Read an Excerpt

Summary and Analysis of Dark Territory: The Secret History of Cyber War

Based on the Book by Fred Kaplan

OPEN ROAD INTEGRATED MEDIA

Summary

Chapter 1: "Could Something Like This Really Happen?"

In June of 1983, President Reagan first saw the Hollywood blockbuster WarGames. Watching a tech-whiz kid who inadvertently hacks into NORAD (North American Aerospace Defense Command) and nearly starts World War III made Reagan wonder — just how vulnerable was the United States to such an attack? The answer surprised him. A similar attack was possible. Immediately, he charged the NSA with securing all computer networks and servers in the country.

However, the order was short lived, as many viewed it as overreach. The issue largely disappeared until the Clinton administration, when the country was hit by several cyber attacks. Yet it wasn't until Barack Obama's presidency that the United States created its first Cyber Command, and, in a time of shrinking military budgets, funded it massively.

The precursor to the NSA was created during World War I. Early cyber warfare techniques focused on gathering SIGINT (signals intelligence) by listening to communications. Over the years, it developed electronic spying techniques, such as tapping into microwave broadcasts to determine what the Soviets and other potential adversaries were up to. The United States stuffed the tenth floor of its Moscow embassy with monitoring equipment. But the Russians, too, could play this game, and began employing similar tactics against the United States.

In the 1960s the Defense Department created ARPANET, a program under the Advanced Research Project Agency, which was tasked with researching "futuristic" military weapons. An inadvertent forerunner to the Internet, it had been established to help scientists and the military share research. This created security concerns regarding classified information. These worries were waved off with the assertion that it would take decades for America's adversaries to be able to hack into the system. While this assumption was true, it fostered the creation of an unsecured network.

However, once technology made it possible to disable or destroy targets through a cyber attack, it dramatically escalated the risk and reward of cyber warfare.

Need to Know: A program created to help scientists share research invented what we know today as the Internet — also opening the door to cyber warfare and cyber attacks.

Chapter 2: "It's All About the Information."

When Iraqi leader Saddam Hussein invaded Kuwait in 1990, President George H. W. Bush retaliated with Operation Desert Storm, quickly defeating the Iraqi army. The NSA facilitated this achievement, monitoring and disabling Iraq's communications so that the United States could avoid traps and emerge with minimal casualties. However, the military was reluctant to wage cyber warfare itself: Commanding general Norman Schwarzkopf refused to disable infrastructure electronically rather than blow it up, and Secretary of Defense Dick Cheney also preferred bombing to hacking. Because of their refusal, Iraqi civilians on the ground lost their lives.

Mike McConnell, head of the NSA in the early 1990s, knew about the power of hacking. But he was concerned about the possibility of voice encryption, and how it could render their existing phone surveillance methods impossible. To combat that threat, he wanted to install something called a Clipper Chip inside every phone. The complicated chip, which would have increased the cost of the phone to $1,000, was doomed from the start, especially since many doubted it was truly secure.

Need to Know: During Operation Desert Storm, the NSA and others wanted to use cyber attacks to disrupt critical infrastructure, but were overruled. Cyber attacks were still in their infancy.

Chapter 3: A Cyber Pearl Harbor

The April 19, 1995, Oklahoma City bombing was the impetus for the creation of the Critical Infrastructure Working Group. The administration of President Bill Clinton had been floored by how easily lone terrorist Timothy McVeigh, with only a truck bomb, had killed 168 people and caused $600 million in damages.

Rich Wilhelm, NSA director of information warfare, was an important member. He helped the group realize that computer hacking and other online activity could cause as much damage as a terrorist attack — if not more. Meanwhile, attacks were already happening: a Russian crime group had hacked into Citibank computers and taken $10 million, while another hacker posted sensitive information about terrorism on the Internet. When one estimate — almost certainly hugely exaggerated — put the number of yearly attacks on the Defense Department at 250,000, it was enough to spur the creation of a presidential commission.

Getting the commission off the ground was a slow affair, as there were minor battles over both members and leadership. The administration settled on Robert T. Marsh, a retired Air Force general. The Marsh Commission produced a report that sent shockwaves through the government, and Clinton began to speak publicly about cyber attacks.

Need to Know: While information on the actual number and nature of cyber attacks was still unreliable, initial studies were enough to alert officials to the scope of the problem, and spur them to action. Nevertheless, Clinton was loath to invest in cyber defense, and most of the military, government, and commercial and banking sector had failed to grasp the threat it posed.

Chapter 4: Eligible Receiver

Each year, the Pentagon used Eligible Receiver, a wargame or simulation designed to prepare the nation for upcoming threats. In 1997, key NSA staff finally convinced higher-ups to allow hackers to test the entire DOD (Department of Defense). The DOD had one stipulation: hackers must only use commercially available technological means.

Although the game was set for two weeks, with a two-week extension, it took only four days for hackers to penetrate the entire Defense Department's network. Many server administrators had no idea they'd even been hacked. One penetration was as simple as calling the office and asking for the password, claiming they were technical support. The exercise paralyzed offices, flooded fax lines, stole passwords, and altered communications. Practice information warfare had been all-encompassing, quick, and successful.

Who would solve the problem, however, was less clear. When the NSA team presented the information to the Marsh Commission, they included one piece of information they had kept secret from the Pentagon: During the exercise, they had found evidence of actual hacking which had been traced to French Internet addresses. The commission was floored — and, finally, prepared to act.

Need to Know: It took years for the NSA to get permission to show the Department of Defense how weak their networks were — and they surprised even themselves with their network's quick and total penetration. After decades of brushing the concept aside, the top brass were listening.

Chapter 5: Solar Sunrise, Moonlight Maze

On February 3, 1998, members of the Air Force Information Warfare Center in San Antonio, Texas, realized they were under assault. Someone was hacking into Andrews Air Force Base, an attack that eventually spread to over a dozen bases. The White House went into crisis mode, naming the operation "Solar Sunrise," suspecting Saddam Hussein or another enemy player might be behind the attacks.

The truth was far less dramatic. Two teen boys in California, aided by another experienced teenage hacker in Israel, were competing against friends to see who could hack into the Pentagon the quickest. The American teens were put on probation, their international accomplices briefly jailed. Some in the government were relieved it had only been teenagers. Others were even more alarmed by the fact.

When a similar series of attacks, nicknamed "Moonlight Maze," began to proliferate, officials monitoring the intrusions were amazed by their sophistication. The hacker erased his steps as he went, and the analysts were at one point hard-pressed to prove there had been an intrusion. Before Eligible Receiver, in fact, it was unlikely he would have been discovered at all.

Using a sophisticated anti-hacking tool, government hackers infected the attacker with a beacon they could use to trace his movements across the Internet. The beacon led them to the Russian Academy of Sciences. President Clinton sent an FBI task force to Russia — under Yeltsin's tenure, the two nations had a cordial relationship — to confront them with evidence. Initially, a friendly general admitted to the hacking and apologized for the "criminal activity," blaming it on overreach by Russian intelligence. Halfway through the US visit, however, the general disappeared and the Russians stopped cooperating. The attacks ceased for a couple of months, before being relaunched using still more sophisticated techniques.

Need to Know: Eligible Receiver had finally given the Department of Defense the impetus and means to strengthen their networks. However, this only meant that they could detect hackers — whether American teenagers or Russian spies — not prevent hackers from getting in. Less well known was the fact that the United States was conducting its own covert intelligence gathering.

Chapter 6: The Coordinator Meets Mudge

Richard Alan Clarke, the Clinton administration's counterterrorism advisor, was tracking terrorist Osama bin Laden when he was tasked with cyber security. His fact-finding mission led him to an elite group of hackers in Boston known as the L0pht, led by a hacker called Mudge, who served as an informal consultant for several government and commercial outfits. Clarke was astounded by what a civilian group could accomplish from an equipment-filled room in a warehouse.

Fears of a Y2K bug, which the government worried would wreak havoc on the Internet as the year flipped to one ending in "00," led to the establishment of a National Information Coordination Center. Clarke, fully apprised of the country's vulnerability, began pushing to make it permanent, with a shadow-Internet called FIDNET (Federal Intrusion Detection Network) that would monitor government and civilian communications. When the plan leaked, civil-liberties advocates were appalled.

Clarke seemed to have lost the battle, until Amazon, Yahoo, and eBay were hit with coordinated service attacks. In a meeting at the White House with Mudge and the heads of major corporations, such as Microsoft and Intel, Mudge assured the group that the hackers had succeeded not because they were sophisticated, but because the skills needed to carry out that kind of attack were "trivial."

Need to Know: Despite the manifold threats, the White House and the commercial sector were still reluctant to devote major resources to Internet security. However, the military, which had seen firsthand how much damage even inexperienced and bare-bones hacking operations could do, were beginning to take steps.

Chapter 7: Deny, Exploit, Corrupt, Destroy

By the late 1990s, the fragile Dayton Accords, which had secured the peace in Bosnia-Herzegovina since 1995, were in tatters, and it was an open question whether or not Serbian President Slobodan Miloševic would hunt down those who had committed war crimes and allow free and fair elections. A stabilization force made up of the US and NATO allies, called SFOR, was tasked with making sure the Accords were followed. Information warfare and hacking, alongside military action, were an essential part of the mission.

First, elite British special forces pretending to be Red Cross workers successfully captured four Serbian war criminals. They then turned to defeating propaganda against Western interference. Once intelligence identified that TV stations sympathetic to the Serbian regime were directing citizenry to the locations of public protests, they disabled five towers that provided 85% of Serbians with television. Taking things one step further, the government pulled strings with Hollywood to get episodes of Baywatch shown on the lone pro-Western TV station. Now, when the regime wanted protests, their message was not only being blocked, but it was being replaced by women in bikinis.

Hacking was also essential to protecting aircraft from the regime's advanced radar capabilities during bombing runs. Hackers would infiltrate the radar systems and display nearly accurate, but fundamentally misleading, information to the Serbians, making them unable to effectively strike back, though their equipment appeared to be working. Also used were old-fashioned spycraft and propaganda, disseminating a picture of Miloševic's children vacationing in Greece. His supporters were outraged. Eventually, these intelligence operations and the bombs dropped from the sky contributed to Miloševic's defeat.

Need to Know: Information warfare and hacking helped win the war against Miloševic, but operational command still did not use it to its full capacity. To do so would require officers to have special security clearances to access operations — and on the other side, military leadership did not want to turn over their power to the Internet.

Chapter 8: Tailored Access

In 1999, Michael Hayden became head of the NSA and set out to reshape the organization. He developed the concept of GEDA (Gain, Exploit, Defend, Attack), which became the blueprint for the NSA's strategy during his time there. Using as his guide a critical report generated before his tenure, he appointed his own committee, one made up of outsiders and experts. Their damning report slammed the NSA for outdated practices and called for reform of the organization. Hayden implemented sweeping changes, bringing the agency into the new age of cyber warfare, eliminating a promotions system that prioritized tenure over talent, and creating a set of new teams to focus on modern threats. When, ten weeks into his tenure, the NSA suffered a massive computer failure, it only underlined the need for change.

Although in the past the NSA had largely focused in on listening to information, it now had to seek it out and, in some cases, engage in cyber attacks. A new team called the Office of Tailored Access Operations (TAO), which expanded to more than one thousand people across multiple locations, was tasked with offensive actions. As their capabilities became greater, they began to focus on flaws in commercial equipment and bugs in software. Some of these bugs, known as zero-day vulnerabilities, were especially valuable, because they were unknown to their creators, and functioned as secret back doors for the intelligence agencies.

Need to Know: Michael Hayden reshaped the NSA by hiring contractors and reforming the agency and its operational strategies, but the new offensive use of cyber warfare fell into a legal gray area.

Chapter 9: Cyber Wars

In 2003, President George W. Bush declared the second Iraq War over after Baghdad fell, but General John Abizaid, head of US Central Command, knew the conflict was just beginning. Cyber warfare, he believed, would be a key part of halting the attacks of terrorist groups like al Qaeda, but a pre-Internet bureaucracy stymied a centralized campaign. He turned to Keith Alexander, a one-star general who was the head of the Army Intelligence and Security Command, who used intercepts to piece together members of the terrorist groups tearing the fledgling Iraqi government apart.

Alexander went on to assume control of the NSA in 2005, replacing Hayden, whom he had clashed with in previous incidents. Like Hayden before him, he dramatically changed and reformed the agency. He created a new program for finding information, and crucially stepped up to help the United States during the troop surge in Iraq in 2007. Working with General David Petraeus, he sent teams of NSA members to Iraq to root out terrorists. In 2007, US intelligence helped defeat four thousand insurgents.

Meanwhile, other nations were using cyber war for a variety of purposes. In Syria, Israeli planes destroyed a North Korean–designed nuclear reactor by disabling Syrian radar through a sophisticated hack. In Europe, Russia hacked into Estonian computers after protestors demanded a statue of a Red Army soldier be torn down, making banks, email, and other modern services inoperable for up to a month. The attack was so sophisticated and broad that some took it as a declaration of war. Indeed, Estonia invoked Article 5 of the NATO treaty, which requires an attack on one NATO country to be treated as an attack on all members. It was the first official consideration of the question: At what point does a cyber attack constitute a declaration of war?

Need to Know: When US officials ran a test to see if a cyber attack could physically destroy infrastructure, hackers were able to successfully destroy a 2.25-megawatt power generator using little more than computer code. This was a major step forward — and a warning sign — for intelligence agencies.

---

Excerpted from Summary and Analysis of Dark Territory: The Secret History of Cyber War by Worth Books. Copyright © 2017 Open Road Integrated Media, Inc.. Excerpted by permission of OPEN ROAD INTEGRATED MEDIA.
All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.

---