cyber war

back to index

156 results

Dark Territory: The Secret History of Cyber War

by Fred Kaplan  · 1 Mar 2016  · 383pp  · 105,021 words

Receiver CHAPTER 5 Solar Sunrise, Moonlight Maze CHAPTER 6 The Coordinator Meets Mudge CHAPTER 7 Deny, Exploit, Corrupt, Destroy CHAPTER 8 Tailored Access CHAPTER 9 Cyber Wars CHAPTER 10 Buckshot Yankee CHAPTER 11 “The Whole Haystack” CHAPTER 12 “Somebody Has Crossed the Rubicon” CHAPTER 13 Shady RATs CHAPTER 14 “The Five Guys

, at least to the public eye, especially after the terrorist attacks of September 11, 2001, which killed three thousand Americans. Few cared about hypothetical cyber wars when the nation was charging into real ones with bullets and bombs. But behind closed doors, the Bush administration was weaving

plans, and so were the military establishments of several other nations, friendly and otherwise, as the Internet spread to the globe’s far-flung corners. Cyber war emerged as a mutual threat and opportunity, a tool of espionage and a weapon of war, that foes could use to hurt America and that

the dragnet, placed, potentially, under the ever-watchful eye. The expectation arose that wars of the future were bound to be, at least in part, cyber wars; cyberspace was officially labeled a “domain” of warfare, like air, land, sea, and outer space. And because of the seamless worldwide network, the packets,

and the Internet of Things, cyber war would involve not just soldiers, sailors, and pilots but, inexorably, the rest of us. When cyberspace is everywhere, cyber war can seep through every digital pore. During the transitions between presidents, the ideas of cyber warfare

since the Second World War. It was also—though few were aware of this—the first campaign of “counter command-control warfare,” the harbinger of cyber wars to come. The director of the NSA at the time was Rear Admiral William Studeman, who, like his mentor, Bobby Ray Inman, had been

once uttered, the word snugly fit. From that point on, the group—and others who studied the issue—would speak of “cyber crime,” “cyber security,” “cyber war.” What to do about these cyber threats? That was the real question, the group’s raison d’être, and here they were stuck. There were

Sunrise as the threat’s fulfillment. Briefing President Clinton on the intrusion, Hamre warned that Solar Sunrise might be “the first shots of a genuine cyber war,” adding that they may have been fired by Iraq. It wasn’t a half-baked suspicion. Saddam Hussein had recently expelled United Nations inspectors who

missions were intertwined—they all involved the same technology, the same networks, the same actions: intelligence and operations in cyberspace—cyber security, cyber espionage, and cyber war—were, in a fundamental sense, synonymous. Hayden was stationed overseas, as the intelligence chief for U.S. forces in South Korea, when Solar Sunrise and

of signals intelligence: C-CNE, for Counter-Computer Network Exploitation—penetrating an adversary’s networks in order to watch him penetrating our networks. CHAPTER 9 * * * CYBER WARS WHEN General John Abizaid took the helm of U.S. Central Command on July 7, 2003, overseeing American military operations in the Middle East, Central

managed to reroute some of its servers to Western countries and filter some of the Russian intrusions; the cyber attack evolved into a two-way cyber war, with improvised tactics and maneuvers. In all its incarnations through the centuries, information warfare had been a gamble, its payoff lasting a brief spell,

that a classified network of the Department of Defense had been hacked. The intrusion might not have been spotted, except that, a year earlier, when cyber war took off as a worldwide phenomenon, Richard Schaeffer, head of the NSA’s Information Assurance Directorate—whose staff spent their workdays mulling and testing new

harm in trying. So he told Alexander to proceed. This would be a huge operation, a joint effort by the NSA, CIA, and Israel’s cyber war bureau, Unit 8200. Meanwhile, Alexander got the operation going with a simpler trick. The Iranians had installed devices called uninterruptible power supplies on the generators

dozens of South Korean banks, affecting at least 60,000, possibly as many as 160,000 computers. Stuxnet spurred the Iranians to create their own cyber war unit, which took off at still greater levels of funding a year and a half later, in the spring of 2012, when, in a follow

address. Gates took the reply as an evasion, not an answer. One obstacle to a clearer answer—to clearer thinking, generally—was that everything about cyber war lay encrusted in secrecy: its roots were planted, and its fruits were ripening, in an agency whose very existence had once been highly classified and

superiority—for some of that time, a monopoly—in nuclear weapons. But on the cusp of a new era in cyber war, it was a known fact that many other nations had cyber war units, and America was far more vulnerable in this kind of war than any likely adversary, than any other country

on vulnerable computer networks—in its weapons systems, its financial systems, its vital critical infrastructures. If America, or U.S. Cyber Command, wanted to wage cyber war, it would do so from inside a glass house. There was another difference between the two kinds of new weapons, besides the scale of damage

the light of day, they did. All along, though, Clarke retained his passion for cyber issues, and six years later, he wrote a book called Cyber War: The Next Threat to National Security and What to Do About It. Published in April 2010, it was derided by many as overwrought—legitimately in

the author, viewed the book as simply self-aggrandizing: Clarke was now chairman of a cyber-risk-management firm called Good Harbor; thus, they saw Cyber War as a propaganda pamphlet to drum up business. But the main reason for the dismissive response was that the book’s scenarios and warnings seemed

so unlikely, so sci-fi. The opening of a (generally favorable) review in The Washington Post caricatured the skepticism: “Cyber-war, cyber-this, cyber-that: What is it about the word that makes the eyes roll? . . . How authentic can a war be when things don’

revelations about Stuxnet, the Mandiant report on China’s Unit 61398, and finally Edward Snowden’s massive leak of NSA documents—did cyber espionage and cyber war become the stuff of headline news and everyday conversation. Cyber was suddenly riding high, and when Obama responded to the ruckus by forming a presidential

Meade. Only Clarke and Morell had ever before been inside the place. Clarke’s view of the agency was more skeptical than some assumed. In Cyber War, he’d criticized the fusion of NSA and Cyber Command under a single four-star general, fearing that the move placed too much power in

reforms of NSA practices, as recommended by President Obama’s commission—and by President Obama himself. The measures wouldn’t change much about cyber espionage, cyber war, or the long reach of the NSA, to say nothing of its foreign counterparts. For all the political storms that it stirred, the bulk collection

largest resort conglomerates in the world, with forty thousand employees and assets exceeding $20 billion—wasn’t ready to deal with the old era of cyber war, much less the new one. At first, not wanting to scare off customers, the executives tried to cover up just how badly the hack

, in casual conversations with aides and colleagues in the Pentagon and the White House, Gates took to mulling over larger questions about cyber espionage and cyber war. “We’re wandering in dark territory,” he would say on these occasions. It was a phrase from Gates’s childhood in Kansas, where his

the U.S. military’s classified network, prompting Operation Buckshot Yankee. Sitting through the briefings, collating their conclusions, and writing the report, these veterans of cyber wars past—real and simulated—felt as if they’d stepped into a time machine: the issues, the dangers, and, most surprising, the vulnerabilities were the

the task force authors wrote, they “could find no evidence” that anyone, anywhere, was doing that sort of work “to better understand the large-scale cyber war.” The first official effort to find some answers to these questions got underway two years later, on February 10, 2015, with the opening session of

information voluntarily—an unlikely prospect, but the only one available. It was a bitter irony. The growth of this entire field—cyber security, cyber espionage, cyber war—had been triggered by concerns, thirty years earlier, about the vulnerability of critical infrastructure. Yet, after all the commissions, analyses, and directives, the problem

higher chance that someone would cross the line, perhaps without intending or even knowing it. Finally, there was the extreme secrecy that enveloped everything about cyber war. Some things about nuclear weapons were secret, too: details about their design, the launch codes, the targeting plans, the total stockpile of nuclear materials.

of policy and morality.” This knowledge, which Senator Church called “the key to control,” has been missing from discussions of policy, strategy, and morality in cyber war. We are all wandering in dark territory, most of us only recently, and even now dimly, aware of it. * * * I. As a compromise, when

government—became the stuff of headline news seemingly every day. My proposal was to write a history of what has broadly come to be called “cyber war,” and my interest in the idea grew as the stories piled up about Snowden and the thousands of documents he leaked, because it was clear

doctrine and tried to apply it to the wars in Iraq and Afghanistan. Now, Dark Territory traces the players, ideas, and technology of the looming cyber wars. On all three books, I’ve had the great fortune of working with Alice Mayhew, the legendary editor at Simon & Schuster, and it’s

really know a lot about the subject at the time). By the time the meeting ended, I was committed to looking into a book about cyber war—first, to see if there was a story there, a story with characters and a narrative pulse. It turned out, there was. I thank

National Security Council, on March 16, http://fas.org/sgp/othergov/munromem.htm. One word was floating around: The first use of “cyber war” was probably John Arquilla and David Ronfeldt, Cyberwar Is Coming! (Santa Monica: RAND Corporation, 1993), but their use of the phrase was more like what came to be called

“netcentric warfare” or the “revolution in military affairs,” not “cyber war” as it later came to be understood. “may have experienced as many as

21, 2000. Days later, the news leaked to the press: “Cyber War Underway on Pentagon Computers—Major Attack Through Russia,” CNN, March 5, 1999; Barbara Starr, “Pentagon Cyber-War Attack Mounted Through Russia,” ABC News, March 5, 1999, http://www.rense.com/politics2/cyberwar.htm. They flew to Moscow on April 2: Declassified FBI memos

George W. Bush, The National Strategy to Secure Cyberspace, Feb. 2003, https://www.us-cert.gov/sites/default/files/publications/cyberspace_strategy.pdf. CHAPTER 9: CYBER WARS When General John Abizaid: For more on Abizaid and the Iraq War, see Fred Kaplan, The Insurgents: David Petraeus and the Plot to Change the

/world/the-story-of-operation-orchard-how-israel-destroyed-syria-s-al-kibar-nuclear-reactor-a-658663.html; Richard A. Clarke and Robert A. Knake, Cyber War (New York: HarperCollins, 2010), 1–8; Robin Wright, “N. Koreans Taped at Syrian Reactor,” Washington Post, April 24, 2008; “CIA Footage in Full,” BBC

1, 2010, http://www.economist.com/node/16478792; Andreas Schmidt, “The Estonian Cyberattacks,” in Jason Healey, ed., A Fierce Domain, 174–93; Clarke and Knake, Cyber War, 12–16. On August 1, 2008, Ossetian separatists: U.S. Cyber Consequences Unit, Overview by the US-CCU of the Cyber Campaign Against Georgia in

“The Russo-Georgian War, 2008,” in Healey, ed., A Fierce Domain, 194–204; Government of Georgia, Ministry of Foreign Affairs, Russian Invasion of Georgia: Russian Cyberwar on Georgia (Nov. 10, 2008), http://www.mfa.gov.ge/files/556_10535_798405_Annex87_CyberAttacks.pdf. On March 4, 2007, the Department of Energy

maps of the Natanz reactor were spread across the Situation Room (Sanger, Confront and Conceal, 201). Almost at once: Michael Joseph Gross, “A Declaration of Cyber-War,” Vanity Fair, February 28, 2011. For more details, see Nicholas Falliere, Liam O. Murchu, and Eric Chien, “Symantec Security Response: W32.Stuxnet Dossier,” https://

/blogs/stuxnet-introduces-first-known-rootkit-scada-devices. In September, a German security researcher: Sanger, Confront and Conceal, 205–6; Joseph Gross, “A Declaration of Cyber-War.” At that point, some of the American software sleuths: Zetter, Countdown to Zero Day, 187–89; and interviews. When Obama learned: Ibid., 357. The

Wave of Cyberattacks Against Iran,” New York Times, June 1, 2012. “offensive capabilities in cyber space”: Quoted in Richard A. Clarke and Robert K. Knake, Cyber War (New York: HarperCollins, 2010), 44–47. “cyber-offensive teams”: Zachary Fryer-Biggs, “U.S. Sharpens Tone on Cyber Attacks from China,” DefenseNews, March 18,

and John Markoff, “Cyberattacks Jam Government and Commercial Web Sites in U.S. and South Korea,” New York Times, July 18, 2009; Clarke and Knake, Cyber War, 23–30. A year and a half later: Zetter, Countdown to Zero Day, 276–79. Four months after that: “Nicole Perlroth, “In Cyberattack on

able2know.org/topic/20967-1. Published in April 2010: For examples of criticism, see Ryan Singel, “Richard Clarke’s Cyber War: File Under Fiction,” Wired, April 22, 2010. “Cyber-war, cyber-this”: Jeff Stein, “Book Review: ‘Cyber War’ by Richard Clarke,” Washington Post, May 23, 2010. On August 27: http://www.dni.gov/index.php/intelligence

.org/events/2014/journeys/geoffrey-stone-on-the-nsa; substance of the session comes from that video and interviews. In Cyber War, he’d criticized: Richard A. Clarke and Robert K. Knake, Cyber War (New York: HarperCollins, 2010), passim, esp. 44ff. Stone was no admirer of Snowden: “Is Edward Snowden a Hero? A

Review Group’s prioritizing of, 257–58 Wilhelm’s focus on, 40 cyberspace, 41, 45 as domain of warfare, 6 Cyberspace Policy Review, 199–200 Cyber War (Clarke), 241–42, 243 DarkSeoul, 269 data packets, 5–6, 131, 156, 157–58, 192–93, 194, 248, 249–50 Dayton Accords, 110, 112

by Ellen R. Sasahara Jacket design by Jackie Seow Library of Congress Cataloging-in-Publication Data Kaplan, Fred M. Dark territory : the secret history of cyber war / Fred Kaplan. New York, NY : Simon & Schuster, 2016. | Includes bibliographical references and index. LCSH: Cyberterrorism—Prevention—United States—History. | BISAC: TECHNOLOGY & ENGINEERING / Military Science. |

Cyber War: The Next Threat to National Security and What to Do About It

by Richard A. Clarke and Robert Knake  · 15 Dec 2010  · 282pp  · 92,998 words

the world, brings with it the prospect of highly volatile crises. The force that prevented nuclear war, deterrence, does not work well in cyber war. The entire phenomenon of cyber war is shrouded in such government secrecy that it makes the Cold War look like a time of openness and transparency. The biggest secret

payment on that commitment. I knew that I needed a younger partner to join me in trying to understand the military and technological implications of cyber war well enough to produce this book. Different generations think of cyberspace differently. For me, looking at my sixtieth birthday in 2010, cyberspace is something

shock. Cyber warriors around the world, however, were not surprised. This was how war would be fought in the information age, this was Cyber War. When the term “cyber war” is used in this book, it refers to actions by a nation-state to penetrate another nation’s computers or networks for the purposes

took out entire financial institutions. The second U.S.-Iraq war, and the more recent Israeli attack on Syria, had demonstrated two uses of cyber war. One use of cyber war is to make a conventional (the U.S. military prefers the term “kinetic”) attack easier by disabling the enemy’s defenses. Another use

in Russia, and that the computer code involved had been written on Cyrillic-alphabet keyboards. The Russian government indignantly denied that it was engaged in cyber war against Estonia. It also refused Estonia’s formal diplomatic request for assistance in tracing the attackers, although a standing bilateral agreement required Moscow to cooperate

from unsuspecting Internet users and from volunteers who downloaded hacker software from several anti-Georgia websites. After installing the software, a volunteer could join the cyber war by clicking on a button labeled “Start Flood.” As in the Estonian incident, the Russian government claimed that the cyber attacks were a populist response

self-flagellation over its own intelligence activities. Somewhere in the bureaucracy an American official publicly announced that the U.S. would again be conducting a cyber war exercise known as Cyber Storm to test the defense of computer networks. The 2009 exercise would involve other nations, including Japan and Korea, the one

did not want to reveal their more sophisticated capabilities, yet. What the United States and other nations are capable of doing in a cyber war could devastate a modern nation. Cyber war happens at the speed of light. As the photons of the attack packets stream down fiber-optic cable, the time between the

attacks rapidly go global, as covertly acquired or hacked computers and servers throughout the world are kicked into service. Many nations are quickly drawn in. Cyber war skips the battlefield. Systems that people rely upon, from banks to air defense radars, are accessible from cyberspace and can be quickly taken over or

knocked out without first defeating a country’s traditional defenses. Cyber war has begun. In anticipation of hostilities, nations are already “preparing the battlefield.” They are hacking into each other’s networks and infrastructures, laying in

dangerous new dimension of instability. As later chapters will discuss, there is every reason to believe that most future kinetic wars will be accompanied by cyber war, and that other cyber wars will be conducted as “stand-alone” activities, without explosions, infantry, airpower, and navies. There has not yet, however, been a full-scale

into Strategic Command (STRATCOM), which operates the strategic nuclear forces. STRATCOM, headquartered at a bomber base in Nebraska, was also given the centralized responsibility for cyber war in 2002. The Air Force, however, was set on running the actual war-fighting units. The creation of Air Force Cyber Command and the standing

Pentagon. Some were concerned that the Air Force was talking too openly about something they believed should have been kept secret: the mere existence of cyber war capability. Yet there was the civilian Air Force Secretary (a vestigial post from the time before there was a strong civilian Defense Department) saying publicly

that cyberspace is a “domain” where fighting takes place, a domain that the U.S. must “dominate,” pervades American military thinking on the subject of cyber war. The secret-level National Military Strategy for Cyber Operations (partially declassified as a result of a Freedom of Information Act request) reveals the military’s

statement with a bit of zealotry thrown in. On closer examination, however, the strategy reflects an understanding of some of the key problems created by cyber war. Speaking to the geography of cyberspace, the strategy implicitly acknowledges the sovereignty issue (“the lack of geopolitical boundaries…allows cyberspace operations to occur nearly anywhere

nations from using that capability against us, however, is discussed as “inducing adversary restraint based on demonstrated capabilities.” However, the secrecy surrounding U.S. offensive cyber war weapons means that we have no demonstrated capabilities. By the logic of the U.S. military’s strategy, we therefore cannot induce adversary restraint. The

in order to bend them to one’s will. For a book written a decade ago, it also places a heavy emphasis on cyber war. This possible use of cyber war against a superior force does not mean that China is in fact intent on fighting the U.S., just that its military planners

citizen hacker groups, engaged in extensive cyber espionage, including of U.S. computer software and hardware, taken several steps to defend its own cyberspace, established cyber war military units, and laced U.S. infrastructure with logic bombs. While developing cyber strategy, China also made use of private hackers closely aligned with the

grounded. These are not hypotheticals. Things like this have already happened, sometimes experimentally, sometimes by mistake, and sometimes as a result of cyber crime or cyber war. As Admiral Mike McConnell has noted, “information managed by computer networks—which run our utilities, our transportation, our banking and communications—can be exploited or

that are focused on specific software design or system configuration weaknesses and mistakes. Because computer crime is a big business, and getting ready to conduct cyber war is even well-funded, criminal hackers and cyber warriors are constantly generating new ways to trick systems. These hacker applications are called malware. On average

weapons. The design of the Internet, flaws in software and hardware, and allowing critical machines to be controlled from cyberspace, together, these three things make cyber war possible. But why haven’t we fixed these problems by now? CHAPTER FOUR THE DEFENSE FAILS Thus far we have seen evidence that there have

Pentagon, more vulnerable. These three points are all true and even more relevant today. A prescient Time magazine article from 1995 demonstrates the point that cyber war and domestic vulnerabilities were subjects to which Washington was alerted fifteen years ago. We keep rediscovering this wheel. In the 1995 story, Colonel Mike Tanksley

networks. Oddly, the plan did not address the problem that had started the discussion in the Oval Office, the vulnerability of the financial sector to cyber war. Nonetheless, Bush requested $50 billion over five years for the Comprehensive National Cybersecurity Initiative, which is neither comprehensive nor national. The initiative is an

customers they may coincidentally help the private sector a little, maybe. The government thinks it is the responsibility of individual corporations to defend themselves from cyber war. Government officials will tell you that the private sector wants it that way, wants to keep the government out of their systems. After all,

world, or spot cyber attacks coming from inside its geographical boundaries and stop them? While the United States very likely possesses the most sophisticated offensive cyber war capabilities, that offensive prowess cannot make up for the weaknesses in our defensive position. As former Admiral McConnell has noted, “Because we are the

its score on the dependence ranking. Being a wired nation is generally a good thing, but not when you are measuring its ability to withstand cyber war. OVERALL CYBER WAR STRENGTH Nation: U.S. Cyber Offense: 8 Cyber Dependence: 2 Cyber Defense: 1 Total: 11 Nation: Russia Cyber Offense: 7 Cyber Dependence: 5 Cyber

there is a fine line between prudent preparation to defend oneself and provocative activities that may actually increase the probability of conflict. Thus, crafting a cyber war strategy is not as obvious as simply embracing our newly discovered weapons, as the U.S. military did with nuclear weapons following Hiroshima. It took

discussion in the ensuing chapters demonstrated, at least to me, that as things stand today the United States has gaping new vulnerabilities because others have cyber war capabilities. Indeed, because of its greater dependence on cyber-controlled systems and its inability thus far to create national cyber defenses, the United States is

“eschewed regulation” as a means of reducing cyber vulnerabilities. Little happened. Bush, in the last of his eight years in office, approved an approach to cyber war that largely ignored the privately owned and operated infrastructures. It focused on defending government systems and on creating a military Cyber Command. Obama is implementing

About the Unthinkable (1962) undoubtedly helped to deter nuclear war. Of all the nuclear-strategy concepts, however, deterrence theory is probably the least transferable to cyber war. Indeed, deterrence in cyberspace is likely to have a very different meaning than it did in the works of Kahn and the 1960s strategists. Nuclear

and sent them heading toward their destinations until air defense authorities could clarify the situation and determine for sure if we were under attack. In cyber war, it is possible to imagine accidental attacks developing if somehow the wrong application were used and instead of inserting code that copied data, we mistakenly

There is, however, one further missing ingredient. We have talked a little about the international laws of war and other conventions. What international laws cover cyber war, and what additional multilateral agreements would be in our interest, if any? CHAPTER SEVEN CYBER PEACE The United States, almost single-handedly, is blocking arms

control in cyberspace. Russia, somewhat ironically, is the leading advocate. Given the potential destabilizing nature and disadvantages of cyber war to the U.S., as discussed in the earlier chapters, one might think that by now the United States would have begun negotiating international arms

government with the authority to do the things necessary to meet the obligations in the agreement. Going beyond the current cyber crime convention, however, a cyber war convention could make nations responsible for ensuring that their ISPs deny service to individuals and devices participating in attacks and report them to authorities. Such

chemical weapons ban, and the European security and cooperation agreement. Such teams could be invited in by signatory nations to assist in verifying that a cyber war attack had occurred in violation of the agreement. They could help determine what nation had actually launched the attack. The international staff might also, with

prevent a nation from spoofing the source of an attack or framing another state. They would, however, make it more difficult for some kinds of cyber war attacks, while establishing norms of international behavior, providing international legal cover for nations to assist, and creating an international community of cooperating experts in fighting

responsibility for the prevention of violations originating within a nation’s borders, and an obligation to assist in stopping and investigating attacks. Finally, limits on cyber war attacks against civilian infrastructure would probably mean that we and other states would have to cease any activity in which we may be engaged with

are putting plans and capabilities in place to achieve “dominance in cyberspace” to maintain this country’s security and preserve the peace. In other nations, cyber war units are also preparing. As part of that preparation, cyber warriors are placing trapdoors in civilian networks, placing logic bombs in electric power grids, and

constant fund raising and the lobbying of those who have donated the funds. That situation has two adverse consequences with regard to congressional involvement in cyber war oversight. First, everyone wants his or her own fiefdom. Congress has resisted any suggestion, such as was made by Senator Bob Bennett (Republican of

from the scofflaw sanctuaries. It’s worth a try. 4. CWLT The fourth component of the agenda to address cyber war should be the equivalent of the Strategic Arms Limitation Treaty (SALT) for cyber war, a Cyber War Limitation Treaty, or CWLT (pronounced “see-walt”). The U.S. should coordinate the proposal with its key allies

good internal controls to prevent their own cyber warriors from starting something without proper authorization. 5. CYBERSPACE AT MIDDLE AGE The fifth element of fighting cyber war is research on more secure network designs. The Internet is now forty, entering midlife, yet it has not changed much from its early days.

dusting off of the nuclear war plan with the President. Knowing that there is an annual checkup keeps everybody honest. While he is reviewing the cyber war strategy implementation, the President could annually get a report from our proposed Cyber Defense Administration on its progress in securing government agencies, the Tier 1

rate for that cable and/or router. Launch on Warning: A strategy component that dictates that a nation will initiate conflict—in this case, a cyber war—when intelligence indicators suggest that an opponent has or is about to commence hostile activities. Logic Bomb: A software application or series of instructions that

is headquartered at Fort Meade, Maryland, and is frequently referred to simply as “The Fort.” Obligation to Assist: The proposal that each nation in a cyber war agreement would take on a requirement to help other nations and/or the appropriate international body in investigating and stopping cyber attacks originating from within

Against All Enemies Your Government Failed You FICTION The Scorpion’s Gate Breakpoint Credits Jacket design by Milan Bozic Jacket Image © Feng yu/Shutterstock Copyright CYBER WAR. Copyright © 2010 by Richard A. Clarke and Robert K. Knake. All rights reserved under International and Pan-American Copyright Conventions. By payment of the required

Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers

by Andy Greenberg  · 5 Nov 2019  · 363pp  · 105,039 words

Mahon Cover image © filo/DigitalVision Vectors / Getty Images Library of Congress Cataloging-in-Publication Data Names: Greenberg, Andy, author. Title: Sandworm : a new era of cyberwar and the hunt for the Kremlin’s most dangerous hackers / Andy Greenberg. Description: First edition. | New York : Doubleday, [2019] | Includes bibliographical references. Identifiers: LCCN

plant, all watched helplessly as practically every computer in their networks was infected and wiped by a mysterious piece of malicious code. This is what cyberwar looks like: an invisible force capable of striking out from an unknown origin to sabotage, on a massive scale, the technologies that underpin civilization.

accelerated Iran’s nuclear enrichment centrifuges until they destroyed themselves, the operation demonstrated another preview of what was in store: It showed that tools of cyberwar could reach out beyond the merely digital, into even the most closely guarded and sensitive components of the physical world. But for anyone watching

civilians. A small group of researchers would begin to sound the alarm—largely in vain—that Russia was turning Ukraine into a test lab for cyberwar innovations. They cautioned that those advancements might soon be deployed against the United States, NATO, and a larger world that remained blithely unprepared for

Over the next two years, Sandworm would ramp up its aggression, distinguishing itself as the most dangerous collection of hackers in the world and redefining cyberwar. Finally, on that fateful day in late June 2017, the group would unleash the world-shaking worm known as NotPetya, now considered the most

hitting interlocked, interdependent systems with unpredictable, disastrous consequences. Today, the full scale of the threat Sandworm and its ilk present looms over the future. If cyberwar escalation continues unchecked, the victims of state-sponsored hacking could be on a trajectory for even more virulent and destructive worms. The digital attacks first

an enemy’s economy or critical infrastructure. This book tells the story of Sandworm, the clearest example yet of the rogue actors advancing that cyberwar dystopia. It follows the years-long work of the detectives tracking those hackers—as Sandworm’s fingerprints appeared on one digital disaster scene after another

the hackers’ mission from mere cybercrime to nation-state-level intelligence gathering. Now Hultquist’s idea of the threat was shifting again: beyond cyberspying to cyberwar. “This didn’t look like classic espionage anymore,” Hultquist thought. “We were looking at reconnaissance for attack.” * * * ■ Hultquist had, in some sense, been searching

self-guided tanks, and battlefields covered in the “carcasses of crippled machines.” But in 1993, another landmark paper scrapped that Terminator-style definition and gave cyberwar a far more influential meaning, expressing it in terms of military forces’ potential exploitation of information technology. That article by two analysts from the think

calamitous, surprise cyberattack designed not just to take out military command-and-control communications but to physically devastate American infrastructure. That more apocalyptic vision of cyberwar had been brewing in government and military analysis circles, too. What if, the war wonks had only just begun to wonder, hackers could reach

out from the internet and into the physical systems that underpin civilization? Rand’s think tankers, three years after Arquilla and Ronfeldt’s cyberwar article, had run their own hacker war-game simulations around this exact question in 1996. In that exercise, dramatically titled “The Day After…in

Arquilla and Ronfeldt had described. Instead of merely using a cyberattack to cut the communicative strings of a military’s soldiers and weapons, what if cyberwar meant that hackers themselves would become the soldiers? What if cyberattacks became their weapons, as physically destructive as a bullet or a warhead? This

other layers of modern society’s technological infrastructure depend. “If the power system is at risk,” they wrote, “everything is at risk.” * * * ■ In 1999, cyberwar was, more or less, science fiction. By almost any definition, John Hamre was getting ahead of himself in his foreboding speech. Moonlight Maze wasn’t

victory to be achieved without the need to maximize the destruction of the enemy,” they wrote. “If for no other reason, this potential of cyberwar to lessen war’s cruelty demands its careful study and elaboration.” 12 FLASHBACK: ESTONIA Toomas Hendrik Ilves’s internet was down. Or so it seemed

and direct their digital armies, one that was still in an earlier incarnation but would develop over time into a far more sophisticated tool of cyberwar: BlackEnergy. * * * ■ Russia and Georgia agreed to a cease-fire on August 12, 2008. In the days that followed, Russia’s tanks continued to

, with little regard for the line between military and civilian. “Hackers turning off the power? We weren’t there yet,” says Hultquist. “But whatever cyberwar would become, there’s no doubt, this is where it began.” 14 FLASHBACK: STUXNET In January 2009, just days before Barack Obama would be inaugurated

this: No foreign state gets away with hacking American companies or digitally disrupting U.S. infrastructure. Then came an actual, full-blown act of cyberwar against Ukraine, and all the same diplomats and security officials went silent. Why? Michael Daniel’s immediate train of thought when he first learned of

someone else’s problem. 16 FANCY BEAR Perhaps the Obama administration, given enough time, would have gotten around to calling out Sandworm’s acts of cyberwar and making an example of the attackers with speeches, indictments, or sanctions. But by June 2016, its attention had been entirely hijacked by another

release. Lee was immediately floored by the gravity of what he saw. The code before him crystallized everything he already believed about Sandworm’s escalating cyberwar tactics into a single, concrete piece of programming. “This was the first piece of malware to cause disruption to civilian infrastructure,” he marveled, pointing

the Press. “It will be at the time of our choosing—and under the circumstances that have the greatest impact.” “Why is DirtyGrandpa threating CIA cyberwar with Russia?” the Shadow Brokers responded. “Oldest control trick in book, yes? Waving flag, blaming problems on external sources, not taking responsibility for failures.

systems,” Minister of Infrastructure Omelyan said. That night, the outside world was still debating whether NotPetya was criminal ransomware or a weapon of state-sponsored cyberwar. But ISSP’s Oleksii Yasinsky and Oleh Derevianko had already started referring to it as a new kind of phenomenon: a “massive, coordinated cyber

serial crises, the same grueling recovery—playing out across dozens of other NotPetya victims and countless other industries does the true scale of Russia’s cyberwar crime begin to come into focus. Merck, the $200 billion, New Jersey–based pharmaceutical giant, was hit early on the morning of NotPetya’s

a gathering in Italy, three months before NotPetya’s release. NotPetya provided a tidy answer to Tillerson’s question. Americans ignored Ukraine’s escalating cyberwar in the face of repeated warnings that the attacks there would soon spread to the rest of the world. Then, very suddenly, exactly that

warned of in 1997. Even Thomas Rid, a professor of strategic and military studies at Johns Hopkins who has written skeptically about the potential for cyberwar, criticizing overblown metaphors of “cyberweapons” and an impending “cyber 9/11,” has said that NotPetya finally represented an event that warranted that sort of

his boss, ISSP’s co-founder Oleh Derevianko, quickly launched into their explanation of NotPetya’s purpose with all the usual theories about Ukraine’s cyberwar: intimidation, experimentation, collateral damage. But they added another striking claim: that NotPetya was intended not merely for destruction but also as a cleanup effort.

forensic clues showing that Sandworm was very likely behind NotPetya. Reams of other public reporting showed that the same group was responsible for the escalating cyberwar in Ukraine, including its two blackouts, all signs pointing to the Kremlin’s culpability. The Western world’s apathy as those earlier sabotage operations

election and the 2014 Ukrainian presidential election—the latter under the guise of the hacktivist group CyberBerkut. The notion that Sandworm, the ultimate crosser of cyberwar’s red lines, was part of the same institution responsible for those other reckless, norm-breaking attempts to sabotage democracy seemed to fit. I

. “On all levels, they defined the rules.” That hierarchy meant that the GRU had taken a backseat to the FSB throughout Russia’s inchoate cyberwars in Estonia and Georgia, relegated to traditional intelligence in direct support of the military rather than the exciting new realm of digital offensive operations.*1

a challenge for the West for years to come.” * * * ■ None of this history, though, answered my underlying question: What was Sandworm thinking? What motivates cyberwar without limits, without discrimination between soldier and civilian? One more recent document seemed to offer a keyhole view into the thinking of the Russian military

speech a prescient explanation of the strategy Russia had already used in the earliest months of its Ukrainian invasion. Even before any signs of a cyberwar had come to light, Russia was secreting troops across the border out of uniform, flooding the Ukrainian media with disinformation, and exploiting internal instabilities.

In fact, both Galeotti and Giles emphasized to me that there is no distinction in common Russian vocabulary between “information war” and a concept of “cyberwar” that suggests disruptive or physical consequences of hacking. Both fall under the same term, informatsionnaya voyna. “Whether it’s to change someone’s mind or

consequences. With those four sentences displayed on a page of the White House website, the U.S. government had finally, publicly acknowledged Russia’s cyberwar in Ukraine. That acknowledgment had come nearly three and a half years after the siege had begun and almost eight months after it exploded out

with that rule.” * * * ■ The rebuke to Russia from the White House struck an optimistic note for anyone who hoped to prevent the full-scale cyberwars of the future: Finally, the worst cyberattack in history had earned some sort of response, rather than the sheer impunity that had seemed to shield

turning out the lights,” Hultquist said, his eyes wide with epiphany. “It’s about letting people know you can turn out the lights.” Russia’s cyberwar in Ukraine hadn’t, in fact, resulted in any concrete military wins, Hultquist pointed out. No territorial gains, enemy casualties, or other tactical victories.

its cyberattacks carefully and start a war for the right reasons, against the right country, those red lines would offer no impediment. In that future cyberwar, in other words, the ends would justify the means. * * * ■ On November 9, 2017, Microsoft’s president, Brad Smith, stood before a crowd at the

counterterrorism adviser to three presidents whose 2010 book Cyber War had advocated a “Cyber War Limitation Treaty.” Clarke’s imagined treaty would ban “first-use” cyberattacks on critical infrastructure, and even forbid planting sabotage malware on targets like power grids, railroads, and financial institutions. The cyberwar doves’ position boiled down to Rob Lee’s

pacifism. In 2017, Trump announced he would elevate the authority of the Pentagon’s Cyber Command and then the next year quietly increased that cyberwar force’s mandate to preemptively attack foreign targets if it believed they were planning to strike the United States. Three months later, Trump reversed

digital Geneva Convention remains a nice dream. In the meantime, the American government looks more likely to follow the most reflexive, primitive response to a cyberwar arms race: escalation. 41 BLACK START On a wet day in early November 2018, a power utility engineer named Stan McHann was walking along

Ibid., 252. As president, Yanukovich proved himself: Ibid., 253–57. On one street near the Maidan: Glib Pakharenko, “Cyber Operations at Maidan: A Firsthand Account,” Cyber War in Perspective: Russian Aggression Against Ukraine, May 24, 2014, ccdcoe.org/. Many Ukrainians believe the Berkut: Plokhy, Gates of Europe, 340. The death toll: Reid

Downed MH17,” Radio Free Europe/Radio Liberty, May 24, 2018, www.rferl.org/. “The anti-people junta is trying”: Margaret Coker and Paul Sonne, “Ukraine: Cyberwar’s Hottest Front,” Wall Street Journal, Nov. 9, 2015, www.wsj.com. (The CyberBerkut hackers would be revealed): Andy Greenberg, “Russian Hackers Are Using ‘

Ibid. At the end of that second evening: Ibid., 331. “those motherfuckers in intelligence”: Kaplan, Dark Territory, 87. “The Department of Defense has been at cyberwar”: Rid, Rise of the Machines, 333. It described flying drones: Ibid., 301. (The exclamation point): “Interview with John Arquilla,” Frontline, interview conducted on March

4, 2003, www.pbs.org. “It means disrupting if not destroying”: John Arquilla and David Ronfeldt, “Cyberwar Is Coming!,” in In Athena’s Camp: Preparing for Conflict in the Information Age (Santa Monica, Calif.: Rand, 1997), www.rand.org/. Hamre had said

to Sandworm Hacking Group for Global Ransomware Attack,” Cyberscoop, June 30, 2017, www.cyberscoop.com. CHAPTER 18 POLIGON “This expensive light flicking”: The Grugq, “Cyberwar via Cyberwar During War,” Risky Business, March 6, 2017, www.risky.biz. CHAPTER 19 INDUSTROYER/CRASH OVERRIDE ESET named the malware Industroyer: Anton Cherepanov, “Win32/Industroyer:

to the United Nations,” Official Microsoft Blog, Nov. 9, 2017, blogs.microsoft.com, archived at bit.ly/2t0Ft3c. Clarke’s imagined treaty: Clarke and Knake, Cyber War (New York: HarperCollins, 2010), 242. In 2017, Trump announced: David Sanger, “Pentagon Puts Cyberwarriors on the Offensive, Increasing the Risk of Conflict,” New York

), June 30, 2017, www.welivesecurity.com, archived at bit.ly/2UEDQEo. BIBLIOGRAPHY Applebaum, Anne. Red Famine. New York: Doubleday, 2017. Clarke, Richard, and Robert Knake. Cyber War. New York: HarperCollins, 2010. Hart, John Limond. The CIA’s Russians. Annapolis, Md.: Naval Institute Press, 2003. Herbert, Frank. Dune. Annotated reprint, New York:

This Is How They Tell Me the World Ends: The Cyberweapons Arms Race

by Nicole Perlroth  · 9 Feb 2021  · 651pp  · 186,130 words

went to Ukraine to survey the ruins for myself. Russia’s attacks on Ukraine’s power grid thrust the world into a new chapter of cyberwar. But even those 2015 attacks did not compare to what happened when Russia got ahold of the NSA’s best-kept hacking tools two years

systems, and now all its mom-and-pop operators could do was half cry, half laugh at the role they had played in nation-state cyberwar. I spoke with the head of Ukraine’s cyber police force and with any Ukrainian minister who would have me. I visited with American diplomats

.S. intelligence history. If Snowden leaked the PowerPoint bullet points, the Shadow Brokers handed our enemies the actual bullets: the code. The biggest secret in cyberwar—the one our adversaries now know all too well—is that the same nation that maintains the greatest offensive cyber advantage on earth is also

to spread, what really troubled Watters wasn’t the effect the market would have on iDefense; it was the increasing potential for an all-out cyberwar. “It’s like having cyber nukes in an unregulated market that can be bought and sold anywhere in the world without discretion,” he told me

for espionage—and destruction. CHAPTER 7 The Godfather Las Vegas, Nevada “That was our big wake-up call,” James R. Gosler, the godfather of American cyberwar, told me one afternoon in late 2015. “We were lucky beyond belief to discover we were being had. Or we would still be using those

nearly every single one of the men who guided the CIA and NSA through the turn of the century to name the father of American cyberwar, and none hesitated: “Jim Gosler.” And yet in hacker circles Gosler remains an unknown. Even the thousands of hackers who flock to Vegas every year

taken the seat facing the entrance—the best position for survival. Over the course of our conversations throughout 2016 and 2019, the father of American cyberwar began to piece together his career and, through it, the United States’ own evolution as the world’s most skilled exploiter in the digital realm

, James P. Anderson—would set the U.S. government’s cybersecurity research agenda for the next decades, and lay the groundwork for the United States’ cyberwar operations. The Anderson Report concluded that computers provided would-be attackers with a “unique opportunity for attempting to subvert” their systems and access their underlying

could never tell her exactly what he had been doing while he was away. This was May 2001. By the time the godfather of American cyberwar walked out to the parking lot, got in his Jeep, and drove away, American intelligence agencies were siphoning unprecedented amounts of data from more than

warn that Huawei’s equipment is riddled with Chinese backdoors. Chinese intelligence could use that access to intercept high-level communications, vacuum up intelligence, wage cyberwar, or shut down critical services in times of national emergency. That all may very well have been true. But it is also certainly true in

’s server farms every day. Many others were sleeper cells, dormant until called upon for a rainy day or some future shutdown—or all-out cyberwar. In the post–9/11 urgency to capture and analyze as much data as humanly possible, leaked classified documents and my interviews with intelligence officials

spies. But in 2009, without any debate at all, in the cordoned-off copper walls of Fort Meade, the United States set new rules for cyberwar. Starting that year, it was not only acceptable to implant code in a foreign nation’s critical infrastructure; now the United States made it perfectly

from damaging these computers, it was a wake-up call for every chief information officer in America; they were collateral damage in an escalating global cyberwar. “I don’t think the U.S. government even realized how far it spread,” a senior official at Chevron told reporters. “I think the downside

exploit—would remain in the agency’s stockpile and be used to spy on American enemies or degrade their systems in the case of a cyberwar. Michael Hayden, the former NSA chief who ran the agency until 2005, addressed NOBUS this way: “You look at a vulnerability through a different lens

United States government was still its biggest customer. That year, having ironically spawned the zero-day market and launched the world into the era of cyberwar, Keith Alexander, Stuxnet’s architect, was asked what kept him up at night. “My greatest worry,” Alexander told a reporter, was the growing likelihood of

had been converted into a thermal bath and spa. It was an oddly Zen setting in which to be triaging the very beginnings of a cyberwar. That morning, Marquis-Boire picked up where the Mountain View intern had left off, following the blip as it ping-ponged across Google’s network

“shameless.” Among them was Chris Soghoian, a die-hard privacy activist, who compared Bekrar to a “modern-day merchant of death” selling “the bullets for cyberwar.” “Vupen doesn’t know how their exploits are used, and they probably don’t want to know. As long as the check clears,” Soghoian told

in plain sight. Nobody at Microsoft discovered it until four years later. Well-respected security researchers started floating conspiracy theories that Microsoft was complicit in cyberwar, or that there was a CIA or NSA mole inside Redmond. By 2011 the number of bug reports Microsoft was getting directly from hackers—which

airlines like Lufthansa, to engage hackers to neuter the bugs that threatened to turn cell towers, banks, cars, and airplanes into weapons for surveillance and cyberwar. By 2016 the company had even managed to sign on the most unlikely player of all: the Pentagon. Frankly, it was a lot to take

with protecting America’s critical infrastructure, and there was an unmistakable urgency in their voices. The attacks marked the beginnings of a new era in cyberwar. It started with phishing campaigns against employees at American oil and gas firms. But over the course of just a few months, the attacks expanded

our choosing—and under circumstances that have the greatest impact.” The Shadow Brokers didn’t like that very much. “Why is DirtyGrandpa threating [sic] CIA cyberwar with Russia?” they tweeted. “Oldest control trick in book, yes? Waving flag, blaming problems on external sources, not taking responsibility for failures. But neverminding, hacking

was closing. Scores of new nation-states were moving into this invisible battlespace. The United States had, for two decades, been laying the groundwork for cyberwar, and it was now American businesses, infrastructure, and civilians who were bearing the brunt of its escalation and collective inaction. And yet, instead of a

. The vulnerabilities are ours, too. We just have more of them A few months before the November election, I called up the godfather of American cyberwar himself. I’d caught Jim Gosler at his home in the Nevada desert. He was taking apart slot machines, searching, as ever, for new vulnerabilities

to be a cloistered monk on a mountain in Africa to not be concerned about cyber vulnerabilities.” With that, I left the godfather of American cyberwar to his slot machines. I wondered how many new attacks I’d missed in the span of our short phone call. I longed to swap

over me as I described the zero-days that formed the entry points in Stuxnet. Fred Kaplan’s book, Dark Territory: The Secret History of Cyber War (Simon & Schuster, 2016), also provided useful context. I found myself frequently citing Joe Menn at Reuters, whose cybersecurity coverage is first rate. Chris Bing and

lawsuits against insurers who applied a common, but rarely invoked, war exemption in their insurance contracts. Andy Greenberg’s work Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers (Doubleday, 2019), which was excerpted in Wired, cited Tom Bossert, Trump’s former Homeland Security

chronicler of all—James Bamford—and his June 12, 2013, Wired article, “NSA Snooping Was Only the Beginning: Meet the Spy Chief Leading Us into Cyberwar.” Details of TAO’s earlier attempt to sabotage al-Qaeda’s communication networks appear in David Sanger’s Confront and Conceal and Fred Kaplan’s

hands was sourced from James Bamford’s June 2013 piece for Wired, “NSA Snooping Was Only the Beginning. Meet the Spy Chief Leading Us into Cyberwar.” CHAPTER 11: THE KURD This chapter owes a huge debt of gratitude to Sinan Eren, now with the mobile security firm Fyde, for sharing his

. Two months later, Luigi Auriemma and Donato Ferrante told Reuters’ Joseph Menn: “We don’t sell weapons, we sell information” in “Special Report: U.S. Cyberwar Strategy Stokes Fear of Blowback.” It should be noted that the debate regarding zero-day disclosure is hardly unique to cybersecurity. Scientists have long sparred

,” Vice, April 18, 2016; Joseph Cox, “The FBI Spent $775K on Hacking Team’s Spy Tools Since 2011,” Wired, July 6, 2015; and Mattathias Schwartz, “Cyberwar for Sale,” New York Times, January 4, 2017. An excellent analysis of the zero-day market based on Hacking Team’s leaks was conducted by

of an Iranian nuclear facility.” Later researchers changed their tune. The real goal wasn’t intellectual property theft; these attacks were the planning stages for cyberwar. For an account of Russia’s calls for an international cyberweapons ban, see Andrew E. Kramer and Nicole Perlroth, “Expert Issues a

Cyberwar Warning,” New York Times, June 3, 2012. For Russian anxieties about cyber escalation, see Timothy Thomas, “Three Faces of the Cyber Dragon: Cyber Peace Activist,

for the Times. But by far, the most comprehensive account of Hultquist’s Sandworm discovery is written by Andy Greenberg: Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers, and articles by Kim Zetter, “Russian Sandworm Hack Has Been Spying on Foreign Governments for

’t help that the company has long been dogged by allegations it is a Russian front. See Andrew Kramer and Nicole Perlroth, “Expert Issues a Cyberwar Warning,” New York Times, June 4, 2012. For Jake Williams’s blog post on the Shadow Brokers’ leaks see “Corporate Business Impact of Newest Shadow

=EMG4ZukkClw. For Richard Clarke’s earlier proposal that countries agree not to conduct cyberattacks on civilian infrastructure, see Richard A. Clarke and Robert K. Knake, Cyber War: The Next Threat to National Security and What to Do about It (HarperCollins, 2010). For a chronicle of Russian cyberattacks on America’s grid, and

items, license to export, here Cyber Shatner, here cyber talent pool, here, here, here, here, here, here cyber threat alert systems, here cyber treaty, here cyberwar, here, here, here, here cyberweapons, here, here cyberweapons ban, here cyberweapons market, here, here, here cyberweapons merchants, here cyberweapons of mass destruction, here, here, here

iPhones prices of, here unlocking, the FBI and, here, here Iran. See also Natanz nuclear plant (Iran), U.S.-Israeli attack on cyber army, here cyberwar, threat of, here infrastructure, U.S. attacks on, here ransomware attacks, here Suleimani assassination, retaliation for, here U.S. cyberattacks on, retaliation for, here Iran

capabilities, global advantage, here Cyber Command, here, here, here, here, here cyber defense capabilities, here cybersecurity, path to, here cyberspying via U.S. companies, here cyberwar operations, here cyberweapons arsenal, here data breaches, growth in, here defense and intelligence spending, here digital vulnerability, addressing, here election interference, here moral authority, here

Cybersecurity: What Everyone Needs to Know

by P. W. Singer and Allan Friedman  · 3 Jan 2014  · 587pp  · 117,894 words

Until I read this astonishing and important book, I didn’t know how much I didn’t know about the hidden world of cybersecurity and cyberwar. Singer and Friedman make comprehensible an impossibly complex subject, and expose the frightening truth of just how vulnerable we are. Understanding these often-invisible

first step toward defending ourselves against them. This is an essential read.” —Howard Gordon, Executive Producer of 24 and co-creator of Homeland CYBERSECURITY AND CYBERWAR WHAT EVERYONE NEEDS TO KNOW® P. W. SINGER AND ALLAN FRIEDMAN Oxford University Press is a department of the University of Oxford. It furthers

Cybersecurity Headed Next? What Do I Really Need to Know in the End? ACKNOWLEDGMENTS NOTES GLOSSARY INDEX INTRODUCTION Why Write a Book about Cybersecurity and Cyberwar? “All this cyber stuff.” The setting was a Washington, DC, conference room. The speaker was a senior leader of the US Department of Defense.

issues affect literally everyone: politicians wrestling with everything from cybercrime to online freedom; generals protecting the nation from new forms of attack, while planning new cyberwars; business executives defending firms from once unimaginable threats, and looking to make money off of them; lawyers and ethicists building new frameworks for right

Studies. “The standard is ambiguous. Deciding when something is an act of war is not automatic. It’s always a judgment.” What Might a “Cyberwar” Actually Look Like? Computer Network Operations Like so many stories in the world of cybersecurity, Operation Orchard began with simple human carelessness. In 2006, a

, well over 90 percent of the casualties in the last decades of war have been civilians. Unfortunately, one can expect the same dynamic in cyberwar. The more conventional type of civilian targeting in computer network operations would attack civilian networks and operators viewed as directly or indirectly supporting the military

nowhere near the destruction visited by explosive-filled bombs and incendiaries upon Dresden or the permanent irradiation of Hiroshima. Second, the weapons and operations in cyberwar will be far less predictable than traditional means, leading to greater suspicion of them among military commanders. For instance, the blast radius of a

while others proved woefully wrong, like the prediction that airplanes would render all other forms of war obsolete. The same is likely to happen with cyberwar. It will prove to be fantastically game-changing, introducing real-world capabilities and operations that once seemed science fiction. But even in a world with

about the inherently seductive nature of cyber offense and the impact it might have on the military. As one report put it, offensive concepts like “cyber war, software exploit, digital catastrophe and shadowy cyber warriors” are much more glamorous than the defensive, like “security engineering, proper coding, protecting supply chains.” Yet

hands but also a plate-glass window. Perhaps because of this, there are things we can agree on.” What about Deterrence in an Era of Cyberwar? “Cyber offense may provide the means to respond in-kind. The protected conventional capability should provide credible and observable kinetic effects globally. Forces supporting

cyberthreats but that traditional strengths are proving cyber vulnerabilities. As director of national intelligence from 2007 to 2009, Mike McConnell oversaw a surge of US cyberwar capabilities, funded by tens of billions of dollars, that culminated in the development of weapons like Stuxnet. But instead of feeling more confident about

or China. McAfee, a Santa Clara, California, computer security firm, for instance, estimates that there are only around twenty countries that actually have “advanced cyberwar programs” that could build something comparable to a new Stuxnet-like weapon. Michael Nacht, the former US Assistant Secretary of Defense for Global Strategic Affairs

race, but also will shape the future of the Internet itself. Behind the Scenes: Is There a Cyber-Industrial Complex? “Unlike most wars, the Cyber War will have no end, as the Internet along with the continued globalization of industries central to the development of a middle class, will create new

Or, as we were told in the conference invitation, they are seizing the “wealth of opportunity” that awaits in “the migration from traditional ‘warfare’ to “cyber war.” The first strategy has been to expand their own internal cyber operations. Companies like Lockheed Martin and Boeing may be better known for making jet

the issues involved, will continue to evolve, including beyond the Roadrunner-like tour you have taken in this book through the world of cybersecurity and cyberwar. New technologies will emerge, and new social, business, criminal, and warfare models for using them will be developed that will create transformational change. While

parents for many things, but especially for buying those first clunky computers so many years ago. NOTES INTRODUCTION WHY WRITE A BOOK ABOUT CYBERSECURITY AND CYBERWAR? convinced us to write this book Cyber Terrain Conference, Spy Museum, Washington, DC, May 18, 2011. 30 trillion individual web pages Google, “How Search

/dg_digitalassets/@dg/@en/documents/digitalasset/dg_191639.pdf, accessed July 31, 2013. a time of “cyber anxiety” George R. Lucas, Jr., “Permissible Preventive Cyberwar: Restricting Cyber Conflict to Justified Military Targets,” presentation at the Society of Philosophy and Technology Conference, University of North Texas, May 28, 2011. “single greatest

. “clusters and constellations of data” William Gibson, Neuromancer (New York: Berkley Publishing Group, 1984), p. 128. humble beginnings Scott W. Beidleman, “Defining and Deterring Cyber War,” strategy research project, US Army War College, 2009, p. 9. light from the sun Ibid. “embedded processors and controllers” Ibid., p. 10. the infrastructure that

/asia/2011/11/11/importance-of-microblogs-in-china-shown-as-weibos-pass-550-million-users/. “supervisory control and data acquisition” Beidleman, “Defining and Deterring Cyber War,” p. 6. “the control system of our economy” Ibid., p. 1. “knowingly or not, it is life” Ben Hammersley, “Speech to the UK’s

Service, February 4, 2013. HOW DO WE KEEP THE BAD GUYS OUT? THE BASICS OF COMPUTER DEFENSE 110 million different species Pat Calhoun, “The Next Cyber War Is Already in Progress: Security Expert,” Hacking America (blog), CNBC, February 27, 2013, http://www.cnbc.com/id/100501836. 0.34 percent of signatures

Police,” Reuters, March 3, 2010, http://www.reuters.com/article/2010/03/03/us-crime-hackers-idUSTRE6214ST20100303. deniable, but directed, attack Jeff Carr, “Russia/Georgia Cyber War—Findings and Analysis,” Project Grey Goose, October 17, 2008, http://www.scribd.com/doc/6967393/Project-Grey-Goose-Phase-I-Report. “Attacks can be ‘crowd

Rouse, “Cyberterrorism,” Search Security, May 2010, http://searchsecurity.techtarget.com/definition/cyberterrorism, accessed August 11, 2013. simulated catastrophic failure Scott W. Beidleman, “Defining and Deterring Cyber War,” strategy research project, US Army War College, 2009, p. 6. Guantánamo Bay Ibid., p. 7. “as much clarity as cybersecurity” Cyber Terrain Conference, Spy

www.wired.com/dangerroom/2011/02/pentagon-deputy-what-if-al-qaeda-got-stuxnet/. “Glen Canyon and Hoover Dams” George R. Lucas, Jr., “Permissible Preventive Cyberwar: Restricting Cyber Conflict to Justified Military Targets,” presentation at the Society of Philosophy and Technology Conference, University of North Texas, May 28, 2011. “cyber-

?oid=5787547. “Nazism and liberalism” Ibid. Russian intelligence Carr, Inside Cyber Warfare, p. 3. “Cyber-space is everywhere” Ian Traynor, “Russia Accused of Unleashing Cyberwar to Disable Estonia,” Guardian, May 16, 2007, http://www.guardian.co.uk/world/2007/may/17/topstories3.russia. hacker magazine Xaker Khatuna Mshvidobadze, “Is Russia

of China to Conduct Cyber Warfare and Computer Network Exploitation.” 200,000 members Ibid. FOCUS: WHAT WAS STUXNET? “indiscriminate and destructive” Lucas, “Permissible Preventive Cyberwar.” A study of the spread of Stuxnet was undertaken by a number of international computer security firms, including Symantec Corporation. Their report, “W32.Stuxnet Dossier

.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf, accessed August 11, 2013. lingering in the wild forever Lucas, “Permissible Preventive Cyberwar.” replacing the broken centrifuges Mark Clayton, “How Stuxnet Cyber Weapon Targeted Iran Nuclear Plant,” Christian Science Monitor, November 16, 2010, http://www.csmonitor.com

“How Stuxnet Cyber Weapon Targeted Iran Nuclear Plant.” says Leslie Harris “The FP Survey,” p. 116. “civilian personnel and infrastructure” Neil C. Rowe, “Ethics of Cyber War Attacks,” in Cyber Warfare and Cyber Terrorism, edited by Lech J. Janczewski and Andrew M. Colarik (Hershey, PA: Information Science Reference, 2008), p. 109. “984

.int/cps/en/natolive/official_texts_17120.htm, accessed August 11, 2013. honoring Russian soldiers Beidleman, “Defining and Deterring Cyber War,” p. 4. NATO was obliged to defend “Estonia Hit by ‘Moscow Cyber War,’” BBC News, May 17, 2007, ttp://news.bbc.co.uk/2/hi/europe/6665145.stm. short film about the

Journal, May 31, 2011, http://online.wsj.com/article/SB10001424052702304563104576355623135782718.html?mod=WSJ_hp_LEFTTopStories. equivalent to the use of guns Beidleman, “Defining and Deterring Cyber War,” p. 13. “more like a cyber riot” Shaun Waterman, “Analysis: Who Cyber Smacked Estonia?” United Press International, March 11, 2009. directness and measurability Owens,

Cyberwar and Cyber Warfare,” in America’s Cyber Future: Security and Prosperity in the Information Age, vol. 2, edited by Kristin M. Lord and Travis Shard (Washington, DC: Center for a New American Security, June 2011), p. 59. “It’s always a judgment” Jennifer Martinez, “DOD Could Use Force in Cyber War,”

Politico, July 15, 2011, http://www.politico.com/news/stories/0711/59035.html. WHAT MIGHT A “CYBERWAR” ACTUALLY LOOK LIKE? COMPUTER NETWORK OPERATIONS confirm the Israeli suspicions Erich Follath and Holger Stark, “How Israel

http://spectrum.ieee.org/semiconductors/design/the-hunt-for-the-kill-switch/0. Solar Sunrise Beidleman, “Defining and Deterring Cyber War,” p. 3. enemy’s use of cyberspace Noah Shachtman, “Darpa Looks to Make Cyberwar Routine with Secret ‘Plan X,’” Danger Room (blog), Wired, August 21, 2012, http://www.wired.com/dangerroom/2012

May 23, 2011). new can of worms Fontaine and Rogers, “Internet Freedom and Its Discontents,” p. 155. FOCUS: WHAT IS THE US MILITARY APPROACH TO CYBERWAR? once sophisticated code US CERT, “Vulnerability Note VU#836068,” December 31, 2008, http://www.kb.cert.org/vuls/id/836068. “double-hatted” Zachary Fryer-Biggs

. Nye, Jr., “Nuclear Lessons for Cyber Security?” Strategic Studies Quarterly 5, no. 4 (Winter 2011): p. 26. FOCUS: WHAT IS THE CHINESE APPROACH TO CYBERWAR? “most threatening actor in cyberspace” Tony Capaccio, “China Most Threatening Cyberspace Force, U.S. Panel Says,” Bloomberg, November 5, 2012, http://www.bloomberg.com/news

/RFP/2012/USCC%20Report_Chinese_CapabilitiesforComputer_NetworkOperationsandCyberEspionage.pdf. “China has big stones” Menn, “Agreement on Cybersecurity ‘Badly Needed.’” WHAT ABOUT DETERRENCE IN AN ERA OF CYBERWAR? “deterrence ladder” Department of Defense, “Resilient Military Systems and the Advanced Cyber Threat,” Defense Science Board task force report, Washington, DC, January 2013, http

01/16/world/middleeast/16stuxnet.html? pagewanted=all&_r=0. “smaller dogs bite” Nye, “Power and National Security in Cyberspace,” p. 14. escalation dominance Mahnken, “Cyberwar and Cyber Warfare,” p. 61. WHO HAS THE ADVANTAGE, THE OFFENSE OR THE DEFENSE? “military law in 1913” Barbara W. Tuchman, August 1914 (London:

, “10 Ways to Prevent Cyberconflict,” Christian Science Monitor, March 7, 2011, http://www.csmonitor.com/USA/Military/2011/0307/10-ways-to-prevent-cyberconflict/Start-cyberwar-limitation-talks. “it doesn’t scare you” Andrea Shalal-Esa, “Ex-U.S. General Urges Frank Talk on Cyber Weapons,” Reuters, November 6, 2011,

The New Digital Age (New York: Knopf, 2013), p. 110. “rare oasis” Andersen, “Cyber Security,” pp. 30–32. Professor Peter Sommer Susan Watts, “Proposal for Cyber War Rules of Engagement,” BBC News, last modified February 3, 2011, http://news.bbc.co.uk/2/hi/programmes/newsnight/9386445.stm. “wealth of opportunity” Invitation

, “10 Ways to Prevent Cyberconflict,” Christian Science Monitor, March 7, 2011, http://www.csmonitor.com/USA/Military/2011/0307/10-ways-to-prevent-cyberconflict/Start-cyberwar-limitation-talks. “mitigate such attacks” Rattray and Healey, “Non-state Actors and Cyber Conflict,” p. 79. See also Andy Purdy and Nick Hopkinson, “Online

://wwi.lib.byu.edu/index.php/The_Hague_Rules_of_Air_Warfare, accessed January 2013. “regulation of air warfare” Scott W. Beidleman, “Defining and Deterring Cyber War,” strategy research project, US Army War College, January 6, 2009, p. 21. “what constitutes normal behaviour” Joseph Menn, “Agreement on Cybersecurity ‘Badly Needed,’” Financial

Times, October 12, 2011. American West Beidleman, “Defining and Deterring Cyber War,” p. 21. “unofficially the answer is no” Menn, “Agreement on Cybersecurity ‘Badly Needed.’” vulnerable civilian infrastructure Ibid. “an entire domain” Ronald Deibert, “Tracking the Emerging

report-cyber-europe-2010-cyber-security-exercise. under poor assumptions Nick Hopkins, “US and China Engage in Cyber War Games,” Guardian, April 16, 2012, http://www.guardian.co.uk/technology/2012/apr/16/us-china-cyber-war-games. Stewart Baker highlighted “Classified Memo Toughens Cyber-Threat Portrayals in DOD Exercises,” Inside the Pentagon,

” Cyber Terrain conference, Spy Museum, Washington, DC, May 18, 2011. 85 percent of targeted intrusions Ian Wallace, “Why the US Is Not in a Cyber War,” Daily Beast, March 10, 2013, http://www.thedailybeast.com/articles/2013/03/10/why-the-u-s-is-not-in-a

-cyber-war.html. risks in the realm Schroeder, “The Unprecedented Economic Risks of Network Insecurity,” p. 174. “security wasn’t important” Steven Bucci, “Looking Forward,” remarks

Fancy Bear Goes Phishing: The Dark History of the Information Age, in Five Extraordinary Hacks

by Scott J. Shapiro  · 523pp  · 154,042 words

to stop it. Researching and writing The Internationalists sparked a host of questions about the future of war—the next phase that experts were calling cyberwar. Does cyberwar mark a departure from traditional warfare, or are they both war, just with different weapons? Would the rules of law established by ancient battles

and refined over the centuries of land and naval combat make sense for the new world of cyberwarfare? Are the experts right in declaring cyberwar to be the single biggest threat to our safety? Given my extensive technical background in computer science, I figured it wouldn’t take me long

, unintelligible, and impossibly abstract. But I was becoming increasingly aware that I wouldn’t be able to do my day job, which was to study cyberwar, if I didn’t get up to speed. To adapt Leon Trotsky’s famous line about war, you may not be interested in hacking, but

wasn’t just me. I’ve been shocked by how many people, experts included, have told me they haven’t the faintest idea about what cyberwar, cybercrime, and cyber-espionage really are. Decades into the internet age, my students are all digital natives who have spent a large portion of their

’s hard to make a living hacking medical devices or sex toys from halfway around the world. The topic that inspired my fascination with hacking—cyberwar—is especially prone to hype. For decades, threat analysts and Hollywood movies have been warning about a so-called Digital Pearl Harbor or Cyber 9

power grid and killing thousands in the process. In the words of the New York Times writer David Sanger, a cyberweapon is the “perfect weapon.” Cyberwar is inevitable, the experts warn us. We cannot stop it; we can only try to prepare. But, fortunately, the truth is less dramatic. Computer exploits

interest in hyping cyberthreats. Authors sell books, journalists earn clicks, firms hawk their wares, consultants peddle their services, and government officials cover their asses. Sensational cyberwar scenarios attract eyeballs and make thrilling entertainment. Horror stories of technology turning on its creators and running amok have been a staple of modern literature

in the media. In November 2015, for example, The Wall Street Journal covered the shutdown of Ukraine’s power grid by Russia with the headline “Cyberwar’s Hottest Front.” The notoriety of Ukrainian hacks would have led Clinton staffers to attribute high likelihood to the alleged attack originating in Ukraine. Of

Soviet air defense systems and then map their capabilities. If nation-states were responsible, their raids would be illegal aggression. They would be starting a cyberwar. Schneier was not alone in noticing the uptick in DDoS attacks. From April through June of 2016, Akamai, one of the largest DDoS mitigation providers

2.0 cover-up scheme. Were the pessimists right after all? Could WikiLeaks be covering again for the Russians, who were preparing to launch a cyberwar? Attacking the University Registrar First-year college students are understandably frustrated when they can’t get into popular upper-level electives. But they usually just

every hack of one state by another is legal according to international law. We will later discuss cyber-conflict—or, as it is often called, cyberwar. In these cases, states don’t merely seek and collect information about matters of national security. They degrade their rivals’ systems to change facts on

, the SolarWinds hack lasted approximately nine months. Economic Espionage If we classified cyberattacks by downcode, we would miss crucial distinctions between cyber-espionage, cybercrime, and cyberwar. Whether Cozy Bear used a buffer overflow or phishing to access the SolarWinds update server is irrelevant to how the United States and others should

the NSA. But in the future, they might. All will depend on what upcode the U.S. government develops and what the electorate permits. C. CYBERWAR A gag running through this book has been about mistaken identity: people routinely suspect nation-states of committing cyberattacks when it turns out to be

teenage boys. While these mistaken-identity stories make clear that panicked, doomsday rhetoric about cyberwar is getting current events wrong, it is hard to derive much comfort from that. After all, that three teenage boys can take down the internet

the doomsayers’ contentions right: a determined nation-state can use the internet to unleash massive devastation. In 2010, Richard Clarke published a bestselling book entitled Cyber War, in which he warned about the impending dangers. He described a cyber blitzkrieg where hackers overtake the Pentagon’s network, destroy refineries and chemical plants

all air travel, unplug the electrical grid, throw the global banking system into crisis, and kill thousands immediately. How easy would this be? “A sophisticated cyberwar attack by one of several nation-states could do that today, in fifteen minutes,” Clarke answered. How concerned should we be about

cyberwar? Was Clarke right about the threat? And what might we do to reduce the risk of the digital Armageddon he describes? What Is Cyberwar? Let’s recall our earlier distinction between cyber-enabled and cyber- dependent crime and

apply it to cyberwar. In cyber-enabled war, states use computers as part of traditional warfare. Digital networks control artillery

country. After the Fancy Bear hacks of 2016, CISA included the election system as part of critical infrastructure. When people speak about the possibility of “cyberwar,” they usually mean cyber-dependent war. After all, modern military conflict is thoroughly cyber-enabled. Cyber-dependent war, by contrast, doesn’t use computers to

of the cyber-infrastructure is not impossible. The more popular the software in use, the more likely infiltration will cause widespread damage. The possibility of cyberwar does not, however, depend purely on downcode. It depends on upcode as well. As we will now see, the upcode of conflict suggests that devastating

. He halted the transfer, though $81 million had already disappeared. After the United States attacked Iran’s nuclear facility with Stuxnet, Iran built up its cyberwar capabilities. But its response was retaliatory, not strategic. From 2011 to 2013, Iranian cyberwarfare units DDoS-ed banks in the United States, such as Bank

at odds with how the weak have historically resisted the strong. Kinetic Effects Though the risk is not substantial, the costs of a full-fledged cyberwar would be devastating. Even scenarios less than doomsday would be costly. How might we protect ourselves from this threat? Are there any legal solutions? Let

help reduce the risk of cyber-dependent war? The answer is, unfortunately, complicated. The prohibition on war can help reduce the risks of cyberwar only if it applies to cyberwar, and, in many cases, it does not. Most international lawyers maintain that cyberattacks are illegal under the United Nations Charter when they

and engage in standard espionage? Or did its release of hacked information transform its behavior from normal statecraft into an act of war? Upcode for Cyberwar Cyberweapons are special not because computers are able to do now what bombs have always been able to do. Rather, they are novel because they

, 2022, https://www.cnn.com/2022/02/02/cars/tesla-teen-hack/index.html. Cyber 9/11: See, e.g., John Arquilla and David Ronfeldt, “Cyberwar Is Coming!,” Comparative Strategy 12, no. 2 (Spring 1993): 141–65. Richard Clarke coined the term Digital Pearl Harbor: see “Seven Questions: Richard Clarke on

); Conficker, in Mark Bowden, Worm: The First Digital World War (New York: Grove Press, 2012); Dark Energy, in Andy Greenberg, Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers (New York: Doubleday, 2019). 1. The Great Worm “There is not one”: John Markoff, “‘Virus

,” November 2, 2017, https://apnews.com/3bca5267d4544508bb523fa0db462cb2/Hit-list-exposes-Russian-hacking-beyond-US-elections. The Wall Street Journal: Margaret Coker and Paul Sonne, “Ukraine: Cyberwar’s Hottest Front,” The Wall Street Journal, November 9, 2015. natural disasters and infectious diseases: Phil Muncaster, “#COVID19 Drives Phishing Emails Up 667% in Under

hacks was called Moonlight Maze. Newsweek staff, “We Are in the Middle of a Cyberwar,” Newsweek, September 19, 1999, https://www.newsweek.com/were-middle-cyerwar-166196. See also Fred Kaplan, Dark Territory: The Secret History of Cyber War (New York: Simon and Schuster, 2016), 78–88; Juan Andres Guerrero-Saade et al

-up-their-own-hack. “That’s how a blown operation”: thaddeus t. grugq, “The Russian Way of Cyberwar: Information, Disinformation and Influence,” Medium, January 10, 2017, https://medium.com/@thegrugq/the-russian-way-of-cyberwar-edb9d52b4876. anomalies quickly emerged: Some analysts initially suspected that these anomalies were intentional feints. See, e.g

Learning Center, accessed February 24, 2021, www.cloudflare.com/learning/ddos/what-is-a-ddos-attack. for three weeks: Ian Traynor, “Russia Accused of Unleashing Cyberwar to Disable Estonia,” The Guardian, May 16, 2007, https://www.theguardian.com/world/2007/may/17/topstories3.russia. same basic technique: Episode 13, “The Blueprint

U.S. Cyberattack, but Researchers Skeptical,” Politico, October 21, 2016, https://www.politico.com/story/2016/10/websites-down-possible-cyber-attack-230145. launch a cyberwar?: White House spokesperson responded, “I know the Department of Homeland Security … is monitoring this situation, and they’ll take a close look at it”: Eric

statistics: 50 USC §1873. Richard Clarke published: Richard Clarke and Robert Knake, Cyber War (New York: Ecco, 2010), 67. For a contrary view, see Thomas Rid, “Cyber War Will Not Take Place,” Journal of Strategic Studies 35 (2012): 1. apply it to cyberwar: On the history of cyber-conflict, see Healey, A Fierce Domain; Fred

Kaplan, Dark Territory: The Secret History of Cyber War (New York: Simon and Schuster, 2016); Ben Buchanan, The Hacker and the State: Cyber Attacks and the New

.com/news/security/hackers-say-they-encrypted-belarusian-railway-servers-in-protest/. Russia employed cyberattacks: Thomas Rid, “Why You Haven’t Heard About the Secret Cyberwar in Ukraine,” The New York Times, March 18, 2022; Matt Burgess, “A Mysterious Satellite Hack Has Victims Far Beyond Ukraine,” Wired, March 23, 2022, https

of; reinfection rate of; SENDMAIL attack by; Sudduth warning email about Mosaic browser movies and television: artificial intelligence portrayal; Citizenfour (movie); cybersecurity early portrayals in; cyberwar themes in; The Imitation Game; The Matrix; Mr. Robot; supercomputer fear trope in; Terminator; on Turing; 2001: A Space Odyssey; WarGames impact and Mr. Robot

Rise of the Machines: A Cybernetic History

by Thomas Rid  · 27 Jun 2016  · 509pp  · 132,327 words

that rise means for our security and our liberty. And they all slapped the prefix “cyber” in front of something else, as in “cyberspace” or “cyberwar,” to make it sound more techy, more edgy, more timely, more compelling—and sometimes more ironic. I didn’t have a good answer for them

sky with diamonds.”85 The authors didn’t use the phrase “sovereign individual” as mere slogan. “One bizarre genius” could achieve the same impact in cyberwar as a nation-state, they argued confidently. The Pentagon was no more powerful than some teenage whiz kid. Technology had truly leveled the playing field

key, tactical flexibility was key, and airpower was key. It was in the context of AirLand Battle and precision-guided munitions that the notion of “cyberwar” emerged. AirLand Battle, again, sounded more exciting in Omni. In January 1987, the magazine published a landmark text on the future of war. Giant robots

good machines.”15 The author again wrote in the confident style of a magazine that knew the future already: soon robotic warriors would clash in cyberwars. Flying robots would stay aloft for days, scanning terrain, eavesdropping on radio chatter, and feeding data to analysts “safely ensconced in a bunker 100 miles

the near future, however, the armed forces would “combine the best of both humans and machines.”17 That future was indeed near. The first such cyberwar happened less than four years later. The 1986 version of Field Manual 100-5 codified the doctrine that the US Army took to the Iraqi

in a long article on defense planning in September 1992.19 “The leading military concept of the new era might be called ‘cyberwar,’” the Bulletin observed. In this new cyberwar, “robots do much of the killing and destroying without direct instructions from human operators.” These weapons would be “autonomous,” in one of

the phrases then preferred by weapon designers. An example was the navy’s Tomahawk cruise missile. Cyberwar meant crewless tanks, cruise missiles that behave like kamikaze robots, head-to-toe battle gear with microclimate control and hazard protection for the infantry, as

satellites.”20 Some thought this characterization was too simple. The following year, two Rand Corporation analysts—John Arquilla and David Ronfeldt—published an influential paper, “Cyberwar Is Coming!” Autonomous weapons weren’t enough, they argued. The respected think-tank veterans injected a fresh and controversial idea into the Washington defense establishment

troops. Rand suggested that attacking communication systems could overwhelm the enemy; the two analysts advocated messing with the enemy’s mind, not its military machinery. “Cyberwar,” the authors wrote, “means trying to know everything about an adversary while keeping the adversary from knowing much about oneself.”21 Computers and information technology

it is fighting, and which threats to counter first. Information was now becoming as valuable as capital and labor had been in the industrial age. Cyberwar was a knowledge competition. Rand understood that information was power—not power in some other plane, but in the here and now. At times of

, unsuccessfully, an entire set of neologisms inspired by Wiener’s writings.23 Cybernetics, as Arquilla and Ronfeldt saw it, captured how information bestowed organizational prowess: Cyberwar is about organization as much as technology. It implies new man-machine interfaces that amplify man’s capabilities, not a separation of man and machine

.”25 To stress their critique of this narrow technology-centric view, the Rand authors pointed out that advanced information technology wasn’t even necessary for cyberwar: their analysis was inspired by the Mongols of the thirteenth century, who had superior knowledge of the battlefield. Even the examples from the recent Persian

Garner, head of the US Army’s Space and Strategic Defense Command, told Time magazine in the summer of 1995 for a cover story on “cyberwar.”28 Information technology would revolutionize the battlefield. “This is America’s gift to warfare,” boasted Admiral William Owens,29 then the vice chairman of the

for the war game. The internet had become a virtual battlefield for autonomous bodiless robots made just out of software. In the Rand-simulated crisis, cyberwar was truly coming: hackers caused a catastrophic flow malfunction at the largest refinery in Saudi Arabia; crashed a high-speed train in Maryland, killing sixty

American cities into a power blackout. Hamre even briefed President Bill Clinton, telling him that the breaches could be the opening shots of an authentic cyberwar.62 But then the FBI caught up with the intruders. The hackers, it turned out, were three harmless teenagers: two sixteen-year-old Americans, with

disappear without a trace. The obscure intrusions came at a fortunate moment. After the eye-opening Eligible Receiver exercise, the Pentagon leadership was primed for cyberwar. William Cohen, then the secretary of defense, decided that a new organization was needed. The military came up with an unwieldy name, the Joint Task

alarmed by what they heard. “We are at war right now,” Hamre told them in a closed seventy-five-minute session. “We are in a cyberwar.”93 “Without compromising the investigation, what is going on?” one of the elected politicians demanded to know.94 Curt Weldon, a congressman from Pennsylvania, felt

—with the Washington Monument as a grim reminder that the pile of stolen documents was still growing. Over at the Pentagon, senior officials understood that cyberwar was here. The official ribbon-cutting ceremony at JTF-CND happened after the Moscow trip, on August 11, 1999, after the unit had moved into

over an abstract grid that looked a bit like a globe in low resolution against a blue background. “The Department of Defense has been at cyberwar for the last half year,” Hamre said, referring to Moonlight Maze, which in fact started around two-and-a-half years earlier. He was standing

just for geeks. It’s for warriors now.”107 By August 1999, the Department of Defense was so concerned about being paralyzed by the coming cyberwar that it took a drastic step: the Pentagon’s computer security gurus ordered all of its employees, civilian and military, en masse, to change their

prime threat. The machines, it seemed, had turned against their American creators. “Instead of using cruise missiles and bombs, as NATO did in Serbia, in cyberwar you use cyberattack, but they could have the same effect,” Clarke told Steve Kroft, the host of 60 Minutes, CBS’s flagship news program. It

heavy steel doors at Cheyenne Mountain closing slowly, like a force of nature. “These steel doors can withstand a 30-megaton blast, but in a cyberwar they won’t protect the military’s computers,” a reporter bragged.115 CBS disclosed that even the Pentagon’s inner sanctum, the nation’s most

Lakewood public library was just a ninety-minute drive north of Cheyenne Mountain. “I think what’s going on right now throughout the world is cyberwar reconnaissance,” Clarke said, confident of his analysis. Several countries were scanning each other’s networks, probing for vulnerabilities, trying to find things to knock out

9/10. They expected to fight that day, in cyberspace. But it turned out differently. “We’ve spent all these years getting ready for ultimate cyberwar, and the little fuckers fly airplanes into buildings,” Sachs recalled, incredulous.117 Meanwhile, the cybernetic myth retained its fervid force and would soon grow even

. Moonlight Maze was the first known state-on-state cyber attack in history, literally monumental in scale, and it was duly portrayed as the first “cyberwar” and as the long-awaited electronic Pearl Harbor, back in 1998 and early 1999. The pioneering Russian campaign would indeed accurately foreshadow the future of

their controls and communications. Meanwhile, the cybernetic myth is still at work: promising and again exaggerating the fall. The dystopian fears of mass surveillance and cyberwar have the same historical ancestor. This cybernetic pattern—promise, rise, and fall—is one sweeping but coherent motion that can be understood only by taking

, with Jaron Lanier’s cyberspace in the early 1990s, with Timothy May’s crypto anarchy in the late 1990s, and, indeed, with John Hamre’s cyberwar around the same time. First a free cyberspace arrived; then it was a vision of the future again. One day the Pentagon was at

cyberwar; the next day, cyberwar had not happened yet. Another pattern is an extraordinary appetite for new terms. New myths need new words, pointed out Roland Barthes, an influential

, and officials. The prefix “cyber-” has proved perennially attractive for the past seventy years, from cybernation to cyborgs, from cyberculture to cyberspace, from cyberpunk to cyberwar. Timothy Leary was an unrivaled master in the jazzy art of cybernetic wordsmithing, and surely the psychedelic guru would have a fabulous time with Pentagon

the business venture failed. By September 2001, Lackey operated a cypherpunk remailer from the air defense platform. Owen Davies’s article “Robotic Warriors Clash in Cyberwars,” published in Omni magazine in January 1987, was illustrated with this painting by Paul Lehr. Businessman, author, and organizer Winn Schwartau coined the phrase “electronic

of the new security threats. This photo of an aviator’s night vision system illustrated a 1992 Bulletin of the Atomic Scientists article that predicted “cyberwar,” described as war fought through “robots” and autonomous weapons. Deputy Secretary of Defense John Hamre, announcing on August 11, 1999, the creation of the Pentagon

its own hardware. What remained were lines of code—a revolution so radical, some believed, that new rules would apply “in cyberspace.” See Thomas Rid, Cyber War Will Not Take Place (Oxford: Oxford University Press, 2013). 3.Henry Arnold, “If War Comes Again,” New York Times, November 18, 1945, 39. 4.Quoted

, especially notes. 14.US Army, Field Manual 100-5 (Washington, DC: Headquarters of the Army, 1982), 8-5. 15.Owen Davies, “Robotic Warriors Clash in Cyberwars,” Omni 9, no. 4 (January 1987). 16.Ibid., 76. 17.Ibid., 78. 18.Henry G. Gole, General William E. DePuy (Lexington: University Press of Kentucky

), 297. 19.Eric H. Arnett, “Hyperwar,” Bulletin of the Atomic Scientists 48, no. 7 (September 1992): 15. 20.Ibid. 21.John Arquilla and David Ronfeldt, “Cyberwar Is Coming!” Comparative Strategy 12, no. 2 (1993): 146. 22.Ibid., 162. 23.See David Ronfeldt, “Cyberocracy Is Coming,” Information Society 8 (1991): 243n1. 24

.Arquilla and Ronfeldt, “Cyberwar Is Coming!” 147. 25.John Arquilla and David Ronfeldt, In Athena’s Camp (Santa Monica, CA: Rand, 1997), 155. 26.Arquilla and Ronfeldt

, “Cyberwar Is Coming!” 152. 27.Quoted in Douglas Waller and Mark Thompson, “Onward Cyber Soldiers,” Time 146, no. 8 (August 21, 1995): 38–45. 28.Ibid.

Computer Forensic Media Analysis,” File no. 288-CI-68562, October 6, 1998. 93.John Donnelly and Vince Crawley, “Hamre to Hill: ‘We’re in a Cyberwar,’” Defense Week, March 1, 1999, 1. 94.FBI, “RE: (U) ‘MOONLIGHT MAZE,’” 5. 95.Ibid., 8. 96.Donnelly and Crawley, “Hamre to Hill,” 1. 97

, “Hamre ‘Cuts’ Op Center Ribbon, Thanks Cyberwarriors,” American Forces Press Service, August 24, 1999. 108.Gregory L. Vistica, “We’re in the Middle of a Cyberwar,” Newsweek, September 20, 1999, 52. 109.Critical Information Infrastructure Protection: The Threat is Real, Hearing before the Subcommittee on Technology, Terrorism, and Government Information of

, and Hughes. Photo: Larry Dyer, WIRED Magazine. Ryan Lackey. Photo: Kim Gilmour. HavenCo platform at Roughs Tower. Photo: Kim Gilmour. HavenCo servers. Photo: Kim Gilmour. Cyberwars illustration by Paul Lehr. Published in Omni magazine in January 1987. “Electronic Pearl Harbor” illustration by Harry Whitver. Courtesy of Winn Schwartau, Interpact Inc., 1989

–30, 136–38 cybernetic frontier, 181, 194 cybernetic myths, xiii–xvi anthropomorphizing of machines, 342–44 cultural impact of, 157–58 cyberspace and, 345–47 cyberwar and, 305–6 cyborgs and, 344–45 fall of the machines, 340–52 rise of the machines, 110–11 technology’s outperforming of, 349 three

inspiration for title, 46 second edition of, 119–20 and Whole Earth Catalog, 169 “Cybernetic War” (Post), 294–98 cybernetic warfare, 306–7; See also cyberwar cyberpunk, 209–12, 246, 297, 298 cybersecurity, global market for, x cybersex, 235–37 cyberspace Austin conference (1990), 231–35 John Perry Barlow and, 224

–27 Communications Decency Act, 244–45 cybernetic myths, 345–47 Cyberthon, 240–43 cyberwar, 304–5 “Declaration of the Independence of Cyberspace,” 244–45 Habitat game, 228–30 and hackers, 237–40 and military research, 196–206 Operation Sundevil

(Digital Equipment Corporation), 181–82, 191 “Declaration of the Independence of Cyberspace” (Barlow), 244–45 Defense, US Department of cryptography, 252–53 cyber attacks, 309 cyberwar, 297 cyborg research, 133–34 DARPA, 111 helmet-mounted sights, 203 Moonlight Maze, 320, 321, 323, 327, 333 SAGE, 97 Defense Advanced Research Projects Agency

electromagnets, 54 Electronic Frontier Foundation (EFF), 240, 264, 276 “electronic Pearl Harbor,” 307–8, 310–11, 329, 333, 339 elevation, 22 elevators, 48 Eligible Receiver (cyberwar exercise), 311–14, 322 Ellis, James, 249 e-mail, 255 e-mail attachments, 312 e-mail lists, 263–65 Emirnet, 315 emotions, myths’ appeal to

., 100, 131 key, 248 key distribution, 248 key escrow, 274, 275 Khrushchev, Nikita, 110 King, Martin Luther, 107 Kline, Nathan, 123–27 knights, 141 knowledge, cyberwar and, 303 Kocian, Dean, 202–3, 205 Koenig, Walter, 249 Kraus, Jürgen, 149–50 Kroft, Steve, 335–36 Kyl, John, 334 labor, cyborgs and, 153

, 270 virtual reality (VR), 220–21 and Cyberthon, 240–43 Jaron Lanier and, 212–19 VCASS, 198–206 virtual space in 1980s, 195–96 and cyberwar, 304–5 and military research, 196–206 in science fiction, 206–8 viruses, 115, 150; See also computer viruses visually coupled airborne systems simulator (VCASS

specific wars automation of, 73–82, 96 computer simulation of, 71–72 control and communication during World War II, 8–42 cybernetic myths, 346–47 cyberwar, 294–339 cyborg research, 128–40 Eligible Receiver exercise, 311–14 Moonlight Maze, 316–39 Solar Sunrise, 314–15 Watergate, 254 Wavy Gravy (Hugh Romney

Click Here to Kill Everybody: Security and Survival in a Hyper-Connected World

by Bruce Schneier  · 3 Sep 2018  · 448pp  · 117,325 words

Internet, and how we can hide who we are. In Chapter 4, I explain the political and economic forces that favor insecurity: surveillance capitalism, cybercrime, cyberwar—and the more invasive corporate and government practices that feed off insecurity. Finally, in Chapter 5, I describe why the risks are increasing, and how

soon, and will continue to be one of the driving forces behind nations’ Internet+ security policies. CYBERWAR IS THE NEW NORMAL Some say cyberwar is coming. Some say cyberwar is here. Some say cyberwar is everywhere. In truth, “cyberwar” is a term that everyone uses, that no one agrees on, and that has no agreed

in this chapter—have become more important. Other countries seem to agree. This is why some people are saying that we’re already involved in cyberwar. There are cyberattacks that will be considered acts of war. And the US has stated that any response to such attacks won’t necessarily be

the Internet’s inherent insecurities. But if everyone does that, the world becomes less stable and the Internet becomes even less secure. This is the cyberwar arms race that nations find themselves in right now. Western democracies are both the most vulnerable countries on the planet and the most unprepared for

Zero Day for high priority intelligence collection, following senior, interagency review involving all appropriate departments. The reason these arguments aren’t obviously convincing is the cyberwar arms race I talked about in Chapter 4. If we give up our own offensive capabilities in order to make the Internet safer, that would

make sense from a technological perspective—the Internet+ is the common aspect—but it makes no sense from a policy perspective. Cyberbullying, cybercrime, cyberterrorism, and cyberwar are not the same, and they’re different from cyberespionage and surveillance capitalism. Some threats are properly countered by the police, and some by the

, miscalculation, or misinterpretation are already high. Authorized hacking back would add to the mess, and we don’t want some company to accidentally start a cyberwar. Third, hacking back is ripe for abuse. Any organization could go after a competitor by staging an attack against its own servers, or by planting

and, if anything, it is even more true today. A DEMILITARIZED INTERNET In Chapter 4, I wrote that we’re in the middle of a cyberwar arms race. Arms races are always expensive. They’re fueled by ignorance and fear: ignorance of our enemies’ capabilities, and fear that theirs are greater

to discover them themselves or buy them from others, there will be vulnerabilities that don’t get patched. Second, it increases the chances of a cyberwar. Weapons beg to be used, and the more weapons there are in the world, the greater the risk they might be used. The inherent perishability

comparable to other business and national security risks. Working together through polycentric partnerships, and with the leadership of engaged individuals and institutions, we can stop cyber war before it starts by laying the groundwork for a positive cyber peace that respects human rights, spreads Internet access, and strengthens governance mechanisms by fostering

.defense.gov/transcripts/transcript.aspx?transcriptid=5136. 53Other US government officials: Andy Greenberg (8 Apr 2010), “Security guru Richard Clarke talks cyberwar,” Forbes, http://www.forbes.com/2010/04/08/cyberwar-obama-korea-technology-security-clarke.html. 53“It’s amazing the amount of lawyers”: Kim Zetter (29 Jan 2016), “NSA hacker

-springs-to-action-over-hate-speech-against-migrants/2016/01/06/6031218e-b315-11e5-8abc-d09392edc612_story.html. 68Some say cyberwar is coming: Richard Clarke and Robert K. Knake (Apr 2010), Cyber War: The Next Threat to National Security and What to Do about It, Harper Collins, https://books.google.com/books?id

=rNRlR4RGkecC. 68Some say cyberwar is here: David E. Sanger (2018), The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age, Crown

, https://books.google.com/books?id=htc7DwAAQBAJ. 68Some say cyberwar is everywhere: Fred Kaplan (2016), Dark Territory: The Secret History of Cyber War, Simon & Schuster, https://books.google.com

/books?id=q1AJCgAAQBAJ. 68In truth, “cyberwar” is a term: Probably the best consensus definition is in the Tallinn Manual. NATO

the battlefield,” New Yorker, https://www.newyorker.com/magazine/2008/07/07/preparing-the-battlefield. 69It’s not just the stronger powers: Kertu Ruus (2008), “Cyber war I: Estonia attacked from Russia,” European Affairs 9, no. 1–2, http://www.europeaninstitute.org/index.php/component/content/article?id=67

:cyber-war-i-estonia-attacked-from-russia. 69Iran attacked Las Vegas’s Sands Hotel: Benjamin Elgin and Michael Riley (12 Dec 2014), “Now at the Sands Casino:

-saudi-oil-firm-disquiets-us.html. 71when North Korea used WannaCry: David E. Sanger and William J. Broad (4 Mar 2017), “Trump inherits a secret cyberwar against North Korean missiles,” New York Times, https://www.nytimes.com/2017/03/04/world/asia/north-korea-missile-program-sabotage.html. 71In 2012, a

/private/articles/18.1_Healey.pdf. 72Here again, the operations had: David E. Sanger and William J. Broad (4 Mar 2017), “Trump inherits a secret cyberwar against North Korean missiles,” New York Times, https://www.nytimes.com/2017/03/04/world/asia/north-korea-missile-program-sabotage.html. 72Cyberweapons were used

. 116They gained access to the pipeline’s control system: Dan Goodin (10 Dec 2014), “Hack said to cause fiery pipeline blast could rewrite history of cyberwar,” Ars Technica, https://arstechnica.com/information-technology/2014/12/hack-said-to-cause-fiery-pipeline-blast-could-rewrite-history-of

-cyberwar. 116In 2013, we learned that the NSA had hacked: Simon Romero (9 Sep 2013), “N.S.A. spied on Brazilian oil company, report says,” New

cyber resilience, 211–12 cybersecurity, see Internet+ security Cybersecurity Improvement Act (2017), 180, 208 Cyber Shield Act (2017), 136 cyberstalking, 76 Cyber Threat Alliance, 177 cyberwar, 68–74 arms race in, 73, 116, 212–14 attribution in, 72 autonomous weapons in, 86 cyberespionage vs., 72 cyber mercenaries in, 70 limited response

, use of term, 116 security of, 116–18 Inglis, Chris, 28 innovation, 155 insecurity, 56–77 cost of, 126 criminals’ benefit from, 74–77 and cyberwar, 68–74 insurance industry, 132–33 integrity, attacks on, 78–82 intellectual property theft, 66, 72–73, 75 interconnections, vulnerabilities in, 28–30, 90 International

Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon

by Kim Zetter  · 11 Nov 2014  · 492pp  · 153,565 words

rdist.root.org/2011/01/17/stuxnet-is-embarrassing-not-amazing/#comment-6451. 7 James P. Farwell and Rafal Rohozinski, “Stuxnet and the Future of Cyber War,” Survival 53, no. 1 (2011): 25. 8 One method for doing this, as Nate Lawson points out in his blog post, is to take detailed

thought it might have been the result of sabotage on par with the Aurora attack. 62 Author interview, August 2012. 63 Ibid. 64 60 Minutes, “Cyber War: Sabotaging the System,” original air date November 6, 2009, CBS. CHAPTER 10 PRECISION WEAPON Ralph Langner sat in his Hamburg office and watched as his

. “We can expect that something will blow up soon,” he wrote in his post. “Something big.” He signed off with a singular warning: “Welcome to cyberwar.” Accompanying the post was a picture of the three “Stuxnet busters” snapped in front of a whiteboard in their office, Langner dressed in a crisp

in fact a match for Stuxnet, not Bushehr. 11 Dan Williams, “Wary of Naked Force, Israelis Eye Cyberwar on Iran,” July 7, 2009, available at reuters.com/article/2009/07/07/us-israel-iran-cyberwar-analysis-idUSTRES663EC20090707. 12 The WikiLeaks post can be seen at mirror.wikileaks.info/wiki/Serious_nuclear_accident

wait for reality to catch up. It finally did in the ’90s, around the same time the term “cyberwar” was coined in a seminal 1993 RAND article titled “Cyberwar Is Coming!”: “We anticipate that cyberwar may be to the 21st century what blitzkrieg was to the 20th century,” John Arquilla and his coauthor

were trying to gain a battlefield advantage. Deputy Defense Secretary John Hamre, in fact, thought the attacks “might be the first shots of a genuine cyber war, perhaps by Iraq.”8 It was a real-life War Games moment that underscored the difficulty of distinguishing a nation-state attack from teenagers testing

just silently take notes, and we may never ever know [if they developed an exploit for] it,” he said. * * * 1 John Arquilla and David Ronfeldt, “Cyberwar Is Coming!” published by RAND in 1993 and reprinted as chapter 2 in Arquilla and Ronfeldt’s book In Athena’s Camp: Preparing for Conflict

in the Information Age (RAND, 1997). 2 He was speaking to PBS Frontline in 2003 for its show “CyberWar!” Interview available at pbs.org/wgbh/pages/frontline/shows/cyberwar/interviews/arquilla.html. 3 The operation was thwarted by a system administrator named Cliff Stoll, who stumbled upon the intrusion while

pages dealing with computer network attacks are heavily redacted. The document is available at http://information-retrieval.info/docs/DoD-IO.html. 24 Arquilla Frontline “CyberWar!” interview. A Washington Post story indicates that attacks on computers controlling air-defense systems in Kosovo were launched from electronic-jamming aircraft rather than over

Markoff and H. Sanker, “Halted ’03 Iraq Plan Illustrates US Fear of Cyberwar Risk,” New York Times, August 1, 2009. According to Richard Clarke, it was the secretary of treasury who vetoed it. See Richard Clarke and Robert Knake, Cyber War: The Next Threat to National Security and What to Do About It

Group conference in 2011. The conference is sponsored by the Department of Homeland Security. 39 Author interview, November 2011. 40 Joseph Menn, “Special Report: US Cyberwar Strategy Stokes Fear of Blowback,” Reuters, May 10, 2013, available at reuters.com/article/2013/05/10/us-usa-cyberweapons-specialreport-idUSBRE9490EL20130510. 41 See chapter

.com/news/2013-06-14/u-s-agencies-said-to-swap-data-with-thousands-of-firms.html. 46 Tom Gjelten, “Stuxnet Raises ‘Blowback’ Risk in Cyberwar,” Morning Edition, NPR, November 2, 2011, available at npr.org/2011/11/02/141908180/stuxnet-raises-blowback-risk-in

-cyberwar. 47 Author interview, 2012. CHAPTER 13 DIGITAL WARHEADS Liam O’Murchu was growing tired and bored. He’d been sitting at his desk for two

. As Mike McConnell, the former director of national intelligence, told a US Senate committee in 2011, “If the nation went to war today, in a cyberwar, we would lose. We’re the most vulnerable. We’re the most connected. We have the most to lose.”12 The targets most in danger

a 2007 blackout in Espirito Santo that left 3 million people without power was caused by hackers. (See “Cyber War: Sabotaging the System,” 60 Minutes, November 6, 2009, available at cbsnews.com/news/cyber-war-sabotaging-the-system-06-11-2009.) Others have claimed Donahue was referring to a 2005 outage in Brazil instead

Cyberattacks Against Iran,” New York Times, June 1, 2012. 3 “Iran’s Supreme Leader Tells Students to Prepare for Cyber War,” Russia Today, February 13, 2014, available at rt.com/news/iran-israel-cyber-war-899. 4 Ellen Nakashima, “Pentagon to Boost Cybersecurity Force,” Washington Post, January 27, 2013. 5 Ellen Nakashima, “With Plan

a long time to achieve its aim, for example. But it will work for other weapons that do their damage quickly. 11 Marcus Ranum, “Parsing Cyberwar—Part 4: The Best Defense Is a Good Defense,” published on his Fabius Maximus blog, August 20, 2012, available at fabiusmaximus.com/2012/08/20

/41929. 12 Grant Gross, “Security Expert: US Would Lose Cyberwar,” IDG News Service, February 23, 2010, available at computerworld.com/s/article/9161278/Security_expert_U.S._would_lose

_cyberwar. 13 Though Siemens control systems aren’t as widely used in the United States as they are in other parts of the world, the control

, 2014, available at upi.com/Business_News?Security-industry/2014/01/31/Israel-combats-cyberattacks-biggest-revolution-in-warfare/UPI-24501391198261/. 21 Marcus Ranum, “Parsing Cyberwar—Part 3: Synergies and Interference,” published on his Fabius Maximus blog, August 13, 2012, available at fabiusmaximus.com/2012/08/13/41567. 22 Thomas Rid

, “Think Again: Cyberwar” Foreign Policy, March/April 2012. 23 Author interview with Andy Pennington, November 2011. 24 James A. Lewis, “Cyberwar Thresholds and Effects,” IEEE Security and Privacy (September 2011): 23–29. 25 Rid, “Think Again

: Cyberwar.” 26 This and other quotes from Healey come from author interview, October 2013. 27 Julian Barnes, “Pentagon Digs In

on Cyberwar Front,” Wall Street Journal, July 6, 2012. 28 James A. Lewis in testimony before the Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies, March 16,

at homeland.house.gov/sites/homeland.house.gov/files/Testimony%20Lewis.pdf. 29 James A. Lewis, “Thresholds for Cyberwar,” Center for Strategic and International Studies, September 2010, available at csis-org/publication/thresholds-cyberwar. 30 Ibid. 31 W. Earl Boebert, “A Survey of Challenges in Attribution,” Proceedings of a Workshop on Deterring

by Pentagon to Streamline Computer Warfare,” Washington Post, May 31, 2011. 50 Lolita Baldor, “Pentagon Gets Cyberwar Guidelines,” Associated Press, June 22, 2011, available at usatoday30.usatoday.com/news/military/2011-06-22-pentagon-cyber-war_n.htm. 51 Glenn Greenwald and Ewen MacAskill, “Obama Orders US to Draw Up Overseas Target List

airports of sovereign states and the blockade of government institutions and newspaper websites?” (See Thomas Rid, “Think Again: Cyberwar,” Foreign Policy, February 27, 2012, available at foreignpolicy.com/articles/2012/02/27/cyberwar.) The question is a valid one that has not been adequately resolved. If blocking commercial shipments can be an

The Road to Unfreedom: Russia, Europe, America

by Timothy Snyder  · 2 Apr 2018

weeks in a major cyberattack. Although the event was confusing at the time, it was later understood to be the first salvo in a Russian cyberwar against Europe and the United States. In August 2008, Russia invaded its neighbor Georgia and occupied some of its territories. The conventional assault was accompanied

by cyberwar: the president of Georgia lost control of his website, Georgian news agencies were hacked, and much of the country’s internet traffic was blocked. Russia

defense. They also carried out a second and far more sophisticated attack on the Ukrainian power grid, bringing down a transmission station in Kyiv. This cyberwar made no headlines in the West at the time, but it represented the future of warfare. Beginning in late 2014, Russia penetrated the email network

National. How were opinion leaders of the Left seduced by Vladimir Putin, the global leader of the extreme Right? Russia generated tropes targeted at what cyberwar professionals call “susceptibilities”: what people seem likely to believe given their utterances and behavior. It was possible to claim that Ukraine was a Jewish construction

: undoing a succession principle in Russia, assaulting integration in Europe, invading Ukraine to stop the creation of new political forms. His grandest campaign was a cyberwar to destroy the United States of America. For reasons having to do with American inequality, Russian oligarchy won an extraordinary victory in 2016. Because it

“Donald Trump, successful businessman,” are about inducing the enemy to direct his own strengths against his own weaknesses. America was crushed by Russia in the cyberwar of 2016 because the relationship between technology and life had changed in a way that gave an advantage to the Russian practitioners of active measures

, whose very existence generated facts that could be harmful or confusing to Russians. By that logic, preemptive cyberwar against Europe and America was justified as soon as it was technically feasible. By 2016, Russian cyberwar had been underway for nearly a decade, though it was largely ignored in American discussions. A Russian

Central Election Commission. Ukrainian officials caught the hack at the last moment. In other realms, Ukrainians were not so lucky. The most terrifying possibility of cyberwar is what the professionals call “cyber-to-physical”: an action taken at a keyboard to change computer code has consequences in the three-dimensional world

2016, these two forms of attack were brought together: an attack on a presidential election, this time as cyber-to-physical. The aim of Russian cyberwar was to bring Trump to the Oval Office through what seemed to be normal procedures. Trump did not need to understand this, any more than

society.” The Russian FSB and Russian military intelligence (the GRU), both active in Ukraine, would also both take part in the cyberwar against the United States. The dedicated Russian cyberwar center known as the Internet Research Agency manipulated European and American opinion about Russia’s war in Ukraine. In June 2015, when

the United States. In June 2017, after Russia’s victory, Putin spoke for himself, saying that he had never denied that Russian volunteers had made cyberwar against the United States. This was the precise formulation he had used to describe the Russian invasion of Ukraine: that he had never denied that

there were volunteers. Putin was admitting, with a wink, that Russia had defeated the United States in a cyberwar. American exceptionalism proved to be an enormous American vulnerability. The Russian ground offensive in Ukraine proved to be more difficult than the concurrent

cyberwar against Europeans and Americans. Even as Ukraine defended itself, European and American writers conveyed Russian propaganda. Unlike Ukrainians, Americans were unaccustomed to the idea that

by Russian propaganda. But few noticed that the next attack was under way, or anticipated that their country could lose control over reality. * * * — In a cyberwar, an “attack surface” is the set of points in a computer program that allow hackers access. If the target of a

cyberwar is not a computer program but a society, then the attack surface is something broader: software that allows the attacker contact with the mind of

at the moment when the campaign was meant to coalesce. According to American authorities then and since, this hack was an element of a Russian cyberwar. The Trump campaign, however, supported Russia’s effort. Trump publicly requested that Moscow find and release more emails from Hillary Clinton. Trump’s son Donald

presidential campaign was ever so closely bound to a foreign power. The connections were perfectly clear from the open sources. One success of Russia’s cyberwar was that the seductiveness of the secret and the trivial drew Americans away from the obvious and the important: that the sovereignty of the United

be relieved. Were America the shining beacon of democracy that its citizens sometimes imagine, its institutions would have been far less vulnerable to Russia’s cyberwar. From Moscow’s perspective, America’s constitutional structure created tempting vulnerabilities. Because of the evident flaws in American democracy and the American rule of law

, that in an American oligarchy Americans could only be safe if they elected their own oligarch: himself. In fact, Trump was a creature of Russian cyberwar who never demonstrated that he had any money. But his argument from oligarchy was plausible in a political atmosphere where American voters came to believe

the desperation of denial and then the complicity of inaction. That September, McConnell listened to the heads of American intelligence agencies report on the Russian cyberwar, but expressed his doubts as to their veracity. It is unknown what the heads of intelligence said, but it is unlikely to be very different

Clinton, and harm her electability and potential presidency.” McConnell let it be known that Republicans would treat the defense of the United States from Russian cyberwar as an effort to help Hillary Clinton. At that point, Russia had been at work in the United States for more than a year. After

more the Russians assumed that the enemy was working in secret. And so Russia fought the war against the Ukrainian army as an information and cyberwar against the European Union and the United States. EPILOGUE (20—) To experience its destruction is to see a world for the first time. Inheritors of

About Displaced People in Ukraine,” Hromadske International, May 18, 2017. In May 2014 Andy Greenberg, “How an Entire Nation Became Russia’s Test Lab for Cyberwar,” Wired, June 20, 2017; Ellen Nakashima, “U.S. government officially accuses Russia of hacking campaign,” WP, Oct. 7, 2016; Frenkel, “Meet Fancy Bear.” Presidential hack

: Patrikarakos, War in 140 Characters, 123. The cyberwar made U.S. institutions: “Bears in the Midst: Intrusion in the Democratic National Convention,” Crowdstrike, June 15, 2016. State Department: Ellen Nakashima, “New Details Emerge

3, 2017. Malware in grid: Greenberg, “How an Entire Nation.” See chapter 6 for further discussion. The most remarkable To follow the Ukrainian confrontation with cyberwar, consult StopFake and EuroMaidan Press. Throughout the war in Ukraine Putin quote: “Priamaia liniia s Vladimirom Putinym,” Kremlin, April 17, 2014. Special forces: Kanygin, “Bes

. Russian hackers meanwhile punished those who reported on the bombings: “Pawn Storm APT Group Returns,” SC Magazine, Oct. 23, 2015. Merkel remained the leader Russian cyberwar against Merkel: Sophie Eisentraut, “Russia Pulling Strings on Both Sides of the Atlantic,” The Cipher, Sept. 22, 2017. Quotation: “Wir werden Frau Merkel jagen,” Der

in chapters 3, 4, and 5. For additional detail on Estonia, see “Estonia and Russia: A cyber-riot,” The Economist, May 10, 2007; Kertu Ruus, “Cyber War I,” European Affairs, vol. 9, nos. 1-2, 2008. The Russian war against Ukraine T-50: Kanygin, “Bes, Fiks, Romani i goluboglazyi.” Red flag: Separatist

the most reason to be concerned, did not expect an attack of this kind (What Happened, 333). See also Donna Brazile, Hacks, 135. In a cyberwar, an “attack surface” Elizabeth Dwoskin, Adam Entous, and Craig Timberg, “Google uncovers Russian-bought ads,” NYT, Oct. 9, 2017; Mike Isaac and Daisuke Wakabayashi, “Russian

The Future of War

by Lawrence Freedman  · 9 Oct 2017  · 592pp  · 161,798 words

The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age

by David E. Sanger  · 18 Jun 2018  · 394pp  · 117,982 words

Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World

by Bruce Schneier  · 2 Mar 2015  · 598pp  · 134,339 words

The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics

by Ben Buchanan  · 25 Feb 2020  · 443pp  · 116,832 words

@War: The Rise of the Military-Internet Complex

by Shane Harris  · 14 Sep 2014  · 340pp  · 96,149 words

Black Code: Inside the Battle for Cyberspace

by Ronald J. Deibert  · 13 May 2013  · 317pp  · 98,745 words

The Net Delusion: The Dark Side of Internet Freedom

by Evgeny Morozov  · 16 Nov 2010  · 538pp  · 141,822 words

Army of None: Autonomous Weapons and the Future of War

by Paul Scharre  · 23 Apr 2018  · 590pp  · 152,595 words

The New Digital Age: Transforming Nations, Businesses, and Our Lives

by Eric Schmidt and Jared Cohen  · 22 Apr 2013  · 525pp  · 116,295 words

The New Rules of War: Victory in the Age of Durable Disorder

by Sean McFate  · 22 Jan 2019  · 330pp  · 83,319 words

Spies, Lies, and Algorithms: The History and Future of American Intelligence

by Amy B. Zegart  · 6 Nov 2021

Enlightenment Now: The Case for Reason, Science, Humanism, and Progress

by Steven Pinker  · 13 Feb 2018  · 1,034pp  · 241,773 words

The Transparent Society: Will Technology Force Us to Choose Between Privacy and Freedom?

by David Brin  · 1 Jan 1998  · 205pp  · 18,208 words

Active Measures: The Secret History of Disinformation and Political Warfare

by Thomas Rid

The Master Algorithm: How the Quest for the Ultimate Learning Machine Will Remake Our World

by Pedro Domingos  · 21 Sep 2015  · 396pp  · 117,149 words

The Fifth Domain: Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats

by Richard A. Clarke and Robert K. Knake  · 15 Jul 2019  · 409pp  · 112,055 words

Tools and Weapons: The Promise and the Peril of the Digital Age

by Brad Smith and Carol Ann Browne  · 9 Sep 2019  · 482pp  · 121,173 words

The Twittering Machine

by Richard Seymour  · 20 Aug 2019  · 297pp  · 83,651 words

Strategy: A History

by Lawrence Freedman  · 31 Oct 2013  · 1,073pp  · 314,528 words

Strategy Strikes Back: How Star Wars Explains Modern Military Conflict

by Max Brooks, John Amble, M. L. Cavanaugh and Jaym Gates  · 14 May 2018  · 278pp  · 84,002 words

Chinese Spies: From Chairman Mao to Xi Jinping

by Roger Faligot  · 30 Jun 2019  · 615pp  · 187,426 words

Reset

by Ronald J. Deibert  · 14 Aug 2020

Dawn of the Code War: America's Battle Against Russia, China, and the Rising Global Cyber Threat

by John P. Carlin and Garrett M. Graff  · 15 Oct 2018  · 568pp  · 164,014 words

I, Warbot: The Dawn of Artificially Intelligent Conflict

by Kenneth Payne  · 16 Jun 2021  · 339pp  · 92,785 words

The End of Big: How the Internet Makes David the New Goliath

by Nicco Mele  · 14 Apr 2013  · 270pp  · 79,992 words

The Sovereign Individual: How to Survive and Thrive During the Collapse of the Welfare State

by James Dale Davidson and William Rees-Mogg  · 3 Feb 1997  · 582pp  · 160,693 words

The End of Power: From Boardrooms to Battlefields and Churches to States, Why Being in Charge Isn’t What It Used to Be

by Moises Naim  · 5 Mar 2013  · 474pp  · 120,801 words

We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency

by Parmy Olson  · 5 Jun 2012  · 478pp  · 149,810 words

Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It

by Marc Goodman  · 24 Feb 2015  · 677pp  · 206,548 words

The Autonomous Revolution: Reclaiming the Future We’ve Sold to Machines

by William Davidow and Michael Malone  · 18 Feb 2020  · 304pp  · 80,143 words

The Age of AI: And Our Human Future

by Henry A Kissinger, Eric Schmidt and Daniel Huttenlocher  · 2 Nov 2021  · 194pp  · 57,434 words

Connectography: Mapping the Future of Global Civilization

by Parag Khanna  · 18 Apr 2016  · 497pp  · 144,283 words

Future War: Preparing for the New Global Battlefield

by Robert H. Latiff  · 25 Sep 2017  · 158pp  · 46,353 words

Destined for War: America, China, and Thucydides's Trap

by Graham Allison  · 29 May 2017  · 518pp  · 128,324 words

Vanished Kingdoms: The History of Half-Forgotten Europe

by Norman Davies  · 27 Sep 2011

Vanished Kingdoms: The Rise and Fall of States and Nations

by Norman Davies  · 30 Sep 2009  · 1,309pp  · 300,991 words

Underground

by Suelette Dreyfus  · 1 Jan 2011  · 547pp  · 160,071 words

Autonomous Driving: How the Driverless Revolution Will Change the World

by Andreas Herrmann, Walter Brenner and Rupert Stadler  · 25 Mar 2018

Advanced Software Testing—Vol. 3, 2nd Edition

by Jamie L. Mitchell and Rex Black  · 15 Feb 2015

Hacking Exposed: Network Security Secrets and Solutions

by Stuart McClure, Joel Scambray and George Kurtz  · 15 Feb 2001  · 260pp  · 40,943 words

Sunfall

by Jim Al-Khalili  · 17 Apr 2019  · 381pp  · 120,361 words

DarkMarket: Cyberthieves, Cybercops and You

by Misha Glenny  · 3 Oct 2011  · 274pp  · 85,557 words

Whiplash: How to Survive Our Faster Future

by Joi Ito and Jeff Howe  · 6 Dec 2016  · 254pp  · 76,064 words

The Wires of War: Technology and the Global Struggle for Power

by Jacob Helberg  · 11 Oct 2021  · 521pp  · 118,183 words

Dark Mirror: Edward Snowden and the Surveillance State

by Barton Gellman  · 20 May 2020  · 562pp  · 153,825 words

Exponential: How Accelerating Technology Is Leaving Us Behind and What to Do About It

by Azeem Azhar  · 6 Sep 2021  · 447pp  · 111,991 words

Going Dark: The Secret Social Lives of Extremists

by Julia Ebner  · 20 Feb 2020  · 309pp  · 79,414 words

The Zero Marginal Cost Society: The Internet of Things, the Collaborative Commons, and the Eclipse of Capitalism

by Jeremy Rifkin  · 31 Mar 2014  · 565pp  · 151,129 words

Unit X: How the Pentagon and Silicon Valley Are Transforming the Future of War

by Raj M. Shah and Christopher Kirchhoff  · 8 Jul 2024  · 272pp  · 103,638 words

The Snowden Files: The Inside Story of the World's Most Wanted Man

by Luke Harding  · 7 Feb 2014  · 266pp  · 80,018 words

The Raging 2020s: Companies, Countries, People - and the Fight for Our Future

by Alec Ross  · 13 Sep 2021  · 363pp  · 109,077 words

The Green New Deal: Why the Fossil Fuel Civilization Will Collapse by 2028, and the Bold Economic Plan to Save Life on Earth

by Jeremy Rifkin  · 9 Sep 2019  · 327pp  · 84,627 words

Spam Nation: The Inside Story of Organized Cybercrime-From Global Epidemic to Your Front Door

by Brian Krebs  · 18 Nov 2014  · 252pp  · 75,349 words

The Seventh Sense: Power, Fortune, and Survival in the Age of Networks

by Joshua Cooper Ramo  · 16 May 2016  · 326pp  · 103,170 words

The Retreat of Western Liberalism

by Edward Luce  · 20 Apr 2017  · 223pp  · 58,732 words

Warnings

by Richard A. Clarke  · 10 Apr 2017  · 428pp  · 121,717 words

The Quest: Energy, Security, and the Remaking of the Modern World

by Daniel Yergin  · 14 May 2011  · 1,373pp  · 300,577 words

Freedom

by Daniel Suarez  · 17 Dec 2009  · 427pp  · 112,549 words

Homo Deus: A Brief History of Tomorrow

by Yuval Noah Harari  · 1 Mar 2015  · 479pp  · 144,453 words

Silk Road

by Eileen Ormsby  · 1 Nov 2014  · 269pp  · 79,285 words

The Rare Metals War

by Guillaume Pitron  · 15 Feb 2020  · 249pp  · 66,492 words

When Computers Can Think: The Artificial Intelligence Singularity

by Anthony Berglas, William Black, Samantha Thalind, Max Scratchmann and Michelle Estes  · 28 Feb 2015

The New Map: Energy, Climate, and the Clash of Nations

by Daniel Yergin  · 14 Sep 2020

WikiLeaks and the Age of Transparency

by Micah L. Sifry  · 19 Feb 2011  · 212pp  · 49,544 words

Our Dollar, Your Problem: An Insider’s View of Seven Turbulent Decades of Global Finance, and the Road Ahead

by Kenneth Rogoff  · 27 Feb 2025  · 330pp  · 127,791 words

Money: Vintage Minis

by Yuval Noah Harari  · 5 Apr 2018  · 97pp  · 31,550 words

The Age of Surveillance Capitalism

by Shoshana Zuboff  · 15 Jan 2019  · 918pp  · 257,605 words

Social Life of Information

by John Seely Brown and Paul Duguid  · 2 Feb 2000  · 791pp  · 85,159 words

Blood and Oil: Mohammed Bin Salman's Ruthless Quest for Global Power

by Bradley Hope and Justin Scheck  · 14 Sep 2020  · 339pp  · 103,546 words

The Politics of Bitcoin: Software as Right-Wing Extremism

by David Golumbia  · 25 Sep 2016  · 87pp  · 25,823 words

Fall Out: A Year of Political Mayhem

by Tim Shipman  · 30 Nov 2017  · 721pp  · 238,678 words

Age of Anger: A History of the Present

by Pankaj Mishra  · 26 Jan 2017  · 410pp  · 106,931 words

Frommer's Los Angeles 2010

by Matthew Richard Poole  · 28 Sep 2009  · 356pp  · 186,629 words

Rigged: How the Media, Big Tech, and the Democrats Seized Our Elections

by Mollie Hemingway  · 11 Oct 2021  · 595pp  · 143,394 words

With Liberty and Justice for Some: How the Law Is Used to Destroy Equality and Protect the Powerful

by Glenn Greenwald  · 11 Nov 2011  · 283pp  · 77,272 words

The WikiLeaks Files: The World According to US Empire

by Wikileaks  · 24 Aug 2015  · 708pp  · 176,708 words

Poking a Dead Frog: Conversations With Today's Top Comedy Writers

by Mike Sacks  · 23 Jun 2014

My Shit Life So Far

by Frankie Boyle  · 30 Sep 2009

The Zenith Angle

by Bruce Sterling  · 27 Apr 2004  · 342pp  · 95,013 words

Likewar: The Weaponization of Social Media

by Peter Warren Singer and Emerson T. Brooking  · 15 Mar 2018

Pax Technica: How the Internet of Things May Set Us Free or Lock Us Up

by Philip N. Howard  · 27 Apr 2015  · 322pp  · 84,752 words

Hacker, Hoaxer, Whistleblower, Spy: The Story of Anonymous

by Gabriella Coleman  · 4 Nov 2014  · 457pp  · 126,996 words

The Industries of the Future

by Alec Ross  · 2 Feb 2016  · 364pp  · 99,897 words

The Currency Cold War: Cash and Cryptography, Hash Rates and Hegemony

by David G. W. Birch  · 14 Apr 2020  · 247pp  · 60,543 words

Surveillance Valley: The Rise of the Military-Digital Complex

by Yasha Levine  · 6 Feb 2018  · 474pp  · 130,575 words

Fatal System Error: The Hunt for the New Crime Lords Who Are Bringing Down the Internet

by Joseph Menn  · 26 Jan 2010  · 362pp  · 86,195 words

Accessory to War: The Unspoken Alliance Between Astrophysics and the Military

by Neil Degrasse Tyson and Avis Lang  · 10 Sep 2018  · 745pp  · 207,187 words

Nervous States: Democracy and the Decline of Reason

by William Davies  · 26 Feb 2019  · 349pp  · 98,868 words

Our Final Invention: Artificial Intelligence and the End of the Human Era

by James Barrat  · 30 Sep 2013  · 294pp  · 81,292 words

In the Flow

by Boris Groys  · 16 Feb 2016  · 230pp  · 60,050 words

Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground

by Kevin Poulsen  · 22 Feb 2011  · 264pp  · 79,589 words

How Everything Became War and the Military Became Everything: Tales From the Pentagon

by Rosa Brooks  · 8 Aug 2016  · 548pp  · 147,919 words

Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World

by Joseph Menn  · 3 Jun 2019  · 302pp  · 85,877 words

Ghost Fleet: A Novel of the Next World War

by P. W. Singer and August Cole  · 28 Jun 2015  · 537pp  · 149,628 words

Digital Bank: Strategies for Launching or Becoming a Digital Bank

by Chris Skinner  · 27 Aug 2013  · 329pp  · 95,309 words

Who Rules the World?

by Noam Chomsky

The Levelling: What’s Next After Globalization

by Michael O’sullivan  · 28 May 2019  · 756pp  · 120,818 words

There's a War Going on but No One Can See It

by Huib Modderkolk  · 1 Sep 2021  · 295pp  · 84,843 words

Collaborative Society

by Dariusz Jemielniak and Aleksandra Przegalinska  · 18 Feb 2020  · 187pp  · 50,083 words

Boom: Bubbles and the End of Stagnation

by Byrne Hobart and Tobias Huber  · 29 Oct 2024  · 292pp  · 106,826 words

Secrets and Lies: Digital Security in a Networked World

by Bruce Schneier  · 1 Jan 2000  · 470pp  · 144,455 words

The Best of 2600: A Hacker Odyssey

by Emmanuel Goldstein  · 28 Jul 2008  · 889pp  · 433,897 words

The Hype Machine: How Social Media Disrupts Our Elections, Our Economy, and Our Health--And How We Must Adapt

by Sinan Aral  · 14 Sep 2020  · 475pp  · 134,707 words

Because We Say So

by Noam Chomsky

The Road to Ruin: The Global Elites' Secret Plan for the Next Financial Crisis

by James Rickards  · 15 Nov 2016  · 354pp  · 105,322 words

The Techno-Human Condition

by Braden R. Allenby and Daniel R. Sarewitz  · 15 Feb 2011

Digital Disconnect: How Capitalism Is Turning the Internet Against Democracy

by Robert W. McChesney  · 5 Mar 2013  · 476pp  · 125,219 words

You've Been Played: How Corporations, Governments, and Schools Use Games to Control Us All

by Adrian Hon  · 14 Sep 2022  · 371pp  · 107,141 words

Top Secret America: The Rise of the New American Security State

by Dana Priest and William M. Arkin  · 5 Sep 2011  · 328pp  · 100,381 words

Four Battlegrounds

by Paul Scharre  · 18 Jan 2023

Targeted: The Cambridge Analytica Whistleblower's Inside Story of How Big Data, Trump, and Facebook Broke Democracy and How It Can Happen Again

by Brittany Kaiser  · 21 Oct 2019  · 391pp  · 123,597 words

Nexus: A Brief History of Information Networks From the Stone Age to AI

by Yuval Noah Harari  · 9 Sep 2024  · 566pp  · 169,013 words

On Tyranny: Twenty Lessons From the Twentieth Century

by Timothy Snyder  · 14 Sep 2017  · 69pp  · 15,637 words

Data and the City

by Rob Kitchin,Tracey P. Lauriault,Gavin McArdle  · 2 Aug 2017

Cities Under Siege: The New Military Urbanism

by Stephen Graham  · 30 Oct 2009  · 717pp  · 150,288 words

Every Nation for Itself: Winners and Losers in a G-Zero World

by Ian Bremmer  · 30 Apr 2012  · 234pp  · 63,149 words

Ten Lessons for a Post-Pandemic World

by Fareed Zakaria  · 5 Oct 2020  · 289pp  · 86,165 words

How to Fix the Future: Staying Human in the Digital Age

by Andrew Keen  · 1 Mar 2018  · 308pp  · 85,880 words

The System: Who Owns the Internet, and How It Owns Us

by James Ball  · 19 Aug 2020  · 268pp  · 76,702 words

Bleeding Edge: A Novel

by Thomas Pynchon  · 16 Sep 2013  · 532pp  · 141,574 words

The Default Line: The Inside Story of People, Banks and Entire Nations on the Edge

by Faisal Islam  · 28 Aug 2013  · 475pp  · 155,554 words

The Best Business Writing 2013

by Dean Starkman  · 1 Jan 2013  · 514pp  · 152,903 words

Frommer's California 2009

by Matthew Poole, Harry Basch, Mark Hiss and Erika Lenkert  · 2 Jan 2009

Free Speech: Ten Principles for a Connected World

by Timothy Garton Ash  · 23 May 2016  · 743pp  · 201,651 words

Program Or Be Programmed: Ten Commands for a Digital Age

by Douglas Rushkoff  · 1 Nov 2010  · 103pp  · 32,131 words

A Theory of the Drone

by Gregoire Chamayou  · 23 Apr 2013  · 335pp  · 82,528 words

Dark Pools: The Rise of the Machine Traders and the Rigging of the U.S. Stock Market

by Scott Patterson  · 11 Jun 2012  · 356pp  · 105,533 words

Frommer's California 2007

by Harry Basch, Mark Hiss, Erika Lenkert and Matthew Richard Poole  · 6 Dec 2006  · 769pp  · 397,677 words

Propaganda and the Public Mind

by Noam Chomsky and David Barsamian  · 31 Mar 2015

The Water Will Come: Rising Seas, Sinking Cities, and the Remaking of the Civilized World

by Jeff Goodell  · 23 Oct 2017  · 292pp  · 92,588 words

The Rapture of the Nerds

by Cory Doctorow and Charles Stross  · 3 Sep 2012  · 311pp  · 94,732 words

Kill Chain: The Rise of the High-Tech Assassins

by Andrew Cockburn  · 10 Mar 2015  · 389pp  · 108,344 words

Custodians of the Internet: Platforms, Content Moderation, and the Hidden Decisions That Shape Social Media

by Tarleton Gillespie  · 25 Jun 2018  · 390pp  · 109,519 words

Revolution in the Age of Social Media: The Egyptian Popular Insurrection and the Internet

by Linda Herrera  · 14 Apr 2014  · 186pp  · 49,595 words

WTF?: What's the Future and Why It's Up to Us

by Tim O'Reilly  · 9 Oct 2017  · 561pp  · 157,589 words

50 Future Ideas You Really Need to Know

by Richard Watson  · 5 Nov 2013  · 219pp  · 63,495 words

Pay Any Price: Greed, Power, and Endless War

by James Risen  · 15 Feb 2014  · 339pp  · 99,674 words

The Scandal of Money

by George Gilder  · 23 Feb 2016  · 209pp  · 53,236 words

The Loop: How Technology Is Creating a World Without Choices and How to Fight Back

by Jacob Ward  · 25 Jan 2022  · 292pp  · 94,660 words

The Ransomware Hunting Team: A Band of Misfits' Improbable Crusade to Save the World From Cybercrime

by Renee Dudley and Daniel Golden  · 24 Oct 2022  · 392pp  · 114,189 words

Messing With the Enemy: Surviving in a Social Media World of Hackers, Terrorists, Russians, and Fake News

by Clint Watts  · 28 May 2018  · 324pp  · 96,491 words

They Don't Represent Us: Reclaiming Our Democracy

by Lawrence Lessig  · 5 Nov 2019  · 404pp  · 115,108 words

Epic Win for Anonymous: How 4chan's Army Conquered the Web

by Cole Stryker  · 14 Jun 2011  · 226pp  · 71,540 words

New Laws of Robotics: Defending Human Expertise in the Age of AI

by Frank Pasquale  · 14 May 2020  · 1,172pp  · 114,305 words

Hacking Capitalism

by Söderberg, Johan; Söderberg, Johan;

The Cryptopians: Idealism, Greed, Lies, and the Making of the First Big Cryptocurrency Craze

by Laura Shin  · 22 Feb 2022  · 506pp  · 151,753 words