Thursday, February 15, 2018

It's just another war we started
  About that Russian election interference problem,
  Americans doth protest too much, methinks

On occasion indignant Americans need to be called on their complaining, particularly when they protest too much either out of ignorance or to establish a lie as truth.

The United States is the only nation to use atomic weapons in a targeted attack against another nation. Of course, many say that is ancient history and related to ending a world war. So how about this.

In the 21st Century the United States became the nation that first engaged in cyberwarfare in a targeted cyberattack against the energy and defense infrastructure of another nation using a computer virus called STUXnet.

The details of the attack and how the STUXnet virus works is a long and complicated story. You can read more about it in the 2014 book Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon written by Oakland, California, freelance journalist Kim Zetter who was a WIRED magazine senior staff writer at the time. In a 2014 WIRED article by Zetter introducing the book we were told:

    In January 2010, inspectors with the International Atomic Energy Agency visiting the Natanz uranium enrichment plant in Iran noticed that centrifuges used to enrich uranium gas were failing at an unprecedented rate. The cause was a complete mystery—apparently as much to the Iranian technicians replacing the centrifuges as to the inspectors observing them.
    Five months later a seemingly unrelated event occurred. A computer security firm in Belarus was called in to troubleshoot a series of computers in Iran that were crashing and rebooting repeatedly. Again, the cause of the problem was a mystery. That is, until the researchers found a handful of malicious files on one of the systems and discovered the world's first digital weapon.

Most Americans didn't follow the extensive discussion in the technical press and even the more mainstream press like Forbes in 2010, and like Donald Trump, didn't and won't read the book.

So, in 2016 Showtime Documentary Films released producer/director Alex Gibney's Peabody Award winning Zero Days which was the first time that the complete story of the phenomenon was captured on film. It was intended to be a call-to-action for countries and citizens to address the issue of cyberattacks and to start public discourse on what could happen if, and when, diplomacy fails.

Of course documentary films are not entertaining enough for most, so Gibney and HBO are working on a miniseries which maybe more Americans will watch. Gibney recently commented on the U.S. government engaging in a new kind of warfare against other nations in peacetime:

    It sent another kind of message, too, which is, the United States and Israel will use weapons and attack people first, and that sets a different kind of precedent for other countries, as well: Why shouldn’t we do the same? You can say that what we did with Stuxnet was an undeclared act of war—it was an attack on critical infrastructure in a time of peace. That sets a terrible legal precedent. Right now, the norm in cyber is, do whatever you can get away with. Well, if you’re an average citizen, that’s not a very comforting idea.

That is particularly true where people live in an open society and elect their government. Here in the United States there is a lot of complaining going on about the Russians interfering in our elections through a kind of cyberwarfare. Really? We in the United States are complaining? Being well-informed citizens of a democratic society already know we started the war. Sure we do.

And being such citizens  we know we each have given in extra funding to our local and state and federal officials annually at least as much as we spend on smart phones and related service protect us from cyberwarfare. We do this because we value secure elections more than anything. Sure.

We are already losing this war by our complaining.

But there an ongoing misuse of power related to this story.

Kaspersky Lab, one of the leading antivirus companies, has been the target of those who are revel in our war effort. Companies such as Kaspersky are judged in part on how many viruses they are first to detect, and Kaspersky was considered among the best. But with its success came controversy. Some accused Kaspersky of having ties with the Russian government—accusations the company has denied. As noted in the 2015 WIRED article by Zetter Kaspersky Finds New Nation-State Attack—In Its Own Network:

    Researchers at Kaspersky Lab in Russia have discovered yet another new nation-state attack attributed to members of the infamous Stuxnet and Duqu gang. But this time the perpetrators were hiding in plain sight—inside the security firm's own networks.
    Kaspersky wasn't the only victim of Duqu 2.0. Based on data the company collected from its customers, the attackers also struck a series of hotels and conference venues, each of them a location where members of the UN Security Council met in the past year to negotiate Iran's nuclear program. That program is a recurring interest for the attackers behind the Duqu code, which shouldn't come as a big surprise. The US and Israel reportedly were behind Stuxnet, but various researchers have long suspected that Israel alone was behind the Duqu code. The focused spying on the nuclear negotiations, from which Israel was excluded, would seem to support this theory.
    Additionally, the security firm Symantec, which obtained samples of Duqu 2.0 provided by Kaspersky, uncovered more victims of the targeted attack code among its own customers, and found that some of these victims were in the US—a fact that would be cause for even more concern if the attack were perpetrated by the US government.

When Stuxnet went wild and similar virus attacks started to appear widespread, Kaspersky started an investigation and soon concluded that the code was too sophisticated to be the brainchild of a ragtag group of black-hat hackers. Kaspersky Lab concluded that the sophisticated attack could only have been conducted "with nation-state support." The worm had infected a nuclear powerplant in Russia.

In 2015, Kaspersky Labs noted that the Equation Group had used two of the same zero-day attacks, prior to their use in Stuxnet, and commented that: "the similar type of usage of both exploits together in different computer worms, at around the same time, indicates that the Equation Group and the Stuxnet developers are either the same or working closely together".

The Equation Group, classified across the world as an advanced persistent threat, is the code name for the Tailored Access Operations (TAO) unit of the United States National Security Agency (NSA). Kaspersky Labs describes them as one of the most sophisticated cyber attack groups in the world and "the most advanced ... we have seen", operating alongside but always from a position of superiority with the creators of Stuxnet and Flame. Most of their targets have been in Iran, Russia, Pakistan, Afghanistan, India, Syria, and Mali.

Kaspersky Lab ranks fourth in the global ranking of antivirus vendors by revenue. It was the first Russian company to be included into the rating of the world’s leading software companies, called the Software Top 100 (65th on the list published in 2016). According to Gartner, Kaspersky Lab is currently the third largest vendor of consumer IT security software worldwide and the fifth largest vendor of Enterprise Endpoint Protection. Kaspersky Lab has been named a "Leader" in the Gartner Magic Quadrant for Endpoint Protection Platforms.

So of course Kaspersky literally became a target of the U.S. Congress and the Trump Administration, neither one of which has offered significant protection for the 2018 elections. The Equation Group could do that, though they would have to either be given more money or spend less time attacking foreign nations. In fact, a division of Equation Group would have to be repurposed for the defense of the United States. But our members of Congress would first have to acknowledge that the Equation Group exists and what it is doing.

In October 2012, U.S. defense secretary Leon Panetta warned that the United States was vulnerable to a “cyber Pearl Harbor” that could derail trains, poison water supplies, and cripple power grids. When (not "if") that happens, Americans will blame someone else. And the rest of the world will continue to puzzle over how we simultaneously could be so arrogant and so ignorant.

No comments: