FacebookTwitterRedditEmail

Did the US Accidentally Give the World’s Most Powerful Cyberweapon to Terrorists?

Next time Brian Williams or his carefully-coiffed successor assigns blame to some foreign actor for a cyberoutrage, I expect the “Cyber Threats Intelligence Integration Center” to figure prominently in the coverage.

According to AP (actually, according to AP’s Ken Dilanian, the notoriously obliging amanuensis  to the US security establishment ):

White House cybersecurity coordinator Michael Daniel has concluded that cyberintelligence at the moment is bedeviled by the same shortcomings that afflicted terrorism intelligence before 9/11 — bureaucracy, competing interests, and no streamlined way to combine analysis from various agencies, the official said.

The hack on Sony’s movie subsidiary, for example, resulted in a variety of different analytical papers from various agencies. Each one pointed to North Korea, but with varying degrees of confidence.

Unlike the National Counter Terrorism Center, which gets most of its information from intelligence agencies, the new cyberagency may rely to a much larger extent on private companies, which are regularly seeing and gathering cyberintelligence as they are hit with attempts by hackers to break into their networks.

Gathering threat signatures, and profiling hacker groups, has become a key component of collecting cyberintelligence — a discipline practiced both by government agencies and private firms.

Hmmm.

On the issue of prevention, I am rather skeptical of the “we will gather all the hay in the world in one gigantic stack and sift through it in real time to find the needle” assumption, though I remain optimistic that it will fund tuition payments for intel bureaucrats and contractors for many years into the future.

And, unless hackers are hopelessly stupid, I wonder if the vaunted private sector input—“gathering threat signatures, and profiling hacker groups” will, instead of identifying gormless hackers, simply assemble a larger pile of bullsh*t innuendo to be mined when a forensically weak case needs some additional fragrance.

On the other hand, I believe that the CTIIC (or “Stick” ™ as I hope they are already calling it) will perform yeoman service on the key matter of promptly and effectively documenting and evangelizing the US government’s case in the attribution of cyberattacks that have already occurred.

As I argued in various venues recently with reference to the Sony hack, for purposes of semiotics (clear messaging, positioning, blame avoidance, and signaling of US government intentions) if not forensics (proving whodunit), painting a convincing, action-worthy cyberbullseye on the back of some foreign enemy is a major challenge for governments these days.

When some high-profile outrage like Sony occurs, the US government has to make a prompt show of control, capability, and resolve.  Letting a bunch of data nerds chew over the data for a few weeks and spit up an equivocal conclusion like “It looks like the same guys who did this did that, and maybe the guys who did that were…” doesn’t quite fill the bill.

Which is pretty much what happened on Sony.  Various private sector and government actors all stuck their oar in, contradictory opinions emerged, messaging was all over the map.

“Stick” ™ fixes that.  By establishing a central clearing house for relevant information, the US government is on the right side of the information symmetry equation.  “You say you think this, but you don’t know this, this, and this, or the stuff we can’t tell you because it’s classified above your clearance.”

And even if the real takeaway from the investigatory process still is “It looks like the same guys who did this did that, and maybe the guys who did that were…” it comes out as “The Cyber Threats Intelligence Integration Center has attributed this cyberattack to North Korea with a high degree of confidence.  By Executive Order, the President has already commanded CyberCommand to make a proportional response.”

You get the picture.

So I expect jobs one and two and three for CTIIC will be to generate persuasive dossiers for backgrounding, leaking, whatever on the PRC, North Korea, and the Russian Federation, to be deployed when some mysterious alchemy of evidence, circumstance, and strategy dictate that one of them has to get tagged as The Bad Guy for some cyberoutrage.

Especially if the cyberoutrage has the American government’s own fingerprints all over it—which is apparently not a remote contingency.

A document from the Snowden trove reveals that the NSA  posited that the high-profile Shamoon attack on Aramco in August 2012, which was attributed to Iran, was retaliation for the “Wiper” virus unleashed on the Iranian oil industry a few months before.  Wiper, according to Kaspersky, bore a distinct resemblance to acknowledged US/Israeli jointly-developed anti-Iran malware like Stuxnet.

Just as a reminder, in a speech to business bigwigs, the CIA Director at the time, Leon Panetta, characterized Shamoon as an unprovoked attack–indeed a “Cyber Pearl Harbor”–against a private corporation, apparently in an effort to persuade corporations they had a lot of skin in the national cybersecurity game.

The inference that Shamoon was plausibly 1) retaliation for US/Israeli dirty tricks and 2) using US/Israel’s own dirty trickbag, casts an interesting sidelight on Panetta’s remarks.  Maybe the true significance of his speech was that the US government now realized US interests were vulnerable to effective cyber-retaliation, and it was time to play the “foreign menace” card in order to inoculate the US security establishment against rather well-founded suspicions that its own cyber-shenanigans might result in heightened threats and gigantic costs for US corporations that otherwise might not have a dog in the global cyberfight.  You know, like Sony.

But there was more to the story than PO’d Iranians fighting back.  The rapid Iranian counterattack had itself incorporated elements of the Wiper software.

The NSA document from April 2013, published today by The Intercept, shows the US intelligence community is worried that Iran has learned from attacks like Stuxnet, Flame and Duqu—all of which were created by the same teams—in order to improve its own capabilities.

Wiper was the first known data destruction attack of its kind. Although the NSA document doesn’t credit the US and its allies for launching the attack, Kaspersky researchers found that it shared some circumstantial hallmarks of the Duqu and Stuxnet attacks, suggesting that Wiper might have been created and unleashed on Iran by the US or Israel.

And there’s more.  Lots more.

Wiper is also believed to have inspired a destructive attack that struck computers belonging to banks and media companies in South Korea in March 2013. That attack wiped the hard drives and Master Boot Record of at least three banks and two media companies simultaneously and reportedly put some ATMs out of operation, preventing South Koreans from withdrawing cash from them. The report does not suggest that Iran was behind this attack.

Wiper is also widely believed to have been inspiration for the recent hack of Sony Pictures Entertainment. Again, in the latter attack, the hackers wiped data from Sony systems and overwrote parts of the Master Boot Record, preventing systems from rebooting.

In other words, the Sony hack: Made in America!

Unsurprisingly, the theme of the NSA document was anxiety that America’s enemies were turning its own weapons against it.  The immediate focus was Iran, but the NSA could and should be more anxious that it unwittingly augmented China’s cyber arsenal.

I find it likely that Iran invited the PRC to have a look at Stuxnet and Wiper and maybe even exchanged some ideas with Iran’s hackers.

But maybe the PRC didn’t even need to visit Tehran.  One of the embarrassing secrets of Stuxnet, marketed to the public as a zero-collateral-damage super precision cyberweapon targeting Iran’s airgapped computer network at its nasty uranium centrifuge facility, was more cyber-Ebola, escaping into the cybersphere and infecting about 100,000 hosts.

Looking at the NSA memo and the Sony hack, it is pretty plausible that the U.S. state of the art malware capabilities are not just in the hands of Iran and, maybe the PRC and North Korea.  So perhaps the underlying and unspoken NSA anxiety is that the Stuxnet/Wiper suite of nasties is not only held by state actors, albeit antagonistic ones, with whom the United States can engage.

Maybe the NSA (or Israel, which may have mischievously released Stuxnet just to bedevil anybody else who was controlling banks of uranium centrifuges with Siemens PLCs) also committed the cyber equivalent of proliferating WMDs to terrorists: putting the world’s most powerful cyberweapon in the hands of the black-hat hacking community.

No wonder the US needs CTIIC.  Gotta control that story, channel outrage against the necessary enemy, and short-circuit those embarrassing blowback accusations.

In other words, Talk Loudly and Carry a Big CTIIC.

Peter Lee edits China Matters and writes about Asia for CounterPunch.

More articles by:

Peter Lee edits China Matters and writes about Asia for CounterPunch.  

bernie-the-sandernistas-cover-344x550

June 19, 2019
Matthew Stevenson
Requiem for a Lightweight: the Mayor Pete Factor
Kenneth Surin
In China Again
Stephen Cooper
Abolishing the Death Penalty Requires Morality
George Ochenski
The DNC Can’t Be Allowed to Ignore the Climate Crisis
John W. Whitehead
The Omnipresent Surveillance State
William Camacaro - Frederick B. Mills
Guaidó’s Star Fades as His Envoys to Colombia Allegedly Commit Fraud With Humanitarian Funds for Venezuela
Dave Lindorff
What About Venezuela’s Hacked Power Grid?
Howard Lisnoff
Try Not to Look Away
Binoy Kampmark
Matters of Water: Dubious Approvals and the Adani Carmichael Mine
Karl Grossman
The Battle to Stop the Shoreham Nuclear Plant, Revisited
Kani Xulam
Farting in a Turkish Mosque
Dean Baker
New Manufacturing Jobs are Not Union Jobs
Elizabeth Keyes
“I Can’t Believe Alcohol Is Stronger Than Love”
June 18, 2019
John McMurtry
Koch-Oil Big Lies and Ecocide Writ Large in Canada
Robert Fisk
Trump’s Evidence About Iran is “Dodgy” at Best
Yoav Litvin
Catch 2020 – Trump’s Authoritarian Endgame
Thomas Knapp
Opposition Research: It’s Not Trump’s Fault That Politics is a “Dirty” Game
Medea Benjamin - Nicolas J. S. Davies
U.S. Sanctions: Economic Sabotage that is Deadly, Illegal and Ineffective
Gary Leupp
Marx and Walking Zen
Thomas Hon Wing Polin
Color Revolution In Hong Kong: USA Vs. China
Howard Lisnoff
The False Prophets Cometh
Michael T. Klare
Bolton Wants to Fight Iran, But the Pentagon Has Its Sights on China
Steve Early
The Global Movement Against Gentrification
Dean Baker
The Wall Street Journal Doesn’t Like Rent Control
Tom Engelhardt
If Trump’s the Symptom, Then What’s the Disease?
June 17, 2019
Patrick Cockburn
The Dark Side of Brexit: Britain’s Ethnic Minorities Are Facing More and More Violence
Linn Washington Jr.
Remember the Vincennes? The US’s Long History of Provoking Iran
Geoff Dutton
Where the Wild Things Were: Abbey’s Road Revisited
Nick Licata
Did a Coverup of Who Caused Flint Michigan’s Contaminated Water Continue During Its Investigation? 
Binoy Kampmark
Julian Assange and the Scales of Justice: Exceptions, Extraditions and Politics
John Feffer
Democracy Faces a Global Crisis
Louisa Willcox
Revamping Grizzly Bear Recovery
Stephen Cooper
“Wheel! Of! Fortune!” (A Vegas Story)
Daniel Warner
Let Us Laugh Together, On Principle
Brian Cloughley
Trump Washington Detests the Belt and Road Initiative
Weekend Edition
June 14, 2019
Friday - Sunday
Michael Hudson
Trump’s Trade Threats are Really Cold War 2.0
Bruce E. Levine
Tom Paine, Christianity, and Modern Psychiatry
Jason Hirthler
Mainstream 101: Supporting Imperialism, Suppressing Socialism
T.J. Coles
How Much Do Humans Pollute? A Breakdown of Industrial, Vehicular and Household C02 Emissions
Andrew Levine
Whither The Trump Paradox?
Jeffrey St. Clair
Roaming Charges: In the Land of 10,000 Talkers, All With Broken Tongues
Pete Dolack
Look to U.S. Executive Suites, Not Beijing, For Why Production is Moved
Paul Street
It Can’t Happen Here: From Buzz Windrip and Doremus Jessup to Donald Trump and MSNBC
Rob Urie
Capitalism Versus Democracy
Richard Moser
The Climate Counter-Offensive: Secrecy, Deception and Disarming the Green New Deal
FacebookTwitterRedditEmail