Once Again It's The US That Seems To Be The Most Aggressive With Cyberattacks

from the is-this-why-they're-so-afraid? dept

A new documentary is coming out by famed documentary filmmaker Alex Gibney called Zero Day. Big reports in Buzzfeed and the NY Times (both with additional reporting) note how it reveals that the famed Stuxnet attack by the NSA (with an assist from Israeli intelligence) was just a drop in the bucket of a massive cyberattack capability, under the code name NITRO ZEUS, that the US has built up in Iran as an “alternative” to nuclear war should diplomacy fail in negotiating Iran away from making nuclear weapons. The NY Times article focuses more on the geopolitical issues involved in the effort:

For the seven-year-old United States Cyber Command, which is still building its cyber ?special forces? and deploying them throughout the world, the Iran project was perhaps its most challenging program yet. ?This was an enormous, and enormously complex, program,? said one participant who requested anonymity to discuss a classified program. ?Before it was developed, the U.S. had never assembled a combined cyber and kinetic attack plan on this scale.?

Nitro Zeus had its roots in the Bush administration but took on new life in 2009 and 2010, just as Mr. Obama asked General John R. Allen, at United States Central Command, to develop a detailed military plan for Iran in case diplomacy failed. It was a time of extraordinary tension, as the Iranians accelerated their production of centrifuges and produced near-bomb-grade fuel and Western intelligence agencies feared they might be on the verge of developing a nuclear weapon. It was also a period of extraordinary tension with Israel, partly because of its presumed role in the assassination of Iranian nuclear scientists, and partly because of evidence that Mr. Netanyahu was preparing a pre-emptive strike against Iran, despite warnings from the United States.

Meanwhile the Buzzfeed story focuses more on how the program was a bit of a mess with uncertain results:

However, one confidential source expressed concerns to Gibney about the extent of NITRO ZEUS, saying some planners had ?no fucking clue? as to the consequences of some of the proposed attacks.

?You take down part of a grid,? they told him, ?you can accidentally take down electricity in the entire country.?

It also notes that the State Department was reasonably concerned about the program — both whether it was legal and how it might create some serious blowback:

The film?s supporting research material also reveals an array of concerns about such capabilities within the U.S. government and agencies. The State Department was seen by those in other agencies as a ?wet blanket? when it came to operations, for expressing concerns about violating the sovereignty of third-party nations? cyberspace, or about operations that could have significant impact on civilians.

Meanwhile, support for these concerns comes from a rather unexpected source: former NSA and CIA director Michael Hayden, normally quoted around these parts defending the intelligence community. However, here, he notes that massively broadening cyberattack efforts could come back to haunt the US:

?I know no operational details and don?t know what anyone did or didn?t do before someone decided to use the weapon, alright,? he said. ?I do know this: If we go out and do something, most of the rest of the world now thinks that?s a new standard, and it?s something they now feel legitimated to do as well.

?But the rules of engagement, international norms, treaty standards, they don?t exist right now.?

In public remarks, Hayden once noted of Stuxnet ?this has the whiff of 1945. Someone just used a new weapon.? He also said the secrecy around the U.S.?s cyber programs was stifling the ability to have a public debate about their consequences.

?This stuff is hideously over-classified and it gets into the way of a mature public discussion as to what it is we as a democracy want our nation to be doing up here in the cyber domain,? Hayden said.

I actually agree with Hayden. That doesn’t happen very often!

But, really, the main thing that gets me about this report is that we keep seeing Congress and the President going on and on and on about cybersecurity threats against the US — and yet basically the only significant examples all seem to be the US attacking other countries. The inbound attacks — such as the OPM hack or even the Sony hack — actually seem fairly minor in comparison. Those are just hacks to get at data, not to actually break stuff. Yes, it’s possible that US officials are freaking out because now they really understand the depth of what can be done thanks to the NSA doing it first, but maybe we should be thinking about dealing with that fact and shoring up our defenses (and not giving reasons to others to emulate us), rather than creating faux moral panics.

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Once Again It's The US That Seems To Be The Most Aggressive With Cyberattacks”

Subscribe: RSS Leave a comment
art guerrilla (profile) says:

Re: Re: Re: Re:

chilluns !
pogo said it best:
we have met the enemy, and he is us ! ! !

1. if hayden is agin’ it, i am almost certain it is some internecine skirmish, rather than any actual morals, ethics, empathy, or functioning metaphorical heart…

2. “alternative to nuclear war…” hmmm, why does this remind me of how the taser was to be an alternative to shooting, except it wasn’t…

3. “…both whether it was legal and how it might create some serious blowback…” …“you can accidentally take down electricity in the entire country.”
yeah, i think in olden times -like a couple decades ago- that was called a war krime…
now, its just the cost of doing bidness…
besides, war krimes are for losers, bitchez…

art guerrilla
aka ann archy

Anonymous Coward says:

What? Someone else is finally waking up to something I’ve been saying for a long, long, time. At least ever since the news of Stuxnet came out.

Unlike physical munitions, cyberwarefare weapons can and at some point will come back to haunt you. It might be 5 or 10 years before you see them but be assured the evidence and method have been left to be found, dissected, digested, and regurated in a different form again.

The internet has become tied to nearly everything that effects our lives in some form. Water, electricity, flow of traffic, of trains, of manufacturing, flight, finances, and military activities to only name a few. Imagine what would happen if you woke up tomorrow and the world you know began shutting down.

Today we are once again in the same position that the nuclear deterrent known as MADD put us. No one has the defenses other than possibly the military to fight all this and they aren’t known for sharing. Bad enough the knowledge it can be done has been released. In a few years more I expect to see some of these developed tools being used on us behind the door of secrecy by other nations through rouge hacker groups while the nation responsible claims no knowledge. Kinda sounds like today don’t it, with the US blaming China and Russia for doing the same things it is.

Anonymous Coward says:

An attack is an act of War

I remember when we declared to the whole world that if anyone attacked our cyber infrastructure, that would be considered an act of war and we would be free to respond in any way we chose. Up to and including nukes. Since we have already preemptively attacked other nations, that is in effect a declaration of war and they are now free to respond in any way they choose. Am I missing some key piece of logic or is that exactly what just happened?

Link to an article from 2012 where it quotes both the White House and Pentagon as saying it would be an act of War.

Anonymous Coward says:

Of course...

Our government is afraid of what’s possible… we’ve seen what we’re capable of doing to others, and we *know* they’ll respond in kind.

But instead of coveting and utilizing all these security holes we are finding, we should be actively helping organizations patch them in order to beef up our own infrastructure. That’s where the dots fail to connect within our government agencies.

Anonymous Coward says:

Re: reckless

Seems reckless to weaponize defense and then fault “those other criminals out there in the rest of the world” without owning up to your own culpability in creating the current reality.

U.S. DoD let this particular genie out of the bottle. Not to say someone else wouldn’t have gone there eventually, but . . .


Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...