@War: The Rise of the Military-Internet Complex (40 page)

Read @War: The Rise of the Military-Internet Complex Online

Authors: Shane Harris

Tags: #Computers, #Non-Fiction, #Military, #History

BOOK: @War: The Rise of the Military-Internet Complex
7.35Mb size Format: txt, pdf, ePub

[>]
A security research firm soon:
Kim Zetter, “Google Hackers Targeted Source Code of More Than 30 Companies,” Threat Level,
Wired
, January 13, 2010,
http://www.wired.com/threatlevel/2010/01/google-hack-attack/
.

[>]
“The scope of this”:
Kim Zetter, “Report Details Hacks Targeting Google, Others,” Threat Level,
Wired
, February 3, 2010,
http://www.wired.com/threatlevel/2010/02/apt-hacks/
.

[>]
“They indoctrinate someone”:
Author interview, August 2013.

[>]
“We scare the bejeezus”:
Tom Gjelten, “Cyber Briefings ‘Scare the Bejeezus' Out of CEOs,” NPR, May 9, 2012,
http://www.npr.org/2012/05/09/152296621/cyber-briefings-scare-the-bejeezus-out-of-ceos
.

[>]
Several classified programs allow:
Author interviews with current and former intelligence officials and security experts. See also Riley, “US Agencies Said to Swap Data.”

[>]
Microsoft, for instance:
Ibid. Glenn Greenwald et al., “Microsoft Handed the NSA Access to Encrypted Messages,”
Guardian
, July 11, 2013,
http://www.theguardian.com/world/2013/jul/11/microsoft-nsa-collaboration-user-data

[>]
Cisco, one of the world's:
Author interview.

[>]
And
McAfee:
See Riley, “US Agencies Said to Swap.”

[>]
In 2010 a researcher at IBM:
Andy Greenberg, “Cisco's Backdoor for Hackers,”
Forbes
, February 3, 2010,
http://www.forbes.com/2010/02/03/hackers-networking-equipment-technology-security-cisco.html?partner=relatedstoriesbox
.

[>]
The Homeland Security Department also conducts:
The list of meetings and their agenda can be found at
http://www.dhs.gov/cross-sector-working-groups
.

[>]
After the terrorist attacks, the NSA:
See the case documents for
USA v. Nacchio
, in particular “Exhibit 1 to Mr. Nacchio's Reply to SEC. 5 Submission,” which contains FBI Form 302 Regarding November 14, 2005, Interview of James F. X. Payne, a former Qwest executive. See also Shane Harris,
The Watchers: The Rise of America's Surveillance State
(New York: Penguin Press, 2010), p. 16, which describes in further detail the interactions between Qwest and the NSA.

[>]
To obtain the information:
See the Homeland Security Department's list of critical infrastructure sectors,
http://www.dhs.gov/critical-infrastructure-sectors
.

[>]
In a speech in 2013:
Major General John Davis, Speech to the Armed Forces Communications and Electronics Association (AFCEA) International Cyber Symposium, Baltimore Convention Center, June 25, 2013,
http://www.dvidshub.net/video/294716/mg-davis-afcea#.UpSILmQ6Ve6#ixzz2lkc87oRy
.

 

12. Spring Awakening

 

[>]
 
In March of that year:
Author interviews with current and former US officials and security experts, including a spokesperson for the Homeland Security Department, May 2012. A subsequent interview was conducted in October 2013 with a former senior FBI official who worked on the case. The intrusions against natural gas companies were first reported in Mark Clayton, “Alert: Major Cyber Attack Aimed at Natural Gas Pipeline Companies,”
Christian Science Monitor
, May 5, 2012,
http://www.csmonitor.com/USA/2012/0505/Alert-Major-cyber-attack-aimed-at-natural-gas-pipeline-companies
.

[>]
But at the height of the Cold War:
See Thomas Reed,
At the Abyss: An Insider's History of the Cold War
(New York: Presidio Press, 2004).

[>]
The alerts from companies:
Author interview, October 2013.

[>]
They shared “mitigation strategies”:
Author interview with Homeland Security Department official, May 2012.

[>]
That summer
,
Homeland Security: Information Sharing Environment 2013 Annual Report to the Congress
,
http://www.ise.gov/annual-report/section1.html#section-4
.

[>]
Homeland Security, the FBI, the Energy Department:
Department of Homeland Security Industrial Control Systems Cyber Emergency Response Team,
Monthly Monitor
(ICS—MM201310), July–September 2013, released October 31, 2013,
http://ics-cert.us-cert.gov/sites/default/files/Monitors/NCCIC_ICS-CERT_Monitor_Jul-Sep2013.pdf
.

[>]
Shell, Schlumberger, and other:
Zain Shauk, “Phishing Still Hooks Energy Workers,”
FuelFix
, December 22, 2013,
http://fuelfix.com/blog/2013/12/22/phishing-still-hooks-energy-workers/
.

[>]
In a rare public appearance:
Berlin spoke at a cyber security conference at the Newsuem in Washington, DC, on May 22, 2013.

[>]
A few months after the intrusions:
Brian Krebs, “Chinese Hackers Blamed for Intrusion at Energy industry Giant Telvent,”
KrebsonSecurity
, September 26, 2012,
http://krebsonsecurity.com/2012/09/chinese-hackers-blamed-for-intrusion-at-energy-industry-giant-telvent/
.

[>]
But the country also needs:
World Bank, “GDP Growth,”
http://data.worldbank.org/indicator/NY.GDP.MKTP.KD.ZG

[>]
China is the world's second-largest:
US Energy Information Administration,
http://www.eia.gov/countries/country-data.cfm?fips=CH
.

[>]
At least one US energy company:
Michael Riley and Dune Lawrence, “Hackers Linked to China's Army Seen from E.U. to D.C.,” Bloomberg.com, July 26, 2012,
http://www.bloomberg.com/news/2012-07-26/china-hackers-hit-eu-point-man-and-d-c-with-byzantine-candor.html
.

[>]
And the country has pursued legitimate paths:
Ryan Dezember and James T. Areddy, “China Foothold in US Energy,”
Wall Street Journal
, March 6, 2012,
http://online.wsj.com/news/articles/SB10001424052970204883304577223083067806776
.

[>]
By one estimate, the flow:
Nicole Perlroth and Quentin Hardy, “Bank Hacking Was the Work of Iranians, Officials Say,”
New York Times
, January 8, 2013,
http://www.nytimes.com/2013/01/09/technology/online-banking-attacks-were-work-of-iran-us-officials-say.html?pagewanted=all&_r=3&
.

[>]
The banks' Internet service providers:
Author interview with Mark Weatherford, August 2013.

[>]
“For the first two or three weeks”:
Ibid.

[>]
Reportedly, the Iranian regime:
Yaakov Katz, “Iran Embarks on $1b. Cyber-Warfare Program,”
Jerusalem Post
, December 18, 2011,
http://www.jpost.com/Defense/Iran-embarks-on-1b-cyber-warfare-program
.

[>]
A group of financial executives:
Author interview with senior financial services executive who participated in the meeting, November 2013.

 

13. The Business of Defense

 

[>]
It occurred to Hutchins:
Author interview with Eric Hutchins, January 2014.

[>]
Using the kill chain model, Lockheed:
Author interview with Charlie Croom, January 2014.

[>]
“Within a couple of years”:
Author interview with former military intelligence officer, July 2013.

[>]
A security expert with close ties:
Author interview with cyber security expert, December 2013.

[>]
“We've already got”:
Author interview with Mark Weatherford, August 2013.

[>]
On February 18, 2013:
Mandiant,
APT1: Exposing One of China's Cyber Espionage Units
,
http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf
.

[>]
Less than a month later:
Donilon's full speech, before the Asia Society on March 11, 2013, can be seen at
http://asiasociety.org/video/policy/national-security-advisor-thomas-donilon-complete
.

[>]
“We decided it was”:
Author interview with Dan McWhorter, February 2013.

[>]
Mandiant's forensic analysts:
Nicole Perlroth, “Hackers in China Attacked the Times for Last 4 Months,”
New York Times
, January 30, 2013,
http://www.nytimes.com/2013/01/31/technology/chinese-hackers-infiltrate-new-york-times-computers.html?pagewanted=all&_r=0
.

[>]
Reportedly
,
more than a third:
Hannah Kuchler and Richard Waters, “Cyber Security Deal Highlights Threats from Spying,”
Financial Times
, January 3, 2014,
http://www.ft.com/intl/cms/s/0/e69ebfdc-73d0-11e3-beeb-00144feabdc0.html?siteedition=intl#axzz2pM7S3G9e
.

[>]
“A lot of companies, organizations”:
Ibid.

[>]
While working as an NSA contractor:
Author interviews with school officials and individuals familiar with the details of Snowden's trip, January 2014.

[>]
They came back with a three-hundred-plus-page report:
President's Review Group on Intelligence and Communications Technologies,
Liberty and Security in a Changing World
, December 12, 2013,
http://www.whitehouse.gov/sites/default/files/docs/2013-12-12_rg_final_report.pdf
.

[>]
In September 2013 a senior air force:
John Reed, “The Air Force Still Has No Idea How Vulnerable It Is to Cyber Attack,”
Foreign Policy
, September 20, 2013,
http://killerapps.foreignpolicy.com/posts/2013/09/20/the_air_force_still_has_no_idea_how_vulnerable_it_is_to_cyber_attack
.

[>]
And this more than four years:
Siobhan Gorman, August Cole, and Yochi Dreazen, “Computer Spies Breach Fighter-Jet Project,”
Wall Street Journal
, April 21, 2009,
http://online.wsj.com/article/SB124027491029837401.html
.

[>]
A month after the air force's admission:
Aliya Sternstein, “IG: Government Has No Digital Cyber Warning System,” Nextgov, November 5, 2013,
http://www.nextgov.com/cybersecurity/2013/11/ig-government-has-no-digital-cyber-warning-system/73199/
.

[>]
Earlier in the year a pair:
Nicole Perlroth, “Electrical Grid Is Called Vulnerable to Power Shutdown,” Bits,
New York Times
, October 18, 2013,
http://bits.blogs.nytimes.com/2013/10/18/electrical-grid-called-vulnerable-to-power-shutdown/
.

[>]
“There isn't a computer system”:
McConnell spoke at a cyber security conference sponsored by Bloomberg in Washington, DC, October 30, 2013.

[>]
Investigators concluded that the hackers:
Brian Krebs, “Target Hackers Broke in Via HVAC Company,”
KrebsonSecurity
, February 5, 2014,
http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/
.

[>]
In February 2014 a Senate committee report:
Craig Timberg and Lisa Rein, “Senate Cybersecurity Report Finds Agencies Often Fail to Take Basic Preventative Measures,”
Washington Post
, February 4, 2013,
http://www.washingtonpost.com/business/technology/senate-cybersecurity-report-finds-agencies-often-fail-to-take-basic-preventive-measures/2014/02/03/493390c2-8ab6-11e3-833c-33098f9e5267_story.html
.

[>]
At a security conference in Washington, DC:
Alexander spoke in Washington, DC, at the Newsuem on October 8, 2013,
http://www.youtube.com/watch?v=7huYYic_Yis
.

 

14. At the Dawn

 

[>]
A senior administration official:
Author interview with senior administration official, January 2014.

[>]
The timing of Obama's speech:
Olivier Knox, “Obama NSA Speech on Anniversary of Eisenhower Warning,” Yahoo News, January 16, 2014,
http://news.yahoo.com/obama-nsa-speech-on-anniversary-of-eisenhower-warning-025532326.html
. White House aides told Knox that the timing was a coincidence.

[>]
In December 2013, Ernest Moniz:
“Moniz Cyber Warning,”
EnergyBiz
, January 5, 2014,
http://www.energybiz.com/article/14/01/moniz-cyber-warning
.

[>]
The government is well aware:
General Keith Alexander disclosed the number during a speech at Georgetown University on March 4, 2014.

[>]
“At the end of the day”:
Press briefing by senior administration officials, February 12, 2014.

[>]
Once those liability protections are in place, the government:
For a thorough examination of how Internet service providers may be tapped to better secure cyberspace, see Noah Shachtman, “Pirates of the ISPs: Tactics for Turning Online Crooks into International Pariahs,” Brookings Institution, July 2011,
http://www.brookings.edu/~/media/research/files/papers/2011/7/25%20cybersecurity%20shachtman/0725_cybersecurity_shachtman.pdf
.

[>]
Some observers have likened:
Ibid. See also Jordan Chandler Hirsch and Sam Adelsberg, “An Elizabethan Cyberwar,”
New York Times
, May 31, 2013,
http://www.nytimes.com/2013/06/01/opinion/an-elizabethan-cyberwar.html
.

[>]
But unlike other clouds:
Brandon Butler, “Amazon Hints at Details on Its CIA Franken-cloud,”
Network World
, November 14, 2013,
http://www.networkworld.com/news/2013/111413-amazon-franken-cloud-275960.html
.

Other books

Brazen by Katherine Longshore
The Raw Shark Texts by Steven Hall
This Time by Kristin Leigh
Ransom Redeemed by Jayne Fresina
Fall From Grace by Hogan, Kelly
The Gods Of Mars by Burroughs, Edgar Rice
Thief by Annie Reed
Mother of Prevention by Lori Copeland
Sway by Zachary Lazar
Hour of the Olympics by Mary Pope Osborne