North Korea, Sony and cyber-war: what hath Stuxnet wrought?

#Diplomacy

The danger of cyber-war is that it doesn’t kill (directly), nor does it have a byline - there are no national markings that identify who wrote it and funded it

Richard Silverstein's picture
Friday 13 February 2015 8:00 UTC
Topics:
Tags: 

US and world media have been filled with headlines about the massive cyber-attack on the computer systems of the Hollywood studio, Sony Pictures. US officials have declared that North Korea, with the possible help of Chinese hackers, organised the intrusion, which netted terabytes worth of sensitive corporate and personal data. North Korea’s purported motive was the pending release of the Sony-produced film, “The Interview”, which portrays the assassination of the country’s dictator, Kim Jong Un. The Sony hack wasn’t terribly sophisticated. But the means and methods used to search for and harvest the data indicated a nation state was responsible.

If there had been no prior context to the Sony hack, it wouldn’t merit much attention: a movie based on a tasteless premise insulted a dictator the world has no use for. A few Hollywood executives were embarrassed by having their catty, gossipy lives exposed. So what?

But there is context and once examined, this incident offers a sense of foreboding. It forces us to acknowledge the capabilities of nation-states to assault bedrock corporate or governmental interests. Even if we acknowledge that Sony isn’t exactly a “too big to fail” corporation, when you take into account the US government response to this intrusion, it becomes clear that such hacks could easily escalate and have unforeseen consequences.

In this case, the US, without acknowledging its role publicly, appears to have responded by knocking out North Korea’s internet capability over the course of two days. A devil’s advocate may argue that this appears to be a proportional response to the damage done by North Korea.  Maybe so.

But can we assume that this will always be the case? Can we assume that both attackers and victims will always choose their targets carefully, inflict damage that is precisely targeted, and that the victim will respond in a manner that is judicious? Given human nature and the calibre of rulers in the world, you’d have to be foolish to believe this.

Let’s return to the subject of context for this cyber-attack: in the recent past, computer security analysts believe that Iranian interests launched a massive strike against the computer network of the Las Vegas Sands Hotel. The evidence the attackers left at the scene of the crime indicate Iran was angry that the Sands CEO, Sheldon Adelson, had publicly advocated launching a nuclear attack against Iran. The hack was meant both as revenge and a warning that opening one’s mouth against an entire nation has a price.

The Sands at first played down the attack and claimed it was confined to a relatively small part of its corporate empire, a casino in Bethlehem, PA. But Business Week exposed this as a corporate lie meant to shield the company from the embarrassing truth: that the hackers took out the entire US telecommunications system for days, if not weeks. The magazine also notes that had the intruders played their cards better, they would’ve been able to destroy virtually the entire corporate international communications system, including Macau, where the lion’s share of the Sands revenue originates.

In the past year, Sands stock has lost 33 percent of its value and Adelson himself has lost $10 bn in net worth. Though there are many causes of this downturn, it can’t help that Adelson endangered his company with his bellicose anti-Iran rhetoric.

Iranian interests are believed to have launched other major corporate attacks against US banks and the Saudi national oil company, Aramco. The latter caused $40 million in damage and destroyed the company’s entire computer system. The motivation for such an attack is the Sunni Saudi Arabia’s implacable hostility to the Iranian Shiite. The Saudis have funded Israeli assassinations of Iranian nuclear scientists and other attacks on Iranian infrastructure to the tune of $1 bn.

Let’s return to the origin of these cyber-attacks. During the Bush administration, the government allocated $400 million to destabilise Iran. This was part of a strategy to frustrate that country’s presumed march toward weapons of mass destruction. In 2009, this funding was presumably used by the National Security Administration and the Israeli Army Unit 8200, to create the most powerful malware ever seen. These worms called Stuxnet and Flame, infiltrated Iran’s nuclear facilities and caused the destruction of up to one-third of all its centrifuges enriching uranium, the isotope needed to build a nuclear weapon.

Though there are instances previous to this one in which nation-states are believed to have attacked the computer infrastructure of other states, these were obscure attacks which were hard to attribute. The attack on Iran wasn’t. The world’s leading cyber-security analysts swarmed around this incident and analysed it in minute detail. The overwhelming evidence pointed to a joint Israeli-US attack. It was the first time both a nation-state victim and perpetrator could be linked together. As such, it set a critical precedent and raised the stakes considerably in cyber-war.

All this leads us into a very murky place.  Israeli veteran security correspondent Yossi Melman summarised the issues well in Maariv (Hebrew):

“…Developments between Washington and Pyongyang remind [that] cyber-war…threatens chaos for relations between nations, and damage to the daily lives of innocent civilians…It causes damage to humans, property and the functioning of the state.  Its power and destructive force are not visible to the naked eye, as missiles and bombs are.

…As far as is known, this [Stuxnet] was the first time since WWII that such sophisticated technological means were used. Some have likened ‘Olympic Games’ to the breaking of the German code device, ‘Enigma’ at the hands of British intelligence led by Alan Turing.

The cyber-war between North Korea and the US reinforces how quickly the “fourth dimension” (land, sea, air, and cyber) has become integrated into the intelligence capability and military strategy of nations.

The operation let loose a new weapon on the world…to which more and more nations will turn…Russia makes wide use of this weapon, including penetrating the most secret computer systems of the Israeli defence industry and other secret agencies…

In hindsight, the cyber-weapon which Israel and the US created is a double-edged sword.  What they seek to do to other nations, other nations will do them. The development and use of Stuxnet reminds us of the development of nuclear weapons and their use against Hiroshima and Nagasaki. The scientists developed an idea, made a discovery, and were prepared in the name of their scientific project to go through to the end, while most of them never considered the technological, philosophical or ethical dimension of their discovery.

Politicians and military men who harvested the fruit of this scientific work didn’t waste an opportunity to use it to advance their goals and preserve their rule. A former official involved in developing Stuxnet was asked if any second thoughts had arisen regarding the results of its development.  His answer, which attests to the short-sightedness which largely characterises such projects, was: ‘we had a technological, operational, political opportunity, which those involved believed would bring results, so we use it.’  This is how the genie got out of the bottle.”

After Stuxnet was let loose, the US military announced that in certain circumstances it would consider a cyber-attack an act of war in which it might launch an all-out counter-attack. Until that moment, few in the cyber-security or even national security world had considered cyber-attacks as constituting such danger to the national interest.

Once the genie got out of the bottle, you couldn’t put him back. Now, every nation with cyber-capability has had to consider both their own cyber-weaknesses, how they might be exploited by an enemy, and how they would respond.

When the US dropped the first atomic bomb, the world understood - almost immediately - both the power and danger it posed. Cyber-war isn’t the same. It operates by stealth. Code doesn’t kill (directly), nor does it have a byline. There are no national markings that identify who wrote it and funded it.

So we are in a brave new world in which enemies lurk unnamed and undetected. It is perhaps most akin to terrorism in that attackers often don’t take credit for their murderous actions.  Victim nations sometimes don’t know who the enemy is, nor why he struck. This dark unknown wreaks havoc on rational human response. In the absence of facts, decision-makers may be prone to mistakes or over-reaction. Cyber-war is a recipe for disaster on an international scale.

- Richard Silverstein writes the Tikun Olam blog, devoted to exposing the excesses of the Israeli national security state. His work has appeared in Haaretz, the Forward, the Seattle Times and the Los Angeles Times. He contributed to the essay collection devoted to the 2006 Lebanon war, A Time to Speak Out (Verso) and has another essay in the upcoming collection, Israel and Palestine: Alternate Perspectives on Statehood (Rowman & Littlefield).

The views expressed in this article belong to the author and do not necessarily reflect the editorial policy of Middle East Eye.

Photo credit: A poster for "The Interview" is displayed on the marquee of the Los Feliz 3 cinema December 25, 2014 in Los Angeles (AFP)