North Korean leader Kim Jong-Un looks at a warhead tip in this photo released by North Korea's Korean Central News Agency.

North Korean leader Kim Jong-Un looks at a warhead tip in this photo released by North Korea's Korean Central News Agency. Korean Central News Agency

Threats

The Cyberwar Information Gap

Unlike a conventional military strike, state-on-state cyberattacks can go unreported for years.

Kaveh Waddell,
The Atlantic

|
Kaveh Waddell
By Kaveh Waddell

U.S. government hackers began developing destructive malware meant to disrupt Iran’s nascent nuclear program as early as 2006, and deployed an early version of the worm in Iran the following year. But it wasn’t until 2010 that the first public reports about the cyberattack—dubbed Stuxnet—began to surface.

At around the same time as the U.S. was working on Stuxnet, it attempted a similar attack on North Korea’s nuclear program. That effort failed: The malware never reached the computers that controlled the country’s nuclear centrifuges. But it wasn’t reported until 2015, years after it happened. Just this weekend, The New York Times described a series of cyberattacks on North Korea’s missile launches that took place in 2016, during Barack Obama’s final year as president.

The timing of these landmark reports emphasizes the yawning gap that often opens between a high-profile state-on-state cyberattack and the moment it’s revealed to the public.

For one, the effects of a military cyberattack often aren’t observable to civilians or journalists. Unlike a conventional strike—which might feature planes streaking across the sky or troops deploying on the ground—a cyberattack can be launched remotely and silently, and inflict damage only on a very limited target. (It’s also a lot easier to experiment with destructive malware in secret than it is to quietly test a nuclear bomb.)

When a cyberattack has been carried out, at least one party, the attacker, knows about it immediately. Sometimes, the attack’s target quickly becomes aware of what happened, but often, because of the confusing and covert nature of cyberwar, the victim remains in the dark for months or even years. When Chinese hackers stole personal data on more than 22 million Americans from the Office of Personnel Management, they gained access to two database systems in May and October of 2014—but OPM didn’t discover them until May and April 2015, respectively.

Calling out state-sponsored hackers could act as a deterrent against future cyberattacks.

Once aware of a cyberattack, the governments involved have to decide whether or not to publicize it. Sometimes, it’s in the best interest of both the attacker and the attacked to keep a hacking incident quiet. The reputation of the target country might suffer if it acknowledges that a successful attack was carried out against it, and it could even feel pressured to strike back if it became public. Meanwhile, the aggressor may benefit from keeping its cyber capabilities secret from other adversaries.

As the Times worked on the story about last year’s cyberattacks on North Korea, it was in contact with the Office of the Director of National Intelligence, and agreed to withhold certain details from the final story “to keep North Korea from learning how to defeat [the attacks].” James Lewis, a security-policy expert at the Center for Strategic and International Studies, said one of the Times reporters reached out to him several months ago. Lewis recommended the reporters check in with the DNI before publishing, which they did.

“It would have been better unpublished (unless the North Koreans finally woke up, and there was then no harm to going public),” Lewis wrote in an email. Now that they’re widely known, the cyberattacks may prompt Russia and China to take risky new moves to protect their own nuclear arsenals from American malware, James Acton, a nuclear-policy expert at the Carnegie Endowment for International Peace, told me this weekend.

When neither side is willing to go public, it takes dogged reporting to uncover a cyberattack. The Reuters story about the failed Stuxnet-style cyberattack on North Korea was sourced to several anonymous high-level intelligence officials, and came about five years after the initial incident. The Times story was a year in the making, and was assembled through interviews and a thorough review of public records and information.

But sometimes, it is in the best interest of the government that’s been hit by hackers to publicly attribute the strike to its perpetrator. The U.S. has shown a willingness to do this: On three separate occasions, the intelligence community has pointed fingers for a cyberattack, either through official statements or more subtly through the press.

After sensitive emails and documents from Sony Entertainment officials were leaked in 2014, the FBI said it had determined that North Korea was behind the hack. The OPM hack took place that same year, and after the hack was made public in 2015, although the government never released a formal statement, top members of Congress consistently blamed China for the incursion. And when WikiLeaks began to publish private emails from top Democrats, all 17 agencies in the intelligence community put out a joint statement singling out Russia as the aggressor.

State-on-state cyberattacks are a new enough phenomenon that international norms for dealing with them are still developing. Part of the U.S. government’s willingness to call out foreign state-sponsored hackers comes from a belief that doing so—and imposing consequences—will act as a deterrent against future cyberattacks.

But under President Trump, the U.S. government may be less willing to attribute cyberattacks than it was under Obama. As I wrote in December, Trump’s hostility toward investigations that focused on Russia’s election-related hacking, and his repeated public skepticism about the possibility of attributing hacking accurately at all, suggests he won’t put a premium on tracking down the origin of a cyberattack—or might avoid making such a determination public, if it’s ever reached.

This weekend, Trump made the unfounded claim that Obama ordered surveillance on his presidential campaign in the leadup to the election, and demanded that congressional investigators fold that question into their ongoing inquiry into Russian electoral interference. In the past, Trump has also called for investigations into leaks to media about Russia-related intelligence reports—a move that was seen as designed to distract from questions about Russia’s role in cyberattacks on Democrats.

If the U.S. becomes unwilling to come forward with details about cyberattacks that target American government agencies, businesses, or individuals, they may not come out for years—surfacing only when journalists connect the dots and publish the details.

NEXT STORY: Iraq Agreed to Share More Information With US to Avoid Travel Ban

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.