Cyberthreats: Coming to a Company Near You

The absurdity of a Seth Rogen movie precipitating an international incident may have obscured that episode’s significance as a bellwether in international cyberterrorism. Companies around the world have experienced massive thefts of intellectual property and disruption to their operations. Yet there’s no clear way forward for them. Three dramatic episodes illustrate.

Destruction of a Target’s Network

Remember Sony’s 2014 dust-up with North Korea? Given the reviews, The Interview would likely have quickly sunk into obscurity had The Hermit Kingdom not made an escalating series of threats, saying release of the film would be considered an act of terrorism. While the U.S. State Department was telling Sony it wasn’t in the business of censoring movies, North Korean hackers were penetrating Sony’s computer system top-to-bottom.

Our government was clueless about the company’s peril. Says David Sanger, “hackers working from laptops somewhere in Asia were not the kind of security threat [the NSA] was established to detect. And movie studios weren’t the targets the American intelligence community was focused on protecting.” The result was a worldwide takedown of the company’s computer systems.

Proliferating Malware

The NotPetya code, the malicious product of Russian military hackers, ultimately hit two thousand targets worldwide and cost companies an estimated $10 billion. Among the worst affected were the U.S. pharmaceutical giant Merck, FedEx’s European subsidiary, a French construction company, and Danish shipping company Maersk. Maersk, which lost some $300 million, salvaged its business only because a domain controller in Ghana already had been knocked offline when the malware struck.

Corporate Espionage

You’re probably familiar with how three Chinese hackers stole some 630,000 computer files related to the development and design of Boeing’s C-17 military transport plane, saving the Chinese government decades and billions in R&D. When the Chinese plane—the Xian Y-20—debuted at a Zhuhai air show, parked near the American C-17, the similarity between the two planes was inescapable. A gift to the Chinese from U.S. taxpayers.

According to a recent Wired article by Garrett M. Graff, “China’s extended campaign of commercial espionage has raided almost every highly developed economy, but far and away its biggest targets have been the military secrets of the United States.” He says many American companies were aware of the hacking, but have kept quiet to keep the huge China market.

What Next?

Such intrusions demonstrate that it isn’t enough to assume every company can (or will) sufficiently protect its own networks. “An individual company simply doesn’t have the resources or the capabilities to defend against a committed nation state attacker,” said Jamil Jaffer, founder of George Mason University’s National Security Institute in a recent Cipher Brief interview. Yet, for a host of reasons, government can’t do protect every business either.

Jaffer believes companies in key industries must start sharing threat data with each other. Though that’s against the grain, in a small way, it’s beginning to happen. Government may have a role, too, in some cases, depending on the target, the severity of the threat, and applicable law. But this strategy will take time, and as all these complex relationships and responsibilities are being debated and worked out, the hackers hurtle full speed ahead.

As an Amazon Associate I earn from qualifying purchases—a few pennies to put in a jar to pay my WordPress bills. When you make a purchase through the link on my website, you help me fill the jar. Thank you!

*****LikeWar: The Weaponization of Social Media

In David Sanger’s chilling book about the dangers of cyberweapons, reviewed here last week, he includes the impact of Facebook, Twitter, and other social media, but P.W. Singer and Emerson T Brooking focus laserlike on them in LikeWar: The Weaponization of Social Media. If you want to know chapter and verse about the barrage of efforts to manipulate American opinion in the election of 2016—and risk of even more in future—this is the book for you.

Singer and Brooking’s book, like Sanger’s, pulls together in one place the various threads of information about cyberthreats from the last few years, weaving them into a coherent, memorable, and understandable(!) whole. All these authors provide exhaustive lists of sources. It’s incumbent on responsible people to understand the tactics of information warfare, because, “[recent Senate hearings] showed that our leaders had little grasp on the greatest existential threat to American democracy,” said Leigh Giangreco in the Washington Post.

These ill-intentioned manipulators understand the human brain is hard-wired for certain reactions: to believe in conspiracy theories (“Obama isn’t an American”); to be gratified when we receive approval (“likes”!); to be drawn to views we agree with (“confirmation bias”). If we feel compelled to weigh in on some bit of propaganda or false information, social media algorithms see this attention and elevate the issue—“trending!”—so that our complaints only add to the virality of disinformation and lies. “Just as the internet has reshaped war, war is now radically reshaping the internet,” the authors say.

Contrary to the optimism of the Silicon Valley entrepreneurs who saw social media as a positive, democratizing force, this new technology is being used to destructive effect at many levels of society. At a local scale, for example, it bolsters gang violence in Chicago; at a national scale, it contributed to the election of fringe politicians; at a regional scale, it facilitated the emergence of ISIS; and at an international scale, it undergirds the reemergence of repressive political movements in many countries.

How to be a responsible citizen in this chaos? Like it or not, “we’re all part of this war,” the authors say, “and which side succeeds depends in large part on how much the rest of us learn to recognize this new warfare for what it is” and how ready we are for what comes next. Start by reading one—or both—of these important books.

As an Amazon Associate I earn from qualifying purchases—a few pennies to put in a jar to pay my WordPress bills. When you purchase this book by clicking on the photo above, you help me fill the jar. Thank you!

Our Biggest Threats Keep Growing

In The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age, New York Times national security correspondent David Sanger talks about nations’ pervasive and growing uses of spyware and malware to achieve their ends. According to Paul Pillar’s review in the Times, Sanger’s book is “an encyclopedic account of policy-relevant happenings in the cyberworld (that) stays firmly grounded in real events.”

It’s not a question of keeping the stuff out of our electric grid, the controls of our nuclear plants, our military establishment, our government. It’s already here. And a piece of spyware in our systems—watching, waiting—can turn instantly destructive on command.

While U.S. companies, utilities, and some government agencies would like to reveal how much they know about these intrusions—“hey, we’re looking at you, too, so watch it!”—the clandestine services argue against it, because they don’t want others to know that we know and what our detection capabilities are, much less guess our offensive capacity. If you were suspicious of that improbable string of fizzling North Korean missiles last year and wondered “could it really be . . ?” you were right.

Sanger’s riveting journalism covers the woes Russia has inflicted on Ukraine, especially its power grid, a seeming test-bed for attacks on the West; it reviews the Stuxnet virus developed by the U.S. and Israel, which exceeded its mission of damaging Iran’s nuclear centrifuges to emerge in the wild; he covers the fallout from Edward Snowden’s revelations; and he describes more recent threats. Across at least three Administrations in Washington, the responses to the size and potential scope of this threat have been paltry. “The clock cannot be turned back,” he says, and it’s up to all of us to hear the ticking.

****The Cypher Bureau

Enigma machine

PX Here, creative commons license

By Eilidh McGinness – This fictionalized history of the breaking of the Germans’ Enigma code methods in World War II is as tense as any thriller and more consequential, based, as it is, on true events.

Although readers around the world are familiar with the accomplishments of Alan Turing and the British code-breaking team at Bletchley Park—most recently popularized in the Benedict Cumberbatch movie, The Imitation Game—the substantial contribution of youthful Polish mathematicians to the unraveling of the Nazis’ coding system is less well known. This novelization of the life of Polish mathematician Marian Rejewski and his colleagues attempts to fill this historical blank spot.

As children, Rejewski and his two friends and fellow mathematics stars, Henry Zygalski and Jerzy Rozycki, lived through the German occupation and depredations of the First World War. Now, on the cusp of completing their university studies, war clouds are once again amassing on their country’s western border, and the Polish authorities are desperate to expose the Germans’ secrets and help foil their plans.

Rejewski, Zygalski, and Rozycki are successfully recruited to work for the Cypher Bureau, although, as invasion approaches, the danger of such work grows by the by day. They have successfully solved numerous important decryption problems, yet Rejewski longs for a chance to try cracking the Enigma—the coding machine the Germans considered unbreakable. Finally, he gets this super-secret assignment. Thanks to documents obtained by French intelligence and the lucky acquisition of an Enigma machine, he is able to reconstruct its internal wiring. Once that is accomplished, the method for determining the master key for a given day is the remaining challenge.

The insight that allows his breakthrough is not mathematical or technical, it is psychological. Having had German tutors in his youth, Rejewski knows how they think. As the author of the book on which The Imitation Game was based wrote about the Poles, “They had not broken the machine, they had beaten the system.”

Once Germany invades Poland, the code-breaking team flees, working its way across Europe, stopping briefly here and there to decode messages, deal with Germany’s efforts to make Enigma increasingly complex, and making hair’s-breadth escapes from the enemy. Although this book aims to be a true account and the writing style is never hyperbolic, its substance is akin to an action thriller.

The bravery and intellectual contributions of the Polish mathematicians and their team is clear. Equally so is the commitment of a great many people in Poland and elsewhere to keeping the secret of their accomplishments. Not one person ever revealed this information throughout the long years of the war, and the Germans never knew they’d been hacked. This in itself is an astonishing feat!

As an Amazon Associate I earn from qualifying purchases. Click the photo below to order this book.

The Catcher Was a Spy

The Catcher Was a SpyIt might almost be worth seeing the new movie Gotti with a sneering John Travolta in the lead, simply because it has received a (surprisingly) rare “0” rating from Rotten Tomatoes critics. Unanimity about a movie’s goodness or apparent awfulness is so rarely achieved that this may be a cinematic low-water-mark. A filmic Sahara. A future cult classic.

Last weekend, I went to another movie most critics have panned, because it is crammed with components I like: spies! history! Nazis! baseball! Based on a book by Nicholas Dawidoff, it recounts a bit of the true story of Red Sox catcher Moe Berg and was directed by Ben Lewin (who gets most of the blame), with a good script by Robert Rodat (trailer).

It wasn’t perfect, and maybe it’s slow for action film devotees, but the acting was superior. Paul Rudd played Berg, a man who loved baseball and had a great smile, but was hard to know. Through his Princeton connections, he was recruited to the fledgling OSS by its head Wild Bill Donovan (Jeff Daniels), mostly because of his facility with languages and despite his somewhat ambiguous sexuality. He has a girlfriend in Boston (Sienna Miller) for much of the film, but that’s an on-again, off-again thing, first with his baseball travel schedule, then his work in Washington and overseas.

Finally he gets the kind of assignment he craves: the U.S. has the Manhattan Project to develop a nuclear weapon, and the Allies believe the Germans are attempting this too, led by Werner Heisenberg (Mark Strong). But they can’t be certain (sorry). Berg is teamed up with a military man (Guy Pearce) and a physicist (excellent work by Paul Giamatti) to find out. If these suspicions are correct, Berg is to assassinate him. Unlike so many celluloid spies, Rudd’s Berg seems actually to weigh the significance of this assignment.

In a key scene early in the film, Berg signals the pitcher, but the pitcher waves him off. The opponent on first tries to steal second, but Berg manages to get the ball there in time to throw him out, ending the inning. Walking back to the dugout, he says to the pitcher, “Never ignore my signal when a man’s going to try to steal second.” Pitcher: “How’d you know he’d try?” “I just knew.” Berg’s skill in sizing up people was perfect for the OSS.

Rex Reed in the New York Observer said, it’s “a juicy story told blandly,” but still a movie worth seeing, and I agree. Maybe Gotti should get a second look.

Rotten Tomatoes critics rating: 32%; audiences 67%.

****Beside the Syrian Sea

Beirut, street, watcher

photo: Jonhy Blaze, creative commons license

By James Wolff – When reading this British spy thriller, you may feel that, like the protagonist, you’ve gone for a stroll in a dangerous section of town and found yourself in over your head.

Jonas’s father, part of a church delegation visiting Syria, has been kidnapped by Islamic fundamentalists, who demand a $100 million ransom for the 75-year-old cleric. Father and son have been a bit at odds, but despite that—or because of it—Jonas has vowed to rescue him.

Jonas did work for the MI6, yes, but in a desk job. His tradecraft is thin and contacts are few. Thus does Wolff put Jonas and his exploits in the realm of the doable. He makes decisions and takes actions an ordinary person, as opposed to an espionage superhero, might—a believable, somewhat erratic, and doubt-ridden character, easy to identify with and root for.

The story starts in a seedy Beirut bar, where Jonas seeks the help of the middle-aged former priest Tobias, who has previously negotiated the release of terrorist-held hostages. Jonas doesn’t tell him everything, wondering “how it had come to pass unnoticed that deceit had been worn into him like grooves in a record until all he could play were false notes.” Tobias is reluctant to get involved, but he has an interest in a woman named Maryam also stuck in Syria. Jonas says, if he helps, “we’ll get her out.” We?

Because this shaky rescue mission has no official standing, he’s unlikely to deliver on this promise, or on any of the commitments he ultimately makes with Hezbollah representatives, the espionage establishment, and anyone else he thinks can help him. You feel you’re mounting a wobbly tower made of playing cards, a fragile edifice that may collapse at any moment.

MI6 sends the tennis-playing Desmond Naseby to befriend and spy on Jonas and persuade him to give up his efforts. Naseby is quickly followed by CIA case office Harvey Deng. Deng is all business, aggressive and profane, but Jonas and Naseby banter amusingly. Says Naseby, “You can’t stand to be cooped up. Smell of the sea, bustle of the bazaars.” “Thwack of the tennis racket,” responds Jonas.

Edward Snowden taints the narrative like a malevolent spirit when it dawns on MI6 higher-ups that Jonas may have availed himself of some of the secret reports he’s been reading at his desk all those years. When it appears he is trying to trade a USB drive for his father, they give his case the operational name LEAKY PIPE and, well, panic sets in.

What keeps the pages turning in this highly entertaining tale, is that, like Jonas’s MI6 and CIA opponents, you can never be quite sure how much he really knows, what his strategy really is, or even if he has one. As a result, the outcome of his dangerous mission might succeed or, as seems much more likely, go disastrously wrong.

****Lincoln in the Bardo & ***The Sympathizer

Cemetery Angel

photo: Vicki Weisfeld

How many books can you read in a lifetime, or what’s left of it? (To calculate the limits on your literary throughput, check this out). Whatever the number is, it’s finite, so the books you choose may as well be good ones. Here are two prize-winners I recently ticked off my list.

****Lincoln in the Bardo

By George Saunders – This, the first novel by Saunders, a highly-regarded short story writer, appeared on many “best books” list for 2017. “The bardo” is a Buddhist concept of a state of being between death and rebirth. The Lincoln in question is our 16th President.

It’s still the early days of the Civil War, yet death and the prospect of death loom over the country. Willie Lincoln, the President’s twelve-year-old son lies upstairs in the White House, ill with typhoid fever. Nothing can be done but wait. Then, nothing can be done. The funeral is arranged, the small still body is placed in its coffin, and the coffin is set in a niche in a borrowed tomb. Yet Lincoln cannot let go.

In the cemetery after dark, the spirits of the bardo emerge. Dispossessed of their bodies, they cannot accept that they are dead and resist the mysterious forces that attempt to persuade them that they are. These spirits counsel Willie on how to deal with his grief-stricken father.

Written in many voices, in snippets, like the libretto for a manic and desperate chorus of the dead, the story is full of humanity and sorrow, with flashes of dark humor and, ultimately, deep compassion for the grieving Lincoln. Overwhelmed by his son’s death, the President knows he cannot indulge his grief for long, with the chaos of war rising around him.

***The Sympathizer

Written by Viet Thanh Nguyen, narrated by François Chau. Winner of the 2016 Pulitzer Prize for fiction, The Sympathizer opens with the chaos and terror of Saigon’s fall in the waning days of the Vietnam war. In the middle, the scene migrates to California, in the community of formerly powerful refugees, now consigned to marginal lives, and finally returns to the hostile territory of Communist-led Vietnam, where the first person narrator—“the captain”—is captured and interrogated. This book, readers are told, is his “confession.”

The captain early on declares himself a man with two minds, equally able to see both the tragedy and the farce of the war destroying his country. “I am a spy, a sleeper, a spook, a man of two faces,” he says. Though he works for a general in the South Vietnamese Army, he is a spy for North Vietnam. Still on assignment, he accompanies the general in exile and reports on his continuing and hopeless plans to return to their native country to wage counterrevolution.

Filled with both nostalgia and cynicism, the captain undertakes various duties, some banal, some murderous, and the latter haunt him. His most irony-filled task is accompanying a Hollywood filmmaker to the Philippines to assure that “real Vietnamese people” have a role in the auteur’s shallow cinematic depiction of the war. In that process, he realizes the real Vietnamese people were no more than extras in the war itself. Like the movie, it was an American production.

For my taste, the interrogation section of the book dragged. Chau’s narration lacked the propulsive energy to carry me through nearly 14 hours of listening. Better in print.

****Need to Know

Matrushka

photo: Chauncey Huffman, creative commons license

By Karen Cleveland – Debut Author Karen Cleveland’s new spy thriller comes from a heartfelt place. She wrote it while on maternity leave from her former position as a CIA analyst, and it is steeped with both internal agency politics and maternal concern.

First-person narrator Vivian Miller has developed an algorithm to help identify the Russian sleeper cells the CIA is convinced are hiding in the United States. Finding a cell’s handler—the only person who knows the agents’ identities—is  is an essential first step to unmasking the entire group.

Using her algorithm, she’s eliminated all but one of her handler candidates and is so close to cracking into the computer of the last one—a man named Yury Yakov—that she doesn’t mind the long working hours. Well, she does mind. She has a loving husband, Matt, and four kids at home, including toddler twins, one of whom has a serious heart defect. Fortunately, Matt works from home, and pitches in when she can’t pick up the kids or make the lunches or take Caleb to his doctor appointments. He also cooks.

In a breakthrough moment early in the book, Vivian finally worms her way into Yury’s computer, and, in a folder labeled “friends,” finds photographs of the sleeper agents in Yury’s cell. Four are strangers. The fifth is a shocking discovery—her husband Matt. From there on she must try to sort out the lies and deception from the true core of what she thought was a healthy, loving relationship. She really does “need to know.”

Throughout the story, she believes in him, then she doesn’t, then she does, and her waffling on this question may be realistic, or merely convenient, for her and the plot. Vivian’s uppermost concern is the safety of her children, especially as Yury circles nearer. Perhaps Cleveland occasionally overdoes Vivian’s mounting anxiety, but you can understand the confusion she is thrown into and how she naturally does return again and again to her touchstone: keeping the kids safe when she cannot trust anyone.

The tension is definitely there in this thriller, ratcheting up with each action Vivian does—or does not—take. The most engaging part of the story is her relationship with Matt, as each new event causes her to reevaluate everything that has gone on before and whether she can ever trust him again—a plot question I found rather easier to answer than Vivian did.

Cleveland evocatively describes the Washington, D.C., setting—the attitudes, travel logistics, and other details. Reportedly, people in the U.S. intelligence community are enthusiastic about this book. and a movie deal is in the works.

30-Second Book Reviews – Part 2

Reading

photo: Carlos Martinez, creative commons license

Recently Published

All the Wicked Girls by Chris Whitaker – An thriller in which real and symbolic dark clouds hover menacingly over a tiny Alabama community. Young girls—young religious girls—are being murdered. When another goes missing, the town’s turned into a tinderbox, and the sheriff is hard put to control the situation. The sheriff, the girl’s twin sister, and a couple of outsider friends are captivating characters. Written from multiple points of view, this is a complex, compelling story.

A Cold Death by Marilyn Meredith – Another in the popular Deputy Tempe Crabtree series. A group of sniping acquaintances is snowbound at a mountain cabin and none too happy about it. Loyalties shift; suspicions rise; accusations cascade. Crabtree also must deal with the ghost of a former resident, and the light touch of paranormal is handled well.

Classics Revisited

Theft: A Love Story by Man Booker prize-winner Peter Carey – In this 2006 novel, a flamboyant Australian artist struggles with a career past its peak, while dealing with his developmentally disabled (but entertainingly astute) younger brother, a conniving girlfriend who is always one step ahead of him, and an unforgiving ex-wife. “Witty, urbane, funny, and profound.”

Our Game by John le Carré – When one of the oldest friends of retired MI6 agent Tim Cranmer goes missing, along with Cranmer’s mistress, he sets out to find them. In this 1995 spy thriller, Cranmer’s bosses try to convince him his Cold War and thus his career are over, but his friend and fellow-spy appears to have identified some new mission, using the £37 million he’s stolen from the Russians to finance it. With this fast-paced, enjoyable read, you’re in the hands of the master.

The Directive by Matthew Quirk – There’s a short window of time between when the U.S. Federal Reserve makes its recommendations and when they’re made public. During that hour or so, they are one of the most closely guarded secrets in the financial world. The Ford brothers want that information, which is worth, well, millions. Clever plotting, persuasive, a fun read from 2014.

Audiobooks

A Gentleman in Moscow by Amor Towles – Prepare yourself to fall in love with Count Alexander Rostov, confined after the Revolution to Moscow’s famed hotel, The Metropol. The rich life he builds there never strays from elegance and civility, traits that the new Soviet power-brokers lack utterly. It’s a lovely story, and, as Ann Patchett says, “The book is like a salve.” Great narrator too.

The Lady from Zagreb by Philip Kerr – Kerr’s tenth Bernie Gunther novel, this one has the Berlin police detective on a confidential assignment from Nazi propaganda minister Joseph Goebbels—to track down the father of his favorite actress. Gunther meets the woman, and they begin a risky love affair. He does find her father, knee-deep in a bloodbath in Yugoslavia, but he and Goebbels decide to keep his murderous career a secret and tell her he’s dead. Like all secrets, this one has consequences. Gunther’s sly critiques and disdain for the Nazis is another dangerous activity, and you worry he’ll go too far.

A few more thirty-second book reviews are here. Enjoy!

****Kompromat

newspaper headlines

CC BY-SA HonestReporting.com, flickr/caseydavid

By Stanley Johnson – If you’re one of the millions of people on both sides of the Atlantic who look back on the elections of 2016 and say, to yourself or at the top of your lungs, “What just happened?” this satirical new political thriller is for you.

Its characters are such thinly disguised versions of today’s leading political figures, you can be forgiven for thinking you’ve inadvertently picked up a recent copy of The Times. Much-needed is the list of its many characters—from the US, Russia, Germany, China, various other countries, four “key animals” and, most numerous of all, leaders of the UK. “Kompromat” is a Russian word—a portmanteau meaning compromising material, and in this novel—as, possibly, in real life—most of these countries hold plenty of it on each other.

As the book opens, a 2016 US presidential candidate is participating in an international wildlife expedition that hopes to radio-collar a tiger. Events go wrong almost immediately. The candidate ends up in a hospital where the Russians plant a bug in his body. The CIA, ever on the ball, figures this out, and replaces it with their own bug. And they’re not the only ones. By the book’s end, America’s new president unwittingly has unwittingly become another “Voice of America.”

Meanwhile, the British have problems of their own. Its Secretary of State for the Environment is approached by the Russians, who have singled him out as a leading light of the “Eurosceptic wing” of the Conservative Party. He learns the Prime Minister agreed to the Referendum on EU membership (the “Brexit” vote) for a reason no more complicated than money. Apparently, the PM believed the vote would never actually occur and, even if it did, it wouldn’t succeed, and the Party would receive money for doing nothing.

Author Johnson devises numerous amusing and convoluted scenarios in which the hapless politicians become entangled. In his scenario, these byzantine schemes are organized and carried out by the Russian Security Service—the FSB, heir to the KGB—“ to change the whole structure of international politics.” The book is not only entertaining, it makes you think “what if?” and, as more news drifts out of world capitals, perhaps “why not?”

Johnson is a former politician and member of the Conservative Party, and a former employee of the World Bank and the European Commission, who has held a number of prominent environmental posts as well as being an environmental activist. In the time preceding the Brexit vote, he co-chaired Environmentalists for Europe. Although he’s on record as opposing the Referendum, his son Boris was a key leader of the “leavers.” The book is in development for a six-part television series too.