Cybersecurity: The Alarming Truth About This Cyberweapon
Among the many powers that Donald Trump inherits from Barack Obama today is control over a burgeoning cyber-weapon arsenal — an arsenal that pierced Iran’s nuclear centrifuges and is now proliferating in ways we have to imagine so we can protect ourselves.
“If you’re gonna pick a government to trust, why not this one?”
Great question, animated Tom Hanks from The Simpsons Movie!
As of 12:00 p.m. Eastern time today, we’re in the age of President Donald Trump for, presumably, the next four to eight years.
President Trump enters office with historically low approval ratings after winning the Electoral College but losing the popular vote.
Outgoing President Barack Obama leaves office with a 58% approval rating after winning both the 2008 and 2012 elections with strong popular vote and Electoral College margins.
Obama, our first black president, was hailed in near-messianic terms during his rapid rise from 2004 Democratic National Convention keynoter to 2008 standard-bearer – a transformational leader who would do for “American Liberalism” what Ronald Reagan had done for “American Conservatism.”
Trump is a direct reaction to Obama.
But both of these guys offer plenty of reasons not to trust this government, this national security state, this autocracy.
The new guy has nominated former Texas governor Rick Perry to run the Department of Energy.
Perry, whose state produces more oil and gas than any of the other 49, thought he’d merely be “a global ambassador for the American oil and gas industry.”
He didn’t know, according to a January 18, 2017, report in The New York Times, that “if confirmed by the Senate, he would become the steward of a vast national security complex he knew almost nothing about, caring for the most fearsome weapons on the planet, the United States’ nuclear arsenal.”
|But both of these guys offer plenty of reasons not to trust this government, this national security state, this autocracy.|
Trump has also asked Rudy Giuliani to form “a cybersecurity group” on behalf of the new administration.
Giuliani, a former federal prosecutor who was mayor of New York City on September 11, 2001, founded Giuliani Security & Safety to capitalize on his bona fides.
Alas, as Hudson Hongo of Gizmodo recently noted, this has “The Next President Will Face an Internet Disaster” written all over it:
As detailed by Phobos Group founder Dan Tentler and others, the website for Giuliani Security & Safety is an all-round disaster that runs on an ancient version of Joomla!, a free-to-use content management system (CMS). In the almost four years since the version that Giuliani’s site uses was released, more than a dozen vulnerabilities have been documented in the CMS.
That, unfortunately, isn’t even the worst of it. The site fails to follow a number of other basic best practices that would be obvious to the most casual student of cybersecurity. Among other things, both the CMS’ login page and the server’s remote login system are public, making it far easier for an attacker to access them. It also uses an outdated version of the script language PHP, exposing the site to vulnerabilities that have gone unfixed in the months since that release was last supported.
One wonders who’ll be on board to defend against a “protest” proposed by a San Francisco-based software engineer who’s trying to organize a massive distributed denial of service (DDoS) campaign against the Whitehouse.gov website.
More importantly, however, one must wonder who’ll organize defenses against attacks by hackers like “Anna_Senpai,” who wrote the Mirai botnet that infiltrated millions of devices connected via the Internet of Things (IoT) and took down one of the biggest Domain Name System (DNS) service providers on October 21, 2016.
We now know (or think we know), thanks to Brian Krebs of the estimable blog KrebsOnSecurity.com, the identity of the Mirai worm’s author.
Nobody died as a result of the October 21 DDoS attack.
But the proliferation of the IoT – via automobiles, hospitals, and other particularly vulnerable tech – virtually guarantees that a malicious hacker, vicious terror group, malevolent state, and/or some combination thereof will perpetrate a deadly attack sometime in the very near future.
Indeed, as Krebs wrote on December 16, 2016:
Addressing distributed denial-of-service (DDoS) attacks designed to knock Web services offline and security concerns introduced by the so-called “Internet of Things” (IoT) should be top cybersecurity priorities for the 45th President of the United States, according to a newly released blue-ribbon report commissioned by President Obama.
Our nuclear arsenal is in the hands of a guy who thought he’d be an oil-and-gas spokesmodel, our cyber deterrence managed by a guy who can’t manage to secure his own security company’s website: This is all proving to be pretty conventional, actually.
This conventional incompetence will mask and therefore enable the perpetuation of an apparatus the outgoing president, ironically and more than any other individual, nurtured.
|But the proliferation of the IoT – via automobiles, hospitals, and other particularly vulnerable tech – virtually guarantees that a malicious hacker, vicious terror group, malevolent state, and/or some combination thereof will perpetrate a deadly attack sometime in the very near future.|
It’s the work of U.S. Cyber Command, the instrument through which we engage in cyber offense as opposed to cyber defense.
As the 2016 documentary Zero Days details, the Obama administration took what the Bush administration imagined and made it real.
It took some geopolitical gymnastics – moves by the United States, Germany, United Kingdom, and, most critically, Israel – but the short of it is that an operation code-named “Olympic Games” resulted in what cybersecurity firms later dubbed “Stuxnet.”
Stuxnet, as IEEE Spectrum explains, is “a 500-kilobyte computer worm that infected the software of at least 14 industrial sites in Iran, including a uranium-enrichment plant.”
Writes David Kushner:
This worm was an unprecedentedly masterful and malicious piece of code that attacked in three phases. First, it targeted Microsoft Windows machines and networks, repeatedly replicating itself. Then it sought out Siemens Step7 software, which is also Windows-based and used to program industrial control systems that operate equipment, such as centrifuges. Finally, it compromised the programmable logic controllers. The worm’s authors could thus spy on the industrial systems and even cause the fast-spinning centrifuges to tear themselves apart, unbeknownst to the human operators at the plant.
As Michael Hayden, who ran both the National Security Agency and the Central Intelligence Agency, puts it for Alex Gibney, “This has the whiff of August 1945… somebody used a new weapon…”
|It’s the work of U.S. Cyber Command, the instrument through which we engage in cyber offense as opposed to cyber defense.|
U.S. Cyber Command operates out of the same building as the National Security Agency in Fort Meade, Maryland. The NSA’s hacking unit was “flooded” with requests from government officials, but only satisfied about 30% of them. Still, that’s a lot of computer espionage.
(I pass the place along the Baltimore-Washington Parkway when I drive from my home in Alexandria, Virginia, to Wall Street Daily’s offices in Baltimore. Pretty prosaic stuff.)
Its Olympic Games operation – authorized by President George W. Bush, reauthorized by President Barack Obama – produced “an entire new class of weapons,” as one of Gibney’s interview subjects put it for Zero Days.
Indeed, as another anonymous source put it, “Stuxnet is a revolution in the threat landscape.”
As we learn from Chris Inglis, the former Deputy Director of the NSA who’s now a managing director for global security-focused Paladin Capital Group, the truth about the internet and networked communication generally, “It’s not really ever secure.”
Think about that when you consider that one of our allies in the Olympic Games operation, Israel, allegedly made a unilateral decision to change Stuxnet’s code in a way that made the virus known to Iran.
And now it’s known to Russia. And China. And ISIL. And Anna_Senpai.
The threat is real.
And it smells a little like August 1945.
Old Things New
Lee Sarason is the intellectual power behind populist champion Berzelius (Buzz) Windrip in Sinclair Lewis’ 1935 dystopian send-up positing the ascendance of Hitlerian fascism in America, It Can’t Happen Here.
In candidate Windrip’s campaign manifesto Zero Hour, Sarason ghost-writes:
An honest propagandist for any Cause, that is, one who honestly studies and figures out the most effective way of putting over his Message, will learn fairly early that it is not fair to ordinary folks – it just confuses them – to try to make them swallow all the true facts that would be suitable to a higher class of people.
As of noon Inside-the-Beltway time, Donald Trump is President of the United States.
His campaign rhetoric inspired many observers – right, left, and center – to compare him to Windrip, a self-described hero of “Forgotten Men” promising them a new prosperity and given to tirades against the “lies” of the Mainstream Media.
Bill Bonner, writing “An Open Letter to Donald Trump” published three weeks before the election, described the then-candidate, now president as “an imbecile,” praising his possession of “the virtue of ignorance.”
“You seem to have no idea what you are doing,” writes Agora’s founder, “like an oversized plant in the lobby of the Eccles Building with no clue about what really goes on in the offices above you.”
Little did Bill know that Trump’s “amateurish and brutish” conduct – not just on the campaign trail but during his “entire life” – would inspire the biggest electoral upset in American political history.
That’s despite the fact that Trump “never offered a single coherent proposal for correcting” the corruption wrought by the Establishment.
Trump “humming and faking… improvising… making it up as [he] went along” won the support “of people who wanted a ‘strong’ personality on the national stage… someone unfettered by real thought or study.”
It Can’t Happen Here sold briskly in the immediate aftermath of the November 8, 2016, election.
I’m sure the many leftists and liberals comprising large parts of the crowds who rushed to Amazon.com and Books-a-Million – and even many of the moderates and conservatives who bought it and actually read it, too – realize now that the best time to act against the Windrips and Trumps and corrupt Establishments is while they’re on the rise, not after they’ve done their damage.
That’s Lewis’ main message: Be vigilant about your freedom all the time.
Editorial Director, Wall Street Daily