A surprising, page-turning account of how the wars of the future are already being fought todayThe United States military currently views cyberspace as the “fifth domain” of warfare (alongside land, air, sea, and space), and the Department of Defense, the National Security Agency, and the CIA all field teams of hackers who can, and do, launch computer virus strikes against enemy targets. In fact, as @WAR shows, U.S. hackers were crucial to our victory in Iraq. Shane Harris delves into the frontlines of America’s new cyber war. As recent revelations have shown, government agencies are joining with tech giants like Google and Facebook to collect vast amounts of information. The military has also formed a new alliance with tech and finance companies to patrol cyberspace, and Harris offers a deeper glimpse into this partnership than we have ever seen before. Finally, Harris explains what the new cybersecurity regime means for all of us, who spend our daily lives bound to the Internet — and are vulnerable to its dangers.
ok, the writing in this is not for me. It grated like a . . . look, here's an example: On December 23, 2006, a decade after [three-star admiral Mike] McConnell had left public service, his secretary walked into his expansive corner office at Booz, twenty miles outside downtown Washington. "The vice president's on the phone," she said. "The vice president of what?" McConnell asked. "The vice president of the United States." McConnell jumped to his feet and grabbed the phone.
See? Absolutely nothing wrong with it, but OH MY GOD I find this style of non-fiction annoying.
I had other issues, like the topic being thoroughly political, but there's no critical discussion of those politics, so we get lines like :
"In July the House of Representatives nearly passed a bill that would have declawed the agency's collection of America's phone records, which would have been the first significant rollback of the government's surveillance powers since the 9/11 attacks." (p. 212)
I was waiting through the whole book for the sharp and fraught discussion of issues of privacy, surveillance, and security theatre, but the book is so partisan this never happened.¹ I can understand why; Harris will sell a hell of a lot more books this way, but still, I was disappointed.
Even with these flaws, I read the whole thing. Lucky Harris has such an interesting topic to write about, or I never would have made it.
So this is a 1-star for me; left me unsatisfied and yearning for something thicker, meatier, with deeper penetration.
¹ For example, it frames "the cyber hunting business" (tracing IP addresses) as a tool in the fight against child pornographers and kidnappers. (p. 126). Who the hell is going to stand up and say, "Hey, stop tracking child pornographers"?
@War is an important and comprehensive history of cyber warfare through the last decade, to the present day -- and what's apt to come next. It centers on the role the National Security Agency, notably its recent head, Gen. Keith Alexander, have played, but also shows NSA’s relationships with the military’s Cyber Command and with private industry as part of a larger war, to call it what it is. We learn that not only do the private-sector combatants include cyber-security and software companies but large, more-traditional corporations, notably defense companies and banks. We see the role that hackers play in parallel with government, and not just in the US – and we learn how individual hackers and companies in China and elsewhere also are part of the conflict. We learn more about the official war on online anonymity, including the battle against Tor encryption software.
Those looking for denunciations of the NSA’s intrusive nature won’t find much of it here. The Snowden affair takes up mainly 2-1/2 pages and that mostly about its impact on NSA’s efforts and on Gen. Alexander (although the author does cite, occasionally, Snowden revelations among his own analysis). The book’s tone is matter-of-fact: this is how this came to be; how they fight this ongoing conflict; who the major players have been; the weaponry (e.g., “zero day exploit” malware) they stockpile; the ongoing crime-and-security threat. For all the ground he covers, the prose is readable and often compelling.
The author does express dismay about the NSA’s backdoor weakening of Internet security: “Imagine if the NSA had been in the business of building door locks and encouraged every homebuilder in America to install its preferred, and secretly flawed, model.” He does mention the collusion between NSA and private industry and the damage it does to commercial and diplomatic relationships overseas. He particularly stresses that corporations and privateering individuals will, more and more, do the combat cyber security, even future cyber wars. And he deliberately uses his “military-internet complex” to echo President Eisenhower’s warning about unchecked military-industrial power, for reasons that are obvious in his telling. And he is doubtful about personal privacy vs. security: we may pay for the latter in money and privacy.
The book is informative and based on solid research.
There is a lot of original information I haven't seen anything else. As for the facts which have been described in other sources, they match what this book says, which adds to its credibility. In terms of technology described, I didn't spot a single mistake nor oversimplification, which to me says the author really knows what he's writing about.
The only thing I disliked about this book was a bit chaotic narrative, frequently jumping back and forth in time. This was however only a minor annoyance and should not prevent anyone from enjoying the book.
This was a very interesting read. With the world embroiled in the drama of a new presidency and the recent election with accusations of Russian hackers influencing the election, this looked like a good topic to "read up" on. I plopped 3 books into my shopping cart (@War, CyberSpies, and Dark Territory) all of which were well reviewed and started with @War.
I'm going to keep this review pretty general: it was engaging and well written in an entertaining style. It primarily covers the U.S. military use of surveillance and hacking techniques starting with 9/11 and the war in Iraq. It follows a rough timeline from the Bush administration through the Obama administration and details several prominent military and political figures involved in policy and implementation of techniques. There is ample discussion of corporate security and involvement with the government and how this plays into the overall threat situation of which the average citizen mostly oblivious.
While I found this book to be quite interesting, and there are discussions of several individuals in the book (including Snowden and his effect on policy), the focus is very squarely on the use of our cyber forces in the recent past as well as the ongoing incursions and threats coming primarily from China and Russia. There is little detail regarding operations in the last 10 years, for understandable reasons, as this is a topic that is being held tightly under wraps for the most part by the government.
I have a very libertarian political view and I felt the author did a good job of keeping the political tone of the book extremely neutral, which is a rarity these days, especially considering he was pretty in depth with political appointees in both the Bush and Obama administrations. Kudos for that!
The book mostly whet my appetite for more information. It was a little surprising to read all that has been going on (essentially a cyber war between the U.S. and China and all major U.S. & multi-national corporations). Of course the only way this hits the news is when the media's candidate gets hacked, revealing many unscrupulous deeds. Why they haven't picked up on the depth and breadth of hacking and started calling more attention to this in general isn't all that hard to figure out, but it's still disappointing.
Take home: However safe and secure you feel like your online presence is, you're most likely much less secure than you think. Also, you can be certain that the U.S. government is recording essentially everything we all do online. Yes, everything. This makes me want to look a lot harder at encryption strategies for my home network and personal computing systems. You'll definitely want to pick this up if the topic intrigues you. But avoid it if you're already overwhelmed with all the "threats" that are out there and would remain in a blissful state of ignorance. Either way, take your passwords and PC security more seriously!
The history of the military internet complex took a giant leap forward as a result of the 9/11 attacks. This intelligence processing machine was then deployed to Iraq with astounding success in cyber warfare during the famous surge. Cell phones and communications of hundreds of enemy combatants were tapped which led to their arrests or demise. Back home, the NSA obtained unfettered access - some argue illegally - to personal online information in its effort to protect the U.S. economy and its citizens from debilitating cyber and terrorist attacks. Much of this activity was brought to light from one of their contractors, Edward Snowden.
@War is the detailed account of the alliance of big military and big business to protect assets from cyber attacks, primarily from China with an offensive cyber cavalry 5 times that of U.S.’s and insatiable appetite for spying to match its size. For years, China has been a source of “pervasive and relentless espionage against the U.S.”, and while it is illegal for a non-military U.S. entity to retaliate, it is only a matter of time before one does and all h*ll breaks loose. This is also just as much a story of security vs. liberty. To what degree is the general public willing to tolerate giving up privacy to protect itself from theft of personal information and threat of economic damage?
In a way it is a funny book. It starts with a clear anti-militaristic, anti-corporate agenda, but then in following its subjects gets aligned with the views of every new interviewee anonymously attacking enemies or proudly sharing his contributions to building a more secure world. The author fights with a desperate sincerity to distinguish the good from the bad guys, but the fight is lost on every page of the book, making it the most emotionally incoherent read on espionage ever. On the good side being that uncritical to her sources brings the reader on a fast and perplexing trip through this vast, new, exponentially expanding and incoherent field. Fascinating, at least for newbies like me. The book closes in a much more mature way than it opens, confirming the feeling that the writing process was a learning experience for the author as the reading was for the audience. The trends outlined are well supported and interesting. A new food for though found here is the tension between security concerns and net neutrality. The author predicts a proliferation of private networks which will provide at premium price better security for their 'gated' end customers and service providers.
It was the weekend's BEST reading ! :D Going through books of this kind , at first corporate espionage , then data aggregation & information selling business , then USA's surveillance & cyber warfare policy after 9/11 . I was remembering the lucrative tv series "Person of Interest" but in reality It's more of power , diplomacy , politics (cyber politics)& things are not so juicy always . NSA has been the oldest player in the game with its growing freak for more aggressive surveillance in the name of national security. The so called “scientific-technological elite” who claimed to know best how to make decisions that free people could make for themselves. Maybe this military-industrial complex would give rise to misplaced power . But this is a time when nothing can be taken for granted. Only an alert and knowledgeable citizenry can compel the proper meshing of the huge industrial and military machinery of defence with peaceful methods and goals, so that security and liberty may prosper together.
We already live in a police state. Amazing how many "cool" guys willing to sell us out to the gub. NWO Gates is a given. But the Google guys, yahoo, AT&T, Qwest, Apple, Verizon and Facebook also on board. Just too tempting to stand over the servile masses I guess.
Everything is already monitored. I expect things just going to get worse. Current headline "New Obama Push for Internet Rules". It's ALL ABOUT CONTROL. Setting up the police state for when they foist the North American Union on us. Christians and patriots will be the "terrorists".
China is a huge threat and it's a no brainer we need to do something about it. It's the unconstitutional surveillance of every single American that's a problem.
Pg64 American security experts have given the Chinese cyber horde a name the advanced persistent threat, or APT. It is responsible for a global spread of malware that has infected or attempted to infect every computer system of consequence in the United States, US officials say. Any American company operating abroad doing business with or in China or with any of its competitors can safely assume that it has been a target. Many of them don’t even know that. On average, at least a month passes before most companies ever learn they have an intruder on their networks.
The precise number of Chinese cyber warriors is not known, but experts uniformly agree on two things: it is very large, likely in the tens of thousands, and unlike those in the United States, the Chinese cyber warriors are mostly focused on offences.
Joe Steard, director of malware research at Dell Secure Works, had tracked twenty-four thousand internet domains that he believe Chinese cyber spies have either rented or hacked and use as bases of operations against the US gov and American companies, he told Bloomberg Businessweek in 2013. The precise number of hackers in hard to gauge, but Stewart identified three hundred types of malware and hacking techniques that the Chinese used, double the number he saw in 2012. “There is a tremendous amount of manpower being thrown at this from their side.”
In 2013 the computer security research firm Mandiant released a groundbreaking report that identified and gave the location of one suspected APT group, known as Unit 61398-a Chinese military cover name-based in Shanghai. One of its main centers of operations is a twelve-story, 130,000-square foot building capable of holding as many as two thousand people. The security company studied Unit 61398 going back to 2006 and discovered it had broken in to the systems of nearly 150 “victims.” Mandiant judged the unit to be one of the most prolific cyber spying outfits in China. And other computer security experts linked the group to an incursion in 2012 on the networks of the Canadian arm of Telvent, which designs industrial control software used to regulate valves and security systems for oil and gas pipeline companies in North America. Telvent has acknowledged that the intruder stole project files. Hackers could use those to map out the networks of oil and gas companies and find their weaknesses. Unit 61398 was formidable, and clearly interested in potential attacks on critical infrastructure. But it was just one of twenty hacker groups that Mandiant was tracking. Chinese hackers in general are mostly engaged in espionage. But it would be easy for its members to switch into cyber warfare mode and start taking down systems, corrupting data and information, or launching malware against critical infrastructure, such as power plant and communications facilities. If each of those twenty groups was just half as large as Unit 61398, the Chinese APT would consist of more than Twenty thousand people.
The United States has a long way to go to match the size of China’s cyber force. In 2013 there were only about three hundred people working for Tailored Access Operations , the NSA’s elite hacker core. The US Cyber Command, which is responsible for coordinating all the cyber components of the military services, employed only about nine hundred people total in 2013, including administrators and officers who aren’t actively engaged in hacking. The Defense Department plans to grow the ranks to six thousand by the end of 2016. If the Chinese military stopped growing its cyber forces today it would still be at least five times larger than the Americans.
How many computer networks were hacked by the Chinese after the NSA did this? Government helping us?
Pg 178 China plays a longer game. Its leaders want the country to become a first-tier economic and industrial power in a single generation, and they are prepared to steal the knowledge they need to do it, US officials say.
That’s where the “persistent” part comes into play. Gathering that much information, from so many sources, requires a relentless effort, and the will and financial resources to try many different kinds of intrusion techniques, including expensive zero day exploits. Once the spies find a foothold inside an organizations’; networks, they don’t let go unless they’re forced out. And even then they quickly return. The “threat” such spying poses to the US economy takes the form of lost revenue and strategic position. But also the risk that the Chinese military will gain hidden entry points into critical infrastructure control systems in the United States. US intelligence officials believe that the Chinese military has mapped out infrastructure control networks so that if the two nations ever went to war, the Chinese could hit American targets such as electrical grids or gas pipelines without having to launch a missile or send a fleet of bombers.
Operation Aurora was the first glimpse into the breadth of the ATP’s exploits. It was the first time that names of companies had been attached to Chinese espionage. “The scope of this is much larger than anybody has ever conveyed,” Kevin Mandia, CEO and president of Mandiant, a computer security and forensics company located outside Washington, said at the time or Operation Aurora. The APT represented hacking on a national, strategic level. “There [are] not 50 companies compromised. THERE ARE THOUSANDS OF COMPANIES COMPROMISED. Actively right now,” said Mandia, a veteran cyber investigator who began his career as a computer security officer in the air force and worked there on cybercrime cases. Mandiant was becoming a go to outfit that companies called whenever they discovered spies had penetrated their networks. Shortly after the Google breach, Mandiant disclosed the details of its investigations in a private meeting with Defense Department officials a few days before speaking publicly about it. The APT is not one body but a collection of hacker groups that include teams working for the Peoples Liberation Army, as well as so-called patriotic hackers, young, enterprising geeks who are willing to ply their trade in service of their country. Chinese universities are also stocked with computer science students who work for the military after graduation. The APT hackers put a premium on stealth and patience. They use zero days and install backdoors. They take time to identify employees in a targeted organization, and send them carefully crafted spear-phishing emails laden with spyware. They burrow into an organization , and they often stay there for months or years before anyone finds them, all the while siphoning off plans and designs, reading emails and their attachments, and keeping tabs on the coming and goings of employees-the hackers’ future targets.
Here's a taste of the information in this book.
ENCRYPTION CORRUPTED Pg88 For the past ten years the NSA has led an effort in conjunction with its British counterpart, the Government Communications Headquarters, to defeat the widespread use of encryption technology by inserting hidden vulnerabilities into widely used encryption standards….The NSA is home to the world’s best code makers, who are regularly consulted by public organizations, including government agencies, on how to make encryption algorithms stronger. That’s what happened in 2006-a year after Alexander arrived-when the NSA helped develop an encryption standard that was eventually adopted by the National Institute of Standards and Technology, the US government agency that has the last word on weights and measure used for calibrating all manner of tools, industrial equipment, and scientific instruments. NIST’s endorsement of an encryption standard is a kind of Good Housekeeping Seal of approval. It encourages companies advocacy groups, individuals, and government agencies around the world to use the standard. NIST works through an open, transparent process, which allows experts to review the standard and submit comments. That’s one reason its endorsement carries such weight. NIST is so trusted that it must approve any encryption algorithms that are used in commercial products sold to the US government.
But behind the scenes of this otherwise open process, the NSA was strong-arming the development of an algorithm called a random number generator, a key component of all encryption. Classified documents show that the NSA claimed it merely wanted to “finesse” some points in the algorithm’s design , but in reality it became the “sole editor” of it and took over the process in secret. Compromising the number generator, in a way that only the NSA knew, would undermine the entire encryption standard. It gave the NSA a backdoor that is could use to decode information or gain access to sensitive computer systems. The NSA’s collaboration on the algorithm was not a secret. Indeed the agency’s involvement lent some credibility to the process. But less than a year after the standard was adopted, security researches discovered an apparent weakness in the algorithm and speculated publicly that it could have been put there by the spy agency. Bruce Schneier zeroed in on one of four techniques for randomly generating numbers that NIST had approved. One of them, he wrote in 2007 , “is not like the others.”
For starters, it worked three times more slowly than the others, Schneier observed. It was also “championed by the NSA, which first proposed it years ago in a related standardization project at the American National Standards Institute.”
Schneier was alarmed that NIST would encourage people to use an inferior algorithm that had been enthusiastically embraced by an agency whose mission is to break codes. But there was no proof that the NSA was up to no good. And the flaw in the number generator didn’t render it useless. As Schneier noted, there was a workaround, though it was unlikely anyone would bother to use it. Still, the flaw set cryptologists on edge. The NSA was surely aware of their unease, as well as the growing body of work that pointed to its secret intervention, because it leaned on an international standards body that represents 163 countries to adopt the new algorithm. The NSA wanted it out in the world, and so widely used that people would find it hard to abandon.
Schneier, for one, was confused as to why the NSA would choose as a backdoor such an obvious and now public flaw. “The weakness had first been pointed out a year earlier by employees at Microsoft.”) Part of the answer may lie in a deal that the NSA reportedly struck with one of the world’s leading computer security vendors, RSA, a pioneer in the industry. According to a 2013 report by Reuters, the company adopted the NSA built algorithm “even before NIST approved it. The NSA then cited the early use…inside the government to argue successfully for NIST approval.” The algorithm became “the default option for producing random numbers” in an RSA security product called the bSafe toolkit, Reuters reported. “No alarms were raised, former employees said, because the deal was handled by business leaders rather than pure technologists.” For its compliance and willingness to adopt the flawed algorithm, RSA was paid $10 million, Reuters reported. It didn’t matter that the NSA had built an obvious backdoor. The algorithm was being sold by one of the world’s top security companies, and it had been adopted by the an international standards body as well as NIST, The NSA’s campaign to weaken global security for its own advantage was working perfectly.
When news of the NSA’s efforts broke in 2013, in documents released by Edward Snowden, RSA and NIST both distanced themselves from the spy agency-but neither claimed that the backdoor hadn’t been installed. In a statement following the Reuters report, RSA denied that it had entered into a “secret contact” with the NSA, and asserted that “we have never entered into any contract or engaged in any project with the intention of weakening RSA’s products, or introducing potential ‘backdoors’ into our products for anyone’s use.” But it didn’t deny that the backdoor existed, or may have existed. Indeed, RSA said that years earlier, when it decided to start using the flawed number generator algorithm, “the NSA had trusted role in the community-wide effort to strengthen, not weaken, encryption.” Not so much anymore. When documents leaked by Snowden confirmed the NSA’s work, RSA encouraged people to stop using the number generator-as did NIST. The standards body issued is own statement following the Snowden revelations. It was a model of carefully calibrated language. “NIST would not deliberately weaken a cryptographic standard,” the organization said in a public statement, clearly leaving open the possibility-without confirming it-that the NSA had secretly installed the vulnerability or done so against NIST’s wishes. “NIST has a long history of extensive collaboration with the world’s cryptography experts to support robust encryption. The [NSA] participates in the NIST cryptography development process because of its recognized expertise. NIST is also required by statue to consult the NSA.” The standards body was effectively telling the world that it had no way to stop the NSA. Even if it wanted to shut the agency out of the standards process, by law it couldn’t. A senior NSA official later seemed to support that contention. In an interview with the national security blog Lawfare in December 2013, Anne Neuberger, who manages the NSA’s relationships with technology companies, was asked about reports that the agency had secretly handicapped the algorithm during the development process. She neither confirmed nor denied the accusation. Neuberger called NIST “an incredibly respected close partner on many things.” But she noted, it “is not a member of the intelligence community.”
“All the work they do it…pure white hat,” Neuberger continued, meaning not malicious and intended solely to defend encryption and promote security. “Their only responsibility is to set standards” and “to make them as strong as they can possibly be”.
That is not the NSA’s job. Neuberger seemed to be giving the NIST a get-out-of –jail-free card, exempting it from any responsibility for inserting the flaw.
Amazing how many companies willing to sell out our country for the right price.
Pg 124 DITU/FBI It’s called the Data Intercept Technology Unit, but insiders refer to it as the DITU (pronounced “Dih-too”) It’s the FBI’s equivalent of the NSA, a signals intelligence operation that has barely been covered in the press and mentioned in congressional testimony only a few times in the past fifteen years. The DITU is located on a large compound at the Marine Corps base in Quantico, Virginia, which is also home to the FBI’s training academy. The DITU intercepts telephone calls and emails of terrorist and spies from inside the United State. When the NSA wants to gather mounds of information from Google, Facebook, Yahoo, and other technology giants, DITU is sent to retrieve it. The unit maintains the technological infrastructure for the agency’s Prism program, which collects personal information from the large tech companies. In fact, it’s the DITU’s job to make sure that all American companies are building their networks and software applications in a way that complies with US surveillance law, so they can be easily tapped by the government, And if they’re not, the DITU will construct a bespoke surveillance device and do it for them.
The NSA couldn’t do its job without the DITU. The unit works closely with the biggest American telecommunications companies-AT&T, Verizon, and Sprint. “The DITU is the main interface with providers on the national security side,” says a technology industry representative who has worked with the unit on many occasions. It ensures that telephone and Internet communications can easily be siphoned off the massive network of fiber-optic cables those companies run. In recent years, it has helped construct a date-filtering software program that the FBI wants installed on phone and internet networks, so that the gov can collect even larger volumes of data than in the past, including routing information for emails, data on traffic flow, internet addresses, and port numbers, which handle incoming and outgoing communications and can detect what applications and operating system a computer is running.
Magic Lantern was one of the unit’s early triumphs. Developed in the late 1990’s, it was a companion to the better known email mining program Carnivore, which stripped the header information-the “to,” “from”, and date lines-out of an email so that investigators could piece together members of a criminal network by their communication patterns. Both devices, along with other spying programs with names such as CoolMiner, Packeteer, and Phiple Troenix, were developed to help the bureau snare drug dealers, terrorists, and child porn peddlers, But when Carnivore was revealed in new reports, it became synonymous with Big Brother style government surveillance, and civil liberties groups said the FBI’s efforts would undermine encryption for legitimate purposes, such as protecting financial data and patient privacy. The same arguments echoes more than a decade later, when the NSA was revealed to be secretly handicapping encryption algorithms
The FBI’s cyber spying programs began years BEFORE the 9/11 attacks and any attempts by the NSA to broaden its surveillance nets to cover the United States. FBI agents have been in the domestic cyber spying business for longer than their friends at Fort Meade. And today they are physically joined in those efforts. A fiber-optic connection runs between Quantico and NSA headquarters, so that the information the DITU collects from companies can be instantly transferred. FBI agents and lawyers from the Justice Department review the NSA’s request to gather emails from Google or monitor Facebook posts. They represent the agency before the secret Foreign Intelligence Surveillance Court, which also reviews request to spy on Americans. It was the FBI that petitioned the court to order telephone companies to give the NSA records of all the calls placed in the United States. When journalists and lawmakers say that the NSA “spies on Americans,” what they really mean is that the FBI helps them do it, providing a technical and legal infrastructure for domestic intelligence operations. Having the DITU act as a conduit also gives technology companies the ability to say publicly that they do not provide any information about their customers directly to the NSA.
And that’s true. They give it to the DITU, which then passes it to the NSA.
Pg126 The DITU has negotiated with major US technology companies to get privileged access to their systems. For instance, on behalf of the NSA, it worked with Microsoft to ensure that a new feature in Outlook that allowed users to create email aliases would not pose an obstacle to surveillance. The arrangement helped the government circumvent Microsoft’s encryption and ensure that Outlook messages could be read by government analysts.
"Are we the baddies?" A frustratingly uncritical look at the alliance between big state surveillance big tech.
Harris' 2014 "@War" is a hard book to categorize. It's not quite war reporting (though there is a brief attempt to lionize a handful of War on Terror "cyber-warriors"), it's not quite a history of cyber warfare or the NSA, nor is it an indictment of the ever-expanding cybersecurity/spying apparatus. For the most part, @War is a largely uncritical look at the National Security Agency and its increasingly deep hooks in private corporations and tech companies and how, as the amount of personal and private information is vacuumed up, the less oversight over these agencies and arrangements become. But for a tacked on "warning" at the end, I'm still unsure if Harris thinks this is a bad thing.
So much of @War is "here's a sample of all the cool stuff the NSA does" -- sure it's monitoring your emails without warrants and sure it's mostly illegal, but darn it, these guys are on the "front lines" of....something. Sometimes, it's intercepting terror cell phone calls in Iraq and Afghanistan; sometimes, it's injecting malware into Iranian nuclear sites, and sometimes it's identifying China as a consistent threat and not doing much about it. China is the villain insofar as they are consistently probing our cyber infrastructure and wreaking low-level havoc in their rampant theft of intellectual property.
Does the NSA have a coherent response to this? In the 8 years since @War was published, I'd say the answer is a resounding "No." While the book documents the attempts to rope corporate interests into "protecting" American interests (or their own corporate interests, hard to tell where or whether Harris sees a difference between the two), in 2022, it seems clear that most of these companies (including the U.S. gov't) now find it easier to cater to China rather than challenge it.
Even the revelation of Edward Snowden's release of troves of classified documents about the NSA's tactics merits barely a cursory "this is concerning" peep from Harris before going right back into "front-line cyber-warrior cool hacker guy shit."
Throughout @War, there's a sense that the NSA as an institution and cybersecurity generally operate without an overarching ethic. While they couch everything they do under the guise of "protecting America" -- it becomes increasingly clear that the fact that they CAN do something (whether it's spying on Americans individually or private entities more broadly) is all the justification necessary that they SHOULD do something.
Harris merely repeats that the NSA and cybersecurity culture is one focused on secrecy and access to information, but this is no defense. There's no serious examination or exploration by Harris of those in the game challenging the base assumption that just because they can do all this cool hacker-guy shit, whether they should.
Ultimately, @War is more interesting for the questions is doesn't ask or answer than for those it does.
Six years ago I read the book Wired for War: The Robotics Revolution and Conflict in the 21st Century by P.W. Singer, which changed my views on robotics in warfare, a new field of combat that was just being implemented in Iraq and Afghanistan. At the same time robotics was, and still is, changing the way America fights on the battlefield, America was beginning to grapple with a completely new battlefield: cyberspace. Much like Wired for War, this book has opened my eyes to the opportunities and perils of the internet, how America is putting its might behind dominating this arena in the same way it currently dominates the land, sea, air, and space domains, and how America is not the only nation-state looking to dominate this new frontier. China and other nations, but mostly China, seem to be going to the mattresses on this hoping to gain a first-mover advantage in both military and economic spheres through domination of cyberspace. But nation-states like China and the U.S. aren't the only players either. Hackers, "hacktivists," and hacking groups, whether white hats or black hats (just a couple of the terms you will learn by reading this book), are also a threat as well as a recruiting pool for the military and law enforcement. Even private corporations appear to stockpiling "cyber arms" with only U.S. law preventing them from launching their own private cyber wars. Though the author never makes the analogy in these pages, cyber space has a lot of similarities with the Wild West: the government may have more of the toys, but private businesses and individuals have a huge incentive to take up arms and defend themselves and it is only the law that is preventing them from doing so at this point. But once the first business crosses the line from cyber defense to cyber offense, which is already a pretty gray area, then there may be nothing that can stop an all out cyberwar. It's a chilling prospect when you think about it. The author does make the analogy between the military-industrial complex from Pres. Eisenhower's famous farewell address in 1961 and what he calls the military-internet complex and with the revolving door between the military and private sectors in this field, it is hard not to see his point. However, as the author points out in his concluding chapter, Pres. Obama doesn't seem to have any problems with this growing industry. Indeed, after the Snowden revelations it appears the administration is backing it to the hilt with only some cosmetic changes to appease the public's concerns. The only thing that keeps me from putting this on my favorites shelf is the structure of the book. The author bounces around a lot from one subject to another with an arbitrary splitting of the book into two parts that doesn't really signify anything. A little more thought on this would have been nice. Still, the author has written a fascinating book on the greatest challenge to America's national security and economic security of our times. It's a relatively short, quick book that most people will find easy to read and there is hardly a dull moment in it. I highly recommend this book to everyone who is interested in cyber security and the future of the internet.
@War suffers not only in its kitschy title, but in its wee-haw, all hail the Military Industrial/Internet Complex viewpoint. I read this book as tentative research for a project and early on it became clear that my only option to survive it was to slam through it as hard as I could, pick the squishy bits that are based on infrastructure and hints at the internal workings of the still growing giant and pretty much let everything else fall by the wayside.
The book is light. It doesn’t care about the rights and the wrongs of black hole data collection, only that terrorists are changing the game and this is the best option and possibly the only option and you wouldn’t you rather sacrifice some freedom for a little bit of supposed security no one has quite been able to prove is actually being provided. Harris doesn’t care about these questions. He cares about the building and growing of the beast he stalks and while he tries to tie various human characters to the rise in fighting terrorist online, it all comes down to looking at all the neat new ways we’ve managed to improve things by taking the gauge off the radiator.
I cannot abide a book that talks about capability, even when accompanied by history, that refuses to talk about consequences outside of “We got him!”
It’s lazy at best and propaganda at worst.
That is not to say that the book doesn’t have some unique bits stored in its slim tome about how certain things were built, the initial internal hesitancies and paranoias that drove the NSA to where it is today, but without reflection on ramification, right or wrong, or even taking the time to say so much of the fear was unfounded. Instead, it builds a story through half-truths and omissions. A self-congratulatory pat on the back to the greatest and dare I say horrifying overreach of government power in the human history.
I can’t recommend this book. It’s too lost in the story it wants to tell, like some nonfiction war novel mixed with what I suppose we are forced to call journalism. Read Bruce Schneier’s Data and Goliath. Unless you are working on some cutting edge Le Carre/Clancy Military novel you will find nothing of truly unique or worthwhile.
There are a million people who study and trade in the facets of cyber security and cyber terrorism who have nuanced and fact fortified reasons for what they believe. Harris doesn’t. He’s a journalist who got to look at some big toys, feel in love, and wanted to write a love letter and make a profit off of it.
This book is a journalistic account of the rise of what the author calls, not without reason, the 'Military-Internet complex' in recent years. While some academics have denied the existence of any such thing as 'cyberwar' this book presents a fairly strong case that the US military, at least, believes it is already happening (depending on what you mean by 'war', of course). The book is written like a series of feature articles, rather than offering a coherent narrative, but that is perhaps understandable given the topic and its controversial nature. Basically, the NSA is heading up the US cyber-security forces, according to this book, and this does involve, as Ed Snowden revealed, developing its own malware and hacking expertise (Snowden was a hacker). The main practical usage of this skill set is to deter other states from launching cyber-attacks on US critical infrastructure (those states being mainly China, Iran and Russia, it seems) and to track terrorists and other undesirables. The problem is that this involves surveillance on the whole of the internet, in essence, and the incorporation of 'back doors' into the systems of the big IT companies that rule the world now (the Twitter, the Google, and, the Facebook), all of which is kinda against US law, some might claim.
As ever, this surveillance and secrecy is justified by the discursive power of national security but, as this book makes clear, it is also about commercial security, as the big companies are the main financial victims of cyber-crime and work in very close conjunction with the NSA and other agencies to find ways to stop the leakage of data and so on (poaching NSA staff in the process, quite often). This situation is likened to the great era of (English) piracy in the 17C here and the author notes that commercial companies are likely to lead the way in any cyber push-back (i.e. hacking), which has interesting implications for security policy and many legal ramifications (it is technically illegal to do this). On the inter-state level, the US is already, it says here, developing a cyber-deterrence capability that can and will be unleashed against any actors, stat or otherwise, that threaten its critical infrastructure.
All in all, a sobering read but the book itself was slightly underwhelming and felt like it could have been better and more detailed but it is well timed.
It’s fitting that I have just finished reading this as WikiLeaks have just released files saying that the CIA have hacked smart TVs. From the information in this book it probably wasn’t the CIA. Its most likely be the NSA. Depending on which side you sit on, the actions of primarily the NSA in the field on cyberwarfare and security, will either make you want to close the NSA down or give them help to man the security of the internet. The author highlights the new ‘battlespace’ of the internet, how it was first used to hunt for terrorists in Iraq, and how that lead to the creation of the USA main cyber ‘security’ force. The line between defensive cybersecurity and offensive is shown to be very blurred, where defensive measures can be used for offensive moves. The market in ‘zero day’ codes, faults and backdoors into computer programs, is something I knew little of. This is quite disconcerting, sold on the market, the NSA seems to be the main buyer, not to fix these issues but to keep them in their arsenal in case, leaving the errors in place. The collusion between tech firms and US intelligence is explained, and the thing that I found the most interesting was how the essential architect of these measures, the former head of the NSA, kind of overblown the threat of imminent threat and the need to follow some of his invasive plans over the internet. These would probably be the most worrying aspects. However, the book does say the threat is real, from Chinese hackers stealing thousands of files from defence companies, malware found on government systems, and the potential of attacks over the internet, either from other states, hackers and a kind of murky inbetween, essentially state-backed private hackers, similar to 17th privateers. While the detail and acronyms can be a bit of a awkward read, I do think I learnt something about how intelligence agencies are working across the internet, and how they need to be supervised, but also that the threat is real, and real action is needed where internet security hits against real-world security, and agencies like the NSA and GCHQ are probably best to lead this.
Having been involved in technology for most of my life, the title immediately caught my attention while browsing at the library. Most people are not aware that President Bush authorized the start of cyber warfare in Iraq to eliminate IED rings and with resulting great success. Since then Cyber war activity has increased world wide and we only see a few headlines here and there with most people having no idea what it means.
This book pulls back the curtain to show how we started from one guy proposing counter-terrorism with computers to the President to today an entire Cyber Command that is growing exponentially. http://www.arcyber.army.mil/
The book starts off with some great background on how Cyber Command was born and then slows down a bit in the middle. That's where non-techies might give up, but shouldn't!
The book goes into events that may have made the news back then, but nobody remembers or understands them. The book shows the timeline of events and lets us know that it is more than an isolated problem here or there.
If a non-tech reader takes anything away from this book, it is that each of us is the key to cyber security. Many Hackers don't "break" into systems; users respond to "spear phishing" and other social engineering (fooling you into clicking on something you shouldn't or giving out a password) to let the hacker/worm/virus in the front door.
Companies ask users to take Cyber Security courses. Those who have taken these courses will recognize many of the scenarios described in the book. Those who refuse to take the courses; you are in the scenario.
Overall I recommend the book to anyone who wants to be aware of what is going on behind your computer screen. It might just get you to use two-step verification, a password generator, and stop clicking on the photos of cute Puppies & Kittens that appear in your inbox.
I wonder at a negative star rating that would indicate in this case that I loved reading about it, but hated the fact that I felt I had to.
From a tiny bit of firsthand experience I wonder why we’ve never had an NSA director serve time for some violation of federal law; but wait, they were always acting at the President’s direction, right? OK, cast your vote – Eric Snowden – hero, or villain – I still equivocate.
I suspect I am not the only person who wonders at the motivation behind so much of government policy. What better way to dip into the Federal till than to come up with the newest baddest threat, and then offer the solution.
I do recall wondering at one point how, with this kind of information available to read, anybody could buy Hillary’s rationale for her private server. Just one more reason to praise God she was not elected. Now, how to wake Trump up to the fact that some close to him may buy ALL the arguments for limitless spending to ‘protect’ against cyber attack.
A couple meetings described exchanges where industry (the banking one stands out) met with government (intelligence?) representatives. Small wonder developing a level of trust is hard – government agencies, just like commercial competitors, seldom trust one another. Of course, if the government ‘club’ gets big and heavy enough, who can resist?
Harris has done us a service putting this together – I’m assuming he’s giving it to us straight. I note a review who was disappointed that Harris drew few conclusions upon which to make recommendations. He was perhaps worried about inciting mobs of pitchfork wielding citizens – over and above those we’ve seen lately. I started this review with a tinge of trepidation; how far can one go expressing outrage before the knock on the door.
@War: The Rise of the Military-Internet Complex is a book that confirms a lot of fears about cyberspace and government's desire to control it. It also reveals how the internet is not only a great equalizer among netizens but also amongst rival nation states around the world. American military supremacy around the globe has no serious rivals, as much as China, Russia, Iran, North Korea wish to spend on weapons and jingoistic rhetoric they offer no competent challenge to the United Staes. However in cyberspace that is not true as the Chinese, Russian, and Iranians have proved with their legions of hackers who have troubled American interests over the years. Another interesting but expected point is the rise of corporations and their role in developing and monitoring cyber defence. President Eisenhower, back in 1961, gave warning to and was proved to be correct in the rise of the military-industrial complex which sways much power in the U.S. with little regard for the common good but driven by promoting fear in the interest of the profit motive. Well, there is a new kid in town and that is the military-internet complex which has seen the rise in recent years of cyber armies being developed. The U.S military now has USCYBERCOM, in 2010 it became a fully operational command division in the armed forces. Many internet companies such as Google, corporations, and banks now have their own cyber defence forces, all of this jingling along to the tunes of hundreds of billions of dollars a year.
Shane Harris gives a detailed packed look at the military-internet complex and it makes one realize the internet has become a battlefield.
This is an information packed book – not a flowing masterpiece of literature. It covers both the ‘original’ espionage hacking campaigns against vulnerable government contractors (versus the government itself) as well as the cyber warfare of the National Reconnaissance Office (more secret then the NSA or CIA).
US hackers can be used as both offensive and defensive weapons. In addition to setting viruses and spyware in enemy computer networks and websites, a cell phone can be found, even if it was turned off. Fake texts can be sent to fool our enemies. There’s even contact chaining – following a person, who calls another person, who calls another person, etc. (Wow. Talk about metadata!)
Attacks by China are rampant and seem to concentrate on stealing intellectual technology. The CIA and NSA not only work with other government bodies but also companies such as Google, Facebook, YouTube, Apple, Microsoft and Yahoo, paying them to be allowed to insert backdoors or overlook flaws in their programs thus allowing them access. Corporations themselves can now buy hacking tools to ‘get even’ with those that hack into them! There's big money in both white hat (good guys) hacking and black hat (bad guys) hacking. All lines are blurred.
While the book is interesting, it didn’t feel like the most current information. The subject matter must be growing.
This for me is everything the Cheryl Chumley book I just swallowed isn't. It isn't so much a long treatise of the abuses and rampant trampling of the 4th and 5th amendments the Spybot Administration has engendered and birthed, so much as it is a very technically intelligent perception and explanation of the tools which the NSA is using both in the "spybot mode" and the actual cyberwar between nations, which they were embarrassed to discover, they were not quite as akamai about as they had let on. And once they discovered that, well, the gloves were off. We can draw many great perceptions about President Spybot's boy, (former) "Starfleet Commander" Alexander's megalomaniacal transformation of the Agency into the "collect it all" panopticon it now is, but this book at least discloses the fascist corporate-military alliances which are endemic to (what Harris calls) the "military-internet complex." There's none of the ideological fearmongering of Chumley's book, nor the political positioning, nor the call to arms, and yet, this book was much, much more informative as to HOW the various machineries are operating behind our screens, in the secret world of cyberspies. Very very good.
The author tells the story of the major events, people, government agencies, and companies that have played a part in the history of Cyber Warfare. The book seems to be targeted at the general public: I think that even if you don't have a background in computing or security, you should understand everything. I was left wanting a better wrap up in the final chapter, but overall this is an interesting read.
A good introduction of the present realities of the Internet, posing considerations for where we take a technology which, after only 20 years, has become a integral part of our lives. If we continue to remain ignorant of the dangers posed to us, and the depth to which the military and governments have become involved, we have no one to blame but ourselves for shoving our heads in the sand. Snowden was our wake up call.
The book closes with the following: "Only an alert and knowledgeable citizenry can compel the proper meshing of the huge industrial and military machinery of defense with our peaceful methods and goals, so that security and liberty may prosper together.”
We shouldn't abdicate our responsibility to keep government overreach in check, despite promises of protecting the 'greater good'. Unfortunately, the government is deeply entrenched; removing them from the net is as likely as revoking a tax once imposed. Private industry will have powerful sway in balancing government abuse and invasion of personal privacy, unless they take the lazy route and collaborate for perks, like easy sales and kickbacks.
This entire review has been hidden because of spoilers.
This book is well-reported and written in a workmanlike manner, which is a shame—the book could have been great. Harris does a good job of showing the rise of cyber warfare within the Defense Department; the threat to industry, particularly the energy sector; the recent rise of private cyber security consulting firms; and the lack of preparedness inside the civilian portion of the Federal government, which ironically holds personal information of greater importance to most citizens. However, he walks you up to but doesn’t quite connect the dots on some fundamental contradictions in the system. For instance, is the NSA super powerful, or is it a bumbling bureaucracy that is hard pressed to keep up with the likes of Google and the Chinese? And if offense is so much easier than defense, why are the most elite hackers inside the NSA located in the Tailored Access Operations group, (one of) the offensive unit? And for that matter, how do we know the hacking problem is really as bad as the government says, given that Harris does a good job suggesting the amount of exaggeration and overreach undertaken by the NSA, and in particular Keith Alexander, its former leader?
There's some interesting facts in here, but boy is this thing a structural mess. Facts get repeated numerous times (did you know the private sector pays more than the public one for hackers?) Chapters also start out with a sense of coherence and then tend to end with the same points repeated elsewhere (Chinese hackers bad, American companies maybe should be allowed to hack back). The result is a book that really epitomizes the sense of "better as a magazine article," because so much of what's here ends up feeling like padding. Which is really too bad, because the discussion of the desire to set up cyberwar in Iraq actually sounded really fascinating.
The other general concern I have is it's very hard to get the feeling for how Harris actually feels about the NSA. Some parts of it feel just very over the top and laudatory, especially talking about how elite the NSA hackers are. I guess that's not a bad thing, but it makes it hard to get a sense of how concerned we should or should not be about some of what the NSA is doing.
Fascinating, fast-paced, and more than a little scary. A nice compliment to a number of other books that cover cyber issues and where they intersect with terrorism, war, and crime (see also Ted Koppel's Lights Out, Gordon Corera's CyberSpies, Marc Goodman's Future Crimes, among others). This book acts as a very tightly written and incisive overview of the US government's cyber efforts, both military and intelligence based. I'd love to see an updated version encompassing some of the recent happenings (further incursions by China, Russian election-related hacking) and also more in depth information about what exactly the US engages in (likely unavailable due to classification). That said, Harris does an admirable job explaining some of the technology, putting it in perspective, and keeping his own opinions to a minimum so the reader can determine how they feel about the path being followed. Recommended.
I wish I could give this book two separate ratings.
One the one hand, the factual basis and research are top notch. This makes the book a must read for anyone who is interested in cyberspace, government surveillance, and cyber security.
On the other hand, the author can't help but inject his personal feelings and biases, and it shows in his reasoning and conclusions. I understand that "bad guys," and conflict sell books. However, the authors would have it both ways with the NSA: a huge, malevolent, omnipresent surveillance organization that endangers privacy worldwide; and/or a near incompetent bureaucracy that should leave cyberspace to the private sector (which the author admits is nearly all former NSE/intelligence community personnel).
I can take the research, and leave the editorializing.
Harris discusses the successful uses of Internet hacking and spying by the military in Iraq and Afghanistan but then turns the tables and talks about the same processes being used against American citizens and American governments. Very eye openning for those who use their computers but probably very old hat for those that understand their computers and having been working in the industry.
Why I started this book: Downloaded it from the library.
Why I finished it: It's very easy to become paranoid about what the government and what companies know about you without your being aware that they are watching. We need more public debates about privacy, sercurity and government contracts.
@War is an indispensable book covering the background to present of the CyberWar environment and who the bad players are. There are more detailed books out there, but this one is more conversational and flows like a novel. No doubt that the bad guys will be reading this. It does cover many of the most successful campaigns on terror over the last 20 years. The stunning realization I came away with is that there is no brinkmanship. Battlefields of old gave everyone a lot of room to reconsider and re-calibrate a response. No more. Once these attacks are unleashed everything escalates instantly. There is no time for thinking after the fact. If you are in the business of keeping bad guys out, this may be as important as getting your Security Plus, it certainly will motivate you to.