The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics

Image of The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics
Release Date: 
February 25, 2020
Harvard University Press
Reviewed by: 

The Hackers and the State provides a reliable summary and deep analysis of a novel force bound to shape world affairs.”

Intelligence goes back a long way. Julius Caesar developed his own cryptography. In 1916 British intelligence told Americans about the Zimmerman telegram. The Hacker and the State reviews the history of intelligence operations, provides an analytical framework (e.g., distinguishing between passive and active intelligence gathering), and recounts and analyzes a series of recent case studies involving dozens of governments and other actors on the world scene

A major case is that of “Stuxnet” aimed at sabotaging Iran’s centrifuges at Nantez. To do so, it had to know their layout. An Iranian mole recruited by Dutch intelligence provided some details on how they worked. Other data were obtained by malicious software that acted as a worm inside the Nantez plant. From afar U.S. and Israeli operators were able to raise the pressure inside centrifuges to five times a safe level, prompting gases inside to become solid, causing the centrifuges to fail. The saboteurs hid their work by playing back a recording of normal functioning on a loop—what the Iranians expected to see. Meanwhile, the prized centrifuges destroyed themselves.

An even more destructive version of Stuxnet was launched, perhaps by Israelis, which spread to hundreds of thousands of computers inside Iran and to computers in more than one hundred other countries. It was discovered by a Belarusian computer specialist working in Iran. American investigators then went deeper and revealed what Ralph Langer in 2010 called “cyberwar” directed against Iran.         

Even with the enormous skills and effort given to crippling Iran’s nuclear weapon program, Stuxnet scored only a limited success for its U.S. and Israeli engineers. It was a goldmine, however, for researchers studying how hacking can shape international relations.

A more serious attack known as “Wiper” occurred in 2012, crippling computers in Iran’s oil production facilities. It did not stop production but “wiped” many of the Windows documents in these facilities. It then destroyed itself, leaving almost no traces of what caused the malfunctions.

Buchanan writes that Wiper bore many similarities to Stuxnet but leaves open whether it was launched by the United States or Israel or both. Unlike an overt military threat, Stuxnet and Wiper amounted to covert sabotage seeking to demoralize Iranians, delay their nuclear progress, and slow their oil production. It worked in tandem with tightening sanctions aimed at isolating and weakening the regime. It may have made more attractive the nuclear deal the Obama administration and other governments signed with Tehran. Now that the Trump administration has withdrawn from the deal, Iran says it is revitalizing some of its nuclear programs.

What happens when hacking is exposed? At the very time that Russian election interference commenced in August 2016, a shadowy group known as the Shadow Brokers announced that they possessed and would auction off the NSA’s hacking tools. Like criminals, the group wanted bribes but may have been associated with or aided by the Russian government. The Shadow Brokers exposed the scope of NSA’s operations along with how to make use of its tools. By May of 2019 hackers around the world were repurposing the NSA’s instruments for their own destructive goals. Here was a mix of counterintelligence and sabotage.

China in the 21st century has acquired and utilized a strong capability for hacking. The People’s Liberation Army provides many of China’s most adept hackers, many in Unit 61398 and working in a particular building well known to western intelligence. Like other aspects of Chinese culture, the PLA hackers have a long-term orientation. They log on to whatever U.S. and other foreign computer systems are available, often found by spear-phishing, and wait for someone to drop a password or other key to the network. Chinese students and researchers in the west send home reams of scientific and personal information. These efforts have been rewarded by a gigantic transfer of wealth and information, for example, a near duplicate of the Boeing C-17 military cargo transport plane. Top Chinese leaders have promised Washington to halt this massive theft but say they cannot stop “non-governmental” hackers.

Huge economic and technological issues are at stake. In 2007 Westinghouse Electric was the world’s leading nuclear power firm; ten years later it declared bankruptcy. What happened? In 2007 the company signed a contract to build four AP1000 nuclear reactors in China. Chinese hackers immediately began to penetrate Westinghouse. They pilfered some 700,000 pages of emails and other documents showing how to build the AP1000 and other reactors. By 2017 Westinghouse had ceded market leadership to Chinese firms.

Personal information on individual Americans can also be valuable to Beijing. Chinese hackers are probably responsible for the hack of personal data of at least half the U.S. population from major health insurance companies and the credit monitoring firm Equifax.

The United States, Russia, and China have some of the strongest hacking capabilities, but North Korea may have netted the most money from its computer operations. Having exercised its destructive powers, it began to focus on financially lucrative and destabilizing operations. It launched denial of service operations against the United States in 2009, wiped out many business computers in South Korea in 2013, and paralyzed Sony in 2014, and began to hack financial institutions. It hit hard major banks in Bangladesh and India, apparently learning how to exploit subunits of the international SWIFT network. It may try to flood the DSWIFT system

Many details of Stuxnet and other cases described by Buchanan have been revealed in newspaper accounts and in books such as David Sanger, Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power (Crown, 2012), which Buchanan cites often.  Buchanan has covered a broad terrain in which each case serves as a marker. His final chapter downplays fears that cyberwar will be as cataclysmic as nuclear war. While Russian hackers may fear hacking a superpower, North Koreans may be bolder. In any event it can be nearly impossible reliably to identify the intruders.

On balance, Buchanan argues, hacking is just the new normal in engagement between competing entities. David Sanger’s later book, The Perfect Weapon: War, Sabotage, and Fear (Crown, 2018), not cited by Buchanan, offers a more worrisome perspective. It highlights the many vulnerabilities in electronic grids, water systems, transportation, and overall infrastructure to sabotage from afar. Regardless which perspective proves more accurate, The Hackers and the State provides a reliable summary and deep analysis of a novel force bound to shape world affairs.