We’re Living Online in a House of Straw: A Selection from John P. Carlin’s Dawn of the Code Wars (2019)
“While we’ve spent the last decade primarily thinking about cybersecurity as the theft or leaking of data, increasingly the threat comes from the alteration and destruction of data. Cybersecurity’s next great fear is about undermining confidence—banks unsure their records are correct, military commanders unsure their positions or radars are correct, citizens unsure their votes are correctly tallied. We’ve seen this in the real world with Stuxnet, a piece of malware targeting Iran’s nuclear system that made machines go haywire and led its scientists to think they made errors, and now with Twitter and Facebook, where the efforts of groups like the Russian Internet Research Agency have made us wonder: Is that voice online a real human and is that a real news story or headline? . . .
Many Russian online crime forums were located in a small number of what were known as ‘bulletproof hosting’ facilities, data centers that specifically touted their willingness to flaunt the law and embrace criminal or controversial online content; these sites, mostly located inside Russia or in Eastern Europe, charged exorbitant fees—ten times or more the price of legitimate hosting sites—but the fees were part of a business model that often involved payoffs to corrupt local police or government officials who looked the other way at the hosting facility’s criminal links.
In a pattern that has persisted straight through to today, most online criminals were left alone by the Russian government as long as they focused their activities outside of the country—stealing from foreigners and robbing banks overseas. Besides, many Eastern European nations either didn’t have computer crime statutes at all or didn’t enforce them, meaning that the crimes were almost risk-free. The best known of these bulletproof hosts, notorious to investigators and webmasters online, was the Russian Business Network (RBN), a group based in St. Petersburg that was the vanguard of a new type of Russian organized crime. . . .
Whereas the original techtopian view of the spread of the internet was that it would break down national barriers and allow the free flow of information around the world—and, to a certain degree, it has, over the last decade—it’s also become all too clear that cyberspace does not exist independent of politics. In fact, we increasingly see that as the digital world becomes the prime driver of economic power and cultural influence, the internet is deeply and complexly intertwined in national ideologies and international geopolitics. To paraphrase Carl von Clausewitz, the internet is politics by other means. . . . Countries behave online the same way they do in the rest of their policies: They deploy similar tactics and pursue similar interests. . . .
We’ve fretted about attacks on our power grid, on our water supply, on hospitals, or on our air traffic control computers. Yet, in 2016, when Russia hit us with what was our first true cyber Pearl Harbor, they attacked a soft spot we’d never thought about. Russia attacked America’s confidence in America. They sought to undermine our belief in our own government, our ability to participate in our own democracy . . . . Russia realized that our national confidence was more delicate than it had been in years—and they exploited this insecurity online. They amplified our own messages attacking each other, they stoked our own anger, they weaponized our own hyperpartisanship. It was easy for Russian trolls and bots to hide among the many Americans angry with their present—and worried about their future. America was, as one friend of mine said, ‘dry tinder for the Russians.’ And over the last year, those who have sought to exacerbate these divides have continued to advance the work of the Russian government. You only need to log on to Facebook or Twitter these days to see that our hatred for ourselves—our distrust of each other—is leading us to doubt proud historical traditions, to question bedrocks of our democracy . . . . The very online tools that a decade ago we hoped would usher in a new era of openness and participatory democracy have instead been turned into tools of hate that spread disinformation and stoke anger with ease. . . .
We’re living online in a house of straw, yet even as the wolf approaches the door, not only are we not seeking shelter in a stronger house, we’re continuing to cram ever more stuff into our straw house. We’ve spent the last 25 years moving almost every piece of valuable data in our society online, and now we’re rapidly accelerating the pace of moving our stuff online, too—our homes, our cars, our medical devices. We know the wolf is there, but we’re putting ever more of our life into the vulnerable house. . . . Your modern refrigerator is a computer that keeps things cold. Your oven, similarly, is a computer that makes things hot. An ATM is a computer with money inside. Your car is no longer a mechanical device with some computers inside; it’s a computer with four wheels and an engine. Actually, it’s a distributed system of over 100 computers with four wheels and an engine. And, of course, your phones became full-power general-purpose computers in 2007, when the iPhone was introduced. . . .
‘In the days of the Roman Empire, roads radiated out from the capital city, spanning more than 52,000 miles. The Romans built these roads to access the vast areas they had conquered. But, in the end, these same roads led to Rome’s downfall, for they allowed the invaders to march right up to the city gates.’”—John P. Carlin, Dawn of the Code War: America's Battle Against Russia, China, and the Rising Global Cyber Threat (2019)