eBook - ePub
Dark Territory
The Secret History of Cyber War
Fred Kaplan
This is a test
Share book
- 352 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
Dark Territory
The Secret History of Cyber War
Fred Kaplan
Book details
Book preview
Table of contents
Citations
About This Book
"An important, disturbing, and gripping history" ( Kirkus Reviews, starred review), the never-before-told story of the computer scientists and the NSA, Pentagon, and White House policymakers who invent and employ cyber warsâwhere every country can be a major power player and every hacker a mass destroyer. In June 1983, President Reagan watched the movie War Games, in which a teenager unwittingly hacks the Pentagon, and asked his top general if the scenario was plausible. The general said it was. This set in motion the first presidential directive on computer security.From the 1991 Gulf War to conflicts in Haiti, Serbia, Syria, the former Soviet republics, Iraq, and Iran, where cyber warfare played a significant role, Dark Territory chronicles a little-known past that shines an unsettling light on our future. Fred Kaplan probes the inner corridors of the National Security Agency, the beyond-top-secret cyber units in the Pentagon, the "information warfare" squads of the military services, and the national security debates in the White House to reveal the details of the officers, policymakers, scientists, and spies who devised this new form of warfare and who have been planningâand (more often than people know) fightingâthese wars for decades."An eye-opening history of our government's efforts to effectively manage our national security in the face of the largely open global communications network established by the World Wide WebâŠ. Dark Territory is a page-turner [and] consistently surprising" ( The New York Times ).
Frequently asked questions
How do I cancel my subscription?
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlegoâs features. The only differences are the price and subscription period: With the annual plan youâll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weâve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Dark Territory an online PDF/ePUB?
Yes, you can access Dark Territory by Fred Kaplan in PDF and/or ePUB format, as well as other popular books in History & Military & Maritime History. We have over one million books available in our catalogue for you to explore.
Information
CHAPTER 1
âCOULD SOMETHING LIKE THIS REALLY HAPPEN?â
IT was Saturday, June 4, 1983, and President Ronald Reagan spent the day at Camp David, relaxing, reading some papers, then, after dinner, settling in, as he often did, to watch a movie. That nightâs feature was WarGames, starring Matthew Broderick as a tech-whiz teenager who unwittingly hacks into the main computer at NORAD, the North American Aerospace Defense Command, and, thinking that heâs playing a new computer game, nearly triggers World War III.
The following Wednesday morning, back in the White House, Reagan met with the secretaries of state, defense, and treasury, his national security staff, the chairman of the Joint Chiefs of Staff, and sixteen prominent members of Congress, to discuss a new type of nuclear missile and the prospect of arms talks with the Russians. But he couldnât get that movie out of his mind. At one point, he put down his index cards and asked if anyone else had seen it. Nobody had (it had just opened in theaters the previous Friday), so he launched into a detailed summary of its plot. Some of the legislators looked around the room with suppressed smiles or arched eyebrows. Not quite three months earlier, Reagan had delivered his âStar Warsâ speech, calling on scientists to develop laser weapons that, in the event of war, could shoot down Soviet nuclear missiles as they darted toward America. The idea was widely dismissed as nutty. What was the old man up to now?
After finishing his synopsis, Reagan turned to General John Vessey, the chairman of the Joint Chiefs, the U.S. militaryâs top officer, and asked, âCould something like this really happen?â Could someone break into our most sensitive computers?
Vessey, whoâd grown accustomed to such queries, said he would look into it.
One week later, the general came back to the White House with his answer. WarGames, it turned out, wasnât at all far-fetched. âMr. President,â he said, âthe problem is much worse than you think.â
Reaganâs question set off a string of interagency memos, working groups, studies, and meetings, which culminated, fifteen months later, in a confidential national security decision directive, NSDD-145, signed September 17, 1984, titled âNational Policy on Telecommunications and Automated Information Systems Security.â
It was a prescient document. The first laptop computers had barely hit the market, the first public Internet providers wouldnât come online for another few years. Yet the authors of NSDD-145 noted that these new devicesâwhich government agencies and high-tech industries had started buying at a rapid clipâwere âhighly susceptible to interception, unauthorized electronic access, and related forms of technical exploitation.â Hostile foreign intelligence agencies were âextensivelyâ hacking into these services already, and âterrorist groups and criminal elementsâ had the ability to do so as well.
This sequence of eventsâReaganâs oddball question to General Vessey, followed by a pathbreaking policy documentâmarked the first time that an American president, or a White House directive, discussed what would come to be called âcyber warfare.â
The commotion, for now, was short-lived. NSDD-145 placed the National Security Agency in charge of securing all computer servers and networks in the United States, and, for many, that went too far. The NSA was Americaâs largest and most secretive intelligence agency. (Insiders joked that the initials stood for âNo Such Agency.â) Established in 1952 to intercept foreign communications, it was expressly forbidden from spying on Americans. Civil liberties advocates in Congress were not about to let a presidential decree blur this distinction.
And so the issue vanished, at least in the realm of high-level politics. When it reemerged a dozen years later, after a spate of actual cyber intrusions during Bill Clintonâs presidency, enough time had passed that the senior officials of the dayâwho didnât remember, if theyâd ever known of, NSDD-145âwere shocked by the nationâs seemingly sudden vulnerability to this seemingly brand-new threat.
When the White House again changed hands (and political parties) with the election of George W. Bush, the issue receded once more, at least to the public eye, especially after the terrorist attacks of September 11, 2001, which killed three thousand Americans. Few cared about hypothetical cyber wars when the nation was charging into real ones with bullets and bombs.
But behind closed doors, the Bush administration was weaving cyber war techniques with conventional war plans, and so were the military establishments of several other nations, friendly and otherwise, as the Internet spread to the globeâs far-flung corners. Cyber war emerged as a mutual threat and opportunity, a tool of espionage and a weapon of war, that foes could use to hurt America and that America could use to hurt its foes.
During Barack Obamaâs presidency, cyber warfare took off, emerging as one of the few sectors of the defense budget that soared while others stayed stagnant or declined. In 2009, Obamaâs first secretary of defense, Robert Gates, a holdover from the Bush years, created a dedicated Cyber Command. In its first three years, the commandâs annual budget tripled, from $2.7 billion to $7 billion (plus another $7 billion for cyber activities in the military services, all told), while the ranks of its cyber attack teams swelled from 900 personnel to 4,000, with 14,000 foreseen by the end of the decade.
The cyber field swelled worldwide. By the midpoint of Obamaâs presidency, more than twenty nations had formed cyber warfare units in their militaries. Each day brought new reports of cyber attacks, mounted by China, Russia, Iran, Syria, North Korea, and others, against the computer networks of not just the Pentagon and defense contractors but also banks, retailers, factories, electric power grids, waterworksâeverything connected to a computer network, and, by the early twenty-first century, that included nearly everything. And, though much less publicized, the United States and a few other Western powers were mounting cyber attacks on other nationsâ computer networks, too.
In one sense, these intrusions were nothing new. As far back as Roman times, armies intercepted enemy communications. In the American Civil War, Union and Confederate generals used the new telegraph machines to send false orders to the enemy. During World War II, British and American cryptographers broke German and Japanese codes, a crucial ingredient (kept secret for many years after) in the Allied victory. In the first few decades of the Cold War, American and Russian spies routinely intercepted each otherâs radio signals, microwave transmissions, and telephone calls, not just to gather intelligence about intentions and capabilities but, still more, to gain an advantage in the titanic war to come.
In other ways, though, information warfare took on a whole new dimension in the cyber age. Until the new era, the crews gathering SIGINTâsignals intelligenceâtapped phone lines and swept the skies for stray electrons, but thatâs all they could do: listen to conversations, retrieve the signals. In the cyber age, once they hacked a computer, they could prowl the entire network connected to it; and, once inside the network, they could not only read or download scads of information; they could change its contentâdisrupt, corrupt, or erase itâand mislead or disorient the officials who relied on it.
Once the workings of almost everything in life were controlled by or through computersâthe guidance systems of smart bombs, the centrifuges in a uranium-enrichment lab, the control valves of a dam, the financial transactions of banks, even the internal mechanics of cars, thermostats, burglary alarms, toastersâhacking into a network gave a spy or cyber warrior the power to control those centrifuges, dams, and transactions: to switch their settings, slow them down, speed them up, or disable, even destroy them.
This damage was wreaked remotely; the attackers might be half a world away from the target. And unlike the atomic bomb or the intercontinental ballistic missile, which had long ago erased the immunity of distance, a cyber weapon didnât require a large-scale industrial project or a campus of brilliant scientists; all it took to build one was a roomful of computers and a small corps of people trained to use them.
There was another shift: the World Wide Web, as it came to be called, was just thatâa network stretched across the globe. Many classified programs ran on this same network; the difference was that their contents were encrypted, but this only meant that, with enough time and effort, they could be decrypted or otherwise penetrated, too. In the old days, if spies wanted to tap a phone, they put a device on a single circuit. In the cyber era, Internet traffic moved at lightning speed, in digital packets, often interspersed with packets containing other peopleâs traffic, so a terroristâs emails or cell phone chatter couldnât be extracted so delicately; everyoneâs chatter and traffic got tossed in the dragnet, placed, potentially, under the ever-watchful eye.
The expectation arose that wars of the future were bound to be, at least in part, cyber wars; cyberspace was officially labeled a âdomainâ of warfare, like air, land, sea, and outer space. And because of the seamless worldwide network, the packets, and the Internet of Things, cyber war would involve not just soldiers, sailors, and pilots but, inexorably, the rest of us. When cyberspace is everywhere, cyber war can seep through every digital pore.
During the transitions between presidents, the ideas of cyber warfare were dismissed, ignored, or forgotten, but they never disappeared. All along, and even before Ronald Reagan watched WarGames, esoteric enclaves of the national-security bureaucracy toiled away on fixingâand, still more, exploitingâthe flaws in computer software.
General Jack Vessey could answer Reaganâs question so quicklyâwithin a week of the meeting on June 8, 1983, where the president asked if someone could really hack the militaryâs computers, like the kid in that movieâbecause he took the question to a man named Donald Latham. Latham was the assistant secretary of defense for command, control, communications, and intelligenceâASD(C3I), for shortâand, as such, the Pentagonâs liaison with the National Security Agency, which itself was an extremely secret part of the Department of Defense. Spread out among a vast complex of shuttered buildings in Fort Meade, Maryland, surrounded by armed guards and high gates, the NSA was much larger, better funded, and more densely populated than the more famous Central Intelligence Agency in Langley, Virginia. Like many past (and future) officials in his position, Latham had once worked at the NSA, still had contacts there, and knew the ins and outs of signals intelligence and how to break into communications systems here and abroad.
There were also top secret communications-intelligence bureaus of the individual armed services: the Air Intelligence Agency (later called the Air Force Information Warfare Center) at Kelly Air Force Base in San Antonio, Texas; the 609th Information Warfare Squadron at Shaw Air Force Base in Sumter, South Carolina; scattered cryptology labs in the Navy; the CIAâs Critical Defense Technologies Division; the Special Technological Operations Division of J-39, a little known office in the Pentagonâs Joint Staff (entry required dialing the combination locks on two metal doors). They all fed to and from the same centers of beyond-top-secret wizardry, some of it homegrown, some manufactured by ESL, Inc. and other specialized private contractors. And they all interacted, in one way or another, with the NSA.
When Reagan asked Vessey if someone could really hack into the militaryâs computers, it was far from the first time the question had been asked. To those who would write NSDD-145, the question was already very old, as old as the Internet itself.
In the late 1960s, long before Ronald Reagan watched WarGames, the Defense Department undertook a program called the ARPANET. Its direct sponsor, ARPA (which stood for Advanced Research Projects Agency), was in charge of developing futuristic weapons for the U.S. military. The idea behind ARPANET was to let the agencyâs contractorsâscientists at labs and universities across the countryâshare data, papers, and discoveries on the same network. Since more and more researchers were using computers, the idea made sense. As things stood, the director of ARPA had to have as many computer consoles in his office as there were contractors out in the field, each hooked up to a separate telephone modemâone to communicate with UCLA, another with the Stanford Research Institute, another with the University of Utah, and so forth. A single network, linking them all, would not only be more economical, it would also let scientists around the country exchange data more freely and openly; it would be a boon to scientific research.
In April 1967, shortly before ARPANETâs rollout, an engineer named Willis Ware wrote a paper called âSecurity and Privacy in Computer Systemsâ and delivered it at the semiannual Joint Computer Conference in New York City. Ware was a pioneer in the field of computers, dating back to the late 1940s, when there barely was such a field. At Princetonâs Institute for Advanced Studies, heâd been a protĂ©gĂ© of John von Neumann, helping design one of the first electrical computers. For years now, he headed the computer science department at the RAND Corporation, an Air Forceâfunded think tank in Santa Monica, California. He well understood the point of ARPANET, lauded its goals, admired its ambition; but he was worried about some implications that its managers had overlooked.
In his paper, Ware laid out the risks of what he called âresource-sharingâ and âon-lineâ computer networks. As long as computers stood in isolated chambers, security wouldnât be a problem. But once multiple users could access data from unprotected locations, anyone with certain skills could hack into the networkâand after hacking into one part of the network, he could roam at will.
Ware was particularly concerned about this problem because he knew that defense contractors had been asking the Pentagon for permission to store classified and unclassified files on a single computer. Again, on one level, the idea made sense: computers were expensive; commingling all the data would save lots of money. But in the impending age of ARPANET, this practice could prove disastrous. A spy who hacked into unclassified networks, which were entirely unprotected, could find âback doorsâ leading to the classified sections. In other words, the very existence of a network created sensitive vulnerabilities; it would no longer be possible to keep secrets.
Stephen Lukasik, ARPAâs deputy director and the supervisor of the ARPANET program, took the paper to Lawrence Roberts, the projectâs chief scientist. Two years earlier, Roberts had designed a communications link, over a 1200-baud phone line, between a computer at MITâs Lincoln Lab, where he was working at the time, and a colleagueâs computer in Santa Monica. It was the first time anyone had pulled off the feat: he was, in effect, the Alexander Graham Bell of the computer age. Yet Roberts hadnât thought about the security of this hookup. In fact, Wareâs paper annoyed him. He begged Lukasik not to saddle his team with a security requirement: it would be like telling the Wright brothers that their first airplane at Kitty Hawk had to fly fifty miles while carrying twenty passengers. Letâs do this step by step, Roberts said. It had been hard enough to get the system to work; the Russians wouldnât be able to build something like this for decades.
He was right; it would take the Russians (and the Chinese and others) decadesâabout three decadesâto develop their versions of the ARPANET and the technology to hack into Americaâs. Meanwhile, vast systems and networks would sprout up throughout the United States and much of the world, without any provisions for security.
Over the next forty years, Ware would serve as a consultant on government boards and commissions dealing with computer security and privacy. In 1980, Lawrence Lasker and Walter Parkes, former Yale classmates in their late twenties, were writing the screenplay for the film that would come to be called WarGames. They were uncertain about some of the plotlineâs plausibility. A hacker friend had told them about âdemon-dialingâ (also called âwar-dialingâ), in which a telephone modem searched for other nearby modems by automatically dialing each phone number in a local area code and letting it ring twice before moving on to the next number. If a modem answered, it would squawk; the demon-dialing software would record that number, and the hacker would call it back later. (This was the way that early computer geeks found one another: a pre-Internet form of web trolling.) In the screenplay, this was how their whiz-kid hero breaks into the NORAD computer. But Lasker and Parkes wondered whether this was possible: wouldnât a military computer be closed off to public phone lines?
Lasker lived in Santa Monica, a few blocks from RAND. Figuring that someone there might be helpful, he called the public affairs officer, who put him in touch with Ware, who invited the pair to his office.
Theyâd found the right man. Not only had Ware long known about the myriad vulnerabilities of computer networks, heâd helped design the software program at NORAD. And for someone so steeped in the world of big secrets, Ware was remarkably open, even friendly. He looked like Jiminy Cricket from the Disney cartoon film of Pinocchio, and he acted a bit like him, too: excitable, quick-witted, quick to laugh.
Listening to the pairâs questions, Ware waved off their worries. Yes, he told them, the NORAD computer was supposed to be closed, but some officers wanted to work from home on the weekend, so theyâd leave a port open. Anyone could get in, if the right number was dialed. Ware was letting the fledgling screenwriters in on a secret that few of his colleagues knew. The only computer thatâs completely secure, he told them with a mischievous smile, is a computer that no one can use.
Ware gave Lasker and Parkes the confidence to move forward with their project. They werenât interested in writing sheer fantasy; they wanted to imbue even the unlikeliest of plot twists with a grain of authenticity, and Ware gave them that. It was fitting that the scenario of WarGames, which aroused Ronald Reaganâs curiosity and led to the first national policy on reducing the vulnerability of computers, was in good part the creation of the man whoâd first warned that they were vulnerable.
Ware couldnât say so, but besides working for RAND, he also served on the Scientific Advisory Board of the National Security Agency. He kn...