No maps for these territories – landscape of cyberwarfare reporting
In latest Edward Snowden’s profile prepared by Wired two new informations related to US cyberwarfare activity were revealed. First is that NSA caused internet blackout in Syria while trying to deploy exploit in one of Syria’s main routers. Unfortunately instead of accomplishing their goal operatives made router completely unresponsive – effectively cutting off country from foreign internet connections. Combining secret nature of NSA activities with increased rebel activity during that period (November of 2012) the narrative presented by media was naturally much different. Pretty much every major news network claimed (often backed up by source from intelligence / cyber security companies) that Syria’s government is responsible for blackout, and furthermore that it was a deliberate effort in order to prevent global coverage of atrocities that are about to happen. There are two side of this – it might be argued that given unstable situation and callousness of Al-Assad’s regime, government sponsored blackout was the most probable course of action. On the other hand this case brutally reveals how much and to what extend informations about cyberwarfare in all its aspects (be it hacker attacks, cyber espionage, ddos attacks or anything else executed from behind the keyboard) are based on speculations and probability scales. Make no mistake – it is not strictly fault of news networks, or rather it is but there is little they can do about it. In case of rising superpower of news media, the internet outlets of various forms what matters most is page visit counter. While this phenomena is certainly not limited to cyberwarfare reporting, combination of lack of sources, clandestine nature of operations and limited technical knowledge of news staff makes reports even sketchier and more sensationalistic than usual. After all nothing makes a better headline than a cyberattack straight from Tom Clancy’s novel.
But acts of cyber offense are not always so stealthy in publicity, especially when attackers want not only to do the damage but also to send a message. More or less that was the case with stuxnet deployment. Even the very first reports about technical difficulties of Iranian nuclear enrichment plants mentioned sabotage among possible victims. How is that different than crystal ball reading mentioned earlier? Main difference is that in many ways stuxnet was a precedent. From both political and technological point of view cyber operation that caused real, physical damage was both new and unbelievable. Given the circumstances stuxnet was also extremely interesting in terms of how story developed through time. While knowledge about virus came to light relatively early – just two months after initial reports – it took full two years for the story published in New York Times which supposedly confirms US origin of attack. In the meantime almost every news outlet managed to find at least one expert making educated guess about western powers involved. To be fair there was not much room for other interpretations. Sophisticated engineering required to create the worm ruled out even experienced ‘amateur’ hackers while politically sensitive target pointed in one direction. Still, Bruce Schneier called out all the reports calling them to be sensationalistic and devoid of evidence. Adding into the mixture lack of official commentary from neither US nor Israel and WikiLeaks cables mentioning call for ‘covert sabotage’ of Iranian nuclear program resulted in perfect cyber warfare story. To sum up, in a matter of a year story of stuxnet was a story of geopolitics, covert operations, global superpowers, nuclear weapons and new type of cyber weapon. If anything US cyber forces couldn’t imagine better PR campaign. Furthermore it seemed to happen without single official testimony. ‘Seemed’ is a key word here, as it is impossible to judge which informations were released, in controlled way to the reporters. Similarly NYT report relied on a ‘white house source’, to what degree the source was providing informations under guide lines from government is and will remain unknown.
Landscape changed radically with influx of leaks provided by ‘new wave’ of whistleblowers. Analysing timeline of the events it seems that activity of WikiLeaks was a catalyst of further revelations. Regardless of one’s opinion on Julian Assange, it has to be said that both scale and mode of operation of the service was certainly both unprecedented and much-needed. WikiLeaks started off one simple rule – not editorializing. Given the for its foundation and ideals of the founders such approach was rather obvious, aim was to provide public with real, raw documents that are taken into account when making behind-closed-doors decision. In this way WL was complete opposite of earlier mentioned analysis based journalism. This time often there was no analysis or context at all, it was up to the public to make sense out of it. With increasing popularity quickly came middle ground. Cooperation with major journalist and news outlets like publication of Afghan war documents together with The Guardian, Der Spiegel and The New York Times resulted in both coverage unreachable for ‘pure’ WikiLeaks and release of information unobtainable by ordinary journalism.
Where does this leaves us regarding cyberwarfare? The second piece of information revealed by Edward Snowden in The Wire’s article is about ‘MonsterMind’ software. Program is supposed to automate the cyber attack response and after detecting foreign threat launch a counter attack without human intervention. Furthermore system is designed to spoof location of attack, essentially rendering any attempts to correlate attacks targeting US with counter attacks useless. MonsterMind is example of reporting that would be impossible without leaked information. It is a mark of new stage in the history of journalism, informations that earlier were completely unobtainable will now may surface. Released by insiders, their motivations fuelled by outrage at intrusiveness and disregard for human rights while applying cyber espionage and cyberwarfare. It is hard to predict whether number of such will increase, or even stay at the current level, but certainly digital form and accessible cryptography and anonimisation tools made leaking information easier than ever. Recent case Gamma Group, with call to arms attached only proves the point. It is hard to underestimate how valuable is shift from analytical crystal ball to hands-on, actual information supported by professional, journalistic analysis. However, let’s not forget that leaks that are available now and will be near future are just scratching the surface. It would be naive to think that clandestine warfare committed using computers will be any more transparent than the one with suppressed rifles.