Once Again It's The US That Seems To Be The Most Aggressive With Cyberattacks

from the is-this-why-they're-so-afraid? dept

A new documentary is coming out by famed documentary filmmaker Alex Gibney called Zero Day. Big reports in Buzzfeed and the NY Times (both with additional reporting) note how it reveals that the famed Stuxnet attack by the NSA (with an assist from Israeli intelligence) was just a drop in the bucket of a massive cyberattack capability, under the code name NITRO ZEUS, that the US has built up in Iran as an "alternative" to nuclear war should diplomacy fail in negotiating Iran away from making nuclear weapons. The NY Times article focuses more on the geopolitical issues involved in the effort:
For the seven-year-old United States Cyber Command, which is still building its cyber “special forces” and deploying them throughout the world, the Iran project was perhaps its most challenging program yet. “This was an enormous, and enormously complex, program,” said one participant who requested anonymity to discuss a classified program. “Before it was developed, the U.S. had never assembled a combined cyber and kinetic attack plan on this scale.”

Nitro Zeus had its roots in the Bush administration but took on new life in 2009 and 2010, just as Mr. Obama asked General John R. Allen, at United States Central Command, to develop a detailed military plan for Iran in case diplomacy failed. It was a time of extraordinary tension, as the Iranians accelerated their production of centrifuges and produced near-bomb-grade fuel and Western intelligence agencies feared they might be on the verge of developing a nuclear weapon. It was also a period of extraordinary tension with Israel, partly because of its presumed role in the assassination of Iranian nuclear scientists, and partly because of evidence that Mr. Netanyahu was preparing a pre-emptive strike against Iran, despite warnings from the United States.
Meanwhile the Buzzfeed story focuses more on how the program was a bit of a mess with uncertain results:
However, one confidential source expressed concerns to Gibney about the extent of NITRO ZEUS, saying some planners had “no fucking clue” as to the consequences of some of the proposed attacks.

“You take down part of a grid,” they told him, “you can accidentally take down electricity in the entire country.”
It also notes that the State Department was reasonably concerned about the program -- both whether it was legal and how it might create some serious blowback:
The film’s supporting research material also reveals an array of concerns about such capabilities within the U.S. government and agencies. The State Department was seen by those in other agencies as a “wet blanket” when it came to operations, for expressing concerns about violating the sovereignty of third-party nations’ cyberspace, or about operations that could have significant impact on civilians.
Meanwhile, support for these concerns comes from a rather unexpected source: former NSA and CIA director Michael Hayden, normally quoted around these parts defending the intelligence community. However, here, he notes that massively broadening cyberattack efforts could come back to haunt the US:
“I know no operational details and don’t know what anyone did or didn’t do before someone decided to use the weapon, alright,” he said. “I do know this: If we go out and do something, most of the rest of the world now thinks that’s a new standard, and it’s something they now feel legitimated to do as well.

“But the rules of engagement, international norms, treaty standards, they don’t exist right now.”

In public remarks, Hayden once noted of Stuxnet “this has the whiff of 1945. Someone just used a new weapon.” He also said the secrecy around the U.S.’s cyber programs was stifling the ability to have a public debate about their consequences.

“This stuff is hideously over-classified and it gets into the way of a mature public discussion as to what it is we as a democracy want our nation to be doing up here in the cyber domain,” Hayden said.
I actually agree with Hayden. That doesn't happen very often!

But, really, the main thing that gets me about this report is that we keep seeing Congress and the President going on and on and on about cybersecurity threats against the US -- and yet basically the only significant examples all seem to be the US attacking other countries. The inbound attacks -- such as the OPM hack or even the Sony hack -- actually seem fairly minor in comparison. Those are just hacks to get at data, not to actually break stuff. Yes, it's possible that US officials are freaking out because now they really understand the depth of what can be done thanks to the NSA doing it first, but maybe we should be thinking about dealing with that fact and shoring up our defenses (and not giving reasons to others to emulate us), rather than creating faux moral panics.

Filed Under: cyberattacks, iran, nitro zeus, nsa, stuxnet


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 17 Feb 2016 @ 2:12pm

    Ever noticed how the US government criticises other governments for imposing their will on their citizens, while working tirelessly to impose their will on the other governments?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 17 Feb 2016 @ 2:18pm

      Re:

      The USG is basically guilty of or responsible for everything they accuse others of. We're our own worst enemy.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 17 Feb 2016 @ 2:54pm

        Re: Re:

        *the government is our worst enemy

        reply to this | link to this | view in chronology ]

        • icon
          art guerrilla (profile), 17 Feb 2016 @ 6:50pm

          Re: Re: Re:

          chilluns !
          pogo said it best:
          we have met the enemy, and he is us ! ! !

          1. if hayden is agin' it, i am almost certain it is some internecine skirmish, rather than any actual morals, ethics, empathy, or functioning metaphorical heart...

          2. "alternative to nuclear war..." hmmm, why does this remind me of how the taser was to be an alternative to shooting, except it wasn't...

          3. "...both whether it was legal and how it might create some serious blowback..." ...“you can accidentally take down electricity in the entire country.”
          yeah, i think in olden times -like a couple decades ago- that was called a war krime...
          now, its just the cost of doing bidness...
          besides, war krimes are for losers, bitchez...

          art guerrilla
          aka ann archy
          eof

          reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 17 Feb 2016 @ 7:17pm

      Re:

      Up to and including assassinating and overthrowing democratic government leaders then replacing them with brutal dictators.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Feb 2016 @ 2:30pm

    all your base are belong to us

    we aint seen nothin yet.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Feb 2016 @ 2:40pm

    What? Someone else is finally waking up to something I've been saying for a long, long, time. At least ever since the news of Stuxnet came out.

    Unlike physical munitions, cyberwarefare weapons can and at some point will come back to haunt you. It might be 5 or 10 years before you see them but be assured the evidence and method have been left to be found, dissected, digested, and regurated in a different form again.

    The internet has become tied to nearly everything that effects our lives in some form. Water, electricity, flow of traffic, of trains, of manufacturing, flight, finances, and military activities to only name a few. Imagine what would happen if you woke up tomorrow and the world you know began shutting down.

    Today we are once again in the same position that the nuclear deterrent known as MADD put us. No one has the defenses other than possibly the military to fight all this and they aren't known for sharing. Bad enough the knowledge it can be done has been released. In a few years more I expect to see some of these developed tools being used on us behind the door of secrecy by other nations through rouge hacker groups while the nation responsible claims no knowledge. Kinda sounds like today don't it, with the US blaming China and Russia for doing the same things it is.

    reply to this | link to this | view in chronology ]

  • icon
    Pronounce (profile), 17 Feb 2016 @ 2:48pm

    If the Rest of World Thinks the US is Evil

    We only have our government to blame, 'cause it is. And if Aaron Swartz was alive I bet he'd agree.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Feb 2016 @ 3:22pm

    The United States are the fascists of the modern world.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Feb 2016 @ 3:26pm

    An attack is an act of War

    I remember when we declared to the whole world that if anyone attacked our cyber infrastructure, that would be considered an act of war and we would be free to respond in any way we chose. Up to and including nukes. Since we have already preemptively attacked other nations, that is in effect a declaration of war and they are now free to respond in any way they choose. Am I missing some key piece of logic or is that exactly what just happened?
    http://www.forbes.com/sites/reuvencohen/2012/06/05/the-white-house-and-pentagon-deem-cyber- attacks-an-act-of-war/#6cadaf834a87

    Link to an article from 2012 where it quotes both the White House and Pentagon as saying it would be an act of War.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Feb 2016 @ 3:49pm

    Of course...

    Our government is afraid of what's possible... we've seen what we're capable of doing to others, and we *know* they'll respond in kind.

    But instead of coveting and utilizing all these security holes we are finding, we should be actively helping organizations patch them in order to beef up our own infrastructure. That's where the dots fail to connect within our government agencies.

    reply to this | link to this | view in chronology ]

  • identicon
    Don R, 17 Feb 2016 @ 4:13pm

    Seems reckless to compare attacks against a criminal nuclear program to brazen Chinese/Russian attacks that sweep up confidential information of millions of civilians and steal business. Not really comparable.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Feb 2016 @ 4:15pm

    has it not dawned on people yet that the best way of diverting attention away from something you're doing is to shout out loud against someone else, even if they are doing the same thing?

    reply to this | link to this | view in chronology ]

  • identicon
    Loki, 17 Feb 2016 @ 4:24pm

    Hayden being concerned about US cybercapabilities is kind of like Chris Dowd being worried about the effects of increasing copyright law. At that point it should be abundantly clear you've gone way too far.

    reply to this | link to this | view in chronology ]

  • identicon
    Digitari, 17 Feb 2016 @ 5:44pm

    Screamin' Eagles!!!!!!

    .....But, We're the "GooD" guys.









    /s

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Feb 2016 @ 6:13pm

    Feel the Bern?

    reply to this | link to this | view in chronology ]

  • identicon
    Mark Wing, 17 Feb 2016 @ 6:53pm

    We killed a few centrifuges and all it cost us was our world standing and a new era where weaponized computer code is the new norm. Oh and whatever in cost in billions of dollars.

    At least China and Russia don't have to spend all that money to weaponize their systems since WE FUCKING GAVE THEM THE TEMPLATE when Stuxnet escaped into the wild.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Feb 2016 @ 7:15pm

    Just think, eventually people will get fed up and attack the US over this. Then we can see what it's like to have bombs dropped on us, instead of our military bases

    reply to this | link to this | view in chronology ]

  • icon
    TechDescartes (profile), 17 Feb 2016 @ 9:32pm

    I actually agree with Hayden.
    “Nooooooooooo!” ~ Luke Skywalker

    reply to this | link to this | view in chronology ]

  • identicon
    Stosh, 18 Feb 2016 @ 10:56am

    Until we can open up enough backdoors to encryption, these attacks will be less than optimal.

    reply to this | link to this | view in chronology ]

  • icon
    tqk (profile), 19 Feb 2016 @ 10:21pm

    ... but maybe we should be thinking about dealing with that fact and shoring up our defenses ...

    Costs money and you have to find the right people to do it, who don't exist at the rate you're willing to pay. Enjoy the ride.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown for basic formatting. (HTML is not supported.)
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown for basic formatting. (HTML is not supported.)
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.