Leitura para o fim-de-semana: a ciberguerra já é uma realidade. Só não damos por ela

Neste preciso momento há uma batalha a ser travada. De um lado um país que quer desenvolver um programa nuclear. Do outro, um grupo de Estados que o querem impedir. Esta guerra já provocou danos elevados. E pode ter levado o conflito para um nível totalmente novo. Mas nós não sabemos dela. Ela é travada por funcionários altamente especializados, reunidos em salas, bunkers ou simples cibercafés. Esta é uma guerra electrónica. Cibernética. As bombas são virus criados propositadamente para sabotar os avanços do inimigo. Os tanques assumem a forma de computadores poderosos. Os soldados são hackers. Só uma coisa se mantém em relação a um conflito tradicional. Os civis. Nós. Este artigo da Vanity Fair já é de Julho. Mas mantém toda uma actualidade, sobretudo se pensarmos no recente escândalo das intercepções electrónicas da NSA. Que mais haverá para divulgar?



Silent War

On the hidden battlefields of history’s first known cyber-war, the casualties are piling up. In the U.S., many banks have been hit, and the telecommunications industry seriously damaged, likely in retaliation for several major attacks on Iran. Washington and Tehran are ramping up their cyber-arsenals, built on a black-market digital arms bazaar, enmeshing such high-tech giants as Microsoft, Google, and Apple. With the help of highly placed government and private-sector sources, Michael Joseph Gross describes the outbreak of the conflict, its escalation, and its startling paradox: that America’s bid to stop nuclear proliferation may have unleashed a greater threat.

ByMichael Joseph GrossConstruction byStephen DoyleIllustration byChris Mueller


I. Battlespace

Their eyeballs felt it first. A wall of 104-degree air hit the cyber-security analysts as they descended from the jets that had fetched them, on a few hours’ notice, from Europe and the United States. They were in Dhahran, in eastern Saudi Arabia, a small, isolated city that is the headquarters of the world’s largest oil company, Saudi aramco. The group included representatives of Oracle, IBM, CrowdStrike, Red Hat, McAfee, Microsoft, and several smaller private firms—a SWAT dream team for the virtual realm. They came to investigate a computer-network attack that had occurred on August 15, 2012, on the eve of a Muslim holy day called Lailat al Qadr, “the Night of Power.” Technically the attack was crude, but its geopolitical implications would soon become alarming.

The data on three-quarters of the machines on the main computer network of Saudi aramco had been destroyed. Hackers who identified themselves as Islamic and called themselves the Cutting Sword of Justice executed a full wipe of the hard drives of 30,000 aramco personal computers. For good measure, as a kind of calling card, the hackers lit up the screen of each machine they wiped with a single image, of an American flag on fire.

A few technical details of the attack eventually emerged into the press. Aboard the U.S.S.Intrepid, in New York Harbor, Defense Secretary Leon Panetta told a group of C.E.O.’s that thearamco hack was “probably the most destructive attack that the private sector has seen to date.” Technical experts conceded the attack’s effectiveness but scorned its primitive technique. “It wrote over memory five, six times,” one hacker told me. “O.K., it works, but it’s notsophisticated.” Even so, many current and former government officials took account of the brute force on display and shuddered to think what might have happened if the target had been different: the Port of Los Angeles, say, or the Social Security Administration, or O’Hare International Airport. Holy shit, one former national-security official recalls thinking—pick any network you want, and they could do this to it. Just wipe it clean.

In the immediate aftermath of the attack, as forensic analysts began work in Dhahran, U.S. officials half a world away gathered in the White House Situation Room, where heads of agencies speculated about who had attacked aramco and why, and what the attackers might do next. Cutting Sword claimed that it acted in revenge for the Saudi government’s support of “crimes and atrocities” in countries such as Bahrain and Syria. But officials gathered at the White House could not help wondering if the attack was payback from Iran, using America’s Saudi ally as a proxy, for the ongoing program of cyber-warfare waged by the U.S. and Israel, and probably other Western governments, against the Iranian nuclear program.

When the history of cyber-warfare comes to be written, its first sentence may go something like this: “Israel gave the United States an ultimatum.” For a number of years, intelligence reports intermittently indicated that Iran was getting closer to building a nuclear bomb, which the Israeli leadership views as an existential threat. In 2004, Israel gave Washington a wish list of weapons and other capabilities it wanted to acquire. The list—for various kinds of hardware but also for items such as aerial transmission codes, so that Israeli jets could overfly Iraq without having to worry about being shot down by U.S. warplanes—left little doubt that Israel was planning a military attack to stop Iran’s nuclear progress. President George W. Bush regarded such action as unacceptable, while acknowledging that diplomacy and economic sanctions had failed to change Iran’s mind.

Intelligence and defense officials offered him a possible third way—a program of cyber-operations, mounted with the help of Israel and perhaps other allies, that would attack Iran’s nuclear program surreptitiously and at the very least buy some time. As with the drone program, the Obama administration inherited this plan, embraced it, and has followed through in a major way. Significant cyber-operations have been launched against Iran, and the Iranians have certainly noticed. It may be that these operations will eventually change minds in Tehran. But the aramco attack suggests that, for the moment, the target may be more interested in shooting back, and with weapons of a similar kind.

Cyberspace is now a battlespace. But it’s a battlespace you cannot see, and whose engagements are rarely deduced or described publicly until long after the fact, like events in distant galaxies. Knowledge of cyber-warfare is intensely restricted: almost all information about these events becomes classified as soon as it is discovered. The commanding generals of the war have little to say. Michael Hayden, who was director of the C.I.A. when some of the U.S. cyber-attacks on Iran reportedly occurred, declined an interview request with a one-line e-mail: “Don’t know what I would have to say beyond what I read in the papers.” But with the help of highly placed hackers in the private sector, and of current and former officials in the military and intelligence establishments and the White House, it is possible to describe the outbreak of the world’s first known cyber-war and some of the key battles fought so far.

II. Flame, Mahdi, Gauss

‘Ineeded to come up with something cool for self-promotion at conferences,” Wes Brown recalls. The year was 2005, and Brown, a hacker who is deaf and has cerebral palsy, started a business called Ephemeral Security with a colleague named Scott Dunlop. Banks and other corporations hired Ephemeral to hack their networks and steal information, then tell them how to keep bad guys from doing the same thing. So Brown and Dunlop spent a lot of time dreaming up ingenious break-ins. Sometimes they used those ideas to boost their street cred and advertise their business by making presentations at elite hacker conferences—elaborate festivals of one-upmanship involving some of the greatest technical minds in the world.

At a Dunkin’ Donuts coffee shop in Maine, Brown and Dunlop started brainstorming, and what they produced was a tool for attacking networks and gathering information in penetration tests—which also amounted to a revolutionary model for espionage. By July of that year, the two men completed writing a program called Mosquito. Not only did Mosquito hide the fact that it was stealing information, but its spy methods could be updated, switched out, and re-programmed remotely through an encrypted connection back to a command-and-control server—“the equivalent of in-flight drone repair,” Brown explains. In 2005 the unveiling of Mosquito was one of the most popular presentations at the prestigious hacker conference known as Def Con, in Las Vegas.

Many U.S. military and intelligence officials attend Def Con and have been doing so for years. As early as the 1990s, the U.S. government was openly discussing cyber-war. Reportedly, in 2003, during the second Gulf War, the Pentagon proposed freezing Saddam Hussein’s bank accounts, but the Treasury secretary, John W. Snow, vetoed the cyber-strike, arguing that it would set a dangerous precedent that could result in similar attacks on the U.S. and de-stabilize the world economy. (To this day, the Treasury Department participates in decisions concerning offensive cyber-warfare operations that could have an impact on U.S. financial institutions or the broader economy.) After 9/11, when counterterrorism efforts and intelligence became increasingly reliant on cyber-operations, the pressure to militarize those capabilities, and to keep them secret, increased. As Iran seemed to move closer to building a nuclear weapon, the pressure increased even more.

As Wes Brown recalls, none of the government types in the audience said a word to him after his Mosquito presentation at Def Con. “None that I could identify as government types, at least,” he adds, with a chuckle. But about two years later, probably in 2007, malware now known as Flame appeared in Europe and eventually spread to thousands of machines in the Middle East, mostly in Iran. Like Mosquito, Flame included modules that could, through an encrypted connection to a command-and-control server, be updated, switched out, and re-programmed remotely—just like in-flight drone repair. The Flame software offered a very full bag of tricks. One module secretly turned on the victim’s microphone and recorded everything it could hear. Another collected architectural plans and design schematics, looking for the inner workings of industrial installations. Still other Flame modules took screenshots of victims’ computers; logged keyboard activity, including passwords; recorded Skype conversations; and forced infected computers to connect via Bluetooth to any nearby Bluetooth-enabled devices, such as cell phones, and then vacuumed up their data as well.”

O artigo completo está aqui.

1 thought on “Leitura para o fim-de-semana: a ciberguerra já é uma realidade. Só não damos por ela

  1. só uma nota para os marinheiros com pouca experiencia de navegação na web : quem vai para o mar avia-se em terra. não acredite em todas as miragens e sereias que lhe mostrem: lembram-se das campanhas sobre o perigo da espionagem chinesa? pois agora compare com os programas Tempora/GCHQ ingles e NSA americano mais os virus Stuxnet e veja como acreditar no painatal e tudo o que se diz nos media bem controlados se pode ser bem enganado = claro que quem é enganado por gosto não cansa!

Deixe uma Resposta

Preencha os seus detalhes abaixo ou clique num ícone para iniciar sessão:

Logótipo da WordPress.com

Está a comentar usando a sua conta WordPress.com Terminar Sessão /  Alterar )

Imagem do Twitter

Está a comentar usando a sua conta Twitter Terminar Sessão /  Alterar )

Facebook photo

Está a comentar usando a sua conta Facebook Terminar Sessão /  Alterar )

Connecting to %s