The Asymmetrical Online War
By JOHN MARKOFF
In 1975, John Brunner wrote a science fiction novel, “The Shockwave Rider,” about a lone programmer who creates a computer worm that exposes a repressive regime’s secrets and ultimately undermines a tyrannical government.
Life invariably seems to find a way to imitate art, but as the world’s computer systems and networks continue to fall prey to hackers, the resemblance has become eerie. The Internet has transformed many things in the world, but one of its most remarkable effects has been to change the balance of power, not between states, but between entire nations and their citizens.
“It’s a completely surreal realization that nation states can be seriously confronted by teenagers, but that’s where we’re at,” said John Perry Barlow, the Grateful Dead lyricist who co-founded the Electronic Frontier Foundation in 1990 to help defend young computer hackers. “One very smart person can take on an entire nation state.”
One can take on the security apparatus of the Web as well. In the space of a little more than a month, two computer security firms have been publicly humiliated, one by an anonymous computer hacker who claimed in an e-mail interview with a Forbes columnist to be a 16-year-old girl and a second by someone who is apparently a 21-year-old Iranian who later appeared online as a proponent of Mahmoud Ahmadinejad’s government to rail against the West.
Also last month, RSA, a Massachusetts-based firm that sells software to corporations and governments that is used to keep digital secrets, was forced to admit that it had been the victim of what the firm described as a mysterious “Advanced Persistent Threat,” potentially undermining crucial encryption technology that protects millions of computers around the globe.
Each incident underscored the potential power of an individual or a small group in cyberspace — from destroying a company’s reputation to fundamentally undermining the digital security of millions of Internet users.
“There is asymmetry in resources, in time, in response, in cycle time, in information sharing, and maybe even in other areas as well, depending on the kind of attack and attackers,” said Eugene Spafford, a computer scientist and computer security specialist at Purdue University.
Not long ago all this might have been the stuff of science fiction, but the dystopian world that was envisioned by Mr. Brunner, as well as similar future political scenarios drawn by a earlier generation of “cyberpunk” science fiction writers like Neal Stephenson, William Gibson and Vernor Vinge, seem increasingly to be echoed by real world events.
Indeed, it is not a coincidence that the political sensibilities of the Wikileaks founder Julian Assange were shaped by his participation in the Cypherpunk digital anarchist movement of the 1990s, which in turn drew inspiration from novels of cyberpunk science fiction authors like Mr. Gibson and Mr. Stephenson.
Hardly a week passes when there isn’t some new incident underscoring the fundamental imbalance of power in cyberspace between attacker and defender, where a highly motivated and reasonably skilled intruder, operating in secrecy from almost anywhere in the world, can with apparent ease unravel digital fortifications intended to offer banking-grade security.
In February, an executive at HBGary, a Sacramento, Calif., security software and consulting firm, made the mistake of publicly boasting that he had unmasked the identities of the members of Anonymous, a secretive collection of cyber-vigilantes who had attracted attention by launching Internet denial-of-service attacks in defense of Wikileaks. The security company, which was engaged in a series dubious business propositions, soon found that the details of its business were exposed to the world. Anonymous, whose ringleader was possibly a teenager, tricked one of the company’s systems administrators into giving them password information, making it possible to steal more than 50,000 of HBGary’s e-mail messages and placing them on a Russian web site.
Last month, Comodo, a Jersey City, N.J., supplier of computer security products, including certificates used for authenticating digital identity online, said that it had suffered an elaborate electronic break-in and theft by someone who appeared intent on using stolen certificates to compromise the e-mail and social network accounts of Iranian dissidents. Suspicions first focused on a group of patriotic Iranian hackers known as the Iranian Cyber Army, but within days a young Iranian computer hacker convincingly claimed credit for the exploit. Modesty was not one of his character traits: “I know you are really shocked about my knowledge, my skill, my speed, my expertise and entire attack. That’s O.K., all of it was so easy for me,” he wrote in a post. He also vaguely hinted that the theft was revenge for the Stuxnet computer worm, which may have been unleashed last year by Israel and the United States in an effort to undermine Iran’s nuclear weapons efforts.
The RSA compromise last month sent new shockwaves through corporate boardrooms and banking headquarters, as well as dozens of the nation’s defense contractors. The implications were that somewhere there was a brilliant black hat hacker who was only a step away from being able to electronically waltz into the best-protected American networks.
For his part, Mr. Barlow said he remained an optimist about the Internet’s effect on the balance of power.
“It really depends on your view of human nature,” he said.
By JOHN MARKOFF
In 1975, John Brunner wrote a science fiction novel, “The Shockwave Rider,” about a lone programmer who creates a computer worm that exposes a repressive regime’s secrets and ultimately undermines a tyrannical government.
Life invariably seems to find a way to imitate art, but as the world’s computer systems and networks continue to fall prey to hackers, the resemblance has become eerie. The Internet has transformed many things in the world, but one of its most remarkable effects has been to change the balance of power, not between states, but between entire nations and their citizens.
“It’s a completely surreal realization that nation states can be seriously confronted by teenagers, but that’s where we’re at,” said John Perry Barlow, the Grateful Dead lyricist who co-founded the Electronic Frontier Foundation in 1990 to help defend young computer hackers. “One very smart person can take on an entire nation state.”
One can take on the security apparatus of the Web as well. In the space of a little more than a month, two computer security firms have been publicly humiliated, one by an anonymous computer hacker who claimed in an e-mail interview with a Forbes columnist to be a 16-year-old girl and a second by someone who is apparently a 21-year-old Iranian who later appeared online as a proponent of Mahmoud Ahmadinejad’s government to rail against the West.
Also last month, RSA, a Massachusetts-based firm that sells software to corporations and governments that is used to keep digital secrets, was forced to admit that it had been the victim of what the firm described as a mysterious “Advanced Persistent Threat,” potentially undermining crucial encryption technology that protects millions of computers around the globe.
Each incident underscored the potential power of an individual or a small group in cyberspace — from destroying a company’s reputation to fundamentally undermining the digital security of millions of Internet users.
“There is asymmetry in resources, in time, in response, in cycle time, in information sharing, and maybe even in other areas as well, depending on the kind of attack and attackers,” said Eugene Spafford, a computer scientist and computer security specialist at Purdue University.
Not long ago all this might have been the stuff of science fiction, but the dystopian world that was envisioned by Mr. Brunner, as well as similar future political scenarios drawn by a earlier generation of “cyberpunk” science fiction writers like Neal Stephenson, William Gibson and Vernor Vinge, seem increasingly to be echoed by real world events.
Indeed, it is not a coincidence that the political sensibilities of the Wikileaks founder Julian Assange were shaped by his participation in the Cypherpunk digital anarchist movement of the 1990s, which in turn drew inspiration from novels of cyberpunk science fiction authors like Mr. Gibson and Mr. Stephenson.
Hardly a week passes when there isn’t some new incident underscoring the fundamental imbalance of power in cyberspace between attacker and defender, where a highly motivated and reasonably skilled intruder, operating in secrecy from almost anywhere in the world, can with apparent ease unravel digital fortifications intended to offer banking-grade security.
In February, an executive at HBGary, a Sacramento, Calif., security software and consulting firm, made the mistake of publicly boasting that he had unmasked the identities of the members of Anonymous, a secretive collection of cyber-vigilantes who had attracted attention by launching Internet denial-of-service attacks in defense of Wikileaks. The security company, which was engaged in a series dubious business propositions, soon found that the details of its business were exposed to the world. Anonymous, whose ringleader was possibly a teenager, tricked one of the company’s systems administrators into giving them password information, making it possible to steal more than 50,000 of HBGary’s e-mail messages and placing them on a Russian web site.
Last month, Comodo, a Jersey City, N.J., supplier of computer security products, including certificates used for authenticating digital identity online, said that it had suffered an elaborate electronic break-in and theft by someone who appeared intent on using stolen certificates to compromise the e-mail and social network accounts of Iranian dissidents. Suspicions first focused on a group of patriotic Iranian hackers known as the Iranian Cyber Army, but within days a young Iranian computer hacker convincingly claimed credit for the exploit. Modesty was not one of his character traits: “I know you are really shocked about my knowledge, my skill, my speed, my expertise and entire attack. That’s O.K., all of it was so easy for me,” he wrote in a post. He also vaguely hinted that the theft was revenge for the Stuxnet computer worm, which may have been unleashed last year by Israel and the United States in an effort to undermine Iran’s nuclear weapons efforts.
The RSA compromise last month sent new shockwaves through corporate boardrooms and banking headquarters, as well as dozens of the nation’s defense contractors. The implications were that somewhere there was a brilliant black hat hacker who was only a step away from being able to electronically waltz into the best-protected American networks.
For his part, Mr. Barlow said he remained an optimist about the Internet’s effect on the balance of power.
“It really depends on your view of human nature,” he said.