Last Friday, the U.S. government unveiled its National Strategy for Trusted Identities in Cyberspace, a blueprint for the private-industry development of voluntary tools that would authenticate and consolidate your identity online. We need such a thing, the government says — in a pamphlet titled, well, "Why We Need It" — because our proliferating online passwords are inconvenient and insecure, and because last year 8.1 million adults in the U.S. suffered identity theft or fraud, at a cost of $37 billion. The idea seems like one mandated by the moment. Increasingly, important commerce, ... Read More
Cybercop Fights Organized Internet Crime
March 14, 2011 • By • Leave a Comment
It was August 2005, and Steve Santorelli had recently left Scotland Yard to join Microsoft's Internet Crimes Investigation Team. He was camping in the forest near Redmond, Wash., with some of his team members, trying to escape their technology-dominated existence, when a call came in from the Microsoft lab. Other team members had just cracked the code to the notorious Zotob computer virus. "At the campsite, I overheard one of the guys mention the nickname C0der, and uniquely spelled C-Zero-D-E-R, being identified as the author of this virus. I almost choked on my coffee," Santorelli says. ... Read More
Mobilizing in the Fifth Domain
October 27, 2010 • By • Leave a Comment
Now that large institutions like NATO and the United Nations have recognized cyberspace as the fifth domain for warfare (“after land, sea, air, and outer space”), and the Pentagon has brought its Cyber Command up to speed, the Obama administration has drawn up rules of engagement for America’s laptop legionnaires. In case of a major assault on the country’s computer networks, it seems, the Pentagon can operate on American soil. This is a big deal. As a rule, the military deploys on enemy soil. The president can make exceptions for natural disasters, and now the White House has set ... Read More
‘Cyberwarfare’ Will Blur the Edges of War
October 20, 2010 • By • Leave a Comment
The question first came up when Estonian government servers went down in 2007, under a "denial-of-service" attack that seemed — but was never proven — to come officially from Russia. Estonia was a new member of NATO and felt bullied by its former Soviet big brother. But the question was awkward, and it came up again when Georgian servers went down just before Russian tanks invaded a Georgian province in 2008. (Georgia also wants NATO membership as a shield against Russia.) Were cyber-attacks warfare, and should they trigger Article 5 of the North Atlantic Treaty, which provides for ... Read More
Building Backdoors Into Computer Chips
October 6, 2010 • By • Leave a Comment
The Stuxnet worm, a now-famous digital weapon probably aimed at an Iranian nuclear reactor or enrichment plant, turns out to be a ham-handed tool for cyberwarfare. Although it was written to do significant damage to a single facility, with a sophistication that left some analysts breathless, it was anything but precise; it spread promiscuously by USB stick, using flaws in Windows, and wound up on machines from Europe to Indonesia. Swifter methods of electronic warfare may already exist. The secret Israeli attack on a suspected nuclear plant in Syria near the end of 2007 occurred during a ... Read More
War With Iran? Stuxnet May Be First Cybersalvo
September 28, 2010 • By • Leave a Comment
The last time a Middle Eastern government hostile to Israel came close to building a nuclear bomb, the Israelis reacted with a swift, clandestine air raid that destroyed the reactor in question (Saddam Hussein's Osirak plant) before it could enrich uranium. Advance rumors of a similar raid by Israeli or American planes on Iran's nuclear facilities have been circulating, of course, for years. But some computer experts wonder if a new form of warfare — namely the computer worm called Stuxnet — hasn't been launched against Iran already, either by Israel or the United States. Guessing ... Read More
USB Warfare: The Real Electronic Nightmare
September 22, 2010 • By • Leave a Comment
The gist of this column lately has been that threats of "cyberwarfare" waged through the public Internet are the stuff of Hollywood schlock and patriotic pulp fiction. But there are other ways to wage electronic war, and they tend to be more terrifying precisely because they're tougher to fight. Siemens announced in July that a malicious bit of code called Stuxnet could spread on USB thumb drives and try to lift industrial secrets from its clients around the world. It's the first large-scale worm of its kind, an act of sophisticated industrial espionage that indicates the real future of ... Read More
International Treaties and the Internet
September 15, 2010 • By • Leave a Comment
A United Nations background paper on fighting online criminals calls cyberspace "the fifth common space — after land, sea, air, and outer space." It's a stirring achievement of the human imagination, not only to build an entire "space" where people can live and socialize, manage their finances and play "World of Warcraft," but also to run into so much trouble that the space requires international regulation. In my lead column on cyberwarfare, I came out against international treaties modeled on, say, chemical-weapons accords that would pretend to establish cyberpeace among highly wired ... Read More
Internet Censorship, Here and Over There
September 8, 2010 • By • Leave a Comment
Uproar this year over an "Internet Kill Switch" bill has largely subsided because the legislation has stalled in the Senate. The summer controversy focused on a proposed presidential power to declare a national emergency and shut down parts of the Web dealing with "critical infrastructure," for up to four weeks — which under a willing White House legal adviser, critics said, might lead to Chinese-style Web censorship for political enemies. Actually, the bill was never so specific. Sen. Joe Lieberman and its other sponsors in the Senate have argued the Protecting Cyberspace As a ... Read More
