How the US may already be losing the cyberwar

richard clarkeIn a sobering interview with Smithsonian Magazine recently, Richard “Dick” Clarke — the former head of US counterterrorism under three Presidents — spoke candidly about the weakness of America’s cyber-warfare defenses. A chief counterterrorism official under George H.W. Bush, Clinton, and George W. Bush, Clarke became notorious for his often-scathing criticism of the Bush administration’s attitude toward counterterrorism before and after 9/11, famously stating in his testimony to the 9/11 Commission that “your government failed you.”

Clarke now runs a cybersecurity consulting firm in Arlington, VA, and recently published a book, called Cyber War, in which he sounds a new alarm: Cyberterrorism, the kind that makes the film “The Net” seem quaint, is the most persistent threat facing America today. Even more startling though, according to Clarke, is that we may have already lost the war — we just don’t know it yet.

Stuxnet

The narrative begins with Stuxnet, a mysterious and brilliantly coded computer virus that was released sometime in 2010 and targeted Iran’s Natanz nuclear fuel enrichment facility. By infecting microcomputers — the small boxes about the size of a deck of cards that run industrial equipment such as turbines and centrifuges — the virus was almost undetectable until it found what it was looking for. Then it wreaked havoc. As Clarke tells Smithsonian:

“What does this incredible Stuxnet thing do? As soon as it gets into the network and wakes up, it verifies it’s in the right network by saying, ‘Am I in a network that’s running a SCADA [Supervisory Control and Data Acquisition] software control system?’ ‘Yes.’ Second question: ‘Is it running Siemens [the German manufacturer of the Iranian plant controls]?’ ‘Yes.’ Third question: ‘Is it running Siemens 7 [a genre of software control package]?’ ‘Yes.’ Fourth question: ‘Is this software contacting an electrical motor made by one of two companies?’”

Once those criteria were met, the virus dropped its payload, issuing commands to the enrichment facility’s centrifuges, the high-speed rotors tasked with rapidly spinning uranium to separate the scarcer bomb-grade uranium-235 from the more abundant U-238. By subtly desynchronizing this process, the virus caused almost a thousand centrifuges to spin out of control, disabling or destroying them, according to Smithsonian. All in all, the attack is said to have set back Iran’s nuclear program by months, at least — a likely success in the eyes of its creators. Although other viruses have been known to infect industrial-control equipment before, Stuxnet had the unique ability to assume control — a new front in cyberwarfare.

Mysterious origins

Most cybersecurity professionals believe the Stuxnet virus — technically a “worm” — to be the brainchild of Western governments, and the prime suspects are Israel and the US, although no one has yet come forth to claim ownership. By simultaneously exploiting four previously unknown security flaws in Microsoft Windows (a virtually unprecedented accomplishment), the virus is estimated to have taken a team of experts six months to a year to complete. As the anti-virus expert Eugene Kaspersky, co-founder of Kaspersky Lab, told Vanity Fair, the sophistication of the virus may have even involved help from Microsoft itself — perhaps working in tandem with the US government. “We are coming to the very dangerous zone,” Kaspersky is quoted as saying. “The next step, if we are speaking in this way, if we are discussing this in this way, the next step is that there was a call from Washington to Seattle to help with the source code.”

IranUranium

Origins not withstanding, the West has hardly been shy about accusing Iran of harboring ambitions to build a nuclear weapon, and seeing its uranium centrifuges disabled even temporarily was surely celebrated by security experts here. But as the Greek myth of Pandora’s Box teaches us, some things cannot be undone. Stuxnet got loose in the process, spreading as far as Europe and Asia, partly due to its nature — it was supposedly released in Iran but by definition is meant to spread to where it is most effective — and partly due to a glaring mistake, according to Clarke.

“If you saw Blade Runner,” said Clarke, the androids had a “‘Time to Live.’ Do the job, commit suicide and disappear. No more damage, collateral or otherwise.”

Failure by design

What Clarke is saying is that Stuxnet may have had a built-in self-destruct feature, precisely to limit its spread. Just as top-secret fighter planes and stealth helicopters are destroyed if downed behind enemy lines, the cyberweapons of the future include the same safeguards. But by Clarke’s account, there was a catch:

“TTL [Time To Live] operates off of a date on your computer. Well, if you are in China or Iran or someplace where you’re running bootleg software that you haven’t paid for, your date on your computer might be 1998 or something because otherwise the bootleg 30-day trial TTL software would expire.”

It’s hard to conceive of the most advanced virus ever made being outsmarted by the same ruse a small business in Duluth, Minnesota uses to get around a 30-day trial of Microsoft Office, but if Clarke is to be believed, that is a distinct possibility. Stuxnet is virtually impotent outside an Iranian nuclear enrichment facility, but letting the virus roam free would be akin to giving away valuable military secrets. A clever programmer could reverse-engineer the code in any number of ways. And that is what keeps Clarke up at night. Smithsonian calls it a “modern technological nightmare, casting the United States as Dr. Frankenstein, whose scientific genius has created millions of potential monsters all over the world.”

Although this truly is the stuff of nightmares — a virus released covertly into US infrastructure systems capable of bringing down power grids — we should at the very least question Clarke’s motives. He runs a cybersecurity company and has been disparaged publicly by the Bush administration, under which he served. He has much to gain financially from increased sensitivity to cyberterrorism, or he may simply have an axe to grind. But then there is the possibility that he might be right . He’s a renowned counterterrorism expert with an MIT education who has been privy to more in his lifetime than most.

The truth is probably somewhere in between both extremes. What is certain, however, is that Stuxnet is a glimpse of the future, one for which the US and others should be prepared.

Image Credit: The Daily Beast

Emerging Tech

Awesome Tech You Can’t Buy Yet: Folding canoes and ultra-fast water filters

Check out our roundup of the best new crowdfunding projects and product announcements that hit the web this week. You may not be able to buy this stuff yet, but it sure is fun to gawk!
Movies & TV

The best shows on Netflix, from 'Haunting of Hill House’ to ‘Twilight Zone’

Looking for a new show to binge? Lucky for you, we've curated a list of the best shows on Netflix, whether you're a fan of outlandish anime, dramatic period pieces, or shows that leave you questioning what lies beyond.
Product Review

It's not the sharpest tool, but the Surface Go does it all for $400

Microsoft has launched the $400 Surface Go to take on both the iPad and Chromebooks, all without compromising its core focus on productivity. Does it work as both a tablet and a PC?
Deals

These Raspberry Pi 3 bundles will cover everyone, from coders to gamers

The Raspberry Pi 3 is a low-budget computing platform capable of doing just about anything. We rounded up a handful of the best Raspberry Pi 3 bundles to get you started on a variety of DIY projects.
Computing

5 reasons your Macbook keeps restarting and how to fix the issue

It can be frustrating when your Apple MacBook keeps restarting, but this serious problem can be fixed! We'll go over the common causes for this issue, what you can do to fix them, and why it's okay to take your Mac to a pro!
Product Review

How does the sleek MateBook X Pro hold up to the modern day competition?

Huawei impressed us with the MateBook X, a solid competitor to the 12-inch MacBook that beat Apple at its own game. Now, Huawei is taking a shot at premium 14-inchers with the MateBook X Pro, but it’s not without oddities – like a…
Computing

I tried an LTE laptop for a month, and I wasn’t really convinced

LTE laptops offer up plenty of benefits and are becoming more common. After spending one month with one in my daily life in New York City, I really wondered if it is something that consumers really need in their lives.
Product Review

Why spend more? The Yoga Chromebook outdoes most laptops for $600

The Yoga Chromebook features great build quality, a 1080p display, and all-day battery life. All that for $540? That’s right, but there’s one catch.
Product Review

The iPad Pro is the best tablet ever. But don't sell your laptop just yet

Apple has unveiled a big redesign for the iPad Pro, slimming down the bezels, adding Face ID, and the ability to attach and charge the Apple Pencil. All of this comes at a high cost however, as the iPad Pro starts at $799.
Computing

3DMark’s Port Royal lets you benchmark ray tracing on Nvidia’s RTX cards

UL is adding another benchmarking utility to its popular 3DMark suite to help gamers measure their graphics card's ray tracing performance. You'll soon be able to measure how Nvidia's RTX 2070, 2080, and 2080 Ti stack up.
Computing

Snatch Apple’s 2017 15-inch MacBook Pro for up to $1,200 off at B&H

The latest deal at B&H is offering up 2017 15-inch Apple MacBook Pros, in space gray and silver, with Intel Core i7 quad-core CPUs, 16GB of RAM, and AMD Radeon Pro 560 GPUs with up to 2TB of SSD storage.
Deals

Check out the best Green Monday deals for those last-minute gifts

Black Friday and Cyber Monday have come and gone, but that doesn't mean you've missed your chance of finding a great deal. We're talking about Green Monday, of course, and it falls on December 10.
Computing

Microsoft’s Chromium Edge browser may be adding your Chrome extensions

Fans sticking to Google Chrome because due to its vast extension library might be able to switch over to Microsoft's latest iteration of Edge, as a project manager confirms that the company has its eyes on Chrome extensions.
Gaming

Apple Mac users should take a bite out of these awesome games

Contrary to popular belief, there exists a bevy of popular A-list games compatible for Mac computers. Take a look at our picks for the best Mac games available for Apple fans.