The End of the World: Part 2
Apocalypse Cause #1
2016 election demonstrated a new use of cyberwarfare
Cyberterrorism isn’t regular old hacking
Cyberweapons level the playing field
The Stuxnet virus spawned a new era of cyberwarfare
Cyberwarfare is giving way to cyberterrorism
The first cause of the apocalypse in my upcoming young adult novel The Initiation is cyberterrorism, a subject that on the surface needs little introduction. You can’t go to the bathroom without hearing someone in the next stall talking about the federal investigation into the Russian hack of the 2016 US presidential election. As impactful as that hack was, the risk of cyberterrorism is hardly limited to national elections. In fact, it’s far greater. (For Part 1 of this 5-part series on apocalypses, click here). This post illustrates why cyberterrorism has the potential to be catastrophic.
The term cyberterrorism is somewhat controversial. For starters, it’s a little odd that “cyber”-anything is still used today. Nobody but your dad refers to the online world as cyberspace anymore. It’s like grandma complimenting your “slacks.” The word “cyberspace” is usually traced back to William Gibson’s 1984 cyberpunk novel Neuromancer. And “cyber” remains in the lexicon because of the booming “cybersecurity” industry (and of course the Russian hack).
The word “cyber” emerged on the main stage (literally) in one of the presidential debates, courtesy of Donald Trump. He said, “As far as the cyber… we should be better than everyone else… So we had to get very, very tough on cyber… It is a huge problem… The security aspect of cyber is very, very tough… We have so many things we need to do better… And cyber is certainly one of them.” There’s really no precedent for using cyber as an independent noun preceded by “the.” The closest would be George W. Bush’s use of “the internets.” But linguistics aside, Trump is correct. We must do better on “the cyber.”
“Cyberterrorism” is also controversial because nobody can agree on what it encompasses. Is it terrorists who use computers? What about hackers who steal credit card data? That might fall under cybercrime. Or, just hacking. Is cyberwarfare limited to nation states, leaving other online destruction to cyberterrorists? When your parents friend-request your buddies on Facebook, could that be called cyberterrorism? In reality, cyberterrorism is a relatively new thing. And, it’s advancing at least as fast as the terminology to accurately describe it.
There’s also a lot of overlap between cyberterrorism, cybercrime, regular old hacking, and cyberwarfare. Cyberterrorism was first mentioned in the late 1990’s in military journals. It only emerged in a big way in 2010 with the Stuxnet worm (more on this later). The definition of cyberterrorism I like is this: the politically motivated use of computers and the internet to cause severe disruption, destruction, or widespread fear. Some definitions limit the scope to attacks on computers or networks. While they’re often the target, cyberterrorists may have larger goals in mind, too. It’s also reasonable to assume there will be attacks that we can’t even conceive of today.
2016 PRESIDENTIAL ELECTION
You can’t talk about cyberterrorism without mentioning the 2016 United States presidential election. The Russian government allegedly hacked the Democratic National Committee, passing damaging information to WikiLeaks. WikiLeaks, in turn, published the private emails and data online. They sought to damage Hillary Clinton and promote Donald Trump. It’s fair to say the United States is still reeling from this turn of events, and the federal investigation surrounding it provides the biggest headlines every day. A foreign government may have successfully interfered with our presidential election.
The hack itself was a basic form of hacking, sometimes called “doxing.” It involves stealing personal information and publishing it online. Theft of personal data, whether it be credit card numbers, passwords, emails, bank records, etc. is our most common online threat. It’s why we use antivirus software and password-protected networks. It’s why you NEVER click that suspicious email link. Russia’s hack of the DNC, though, transcends a run-of-the-mill hack due to its scale and purpose. It could justifiably be called cyberterrorism or cyberwar. Never has a foreign government employed a hack to affect something as monumental as the U.S. presidency.
WE’RE NOT TALKING ABOUT HACKING
Just a few words about what cyberterrorism doesn’t concern, for my purposes anyway. It’s not about the random hackers trying to steal your stuff or infect your computer with viruses. These scumbags try to track your keystrokes, steal your identity, or hijack your webcam. They might seize control of your computer. Those are all terrible things, mind you. And you could fill a book with all the flavors of hackers, hacking groups, hacktivists, and hacking strategies. These are largely the work of private citizens (rather than governments), and not all are bad. In fact, a nice hacker reorganized my writing files for me. No, that didn’t happen. But some are fighting for justice. Anonymous, the hacker collective, often seeks to “right” wrongs where the legal or political system fails.
The preferred method of hacktivists is often a denial-of-service (DoS/DDoS) attack. It overloads a server with so much traffic it crashes. Hackers are sometimes classified by hat color. White hats are the good guys, black hats are the bad ones, green hats are the newbies, red hats are like vigilantes, etc. (the hat color system derives from the color “mages” in the video game Final Fantasy. Which seems appropriate). Some other common criminal hacking methods: waterhole attacks, fake WAP, phishing, viruses/Trojans, clickjacking, cookie theft, and bait-and-switch. Besides theft, most other individual hacking consists of cybervandalism. Like it sounds, the goal there is to damage or destroy computers or data. Sometimes cybervandals do it for fun, or for the challenge, or to punish someone. Recently, “ransomware” has become more of a thing, as evidenced by the massive Wannacry virus from May. Hackers may gain control of a network or data and demand a sum be paid to release it.
Cyberterrorism, likewise, isn’t about terrorists who happen to use computers, the internet, or social media. They may commit acts of terror in real life and use the web as a recruiting tool. They may also launch denial-of-service attacks against government or corporate websites as a nuisance. Pro-ISIS hackers, for example, formed an allegiance called the United Cyber Caliphate. They’ve launched small-scale attacks on bank, government, and media sites. At one point, they hacked into the social media accounts of U.S. Central Command. Of course, these are concerning and serious issues too, just not my focus.
My goal is to highlight the use of computers and the internet to launch large-scale, destructive attacks. The internet further pervades our lives every day. Our computers, our phones—our lives are online. Our dependency on it grows daily, like writers and coffee. Cops and donuts. Kylie Jenner and selfies. Businesses, manufacturing, governments, and students, among others, increasingly rely on computers and the internet. Computers are assuming more and more responsibility in society. They’re also growing more complex and interdependent. What it all means is the potential scope of a digital attack is becoming epic. Computers govern not just our personal lives, but critical systems, which themselves link to other critical systems. If you infect one, you could infect or destroy many.
CYBER WEAPONS LEVEL THE PLAYING FIELD
Using cyber weapons instead of real ones to launch an attack has many advantages. A cyberattack can be conducted remotely and anonymously. Unlike a real physical assault, the attacker is never in harm’s way. (His biggest risk is his mom coming down to the basement.) He doesn’t run the chance of capture, injury, or death. A cyberattack doesn’t cost much money either.
In these ways, cyberattacks are an equalizer of sorts. Suppose you’re a tiny, impoverished, outgunned nation or group. Cyber weapons allow you to be competitive with powerful nations on this battlefield. On a regular battlefield with firearms, you’d be obliterated. In cyberspace, it’s a pretty level playing field. Nations and terrorist groups are pursuing cyber weapons as fervently as nuclear weapons. The difference is, nuclear weapons are nearly impossible to get. A group doesn’t even need technical expertise to develop complex cyber weapons. They could buy them from hackers and repurpose them to cause damage rather than steal.
It’s important here to draw a small distinction between cyberwarfare and cyberterrorism. Cyberwarfare is the province of nations. I’m talking large-scale attacks that cause physical damage, like the destruction of computer networks. They’re launched by one nation against another, usually for political reasons. Very few of these have occurred, so far. Generally, it’s believed that grand attacks of this nature could only be executed by
Morpheus nation states. Private citizens likely could not because of the complexity and skill required. Meanwhile, cyberterrorism is the realm of the terrorist or anarchist. Someone who seeks to destroy for the sake of destroying, or to instill fear. It’s assumed that attacks by terror groups would likely be smaller and less damaging. But are we sure they couldn’t achieve a major attack? And what might that attack entail? This brings us to 2010, and the dawn of a new era in cyber weaponry.
CYBER NUCLEAR BOMB: THE STUXNET VIRUS
The fascinating tale of the Stuxnet worm was covered in detail in the book Countdown to Zero Day by Kim Zetter. The 2016 documentary Zero Days by Alex Gibney likewise added to the story. “Zero day” is a hacker term. It describes both a generally unknown vulnerability in software, and the code used to exploit it. It can also reference the amount of available time in which a person can fix a vulnerability before a virus before damages it. In this case, “zero” means by the time you find it, it’s too late.
Despite the extensive reporting on Stuxnet, much of the attack remains shrouded in mystery. It’s highly classified. This is what we know: A complex computer virus called Stuxnet destroyed nuclear centrifuges in Natanz, Iran around 2009. Nuclear centrifuges are cylinders that spin super fast to enrich uranium. Enriched uranium is the fuel for nuclear power plants or weapons. Of the thousands of centrifuges, the attack allegedly destroyed a fifth of them. The obvious goal was to halt Iran’s nuclear program. It’s believed to have been a collaborative effort between the United States and Israel. Both countries employ teams of elite “hackers” inside their spy agencies (like the CIA and NSA). And both officially denied any involvement.
Part of Stuxnet’s complexity was its invisibility. (It was over a year before it was found). Even more complex was the infection mechanism. It’s not like the U.S. could send the Iranian scientists a fake email from Nigeria with a bogus link to send cash. Furthermore, the Natanz lab was “air-gapped,” meaning it effectively wasn’t connected to the internet. It’s a security measure that makes a lot of sense for highly classified stuff. Uploading anything onto their computers must be done via physical insertion of flash drives. So, the U.S. infected computers of firms that worked with the Iranian scientists. Like, the ones that supplied industrial controllers. That was crafty. The virus was unknowingly transferred to the Natanz lab by flash drives from said firms. The NSA even viewed footage of then President Ahmadinejad touring the Natanz nuclear facility. The tape helped them identify the exact computer systems to target.
Stuxnet was also revolutionary because it didn’t just corrupt data or damage computers. It destroyed the centrifuges. It showcased the ability to damage equipment controlled by the computer rather than just the computer itself. The plan worked. The centrifuges began behaving erratically, spinning too fast or too slow, and ultimately exploded. The scientists’ computers, meanwhile, indicated everything was fine. Iran had no clue what happened, and thought its scientists were just bumbling idiots. Despite efforts to conceal its presence, though, Stuxnet was discovered in 2010. Much like real viruses, this one replicated out of control. It escaped and ended up infecting computers all over the world. Essentially, the exact opposite of secret. Had that not occurred, it may have remained undetected.
Stuxnet ushered in a new era of cyberwarfare. It’s been likened to dropping the first atomic bombs on Hiroshima and Nagasaki in 1945. Only, the “cyber” version. While monumentally less destructive, it implicitly gave other nations permission to pursue similar weapons. Computer scientists studied and replicated the code for the now-exposed Stuxnet. Several next-generation worms have since emerged, with names like Duqu, Flame, Wiper, and Sauron. Shout out to Lord of the Rings!
Iran, in response, set up its own cyberwarfare team. Today the United States considers it a fierce adversary. Iran recently launched its own devastating attack on Saudi Arabia, which destroyed computers overseeing their airports. In a separate attack in 2012 on Saudi Arabia, Iran unleashed a worm known as Shamoon. It destroyed 35,000 computers of Aramco, the world’s largest oil company. At the same time, Iran was behind a month of attacks on the United States that targeted U.S. banks and a dam outside New York City. In 2014, they destroyed the computer network of Sheldon Adelson’s Sands Corporation. The casino billionaire had suggested using nuclear weapons against Iran. Their cyberattack was in retaliation. The Stuxnet attack only temporarily disabled a fraction of Iran’s centrifuges. And it spurred other nations to engage in cyberwarfare, using the very code the U.S. gave to the world. One has to wonder if that attack made sense in hindsight.
Here’s the terrifying part about Stuxnet. According to a source within the NSA, the United States originally had an immensely larger attack plan on Iran. Targeting their centrifuges was, in retrospect, a tiny attack. A grand, all-out assault called NZ, or “Nitro Zeus,” was to be a full-scale cyber offensive. Supposedly, much of the preparation time was spent coming up with the name Nitro Zeus. Okay I made that part up, but it would have been a real cyber atomic bomb if you will. The United States would have gained unobstructed access to Iran’s air defense systems, shutting them down. It would have wiped out Iran’s communications systems. And it would have paralyzed its infrastructure—transportation, the power grid, and financial system. I mean, this is straight out of a Tom Clancy novel. It’s unclear why the United States didn’t execute the attack. But the point is, it had the capability to effectively shut down another country. Without ever setting foot inside, or firing a single bullet.
CYBERWARFARE –> CYBERTERRORISM
Unlike nuclear weapons which are highly guarded, anyone can access and use cyberweapons. Why is it generally accepted that cyberwarfare is only the province of nations? Why should we believe there’s a limit on what targets might be at risk? Recently, an anonymous hacker collective called the Shadow Brokers—supposedly behind the WannaCry worm—hacked the NSA’s hacker team (called the Equation Group). They stole the code for Stuxnet, and the more advanced worms like Duqu and Flame. Shadow Brokers then published the code online. Think about that for a sec. For starters, the Shadow Brokers just sound scary. Second, the NSA’s top hackers, the elite of the elite, got hacked.
That means no information and no system is safe. No current security measures, guarding any facilities, are adequate. We’ve seen plenty of evidence in support of such a claim, as virtually every major corporation seems to have been hacked at this point. (Rebuilding the “internet” using blockchain technology, which underlies Bitcoin, would make it unhackable, except perhaps to quantum computing in the future. It’s one of the reasons everyone is geeking out about blockchain/Bitcoin right now. Learn about blockchain and its potential here.) The sophisticated code for some of the world’s most dangerous cyber weapons is available to anyone. They could be reprogrammed to commit an infinite number of terrorist acts.
Okay, now for the really really scary part! It’s one thing to dismantle the computer system of a casino billionaire. But what about our infrastructure? Here are some of the systems at risk: nuclear power plants, electrical power grids, communications systems, dams, monetary systems, air traffic control, and satellites. That list is certainly not exhaustive; I’m sure I missed a few. A Google search reveals the ease with which you can hack a satellite, and instructions on how to do it. Many satellites are old and not equipped with any security whatsoever.
Think about the devastation of losing power, or the ability to communicate by phone or text. How about losing all internet access, television, GPS, air travel, and so on? How would I know if my friend’s dinner looked delicious on Instagram? What if everything went down at the same time? While it may be part of the apocalypse in my novel The Initiation, it’s not science fiction. It’s reality. Cyber weapons aren’t just for governments to wield on the internet battlefield anymore. They are in the domain of the terrorist, too. Unlike nuclear weapons, they aren’t hard to acquire. Unfortunately for us all, falling prey to online scammers is no longer our biggest risk to “the cyber.”
Sources and further links:
Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon Copyright © 2014 by Kim Zetter. Published by Crown Publishers, an imprint of Random House LLC.
Great review of the cyber.
I can’t get enough of “the cyber.” Thanks for reading!
Very chilling and topical, Chris.
I thought it was too, particularly considering all the latest news out of Washington, DC. Thanks for reading!