Posts Tagged ‘Jared Cohen’

WannaCry & NotPetya

July 19, 2018

This post is based on “THE PERFECT WEAPON: War, Sabotage, & Fear in the Cyber Age,” by David E. Sanger. The North Koreans got software stolen from the NSA by the Shadow Brokers group. So, the NSA lost its weapons and the North Koreans shot them back.

The North Korean hackers married NSA’s tool to a new form of ransomware, which locks computers and makes their data inaccessible—unless the user pays for an electronic key. The attack was spread via a phishing email similar to the one used by Russian hackers in the attacks on the Democratic National Committee and other targets in 2016. It contained an encrypted, compressed file that evaded most virus-detection software. Once it burst alive inside a computer or network, users received a demand for $300 to unlock their data. It is not known how many paid, but those who did never got the key, if there ever was one—to unlock their documents and databases.

WannaCry, like the Russian attackers on the Ukraine power grid, was among a new generation of attacks that put civilians in the crosshairs. Jared Cohen, a former State Department official said, “If you’re wondering why you’re getting hacked—or attempted hacked—with greater frequency, it is because you are getting hit with the digital equivalent of shrapnel in an escalating state-against-state war, way out there in cyberspace.”

WannaCry shut down the computer systems of several major British hospital systems, diverting ambulances and delaying non-emergency surgeries. Banks and transportation systems across dozens of counties were affected. WannaCry hit seventy-four countries. After Britain, the hardest hit was Russia (Russia’s Interior Ministry was among the most prominent victims). The Ukraine and Taiwan were also hit.

It was not until December 2017, three years to the day after Obama accused North Korea of the Sony attacks, for the United States and Britain to formally declare that Kim Jong-un’s government was responsible for WannaCry. President Trump’s homeland security adviser Thomas Bossert said he was “comfortable” asserting that the hackers were “directed by the government of North Korea,” but said that conclusion came from looking at “not only the operational infrastructure, but also the tradecraft and the routine and the behaviors that we’ve seen demonstrated in past attacks. And so you have to apply some gumshoe work here, and not just some code analysis.”

“The gumshoe work stopped short of reporting about how Shadow Brokers allowed the North Koreans to get their hands on tools developed for the American cyber arsenal. Describing how the NSA enabled North Korean hackers was either too sensitive, too embarrassing or both. Bossert was honest about the fact that having identified the North Koreans, he couldn’t do much else to them. “President Trump has used just about every level you can use, short of starving the people of North Korea to death, to change their behavior,” Bossert acknowledged. “And so we don’t have a lot of room left here.”
The Ukraine was victim to multiple cyberattacks. One of the worst was NotPetya. NotPetya was nicknamed by the Kaspersky Lab, which is itself suspected by the US government of providing back doors to the Russian government via its profitable security products. This cyberattack on the Ukrainians seemed targeted at virtually every business in the country, both large and small—from the television stations to the software houses to any mom-and-pop shops that used credit cards. Throughout the country computer users saw the same broken-English message pop onto their screens. It announced that everything on the hard drives of their computers had been encrypted: “Oops, your important files have been encrypted…Perhaps you are busy looking to recover your files, but don’t waste your time.” Then the false claim was made that if $300 was paid in bitcoin the files would be restored.

NotPetya was similar to WannaCry. In early 2017 the Trump administration said that NotPetya was the work of the Russians. It was clear that the Russians had learned from the North Koreans. They made sure that no patch of Microsoft software would slow the spread of their code, and no “kill switch’ could be activated. NotPetya struck two thousand targets around the world, in more than 65 countries. Maersk, the Danish shipping company, was among the worst hit. They reported losing $300 million in revenues and had to replace four thousand servers and thousands of computers.

The Future of Technology and the Future of Terrorism

October 10, 2015

These topics are addressed in The New Digital Age:  Transforming Nations, Businesses, and Our Lives, a book by Eric Schmidt and Jared Cohen.  Eric Schmidt, Ph.D., is the executive chairman of Google.  He has a long history in the technology field.  Jared Cohen is the founder and director of Google Ideas.  He is a Rhodes Scholar and the author of two books, Children of Jihad and One Hundred Days of Silence.  From 2006 to 2010 he served as a member of the secretary of state’s Policy Planning Staff and as a close advisor to both Condolezza Rice and Hillary Clinton.  He is now an adjunct senior fellow and the Council of Foreign Relations.  So it is clear that these gentlemen are experts in the areas of which they write.  Moreover, they are widely traveled, having been to both war torn Iraq and Afghanistan.

For example, in Afghanistan they learned of an entire village that revolted against the Taliban when the extremist group tried to seize their phones.  In Kenya, they visited Maasi nomads in Loodariak who live without electricity or running water, but carry, along with their swords, mobile devices that they use to pay for items at the market.  In North Korea, citizens risk imprisonment in the gulags and in some cases death, which can also be applied to three generations of relatives, in order to obtain smuggled phones and tablets and make extremely risking trips to the Chinese border just to capture a signal.

There is simply too much material here to even attempt to summarize.   Descriptions by the experts on the development of technology can certainly be regarded as authoritative.  There are chapters on Our Future Selves, The Future of Identity, Citizenship, and Reporting, the Future of States, the Future of Revolution, the Future of Terrorism, the future of Conflict, Combat, and Intervention.  If one is prone to worrying, you might want to reconsider reading this book, for there is much to worry about, many nightmare scenarios.  Nevertheless , the discussion of cyberwarfare are detailed and informative.

Central to the discussion of terrorism is the question of what makes a person a terrorist? How can terrorism be fought?  General Stanley McChrystal draws on his experience from commanding troops against terrorist offers these suggestions.  “What defeats terrorism is really two things.  It’s the rule of law and then it’s opportunity for people.”  Young people need to be provide with context-rich alternatives and distractions that keep they from pursuing extremism.  Outsiders do not need to provide content, they just need to create the space.”

I think highly of the general’s ideas and recommendations.  However, I don’t think they provide a complete solution.  The terrorists who flew planes into the Trade Towers and the Pentagon were well educated and well off.  They had opportunity and context-rich alternatives.  These people need to be addressed at another level with helpful narratives to replace their distorted versions of reality.

The authors do identify the Achilles Heel of Terrorism, and that is technology itself.  To remain hidden, Osama bin Laden had to remain off-line to avoid capture.  But when he was captured his flash drives and hard drives contained a trove of information to fight the terrorists.

The authors remain optimistic.  They are especially optimistic about the future of reconstruction.  So once disasters or attacks strike, if communications technology is set up enough has bee learned about receiving from these disasters that recovery, if done right, can be done with increasing efficiency.

The authors note that there are physical and virtual civilizations.  Thy note that their case for optimism lies not in sci-fi gadgets or holograms, but in the check that technology and connectivity bring against the abuse, suffering, and distraction in our lives.

I hope the authors are correct, and they certainly know more than I do.  But there remains the potential of technology to be used by totalitarian regimes to control and abuse their populations.  RFID chips could be implanted in people so that their locations would always be known, and other technology could provide information on their activities.  So, I hope the authors are correct and that technology will be used for good rather than evil.

© Douglas Griffith and healthymemory.wordpress.com, 2015. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Douglas Griffith and healthymemory.wordpress.com with appropriate and specific direction to the original content.