Has the US been hacked before?
Many times. In 2014, Russian hackers
targeted the State Department and the
White House – even hacking into
President Obama’s unclassified emails.
But the first big attack – traced back to
somewhere in the former Soviet Union
– was detected in 1998, when it emerged
that computer systems at the Pentagon,
Nasa and various private labs and
universities had been compromised for
more than two years. Vast numbers of
files had been acquired – including details
of troop configurations and military
hardware designs. Chinese hackers also
made audacious attacks, stealing the
designs for the F-35 fighter jet, along
with billions of dollars’ worth of
corporate secrets and the blueprints for
US gas pipelines. Another breach, in
which as many as four million US government personnel records
were stolen, has also been traced to China.
So why such a fuss about last year’s attacks?
All major powers are involved in digital espionage, but publishing
sensitive information in order to disrupt a major foreign election
is a new development. This time hackers broke into the computers
of the Democratic National Committee (DNC) and the email
accounts of Hillary Clinton’s top aides. The documents were
embarrassing if not especially revelatory: they uncovered details of
backbiting among staffers, and of Clinton’s close links to Wall
Street; they showed that the Democratic Party top brass favoured
Clinton over her opponent Bernie Sanders. These titbits were
leaked to the media in the last months of the election campaign,
say US intelligence agencies, specifically to “denigrate” Clinton.
How did the hackers get in?
Initially by “spear phishing”. Clinton and DNC staff received
emails that appeared to come from their email providers, stating
that someone had tried to break into their account, asking them
to change their password, and directing them to a fake website
that resembled their email provider’s. Once they entered their
passwords, the hackers gained access to their accounts. John
Podesta, Clinton’s campaign chief, had been sent a warning by an
aide about the phishing email, but the
aide had in error described it as
“legitimate” rather than, as intended,
“illegitimate”. So the Russians got
hold of some 60,000 emails in
Podesta’s private Gmail account. The
hackers also exploited vulnerabilities
in the software to get inside the
DNC’s computer networks, planting
bugs that spread through the system,
harvesting data and sending it home.
Was it definitely the Russians?
Having analysed the intruders’ digital
tradecraft, all US intelligence agencies
and top cybersecurity firms believe it
was. CrowdStrike, which investigated
the DNC’s network, detected “two
separate Russian intelligence-affiliated
adversaries” – neither of them, it
seemed, aware of the other’s
involvement – which it dubbed Fancy
Bear and Cozy Bear (Fancy and Cozy
being references to types of code).
Fancy Bear is also known as APT 28 (an
Advanced Persistent Threat, being a
sophisticated, state-sponsored hacking
group). Probably directed by the GRU
(Russian military intelligence), it has also
attacked Nato, Ukraine’s government,
the World Anti-Doping Agency and the
Dutch Safety Board investigating the
downing of flight MH17 over Ukraine.
Cozy Bear, aka APT 29, has been linked
to the FSB, a successor to Russia’s KGB.
What else have they done?
In 2007, Russian hackers launched a
crippling cyberattack on Estonia, after it
removed a Soviet war memorial in the
capital, Tallinn – disabling the websites
of its parliament, ministries, banks and
media organisations. During the
Ukrainian conflict, hackers brought
down parts of Ukraine’s power grid. In 2014, a six-month-long
attack on the German parliament was blamed on Fancy Bear, as
was a 2015 attack on the French TV network TV5Monde, when
all 11 channels were taken off air and Isis propaganda broadcast
in their stead. (Isis clearly lacked the skills to do this.) According to
The Sunday Times, Fancy Bear also planned to attack the BBC
and government websites during the 2015 election. However,
GCHQ seems to have learned of the attack and prevented it.
And who are the people actually doing the hacking?
Partly as a result of the demanding maths curriculum in its better
schools, Russia has a huge pool of able programmers, and the
world’s largest cybercrime underworld. The Kremlin taps both for
its hacking units – in 2013, Defence Minister Sergei Shoigu told
university rectors in Moscow he was on a “head hunt” for coders.
Students wanting to avoid the worst of conscription can join
“science squadrons”; professional programmers are approached
by military contractors with offers it might be unwise to refuse;
convicted cybercriminals are offered jobs instead of prison terms.
Beyond expelling spies, how could America respond?
The US is assumed to have the world’s greatest cyber capability
and could unleash powerful cyberweapons (see box). A hacking
unit linked to the National Security Agency, the Equation Group,
has been described by cybersecurity
firm Kaspersky Lab as “the most
advanced… we have seen”. And US
officials have reportedly been
planning an “unprecedented cyber
covert action against Russia”, which
could involve leaking unsavoury
details about Vladimir Putin and his
vast fortune. But even low-level cyberwarfare
carries a big risk: the US, and
its allies such as Britain, South Korea
and Estonia, are the most heavily
networked nations in the world, and
thus the most vulnerable to chaos.
Moreover, the US is said to be wary
of cyber counterattacks as they reveal
the extent of its own cyber
penetration to the adversary. In the
end, negotiation is probably the
preferred route. The US negotiated
with China (as well as indicting five
Chinese military hackers) after the
attacks in 2014. Since then, Chinese
hacking has dropped off significantly.
Stuxnet: waging cyberwar
In 2010, top cybersecurity experts were alarmed by the
discovery of a worm – a self-replicating computer virus
– more sophisticated than any they’d seen before. It was
working its way stealthily through computers across
the world, and thence into PLCs made by Siemens –
small computers which regulate the movement of
machinery in everything from power plants and traffic
lights to funfair rides. The worm, named Stuxnet, was
found to be a “marksman’s job” aimed at a very
specific target: the Natanz nuclear enrichment plant in
Iran, where it had caused the PLCs to destroy a large
number of centrifuges used for enriching uranium.
The general consensus now is that Stuxnet was a
coproduction between two major cyber powers, the
US and Israel – though this has never been officially
confirmed. It did the job in the short term, but its
cost-benefit ratio, says Wired magazine, is “still in
question”. Though cleverly targeted, Stuxnet spread
far beyond its mark, and was soon available on
hacking sites for anyone with malicious intent to
download and tweak. In the wrong hands, such a
weapon could be devastating, disrupting, say, train
control or water treatment systems across the world.
