Raphael Lemkin, the Polish-Jewish lawyer: “Coining a Word and Championing a Cause: The Story of Raphael Lemkin,” Holocaust Encyclopedia, United States Holocaust Memorial Museum website, www.ushmm.org/.
“This is not simply a case”: Raphael Lemkin, “Soviet Genocide in the Ukraine,” in Holodomor: Reflections on the Great Famine of 1932–1933 in Soviet Ukraine, ed. Lubomyr Y. Luciuk (Kingston, Ontario: Kashtan Press, 2008).
Stalin and his Ukrainian Communist Party subordinate: Reid, Borderland, 150.
Between 800,000 and 1.6 million people: Ibid., 151.
The Nazis rounded up: Ibid., 162.
Even after the Red Army: Ibid., 161.
In all, 1 in 6 Ukrainians died: Vadim Erlikhman, Poteri narodonaseleniia v XX veke: Spravochnik (Moscow: Russkaia Panorama, 2004), 21–35, via Wikipedia.
In the 1950s, through the last years of Stalin’s terror: Reid, Borderland, 205.
On the night of April 25, 1986: Ibid., 194.
Exactly what happened next: “New Study Rewrites First Seconds of Chernobyl Accident,” Sci News, Nov. 21, 2017, www.sci-news.com/.
A jet of radioactive material: “Sequence of Events,” Chernobyl Accident Appendix 1, World Nuclear Association website, Nov. 2009, www.world-nuclear.org.
But no public warning: Reid, Borderland, 197.
They carried flowers, flags, and portraits: Lev Golinkin, “The Lasting Effects of the Post-Chernobyl Parade,” Time, April 30, 2016, time.com.
CHAPTER 7 MAIDAN TO DONBAS
With the U.S.S.R.’s collapse: Reid, Borderland, 216.
In the year 2000, a bodyguard released: Ibid., 244.
Putin had gone so far: Ibid., 246–47.
In 2010, he defeated Tymoshenko: Ibid., 252.
As president, Yanukovich proved himself: Ibid., 253–57.
On one street near the Maidan: Glib Pakharenko, “Cyber Operations at Maidan: A Firsthand Account,” Cyber War in Perspective: Russian Aggression Against Ukraine, May 24, 2014, ccdcoe.org/.
Many Ukrainians believe the Berkut: Plokhy, Gates of Europe, 340.
The death toll: Reid, Borderland, 268.
Before the dust had even settled: Plokhy, Gates of Europe, 340.
In a blink, thirty-five thousand Russian troops: Reid, Borderland, 268.
In July 2014, the callousness: Ray Furlong, “Investigators Say Missile from Russian Unit Downed MH17,” Radio Free Europe/Radio Liberty, May 24, 2018, www.rferl.org/.
“The anti-people junta is trying”: Margaret Coker and Paul Sonne, “Ukraine: Cyberwar’s Hottest Front,” Wall Street Journal, Nov. 9, 2015, www.wsj.com.
(The CyberBerkut hackers would be revealed): Andy Greenberg, “Russian Hackers Are Using ‘Tainted’ Leaks to Sow Disinformation,” Wired, May 25, 2017, www.wired.com.
CHAPTER 9 THE DELEGATION
His unvarnished opinion piece: Robert M. Lee, “The Failing of Air Force Cyber,” Signal, Nov. 1, 2013, www.afcea.org.
“A small number of sources”: Michael J. Assante, “Current Reporting on the Cyberattack in Ukraine Resulting in Power Outage,” SANS Industrial Control Systems Security Blog, Dec. 30, 2015, ics.sans.org/, archived at bit.ly/2WCU0jt.
“The Ukrainian power outage is more likely”: Robert M. Lee, “Potential Sample of Malware from the Ukrainian Cyber Attack Uncovered,” SANS Industrial Control Systems Security Blog, Jan. 1, 2016, ics.sans.org/, archived at bit.ly/2t1l9ib.
The fifty-six-second clip: Andy Greenberg, “Watch Hackers Take Over the Mouse of a Power-Grid Computer,” Wired, June 20, 2017, www.wired.com/.
CHAPTER 10 FLASHBACK: AURORA
On the visitor center’s screens: “Aurora Test Footage,” published by MuckRock, Nov. 9, 2016, www.youtube.com.
CHAPTER 11 FLASHBACK: MOONLIGHT MAZE
It began with a seventy-five-cent: Stoll, Cuckoo’s Egg, 3.
He quickly realized the unauthorized user: Ibid., 28.
The body of one of those cooperators: Ibid., 370.
Though the interlopers routed: Rid, Rise of the Machines, 316.
By one estimate, the total haul: Ibid., 330.
The ministry offered a surprisingly friendly: Ibid.
At the end of that second evening: Ibid., 331.
“those motherfuckers in intelligence”: Kaplan, Dark Territory, 87.
“The Department of Defense has been at cyberwar”: Rid, Rise of the Machines, 333.
It described flying drones: Ibid., 301.
(The exclamation point): “Interview with John Arquilla,” Frontline, interview conducted on March 4, 2003, www.pbs.org.
“It means disrupting if not destroying”: John Arquilla and David Ronfeldt, “Cyberwar Is Coming!,” in In Athena’s Camp: Preparing for Conflict in the Information Age (Santa Monica, Calif.: Rand, 1997), www.rand.org/.
Hamre had said in a 1997: Pierre Thomas, “Experts Prepare for ‘an Electronic Pearl Harbor,’ ” CNN, Nov. 7, 1997, cnn.com.
Rand’s analysts imagined catastrophic: Robert H. Anderson and Anthony C. Hearn, “The Day After…in Cyberspace II,” in An Exploration of Cyberspace Security R&D Investment Strategies for DARPA (Santa Monica, Calif.: Rand, 1996), www.rand.org/.
“Today, our critical systems”: “Transcript: Clinton Remarks on Cyberterrorism on January 7, 2000,” USIS Washington File, Jan. 7, 2000, fas.org.
CHAPTER 12 FLASHBACK: ESTONIA
“You do not agree with the policy”: Joshua Davis, “Web War One,” Wired, Sept. 2007, www.wired.com/.
At almost exactly the stroke of midnight: Eneken Tikk, Kadri Kaska, and Liis Vihul, “International Cyber Incidents: Legal Considerations,” 2010, 20, ccdcoe.org/.
An analysis by the security firm Arbor Networks: Davis, “Web War One.”
“NATO has put its frontline forces”: “Putin’s Prepared Remarks at 43rd Munich Conference on Security Policy,” Washington Post, Feb. 12, 2007, www.washingtonpost.com.
“Those who desecrate monuments”: Guy Faulconbridge, Reuters, May 9, 2007, uk.reuters.com.
CHAPTER 13 FLASHBACK: GEORGIA
Those numbers dwarfed Georgia’s army: Ariel Cohen and Robert E. Hamilton, “The Russian Military and the Georgian War: Lessons and Implications,” Strategic Studies Institute, June 2011, ssi.armywarcollege.edu.
They began within half an hour: Ibid., 45.
But the security firm: Jose Nazario and Andre Dimino, “An In-Depth Look at the Russia-Georgia Cyber Conflict of 2008,” www.shadowserver.org/.
“How did they know that”: Joseph Menn, “Expert: Cyber-attacks on Georgia Websites Tied to Mob, Russian Government,” Los Angeles Times, Aug. 13, 2008, latimesblogs.latimes.com/.
It had consolidated pro-Russian: Luke Coffey, “10 Years After Putin’s Invasion, Russia Still Occupies Parts of Georgia,” Daily Signal, March 1, 2018, www.dailysignal.com.
Only seven in a hundred: Eneken Tikk, Kadri Kaska, and Liis Vihul, “International Cyber Incidents: Legal Considerations,” 2010, 68, ccdcoe.org/.
CHAPTER 14 FLASHBACK: STUXNET
On most matters of national security: Sanger, Confront and Conceal, 201.
But on this, he felt the need: David Sanger, “Obama Order Sped Up Wave of Cyberattacks Against Iran,” New York Times, June 1, 2012, www.nytimes.com.
But international watchdog groups noted: Zetter, Countdown to Zero Day, 70.
Within two months of Ahmadinejad’s election: Ibid., 81.
A crisis was looming: Ibid., 83.
“I need a third option”: Sanger, Confront and Conceal, 191.
For months, the labs would quietly test: Ibid., 198.
Not long after the tests began: Kaplan, Dark Territory, 206.
A chamber inside the length: Ivan Oelrich and Ivanka Barzashka, “How a Centrifuge Works,
” Federation of American Scientists, fas.org/.
“The intent was that the failures”: Sanger, Confront and Conceal, 199–200.
Out of the 8,700 centrifuges: Zetter, Countdown to Zero Day, 3.
As soon as an infected USB: Ibid., 6–11.
And they’d determined that the malware: Ibid., 28–30.
It was only in September 2010: Ibid., 177.
(Siemens software engineers might have been): Sanger, Confront and Conceal, 196.
It would then play that recording: Ibid., 198.
But they had blown the ultrasecret: Ibid., 203.
(It would be two more years): Sanger, “Obama Order Sped Up Wave of Cyberattacks Against Iran.”
Instead, the Americans and Israelis behind: Sanger, Confront and Conceal, 206.
According to some U.S. intelligence analysts: Ibid., 207.
Even in spite of its confusion: Zetter, Countdown to Zero Day, 361.
“Somebody crossed the Rubicon”: Sanger, “Obama Order Sped Up Wave of Cyberattacks Against Iran.”
“This has a whiff of August 1945”: Paul D. Shinkman, “Former CIA Director: Cyber Attack Game-Changers Comparable to Hiroshima,” U.S. News & World Report, Feb. 20, 2013, www.usnews.com.
CHAPTER 15 WARNINGS
The intruders destroyed the contents: Peter Elkind, “Inside the Hack of the Century,” Fortune, June 25, 2015, fortune.com/.
The FBI director, James Comey: Andy Greenberg, “FBI Director: Sony’s Sloppy North Korean Hackers Revealed Their IP Addresses,” Wired, Jan. 7, 2015, www.wired.com.
“They caused a lot of damage”: “Remarks by the President in Year-End Press Conference,” Dec. 19, 2014, www.obamawhitehouse.archives.gov.
In 2014, for instance, after Chinese cyberspies: “U.S. Charges Five Chinese Military Hackers for Cyber Espionage Against U.S. Corporations and a Labor Organization for Commercial Advantage,” Department of Justice, May 19, 2014, www.justice.gov.
Security companies such as CrowdStrike: Andy Greenberg, “Obama Curbed Chinese Hacking, but Russia Won’t Be So Easy,” Wired, Dec. 16, 2016, www.wired.com.
(The Bowman Avenue Dam they’d targeted): Joseph Berger, “A Dam, Small and Unsung, Is Caught Up in an Iranian Hacking Case,” New York Times, March 25, 2016, www.nytimes.com.
CHAPTER 16 FANCY BEAR
On June 14, The Washington Post revealed: Ellen Nakashima, “Russian Government Hackers Penetrated DNC, Stole Opposition Research on Trump,” Washington Post, June 14, 2016, www.washingtonpost.com/.
Cozy Bear, it would later be revealed: Huib Modderkolk, “Dutch Agencies Provide Crucial Intel About Russia’s Interference in US-Elections,” Volksrant, Jan. 25, 2018, www.volkskrant.nl.
“Both adversaries engage in extensive”: Dmitri Alperovitch, “Bears in the Midst: Intrusion into the Democratic National Committee, Opposition Research on Trump,” CrowdStrike, June 15, 2016, www.crowdstrike.com.
“Worldwide known cyber security company”: Guccifer 2.0, “Guccifer 2.0 DNC’S Servers Hacked by a Lone Hacker,” June 15, 2016, guccifer2.wordpress.com, archived at bit.ly/2FOMwEE.
The original Guccifer: Matei Rosca, “Exclusive: Jailed Hacker Guccifer Boasts, ‘I Used to Read [Clinton’s] Memos…and Then Do the Gardening,’ ” Pando, March 20, 2015, pando.com.
“Personally I think that I’m among”: Guccifer 2.0, “FAQ from Guccifer 2.0,” June 30, 2016, guccifer2.wordpress.com, archived at bit.ly/2Mwo3V6.
That clue was almost comically revealing: Thomas Rid, “How Russia Pulled Off the Biggest Election Hack in U.S. History,” Esquire, Oct. 20, 2016, www.esquire.com.
The Russian hackers seemingly hadn’t even bothered: Lorenzo Franceschi-Bicchierai, “Why Does DNC Hacker ‘Guccifer 2.0’ Talk Like This?,” Motherboard, June 23, 2016, motherboard.vice.com.
The hackers sent the news site Gawker: Sam Biddle and Gabrielle Bluestone, “This Looks Like the DNC’s Hacked Trump Oppo File,” June 15, 2016, gawker.com.
DNC officials had furtively discussed: Kristen East, “Top DNC Staffer Apologizes for Email on Sanders’ Religion,” Politico, July 23, 2016, www.politico.com; Mark Paustenbach, “Bernie Narrative,” via WikiLeaks, sent May 21, 2016, wikileaks.org, archived at bit.ly/2FoysLh.
The stolen emails revealed: Jordain Carney, “Wasserman Schultz Called Top Sanders Aide a ‘Damn Liar’ in Leaked Email,” Hill, July 22, 2016, thehill.com; “ ‘This Is a Silly Story. (Sanders) Isn’t Going to Be President,’ ” Boston Herald, July 24, 2016, www.bostonherald.com; Dan Roberts, Ben Jacobs, and Alan Yuhas, “Debbie Wasserman Schultz to Resign as DNC Chair as Email Scandal Rocks Democrats,” Guardian, July 25, 2016, www.theguardian.com.
Guccifer 2.0’s stolen DNC emails: Lee Fang and Zaid Jilani, “Hacked Emails Reveal NATO General Plotting Against Obama on Russia Policy,” Intercept, July 1, 2016, theintercept.com/.
Despite DCLeaks’ attempt to appear: Sean Gallagher, “Candid Camera: Dutch Hacked Russians Hacking DNC, Including Security Cameras,” Ars Technica, Jan. 26, 2018, arstechnica.com.
This time, in a blatant mockery: Andy Greenberg, “Russian Hackers Get Bolder in Anti-Doping Agency Attack,” Wired, Sept. 14, 2016, www.wired.com.
The site, of course: Raphael Satter, “Inside Story: How Russia Hacked the Democrats’ Email,” Associated Press, Nov. 4, 2017, www.apnews.com.
Another seemed to call for “open borders”: “HRC Paid Speeches,” email via WikiLeaks, sent Jan. 25, 2016, wikileaks.org, archived at bit.ly/2RRtcNA.
The security firm Secureworks found the link: “Threat Group 4127 Targets Hillary Clinton Presidential Campaign,” June 16, 2016, www.secureworks.com, archived at bit.ly/2RecMtu.
“I love WikiLeaks!”: Mark Hensch, “Trump: ‘I Love WikiLeaks,’ ” Hill, Oct. 10, 2016, thehill.com.
But for the most part, Trump: Andy Greenberg, “A Timeline of Trump’s Strange, Contradictory Statements on Russian Hacking,” Wired, Jan. 4, 2017, www.wired.com.
Trump’s obfuscation served Fancy Bear: Jake Sherman, “POLITICO/Morning Consult Poll: Only One-Third of Americans Say Russia Influenced 2016 Election,” Politico, Dec. 20, 2016, www.politico.com.
“I think they’ve gotten medals”: Andy Greenberg, “Trump’s Win Signals Open Season for Russia’s Political Hackers,” Wired, Nov. 9, 2016, www.wired.com.
“We know that you are carrying out”: Bill Whitaker, “When Russian Hackers Targeted the U.S. Election Infrastructure,” CBS News, July 17, 2018, www.cbsnews.com.
The same day, the Department of Homeland: “Joint Statement from the Department of Homeland Security and Office of the Director of National Intelligence on Election Security,” Oct. 7, 2016, www.dhs.gov.
“the biggest retaliatory move”: Andy Greenberg, “Obama’s Russian Hacking Retaliation Is Biggest ‘Since the Cold War,’ ” Wired, Dec. 29, 2016, www.wired.com.
CHAPTER 17 FSOCIETY
The picture—first published by researchers: Anton Cherepanov, “The Rise of TeleBots: Analyzing Disruptive KillDisk Attacks,” We Live Security (ESET blog), Dec. 13, 2016, www.welivesecurity.com, archived at bit.ly/2B6Lgc3.
“We are sorry”: Chris Bing, “Early Indications Point to Sandworm Hacking Group for Global Ransomware Attack,” Cyberscoop, June 30, 2017, www.cyberscoop.com.
CHAPTER 18 POLIGON
“This expensive light flicking”: The Grugq, “Cyberwar via Cyberwar During War,” Risky Business, March 6, 2017, www.risky.biz.
CHAPTER 19 INDUSTROYER/CRASH OVERRIDE
ESET named the malware Industroyer: Anton Cherepanov, “Win32/Industroyer: A New Threat for Industrial Control Systems,” ESET paper, June 12, 2017, www.welivesecurity.com, archived at bit.ly/2Tan4N2.
Dragos had taken the controversial step: “CRASHOVERRIDE: Threat to the Electric Grid Operations,” Dragos report, June 12, 2017, dr
agos.com/, archived at bit.ly/2HyuTuB.
“We are deeply concerned”: Maria Cantwell, Ron Wyden, Brian Schatz, Sherrod Brown, Tammy Baldwin, Martin Heinrich, Chris Van Hollen, Christopher Coons, Al Franken, Bernard Sanders, Richard Durbin, Jack Reed, Edward Markey, Tammy Duckworth, Mazie K. Hirono, Thomas Carper, Patty Murray, Christopher Murphy, Jeanne Shaheen, Open Letter to President Trump, June 22, 2017, www.energy.senate.gov.
Send that one packet of eighteen bytes: “Advisory (ICSA-15-202-01) Siemens SIPROTEC Denial-of-Service Vulnerability,” ICS-CERT advisory, July 21, 2015, ics-cert.us-cert.gov.
CHAPTER 21 SHADOW BROKERS
“!!! Attention government sponsors of cyber warfare”: Shadow Brokers, “Equation Group Cyber Weapons Auction—Invitation,” Aug. 13, 2016, originally published on www.pastebin.com, archived at bit.ly/2TfpEBt.
And when he opened them on his PC: Andy Greenberg, “The Shadow Brokers Mess Is What Happens When the NSA Hoards Zero Days,” Wired, Aug. 17, 2016, www.wired.com.
Though the files appeared to be dated: David Sanger, “ ‘Shadow Brokers’ Leak Raises Alarming Question: Was the N.S.A. Hacked?,” New York Times, Aug. 16, 2016, www.nytimes.com.
Cisco, for instance: “Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability,” Cisco Security Advisories and Alerts, Aug. 17, 2018, www.tools.cisco.com, archived at bit.ly/2CnkJAv.
Instead, in the first twenty-four hours: Andy Greenberg, “No One Wants to Buy Those Stolen NSA-Linked Cyberweapons,” Wired, Aug. 16, 2016, www.wired.com.
Sandworm Page 34
