Putin loves his hackers, comparing them to artists who feel great in the morning and immediately start work on some new masterpiece. He told them, feel free to hack away, just anywhere except the homeland, and if your hacks coincide with Russian goals, well so much the better.
They went at it with a vengeance in 2014 and Ukraine became a testing ground for election interference, disinformation campaigns, interference and destruction of infrastructure, and cast doubt on the election process. There was little Ukraine could do to retaliate, given it history and geographic dependence on Russia. The hackers were wildly successful and our 2016 campaign reflected many of their techniques. The Mueller report has laid out exactly how they went about it.
One interesting chapter examines the market for zero-day exploits, how it works and how it has changed from companies suing hackers who find bugs, to actively soliciting and paying for bugs and especially the zero-day exploits. ( A zero-day exploit is a vulnerability that has yet to be discovered and patched, making it extremely valuable for anyone with malicious intent. The Stuxnet worm created by the U.S. and Israel to destroy the Iranian centrifuges used several.) Paying for the bugs meant a rise in prices, from mere hundreds of dollars to many thousands and countries found themselves competing against bad actors, other countries, and companies for the zero-day exploits.
The Stuxnet exploit is discussed in more detail than I had read before. Of particular interest were the policy determinations and the effect of the Iraq war on those decisions. Deaths of American soldiers in Iraq ere at their highest level when the Israelis, wanting to repeat their successful attack on the Syrian nuclear reactor strike (see ShadowStrike) insisted they wanted the U.S. to bomb the Iranian facility. Bush couldn't afford such a provocative action, one the military's war games revealed would result in WW III. So he authorized the unique and first-ever cyber strike to result in physical destruction of an opponent's infrastructure. It used an unheard-of seven zero-day exploits, and the preparation was boosted by an Iranian intelligence error of Trumpian proportions when the Iranian leader bragged to the press about the facility and gave them a tour, allowing pictures, of their centrifuges. This gave the Stuxnet planners all the information they needed about the brand and type of centrifuges being used allowing them to target those directly with the Stuxnet malware. The Israelis were kept informed and must have assisted because Bush could not have them operating unilaterally.
Stuxnet showed the world the power and destructiveness of the cyber-world, and soon the value of zero-day exploits exploded as smaller countries and those without a large military realized that with little expense they could equal the United States and China in offensive capability. The attack on Saudi Arabia's oil network** that destroyed thousands of their computers and disrupted oil networks, used some of the same code the U.S. had utilized in an attack a few months prior and was clearly retaliation for that attack. The hackers got in through an email someone in ARAMCO had opened.
One of the mantras I try to inculcate in my students is to NEVER click on a link in an email. If you have reason to believe it might be valid, go to the web site and investigate there, never via a link in an email. The Russian hack of the DNC email resulted in a typo error. Podesta got an email purportedly from gmail claiming he needed to reset his password. He ran it by their IT guy who meant to write back that the link was IL-legitimate but left off the initial IL. What the IT guy should have insisted on besides noting it was illegitimate was to hammer away at the danger of clicking on email links. So Podesta, thinking it was legit, click on it and gave the Russian hackers instant access to the DNC's emails.
The chapter on how the WannaCry ransomware was unleashed on the world and its origin is alone worth the price of the book. The role of the NSA in hiding its zero-day exploits rather than alerting Microsoft so they could be patched was highlighted by Brad Smith, Microsoft's CEO, in an essay. "We have seen vulnerabilities stored by the CIA show up on Wikileaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage." Ironically, the ransomware, garnered little in the way of financial rewards for the North Korean malefactors, but it caused billions in damage to computers around the world, especially because the originators had not built in a workable way to pay the ransom. In another travesty, the teenager who discovered a built-in kill switch to the malware, was arrested by the FBI for hacking! (see the Wikipaedia article for more information.)
An important book. I recommend reading it along with Cyberspies by Gordon Corera.
1 comment:
This sounds super interesting and at the same time, terrifying. Thanks for that! Nice review!
Post a Comment