Posts Tagged ‘Iran’

The Shadow Brokers

July 18, 2018

This is the fourth post based on David E Sanger’s, “THE PERFECT WEAPON: War, Sabotage, & Fear in the Cyber Age.” Within the NSA a group developed special tools for Tailored Access Operations (TAO). These tools were used to break into the computer networks of Russia, China, and Iran, among others. These tools were posted by a group that called itself the Shadow Brokers. NSA’s cyber warriors knew that the code being posted was malware they had written. It was the code that allowed the NSA to place implants in foreign systems, where they could lurk unseen for years—unless the target knew what the malware looked like. The Shadow Brokers were offering a product catalog.

Inside the NSA, this breach was regarded as being much more damaging than what Snowdon had done. The Shadow Brokers had their hands on the actual code, the cyberweapons themselves. These had cost tens of millions of dollars to create, implant, and exploit. Now they were posted for all to see—and for every other cyber player, from North Korea to Iran, to turn to their own uses.

“The initial dump was followed by many more, wrapped in taunts, broken English, a good deal of profanity, and a lot of references to the chaos of American politics.” The Shadow Brokers promised a ‘monthly dump service’ of stolen tools and left hints, perhaps misdirection, that Russian hackers were behind it all. One missive read, “Russian security peoples is becoming Russian hackers at nights, but only full moons.”

This post raised the following questions. Was this the work of the Russians, and if so was it the GRU trolling the NSA the way it was trolling the Democrats”? Did the GRU’s hackers break into the TAO’s digital safe, or did they turn an insider maybe several. And was this hack related to another loss of cyber trolls from the CIA’s Center for Cyber Intelligence which had been appearing for several months on the WikiLeaks site under the name “Vault 7?” Most importantly, was there an Implicit message in the publication of these tools, the threat that if Obama came after the Russians too hard for the election hack, more of the NSA’s code would become public?

The FBI and Brennan reported a continued decrease in Russian “probes” of the state election system. No one knew how to interpret the fact. It was possible that the Russians already had their implants in the systems they had targeted. One senior aide said, “It wouldn’t have made sense to begin sanctions” just when the Russians were backing away.

Michael Hayden, formerly of the CIA and NSA said that this was “the most successful covert operation in history.

THE PERFECT WEAPON

July 15, 2018

The title of this post is identical to the title of a book by David E. Sanger. The subtitle is “War, Sabotage, & Fear in the Cyber Age.” The following is from the Preface:

“Cyberweapons are so cheap to develop and so easy to hide that they have proven irresistible. And American officials are discovering that in a world in which almost everything is connected—phones, cars, electrical grids, and satellites—everything can be disrupted, if not destroyed. For seventy years, the thinking inside the Pentagon was that only nations with nuclear weapons could threaten America’s existence. Now that assumptions is in doubt.

In almost every classified Pentagon scenario for how a future confrontation with Russia and China, even Iran and North Korea, might play out, the adversary’s first strike against the United States would include a cyber barrage aimed at civilians. It would fry power grids, stop trains, silence cell phones, and overwhelm the Internet. In the worst case scenarios, food and water would begin to run out; hospitals would turn people away. Separated from their electronics, and thus their connections, Americans would panic, or turn against one another.

General Valery Gerasimov, an armor officer who after combat in the Second Chechen War, served as the commander of the Leningrad and then Moscow military districts. Writing in 2013 Gerasimov pointed to the “blurring [of] the lines between the state of war and the state of peace” and—after noting the Arab Awakening—observed that “a perfectly thriving state can, in a matter of months and even days, be transformed into an arena of fierce armed conflict…and sink into a web of chaos.” Gerasimov continued, “The role of nonmilitary means of achieving political and strategic goals has grown,” and the trend now was “the broad use of political, economic, informational humanitarian, and other nonmilitary measures—applied in coordination with the protest potential of the population.” He said seeing large clashes of men and metal as a “thing” of the past.” He called for “long distance, contactless actions against the enemy” and included in his arsenal “informational actions, devices, and means.” He concluded, “The information space opens wide asymmetrical possibilities for reducing the fighting potential of the enemy,” and so new “models of operations and military conduct” were needed.

Putin appointed Gerasimov chief of the general staff in late 2012. Fifteen months later there was evidence of his doctrine in action with the Russian annexation of Crimea and occupation of parts of the Donbas in eastern Ukraine. It should be clear from General Gerasimov and Putin appointing him as chief of the general staff, that the nature of warfare has radically

changed. This needs to be kept in mind when there is talk of modernizing our strategic nuclear weapons. Mutual Assured Destruction, with the appropriate acronym MAD, was never a viable means of traditional warfare. It was and still is a viable means of psychological warfare, but it needs to remain at the psychological level.

Returning to the preface, “After a decade of hearings in Congress, there is still little agreement on whether and when cyberstrikes constitute an act of war, an act of terrorism, mere espionage, or cyber-enabled vandalism.” Here HM recommends adopting Gerasimov and Putin’s new definition of warfare.

Returning to the preface, “But figuring out a proportionate yet effective response has now stymied three American presidents. The problem is made harder by the fact that America’s offensive cyber prowess has so outpaced our defense that officials hesitate to strike back.”

James A. Clapper, a former director of national intelligence said that was our problem with the Russians. There were plenty of ideas about how to get back at Putin: unplug Russia from the world’s financial system; reveal Putin’s links to the oligarchs; make some of his own money—and there was plenty hidden around the world—disappear. The question Clapper was asking was, “What happens next (after a cyber attack)? And the United States can’t figure out how to counter Russian attacks without incurring a great risk of escalation.

Sanger writes, “As of this writing, in early 2018, the best estimates suggest there have been upward of two hundred known state-on-state cyber atacks—a figure that describes only those made public.”

This is the first of many posts on this book.