RERUN: Are we in cyber war?

Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:04):
Welcome to Tech Stuff, a production from I Heart Radio.
Hey there, and welcome to tech Stuff. I'm your host,
Jonathan Strickland. I'm an executive producer with I Heart Radio
and a love of all things tech, and I am
currently hard at work on an episode that's about cybersecurity,

(00:25):
cyber warfare, AI, the AI arms race China. It's a
lot of stuff, a lot of different parts. This is
largely brought on because recently the Pentagon's chief software officer
resigned and in the process left a very angry and

(00:46):
detailed list of grievances that led to his decision to resign.
So I'm working on an episode that really dives into
all of that and explains what the landscape is, what
the concerns are, kind of tries to examine how realistic
certain threats are or whether there might be other mitigating factors.

(01:10):
As it turns out, these things get very, very complicated,
not just because of the technology, but because the way
the rest of the world works. Like, we can't divorce
technology from the way things happen in the world, right,
I Mean, they obey the same sort of restrictions that
the rest of us do. So anyway, long story short,

(01:31):
too late. I'm still working on that piece. I want
to make sure that it's as good as I can
possibly make it before I publish it. So in the
spirit of that piece, I thought we could listen to
a classic episode of Tech Stuff. This one published way
back on June two thousand nine, and it is titled

(01:53):
are We in Cyber War? So this episode is more
than a decade old. It's with me and original co
host Chris Pullette, and we just have this discussion. And
it's interesting to go back and listen to this because
obviously things have progressed a lot since two thousand nine.

(02:13):
The cyber threats have grown significantly since two thousand nine.
They were already significant then, but they're even more so now.
So I think it's a great starting point to kind
of say, here's where we were more than a decade ago,
and then that will lead into what will be Friday's episode,

(02:33):
which will be the deeper dive on the current landscape,
why people in positions of authority in different tech departments
within the United States are concerned, and what's going on
with China and whether or not that's going to have
a long lasting impact. So let's go and listen to

(02:56):
this classic episode and I'll be back at the end
to kind of chat a little bit more before we
wrap up Enjoy. Unfortunately, we have some serious things to
talk about. Actually, we have some pretty scary stuff to
talk about. This. This I think is even scarier than
our zombie computers and Halloween shows combined. Really, yeah, I think. So. Okay,

(03:19):
so we're gonna talk today about cyber war. It's not
pirate war, cyber war. Cyber war, so we're all we're
not talking about tron here um, nor are we talking
about war games, both of which are awesome movies, so
put them to the top of your Netflix queue. Um. No,

(03:42):
we're talking about using computers to either spy upon, or
sabotage or otherwise inflict some sort of harm upon a nation. Um.
And this can be done by one of a dozen
different entities. That's the That's one of the scary things
about cyber war, is that? All Right? So in classic warfare,

(04:05):
you know, usually you you would talk about two different nations,
or perhaps two different factions within a nation, fighting one another.
Pretty easy to identify who the parties involved are, right, normally, yeah,
because guys shooting at you, right, and normally they have
you know, uniforms of some kind on you know, not
to shoot your own guy. Yeah, yeah, there's some there's

(04:26):
some general little rules that make it easier to know
which guys are the ones you're supposed to be shooting. Um.
Cyber war is not quite that clean cut. The problem
with cyber war is that the attacks can come from anywhere.
They can come from another country. They can come from
patriots within another country that are acting on their own.
That could come from essentially a mercenary, a hacker that's

(04:51):
hired to do this sort of thing. Um, that could
come from someone who's just trying to cause mischief and
they don't have any other motives. Uh. So it an
attack that can come from another country, or that it
can come from within the country that is being attacked.
I mean, you know you're talking about uh sort of
a cyber terrorism in a way. Yeah. And as a

(05:12):
matter of fact, him, it could be somebody sitting in
his jammie, is in his living room in the computer.
You know, it doesn't need to be somebody out you know,
skulking around the streets or you know, somewhere in a foxhole. Heck,
it could be someone parked in your driveway, hacking into
your WiFi. Good point, and it's that's why we're talking
about how scary this is. It's um and and on

(05:34):
another level, it's also scary because it takes so little,
relatively speaking to UH to perform an effective cyber attack. Now,
when you're talking about a traditional attack on from one
nation on to another, you're talking about billions of dollars
worth of equipment, of of personnel. UH. You know, the

(05:56):
things that have to go behind a war machine. I mean,
we're that's a huge investment. When you're talking about cyber attacks,
you're talking about a computer and a computer connection, and
you know, you might have a couple of other little
bells and whistles to help you along, but you really
you don't necessarily need it if you know what you're
doing and you have the right software. So it's one

(06:17):
of those things wherefore a very low small entrance fee.
I guess you could say you could have a huge,
huge impact. As a matter of fact, your computer could
be used to carry out a cyber attack. Yes, if
you've if you've installed some kind of malware like a
virus or a worm that UH can turn your machine

(06:37):
into a zombie someone else can direct your computer to
UH to send email and a denial of service attack
which basically floods UM floods computers with spam and other
and other requests if you will, for information. The thing
is that doesn't require any cost on the part of

(06:58):
on the part of the attack or at all, because
all the machines are essentially donated, you know, from somebody else,
right and the and to make matters worse, UH, when
when anyone in authority tries to trace the source of
the attack, they might come to your computer and never
find the person who actually infected your computer in the
first place. So then you become the person of interest,

(07:21):
the person who's under suspicion for committing an attack, and
the whole time you were completely unaware. Um. Actually, that's
another big, big issue with the cyber warfare problem. Even
when you can detect an attack and trace it back,
you can never be a sure that the last place
you you trace it back to is in fact the

(07:42):
original spot of the attack, because there are these you know,
there's there are things like proxy sites, there are the
zombie computers where there's always the possibility that there's one
more link you haven't found yet that will take you
back even further. So that's uh, you know, if you
if you uh, if you were to detect, say an attack,
and you say, well, we've traced it back to China,

(08:04):
you can never be sure that that the Chinese government
was behind it. It could have been patriots in China
who had the same sort of goals as the government
of China, but we're acting on their own. Or it
could have even been a people in a totally different
country that just managed to use proxy sites in China
to fool you into thinking that's where the attack came from.

(08:24):
So it's really insidious. Um And you might wonder, well,
how how vulnerable are we to these sort of attacks?
And I guess it really depends on which system you're
talking about, because you know, the Internet is a network
of networks, right right, so any given network or any
given computer could be the weak spot, you know, and

(08:47):
and there are just tons of computers as part of
the Internet. You know, every time you were computer is
hooked up for Internet access, you become part of this
giant cloud. Um. So, and then the really sophisticated crackers,
those are the really nasty hackers. Those are the ones
who can find ways to manipulate a network in ways

(09:07):
that you know, most people don't think of, right and
and to give you an idea of how vulnerable certain
systems can be. Back in seven, there was a secret
experiment the Department of Defense commissioned and it was called
Eligible Receiver. I remember that. Yeah, this isn't This was
kind of an eye opener um. Now a lot of

(09:30):
Eligible Receiver, A lot of that mission remains classified, so
we don't know all the details. But what we do
know is that part of the the experiment involved getting
a group of hackers together, giving them some very basic
computing hardware and software, and telling them to try and
break their way into the Pentagon's computer system. And it

(09:53):
took them three days using basic computers and basic software. Uh,
three day is just for regular hackers. These aren't necessarily
the people who are who have a you know, an
actual motive to break into the Pentagon and the fact
that they're part of an experiment, right, It's not like
they have a government breathing down their next saying we
need access to this information. Uh So that's that's pretty

(10:19):
sobering to think that within three days one of the
nation's most important computing systems was compromised, even though it
was an inside job and an experiment, right, well, they
there have been attempts to shore that up since then,
and in fact they conduct regular exercises in order to

(10:39):
do that. In fact, there was one not that long ago.
Every year they there are students from Army, Navy, Air Force,
and the Coast Guarden Merchant Marine, as well as the
Naval Postgraduate Academy and the Air Force Institute of Technology.
And basically it's it's uh, undergrads were given the opportunity
to defend themselves from an attack by the n s

(11:02):
a UM and UH every year they undergo this experiment,
and uh, the West Point held out the longest and
they the Army got to defend their title. But they
were using Lenox computers. But this is apparently a normal thing. Um.
The Defense Department is only graduating eighties students a year

(11:24):
from schools of cyber war in the United States, according
to the New York Times article that I read about it. UM.
And if you're wondering, this is the fifty seven Information
Aggressor Squadron. They're based in Nellis Air Force Base, and
they are they they are. They are. They make a
point of doing this test every year, and um, you

(11:45):
know they it's one of those things where they are
making a conscious effort to attack and defend UH computer networks.
And apparently the uh you know, the nerds are nerds everywhere,
even at West Point Um according to the way, according
to the way the article was written. They get a
little ribbing for being the geeks of the group. But

(12:06):
even the you know, the the future officers that graduate
from their know the importance of the computer network because
that's one of the very first things they do. They're
about to deploy these guys to Afghanistan as a matter
of fact, and the first thing they're gonna do is
set up a secure internet connection, and they have to
be ready to defend themselves against denial of the denial

(12:27):
of service attacks and uh another attacks. So I mean,
they're they're coming right out of the service academies with
knowledge of how to attack and to protect UM computer networks,
military computer networks. There's a bit more to go with
our conversation about the state of cyber war in this

(12:48):
classic episode, but before we get to that, let's take
a quick break. You usually we call those sort of
exercises red team attacks UM where a group is is
designated to play the part of an UM adversary and

(13:12):
that's the Red team. And the Red team's job is
to is to achieve their goals by whatever means necessary.
So in other words, you know, you're not supposed to
necessarily follow a certain protocol or rules. You're supposed to
be inventive and creative and try and find new ways
to to really compromise or defeat the other team and UM,

(13:33):
because that's exactly what the enemy is going to do.
You know, the enemy is not going to play by
rules necessarily, especially if you're talking about enemies that you
can't predict. I mean, they may not even be directly
involved with any other government or or official agency. So
UM and and you know, we government websites and our

(13:53):
government web servers and and systems aren't the only targets.
One of the big targets in the United States, and
it's been in the news quite a bit over the
spring of two thousand nine is the electric grid and UH.
Part of the problem with that is that systems like
the electric grid and and some water and fuel systems
are using UM, using the software that that directly ties

(14:16):
into hardware, and if you just change a few settings,
you can cause catastrophic damage to the the equipment. UM.
There was a video that was on CNN for a
while where some uh, some electric utility experts showed that
with just a couple of tweaks, you could completely destroy
a generator by changing some settings through the computer system,

(14:41):
and they essentially turned a generator into a pile of
scrap metal. UM. Yeah, it was very sobering to me
to see that, because not that long ago the news
broke out that the United States electric grid, certain parts
of it anyway, uh, has been under attack by some
cyber spies over the last several years. And I don't

(15:02):
really know who it is, right right right. They've traced
them back mostly to China and Russia. But again um,
both China and Russia deny that they had anything to
do with it. But I mean, of course, wouldn't you.
The thing is it, you know, those countries are are
gradually becoming more and more uh, computer centric, and it
you know, it could be anybody. It could be you know,

(15:24):
it could it could be that they are directly involved, UM,
or it could be that it's groups of of individuals
within those countries, or like we said, it could even
be that the attacks are ultimately originating somewhere else, but
we're only able to trace them back as far as
Russia and China. So that's that's the other issue with
the Internet is that it is a global entity, and

(15:45):
so law enforcement officials only have so much authority to
pursue cyber attacks. You know, they can cross over borders
easily on the Internet, but law enforcement can't. They don't
necessarily have the authority to pursue an investigation beyond the
borders of you know, whatever their jurisdiction is. So that
also makes life much more complicated when you're talking about

(16:08):
fending off cyber warfare attacks. Yeah, you know, uh, it
wasn't even that long ago that some countries were complaining
of real cyber attacks launched on their inner infrastructure, like
Estonia not too long ago, and uh they were blaming
the Russians for that attack. But that was back in

(16:29):
in two thousand seven, all those years ago. Yeah, all
those both years ago. Yeah. Well, you know they say
that Internet time is sort of like dog years. It's
about that would make it about fourteen years ago in Internet,
So I guess so, um. Yeah. And then of course
there's the example of the Dalai Lama's office that the

(16:49):
Tibetan office that was uh. They knew they were being watched, right,
they were absolutely certain that their systems had been compromised UM,
and they hired a Canadian firm to investigate. In the
Canadian firm found that indeed, there there were programs installed
upon the Dali lamas Uh computer systems, and that it

(17:13):
appeared to be coming from an offshore island off the
coast of a China. And the software even included UM
controls that would allow people on the other end to
activate audio and video software UM and hardware so that
they could turn on if the computer had a webcam
or a microphone, they could turn it on and turn

(17:35):
it into a remote listening station, so they could actually
spy on the goings on of these offices remotely. UM. So,
I mean, this is a very real problem worldwide. It's
not just something that we have to worry about in
the United States or or you know, any other specific nation.
It's it's pretty much if if you have computers, there's

(17:57):
a good chance there's another party somewhere that's really interested
in finding out what you know and what you don't
know and what you're up to. Yep, and um, there's
there's even another component to it that I know we
were gonna stick, uh mainly to talking about how you
could use computers to launch computer attacks, but um, another

(18:17):
facet of this that I think is interesting was sort
of relates to a blog post I wrote in early
April um on the tech stuff blog that talked about
the Moldovan pro democracy protesters and they weren't launching computer attacks,
but what they were doing was using uh social networking
sites like Twitter and Facebook to coordinate their efforts sort

(18:41):
of like flash mobs. They could go ahead and use
computer networks like those and uh text messaging to discuss
where and when they were going to organize and meet
and hold a demonstration. So that's um, I mean, that's
you know, relying on the network staying up and rather

(19:01):
than taking them down. But UM, I just it's just
kind of funny because you know, you don't think of
you think of Facebook and Twitter or something we use
for fun or to to keep up with people, and
just another way that you can use them to actually,
I mean, those could those could just as well have
been used to hold a violent, you know, attack on someone. Say,
you know, meet at this corner at one forty in

(19:23):
the afternoon, Uh, you know, and have everybody show up
and start fighting. Well, if the law enforcement is unaware
of it or the military forces are unaware of it,
you know, that could be a devastating attack, and it
could be used by virtually anybody. Chris and I have
a bit more to say about cyber war in general,
and we'll get to that after this quick break. The

(19:52):
dangers of these attacks go beyond just damaging a network
or shutting down a system. UM. One of the big
fears that a lot of security folks have is that
what if you were to coordinate a physical attack with
a cyber attack. So what if you were to target
a major city and first you bring down the city's

(20:14):
power grid through a cyber attack, and then you couple
that with an actual physical attack like bombs or or whatever,
and that UM together, that would cause a real panic
because suddenly you have an entire population that that doesn't
have access to UM information the way they normally would,
and yet there is obviously chaos going on. And uh

(20:37):
that that really is the true definition of terrorism. There
you're you're inspiring terror in the victim. UM. Now would
this be nationwide? Probably not. For one thing, the electric
grid is really much a pretty much a regional kind
of thing. UM. But it's something that every region could
theoretically be vulnerable to without the right security measures in place. UM. I. Now,

(21:02):
that sort of attack obviously would have to come from
a much more organized group. UM. It would have to
come from a country or organization that had a strong
financial backing to be able to fund the physical side
of the attack. UM. So that that narrows down the
list of possible suspects who could do that. But it's
still within the realm of possibility. And it's one of

(21:24):
those things that you know, keep security people up at night.
Sure sure UM. And you know, I'm really not certain
what we're going to be able to do short of
pulling all the plugs um to make it h an
impost complete and utter impossibility that they could carry out
those kinds of attacks, because UM, it's just going to

(21:45):
require constant monitoring and searching for vulnerabilities. That's why the
efforts of those who are participating in those um those
computer security uh war games, if you will, UM, there
they're so important because they're searching, they're actively searching for
those vulnerabilities in the system and try, you know, to
try to find ways to patch them up before they

(22:07):
can be hacked into. But um, you know, I think
that any time that you update those systems, you're going
to open up new vulnerabilities and new problems. And you know,
it's just one of those things where the people who
whose job it is to pay attention to it are
just going to have to stay constantly vigilant to prevent
something like that from happening. And it is even more

(22:28):
complicated when you think that. You know, not every system
runs on the same software or operating system or whatever,
so some of them are proprietary and uh and and
so you might find something that works as a great
security measure for one system, but it's not at all
applicable to any other. So it is a huge challenge.
I mean, well, what's the response to that. Do you

(22:49):
go ahead and try and standardize everything so that hopefully
the same measures will work across the board. Because if
you do that and someone does find a vulnerability, suddenly
they've got a vulnerability that works across all systems. So
I mean it's a yeah, it's a double edged sword,
and it's it's there are no easy answers. We've got
people who are way smarter than I am working on

(23:09):
this UM and I wish them the best because this
is this is scary stuff. Now. Are we all in
danger of something like this happening anytime soon? I don't know.
I don't know. I don't think so. I mean, I'm
not I'm not staying up at night worrying the next
day about that's going to be the day when the
cyber war attack is going to happen. But it's I mean,

(23:31):
it is possible. It's just not necessarily something that you
know that I'm gonna have to worry about on a
day to day basis. Well, the more systems come online
UM in more places around the world, I think it's
going to be it becomes sort of like you know,
aerial assaults were after you know, that became a real
possibility in the twentieth century. It's it's going to be

(23:54):
something that a well planned military strategy is going to include.
You got your ground groops, you know, air see and internet.
Anything that can take down the computer network, the computer
the communications network, the power grid, all at one time.
If you can do that, then you know you'll panic
the citizenry, and that just gives you a better chance.

(24:17):
I can pretty much guarantee that just about every modern
nation in the world has some sort of plan like
that in place. Um, and I can also guarantee that
they're not going to share that because that kind of
defeats the purpose of the plan. Yeah, but you know,
my Internet connection goes down plenty without anybody attacking it.
So and I occasionally lose power if I sneeze too hard,

(24:38):
so or maybe a blackout. It's one of the two
either way. All right, then I'm done. I'm yeah. That's
all I have divulge to the public. That wraps up
that classic episode of tech stuff. Like I said, you know,
a lot has happened in the the you know, twelve
years since we recorded that episode. Uh, things have have

(25:03):
evolved dramatically. We have all sorts of different threats. We
have to be aware of things like like uh, like
supply chain threats like we saw with the solar winds hack.
That's just one example. So when Friday's episode publishes, I'll
have a more full discussion about cybersecurity in general. As

(25:26):
well as why are we seeing the various departments within
the United States Defense Department lagging behind when it comes
to cybersecurity, what might be done about it, how does
China factor into it? And more so, tune into Friday's
episode for a deeper dive into all of that. I

(25:48):
appreciate your patients. This means we will not have a
classic episode on Friday, So today was your classic episode.
And as always, if you have such austions for topics
I should cover in tech stuff, whether it's a specific technology,
a trend, a company, maybe that's the history of a

(26:09):
tech that you want to know more about. Reach out
to me on Twitter. The handle for the show is
text stuff H s W and I'll talk to you
again really soon. Y tex Stuff is an I Heart
Radio production. For more podcasts from my Heart Radio, visit

(26:29):
the i Heart Radio app, Apple Podcasts, or wherever you
listen to your favorite shows.

All Episodes

Episode Transcript

TechStuff News

Follow Us On

Hosts And Creators

Oz Woloshyn

Karah Preiss

Show Links

Popular Podcasts

United States of Kennedy

Stuff You Should Know

Dateline NBC

.css-15opob5{left:0;position:absolute;top:0.8rem;} All Episodes

.css-14f5ked{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:2;overflow:hidden;}RERUN: Are we in cyber war?