More on this book
Community
Kindle Notes & Highlights
Read between
January 17 - January 23, 2020
This is what cyberwar looks like: an invisible force capable of striking out from an unknown origin to sabotage, on a massive scale, the technologies that underpin civilization.
A small group of researchers would begin to sound the alarm—largely in vain—that Russia was turning Ukraine into a test lab for cyberwar innovations. They cautioned that those advancements might soon be deployed against the United States, NATO, and a larger world that remained blithely unprepared for this new dimension of war. And they pointed to a single force of Kremlin-backed hackers that seemed to be launching these unprecedented weapons of mass disruption: a group known as Sandworm.
Sandworm would demonstrate as never before that highly sophisticated, state-sponsored hackers with the motivations of a military sabotage unit can attack across any distance to undermine the foundations of human life, hitting interlocked, interdependent systems with unpredictable, disastrous consequences.
The link between Sandworm and a Cimplicity file that phoned home to a server in Sweden was enough for Wilhoit to come to a startling conclusion: Sandworm wasn’t merely focused on espionage. Intelligence-gathering operations don’t break into industrial control systems.
Sandworm seemed to be going further, trying to reach into victims’ systems that could potentially hijack physical machinery, with physical consequences.
“They’re possibly trying to bridge the gap between digital and kinetic.” The hackers’ goals seemed to extend beyond spying to industrial sabotage.
To analyze the entire internet’s digital conflicts in real time, Arbor ran a system called BladeRunner, named for its bot-tracking purpose. It was part of a collection of millions of “honeypots”—virtual computers running on Arbor’s servers around the world, each of which was expressly designed to be hacked and conscripted into a botnet’s horde of enslaved PCs. Arbor used the computers as a kind of guinea-pig collective, harvesting them for malware samples and, more important for the company’s business model, to monitor the instructions the bots received from botnets’ command-and-control
...more
after the 2016 Kiev attack, he wrote a prediction on Twitter and pinned it to his profile for posterity: “I swear, when Sandworm Team finally nails Western critical infrastructure, and folks react like this was a huge surprise, I’m gonna lose it.”
“Why should U.S. taxpayers be interested in Ukraine?” Trump’s secretary of state, Rex Tillerson, callously asked a group of diplomats at a gathering in Italy, three months before NotPetya’s release. NotPetya provided a tidy answer to Tillerson’s question. Americans ignored Ukraine’s escalating cyberwar in the face of repeated warnings that the attacks there would soon spread to the rest of the world.
“The physics of cyberspace are wholly different from every other war domain.” In those physics, NotPetya reminds us, distance is no defense. Every barbarian is already at every gate.
Now he could see that there wasn’t some line between the influence operation of election meddling and disruptive attacks on infrastructure. All of it was an influence operation, he now believed. “It’s not about turning out the lights,” Hultquist said, his eyes wide with epiphany. “It’s about letting people know you can turn out the lights.”
