As US Loses its Edge, Game of Cyber Chicken Could Have Deadly Consequences
28/03/2021
TWO major hacks – SolarWind and Microsoft Exchange server hacks – have affected a whole range of computer systems. Both are supply-chain hacks, meaning what appeared to be a routine software upgrade to a particular component in the system instead inserted malicious code. In the SolarWind hack, a backdoor in one such component was downloaded to systems of 18,000 organisations, including even the US treasury, commerce, homeland security, state department.
In the Microsoft Exchange servers, an estimated 250,000 machines might have been affected by a vulnerability, which allowed hackers to control the machines and even infect other systems in the internal network of the targeted companies. Four vulnerabilities in Microsoft Exchange servers were reported to Microsoft in early January. Unfortunately, Microsoft plugged these vulnerabilities only in early March. These vulnerabilities were used by the hackers during the period that Microsoft had either not released the patches; or companies had not upgraded their systems and installed the patches.
In the SolarWind hack, the US authorities and security companies that work closely with the US government have blamed Russian intelligence agencies for the hack. In the Microsoft Exchange server hack, the Chinese have been blamed. It is unlikely that either the Russians or Chinese spy agencies would execute such a widespread attack on systems. Their interests are better served by targeting a few critical systems and compromising them rather than infecting systems on such a wide scale.
The scale of the attacks multiplied exponentially, particularly after Microsoft announced the four vulnerabilities and released their patches. As email servers of a large number of organisations use Microsoft Exchange servers, a number of them, particularly small companies, were slow to apply the patches. This allowed a huge number of rogue hackers to get into the act, setting off a feeding frenzy of hacking such unprotected systems.
There have been calls for retaliating against Russia and China, even declaring these hacks to be acts of war. What such claims forget are that all countries have offensive and defensive capabilities and ‘stealing” data and knowledge from other countries are time-honoured tasks of spook agencies. It becomes an act of war only if it leads to physical damage to critical equipment or infrastructure.
Any identification of the kind that it is either Russian or Chinese is based on the flimsy evidence of supposed Russian or Chinese “signatures” in the software. The NSA tools dumped by Shadow Brokers on the internet in 2017 show that NSA can spoof signatures of other countries in their software. This problem is further compounded by NSA’s hacking tools being dumped on the internet in 2017 by Shadow Brokers and now accessible to all hackers.
Why does the US expect Russia or China not to hack other country’s systems, when we all know that NSA and CIA have been routinely hacking systems from all over the world? Snowden revelations showed that the US and its Five Eyes partners did everything and more that it today is accusing Russia and China of doing. XkeyScore and Prism, two of the largest NSA programmes, showed how systems across the world had been hacked or compromised. The NSA’s Tailored Access Operations hacked hardware that went to different countries providing NSA with physical backdoors into equipment in foreign networks. Not only did the US hack the rest of the world including India, but it also did not spare even its close NATO allies like Belgium and Germany!
The US has mounted a worldwide campaign against Huawei being a security risk for global networks and how a clean network means no Chinese equipment. New York Times and Der Spiegel, in a joint publication (NSA Breached Chinese Servers Seen as Security Threat, By David E Sanger and Nicole Perlroth, March 22, 2014) reported on an NSA programme Shotgiant that hacked into Huawei systems and its network to find a link between Huawei and Peoples Liberation Army. “But the plans went further: to exploit Huawei’s technology so that when the company sold equipment to other countries – including both allies and nations that avoid buying American products – the NSA could roam through their computer and telephone networks to conduct surveillance and if ordered by the president, offensive cyber operations…Many of our targets communicate over Huawei-produced products. We want to make sure that we know how to exploit these products… to gain access to networks of interest” around the world.
The NSA document reported by New York Times and Der Spiegel shows that NSA not only conducted surveillance operations in other countries networks but could also carry out offensive cyber operations. So if NSA or CIA compromises computers, routers or other equipment of a country, they not only exfiltrate data out of these networks but also have offensive capabilities of inserting logic bombs in the target network or equipment to bring these down.
In a re-enactment of Obama’s campaign in 2013-14 against China and Russia on cyberwar and cyber espionage, the Biden administration is attributing all the major cyber hacks in the world to ‘evil’ Russian and Chinese actors. Obama’s campaign had to be aborted with the damaging Snowden revelations. The US appears to believe that the world by now has forgotten about Snowden and the time is ripe again for a renewed offensive against the Russians and Chinese on hacking. It is a part of an assertive Biden regime that seems to be continuing Trump’s confrontationist policies with China and Russia.
The question is with growing offensive capabilities, can we continue to play this path of confrontation? Can we play this reckless game of cyber chicken without suffering devastating consequences? Can cyber offensive capabilities lead inadvertently to an attack that has physical consequences and therefore a physical war?
With the Stuxnet attack on Iran’s centrifuges, a line of not causing physical damage using cyberweapons – the cyber Rubicon – was crossed. Dress it up any way we want, an attack on equipment processing radioactive material that could lead to possible radioactive leakage was the first use of a cyber weapon.
In a repeat of the atom bomb era, where the US thought that it had a long-term monopoly of nuclear weapons, the US considers its cyber dominance to be long term. It has turned down every attempt within the UN framework for banning cyber weapons. Russia, China and many other countries tried to have a UN process to discuss such a cyber peace treaty. In 2012, Russia proposed a treaty modelled on Chemical Weapons Convention that would ban cyber weapons. The US turned it down arguing instead that every country should accept the Tallinn Manual. Tallinn Manual is a non-binding academic study sponsored by a group of NATO countries on how international law should be interpreted for cyberspace. It does not call for a ban on cyber weapons, only defines what it is and where its use would violate international law. Clearly, a far cry from a treaty on maintaining cyber peace and banning cyber weapons.
The Russians and the Chinese are not the only ones promoting a cyber peace treaty; or at least negotiations of do’s and don’ts in the cyber era. With the leak of NSA’s tools on the internet and in the wake of Wannacry ransomware attacks, even tech giants like Microsoft started talking about nation-states – read the NSA in this case – not stockpiling and exploiting vulnerabilities in systems. In a 2010 UN Report, a group of experts determined that cybersecurity threats are among the most serious challenges of the 21st century.
The reality that the US refuses to accept is that it is no longer the sole cyber hegemon. The Belfer Center of Harvard Kennedy School, Cambridge Massachusetts ranks cyber power of countries by both offensive and defensive capabilities. In both, though the US is still the leading player, China is in second place and catching up fast. Russia, UK and others are still some distance behind, while India is way behind in the 21st place.
With computer systems and networks underpinning the global infrastructure, the risks of cyber weapons to the world are greater than ever before. We either work for cyber peace or we will inevitably tip over to a ruinous cyber exchange and possibly the splintering of the global internet with hard borders. If we do not enter the even more dangerous territory of a hot war that initially starts as a cyberwar.