The cyber nuclear option that might already be in place

By Andrew Ivers, September 20, 2016

In late 2015, a top-flight online security expert made a startling discovery while investigating an attack on one of his corporate clients: A routine effort to hold the company’s data for ransom had exploited a path blazed more than a year earlier, yet the initial hackers had yet to cause any harm, despite pulling off an elaborate break-in. As the author and journalist William Langewiesche tells it in a new article for Vanity Fair, “The only possible purpose, Opsec concluded, was that of a sleeper cell, lying in wait as a pre-positioned asset to be used as a last resort, like a nuclear weapon, in the event of an all-out cyber-war.”

Opsec, whose name is not really Opsec, is a “grand master” of hacking, “one of a small elite—maybe a hundred, maybe fewer.” He started when he was just a kid, back in the late 1980s. By 16 he was poking around Chinese government networks on the side for a customer at the Washington-area electronics store where he worked; he assumed the man worked for one of the US intelligence agencies. He gradually went straight and got into the cyber defense game, but only for serious clients. And it was in the network of one of these clients—an “Internet behemoth” that “streams entertainment online” but which Langewiesche refers to only as “the Company”—that Opsec discovered the “sleeper cell” breach last year.

His conclusion that it was part of a cyber nuclear option—fashioned, it turns out, by a Chinese government team Opsec had encountered before—is based on the fact that it was so valuable that it should have been used already. Once inside his client’s network, it could potentially exploit as many as 70 million personal computers. Hijacks like these are how hackers create “botnets,” “illicit networks of infected computers” that can serve as “force multipliers” in cyber combat. If the perpetrators got into “other large Internet companies” in the same way, which seems likely, “the combined effect would have been the creation of by far the largest botnet ever seen, an Internet robot consisting of perhaps 200 million computers, all controlled by one small Chinese hacking team.”

Opsec assumes the National Security Agency is now monitoring the intrusion with the aim of disabling or co-opting it. And if that last bit has you wondering what American hackers are doing abroad themselves, you might want to check out Zero Days, a new documentary about Washington’s “expanding and largely invisible embrace of offensive cyber weaponry,” which Sue Halpern covers with an excellent essay in the latest New York Review of Books.

As the coronavirus crisis shows, we need science now more than ever.

The Bulletin elevates expert voices above the noise. But as an independent, nonprofit media organization, our operations depend on the support of readers like you. Help us continue to deliver quality journalism that holds leaders accountable. Your support of our work at any level is important. In return, we promise our coverage will be understandable, influential, vigilant, solution-oriented, and fair-minded. Together we can make a difference.

Support the Bulletin