24 August 2017

Software and Hard Consequences


BY: Joseph Bottum

World War III has started, and almost no one seems to have noticed. Or perhaps the Cold War is a better analogy, if the Cold War had 20 sides fighting each other all at once and, again, if almost no one was paying enough attention to realize what is going on.

At least, this is what Alexander Klimburg insists in The Darkening Web, his new book on the battles of cyberspace. It's a quiet war, in the sense that few have died thus far, but it has the potential to be murderous, and every year raises the stakes of that war. The Chinese may be the world's leading players, but in November 2014, North Korea raised its status by stealing and posting publicly confidential information from the Sony corporation, and then erasing Sony's computers—all in revenge for a minor comedy film mocking Kim Jong Un.

And then, of course, there are the Russians, both on the level of government and the level of individual criminals. In December 2015, during the Russian Army's push into Ukraine, Klimburg points out, "Ukraine became the first country to suffer a verified large-scale cyber attack on its critical infrastructure. Over 225,000 Ukrainians lost their light and heating in the middle of winter when a cyberattack disabled part of the country's power grid."

Meanwhile, we have hackers for money and hackers for mischief and even hackers on a mission, conducting distributed-denial-of-service attacks and information thefts in the name of one ideology or another. This spring, 16 hospitals in Great Britain were shut down by the WannaCry ransomware virus, which locked patients' computerized records until a small ransom had been paid to a bitcoin account. Similar attacks occurred across Europe and in the United States.

The United States has committed its share of these attacks. In 2009, the centrifuges Iran was using to enrich uranium were sabotaged with the Stuxnet virus, which is now generally agreed to have been a joint American-Israeli exploit. As far as that goes, the United States conducted the first massively successful international hack all the way back in 1981. The CIA learned from its KGB double agent Vladimir Vetrov that the Soviets were looking for software to control the trans-Siberian pipeline. So the CIA allowed the Soviets to steal a sabotaged version of the American software, which in 1982 caused an explosion large enough to be seen from space that destroyed a large portion of the Russian pipeline. Depriving the Soviets of potentially $8 billion a year in oil revenues, it is probably the greatest spy exploit achieved during the Cold War.

But these days the United States mostly operates as something like the backstop, the guarantor of world order, in the new cybernetic space. Or, at least, that's how it should be. There looms "an Armageddon," Klimburg writes, that only the "liberal democracies have the power to avert." But the American spy agencies have reserved for themselves the right to act as international rogue warriors in the cyber realm and thereby weaken the power of the United States to keep the internet in balance. The WannaCry ransomware attack exploited a mysteriously leaked vulnerability in Microsoft Windows that the NSA had previously discovered but not reported, hoping to use the vulnerability for its own spy work. Again and again, Klimburg insists, the American attempt "to achieve total dominance" in internet warfare "can be safely said to have totally backfired."

The overwriting and failure of tone in such clauses form a problem for The Darkening Web. Sentence by sentence, Klimburg just isn't a good writer, studding his text with confusing acronyms and launching into unnecessarily long-winded explanations of topics that weren't necessary for his point in the first place—as when he wanders into an excursus about "path dependency" without much of a clear path back out again.

Chapter by chapter, however, Klimburg has written a powerful and frightening book. The internet is, he thinks, "a fabulous artifice of human civilization," and its (mostly libertarian) early proponents taught us the belief that it would be a device "for advancing freedoms and prosperity." Unfortunately, the current direction of the Cold War of Cyberspace means it may well "become instead a dark web of subjugation." The "international cyber arms race" is "threatening the overall stability and security . . . of our very societies."

The Darkening Web asks us to distinguish three different species of computer attacks. The first is the genuinely and immediately violent: the cyber equivalent of actual war in which we hack a system to turn off automated defenses or cause a dam or a power grid to fail. The 2015 Russian assault on the Ukranian electrical system makes for a clear example.

The second form of computerized attack is the hack for information—loudly announced when done for political effect, but often kept quiet as secret spy work. The phishing attack that cracked the Democratic party's email servers during the 2016 presidential race is an obvious case of an attack in search of embarrassing or sensitive information.

Finally, there is the role of propaganda through the internet, in the form of pushing fake news or the form of restricting disfavored speech. Russia dominates recent press accounts about the first form, but China is the master of the second. Under pressure from Beijing, Apple recently removed from its app store hundreds of apps for its Chinese customers, including the app for the New York Times. The list of words banned by China for social media runs for pages.

Klimburg doesn't give his readers much of a solution for all of this. He insists that the internet needs to remain free, in order to combat the propagandists, but the freedom of the internet is exactly what the other two kinds of computerized attack rely on when they insinuate themselves into sensitive places.

What Klimburg does see clearly, however, is the opportunity that the "internet of things" offers for hacking. Our cars, our refrigerators, our crockpots, and our cameras are increasingly connected to the web these days, and there are, by one estimate, 25 billion devices online in the world today. Each of them is vulnerable and each of them offers a small opportunity for corruption, an accident waiting to happen. As that interconnectedness is extended to our power grids, our sewer systems, and our transportation networks, the chance for murderous attacks grows every year.

The Cyber Cold War is being fought among a swirl of opponents in a swirl of battles. It resembles the original Cold War in the fact that government-sponsored attacks on major institutions are avoided out of fear of retaliation. For that matter, it mirrors the old struggle against the Soviets in its constantly changing nature—requiring the United States always to keep moving ahead, just to stay even.

No comments: