{"id":113743,"date":"2021-04-09T08:43:30","date_gmt":"2021-04-09T08:43:30","guid":{"rendered":"https:\/\/www.counterpunch.org\/?p=134701"},"modified":"2021-04-09T08:43:30","modified_gmt":"2021-04-09T08:43:30","slug":"why-the-u-s-shouldnt-play-games-with-cyberwarfare-as-its-power-declines","status":"publish","type":"post","link":"https:\/\/radiofree.asia\/2021\/04\/09\/why-the-u-s-shouldnt-play-games-with-cyberwarfare-as-its-power-declines\/","title":{"rendered":"Why the U.S. Shouldn\u2019t Play Games With Cyberwarfare as Its Power Declines"},"content":{"rendered":"

Two major cyberhacks\u2014of SolarWinds<\/a> and Microsoft Exchange Server<\/a>\u2014have affected a whole range of computer systems worldwide. Both are supply chain hacks, meaning that they appeared to be routine software upgrades for particular components in these systems instead of inserted malicious codes.<\/p>\n

In the SolarWinds hack, a backdoor in one of the components was downloaded to the systems of 18,000 organizations<\/a>, including the U.S. Treasury and Commerce departments<\/a>, the Department of Homeland Security and the State Department.<\/p>\n

In the Microsoft Exchange Server hack, an estimated 250,000 machines<\/a>worldwide might have been affected by a vulnerability that allowed hackers to control the machines and even infect other systems in the internal network of the targeted companies. Four major vulnerabilities<\/a> in Microsoft Exchange Server were reported to Microsoft in early January<\/a>. Unfortunately, it wasn\u2019t until early March<\/a> that Microsoft released patches<\/a>, according to ZDNet. These vulnerabilities were used by the hackers during the period that Microsoft had either not released the patches, or companies had not upgraded their systems and installed the patches.<\/p>\n

In the SolarWinds hack, the U.S. authorities<\/a> and security companies that work closely with the U.S. government have blamed Russian intelligence agencies for the hack, which was discovered<\/a> in late 2020. In the case of the recent Microsoft Exchange Server hack<\/a>, Microsoft blamed \u201ca Chinese state-sponsored group dubbed \u2018Hafnium,\u2019\u201d according to PC Magazine. It is unlikely that either the Russians or Chinese spy agencies would execute such a widespread attack on systems. Their interests are better served by targeting a few critical systems and compromising them rather than infecting systems on such a wide scale.<\/p>\n

The scale of the attacks multiplied exponentially, particularly after Microsoft announced the four vulnerabilities and released<\/a> their patches. Many of the large number of organizations that use Microsoft Exchange for their email servers\u2014including small companies and local governments<\/a>\u2014were slow to apply the patches. This allowed a huge number of rogue hackers to get into the act<\/a>, setting off a feeding frenzy<\/a> of hacking unprotected systems.<\/p>\n

U.S. government agencies are looking<\/a> at how to retaliate against Russia and China for the cyberattacks, with some lawmakers going as far as towonder<\/a> if \u201cthe [SolarWinds] cyber intrusion amounts to an \u2018act of war<\/a>,\u2019\u201d according to<\/a> Breaking Defense. What these claims overlook is that all countries have offensive and defensive capabilities, and \u201cstealing\u201d data and knowledge from other countries is a time-honored tradition of spook agencies. It becomes an act of war only if it leads to physical damage to critical equipment or infrastructure.<\/p>\n

Any identification of the cyberattacks as Russian or Chinese is based on the evidence of supposed Russian or Chinese \u201csignatures\u201d in the software. The CIA\u2019s hacking tools, details of which are available in Vault 7<\/a> of WikiLeaks, show that such signatures can be faked by the agency. The NSA tools dumped<\/a> by a group called the Shadow Brokers<\/a> on the internet in 2017<\/a> show that the NSA can also spoof signatures<\/a> of other countries or of hacker groups. A report from DarkOwl<\/a> titled \u201cNation State Actors on the Darknet\u201d says that NSA\u2019s tools made public by the Shadow Brokers include UNITEDRAKE, which \u201cprovides the unique capability to disguise the origin of the attack, effectively projecting attribution onto another country or hacking group.\u201d This problem is further compounded by the fact that these tools are now accessible<\/a> to all hackers. This means that identifying the origin of software from code \u201csignatures\u201d is at best a conjecture.<\/p>\n

Why does the United States expect Russia or China not to hack other country\u2019s systems, when we all know that the NSA and the CIA have been routinely hacking systems from all over the world? The Edward Snowden revelations showed that the United States and its Five Eyes<\/a> partners did everything (and then some) that they are today accusing Russia and China of doing. XKeyscore<\/a> and Prism<\/a>, two of the largest NSA programs, showed how systems across the world had been hacked or compromised by the intelligence agency. The NSA\u2019s Tailored Access Operations<\/a> hacked hardware that went to different countries, providing the NSA with physical backdoors into equipment in foreign networks. The U.S. and its Five Eyes partners hacked systems across the rest of the world, not even sparing their close NATO allies like Belgium and Germany. The NSA\u2019s UK counterpart, the GCHQ, hacked<\/a> Belgium\u2019s largest telecom company, Belgacom (now known as Proximus), which operates a large number of data links internationally. It serves millions of people including top officials from the European Commission, the European Parliament, and the European Council. According to a February 2016 article<\/a> in the Local, WikiLeaks documents revealed that the NSA even listened in on German \u201cChancellor Angela Merkel\u2019s private conversations with world leaders.\u201d<\/p>\n

The United States has, meanwhile, mounted a worldwide campaign against the Chinese multinational technology company Huawei for being a security risk for global networks and asserts that a clean network means no Chinese equipment. In March 2014, the New York Times<\/a> and Der Spiegel<\/a> reported on an NSA program code-named \u201cShotgiant\u201d that hacked into Huawei systems and its network to find a link between Huawei and the People\u2019s Liberation Army. As the New York Times report says, \u201cBut the plans went further: to exploit Huawei\u2019s technology so that when the company sold equipment to other countries\u2014including both allies and nations that avoid buying American products\u2014the NSA could roam through their computer and telephone networks to conduct surveillance and, if ordered by the president, offensive cyberoperations.\u201d The Times report adds, quoting an NSA document that it and Der Spiegel disclosed, \u201cMany of our targets communicate over Huawei-produced products\u2026 We want to make sure that we know how to exploit these products\u2026 to \u2018gain access to networks of interest\u2019 around the world.\u201d<\/p>\n

The NSA document above shows that the NSA not only conducted surveillance operations in the networks of other countries but also carried out offensive cyber operations. So if the NSA or the CIA compromises<\/a> the computers, routers or other equipment of a country, they not only exfiltrate data out of these networks but also have offensive capabilities of inserting logic bombs in the target network or equipment to bring them down.<\/p>\n

In a reenactment of former President Obama\u2019s campaign in 2013-14 against China<\/a> and Russia<\/a> on cyberwar and cyberespionage, the Biden administration is attributing all the major cyberhacks in the world to \u2018evil\u2019 Russian and Chinese actors. Obama\u2019s campaign had to be aborted due to the damaging Snowden revelations<\/a>. The United States appears to believe that the world by now has forgotten about Snowden. The time is ripe again for a renewed offensive on hacking against Russia and China, with the Biden administration continuing<\/a> Trump\u2019s confrontationist policies relating to both these countries.<\/p>\n

The question is, with growing offensive capabilities, can we continue to play along this path of confrontation? Can we play this reckless game of cyber chicken without suffering devastating consequences? Can cyber offensive capabilities lead inadvertently to an attack that has physical consequences and, therefore, to a physical war?<\/p>\n

With the Stuxnet attack<\/a> on Iran\u2019s centrifuges, a line of not causing physical damage using cyberweapons\u2014the cyber Rubicon\u2014was crossed<\/a>. Dress it up any way we want, an attack on equipment processing radioactive material that could lead to possible radioactive leakage marked the first use of a cyberweapon.<\/p>\n

In a repeat of the atom bomb era, where the United States thought that it had a long-term monopoly over nuclear weapons, the United States now considers its cyber dominance to be long-term<\/a>. Commenting on the U.S.\u2019s rejection of any proposal to ban cyberweapons\u2014in a May 2012 report published by the international affairs think tank Chatham House, \u201cCyber Security and International Law\u201d\u2014Mary Ellen O\u2019Connell from the University of Notre Dame Law School and Chatham House\u2019s Louise Arimatsu explained<\/a> that the United States\u2019 resistance to proposals for a treaty may have been related to \u201cU.S. plans to use the Internet for offensive purposes\u2026 U.S. officials claim publicly that Cyber Command is primarily defensive, but the reluctance to entertain the idea of a cyberspace disarmament treaty is raising questions about the true U.S. position.\u201d<\/p>\n

The United States and its NATO allies have turned down every attempt within the United Nations framework to ban cyberweapons. Russia, China and many other countries tried to have a UN process to discuss a cyber peace treaty. In 2009, Russia proposed a treaty<\/a> modeled on the Chemical Weapons Convention that would ban cyberweapons, a call it has repeated<\/a>in the UN. The United States has turned it down every time, arguing instead that every country should accept the Tallinn Manual. The Tallinn Manual is a nonbinding academic study<\/a> sponsored by a group of NATO countries on how international law should be interpreted for cyberspace. It does not call for a ban on cyberweapons but only defines what a cyberweapon is and where its use would violate international law. Clearly, the Tallinn Manual is a far cry from a treaty on maintaining cyber peace and banning cyberweapons.<\/p>\n

Cybersecurity threats are emerging as one of the most serious challenges of the 21st century. The Russians and Chinese are not the only ones promoting a cyber peace treaty\u2014or at least negotiations of dos and don\u2019ts in the cyber era. With the leak of the NSA\u2019s tools<\/a> on the internet and in the wake of WannaCry ransomware<\/a> attacks, even tech giants like Microsoft started talking<\/a> about nation-states (read: the NSA in this case) not stockpiling and exploiting<\/a> vulnerabilities in systems.<\/p>\n

The reality that the United States refuses to accept is that it is no longer the sole cyber hegemon<\/a>. A report called the \u201cNational Cyber Power Index 2020\u201d by the Harvard Kennedy School\u2019s Belfer Center for Science and International Affairs ranked the cyber power of countries<\/a> by both offensive and defensive capabilities. Although the United States is still the leading player, China is in second place and catching up fast. Russia, the UK and others are still some distance behind.<\/p>\n

With computer systems and networks underpinning the global infrastructure, the risks of cyberweapons to the world are greater than ever before. If we do not work for cyber peace, we will inevitably tip over to a ruinous cyber exchange and possibly the splintering of the global internet with hard borders. It is critical that we do not enter the even more dangerous territory of a hot war that initially starts as a cyberwar.<\/p>\n

This article was produced in partnership by Newsclick<\/a> and Globetrotter<\/a>.<\/em><\/p>\n

The post Why the U.S. Shouldn\u2019t Play Games With Cyberwarfare as Its Power Declines<\/a> appeared first on CounterPunch.org<\/a>.<\/p>\n\n

This post was originally published on CounterPunch.org<\/a>. <\/p>","protected":false},"excerpt":{"rendered":"

Two major cyberhacks\u2014of SolarWinds and Microsoft Exchange Server\u2014have affected a whole range of computer systems worldwide. Both are supply chain hacks, meaning that they appeared to be routine software upgrades for particular components in these systems instead of inserted malicious codes. In the SolarWinds hack, a backdoor in one of the components was downloaded to More<\/a><\/p>\n

The post Why the U.S. Shouldn\u2019t Play Games With Cyberwarfare as Its Power Declines<\/a> appeared first on CounterPunch.org<\/a>.<\/p>\n","protected":false},"author":256,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[22],"tags":[],"_links":{"self":[{"href":"https:\/\/radiofree.asia\/wp-json\/wp\/v2\/posts\/113743"}],"collection":[{"href":"https:\/\/radiofree.asia\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/radiofree.asia\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/radiofree.asia\/wp-json\/wp\/v2\/users\/256"}],"replies":[{"embeddable":true,"href":"https:\/\/radiofree.asia\/wp-json\/wp\/v2\/comments?post=113743"}],"version-history":[{"count":1,"href":"https:\/\/radiofree.asia\/wp-json\/wp\/v2\/posts\/113743\/revisions"}],"predecessor-version":[{"id":113744,"href":"https:\/\/radiofree.asia\/wp-json\/wp\/v2\/posts\/113743\/revisions\/113744"}],"wp:attachment":[{"href":"https:\/\/radiofree.asia\/wp-json\/wp\/v2\/media?parent=113743"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/radiofree.asia\/wp-json\/wp\/v2\/categories?post=113743"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/radiofree.asia\/wp-json\/wp\/v2\/tags?post=113743"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}