Michael Joseph Gross raises some fascinating, and disturbing, questions in “Silent War,” in the July issue of Vanity Fair.
Apparently drawing on extensive contacts in the rarified world of extremely talented hackers, and finding some corroboration from government and ex-government types, Gross recounts a consumer attack on ARAMCO that did a full wipe of the hard drives on 30,000 company PCs.
“For good measure, as a kind of calling card, the hackers lit up the screen of each machine they wiped with a single image, of an American flag on fire.” A hacker told Gross the attack wasn’t sophisticated, but it was effective — it overwrote the memory on each computer five or six times.
At least U.S. officials think Iran is attacking American interests in retaliation for the cyberattacks the U.S., Israel and perhaps other Western countries are waging against Iran’s nuclear program — in particular the Stuxnet attack. Gross cites David E. Sanger of the New York Times for his reporting on Stuxnet and his book, “Confront and Conceal,” which has prompted one of the Obama administration’s FBI probes into leaks.
Gross said that Wes Brown, a skilled hacker, announced Mosquito, a program that could lodge on a computer, steal information and be updated or switched out by remote control at a hacker conference a few years ago. Two years after the hacker conference where he described the concept, a program called Flame with similar properties began infecting computers in the Middle East. Another program, called Duqu began collecting information about the computer systems controlling industrial machinery, mostly in Iran and Sudan.
Gross details a string of successful attacks against American allies in the Middle East
and includes speculation on the roles Russia, Iran, and Hezbollah might be playing in them.
Last September a new round of cyberattacks was launched against U.S. banks including Bank of America followed by a string of firms including JPMorgan Chase , Citi, Wells Fargo , U.S. Bancorp, PNC, HSBC and BB&T . Gross quoted PNC CEO James Roher “We had the longest attack of all banks” and added “cyber attacks are very real, living things and if we think we are safe that way, we’re just kidding ourselves.” It was the last time any bank executive spoke in public about cyber attacks.
The hackers are skillful at moving around defenses that banks erect, adapting to the shields and continuing their attacks, and so far they appear to be to show how vulnerable the U.S. is, not to steal money or information.
One bank has spent $10 million to fix its problems and, writes Gross, bankers view this as a cost they incur because of the U.S. government. Last year, before the attacks began, the hackers who go by the name Qassam Cyber Fighters, said that the U.S. had driven Iran’s currency nearly to the point of collapse by telling lies about Iran.
The stakes are high; an AP Twitter hack in April that two explosions in the White House had injured President Obama knocked $136 billion off the Dow Jones Industrial Average for several minutes.
As Wes Brown pointed out to Gross, you don’t have to be a nation state to do this. “You just have to be really smart.”
The U.S. is playing offense at the same time. Gross said that the government is developing or acquiring bugs or openings in American products from Apple AAPL +0.8%, Google and Microsoft so it has access to information on their networks and programs. President Barack Obama on Friday had to tell Americans that the National Security Agency (NSA) isn’t listening to all their phone calls or reading all their emails, although it probably has the ability to use its metadata to pull up whatever it wants. The Guardian newspaper in the UK and the Washington Post broke the story of the continued monitoring, which began under President George W. Bush, on Thursday.
“He was speaking a day after it emerged that the administration had been secretly collecting the phone records of citizens and amid reports that it was also tapping into the servers of the country’s biggest internet and social media companies, allowing emails, audio and video files, photos and documents to be gathered,” reported Geoff Dyer and Anna Fifeld in the Financial Times.
German and French officials raised concerns about data privacy, and the revelations are apt to cause problems in the U.S.-EU trade agreement talks, since Europeans have much stronger privacy rules than the U.S.
The revelations also came an an inopportune time in two other aspects. Obama is meeting the new Chinese leader, ZI Jinping and was expected to raise the issue of China’s vast cyber-espionage program against American companies and government units. The American may find himself playing defense.
It also comes at the same time the U.S. military is prosecuting Bradley Manning for releasing classified information, a charge he has already pled guilty to.
Edward Luce, at the Financial Times calls the estimated 854,000 employeees and contractors and $80 billion working in U.S. intelligence the “data intelligence complex,” distinguishing it from the military industry complex President Dwight Eisenhower warned about.
The Iran Project is not responsible for the content of quoted articles.