Attacks in Cyberspace
Known secrets: Iran melted down computer systems at the Sands Casino in Las Vegas in response to anti-Iran comments by the Sands’ owner in 2014. China hacked U.S. computers to collect personal information on over 20 million federal employees in 2015. Russia shut down an electric utility in Ukraine on Christmas Eve in 2015. North Korea hacked Sony Pictures computers to stop release of a movie uncomplimentary of its president in 2014. Russia hacked into the computers of the Democratic National Committee to obtain presidential election-related research in 2016. North Korea infected computers worldwide in May 2016 with the WannaCry malware program, sabotaging medical, banking and transportation systems.
Before any of these occurred, the U.S. and Israel destroyed a thousand Iranian centrifuges using a “computer worm” called Stuxnet. That 2010 attack, according to David Sanger in his book The Perfect Weapon; War, Sabotage, and Fear in the Cyber Age, was “the opening salvo in modern cyber conflict.”
The book relates examples of cyber attacks using social media as well as viruses and worms and implants. “Cyberweapons,” he states, “come in many subtle shades, ranging from the highly destructive to the psychologically manipulative.” One of the most chilling stories he tells is the Russians’ use of twenty-somethings of their so-called Internet Research Agency in St. Petersburg, which took place leading up to the 2016 U.S. presidential election.
They formed an online group called “Heart of Texas” that appeared to be based in Houston. They promoted a rally called “Stop Islamization in Texas.” Then they created an opposing group called “United Muslims of America” which “scheduled a counter-rally, under the banner of ‘Save Islamic Knowledge.’ The idea was to motivate actual Americans – who had joined each of the Facebook groups – to face off against each other and prompt a lot of name-calling and, perhaps, some violence.
The Russians proved to be skilled users of Facebook in widening political and social fault lines. “Facebook’s conscious transition to becoming one of the world’s leading global news delivery systems, and tailoring that news to the tastes of each recipient, meshed beautifully with Russia’s desire to accentuate the divisions in American society.” After ISIS attacks in France in November 2015, Facebook proved useful in tracking down friends and other terrorists using the attackers’ accounts.
Nuclear powers, realizing the likelihood of mutual assured destruction following the use of nuclear weapons, refrained from their use. There are no norms of behavior among cyber powers. Sanger does not expect norms to emerge as long as the U.S. is unwilling to make known its own capabilities and live within limits. “The United States, for example, would never support rules that banned cyber espionage. But it has also resisted rules prohibiting the placement of ‘implants’ in foreign computer networks, which we also use in case the United States needs a way to bring those networks down.” Low-grade cyberweapons are used every day, according to Sanger, but their use is always kept below a threshold that would prompt retaliation. Staying “short-of-war” is the term Sanger uses.
Russia and China are deemed as advanced in cyber capabilities as the United States. North Korea and Iran will probably be equal soon. “Internal government assessments say it will be a decade – at least – before the United States can reasonably defend our most critical infrastructure from a devastating cyberattack launched by Russia or China.”