America and cyberweapons— uncharted territory

Pentagon’s decision is necessary and inevitable

Do you worry about credit card theft? What about someone stealing your identity?

Well, despite these strikes becoming ever more frequent (my mom got hit twice in the same month), these occurrences are just scratching the surface of cyber attacks, and far be it from me to trust the government with spy technology, but this time it might be warranted—maybe even overdue.

Pentagon’s decision is necessary and inevitable
ELIZABETH THOMPSON/VANGUARD STAFF

Do you worry about credit card theft? What about someone stealing your identity?

Well, despite these strikes becoming ever more frequent (my mom got hit twice in the same month), these occurrences are just scratching the surface of cyber attacks, and far be it from me to trust the government with spy technology, but this time it might be warranted—maybe even overdue.

The Pentagon knows about this dilemma intimately, as they themselves were hacked by “foreign intruders” who took more than 24,000 government files. This is not an isolated event, though. Huge corporations such as Google, Intel and Morgan Stanley have been hacked as well, not to mention the International Monetary Fund.

Joel F. Brenner, the head of U.S. counterintelligence until 2009, said to Bloomberg Businessweek: “It’d be fair to say that at least 2,000 companies have been hit…And that number is on the conservative side.” Needless to say, when private companies and intelligence agencies can be hit on this scale, you know it’s time to up your security.

The government is doing just that. The Pentagon announced last month that it would begin acquisition of new and improved cyber weaponry to build up the U.S.’s cyber arms capabilities. There’s a plan for fast-tracking acquisition, which would enable certain weapons to be used within days, whether offensive or defensive, as well as a slower track that would take more like nine months to be active.

Both of these tracks are relatively fast in comparison to the development of regular arms, and cheaper too. As opposed to investing in development capabilities, the government intends to buy these cyber arms from private companies.

The reason for this is that the playing field for cyber weapons can change rapidly, and it is ultimately more cost effective to purchase a weapon rather than spending money on a technology that may evolve quicker than it can be developed.

Whether there is a problem with private companies selling cyber arms to the government is debatable. Still, many companies have popped up recently with a mind to capitalize on this arms race.

Generally speaking, the “sell to the highest bidder” mentality tends to fuel the fire, but that’s the position that Endgame Systems is in. As reported in Bloomberg Businessweek, the company sells packages where, “a government or other entity could launch sophisticated attacks against just about any adversary anywhere in the world for a grand total of $6 million”—a relative drop in the bucket.

Endgame sells botnets and zero-day exploits, among other weapons. A botnet is a group of individual computers that have been hacked to form a collective, which can then be controlled by the hacker to, for example, all shut down at a certain time.

These botnets usually consist of hundreds of thousands of personal computers that have been developed over several years. What an exploit does is find holes in common computer systems like Windows, where a hacker can place a worm or virus that can cripple the device.

A zero-day exploit is the most effective kind of exploit because it attacks the system before the software developer even knows about its existence.

Needless to say, these devices are very powerful. Credit card theft is nothing compared to crippling an entire nation’s Internet or shutting down a country’s entire power grid. And the key is that these attacks are silent and often undetectable. A zero-day exploit can happen before anyone knows about it and disappear without a trace, and botnets can use hundreds of thousands of unsuspecting people’s computers to aid an attack.

According to Kevin G. Coleman, the former chief strategist of Netscape and author of The Cyber Commander’s eHandbook, weapons like these can also be used to shut down oxygen systems at hospitals or control the computer network of a car. Other scary scenarios are detailed in the downloadable version of the book, but these two were enough to scare me out of my wits.

Is this likely though? Probably not. Cyber Command, the armed forces unit instituted in 2009, has been stepping up its monitoring of malware in accordance with the Pentagon’s recent push for acquisitions. And the incentive not to use this technology is very high, since retaliation would be easier, cheaper and quicker.

Still, though, many news associations are calling this cyber arms race “uncharted territory.” It certainly feels like a Twilight Zone episode come to life when Cyber Command could potentially commandeer a car from a remote location.

The increase in cyber weapon acquisition does mean that the government will have more power to snoop. But, luckily for us, as evidenced by the fact that even the Pentagon can’t protect itself from being hacked, it seems there are bigger fish to fry.