by Marc Goodman
The group’s motto, “We are Anonymous. We are legion. We do not forgive. We do not forget. Expect us,” manifests its organizational ethos: “The corrupt fear us. The honest support us. The heroic join us.” When MasterCard, Visa, and PayPal all agreed to stop funneling donations to Julian Assange’s WikiLeaks organization, Anonymous responded by launching a series of effective cyber attacks against the financial firms. Anonymous is strongly against what it perceives to be rigid antipiracy laws, and it took credit for an earlier attack against the Sony PlayStation Network in response to Sony’s support of U.S. antipiracy legislation known as the Stop Online Piracy Act.
Anonymous views itself as hacking for good and has taken on a wide variety of social causes, including its support of activists throughout the Middle East during the Arab Spring. Even some of the group’s most ardent critics might find themselves supporting some of Anonymous’s lesser-known activities in combating criminal organizations and injustice. For example, during an attack dubbed Operation Darknet, members of Anonymous targeted child pornography Web sites hosting vile images of young children being sexually abused. The hacker collective knocked the sites off-line and released the names of fifteen hundred pedophiles using the services. Whether one supports or detests the actions taken by Anonymous and other hacktivist organizations, one thing is clear: they are a force to be reckoned with among the wide tapestry of threat actors in our überconnected world.
Hacktivists are capable of targeting any individual or corporation and can even have geopolitical impact the world over, as was seen during the Arab Spring. In recognition of their growing power, Time magazine ranked Anonymous as one of the hundred most influential people in the world in 2012. Their burgeoning influence and capabilities have not gone unnoticed by government, and it was recently revealed that the Government Communications Headquarters (GCHQ), the British equivalent of the American National Security Agency, had launched its own series of denial-of-service attacks against Anonymous and its membership in an effort to disrupt their activities. This dramatic response by the state against a non-state actor and hacktivist group demonstrates the impact Anonymous is having in the world.
Meanwhile, terrorist organizations too are increasingly using the Internet and other technologies to plan, support, and execute their murderous activities. Technology helps terrorists recruit new members in underground chat rooms, finance operations (through cyber crime or online fund-raising), communicate clandestinely, and disseminate propaganda, such as the gruesome beheading videos produced by ISIS (the Islamic State). ISIS is tech savvy and in its latest recruitment videos even edited in scenes from the video game Grand Theft Auto V for effect. In its online video production, the reviled terror group offered new recruits the opportunity to “do the things you do in games, in real life on the battlefield … like attack a military convoy or kill police officers.” The video is plastered with the ISIS logo.
Internet reconnaissance and research by terrorists are commonplace, and on more than one occasion officials have found Google Earth images of intended targets, including a 2007 planned attempt by terrorists to blow up fuel tanks at New York’s John F. Kennedy International Airport. Terrorists have been early adopters of technology, particularly in their use of data encryption to secure their communications. For instance, “Ramzi Yousef, the convicted mastermind of the first World Trade Center Bombing in 1993, used encrypted files to hide details of his plot to destroy 11 U.S. airliners.” In the Yousef case, it took law enforcement authorities more than a year to break the encryption algorithm used by the terrorist, and in doing so, police officials were fortuitously able to prevent the plot against the airlines.
Some counterterrorism experts have referred to the Internet as a “terrorist university,” a place where terrorists can learn new techniques and skills to make them more effective in their attack methodologies. Widely available online are documents such as The Mujahideen Poisons Handbook, which contains various “recipes” for homemade poisons and poisonous gases. The six-hundred-page Encyclopedia of Jihad is also widely available online and includes chapters such as “How to Kill,” “Explosive Devices,” “Manufacturing Detonators,” and “Assassination with Mines.” In a striking example of how dangerous such online education can be, Dzhokhar Tsarnaev, the terrorist suspect arrested for his role in the April 2013 Boston Marathon bombings, admitted to authorities he and his brother learned how to make the pressure-cooker bomb used in the attack after reading step-by-step instructions published in al-Qaeda’s online magazine, Inspire, in an article titled “Make a Bomb in the Kitchen of Your Mom.”
Not only are terrorists using the Internet for operational support and planning, but they have turned to both hacking and cyber crime as means of funding and carrying out their real-world terrorist operations. In June 2007, a U.K. terrorist cyber cell was disrupted by police when three British residents, Tariq al-Daour, Waseem Mughal, and Younes Tsouli, were charged with using the Internet to incite murder. Evidence presented showed that the men had used hacked credit card accounts to purchase goods to assist fellow jihadists—items such as night-vision goggles, global positioning devices, airplane tickets, and prepaid mobile phone cards—for the purpose of providing direct tactical support for terrorist operations. “The trio reportedly made fraudulent charges totaling more than 3.5 million U.S. dollars and was in possession of a database containing nearly 40,000 stolen credit card accounts.”
Even the infamous 2002 Bali bombing mastermind, Imam Samudra from the al-Qaeda-linked terrorist group Jamaah Islamiyah, funded his attack in which more than 200 people were murdered with the $150,000 he obtained by hacking into Western bank accounts and credit lines. Samudra was technologically savvy and while in prison wrote an autobiographical manifesto containing a chapter titled “Hacking, Why Not?” In the book, Samudra shared his hacking and “carding” techniques with his disciples, encouraging them “to take the holy war into cyberspace by attacking U.S. computers, with the particular aim of committing credit card fraud, called ‘carding,’ ” to fund operations. Terrorists seem to be getting the message, and both the 2004 Madrid bombings at the Atocha train station, in which 190 people were killed and nearly 2,000 wounded, and the 7/7 London bombings, in which 52 civilians were slain and over 700 injured, were funded in whole or in part through hacking and credit card fraud.
As the technical hacking skills of terrorist organizations increase, so too does the amount of ill-gotten gains they are capable of generating online. For example, in late 2011, police in the Philippines working with the FBI uncovered a telephone hacking scam against AT&T that defrauded the company and its business customers of $2 million. The Filipino hacking cell was working with Jamaah Islamiyah and funneled the millions back to a Saudi-based terror group that in turn funded the Pakistani-based Lashkar-e-Taiba, the terrorist group responsible for the deadly 2008 bombing siege that gripped the city of Mumbai, India, and killed and maimed hundreds.
It is clear that criminals, hacktivists, and terrorists use our interconnectivity against us, whether for profit, politics, or massacre. They have schooled themselves in science and technology and have proven a formidable force in exploiting the fundamentally insecure nature of our twenty-first-century technological skin. Yet thieves, hackers, activists, and terrorists are not the sole inhabitants of the digital underground. They are accompanied by a phalanx of nation-states, cyber warriors, and foreign intelligence services, each handily playing in the so-called fifth domain, fully leveraging for their own purposes the insecurity of the underlying digital infrastructure that unifies the planet.
Though the average Internet user today may be busily updating his Facebook status or playing Angry Birds, it is important to recall that today’s Internet was born of the Defense Advanced Research Projects Agency (DARPA), a U.S. Department of Defense invention created to ensure redundancy in military communications in the event of nuclear attack. The Internet is a military creation with significant corollary geopolitical ramifications.
&nb
sp; It is when governments turn their attention (and budgets) to offensive cyber operations that we can see the full range of vulnerabilities in the hardware and software upon which we depend and that our common technological frailty is fully exposed. Though a $50,000 criminal extortion demand against Symantec or even a $1 billion hacking loss at Target remains noteworthy and surely merits our attention, it is chump change compared with the computer spying breach of the Pentagon’s $300 billion F-35 Joint Strike Fighter project—the most expensive Defense Department weapons program in history.
In May 2013, the U.S. government specifically named China as being responsible for a series of hacks against vital American defense and government systems, including the F-35. Over the years, it has been reported that many other defense blueprints and technologies have been stolen, including those from an advanced Patriot missile system known as PAC-3, the navy’s Aegis Ballistic Missile Defense system, the F/A-18 fighter, the V-22 Osprey, the Black Hawk helicopter, and the littoral combat ship. According to an FBI report, China has secretly developed an army of 180,000 cyber spies and warriors, mounting an incredible ninety thousand computer attacks a year against the U.S. Defense Department networks alone. The totality of the thefts and their impact on American national security are breathtaking.
China’s purported cyber-hacking activities provide it with significant strategic advantages, including an immediate tactical and operational edge in any conflict with the United States. Having the blueprints to so many U.S. defense systems provides key details on how they work and importantly how to defeat them in times of crisis. Moreover, this great “brain robbery” saves China billions in research dollars from its own military development costs (and decades of work) by merely appropriating and building upon work paid for by American taxpayers.
Of course it is not just the American military’s technology that is being targeted by China, but rather a litany of Washington institutions, including law firms, think tanks, human rights groups, contractors, congressional offices, embassies, and any number of federal agencies. Moreover, a 2009 report by Canadian researchers at the Infowar Monitor, the SecDev Group, and the Citizen Lab at the University of Toronto uncovered the so-called GhostNet, “a vast global cyber espionage network” extending to 103 countries that was controlled by servers in China and targeted the Tibetan government in exile and the Dalai Lama himself.
China has also been accused of hacking numerous media outlets, including most famously the New York Times in early 2013 after the paper reported that the relatives of China’s prime minister, Wen Jiabao, had accumulated billions of dollars of wealth through their business dealings since Wen had entered office. The breach gave the perpetrators access to any computer on the New York Times’s network, and it was believed the Chinese were working to uncover sources and contacts that might damage the reputations of China’s leaders. The Times hired the private cyber-security firm Mandiant, which investigated the incident and in a fascinating report tied the attack back to Unit 61398 of the People’s Liberation Army. The unit’s headquarters, on Datong Road in the Pudong district of Shanghai, is a 130,000-square-foot, twelve-story building in which thousands of employees go to work every single day hacking governments, companies, and individuals around the world.
Those technological thefts that are not directly carried out by the Chinese state itself are often sponsored by the state and performed by appointed proxies, with profound implications and deep costs for businesses around the world. In 2012, Bloomberg Businessweek covered China’s ongoing theft of global intellectual property in a cover story that screamed in full-page letters, “Hey China! Stop Stealing Our Stuff.” The piece featured the tale of Dan McGahn, the CEO of the Massachusetts-based American Superconductor (AMSC), a green energy technology company specializing in the design of power systems and the software that runs large wind turbines. In March 2011, AMSC’s largest customer—China’s formerly state-owned Sinovel Wind Group—suddenly began refusing shipments at its assembly plant in Liaoning province and canceled more than $700 million of pending orders from AMSC. The market’s response to AMSC’s canceled orders was brutal: a 40 percent drop in valuation in a single day and an 84 percent decline by September of that year.
An investigation into the matter revealed that Sinovel’s own turbines “appeared to be running a stolen version of AMSC’s software” and that the Chinese firm had snatched a complete copy of the American company’s proprietary computer source code. Because Sinovel had in its possession all of AMSC’s intellectual property, it no longer needed AMSC or its products and could merely produce AMSC’s products itself. As a result, the Chinese company canceled its existing supply contracts worth more than $700 million with the Massachusetts firm.
All told, between thefts of commercial, governmental, and military intellectual property, China’s hacking efforts have netted the nation the greatest transfer of wealth in human history. According to Akamai’s State of the Internet report, China is the source of a shocking 41 percent of all of the cyber attacks in the world. Of course China vehemently and routinely denies involvement in any global hacking activities. When allegations arise, responses typically come from a Chinese embassy spokesman in the capital city of the hacked country in question, whether Paris, Berlin, or New Delhi. A message issued by a Chinese embassy official named Wang Baodong in Washington, D.C., is typical of their response: “China is firmly against international hacking activities and is ready to work with other countries to secure the cyberspace.” Wang’s denial is hardly the first time such a response has been issued: a Google search for the phrase “China denies hacking” yields a mere thirty-five million such denials.
Though China is the most populous nation on earth, it is not the only country to engage in cyber operations. According to the former FBI director Robert Mueller, there were at least 108 nations with dedicated cyber-attack units going after industrial secrets and critical infrastructure alike, including Iran. In late 2012, a previously unknown hacker group called Cutting Sword of Justice took responsibility for carrying out the most destructive computer sabotage against a company to date when it targeted the oil and gas giant Saudi Aramco. The offensive took place on the eve of one of the holiest nights in the Islamic calendar, Lailat al-Qadr, the day Muhammad is said to have revealed the Koran to his followers and when Aramco’s fifty-five thousand employees stayed at home to celebrate with family and friends. At stake, 260 billion gallons of oil, valued at over $8 trillion (fourteen times the market cap of Apple Inc.).
During the incident, an unknown insider with access to the facility inserted an infected USB thumb drive into a single PC connected to the company’s computer network. Within minutes, the drive’s viral payload, known as Shamoon, was spreading like wildfire across all of Aramco’s thirty thousand corporate computers. Though its goal was to disrupt oil and gas production at Aramco’s facilities, good security practices meant that the virus “only” destroyed corporate data. The toll? Shamoon erased 75 percent of the company’s thirty thousand corporate hard drives, wiping out “documents, spreadsheets, e-mails, files—replacing all of it with an image of a burning American flag.”
The Cutting Sword of Justice claimed its attack was in response to Saudi “crimes and atrocities” in Syria and Bahrain against Shiite protesters. American intelligence officials suspect that the Cutting Sword of Justice is nothing more than a front for Iran, which they believe was to blame for sponsoring the attack. The shocking capabilities demonstrated in the Aramco attack predated several other successful attacks by the Iranian government, including a series of distributed-denial-of-service (DDoS) disruptions in early 2013 targeting the American financial services industry. Numerous marquee banks, including JPMorgan Chase, Bank of America, Wells Fargo, BB&T, HSBC, and Citigroup, were affected by the attack, which made their corporate networks and public Web sites inaccessible for extended periods of time and prevented customers from accessing their money. A hacker group calling itself Izz ad-Din al-Qassam Cyber Fighters claimed
responsibility for this cyber blitz, but American officials say the group is merely a proxy for Iran.
The widespread denial-of-service attack against America’s financial industry by Iran was shocking for its size and scope and for the massive volume of data generated by the perpetrators. “Some banks were hit with a sustained flood of traffic that peaked at 70 gigabits” per second. To put that volume of DDoS traffic in perspective, it is as if 1 billion people simultaneously phoned your bank, hung up, and immediately dialed back one second later. In order for your call (or visit to its Web site) to get connected, you would be number 1,000,000,001 on the list to get through. In other words, for all intents and purposes, you would never reach the bank.
Strikingly, the Iranian-backed attack against the financial services sector was reported to be multiple times larger than the infamous 2007 attack against the nation of Estonia by Russian-based hackers—an attack that nearly knocked the small Baltic nation entirely off-line. The incident is widely believed to have been carried out with the direct support of the Russian government via nationalist proxy hackers after Estonia decided to move a Soviet-era grave marker from its long-standing position in Tallinn’s city center to the outskirts of town—a move that deeply offended Moscow. Many security experts called the all-out digital assault against Estonia the “world’s first cyber war” because of its size and scale. Given that Iran had just bested that attack, one security researcher noted the Islamic Republic’s technical bombardments have graduated from being the equivalent of “a few yapping Chihuahuas into a pack of fire-breathing Godzillas.”
Of course, there have also been widespread allegations of hacking by the United States against the rest of the world, based largely on the numerous classified documents stolen and unilaterally released by the former National Security Agency (NSA) contractor Edward Snowden beginning in June 2013. Snowden detailed at great length the global technical surveillance apparatus run by the National Security Agency and provided documentary evidence to support his claims in discussions with the journalists Glenn Greenwald and Laura Poitras. Programs such as PRISM and XKeyscore subsequently came to light, as did the NSA’s purported ability to track billions of e-mails, phone messages, chat sessions, and SMS texts each and every day.
