The Cyberwar is Coming

// Posted by on 05/28/2015 (4:20 PM)


I found the articles we read for this assignment to be particularly fascinating and thought-provoking. In all of my climate-related classes, research, and study, water and water resources are often cited as the likely catalysts for the next great wars, and their arguments are all terribly logical and believable. The experts all say that we’re starting to see signs of this now. For example, “last summer, Isis accused the Turkish government in Ankara, headed by Recep Tayyip Erdogan, of deliberately holding back the Euphrates through a series of dams on its territory, lowering water levels in Lake Assad by a record six metres. Isis was apoplectic.”

However, after reading “How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History,” I really started thinking that maybe wars over water will be undermined by directed malware wars. With Stuxnet, as noted in “The Code War,” the way it worked was “not unlike the enriched uranium the Iranians were working on, but in software form: expensive, highly refined munitions that formed the core of an extremely sophisticated weapons system.”

Attacks like these could very well lead to the next great wars. They are “unobtrusive, can be constant, and they’re invasive. “As the reading shows, these attacks have already started. If Iran had retaliated, or retaliates, what will it look like? Developers designed malware with the ability to tap into Iran’s nuclear centrifuges and alter the speed at which they work. What’s keeping someone or a government from exploiting that ability to an apocalyptic end? Why not? If we can, we should, right? If malware this mischievous can be created and unleashed it in the name of data gathering, sabotage, spying, whatever – and something goes wrong, what kind of collateral damage will there be? As we read, with Stuxnet, there were some friendly fire (assuming that there were some infections in the country(ies) responsible for the attack) accidents. Computers worldwide were infected – even some in the US. “The victims bleed personal data and intellectual property.”

What sectors in the US have unique vulnerabilities like the one exploited in Iran? Likely a lot! Everything is automated these days. Everything is a computer or has a computer. Even the business card dropped off by a bulk water sales rep today had a computer in it.

The image doesn’t do it justice, so here:

Could Diamond Springs unleash malware into this guy’s business card and sabotage his operation? It has a USB port. This item likely has a variety of weaknesses.

Additionally, should the U.S. be using these methods for domestic data gathering? Whether or not they should be, they do. In the example laid out in “The Code War,” with Freedom Hosting, they acquired a warrant and implanted surveillance software.  In doing so, broke up a huge child pornography operation. This is good. However, if the FBI, CIA, NSA, ABCDEFG want to do the same to my computer because I visited a site of an organization critical of the American government, is that right? No. To answer my above question, no, just because we can doesn’t mean we should. These attacks aren’t going anywhere. In fact, Edward Snowden reveled that “the NSA budget included $25.1 million for “additional covert purchases of software vulnerabilities,” suggesting that they both buy zero-days and roll out their own internally.”

Categories: Uncategorized
Tags: , , , , , , , , ,


Rosatelli said...

Hi David,
You make a really great point at the end of your post when you point out that the US is most likely buying and rolling out zero days in an effort to enact acts of war (more or less) on enemy states. Think about weapons manufacturing in the US. It’s pretty above board. We make weapons in almost every state in the nation, and we use those weapons and sell them to other countries (mostly Saudi Arabia). What happens when we start dealing in zero days. Zero days are not developed in factories in Oklahoma by hard working Americans. They are weapons without a face, and they are becoming more and more important as we transfer more functions online. If war goes digital, or at least the critical parts of war, where does that leave the American citizen? Who votes on the implementation? The NSA is not a branch of the military. What role does the average American have in this new frontier?

// 05/29/2015 at 9:07 pm

David said...

I think the point that you make about how zero days are powerful, faceless weapons is likely the most frightening and potentially devastating thing you said. With a nuclear weapon, odds are we’ll know where it came from, where its intended target was, and maybe even where it was manufactured – someone might even stand up and take credit for it.

The havoc that these zero days could potentially unleash without proclaiming where they came from, when they got there, or who made them is immense. When a country or a company falls victim to an attack like this the first instinct is to figure out who to blame – they point the finger. If they don’t know where to point it, they could start pointing arbitrarily. Are they going to retaliate with a zero day of their own or are they going to start dropping bombs? This has the potential to be the next great war.

But with a threat like this and even those on a smaller scale, I’m still going to willingly offer up my personal and private information online to businesses, banks, U of R, over text messages, and so on. While I absolutely see privacy as a thing of the past – partially because the government is always watching and partially because we, as a society, freely and eagerly throw anything and everything we have out over the Internet, I don’t really care. I’d like to think the 1st and 4th amendments still carried some weight. I’m hopeful that no one steals my identity or anything like that, but other than that, I figure the government knows everything about me as it is – they do after all assign the private numbers and some of the information that they are stealing. As Edward Snowden noted in his interview with John Oliver, I’m not going to change what I do because the government wants to be privy to all of my activities and doings when I’m operating a digital device. I honestly wouldn’t be surprised if I happened to be on a watch list somewhere.

I’ve not personally had to deal with worms or any other kind of malware, image of knowcking on wood, and I hope to keep it that way. Beyond their ability to cause chaos, and steal, I really just don’t want to put forth the effort to eradicate an illness such as this.

With the exception of voting for politicians that are vehemently against these NSA policies, I don’t think the American people will ever get a true democratic say on domestic spying. I think there’s a general consensus that we should use whatever technology we have to keep one step ahead of enemies, frenemies, and Paraguay, but they don’t need to sequester this blog post because I typed “Edward Snowden.”

// 05/30/2015 at 1:22 pm