“Those who surrender freedom for security will not have, nor do they deserve, either one.”
— Benjamin Franklin
Gordon Corera’s book, Cyberspies: The Secret History of Surveillance, Hacking, and Digital Espionage, tracks the evolution of global intelligence and how countries operate within it. I can only fantasize about the cloak and dagger lifestyle of the modern spy, but after reading this book I imagine it could be somewhat similar to my own life, which involves spending several hours in front of a computer monitor every day.
Corera marks the book’s intent explicitly in his introduction stating, “Spying has always been controversial, raising complicated questions. This is not a book that sets out to tell people what to think. It is a work of history that aims to explain how we got where we are so that people can make up their own minds. We are facing a future in which everything is connected to the internet, in which the physical and virtual increasingly merge.”
Cyberspies largely leans on British history. Author Gordon Corera is a Security Correspondent for the BBC, and as an American reader this alone is an interesting perspective. Until somewhat recently, most media coverage on the subject of hacking was American based in this country. Corera spends considerable pages throughout this book connecting the dots between American three letter agencies and the information technology that they exploit in pursuit of intelligence.
Historians seem to agree that the birth of modern computer hacking (or computing really) occurred in England’s Bletchley Park during the Second World War, when a young Tommy Flowers went to work at Britain’s GCHQ (formerly Government Communications & Cypher School) to work on the first code breaking machine, aptly named Colossus. Colossus was designed to decrypt ciphers from the Enigma machines which were used in German communications. To have an advantage over the enemy it was necessary for the British government to break Nazi codes. The story of pioneering cryptologist and war hero Alan Turing as well as Tommy Flowers’ code breaking work has been well documented; however in Corera’s hands we find that this is also the starting point of an intelligence community between the allies that lasts to this day.
As the computer sciences matured, hacking grew along with it, and an ideology emerged in which the individual began to develop and acquire the same tools as the governments in order to protect their privacy. As the original hacker ethic solidified into a subculture, we began to see people like Richard Stallman’s Free Software Foundation and the founders of the Electronic Frontier Foundation begin to think about how hacking affects law, privacy and activism.
Corera’s narrative veers away from the hacker history canon and focuses on the corners of the story regarding governments and citizens. It’s in this context, in which the antagonism occurs between governments and hackers, that what we now know of as the ‘crypto-wars’. Pretty soon it wasn’t just governments who had the tools.
“What do I have to hide? None of your business” quipped Tim May: widely considered the first crypto-anarchist. We can trace cryptography as a potent political tool to the Cypherpunks of the ’80s, when these tools fell into the hands of the hacker underground. The most famous Cypherpunk alumni is Julian Assange, whose Wikileaks set the world on fire when it received almost a million diplomatic cables from former army private Chelsea Manning.The crypto wars are still raging today. Assange is quoted in Cyberspies: “The universe believes in encryption. It is easier to encrypt information than to decrypt it. We saw we could use this same property to create the laws of the new world. To abstract away our new platonic realm from its base underpinnings of satellites, undersea cables and their controllers. To fortify our space behind a cryptographic veil.”
Corera makes room in his book for one of my favorite golden-age hacking stories regarding the wonderful and funny Clifford Stoll, whose hacker classic The Cuckoo’s Egg from 1989, traces a hacker on a remote server stealing computer time from his astronomy lab, incurring a cost of 70 cents to the lab. Stoll, an astronomer at Berkley, becomes so obsessed with finding who it is that he ends up on a wild goose chase that leads us to German hacker Marcus Hess. With the help of (and indifference from) the CIA, NSA, and the FBI he uncovers Hess working for the KGB in Germany. Hess was ultimately using servers through Stoll’s astronomy lab to gain intel on on American missile plans and such.
Coincidentally, Stoll had been working with NSA head Robert Morris; an early cybersecurity expert whose son Robert Tappan Morris wrote one of the first computer worms. The Morris Worm is important as it’s considered the first internet virus. Robert Tappan Morris is now a respected computer scientist at MIT. While Stoll’s narrative is important and a classic in it’s own right, in Corera’s narrative it functions more like an anecdotal aside.
One of the things that makes a great spy story is the concept of misinformation and counterespionage. In the ’80s the Soviets ended up using a design for a space shuttle that was rejected by NASA. “Ask the prophets of doom to cite specific cases where the theft of intellectual property has done material damage and they often pause.” At this point in history we find that industry and it’s secrets can hold just as much power as government secrets. Often they are one in the same, e.g., government contractors and their subsidiaries.
Chinese company Huawei has supplied the hardware for the infrastructure of the British government. Many are concerned that the Chinese government can hit the kill switch on the entire British government. Corera has interviewed several insiders on whether or not this is a real concern: “The possibility of China switching off the networks and crippling Britain was judged to be a low probability/high impact event — something unlikely to happen, but extremely serious if it did. Was espionage possible? Possible perhaps, even though there was no hard evidence.”
We hear from a spokesperson at Huawei who counters criticism saying “[that] opinion is imposed on us” when asked about whether Huawei is an espionage arm of the Chinese state. She says there’s nothing unusual and that “the relationship between Huawei and the Chinese government is simply a relationship between any company and any government.” She concludes by saying, “Pointing fingers cannot help us get this issue solved.” This leaves us to speculate.
If China went to war with Britain, could China shut down the British infrastructure through throwing the killswitch on its economy? Corera is careful to state that this is highly unlikely, as it would destroy the global economy. “British officials believe that if this were to happen it might take down as much as half of the British network for a number of days, but they could then bring most of it back up quickly and continue to run it (what kind of chaos would ensue in the meantime is another question and officials admit that the system is so complex that no one can be absolutely sure of its impact). Resilience, it is said though has been built into the network so that even if something were switched off it would be localised and temporary.” Scary stuff. I imagine most people don’t consider the political implications of where their tech comes from.
Google’s emergence in China was a strained relationship from the start. When Google first got to China, the company censored search results in order to accommodate Chinese law. It was interesting to hear how Google and the US government navigated Chinese law while still trying to follow through on their “don’t be evil” ethos. Then allegedly China’s espionage agency PLA hacked them. It seems it’s going to be more difficult for authoritarian regimes to keep data from the people. This chapter is still being written.
“The systems can be not just a tool for espionage — for stealing secrets from other countries and states — but a tool for domestic surveillance and monitoring — spying on your own population.” In a book of chilling horror stories, I’m particularly creeped out by the NSA’s Metadata Security Analysis Center here in the United States. We learn about the telecoms complicity in handing over our cell phone records. We also learn about the government setting up data recording equipment in the phone companies “choke points” to obtain both foreign and domestic data. Thanks to Edward Snowden we can be certain that we are living in glass houses.
Ultimately we end up with Stuxnet, which is the first digital weapon attack. As I understand it Stuxnet is a code that made it possible for the US to manipulate the centrifuge control system (which is instrumental to the process of uranium enrichment) in Iran’s nuclear weapons program. (Editor’s note: for more information on Stuxnet, see Alex Gibney’s Zero Days.) Corera builds out the complex attack very simply, explaining the technical aspects as well as the political conditions that gave way to the birth and launch of the Stuxnet code. Reading about Stuxnet made me think it will be necessary for countries to somehow draw up an international digital warfare agreement; a Geneva Convention for the 21st Century.
How far into spying is too far to gain reconnaissance? When does it become an act of hostility? Corera writes, “What if penetrating defence companies allowed you not just to steal designs but also implant vulnerabilities which could be turned on during times of war?” These questions are raised again and again throughout this book. The ethics around cyber espionage are relevant to your nationalist sympathies. An interesting discussion is occurring around the world on how far is too far.
Indeed, there are many stories densely packed throughout Cyberspies. The book successfully zig zags through different countries, laws, and politics while maintaining its central theme. At the heart of this subject is the security/privacy tradeoff. Corera writes about, “… the fear of the unknown in the era of international terrorism and the desire to find terrorists before they do something.” It’s probably safe to say that as a culture we will continue to argue about protection and privacy for a long time.
A private citizen can take down governments and cause chaos. As I write the first draft of this article, the 2016 Democratic National Convention is happening in Philadelphia. Just this past weekend famous cypherpunk Julian Assange’s outfit Wikileaks leaked secret emails between the Hillary Clinton campaign and the top officials at the Democratic National Committee on how they could derail her democratic primary rival Bernie Sanders’ campaign momentum and help get their pick, Hillary Clinton, the party nomination. Cyber-espionage is defining our history as you read this.