The Perfect Weapon
Page 39
“voter fraud is all too common”: Jeremy Diamond, “Trump: ‘I’m Afraid the Election’s Going to Be Rigged,’ ” CNN, August 2, 2016, www.cnn.com/2016/08/01/politics/donald-trump-election-2016-rigged/index.html.
“critical infrastructure”: Julie Hirschfeld Davis, “U.S. Seeks to Protect Voting System From Cyberattacks,” New York Times, August 4, 2016, www.nytimes.com/2016/08/04/us/politics/us-seeks-to-protect-voting-system-against-cyberattacks.html.
“troubling reports”: Erica R. Hendry, “Read Jeh Johnson’s Prepared Testimony on Russia,” PBS, June 20, 2017, www.pbs.org/newshour/politics/read-jeh-johnsons-prepared-testimony-russia.
state-run election systems: David E. Sanger and Charlie Savage, “U.S. Says Russia Directed Hacks to Influence Elections,” New York Times, October 8, 2016, www.nytimes.com/2016/10/08/us/politics/us-formally-accuses-russia-of-stealing-dnc-emails.html.
first rule of foreign policy: Mark Landler, “In Obama’s Speeches, a Shifting Tone on Terror,” New York Times, June 1, 2014, www.nytimes.com/2014/06/01/world/americas/in-obamas-speeches-a-shifting-tone-on-terror.html.
session with twelve congressional leaders: Susan B. Glasser, “Did Obama Blow It on the Russian Hacking?” Politico, April 3, 2017, www.politico.eu/article/did-obama-blow-it-on-the-russian-hacking-us-elections-vladimir-putin-donald-trump-lisa-monaco/.
interceded in the election: David E. Sanger, “What Is Russia Up To, and Is It Time to Draw the Line?” New York Times, September 30, 2016, www.nytimes.com/2016/09/30/world/europe/for-veterans-of-the-cold-war-a-hostile-russia-feels-familiar.html.
“they have the cyber tools”: Ibid.
envelop its debates in great secrecy: Some of the best details of the debates appeared in a June 23, 2017, reconstruction of events in the Washington Post by Greg Miller, Ellen Nakashima, and Adam Entous: “Obama’s Secret Struggle to Punish Russia for Putin’s Election Assault,” www.washingtonpost.com/graphics/2017/world/national-security/obama-putin-election-hacking/?utm_term=.92aacc38a2da.
Something else had sunk in: This investigation into the Shadow Brokers is drawn from extensive reporting that my colleagues Nicole Perlroth and Scott Shane and I did and published in a November 12, 2017, Times feature, “Security Breach and Spilled Secrets Have Shaken the N.S.A. to Its Core.”
Pho had apparently brought home: In other words, Kaspersky acknowledged finding the NSA’s software on one of its customers’ computers and removing it, but insists it was destroyed; the United States believes it was passed to Russian intelligence. That is why the United States banned Kaspersky products from any government computers in 2017. Pho was secretly arrested in 2015, but the case became public only in December 2017, when he pled guilty to a single count of “willful retention of national defense information.”
“somebody sitting on their bed”: Aaron Blake, “The First Trump-Clinton Presidential Debate Transcript, Annotated,” Washington Post, September 26, 2016, www.washingtonpost.com/news/the-fix/wp/2016/09/26/the-first-trump-clinton-presidential-debate-transcript-annotated/?
Office of the Director of National Intelligence: www.dhs.gov/news/2016/10/07/joint-statement-department-homeland-security-and-office-director-national.
“We believe, based on the scope”: Kate Conger, “U.S. Officially Attributes DNC Hack to Russia,” TechCrunch, October 7, 2016, techcrunch.com/2016/10/07/u-s-attributes-dnc-hack-russia/.
Access Hollywood: David A. Fahrenthold, “Trump Recorded Having Extremely Lewd Conversation About Women in 2005,” Washington Post, October 8, 2016, www.washingtonpost.com/politics/trump-recorded-having-extremely-lewd-conversation-about-women-in-2005/2016/10/07/3b9ce776-8cb4-11e6-bf8a-3d26847eeed4_story.html?utm_term=.302520d75fcb.
shortcomings as a candidate: Amy Chozick, Nicholas Confessore, and Michael Barbaro, “Leaked Speech Excerpts Show a Hillary Clinton at Ease with Wall Street,” New York Times, October 8, 2016, www.nytimes.com/2016/10/08/us/politics/hillary-clinton-speeches-wikileaks.html.
“process of voting”: Politico Staff, “Full Transcript: President Obama’s Final End-of-Year Press Conference,” Politico, December 16, 2016, www.politico.com/story/2016/12/obama-press-conference-transcript-232763.
hacking into American infrastructure: David E. Sanger, “Obama Strikes Back at Russia for Election Hacking,” New York Times, December 30, 2016, www.nytimes.com/2016/12/29/us/politics/russia-election-hacking-sanctions.html.
black wisps of smoke: “Black Smoke Pours from Chimney at Russian Consulate in San Francisco,” CBS News, September 1, 2017, www.cbsnews.com/news/black-smoke-chimney-russian-consulate-san-francisco/.
sat down in Hamburg, Germany: Julie Hirschfeld Davis, David E. Sanger, and Glenn Thrush, “Trump Questions Putin on Election Meddling at Eagerly Awaited Encounter,” New York Times, July 8, 2017, www.nytimes.com/2017/07/07/world/europe/trump-putin-g20.html.
the initial mistakes: Eric Lipton, David E. Sanger, and Scott Shane, “The Perfect Weapon: How Russian Cyberpower Invaded the U.S.,” New York Times, December 13, 2016, www.nytimes.com/2016/12/13/us/politics/russia-hack-election-dnc.html.
CHAPTER XI: THREE CRISES IN THE VALLEY
“If you had asked me”: Kevin Roose and Sheera Frenkel, “Mark Zuckerberg’s Reckoning: ‘This Is a Major Trust Issue,’ ” New York Times, March 22, 2018, www.nytimes.com/2018/03/21/technology/mark-zuckerberg-q-and-a.html.
Twenty minutes after: “Paris Attacks: What Happened on the Night,” BBC News, December 9, 2015, www.bbc.com/news/world-europe-34818994.
“be unforgiving with the barbarians from Daesh”: Adam Nossiter, Aurelien Breeden, and Katrin Bennhold, “Three Teams of Coordinated Attackers Carried Out Assault on Paris, Officials Say; Hollande Blames ISIS,” New York Times, November 15, 2015, www.nytimes.com/2015/11/15/world/europe/paris-terrorist-attacks.html.
“It’s almost never as cool”: David E. Sanger and Eric Schmitt, “U.S. Cyberweapons, Used Against Iran and North Korea, Are a Disappointment Against ISIS,” New York Times, June 13, 2017, www.nytimes.com/2017/06/12/world/middleeast/isis-cyber.html.
“We are dropping cyber bombs”: David E. Sanger, “U.S. Cyberattacks Target ISIS in a New Line of Combat,” New York Times, April 25, 2016, www.nytimes.com/2016/04/25/us/politics/us-directs-cyberweapons-at-isis-for-first-time.html?
“our cyber operations are disrupting their command-and-control”: The White House, Office of the Press Secretary, “Statement by the President on Progress in the Fight Against ISIL,” April 13, 2016, obamawhitehouse.archives.gov/the-press-office/2016/04/13/statement-president-progress-fight-against-isil.
three months behind schedule: Ellen Nakashima, “U.S. Military Cyber Operation to Attack ISIS Last Year Sparked Heated Debate over Alerting Allies,” Washington Post, May 9, 2017, www.washingtonpost.com/world/national-security/us-military-cyber-operation-to-attack-isis-last-year-sparked-heated-debate-over-alerting-allies/2017/05/08/93a120a2-30d5-11e7-9dec-764dc781686f_story.html?
Carter wrote a blistering assessment: Ash Carter, A Lasting Defeat: The Campaign to Destroy ISIS, Belfer Center for Science and International Affairs, October 2017, www.belfercenter.org/LastingDefeat#6.
Stamos, then the chief security officer at Yahoo!: CNBC, “Yahoo Security Officer Confronts NSA Director,” YouTube video, 0:20, February 28, 2015, accessed April 10, 2018, www.youtube.com/watch?v=jJZNvEPyjlw.
“Facebook can’t stop monetizing our personal data”: Kevin Roose, “Can Social Media Be Saved?,” New York Times, March 29, 2018, www.nytimes.com/2018/03/28/technology/social-media-privacy.html.
Aftenposten called the company out: Espen Egil Hansen, “Dear Mark. I Am Writing This to Inform You That I Shall Not Comply with Your Requirement to Remove This Picture,” Aftenposten, September 8, 2016, www.aftenposten.no/meninger/kommentar/i/G892Q/Dear-Mark-I-am-writing-this-to-inform-you-that-I-shall-not-comply-with-your-requirement-to-remove-this-picture.
“Let’s say that somebody uploads an ISIS formal propaganda video”: Monika Bickert, interview by Steve Inskeep, “How Facebook Uses Technology to Block Terrorist-Related Content,” NPR Morning Edition, June 22, 2017, www.npr.org/sections/alltechconsidered/2017/06/22/533855547/how-facebook-uses-technology-to-block-terrorist-related-content.
Google, meanwhile, tried a different approach: The YouTube Team, “Bringing New Redirect Method Features to YouTube,” Official YouTube Blog, July 20, 2017, youtube.googleblog.com/2017/07/bringing-new-redirect-method-features.html.
“Personally I think the idea that fake news on Facebook”: Mark Zuckerberg, interview by David Kirkpatrick, “In Conversation with Mark Zuckerberg,” Techonomy, November 17, 2016, techonomy.com/conf/te16/videos-conversations-with-2/in-conversation-with-mark-zuckerberg/.
The president took him into a private room: Adam Entous, Elizabeth Dwoskin, and Craig Timberg, “Obama Tried to Give Zuckerberg a Wake-Up Call over Fake News on Facebook,” Washington Post, September 24, 2017, www.washingtonpost.com/business/economy/obama-tried-to-give-zuckerberg-a-wake-up-call-over-fake-news-on-facebook/2017/09/24/15d19b12-ddac-4ad5-ac6e-ef909e1c1284_story.html?
His study was delivered to the company’s leadership: Jen Weedon, William Nuland, and Alex Stamos, Information Operations and Facebook, Facebook, April 27, 2017, fbnewsroomus.files.wordpress.com/2017/04/facebook-and-information-operations-v1.pdf.
“ ‘I must say, I don’t think you get it’ ”: Brett Samuels, “Feinstein to Tech Execs: ‘I Don’t Think You Get It,’ ” The Hill, November 1, 2017, thehill.com/business-a-lobbying/358232-feinstein-to-tech-cos-i-dont-think-you-get-it.
“We have a responsibility”: Daniel Politi, “Facebook’s Zuckerberg Takes Out Full Page Ads to Say ‘Sorry’ for ‘Breach of Trust,’ ” Slate, March 25, 2018, slate.com/news-and-politics/2018/03/facebooks-zuckerberg-takes-out-full-page-ads-to-say-sorry-for-breach-of-trust.html.
those satellites was estimated to cost more than $94 billion: David E. Sanger and William Broad, “Tiny Satellites from Silicon Valley May Help Track North Korea Missiles,” New York Times, July 7, 2017, www.nytimes.com/2017/07/06/world/asia/pentagon-spy-satellites-north-korea-missiles.html.
the Chinese spend 1.7 billion hours a day on Tencent apps: Brad Stone and Lulu Yilun Chen, “Tencent Dominates in China. Next Challenge Is Rest of the World,” Bloomberg, June 28, 2017, www.bloomberg.com/news/features/2017-06-28/tencent-rules-china-the-problem-is-the-rest-of-the-world.
The DIUx report’s findings: Early copies of the report circulated broadly and eventually made their way onto the Internet. The Pentagon posted a version in March 2018, stripped of the authors recommendations, on the DIUx website: www.diux.mil/, and Michael Brown and Pavneet Singh, China’s Technology Transfer Strategy: How Chinese Investments in Emerging Technology Enable a Strategic Competitor to Access the Crown Jewels of U.S. Innovation, January 2018, www.DIUx.mil.
they did eighty-one deals in American artificial-intelligence companies: Ibid.
CHAPTER XII: LEFT OF LAUNCH
North Korea’s missiles started falling out of the sky: David E. Sanger and William J. Broad, “How U.S. Intelligence Agencies Underestimated North Korea,” New York Times, January 7, 2018, www.nytimes.com/2018/01/06/world/asia/north-korea-nuclear-missile-intelligence.html.
Kim Jong-un had ordered an investigation: David E. Sanger and William J. Broad, “Hand of U.S. Leaves North Korea’s Missile Program Shaken,” New York Times. April 19, 2017, www.nytimes.com/2017/04/18/world/asia/north-korea-missile-program-sabotage.html.
“It was a fiery, catastrophic attempt”: Foster Klug and Hyung-Jin Kim, “US: North Korean Missile Launch a ‘Catastrophic’ Failure,” April 16, 2016, apnews.com/67c278f79593454e868ff3f707606ef3/seoul-says-north-korean-missile-launch-apparently-fails.
“North Korea did not pose a threat to North America”: “Pentagon Spokesman Comments on North Korean Missile Launch,” US Northern Command, July 28, 2017, www.northcom.mil/Newsroom/Article/1456396/pentagon-spokesman-comments-on-north-korean-missile-launch/.
“We have never heard of him killing scientists”: Choe Sang-Hun, Motoko Rich, Natalie Reneau, and Audrey Carlsen, “Rocket Men: The Team Building North Korea’s Nuclear Missile,” New York Times, December 15, 2017, www.nytimes.com/interactive/2017/12/15/world/asia/north-korea-scientists-weapons.html.
Sixty years and more than $300 billion later: David E. Sanger and William J. Broad, “Trump Inherits a Secret Cyberwar Against North Korean Missiles,” New York Times, March 5, 2017, www.nytimes.com/2017/03/04/world/asia/north-korea-missile-program-sabotage.html.
roughly 50 percent: David E. Sanger and William J. Broad. “Downing North Korean Missiles Is Hard. So the U.S. Is Experimenting,” New York Times, November 17, 2017, www.nytimes.com/2017/11/16/us/politics/north-korea-missile-defense-cyber-drones.html.
Dempsey publicly announced a new “left of launch” effort: “Joint Integrated Air and Missile Defense: Vision 2020,” United States Joint Chiefs of Staff, December 5, 2013, www.jcs.mil/Portals/36/Documents/Publications/JointIAMDVision2020.pdf.
a tiny glimpse of the effort came from Oren J. Falkowitz: Nicole Perlroth, “The Chinese Hackers in the Back Office,” New York Times. June 12, 2016, www.nytimes.com/2016/06/12/technology/the-chinese-hackers-in-the-back-office.html.
a gathering of top antimissile experts: Center for Strategic and International Studies, “Full Spectrum Missile Defense,” December 4, 2015, www.csis.org/events/full-spectrum-missile-defense.
“left of launch” strikes as “game changing”: William J. Broad and David E. Sanger, “U.S. Strategy to Hobble North Korea Was Hidden in Plain Sight,” New York Times, March 4, 2017, www.nytimes.com/2017/03/04/world/asia/left-of-launch-missile-defense.html.
how the United States would justify: Ibid.
America was blowing its lead: The full transcript of the March 2016 interview is available at “Transcript: Donald Trump Expounds on His Foreign Policy Views,” New York Times, March 26, 2016, www.nytimes.com/2016/03/27/us/politics/donald-trump-transcript.html.
telling the government what we were preparing to publish: Later, others from agencies that specialized in offensive cyber operations got involved.
“the final stage in preparations”: Choe Sang-Hun, “Kim Jong-un Says North Korea Is Preparing to Test Long-Range Missile,” New York Times, January 2, 2017, www.nytimes.com/2017/01/01/world/asia/north-korea-intercontinental-ballistic-missile-test-kim-jong-un.html.
“It won’t happen”: Donald J. Trump, “North Korea Just Stated That It Is in the Final Stages of Developing a Nuclear Weapon Capable of Reaching Parts of the U.S. It Won’t Happen!” Twitter, January 2, 2017, twitter.com/realdonaldtrump/status/816057920223846400.
steal $1 billion from the Bangladesh Central Bank: David E. Sanger, David D. Kirkpatrick, and Nicole Perlroth, “The World Once Laughed at North Korean Cyberpower. No More.” New York Times, October 16, 2017, www.nytimes.com/2017/10/15/world/asia/north-korea-hacking-cyber-sony.html.
swept up 182 gigabytes of data: Choe Sang-Hun, “North Korean Hackers Stole U.S.-South Korean Military Plans, Lawmaker Says,” New York Times, October 11, 2017, www.nytimes.com/2017/10/10/world/asia/north-korea-hack-war-plans.html?
NSA had warned the company: Nicole Perlroth and David E. Sanger, “Hackers Hit Dozens of Countries Exploiting Stolen N.S.A. Tool,” New York Times, May 13, 2017, www.nytimes.com/2017/05/12/world/europe/uk-national-health-service-cyberattack.html.
Hutchins was later arrested in Las Vegas: Selena Larson, “WannaCry ‘Hero’ Arrested for Creating Other Malware,” CNNMoney, August 3, 2017, money.cnn.com/2017/08/03/technology/culture/malwaretech-arrested-las-vegas-trojan/index.html.
declare that Kim Jong-un’s government was responsible for WannaCry: “Press Briefing on the Attribution of the WannaCry Malware Attack to North Korea,” The White House, December 1
9, 2017, www.whitehouse.gov/briefings-statements/press-briefing-on-the-attribution-of-the-wannacry-malware-attack-to-north-korea-121917/.
Bossert was honest: Ibid.
among the worst hit: Charlie Osborne, “NotPetya Ransomware Forced Maersk to Reinstall 4000 Servers, 45000 PCs,” ZDNet, January 26, 2018, www.zdnet.com/article/maersk-forced-to-reinstall-4000-servers-45000-pcs-due-to-notpetya-attack/.
only one failed: Sanger and Broad, “How U.S. Intelligence Agencies Underestimated North Korea.”
$4 billion in emergency funds: Sanger and Broad, “Downing North Korean Missiles Is Hard.”
AFTERWORD
I keep on my desk: R. P. Hearne, Airships in Peace and War, London: John Lane, the Bodley Head, 2nd edition, 1910.
“Right now, if you look”: Stanford University address by Michael Rogers, November 3, 2014, www.nsa.gov/news-features/speeches-testimonies/speeches/stanford.shtml.
“we might not be so lucky”: The story is told in William J. Perry, My Journey to the Nuclear Brink (Redwood City, CA: Stanford University Press, 2015).
The approach Cyber Command described: Brad Smith, Archive and Maintain Cyberspace Superiority: Command Vision for US Cyber Command, https://assets.documentcloud.org/documents/4419681/Command-Vision-for-USCYBERCOM-23-Mar-18.pdf.
“Digital Geneva Convention”: Brad Smith, “The Need for a Digital Geneva Convention,” Microsoft on the Issues, March 9, 2017, blogs.microsoft.com/on-the-issues/2017/02/14/need-digital-geneva-convention/.
What’s next on
your reading list?
Discover your next
great read!
* * *