyber Age,” by David E. Sanger.

“The first is that our cyber capabilities are no longer unique. Russia and China have nearly matched America’s cyber skills; Iran and North Korea will likely do so soon, if they haven’t already. We have to adjust to that reality. Those countries will no sooner abandon their cyber arsenals than they will abandon their nuclear arsenals or ambitions. The clock cannot be turned back. So it is time for arms control.”

“Second, we need a playbook for responding to attacks, and we need to demonstrate a willingness to use it. It is one thing to convene a ‘Cyber Action Group’ as Obama did fairly often, and have them debate when there is enough evidence and enough concert to recommend to the president a ‘proportional response.’ It is another thing to respond quickly and effectively when such an attack occurs.”

“Third, we must develop our abilities to attribute attacks and make calling out any adversary the standard response to cyber aggression. The Trump administration, in its first eighteenth months, began doing just this: it named North Korea as the culprit in WannaCry and Russia as the creators of NotPetya. It needs to do that more often, and faster. “

“Fourth, we need to rethink the wisdom of reflexive secrecy around our cyber capabilities. Certainly, some secrecy about how our cyberweapons work is necessary—though by now, after Snowdon and Shadow Brokers, there is not much mystery left. America’s adversaries have a pretty complete picture of how the United States breaks into the darkest of cyberspace. “

“Fifth, the world tends to move ahead with setting these norms of behavior even if governments are not yet ready. Classic arms-control treaties won’t work: they take years to negotiate and more to ratify. With the blistering pace of technological change in cyber, they would be outdated before they ever went into effect. The best hope is to reach a consensus on principles that begins with minimizing the danger to ordinary civilians, the fundamental political goal of most rules of warfare. There are several ways to accomplish that goal, all of them with significant drawbacks. But the most intriguing, to my mind, has emerged under the rubric of a “Digital Geneva Convention,” in which companies—not countries—take the lead in the short term. But countries must then step up their games too.”

There is much more in this book than could be covered in these healthymemory posts. The primary objective was to raise awareness of this new threat, this new type of warfare, and how ill-prepared we are to respond to it and to fight it. You are encouraged to buy this book and read it for yourself. If this book is relevant to your employment, have your employer buy this book.
It is important to understand that Russia made war on us by attacking our election, and that they shall continue to do so. Currently we have a president who refuses to believe that we have been attacked. Moreover, it is possible that this president colluded with the enemy in this attack. Were he innocent, he would simply let the investigation take its course. Through his continuing denials, cries of witch hunt, and his attacks on the intelligence agencies and justice department are unconscionable. This has been further exacerbated by Republicans aiding in this effort to undermine our democracy.

© Douglas Griffith and healthymemory.wordpress.com, 2018. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Douglas Griffith and healthymemory.wordpress.com with appropriate and specific direction to the original content.

The 2016 Election—Part Three

July 22, 2018

This post is based on David E Sanger’s, “THE PERFECT WEAPON: War, Sabotage, & Fear in the Cyber Age.” Once the GRU via Gucci 2.0, DCLeaks, and WikiLeaks, began distributing the hacked emails, each revelation of the DNC’s infighting or Hillary Clinton’s talks at fund raisers became big news. The content of the leaks overwhelmed the bigger, more important questions of whether everyone—staring with the news organizations reporting the contents of the emails—was doing Putin’s bidding. When in early August John Brennan, the CIA Director, began sending intelligence reports over to the White House in sealed envelopes, the administration was preoccupied with the possibility that a far larger plot was under way. The officials feared that the DNC was only an opening shot, or a distraction. Reports were trickling in about constant “probes” of election systems in Arizona and Illinois were traced back to Russian hackers. Two questions were: Was Putin’s bigger plan to hack the votes on November 8? and how easy would that be to pull off?

Brennan’s intelligence reports of Putin’s intentions and orders made the CIA declare with “high confidence” that the DNC hack was the work of he Russian government at a time when the NSA and other intelligence agencies still harbored doubts. The sources described a coordinated campaign ordered by Putin himself, the ultimate modern-day cyber assault—subtle, deniable, launched on many fronts-incongruously directed from behind the six-hundred walls of the Kremlin. The CIA concluded that Putin didn’t think Trump could win the election. Putin, like everyone else, was betting that his nemesis Clinton would prevail. He was hoping to weaken her by fueling a post-election-day narrative, that she had stolen the election by vote tampering.

Brennan argued that Putin and his aides had two goals: “Their first objective was to undermine the credibility and integrity of the US electoral process. They were trying to damage Hillary Clinton. They thought she would be elected and they wanted her bloodied by the time she was going to be inaugurated;” but Putin was hedging his bets by also trying to promote the prospects of Mr. Trump.

[Excuse the interruption of this discussion to consider where we stand today. Both Putin and Trump want to undermine the credibility and integrity of the US electoral process. Trump has been added because he is doing nothing to keep the Russians from interfering again. Much is written about the possibility of a “Blue Wave” being swept into power in the mid-term elections. Hacking into the electoral process again with no preventive measures would impede any such Blue Wave. Trump fears a Blue Wave as it might lead to his impeachment. This is one of his “Remain President and Keep Out of Jail Cards. Others will be discussed in later posts. ]

Returning to the blog, at this time Trump began warning about election machine tampering. He appeared with Sean Hannity on Fox News promoting his claim of fraudulent voting. He also complained about needing to scrub the voting rolls and make it as difficult as possible for non-Trump voters to vote. Moreover, he used this as his excuse for losing the popular election.

At this time Russian propaganda was in full force via the Russian TV network and Breitbart News, Steve Bannion’s mouthpiece.

A member of Obama’s team, Haines said he didn’t realized that two-thirds of American adults get their news through social media. He said, “So while we knew somethig about Russian efforts to manipulate social media, I think it is fair to say that we did not recognize the extent of the vulnerability.

Brennan was alarmed at the election risk from the Russians. He assembled a task force of CIA, NSA, and FBI experts to sort through the evidnce. And as his sense of alarm increased, he decided that he needed to personally brief the Senate and House leadership about the Russian infiltrations. One by one he got to these leaders and they had security clearances so he could paint a clear picture of Russia’s efforts.

As soon as the session with twelve congressional leaders led by Mitch McConnell began it went bad. It devolved into a partisan debate. McConnell did not believe what he was being told. He chastised the intelligence officials for buying into what he claimed was Obama administration spin. Comey tried to make the point that Russian had engaged in this kind of activity before, but this time it was on a far broader scale. The argument made no difference, It became clear that McConnell would not sign on to any statement blaming the Russians.

It should be remembered that when Obama was elected, McConnell swore he would do everything in his power to keep Obama from being reelected. McConnell is a blatant racist and 100% politician. The country is much worse for it. For McConnell professionals interested in determining the truth do not exist. All that exists is what is politically expedient for him.

There was much discussion regarding what to do about Russia. DNI Clapper warned that if the Russians truly wanted to escalate, the had an easy path. Their implants were already deep inside the American electric grid. The most efficient for turning Election Day into a chaotic finger-pointing mess would be to plunge key cities into darkness, even for just a few hours.

Another issue was that NSA’s tools had been compromised. Their implants in foreign systems exposed, the NSA temporarily went dark. At a time when the White House and Pentagon were demanding more options on Russia and a stepped-up campaign against ISIS, the NSA was building new tools because their old ones had been blown.

The 2016 Election—Part Two

July 21, 2018

This post is based on David E Sanger’s, “THE PERFECT WEAPON: War, Sabotage, & Fear in the Cyber Age.” In March 2016 “Fancy Bear,” a Russian group associated with the GRU (Russian military intelligence) broke into the computers of the Democratic Congressional Campaign Committee before moving into the DNC networks as well. “Fancy Bear” was busy sorting through Podesta’s email trove. The mystery was what the Russians planned to do with the information they had stolen. The entire computer infrastructure at the DNC needed to be replaced. Otherwise it would not be known for sure where the Russians had buried implants in the system.

The DNC leadership began meeting with senior FBI officials in mid-June. In mid-June, the DNC leadership decided to give the story of the hack to the Washington Post. Both the Washington Post snd the New York Times ran it, but it was buried in the political back pages. Unlike the physical Watergate break-in, the significance of a cyber break in had yet to be appreciated.

The day after the Post and the Times ran they stories a persona with the screen name Guccifer 2.0 burst onto the web, claiming that he—not some Russian group—had hacked the DNC. His awkward English, a hallmark of the Russian effort made it clear he was not a native speaker. He contended he was just a very talented hacker, writing:

Worldwide known cyber security company CrowdStrike announced that the Democratic National Committee (DNC) servers had been hacked by “sophisticated” hacker groups.

I’m very please the company appreciated mu skills so highly)))
But in fact, it was easy, very easy.

Guccifer may have been the first one who penetrated Hillary Clinton’s and other Democrats’ mail servers. But he certainly wasn’t the last. No wonder any other hacker could easily get access to the DNC’s servers.

Shame on CrowdStrike: Do you think I’ve been in the DNC’s networks for almost a year and saved only 2 documents? Do you really believe it?

He wrote that thousands of files and emails were now in the hands of WikiLeaks. He predicted that they would publish them soon.

Sanger writes, “There was only one explanation for the purpose of releasing the DNC documents: to accelerate the discord between the Clinton camp and the Bernie Sanders camp, and to embarrass the Democratic leadership. That was when the phrase “weaponizing” information began to take off. It was hardly a new idea. The web just allowed it to spread faster than past generations had ever known.”

Sanger continues, “The digital break-in at the DNC was strange enough, but Trump’s insistence that there was no way it could be definitively traced to the Russians was even stranger, Yet Trump kept declaring he admired Putin’s “strength,” as if strength was the sole qualifying characteristic of a good national leader…He never criticized Putin’s moves against Ukraine, his annexation of Crimea, or his support of Bashar al-Assad in Syria.”

The GRU-linked emails weren’t producing as much news as they had hoped, so the next level of the plan kicked in: activating WikiLeaks. The first WikiLeaks dump was massive: 44,000 emails, more than 17,000 attachments. The deluge started right before the Democratic National Convention .

Many of these documents created discord in the convention. The party’s chair, Wasserman Schultz had to resign just ahead of the convention over which she was to preside. In the midst of the convention Sanger and his colleague Nicole Perlroth wrote: “An unusual question is capturing the attention of cyber specialists, Russia experts and Democratic Party leaders in Philadelphia: Is Vladimir V. Putin trying to meddle in the American Presidential Election?”

A preliminary highly classified CIA assessment circulating in the White House concluded with “high confidence” the the Russian government was behind the theft of emails and documents from the Democratic National Committee. This was the first time the government began to signal that a larger plot was under way.

Still the White House remained silent. Eric Schmitt and Sanger wrote,” The CIA evidence leaves President Obama and his national security aides with a difficult diplomatic decision: whether to publicly accuse the government of Vladimir V. Putin of engineering the hacking.”

Trump wrote on Twitter, “The new joke in town is that Russia leaked the disastrous DNC emails, which never should have been written (stupid), because Putin likes me.”

Sanger writes, “Soon it would not be a joke.

The 2016 Election—Part One

July 20, 2018

This post is based on David E Sanger’s, “THE PERFECT WEAPON: War, Sabotage, & Fear in the Cyber Age.” In the middle of 2015 the Democratic National Committee asked Richard Clarke to assess the political organization’s digital vulnerabilities. He was amazed at what his team discovered. The DNC—despite its Watergate History, despite the well-publicized Chinese and Russian intrusion into the Obama campaign computers in 2008 and 2012—was securing its data with the kind of minimal techniques one would expect to find at a chain of dry cleaners. The way spam was filtered wasn’t even as sophisticated as what Google’s Gmail provides; it certainly wasn’t prepared for a sophisticated attack. And the DNC barely trained its employees to spot a “spear phishing” of the kind that fooled the Ukrainian power operators into clicking on a link, only to steal whatever passwords are entered. It lacked any capability for detecting suspicious activity in the network such as the dumping of data to a distant server. Sanger writes, “It was 2015, and the committee was still thinking like it was 1792.”

So Clarke’s team came up with a list of urgent steps the DNC needed to take to protect itself. The DNC said they were too expensive. Clarke recalled “They said all their money had to go into the presidential race.” Sanger writes, “Of the many disastrous misjudgments the Democrats made in the 2016 elections, this one may rank as the worst.” A senior FBI official told Sanger, “These DNC guys were like Bambi walking in the woods, surrounded by hunters. They had zero chance of surviving an attack. Zero.”

When an intelligence report from the National Security Agency about a suspicious Russian intrusion into the computer networks at the DNC was tossed onto Special Agent Adrian Hawkin’s desk at the end of the summer of 2015, it did not strike him or his superiors at the FBI as a four-alarm fire. When Hawkins eventually called the DNC switchboard, hoping to alert its computer-security team to the FBI’s evidence of Russian hacking he discovered that they didn’t have a computer-security team. In November 2015 Hawkins contacted the DNC again and explained that the situation was worsening. This second warning still did not set off alarms.

Anyone looking for a motive for Putin to poke into the election machinery of the United States does not have to look far: revenge. Putin had won his election, but had essentially assured the outcome. This evidence was on video that went viral.
Clinton, who was Secretary of State, called out Russia for its antidemocratic behavior. Putin took the declaration personally. The sign of actual protesters, shouting his name, seemed to shake the man known for his unchanging countenance. He saw this as an opportunity. He declared that the protests were foreign-inspired. At a large meeting he was hosting, he accused Clinton of being behind “foreign money” aimed at undercutting the Russian state. Putin quickly put down the 2011 protests and made sure that there was no repetition in the aftermath of later elections. His mix of personal grievance at Clinton and general grievance at what he viewed as American hypocrisy never went away. It festered.

Yevgeny Prigozhin developed a large project for Putin: A propaganda center called the Internet Research Agency (IRA). It was housed in a squat four-story building in Saint Petersburg. From that building, tens of thousands of tweets, Facebook posts, and advertisements were generated in hopes of triggering chaos in the United States, and, at the end of the processing, helping Donald Trump, a man who liked oligarchs, enter the Oval Office.

This creation of the IRA marked a profound transition in how the Internet could be put to use. Sanger writes, “For a decade it was regarded as a great force for democracy: as people of different cultures communicated, the best ideas would rise to the top and autocrats would be undercut. The IRA was based on the opposite thought: social media could just as easily incite disagreements, fray social bonds, and drive people apart. While the first great blush of attention garnered by the IRA would come because of its work surrounding the 2016 election, its real impact went deeper—in pulling at the threads that bound together a society that lived more and more of its daily life the the digital space. Its ultimate effect was mostly psychological.”

Sanger continues, “There was an added benefit: The IRA could actually degrade social media’s organizational power through weaponizing it. The ease with which its “news writers” impersonated real Americans—or real Europeans, or anyone else—meant that over time, people would lose trust in the entire platform. For Putin, who looked at social media’s role in fomenting rebellion in the Middle East and organizing opposition to Russia in Ukraine, the notion of calling into question just who was on the other end of a Tweet or Facebook post—of making revolutionaries think twice before reaching for their smartphones to organize—would be a delightful by-product. It gave him two ways to undermine his adversaries for the price of one.”

The IRA moved on to advertising. Between June 2015 and August 2017 the agency and groups linked to it spent thousands of dollars on Facebook as each month, at a fraction of the cost for an evening of television advertising on a local American television stations. In this period Putin’s trolls reached up to 126 million Facebook users, while on Twitter they made 288 million impressions. Bear in mind that there are about 200 million registered voters in the US and only 139 million voted in 2016.

Here are some examples of the Facebook posts. A doctored picture of Clinton shaking hands with Osama bin Laden or a comic depicting Satan arm-wrestling Jesus. The Satan figures says “If I win, Clinton wins.” The Jesus figure responds, “Not if I can help it.”

The IRA dispatched two of their experts, a data analyst and a high-ranking member of the troll farm. They spent three weeks touring purple states. They did rudimentary research and developed an understanding of swing states (something that doesn’t exist in Russia). This allows the Russians to develop an election-meddling strategy, which allows the IRA to target specific populations within these states that might be vulnerable to influence by social media campaigns operated by trolls across the Atlantic.

Russian hackers also broke into the State Department’s unclassified email system, and they might also have gotten into some “classified” systems. They also managed to break into the White House system. In the end, the Americans won the cyber battle in the State and White House systems, though they did not fully understand how it was part of an escalation of a very long war.

The Russians also broke into Clinton’s election office in Brooklyn. Podesta fell prey to a phishing attempt. When he changed his password the Russians obtained access to sixty thousand emails going back a decade.

WannaCry & NotPetya

July 19, 2018

This post is based on “THE PERFECT WEAPON: War, Sabotage, & Fear in the Cyber Age,” by David E. Sanger. The North Koreans got software stolen from the NSA by the Shadow Brokers group. So, the NSA lost its weapons and the North Koreans shot them back.

The North Korean hackers married NSA’s tool to a new form of ransomware, which locks computers and makes their data inaccessible—unless the user pays for an electronic key. The attack was spread via a phishing email similar to the one used by Russian hackers in the attacks on the Democratic National Committee and other targets in 2016. It contained an encrypted, compressed file that evaded most virus-detection software. Once it burst alive inside a computer or network, users received a demand for $300 to unlock their data. It is not known how many paid, but those who did never got the key, if there ever was one—to unlock their documents and databases.

WannaCry, like the Russian attackers on the Ukraine power grid, was among a new generation of attacks that put civilians in the crosshairs. Jared Cohen, a former State Department official said, “If you’re wondering why you’re getting hacked—or attempted hacked—with greater frequency, it is because you are getting hit with the digital equivalent of shrapnel in an escalating state-against-state war, way out there in cyberspace.”

WannaCry shut down the computer systems of several major British hospital systems, diverting ambulances and delaying non-emergency surgeries. Banks and transportation systems across dozens of counties were affected. WannaCry hit seventy-four countries. After Britain, the hardest hit was Russia (Russia’s Interior Ministry was among the most prominent victims). The Ukraine and Taiwan were also hit.

It was not until December 2017, three years to the day after Obama accused North Korea of the Sony attacks, for the United States and Britain to formally declare that Kim Jong-un’s government was responsible for WannaCry. President Trump’s homeland security adviser Thomas Bossert said he was “comfortable” asserting that the hackers were “directed by the government of North Korea,” but said that conclusion came from looking at “not only the operational infrastructure, but also the tradecraft and the routine and the behaviors that we’ve seen demonstrated in past attacks. And so you have to apply some gumshoe work here, and not just some code analysis.”

“The gumshoe work stopped short of reporting about how Shadow Brokers allowed the North Koreans to get their hands on tools developed for the American cyber arsenal. Describing how the NSA enabled North Korean hackers was either too sensitive, too embarrassing or both. Bossert was honest about the fact that having identified the North Koreans, he couldn’t do much else to them. “President Trump has used just about every level you can use, short of starving the people of North Korea to death, to change their behavior,” Bossert acknowledged. “And so we don’t have a lot of room left here.”
The Ukraine was victim to multiple cyberattacks. One of the worst was NotPetya. NotPetya was nicknamed by the Kaspersky Lab, which is itself suspected by the US government of providing back doors to the Russian government via its profitable security products. This cyberattack on the Ukrainians seemed targeted at virtually every business in the country, both large and small—from the television stations to the software houses to any mom-and-pop shops that used credit cards. Throughout the country computer users saw the same broken-English message pop onto their screens. It announced that everything on the hard drives of their computers had been encrypted: “Oops, your important files have been encrypted…Perhaps you are busy looking to recover your files, but don’t waste your time.” Then the false claim was made that if $300 was paid in bitcoin the files would be restored.

NotPetya was similar to WannaCry. In early 2017 the Trump administration said that NotPetya was the work of the Russians. It was clear that the Russians had learned from the North Koreans. They made sure that no patch of Microsoft software would slow the spread of their code, and no “kill switch’ could be activated. NotPetya struck two thousand targets around the world, in more than 65 countries. Maersk, the Danish shipping company, was among the worst hit. They reported losing $300 million in revenues and had to replace four thousand servers and thousands of computers.

The Shadow Brokers

July 18, 2018

This is the fourth post based on David E Sanger’s, “THE PERFECT WEAPON: War, Sabotage, & Fear in the Cyber Age.” Within the NSA a group developed special tools for Tailored Access Operations (TAO). These tools were used to break into the computer networks of Russia, China, and Iran, among others. These tools were posted by a group that called itself the Shadow Brokers. NSA’s cyber warriors knew that the code being posted was malware they had written. It was the code that allowed the NSA to place implants in foreign systems, where they could lurk unseen for years—unless the target knew what the malware looked like. The Shadow Brokers were offering a product catalog.

Inside the NSA, this breach was regarded as being much more damaging than what Snowdon had done. The Shadow Brokers had their hands on the actual code, the cyberweapons themselves. These had cost tens of millions of dollars to create, implant, and exploit. Now they were posted for all to see—and for every other cyber player, from North Korea to Iran, to turn to their own uses.

“The initial dump was followed by many more, wrapped in taunts, broken English, a good deal of profanity, and a lot of references to the chaos of American politics.” The Shadow Brokers promised a ‘monthly dump service’ of stolen tools and left hints, perhaps misdirection, that Russian hackers were behind it all. One missive read, “Russian security peoples is becoming Russian hackers at nights, but only full moons.”

This post raised the following questions. Was this the work of the Russians, and if so was it the GRU trolling the NSA the way it was trolling the Democrats”? Did the GRU’s hackers break into the TAO’s digital safe, or did they turn an insider maybe several. And was this hack related to another loss of cyber trolls from the CIA’s Center for Cyber Intelligence which had been appearing for several months on the WikiLeaks site under the name “Vault 7?” Most importantly, was there an Implicit message in the publication of these tools, the threat that if Obama came after the Russians too hard for the election hack, more of the NSA’s code would become public?

The FBI and Brennan reported a continued decrease in Russian “probes” of the state election system. No one knew how to interpret the fact. It was possible that the Russians already had their implants in the systems they had targeted. One senior aide said, “It wouldn’t have made sense to begin sanctions” just when the Russians were backing away.

Michael Hayden, formerly of the CIA and NSA said that this was “the most successful covert operation in history.

THE PERFECT WEAPON

July 15, 2018

The title of this post is identical to the title of a book by David E. Sanger. The subtitle is “War, Sabotage, & Fear in the Cyber Age.” The following is from the Preface:

“Cyberweapons are so cheap to develop and so easy to hide that they have proven irresistible. And American officials are discovering that in a world in which almost everything is connected—phones, cars, electrical grids, and satellites—everything can be disrupted, if not destroyed. For seventy years, the thinking inside the Pentagon was that only nations with nuclear weapons could threaten America’s existence. Now that assumptions is in doubt.

In almost every classified Pentagon scenario for how a future confrontation with Russia and China, even Iran and North Korea, might play out, the adversary’s first strike against the United States would include a cyber barrage aimed at civilians. It would fry power grids, stop trains, silence cell phones, and overwhelm the Internet. In the worst case scenarios, food and water would begin to run out; hospitals would turn people away. Separated from their electronics, and thus their connections, Americans would panic, or turn against one another.

General Valery Gerasimov, an armor officer who after combat in the Second Chechen War, served as the commander of the Leningrad and then Moscow military districts. Writing in 2013 Gerasimov pointed to the “blurring [of] the lines between the state of war and the state of peace” and—after noting the Arab Awakening—observed that “a perfectly thriving state can, in a matter of months and even days, be transformed into an arena of fierce armed conflict…and sink into a web of chaos.” Gerasimov continued, “The role of nonmilitary means of achieving political and strategic goals has grown,” and the trend now was “the broad use of political, economic, informational humanitarian, and other nonmilitary measures—applied in coordination with the protest potential of the population.” He said seeing large clashes of men and metal as a “thing” of the past.” He called for “long distance, contactless actions against the enemy” and included in his arsenal “informational actions, devices, and means.” He concluded, “The information space opens wide asymmetrical possibilities for reducing the fighting potential of the enemy,” and so new “models of operations and military conduct” were needed.

Putin appointed Gerasimov chief of the general staff in late 2012. Fifteen months later there was evidence of his doctrine in action with the Russian annexation of Crimea and occupation of parts of the Donbas in eastern Ukraine. It should be clear from General Gerasimov and Putin appointing him as chief of the general staff, that the nature of warfare has radically

changed. This needs to be kept in mind when there is talk of modernizing our strategic nuclear weapons. Mutual Assured Destruction, with the appropriate acronym MAD, was never a viable means of traditional warfare. It was and still is a viable means of psychological warfare, but it needs to remain at the psychological level.

Returning to the preface, “After a decade of hearings in Congress, there is still little agreement on whether and when cyberstrikes constitute an act of war, an act of terrorism, mere espionage, or cyber-enabled vandalism.” Here HM recommends adopting Gerasimov and Putin’s new definition of warfare.

Returning to the preface, “But figuring out a proportionate yet effective response has now stymied three American presidents. The problem is made harder by the fact that America’s offensive cyber prowess has so outpaced our defense that officials hesitate to strike back.”

James A. Clapper, a former director of national intelligence said that was our problem with the Russians. There were plenty of ideas about how to get back at Putin: unplug Russia from the world’s financial system; reveal Putin’s links to the oligarchs; make some of his own money—and there was plenty hidden around the world—disappear. The question Clapper was asking was, “What happens next (after a cyber attack)? And the United States can’t figure out how to counter Russian attacks without incurring a great risk of escalation.

Sanger writes, “As of this writing, in early 2018, the best estimates suggest there have been upward of two hundred known state-on-state cyber atacks—a figure that describes only those made public.”

This is the first of many posts on this book.