A weapon we can’t control
June 27, 2012 | Source: New York Times
(Credit: Makki98/Wikimedia Commons)
The decision by the United States and Israel to develop and then deploy the Stuxnet computer worm against an Iranian nuclear facility late in George W. Bush’s presidency marked a significant and dangerous turning point in the gradual militarization of the Internet, says Misha Glenny, a visiting professor at the Columbia University School of International and Public Affairs, and the author of DarkMarket: Cyberthieves, Cybercops and You.
Washington has begun to cross the Rubicon. If it continues, contemporary warfare will change fundamentally as we move into hazardous and uncharted territory.
Stuxnet has effectively fired the starting gun in a new arms race that is very likely to lead to the spread of similar and still more powerful offensive cyberweaponry across the Internet. Unlike nuclear or chemical weapons, however, countries are developing cyberweapons outside any regulatory framework.
This is one of the frightening dangers of an uncontrolled arms race in cyberspace; once released, virus developers generally lose control of their inventions, which will inevitably seek out and attack the networks of innocent parties. Moreover, all countries that possess an offensive cyber capability will be tempted to use it now that the first shot has been fired.
Flame circulated on the Web for at least four years and evaded detection by the big antivirus operators like McAfee, Symantec, Kaspersky Labs and F-Secure — companies that are vital to ensuring that law-abiding consumers can go about their business on the Web unmolested by the army of malware writers, who release nasty computer code onto the Internet to steal our money, data, intellectual property or identities. But senior industry figures have now expressed deep worries about the state-sponsored release of the most potent malware ever seen.
The United States must now consider entering into discussions, anathema though they may be, with the world’s major powers about the rules governing the Internet as a military domain.
Any agreement should regulate only military uses of the Internet and should specifically avoid any clauses that might affect private or commercial use of the Web. Nobody can halt the worldwide rush to create cyberweapons, but a treaty could prevent their deployment in peacetime and allow for a collective response to countries or organizations that violate it.
Technical superiority is not written in stone, and the United States is arguably more dependent on networked computer systems than any other country in the world. Washington must halt the spiral toward an arms race, which, in the long term, it is not guaranteed to win.
Comments (20)
by trakk
Not saying this should be left unchecked.
by trakk
Correct me if i am wrong but there is another country which actually started cyber warfare much before the stuxnet incident.
by Phil Osborn
In Vinge’s “Rainbows End,” he describes a future circu 2025 in which only computing systems that adhere to some kind of worldwide Secure Hardware Environment standard are allowed to exist. Of course, the really dangerous people get around this regardless and a cat and mouse game about lethal viruses and secret nukes is the background of the novel’s portrayal of our near-term future.
This is truly scary stuff, and can be parleyed by those who seek power into excuses to give more of it to them. Too bad for us that the people who have the catbird seat also have a vested interest in making everything worse. BTW, Vinge is the scheduled guest of honor at LOSCON this year over the Thanksgiving holiday weekend. Might be a good venue for those of us who find this site rewarding to stage a little get-together??? Cheap, too. Check out the LOSCON.org site.
How vulnerable we are! How easy it would be to shut down ALL satellite communications while simultaneously destroying a large portion of the computing on the ground. North Korea could do it. They’ve already done trial runs for a major cyber attack, and they certainly have the capability of putting enough random small particulate hardware into orbit to shotgun the whole satellite world into a fog of high-velocity projectiles. If I were them, I’d hope for a big quake to hit Southern California, preferably during the late summer dry season. Then I’d have a few people on the ground to start wildfires all over the place simultaneously, all low tech and virtually impossible to detect in advance. By itself, this might overwhelm the response capabilities, but combined with a major quake, for which we’re overdue, and dumping a truckload or two of nasty toxins into the aquaduct and key resevoirs, the whole thing could snowball. Knocking out the sats, while compromising the internet would be the final nail in the coffin that could turn the West Coast into a close simulation of HELL.
Perhaps I shouldn’t mention this, but in the early ’90′s I wrote a paper on using planes against buildings – and combining that attack with anthrax in the mail. The reason? To force the U.S. to abandon its human and civil rights, and to roll back the information revolution that has been so threatening to the corporate/military power hierarchies.
Unfortunately, I think that we can expect more of the same. One of thirty people is a sociopath, and they gravitate to positions of power. See “The Science of Evil,” by Simon Baron-Cohen, and “Political Ponerology,” by Andrew Lobaczewski.
by Dan
Wrong,
The first shots were fired LONG ago, how about Russia vs Georgia? Nuf said all tools and weapons are open to use in warfare so pucker up and kiss your innocence good bye!
Dan
by Bri
As Ray say’s, the machine world is a projection of our world. A consciousness like this poster, will seek an upload. Talk about getting an infection! Pure violence, for violence’s sake. It’s all ” fair” “game”. Pucker up, he’s gonna give you a nice kiss. Feeling touchy feely? Come on everybody! Group hug. Don’t cha feel the love?
by David U
The Stuxnet attack should be considered an act of war. Article I, Section 8 of the US Constitution grants the power to declate war to Congress and only to Congress.
by Chrispium
The US president can wage any war he likes, without having to get permission from either the congress or the senate. All he has to do is to make sure each war is shorter than 90 days, then he has full discretionary power.
by David U
Sensitive systems do not need to be connected to the Internet. Private networks with no physical link to the Internet can avoid these problems. Yes, they would be more expensive. If a flashdrive is inserted into the USB port of a computer hooked up to the private network, their can be software that notifies Network Security. Most places, with secure systems, have a private network that physically connects to a node with a firewall, but that system is connected to the Internet. IT people end up putting “pin holes” in the firewall so that their information bus or web services can transmit data. For more security, the computers can have no drives, and only a supervised network administrator can install any upgrades.
by Dwee
They should just bomb their facilities deep and wide.. Old fashioned perhaps but simple and effective. Same idea as killing terrorists with drones rather than risk hurting someone’s feelings by capturing and interrogating them.
by Donnie Hicks
Thomas, the reason that they can’t control it is because once it’s discovered, the code that makes the virus work is free for anyone else to examine and modify and redeploy. There are copies of Stuxnet all over the net that a malicious user could modify and use to aim at any other critical infrastructure. What makes Stux different is that it employes a number of exploits that are generations ahead of security controls in place right now. It is an evolutionary leap… monsters indeed.
by egore
Once Pandora,s box is opened it is hard to close it .
by Giulio Prisco
@Khannea – Two words: Minerva Virus
http://www.theminervavirus.com/synopsis.asp
Highly recommended. The author is the polymath founder of Red Light Center, now Utherverse:
http://en.wikipedia.org/wiki/Utherverse_Inc.
by Khannea Suntzu
These are not singular “viruses” for much longer, Pretty soon this arms race will produce intricate self-reinforcing infrastructures of vandalism – we are creating virtual monsters. And to what end? The only thing we are doing is destroying precious time and resources this make this world function, and to give all of humanity a decent existence.
Time and resources directed in on itself, like the heads of a Hydra attacking each other. This will end very badly, unless we really want something better – and soon.
by Deavman
Yep, leave our computers and networks out of this please….The military should stick to what it does best, killing people. Sorry, I prefer some milder means of waging wars, and cyber-war is definitely less gory than the outright slaughtering of human beings not to mention the effects on the environment. We just have to prepare ourselves better and hope that the bad guys will be more vulnerable .
by Jeff
It seems to be the bane of humanity that the first thing we think of doing with any new technology is to try to figure out how to use it to murder people. DARPA is busy making nanobot assassins, weaponized UAV’s prowl the sky’s around the world while nuclear devices multiply. I’m surprised the internet took this long to get with the “real” game
by Dizzle
Be cärefül. They listen.
Read my .99cent ebook. It’s 2048 and It Happened at Nextfest.
http://www.amazon.com/dp/B004RD9EEY/
by GatorALLin
…in other news……Stuxnet …purchased the naming rights for use of the company name Skynet…
by Thomas Godwin
Do you know for a fact that they can’t control it or are guessing? It would be stupid to release the virus before knowing how to disable it, and the people who developed it would be able to disable it easily. I agree that laws need to be enacted, but who’s going to police it? Much like nukes, there are no policemen to enforce the agreements.
by Editor
Thomas: you may be able to get more info on this at the writer’s TED page: http://www.ted.com/speakers/misha_glenny.html. Several articles, such as this one, http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html, suggest that it can’t be controlled, but it’s hard to sort out the disinformation.
by DeBee Corley
Huh? Federal law prevents “robust encryption”.
The various operating systems do not routinely encrypt the data on our machines.
Why? ‘Cause law enforcement wants to catch you with child porn, nuclear secrets, or naughty e-mails.