Last month we discovered that Russian hackers have been running malware for almost a year in network servers used by thousands of large US companies and government agencies. It’s the largest espionage hack in history. As far as we know.
We have all been suffering from abyss gaze recently – the depression that settles in when you realize that we’re all doomed. Warren Ellis coined the term “abyss gaze” in his novel Normal, which tells the story of futurists who suffer nervous breakdowns after discovering that there is no hope for humanity as a result of the trends in whatever area they study. Between the pandemic, climate change, and the near-loss of American democracy, 2020 was quite a year for skating close to the edge of the abyss.
I don’t mean to harsh your mellow. It took forever but we finally made it through 2020 and we’ve just gotten past a stressful time for American democracy. Do you think I enjoy bringing you down with tales of cyber disaster? Yes. Yes, I do. I find this stuff fascinating. So buckle up and focus on the interesting bits and try not to think about the implications where all the lights go out and planes crash out of the sky.
Cyber warfare is the modern equivalent of the global arms race from the 1950s to the 1990s. If the bits start flying, a cyber war has the potential to be just as destructive as a nuclear war. Modern life depends on our networks to power our electrical grid, run the hospitals, keep infrastructure working, and coordinate the supply chain that brings us food and water and clothes.
Our military leaders and intelligence agencies are spending more time and resources on cyber battles than any of us realize. Every year intelligence agencies prepare a global “Threat Assessment” for Congress; for several years cyberattacks have been the number one threat on the list. The fear of devastating cyberattacks is at the center of American defense strategy. It is arguably more important to our decision-makers than anything to do with conventional warfare.
Starting in the 1950s, America and the USSR built huge bombs that could blow up entire cities. The famous doctrine of “mutually assured destruction” meant the two sides would feint at each other in different parts of the world for the next few decades – Vietnam, Afghanistan, Iraq – but never escalate hostilities in a way that might provoke the other side to a more forceful response.
In the 2000s, the world is in a similar standoff. America, Russia, and China are the major combatants. We have new technology – a global communications network – and we have learned how to build digital bombs that could disable the supply chain and infrastructure of entire cities, states, countries.
At the moment, then, we are in an uneasy truce built on the same doctrine of mutually assured destruction: Russia does not launch crippling attacks on American networks because they’re afraid we’ll retaliate and do more damage to them.
An important difference between cyberattacks and nuclear bombs is that cyber warfare is more effective if governments keep the details secret. In the 1960s, American citizens knew that nuclear weapons existed; schoolchildren were taught to be afraid, ready to hide under their desks if they saw a flash. Today the secrecy about cyber warfare means that most people barely know it’s going on.
We’re relying on government officials to be smart about preventing mutual destruction. But all combatants – America, Russia, China, Israel, North Korea, Iran, and many more – are motivated to hack more and more deeply into each other’s networks. Because the other effect of the doctrine of mutually assured destruction is that no one has an incentive to disarm.
Today’s cyber world is in roughly the same position as the nuclear world from the 1950s to the 1990s: tense but stable global peace. The superpowers have occasionally flexed their cyber muscles in the 2000s, careful not to be provocative enough to require a drastic response. The US and Israel launched the Stuxnet virus to disable Iranian nuclear facilities. Russia tested its powers by shutting down 30% of the computers (and much of the infrastructure) in the Ukraine. North Korea took down the Sony Corporation network because it was irritated by a Seth Rogen movie. China quietly steals terabytes of data from American corporations. All sides implant backdoors and viruses in as many foreign networks as possible, little electronic nuclear bombs, and only fear of retaliation keeps them from being detonated.
(If you’re interested in details about those cyberattacks and more, read David Sanger’s excellent book The Perfect Weapon. I wrote about the Sanger book and the hacking incidents here.)
As we talk about the great Russia hack of 2020, I want you to keep in mind that the US also does this kind of hacking against the Russians. Because these programs are shrouded in secrecy, we don’t know how the Russian hack compares to our own efforts. If the US does not come out of the gate roaring with indignation and shaking our fist at the Russian hackers, it may be that both Russian and US government officials are fully aware that we are embedded just as deeply in Russian networks.
The Great Russia Hack
Beginning in March 2020, Russian hackers infected the software updates issued by the enterprise division of Solarwinds, which makes critical network monitoring software used by government agencies, hundreds of Fortune 500 companies, and firms that oversee critical infrastructure, including the power grid.
Once they rode the Solarwinds updates into the networks, the Russian hackers leveraged their initial access by installing additional backdoors and malware in the affected systems.
There has been a rule of thumb for personal computers for many years: once a system is hacked, you can never trust that computer again. It is impossible to be confident that it is trustworthy without replacing it or rebuilding it from scratch.
The same principle is true of corporate networks, but it is effectively impossible to take an entire hospital or government agency network offline and replace it with a clean new network. Anything you do to secure the network short of that runs the risk that clever hackers may have left a backdoor that isn’t discovered.
That’s why an important thing to know about the Russian hackers is that they are very, very good at hacking. Now we’ve detected their intrusion, great, but a lot of IT administrators and security firms are losing sleep over the possibility that the Russians will still be embedded even after the best efforts to dislodge them.
The Russia hack provides a rare moment of visibility into the world of global cyber warfare. In the next few articles I’m going to give you a glimpse at various sides of a complex and fascinating story. Here’s what’s coming up:
- How did the Russians hack into American government and company networks?
- Monitoring programs from Solarwinds were the vector used by the Russians to gain entry. What is the Solarwinds story?
- How were the Russians caught?
- Who were the victims? What was done by the Russians (so far)?
Line up some videos of happy puppies to watch after the next few articles. I don’t want you to spend all your time staring into the abyss. We did too much of that in 2020.
