Fancy That!

Digital warfare is here to stay. Ignore it, pretend the ever-growing range of affected themes is merely a product of malice, but the fact is we’ve entered an era of digital history.

Over the last years, digital attacks have targeted industry (Iranian nuclear facilities), politics (Democratic National Convention hacks), and sport (medical records of Olympic athletes).

Many of these attacks take the form of zero-day vulnerabilities, a matter I’ve discussed in these pages. All software contains bugs, and zero-days exploit undetected issues such as buffer overflows to penetrate target systems.

Zero-days are worth a fortune, typically tens to hundreds of thousands of dollars, and a burgeoning market exists to discover and sell them—mainly to governments.

The view from the top: an image from 2006 of the Iranian nuclear facility at Natanz.

The view from the top: the Iranian nuclear facility at Natanz.

Stuxnet, the virus designed to attack the centrifuges at Natanz, was a joint U.S.-Israeli operation. The story of the worm’s discovery, its development, and  a broader analysis of the consequences of this digital war was published in Wired, and then released as a book.

The history of Stuxnet is the tale of digital warfare, made possible by the internet. Hacking starts with sophisticated social engineering, enticing you to click on the wrong thing.

That initiates the process of delivery of malware to your laptop, iPhone, or tablet. The typical delivery mechanism is a zero-day that takes advantage of some coding flaw. Just like any other missile, the objective is to deliver a payload, or warhead, which then dedicates itself to ensuring you have a really bad hair day.

The original Stuxnet virus contained five zero-days, worth about half a million bucks.

Because all the major software components you use are American-made, the Bush (dubya) administration found itself in the awkward position of targeting US companies, although its major entry-point was via client machines.

As an example, Microsoft Windows Update was hacked so it could deliver a virus—a brilliant choice, because Update goes right to the core of the operating system. It has to, because its job is to patch (update or replace) system files.

But you can imagine how business confidence in Microsoft is eroded if you can’t trust their software to behave itself in your own home.

As soon as hacking became the province of governments, which it now is, everything got much more complicated. The previous US republican administration obtained four hundred million dollars to develop digital warfare, and in particular to attack the Iranian nuclear program—I assure you Obama will be doing the same right now to North Korea.

In order to program something as complex as the Stuxnet ‘family’ (because various flavors have been discovered), you need top brains and top dollar. But to make sure Stuxnet delivered, the Americans set up their own uranium enrichment plant in Oak Ridge, Tennessee, and proceeded to test and explode a bunch of centrifuge tubes.

Letting potential enemies build your critical infrastructure is always a risk, which is probably why the Chinese shouldn’t be building Hinckley Point, Britain’s new atomic power plant.

The Russians are deep into the whole digital hackfest, with alleged government fringe firms with names like Cosy Bear and Fancy Bear. Medvedev is the Russian word for bear, and these ‘Meds’ jumped right in after the Rio Olympics to highlight the injustice done to Russian athletes.

Ultimately, digital warfare has potentially huge consequences for democracy itself—just follow the hacking sharks that circle the November election.

The India Road, Atmos Fear, and Clear Eyes. QR links for smartphones and tablets.

The India Road, Atmos Fear, and Clear Eyes. QR links for smartphones and tablets.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: