The Perfect Weapon
Page 36
the recommendation leaked immediately: David E. Sanger and William Broad, “Pentagon Suggests Countering Devastating Cyberattacks with Nuclear Arms,’’ New York Times, January 17, 2018, www.nytimes.com/2018/01/16/us/politics/pentagon-nuclear-review-cyberattack-trump.html.
Terrorism topped that list: John D. Negroponte, “Annual Threat Assessment of the Director of National Intelligence,” January 11, 2007, www.dni.gov/files/documents/Newsroom/Testimonies/20070111_testimony.pdf.
“Great power competition”: Helene Cooper, “Military Shifts Focus to Threats by Russia and China, Not Terrorism,” New York Times, January 20, 2018, www.nytimes.com/2018/01/19/us/politics/military-china-russia-terrorism-focus.html.
“so obsolete in cyber”: “Transcript: Donald Trump Expounds on His Foreign Policy Views,” New York Times, March 26, 2016, www.nytimes.com/2016/03/27/us/politics/donald-trump-transcript.html.
“So much of the fabric of our society”: Joyce spoke at the Aspen Institute in Washington, DC, on November 15, 2017: www.aspeninstitute.org/events/cyber-breakfast-view-from-the-white-house/.
hybrid war: Valery Gerasimov, “The Value of Science Is in the Foresight,” Military-Industrial Courier, February 2013.
“little price to pay”: Andrew Desiderio, “NSA Boss Suggests Trump Lets Putin Think ‘Little Price to Pay’ for Messing With U.S.,” Daily Beast, February 27, 2018, www.thedailybeast.com/nsa-boss-seems-to-hit-trump-on-russia-putin-believes-little-price-to-pay-for-messing-with-us.
Wilbur and Orville: Andrew Glass, “President Taft Witnesses Wright Brothers Flight, July 29, 1909,” Politico, July 29, 2016, www.politico.com/story/2016/07/president-taft-witnesses-wright-brothers-flight-july-29-1909-226158.
airplanes manufactured in the United States: Stephen Budiansky, Air Power (New York: Penguin Books, 2004).
PROLOGUE: FROM RUSSIA, WITH LOVE
Ukraine was a playground and testing ground: Wired’s Andy Greenberg wrote some of the best pieces on the Ukraine hack. See “How an Entire Nation Became Russia’s Test Lab for Cyberwar,” June 20, 2017, www.wired.com/story/russian-hackers-attack-ukraine/.
sitting in darkness: “Cyber-Attack Against Ukrainian Critical Infrastructure,” Industrial Control Systems, Cyber Emergency Response Team, February 25, 2016, ics-cert.us-cert.gov/alerts/IR-ALERT-H-16-056-01.
shut them off at will: Nicole Perlroth and David E. Sanger, “Cyberattacks Put Russian Fingers on the Switch at Power Plants, U.S. Says,” New York Times, March 16, 2018, www.nytimes.com/2018/03/15/us/politics/russia-cyberattacks.html.
CHAPTER I: ORIGINAL SINS
“Old Headquarters”: Steve Hendrix, “Former OSS Spies on a Mission to Save Old Headquarters,” Washington Post, June 28, 2014, www.washingtonpost.com/local/former-oss-spies-on-a-mission-to-save-old-headquarters/2014/06/28/69379d16-fd7d-11e3-932c-0a55b81f48ce_story.html?utm_term=.0e1c8190b76b.
As our story explained: David E. Sanger, “Obama Order Sped Up Wave of Cyberattacks Against Iran,” New York Times, June 1, 2012, www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html.
That is exactly what happened: My story of Stuxnet and its political history was Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power (New York: Crown Publishers, 2012), and excerpted in the Times on June 1, 2012. In a “Note on Sources” in the book, I wrote that “I discussed with senior government officials the potential risks of publication of sensitive information that touches on ongoing intelligence operations.” But I gave no details of those discussions, which were off the record. In the intervening years, responding to Freedom of Information Act requests from other news organizations, the CIA has released emails indicating with whom I spoke and some of the content, while redacting details it still regards as sensitive. Other details appeared in court filings surrounding the case of Gen. James A. Cartwright, who was charged with lying to the FBI in connection with the investigation into the book’s revelations. (Cartwright was later pardoned by President Obama.) In providing this account, I am continuing to respect any off-the-record agreements we had surrounding the conversations for the book, except for material that has already been publicly released or that I have since been given permission to reveal.
the FBI was called in to investigate: Chris Doman, “The First Sophisticated Cyber Attacks”: How Operation Moonlight Maze Made History,” Medium, July 7, 2016, medium.com/@chris_doman/the-first-sophistiated-cyber-attacks-how-operation-moonlight-maze-made-history-2adb12cc43f7.
Colorado School of Mines: Ben Buchanan and Michael Sulmeyer, “Russia and Cyber Operations: Challenges and Opportunities for the Next U.S. Administration,” Carnegie Endowment for International Peace, December 13, 2016, carnegieendowment.org/2016/12/13/russia-and-cyber-operations-challenges-and-opportunities-for-next-u.s.-administration-pub-66433.
The hackers had lurked: Doman, “The First Sophisticated Cyber Attacks.”
“This was a real wake-up call”: For a good summary of declassified documents on Moonlight Maze, see Ibid. Thomas Rid also has a helpful guide to the attacks in Rise of the Machines: A Cybernetic History (New York: W. W. Norton & Company, 2016).
“targeted network”: Michael Hayden, Playing to the Edge: American Intelligence in the Age of Terror (New York: Penguin Books, 2016), 184.
“tools available to a president”: Sam LaGrone, “Retired General Cartwright on the History of Cyber Warfare,” USNI News, October 18, 2012, news.usni.org/2012/10/18/retired-general-cartwright-history-cyber-warfare.
worldwide threat assessment: John D. Negroponte, January 11, 2007, “Annual Threat Assessment of the Director of National Intelligence,” www.dni.gov/files/documents/Newsroom/Testimonies/20070111_testimony.pdf.
Chinese attacks on American companies: Department of Justice, “Chinese National Who Conspired to Hack into U.S. Defense Contractors’ Systems Sentenced to 46 Months in Federal Prison,” July 13, 2016, www.justice.gov/opa/pr/chinese-national-who-conspired-hack-us-defense-contractors-systems-sentenced-46-months.
Lockheed Martin’s networks: Justin Ling, “Man Who Sold F-35 Secrets to China Pleads Guilty,” VICE News, March 24, 2016, news.vice.com/article/man-who-sold-f-35-secrets-to-china-pleads-guilty.
Barack Obama and John McCain: Lee Glendinning, “Obama, McCain Computers ‘Hacked’ During Election Campaign,” Guardian, November 7, 2008, www.theguardian.com/global/2008/nov/07/obama-white-house-usa.
the true wake-up call: Ellen Nakashima, “Cyber Intruder Sparks Response, Debate,” Washington Post, December 6, 2011, www.washingtonpost.com/national/national-security/cyber-intruder-sparks-response-debate/2011/12/06/gIQAxLuFgO_story.html?utm_term=.ed05d5330dc5.
The Russians had left USB drives: William J. Lynn III, “Defending a New Domain,” Foreign Affairs, September–October 2010, www.foreignaffairs.com/articles/united-states/2010-09-01/defending-new-domain.
an equally important motivation: Israeli defense minister Ehud Barak admitted as much to biographers in recorded interviews. Later, Israeli officials asked how that news got past the country’s military censors. Jodi Rudoren, “Israel Came Close to Attacking Iran, Ex-Defense Minister Says,” New York Times, August 22, 2015, www.nytimes.com/2015/08/22/world/middleeast/israel-came-close-to-attacking-iran-ex-defense-minister-says.html.
President Bush had secretly authorized a covert plan: David E. Sanger, “U.S. Rejected Aid for Israeli Raid on Iranian Nuclear Site,” New York Times, January 10, 2009, www.nytimes.com/2009/01/11/washington/11iran.html.
the quiet engineer who dug in: Together they became hacker heroes in Zero Days, the 2016 Alex Gibney documentary, which was based in part on the story about Stuxnet I told in Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power (New York: Crown Publishers, 2012). I have benefited from much of the research that Gibney and his team conducted in the two
years they spent making the documentary, including the description of “Nitro Zeus”—a plan to shut down Iran’s power grid and other facilities in case of war.
spymaster Meir Dagan: David E. Sanger, “A Spymaster Who Saw Cyberattacks as Israel’s Best Weapon Against Iran,” New York Times, March 23, 2016,www.nytimes.com/2016/03/23/world/middleeast/israel-mossad-meir-dagan.html.
“sticky bombs”: David E. Sanger, “America’s Deadly Dynamics with Iran,” New York Times, November 6, 2011, www.nytimes.com/2011/11/06/sunday-review/the-secret-war-with-iran.html.
On his desk: Isabel Kershner, “Meir Dagan, Israeli Spymaster, Dies at 71; Disrupted Iran’s Nuclear Program,” New York Times, March 18, 2016, www.nytimes.com/2016/03/18/world/middleeast/meir-dagan-former-mossad-director-dies-at-71.html.
Dagan devoted his last years in office: Ronen Bergman, Rise and Kill First (New York: Random House, 2018), 623.
“intolerable consequences”: Ronen Bergman, “When Israel Hatched a Secret Plan to Assassinate Iranian Scientists,” Politico, March 5, 2018, www.politico.com/magazine/story/2018/03/05/israel-assassination-iranian-scientists-217223.
Iraq’s Osirak nuclear reactor: Mark Mazzetti and Helene Cooper, “U.S. Confirms Israeli Strikes Hit Syrian Target Last Week,” New York Times, September 11, 2007, www.nytimes.com/2007/09/12/world/middleeast/12syria.html.
“taken it to a new level”: Elad Benari, “McCain: Obama Leaked Info on Stuxnet Attack to Win Votes,” Israel National News, April 6, 2012, www.israelnationalnews.com/News/News.aspx/156501.
“we have mechanisms in place”: “Remarks by the President,” June 8, 2012, James S. Brady Press Briefing Room, obamawhitehouse.archives.gov/the-press-office/2012/06/08/remarks-president.
CHAPTER II: PANDORA’S INBOX
“The science-fiction cyberwar scenario is here”: Alex Gibney, dir., Zero Days, Magnolia Pictures, 2016.
It formally came into existence: Siobhan Gorman and Yochi Dreazen, “Military Command Is Created for Cyber Security,” Wall Street Journal, June 24, 2009, www.wsj.com/articles/SB124579956278644449.
“these are the kinds of [decisions] that are serious”: The full transcript of the interview with Carter, conducted at the Aspen Security Forum, is at archive.defense.gov/Transcripts/Transcript.aspx?TranscriptID=5277.
Gates wrote a blistering memorandum: I described this set of exchanges between Gates and Donilon in The Inheritance (New York: Crown Publishers, 2009), 185–86.
“attack plan on this scale”: For the description of Nitro Zeus I am indebted to my friend Javier Botero, who headed an investigative team for Alex Gibney’s production of Zero Days, a documentary about cyber conflict that was based in part on revelations in Confront and Conceal. Javier went far beyond my reporting, finding many former members of the military and civilian teams that engaged in the planning for the larger operation against Iran, and described its risks.
the two secret cyber programs suggest: David E. Sanger and Mark Mazzetti, “U.S. Had Cyberattack Plan If Iran Nuclear Dispute Led to Conflict,” New York Times, February 17, 2017, www.nytimes.com/2016/02/17/world/middleeast/us-had-cyberattack-planned-if-iran-nuclear-negotiations-failed.html.
“We have seen nation-states spending a lot of time and a lot of effort”: Damian Paletta, “NSA Chief Says Cyberattack at Pentagon Was Sophisticated, Persistent,” Wall Street Journal, September 8, 2015, www.wsj.com/articles/nsa-chief-says-cyberattack-at-pentagon-was-sophisticated-persistent-1441761541.
“ask yourself why”: Ibid.
“Don’t pick on us”: David E. Sanger, “U.S. Indicts 7 Iranians in Cyberattacks on Banks and a Dam,” New York Times, March 25, 2016, www.nytimes.com/2016/03/25/world/middleeast/us-indicts-iranians-in-cyberattacks-on-banks-and-a-dam.html.
announced the creation of cybercorps: Thom Shanker and David E. Sanger, “U.S. Suspects Iran Was Behind a Wave of Cyberattacks,” New York Times, October 14, 2012, www.nytimes.com/2012/10/14/world/middleeast/us-suspects-iranians-were-behind-a-wave-of-cyberattacks.html.
Iranian hackers began targeting: “Iranians Charged with Hacking U.S. Financial Sector,” FBI, March 24, 2016, www.fbi.gov/news/stories/iranians-charged-with-hacking-us-financial-sector.
Iranians struck Saudi Arabia: Ross Colvin, “ ‘Cut Off Head of Snake’ Saudis Told U.S. on Iran,’ ” Reuters, November 28, 2010, www.reuters.com/article/us-wikileaks-iran-saudis/cut-off-head-of-snake-saudis-told-u-s-on-iran-idUSTRE6AS02B20101129.
Hackers found an easy target in Saudi Aramco: Nicole Perlroth and David E. Sanger, “Cyberattacks Seem Meant to Destroy, Not Just Disrupt,” New York Times, March 29, 2013, www.nytimes.com/2013/03/29/technology/corporate-cyberattackers-possibly-state-backed-now-seek-to-destroy-data.html.
their hackers wreaked havoc: David E. Sanger, David D. Kirkpatrick, and Nicole Perlroth, “The World Once Laughed at North Korean Cyberpower. No More,” New York Times, October 16, 2017, www.nytimes.com/2017/10/15/world/asia/north-korea-hacking-cyber-sony.html.
and the phones were dead: This serves as more evidence, if needed, that companies that try to save money by putting their phones on the same “voice over Internet” networks that their computers run on are increasing their vulnerability.
American intelligence agencies quickly concluded: My colleague Nicole Perlroth did the best contemporaneous account of what happened at Saudi Aramco: “Cyberattack on Saudi Oil Firm Disquiets U.S.,” New York Times, October 24, 2012, www.nytimes.com/2012/10/24/business/global/cyberattack-on-saudi-oil-firm-disquiets-us.html. CNN did a good reconstruction of the chaos at Saudi Aramco. See Jose Pagliery, “The Inside Story of the Biggest Hack in History,” CNN, August 5, 2015, money.cnn.com/2015/08/05/technology/aramco-hack/index.html.
CHAPTER III: THE HUNDRED-DOLLAR TAKEDOWN
“Someplace had to be last”: With my colleague Eric Schmitt, I described the role of the “crawler” in a story in the New York Times in early 2014. See David E. Sanger and Eric Schmitt, “Snowden Used Low-Cost Tool to Best NSA,” February 9, 2014, www.nytimes.com/2014/02/09/us/snowden-used-low-cost-tool-to-best-nsa.html.
a peek through the keyhole: Some of my reporting for this chapter draws from a chapter I contributed to Journalism After Snowden, published by Columbia University Press in March 2017.
The Times on the wrong side of his wrath: David Sanger, “U.S. Rejected Aid for Israeli Raid on Iranian Nuclear Site,” New York Times, January 10, 2009, www.nytimes.com/2009/01/11/washington/11iran.html.
he wanted a job at the NSA: Rachael King, “Ex-NSA Chief Details Snowden’s Hiring at Agency, Booz Allen,” Wall Street Journal, February 4, 2014, www.wsj.com/articles/exnsa-chief-details-snowden8217s-hiring-at-agency-booz-allen-1391569429.
As one of my Times colleagues put it so well: Scott Shane, “No Morsel Too Minuscule for All-Consuming N.S.A.,” New York Times, November 3, 2013, www.nytimes.com/2013/11/03/world/no-morsel-too-minuscule-for-all-consuming-nsa.html.
the “wild, wild West”: Barack Obama, in a speech given at Stanford in February 2015, obamawhitehouse.archives.gov/the-press-office/2015/02/13/remarks-president-cybersecurity-and-consumer-protection-summit.
James Clapper said Snowden had taken advantage: David Sanger and Eric Schmitt, “Spy Chief Says Snowden Took Advantage of ‘Perfect Storm’ of Security Lapses,” New York Times, February 12, 2014, www.nytimes.com/2014/02/12/us/politics/spy-chief-says-snowden-took-advantage-of-perfect-storm-of-security-lapses.html?.
But the NSA’s solution was either too late: Jo Becker, Adam Goldman, Michael S. Schmidt, and Matt Apuzzo, “N.S.A. Contractor Arrested in Possible New Theft of Secrets,” New York Times, October 6, 2016, www.nytimes.com/2016/10/06/us/nsa-leak-booz-allen-hamilton.html.
In the days after Snowden showed up: David E. Sanger and Jeremy Peters, “A Promise of Changes for Access to Secrets,” New York Times, June 14, 2013, www.nyt
imes.com/2013/06/14/us/nsa-chief-to-release-more-details-on-surveillance-programs.html?mtrref=www.google.com.
That explains why about one-third: Philip Bump, “America’s Outsourced Spy Force, by the Numbers,” The Atlantic, June 10, 2013, www.theatlantic.com/national/archive/2013/06/contract-security-clearance-charts/314442/.
In 2005 the air force hired the RAND Corporation: Evan S. Medeiros et al., A New Direction for China’s Defense Industry, Rand Corporation, 2005, www.rand.org/content/dam/rand/pubs/monographs/2005/RAND_MG334.pdf.
blocked the purchase: Steven R. Weisman, “Sale of 3Com to Huawei Is Derailed by U.S. Security Concerns,” New York Times, February 21, 2008, www.nytimes.com/2008/02/21/business/worldbusiness/21iht-3com.html.
That was the name of a covert program: David E. Sanger and Nicole Perlroth, “N.S.A. Breached Chinese Servers Seen as Security Threat,” New York Times, March 23, 2014, www.nytimes.com/2014/03/23/world/asia/nsa-breached-chinese-servers-seen-as-spy-peril.html?.
In late 2013, Der Spiegel published the “ANT catalog”: Spiegel Staff, Documents Reveal Top NSA Hacking Unit, December 29, 2013. www.spiegel.de/international/world/the-nsa-uses-powerful-toolbox-in-effort-to-spy-on-global-networks-a-940969.html; Jacob Appelbaum, Judith Horchert, and Christian Stöcker, “Shopping for Spy Gear: Catalog Advertises NSA Toolbox,” Der Spiegel, December 29, 2013, www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html.
The catalog revealed: I had been aware of these technologies in 2012, when I first published accounts of Olympic Games, in which they were important. But I withheld some of the details at the request of American officials who did not believe the Iranians yet understood how the technology worked. After the Snowden revelations, of course, they had a road map.