Hackers bring nations to their knees
On New Year’s Eve, as 100,000 rainsoaked revellers gathered in Times Square to watch the giant ball descend at midnight, someone at the U.S. Strategic Command headquarters at Offut Air Force Base in Nebraska posted a Twitter message.
The tweet, accompanied by a video clip of a B-2 bomber dropping nuclear warheads, declared: “#TimesSquare tradition rings in the #NewYear by dropping the big ball...if ever needed, we are #ready to drop something much, much bigger.”
Three hours later, a more senior person posted an apology: “Our previous NYE tweet was in poor taste & does not reflect our values. We apologize. We are dedicated to the security of America & allies.”
Those tweets were inevitably followed by hundreds of replies — roughly divided among
a) thanking Strategic Command for keeping America safe,
b) insisting that the whole thing was supposed to be humorous, and
c) wondering why anyone who thinks nuclear weapons are a joking matter should be trusted with the world’s largest nuclear arsenal.
I suggest that the offensive tweet is a symptom of a larger problem.
The tweet itself seems like the kind of inside humour that professionals such as lawyers, surgeons, and undertakers share among themselves. Yes, even undertakers. An undertakers’ association dinner has more laughs than most stand-up comedy.
But the “bigger ball” tweet didn’t go just to insiders. It went to the whole world. And that’s both the blessing and curse of the internet.
Information no longer flows through controlled channels. Anyone can send anything. Anyone can read anything.
And anyone can hack into any computer system, anywhere.
The year 2017 demonstrated this frightening new reality, when the Wannacry virus spread itself through Microsoft Windows computers around the world.
My wife, as it happens, was a victim.
A box popped up on her screen. “Oops,” it announced, “your files have been encrypted.”
More realistically, kidnapped. The perpetrators demanded a ransom in untraceable bitcoin currency. Within seven days. After that, her documents would disappear. Forever.
Fortunately, my wife had the sense not to push any buttons in response. She shut down her computer, packed it up, took it to someone who could trace the cause and disable it. For about the same cost as the ransom.
Thousands, apparently, were not as cautious. For several days, Wannacry disabled shipping giants like Maersk, and other shipping terminals and operators. It also affected Britain’s National Health Service, shutting down computers in hundreds of hospitals.
The U.S. accused North Korea of creating the Wannacry attacks. It should know, having used the Stuxnet virus itself to shut down parts of Iran’s nuclear enrichment program in 2010.
Similarly, Russia knocked out Ukraine’s power grid in 2015.
Hackers don't need to control an entire plant, explained Nir Giller of CyberX security in Israel. “They only need to control an individual sensor on a single machine,” he said. After that, the system will shut itself down.
It’s in that context that the U.S. demanded Canada arrest Huawei’s chief executive Meng Wanzhou when she passed through Vancouver airport. Chinese-owned Huawei is now the world’s largest producer of telecommunications equipment. Beyond billions of smart phones, it makes the network servers, the central hubs for transmission of billions of pieces of data, instructions, and government policies, that run the infrastructure of 170 countries.
The U.S. is terrified that the Chinese government could make Huawei build secret infiltration codes into its products.
But they’re missing the point. Wannacry proved you don’t need a government to bring another government to its knees.
“A team of five guys sitting in a basement can be just as devastating as WMDs," cybersecurity investor Sergei Gribov told internet journalist Jim Edwards. “It’s really scary. Because it's really easy.”
“The fact that a simple extortion device could disable Britain’s largest employer in an afternoon did not go unnoticed,” Edwards commented. “It managed to burn down huge sectors in different countries,” agreed Andrew Tsonchev, technology director at Darktrace, a London-based cybersecurity firm.
Credit card or bank accounts become penny-ante stuff, say an increasing number of analysts.
Suddenly, hackers had a new target. They could take entire nations offline — if they wanted to.
The danger in Huawei is not that it has any malicious intentions itself. Or that China’s government could use it. The danger is that its equipment is so ubiquitous that if hackers ever find a weakness in Huawei’s firewalls, they could gain access into almost anything.
Even, maybe, the computers connected to the U.S. Strategic Command’s big red button.