 |
A key Department of Defense network goes down. Air-traffic control collapses. Trains collide. Financial data systems are in ruins. Lethal clouds of chlorine gas drift from plants in New Jersey and Delaware.Thousands of Americans are dead — and the looting and food shortages haven’t even begun.
| READ: “An electronic Pearl Harbor?,” by David Scharfenberg |
“In all the wars America has fought, no nation has ever done this kind of damage to our cities,” writes Richard A. Clarke in his recently published book Cyber War: The Next Threat to National Security and What To Do About It. “A sophisticated cyber-war attack by one of several nation-states could do that today, in 15 minutes.”Coming from the man who waged an often lonely pre-9/11 campaign to warn his superiors in the Clinton and Bush White Houses of the threat posed by Al Qaeda, the admonition is difficult to ignore.
But could a handful of hackers really cripple the world’s sole superpower? Could we truly be 15 minutes from calamity?
It is a question as difficult as it is chilling. But one thing is clear: we’re vulnerable.
Wired to death?
Our financial, health, and national-defense systems are heavily wired. Our power grid and telecommunications systems, too. And protecting that giant digital architecture is extraordinarily difficult. However vigilant our defense — and it is sorely lacking — hackers need find only one vulnerability to break in and wreak havoc.
That havoc can come in the form of direct, material harm: the so-called “denial of service” attacks that shut down individual Web sites and large swaths of the Internet, or the multi-million-dollar bank robberies currently occupying the FBI and dozens of other law-enforcement agencies around the world.
But it can also come in the form of espionage: a 2008 infiltration of the United States Central Command that a high-ranking Pentagon official called “the most significant breach of US military computers ever,” last year’s mining of Google’s computers for trade secrets and information on Chinese dissidents, or WikiLeaks’ disclosure of huge troves of classified documents on the Afghanistan war effort.
Foreign hackers have already probed our power grid for weaknesses and some in the intelligence community worry Russian and Chinese cyber snoops have left behind “logic bombs” that could be set off in the event of a conflict, plunging New York, Washington, or Los Angeles into darkness.
There is also heavy concern about a hardware and software supply chain that stretches overseas — providing ample opportunity for foreign agents to plant “trap doors” in weapons and other vital systems that can be kicked open when the time is right.
That sort of tampering is one theory behind how Israeli intelligence seemingly disabled Syrian radar in advance of a 2007 bombing raid on an apparent North Korean–built nuclear weapons facility.
Take, for instance, the “denial of service” strike on Estonia.
Tensions between Russia and the former Soviet satellite flared in the spring of 2007 over a giant bronze statue of a Red Army soldier in the Estonian capital of Tallinn. And after ethnic Russians clashed with nationalists on what became known as Bronze Night, authorities moved the statue to a more protected spot.
That, of course, only set off waves of outrage in the Russian media and political circles. And before long, hackers were knitting together tens of thousands of “zombie” computers — their owners unaware — in a massive “botnet” attack on Estonia’s digital infrastructure, cutting off access to online banking, media, and government services.
The Estonians, after some cyber sleuthing, claimed the code behind the attack had been written on Cyrillic-language keyboards traced back to Russia. But who, precisely, in Russia was to blame?
Some Russian officials suggested that “patriotic hackers” independent of the government may have been responsible. Observers speculated that organized crime — with its phalanx of high-level hackers — might have played a role. Either, of course, could have operated with the tacit support of the government. But the Kremlin denied involvement and stonewalled on the investigation.
Three years later, the origins of what may be the highest profile cyber attack in history remain a mystery.
 |
‘One of the most serious . . . challenges we face’
Washington is hardly blind to the danger.
