Once Again It's The US That Seems To Be The Most Aggressive With Cyberattacks

(Mis)Uses of Technology

from the is-this-why-they're-so-afraid? dept

Wed, Feb 17th 2016 2:03pm — Mike Masnick

A new documentary is coming out by famed documentary filmmaker Alex Gibney called Zero Day. Big reports in Buzzfeed and the NY Times (both with additional reporting) note how it reveals that the famed Stuxnet attack by the NSA (with an assist from Israeli intelligence) was just a drop in the bucket of a massive cyberattack capability, under the code name NITRO ZEUS, that the US has built up in Iran as an "alternative" to nuclear war should diplomacy fail in negotiating Iran away from making nuclear weapons. The NY Times article focuses more on the geopolitical issues involved in the effort:

For the seven-year-old United States Cyber Command, which is still building its cyber “special forces” and deploying them throughout the world, the Iran project was perhaps its most challenging program yet. “This was an enormous, and enormously complex, program,” said one participant who requested anonymity to discuss a classified program. “Before it was developed, the U.S. had never assembled a combined cyber and kinetic attack plan on this scale.”

Nitro Zeus had its roots in the Bush administration but took on new life in 2009 and 2010, just as Mr. Obama asked General John R. Allen, at United States Central Command, to develop a detailed military plan for Iran in case diplomacy failed. It was a time of extraordinary tension, as the Iranians accelerated their production of centrifuges and produced near-bomb-grade fuel and Western intelligence agencies feared they might be on the verge of developing a nuclear weapon. It was also a period of extraordinary tension with Israel, partly because of its presumed role in the assassination of Iranian nuclear scientists, and partly because of evidence that Mr. Netanyahu was preparing a pre-emptive strike against Iran, despite warnings from the United States.

Meanwhile the Buzzfeed story focuses more on how the program was a bit of a mess with uncertain results:

However, one confidential source expressed concerns to Gibney about the extent of NITRO ZEUS, saying some planners had “no fucking clue” as to the consequences of some of the proposed attacks.

“You take down part of a grid,” they told him, “you can accidentally take down electricity in the entire country.”

It also notes that the State Department was reasonably concerned about the program -- both whether it was legal and how it might create some serious blowback:

The film’s supporting research material also reveals an array of concerns about such capabilities within the U.S. government and agencies. The State Department was seen by those in other agencies as a “wet blanket” when it came to operations, for expressing concerns about violating the sovereignty of third-party nations’ cyberspace, or about operations that could have significant impact on civilians.

Meanwhile, support for these concerns comes from a rather unexpected source: former NSA and CIA director Michael Hayden, normally quoted around these parts defending the intelligence community. However, here, he notes that massively broadening cyberattack efforts could come back to haunt the US:

“I know no operational details and don’t know what anyone did or didn’t do before someone decided to use the weapon, alright,” he said. “I do know this: If we go out and do something, most of the rest of the world now thinks that’s a new standard, and it’s something they now feel legitimated to do as well.

“But the rules of engagement, international norms, treaty standards, they don’t exist right now.”

In public remarks, Hayden once noted of Stuxnet “this has the whiff of 1945. Someone just used a new weapon.” He also said the secrecy around the U.S.’s cyber programs was stifling the ability to have a public debate about their consequences.

“This stuff is hideously over-classified and it gets into the way of a mature public discussion as to what it is we as a democracy want our nation to be doing up here in the cyber domain,” Hayden said.

I actually agree with Hayden. That doesn't happen very often!

But, really, the main thing that gets me about this report is that we keep seeing Congress and the President going on and on and on about cybersecurity threats against the US -- and yet basically the only significant examples all seem to be the US attacking other countries. The inbound attacks -- such as the OPM hack or even the Sony hack -- actually seem fairly minor in comparison. Those are just hacks to get at data, not to actually break stuff. Yes, it's possible that US officials are freaking out because now they really understand the depth of what can be done thanks to the NSA doing it first, but maybe we should be thinking about dealing with that fact and shoring up our defenses (and not giving reasons to others to emulate us), rather than creating faux moral panics.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cyberattacks, iran, nitro zeus, nsa, stuxnet

25 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 17 Feb 2016 @ 2:12pm

Ever noticed how the US government criticises other governments for imposing their will on their citizens, while working tirelessly to impose their will on the other governments?
[ link to this | view in thread ]
Anonymous Coward, 17 Feb 2016 @ 2:18pm

Re:
The USG is basically guilty of or responsible for everything they accuse others of. We're our own worst enemy.
[ link to this | view in thread ]
Anonymous Coward, 17 Feb 2016 @ 2:30pm

all your base are belong to us
we aint seen nothin yet.
[ link to this | view in thread ]
Anonymous Coward, 17 Feb 2016 @ 2:40pm

What? Someone else is finally waking up to something I've been saying for a long, long, time. At least ever since the news of Stuxnet came out.

Unlike physical munitions, cyberwarefare weapons can and at some point will come back to haunt you. It might be 5 or 10 years before you see them but be assured the evidence and method have been left to be found, dissected, digested, and regurated in a different form again.

The internet has become tied to nearly everything that effects our lives in some form. Water, electricity, flow of traffic, of trains, of manufacturing, flight, finances, and military activities to only name a few. Imagine what would happen if you woke up tomorrow and the world you know began shutting down.

Today we are once again in the same position that the nuclear deterrent known as MADD put us. No one has the defenses other than possibly the military to fight all this and they aren't known for sharing. Bad enough the knowledge it can be done has been released. In a few years more I expect to see some of these developed tools being used on us behind the door of secrecy by other nations through rouge hacker groups while the nation responsible claims no knowledge. Kinda sounds like today don't it, with the US blaming China and Russia for doing the same things it is.
[ link to this | view in thread ]
Pronounce (profile), 17 Feb 2016 @ 2:48pm

If the Rest of World Thinks the US is Evil
We only have our government to blame, 'cause it is. And if Aaron Swartz was alive I bet he'd agree.
[ link to this | view in thread ]
Anonymous Coward, 17 Feb 2016 @ 2:54pm

Re: Re:
*the government is our worst enemy
[ link to this | view in thread ]
Anonymous Coward, 17 Feb 2016 @ 3:22pm

The United States are the fascists of the modern world.
[ link to this | view in thread ]
Anonymous Coward, 17 Feb 2016 @ 3:26pm

An attack is an act of War
I remember when we declared to the whole world that if anyone attacked our cyber infrastructure, that would be considered an act of war and we would be free to respond in any way we chose. Up to and including nukes. Since we have already preemptively attacked other nations, that is in effect a declaration of war and they are now free to respond in any way they choose. Am I missing some key piece of logic or is that exactly what just happened?
http://www.forbes.com/sites/reuvencohen/2012/06/05/the-white-house-and-pentagon-deem-cyber- attacks-an-act-of-war/#6cadaf834a87

Link to an article from 2012 where it quotes both the White House and Pentagon as saying it would be an act of War.
[ link to this | view in thread ]
Anonymous Coward, 17 Feb 2016 @ 3:49pm

Of course...
Our government is afraid of what's possible... we've seen what we're capable of doing to others, and we *know* they'll respond in kind.

But instead of coveting and utilizing all these security holes we are finding, we should be actively helping organizations patch them in order to beef up our own infrastructure. That's where the dots fail to connect within our government agencies.
[ link to this | view in thread ]
Don R, 17 Feb 2016 @ 4:13pm

Seems reckless to compare attacks against a criminal nuclear program to brazen Chinese/Russian attacks that sweep up confidential information of millions of civilians and steal business. Not really comparable.
[ link to this | view in thread ]
Anonymous Coward, 17 Feb 2016 @ 4:15pm

has it not dawned on people yet that the best way of diverting attention away from something you're doing is to shout out loud against someone else, even if they are doing the same thing?
[ link to this | view in thread ]
Loki, 17 Feb 2016 @ 4:24pm

Hayden being concerned about US cybercapabilities is kind of like Chris Dowd being worried about the effects of increasing copyright law. At that point it should be abundantly clear you've gone way too far.
[ link to this | view in thread ]
Anonymous Coward, 17 Feb 2016 @ 5:01pm

Re: reckless
Seems reckless to weaponize defense and then fault "those other criminals out there in the rest of the world" without owning up to your own culpability in creating the current reality.

U.S. DoD let this particular genie out of the bottle. Not to say someone else wouldn't have gone there eventually, but . . .

http://ieeexplore.ieee.org/xpl/articleDetails.jsp?reload=true&arnumber=6109203
[ link to this | view in thread ]
Digitari, 17 Feb 2016 @ 5:44pm

Screamin' Eagles!!!!!!
.....But, We're the "GooD" guys.

/s
[ link to this | view in thread ]
Anonymous Coward, 17 Feb 2016 @ 5:44pm

Re: An attack is an act of War
*shrug* They are just consistent. Double bombing (blow something up, wait for help to arrive and then blow up the people that try to help) was bad when terrorists did it but when the US Gov uses it then I guess it's alright.

http://www.businessinsider.com/us-drone-tweets-reveal-double-tap-plan-2012-12
[ link to this | view in thread ]
Anonymous Coward, 17 Feb 2016 @ 6:13pm

Feel the Bern?
[ link to this | view in thread ]
art guerrilla (profile), 17 Feb 2016 @ 6:50pm

Re: Re: Re:
chilluns !
pogo said it best:
we have met the enemy, and he is us ! ! !

1. if hayden is agin' it, i am almost certain it is some internecine skirmish, rather than any actual morals, ethics, empathy, or functioning metaphorical heart...

2. "alternative to nuclear war..." hmmm, why does this remind me of how the taser was to be an alternative to shooting, except it wasn't...

3. "...both whether it was legal and how it might create some serious blowback..." ...“you can accidentally take down electricity in the entire country.”
yeah, i think in olden times -like a couple decades ago- that was called a war krime...
now, its just the cost of doing bidness...
besides, war krimes are for losers, bitchez...

art guerrilla
aka ann archy
eof
[ link to this | view in thread ]
Mark Wing, 17 Feb 2016 @ 6:53pm

We killed a few centrifuges and all it cost us was our world standing and a new era where weaponized computer code is the new norm. Oh and whatever in cost in billions of dollars.

At least China and Russia don't have to spend all that money to weaponize their systems since WE FUCKING GAVE THEM THE TEMPLATE when Stuxnet escaped into the wild.
[ link to this | view in thread ]
Anonymous Coward, 17 Feb 2016 @ 7:15pm

Just think, eventually people will get fed up and attack the US over this. Then we can see what it's like to have bombs dropped on us, instead of our military bases
[ link to this | view in thread ]
Anonymous Coward, 17 Feb 2016 @ 7:17pm

Re:
Up to and including assassinating and overthrowing democratic government leaders then replacing them with brutal dictators.
[ link to this | view in thread ]
Anonymous Coward, 17 Feb 2016 @ 8:15pm

Re:
@Don R. Fine. How about we compare it to all the US government programs that sweep up confidential information of millions of civilians (even their own citizens) and steal business information.
[ link to this | view in thread ]
TechDescartes (profile), 17 Feb 2016 @ 9:32pm

I actually agree with Hayden.
“Nooooooooooo!” ~ Luke Skywalker
[ link to this | view in thread ]
Ninja (profile), 18 Feb 2016 @ 3:01am

Re:
It's a huge disturbance in the force. I never thought I'd live to see this day. Next we'll have mike agreeing with the MPAA.
[ link to this | view in thread ]
Stosh, 18 Feb 2016 @ 10:56am

Until we can open up enough backdoors to encryption, these attacks will be less than optimal.
[ link to this | view in thread ]
tqk (profile), 19 Feb 2016 @ 10:21pm

... but maybe we should be thinking about dealing with that fact and shoring up our defenses ...

Costs money and you have to find the right people to do it, who don't exist at the rate you're willing to pay. Enjoy the ride.
[ link to this | view in thread ]