Gordon Corera makes a judicious point here that the undoubted benefits from using computers and the downside of our increasing vulnerability go hand in hand.
Over at the State Department in the office of Chris Painter, lead negotiator on cyber issues, the walls are filled with posters of films over the years in which hackers or computers feature: I, Robot; The Girl with the Dragon Tattoo; WarGames; Terminator; Sneakers. The posters reflect the hopes and fears going back over decades that computers are taking over.– The oldest one I have is a movie called Desk Set: Katharine Hepburn, Spencer Tracy. She plays a research librarian who’s replaced by a thinking machine in 1958. There’s a long history of movies doing this.
– Do you have a favorite?
– I think they’re all favorites in different ways. That’s a great movie, it’s a classic movie, obviously Colossus is very hard to find, but it gave the seeds for WarGames, Terminator and for all these different movies that came afterwards.
– As President of the USA, I can now tell you, the people of the entire world, that as of 3am Eastern Standard Time the defense of this nation, and with it the defense of the free world, has been the responsibility of a machine, a system we call Colossus.
Hollywood has long imagined the dystopian future in which technology takes over, disrupting our daily lives. We’re still a long way from that, but customers of some American banks are getting a small taste of it. For months now banks have been hit by DDoS attacks, taking them offline for hundreds of hours so that people can’t bank online. The motive is not criminal gain, but disruption. The attacks are coming from computers around the world that have been compromised or hijacked without their users knowing it. Chris Painter has been seeking the help of other countries in order to stop it.
– We’ve asked them for technical help. We said: “Can you help us mitigate this?” And we’ve done that both on the technical level, but we’ve also reached out on the diplomatic level and said: “Look, this is an important thing for us. We also reciprocate, if you need help, we’ll help you too.”
– A hundred countries involved in the attacks on the America’s banking system?
– A hundred countries. So, the DDoS, or botnets, are, by their nature, distributed. They are all over the place, and they can involve compromised servers all over the world.
– Do you think that’s Iran behind those attacks?
– I’m not going to comment on that, but what I will say is that it’s certainly an indication of a significant development in cyberspace and one that we need to work with other countries around the world to make sure it gets mitigated.
Which company manages today’s largest petroleum reserves, but continues to seek out resources for the world of tomorrow? Which company produces its oil and gas in a single country, but supplies energy to the four corners of the globe? Which company? Saudi Aramco: energy to the world.
In August 2012 workers at the offices of the oil giant Saudi Aramco logged on to their computers and were greeted with a surprise. All the data and files had been overwritten and replaced with an image of a burning US flag. An extraordinary 30,000 computers were rendered useless – effectively destroyed. This attack on one of America’s close allies and a bitter enemy of Iran was a wakeup call to Washington. There’s no definitive proof about who was behind the attack, but Richard Clarke, former White House cyber coordinator, seems convinced.
– I think the US two years ago would have told you that the Iranians don’t have much in the way of cyber war capability. And they would have been wrong, because within a year we’ve seen the Iranians do a very sophisticated wipe out attack, wiping out 30,000 end points on Saudi Aramco, and doing the largest DDoS attack, flood attack that we’ve ever seen. It was larger than everything we’ve ever seen by a factor of 10.– The Saudi Aramco attack was very unusual, wasn’t it, to actually destroy those computers?
– I cannot think of another case in history where a large network, 30,000 end points or anything like that, have been attacked and everything wiped out, all the hard drives wiped out. I don’t think I’ve seen an example of that ever.
– It’s pretty scary, isn’t it?
– It’s very scary. If you step back and think: the US destroyed the Natanz centrifuges with a cyber attack – what did the Iranians do? I think they have come back and sent us a message. “We can do destruction of networks as we did to Aramco. We can do DDoS attacks on US banks.” The implicit message to America from Tehran I think is: “What if we did a wipeout attack on the American banks? We can do real damage to the American financial institution. And therefore, America, stop hacking into our networks, because we can do it too.” I think the Iranians have sent a very sophisticated message, and I think the American government has heard it.
– You think so?
– I do.
– Because, of course, the Iranians would say the US started this in terms of militarizing cyberspace, in terms of attacking them with Stuxnet.
– And the Iranians would be right about that.
One of the movie posters in Chris Painter’s office at the State Department was the 1983 classic WarGames, in which a teenager hacks into a Pentagon computer. The Pentagon mistakenly believes the Soviet Union is launching a nuclear missile strike. Washington’s convinced it’s under attack, and not realizing it’s being fooled, prepares to retaliate. So, will the Hollywood nightmare of cyber war become real?
More than 30 countries are believed to be currently developing their own offensive cyber weapons, including Britain. The US may have been vocal about Chinese cyber espionage, stealing industrial secrets from American companies, but China sees America as the more aggressive party in the way it’s been preparing for cyber war. China’s been closely following reports that US Cyber Command is growing to nearly 5000 personnel. A former General in the People’s Liberation Army:
– Do you think the US has militarized cyber space?
– It has already militarized it with its own commander and an army. It has got three branches: one mainly based in the Pentagon with offensive and defensive abilities; one focusing on infrastructure, such as the electricity network, and one focusing on all the network-based stations. They have plans and even exercises. China is falling far behind America in this area.
In the Chinese Foreign Ministry in Beijing Doctor Huang Huikang provides a carefully worded statement reflecting concerns over the direction in which cyber space is moving. America is unnamed, but the focuses of his concerns are clear.
– Some major powers with their technology advantages seem keen on developing cyber weapons, establishing the cyber force and enhancing cyber attack capacities. Some countries are attempting to extend the right of self-defense applicable to cyberspace. It seems to us this approach is very dangerous. China believes that peace of cyber space is in the interest of every country and the humankind as a whole.
Back in Estonia, subject to a major cyber attack in 2007, the country is perhaps surprisingly leading the way globally in putting services for citizens online. I’m given a demonstration of their e-services project, in which the positive benefits of the Internet are being emphasized.
– Everything’s connected to your housing to see what you own, how you manage it…
Anna and Raul provide me with a demonstration of the range of information citizens can now access and the things they can do online.
– It will take 3 minutes for us to vote.
– What’s interesting is that because of what happened in 2007 you would think you’d be a country that would be more nervous about putting so much online, but actually it’s the opposite.
– I think that you cannot actually avoid it. So the only way to go ahead is to invest more to the security.
Toomas Ilves, President of Estonia, perhaps the most cyber savvy nation in the world, is all too aware of the risks and benefits the Internet has brought. He, like others, believes we need to urgently establish rules of behavior between states, lords of cyber war, if you like. It is a period a bit like the early Cold War, in which new weapons risk escalated tensions, even leading to conflict. Some countries are already talking of responding to cyber attacks with real weapons.
– If a missile lands on an electrical power plant, where you basically know where it came from, and then you know what to do. But if you shut down the same electrical power plant with the same effect within society with a cyber attack, you don’t know who did it. And what is the appropriate response? There have been some answers. I mean, the US Department of Defense said 2 years ago that we don’t care, which basically means if you attack us digitally, we might just come and get you with a bomb.
Espionage, sabotage, warfare – all these things have been around a long time. But in the same way the Internet has transformed and enriched our everyday lives, it’s also transformed these darker acts. We can’t put the cyber genie back in the bottle, but we’re only just beginning to think about how we might tame it.
Read previous: Under Attack 5: Massive DDoS Attacks and Stuxnet