Kingdom of Lies

Home > Other > Kingdom of Lies > Page 18
Kingdom of Lies Page 18

by Kate Fazzini


  FIPS 1, CST, RAILROAD CLUB AT MIT

  The first incarnation of the Federal Information Processing Standards (or FIPS) was published in 1968, followed by several standards on encryption and data security throughout the 1970s that would underpin the field of cybersecurity into the twenty-first century.

  CST probably refers to the Computer Sciences and Technology Lab. One of its first publications, in 1978, is “Effective Use of Computer Technology in Vote-Tallying,” which focuses on accuracy and security controls in vote counting done by computer.

  The Tech Model Railroad Club at the Massachusetts Institute of Technology (MIT), which formed in 1946, became a hotbed of early hacker activities in the 1970s and early 1980s, a result of actual model railroad enthusiasts’ interest in “signals and power” circuits and switches that make the trains run. This group utilized the term “hacker” in its current form as early as the 1940s.

  VOTE COUNTS, JARGON FILE, LINUX KERNEL ONE

  Electronic voting has a long history in the United States going back to the 1960s. By the 1980s, several states, wary of traditional punch-card systems, began favoring electronic readers for counting vote cards and punch ballots.

  The jargon file is a record of hacker lingo first developed at Stanford in the mid-1970s. It records the history and development of casual cybersecurity terms. The first Linux kernel, version 0.01, an open-source computer code, was released in 1991 by Linus Torvalds.

  BILL JOY, LARRY WALL, LINUS, GUIDO VAN ROSSUM

  Bill Joy was a cofounder in 1982 of Sun Microsystems, an early computer company. Around the same time, Larry Wall was developing Perl, an influential computer language. Linus Torvalds is mentioned above, and Guido van Rossum developed the Python programming language, one of the most popular languages today.

  CAPTAIN CRUNCH, MA BELL, TWENTY-SIX HUNDRED

  John Draper, aka Captain Crunch, was an early and influential hacker, part of a loose collective that referred to themselves as Phone Phreaks because they used telephones to hack into various organizations through the phone lines, especially those owned by the Bell Telephone Company, aka Ma Bell. The 2600 was a magazine catering to phreaks and other early hackers that detailed how to achieve various malicious activities. Founded in 1984, the title refers to the 2600-hertz tone, which hackers found could be replicated with a toy whistle found inside Cap’n Crunch cereal boxes.

  Sources

  My observations and conclusions in Kingdom of Lies are based exclusively on unclassified, open-source information; my personal observations; and my interviews with individuals who claim knowledge of specific events. None of the information in this book involved access to classified intelligence.

  PROLOGUE TO CHAPTER 5

  Seleznev, Roman. (2017, April 21). “Roman Seleznev Letter.” New York Times. www.nytimes.com/interactive/2017/04/21/technology/document-Seleznev-Letter.html.

  U.S. Attorney’s Office for the Northern District of Georgia. (2017, May 19). “Convicted Russian Cyber Criminal Roman Seleznev Faces Charges in Atlanta.” www.justice.gov/usao-ndga/pr/convicted-russian-cyber-criminal-roman-seleznev-faces-charges-atlanta.

  CHAPTERS 6 TO 10

  Bhattacharjee, Yudhijit. (2011, January 31). “How a Remote Town in Romania Has Become Cybercrime Central.” Wired. www.wired.com/2011/01/ff-hackerville-romania/.

  Carr, Jeffrey. (2011). Inside Cyber Warfare: Mapping the Cyber Underworld. Sebastopol, CA: O’Reilly Media.

  Healey, Jason. (2013). A Fierce Domain: Conflicts in Cyberspace 1986 to 2012. Cyber Conflict Studies Association.

  Hinsley, F. H. (1979). British Intelligence in the Second World War: Its Influence on Strategy and Operations. London: Stationery Office Books.

  Mandiant/FireEye. (2013). “APT1: Exposing One of China’s Cyber Espionage Units.” www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf.

  Usdin, Steven T. (2005). Engineering Communism: How Two Americans Spied for Stalin and Founded the Soviet Silicon Valley. Binghamton, NY: Vale-Ballou Press.

  CHAPTERS 11 TO 16

  Department of Justice. (2017, November 27). “U.S. Charges Three Chinese Hackers Who Work at Internet Security Firm for Hacking Three Corporations for Commercial Advantage.” www.justice.gov/opa/pr/us-charges-three-chinese-hackers-who-work-internet-security-firm-hacking-three-corporations.

  Department of Justice. (2014, May 19). “U.S. Charges Five Chinese Military Hackers for Cyber Espionage Against U.S. Corporations and a Labor Organization for Commercial Advantage: First Time Criminal Charges Are Filed Against Known State Actors for Hacking.” www.justice.gov/opa/pr/us-charges-five-chinese-military-hackers-cyber-espionage-against-us-corporations-and-labor.

  Trustwave. (2017). “Post-Soviet Bank Heists: A Hybrid Cybercrime Study.” www2.trustwave.com/Post-Soviet-Bank-Heists-Report.html.

  Wang, Helen. (2004). Money on the Silk Road: The Evidence from Eastern Central Asia to c. AD 800. London: British Museum Press.

  Whitfield, Susan. (2018). Silk, Slaves and Stupas: Material Culture of the Silk Road. Oakland: University of California Press.

  CHAPTERS 17 TO EPILOGUE

  Department of Justice. (2018, July 13). “Grand Jury Indicts 12 Russian Intelligence Officers for Hacking Offenses Related to the 2016 Election.” https://www.justice.gov/opa/pr/grand-jury-indicts-12-russian-intelligence-officers-hacking-offenses-related-2016-election.

  Department of Justice. (2015, October 15). “ISIL-Linked Hacker Arrested in Malaysia on U.S. Charges (with complaint).” www.justice.gov/opa/pr/isil-linked-hacker-arrested-malaysia-us-charges.

  Hadnagy, Christopher. (2018). Social Engineering: The Science of Human Hacking. Indianapolis: Wiley.

  Næringslivets Sikkerhetsråd. (2016, September). “Norwegian Computer Crime and Data Breach Survey 2016. Mørketallundersøkelsen 2016.” www.nsr-org.no/getfile.php/Bilder/M%C3%B8rketallsunders%C3%B8kelsen/morketallsundersokelsen_2016_eng.pdf.

  National Institute for Standards in Technology. (Created October 12, 2010; updated August 27, 2018). “ITL History Timeline 1950–2018.” www.nist.gov/itl/about-itl/itl-history-timeline.

  U.S. Attorney’s Office for the Southern District of New York. (2015, November 10). “Attorney General and Manhattan U.S. Attorney Announce Charges Stemming from Massive Network Intrusions at U.S. Financial Institutions, U.S. Brokerage Firms, a Major News Publication, and Other Companies.” www.justice.gov/usao-sdny/pr/attorney-general-and-manhattan-us-attorney-announce-charges-stemming-massive-network.

  Author’s Note

  Thank you for taking the time to read this book.

  I didn’t set out to write a book, certainly not after I joined the cybersecurity field. I wanted to leave my brief, youthful background as a journalist behind and do something real. And I did.

  As I wrote in the beginning, that’s when I noticed the holes in the narrative we have grown to accept about security and insecurity of technology, and the real people who were working in or even leading various factions within it.

  WHAT JUST HAPPENED?

  After going to work for The Wall Street Journal, I was mostly prohibited from using anonymous sources, which is a good thing and strengthens news coverage. But it also meant that the majority of people I talked to would never see their names—or pseudonyms—in print.

  This book gave me the flexibility to tell controversial stories, or see events through the eyes of people who lived them. I acknowledge that these people might not always have told the truth. My father, a Navy vet, once said that sailors had a tendency to tell tall tales, and here we are looking through the lens of sailors on a rough, digital sea.

  You may also note that I’ve fictionalized some locations—such as Arnica Valka, Romania, which does not exist—but kept other real locations. In some cases, creating fictional locations or companies was the only way to adequately convey the story while ensuring that I was protecting the identity of sources and other innocent parties.

  WHY DOES IT MATTER?

  I’m completing this book a
fter yet another contentious election—the 2018 midterms. There will be more. Some predicted this election would be “the World Cup of cyber influence.” Another lie, of course. Our elections boards did a fine job of mucking up local elections without needing any interference from Russian elites. Just another in a long line of dire predictions that we have somehow turned a corner into a heretofore unimagined apocalypse.

  The idea we are somehow in a strange and very different time is dangerous for three reasons. One, it negates history and historians unfairly, as if all knowledge we’ve acquired up until this moment is meaningless in the face of this new threat. Two, it gives governments, corporations, and institutions an out that they don’t deserve—specifically, the excuse that things have become so incomprehensible and troubling that they can’t possibly be expected to fight against them. And three, it makes people feel helpless, as if they can have no part in understanding security or threats, working on it or having opinions on it, because it’s all so new and frightening that trying to grasp it won’t matter.

  If I could support any outcome of reading this book, it is that people feel more empowered to make decisions in their lives that support their own best idea of personal privacy. And that they feel empowered to hold governments, media, and institutions accountable for doing their jobs and providing them with timely, accurate, and actionable information.

  Above all, I hope people can start to see that what is happening is more like decades of erosion and less like having the ground disappear from underneath our feet. And that there are ways to stop erosion.

  Acknowledgments

  First and foremost, I’d like to thank Elisabeth Dyssegaard from St. Martin’s Press and Peter McGuigan from Foundry Literary Media—and all of their staff—for taking a chance on this first-time author. To the people who made endorsements for this book, it’s meant so much to me—thank you.

  For their support in trying to turn me into a proper journalist: Matt Rossoff, Jeff McCracken, Mike Calia, Mary Duffy, Elisabeth Cordova, Lauren Hirsch, and Steve Kovach from CNBC; Ben DiPietro, Nick Elliott, Rob Sloan, Will Wilkinson, and Kim Nash from The Wall Street Journal; and Ken Clark, Allan Ripp, John Garger, and Paul Comstock.

  I’d like to thank several people who were incredibly supportive during my time working on this book, earlier in my career, and through some trying experiences—without whom it wouldn’t have been possible: Judith Pinto, Jennifer Flores, Jamal Raghei, and Britt-Louise Gilder; Seth Kaufman, Elena Tisnovsky, Victoria and Justin Meyer, Amy Edelstein, Frederic Lemieux, Susanne Gutermuth, Ida Piasevoli, Ang Johnson, Steven Greene, Pete Cavicchia, Anish Bhimani, Michael Spadea, Marc Loewenthal, Mike Joseph, and Earl Crane.

  There are many people who served as anonymous sources for this book who I can’t name here, but I would like to acknowledge: thank you for taking a risk and telling me your stories.

  To Mrs. Belcastro, Miss Kristy, and all the staff and teachers at PS 002 in Queens and New Milestone Preschool for their incredible work with my kids. To the staff at Porto Bello Restaurant in Astoria, Queens, for their patience and excellent Wi-Fi.

  Thanks to all my teachers who made my life better, especially Tim Henige, Paul McClintock, Tim Rice, and Cindy Polles.

  And, of course, Mom and Dad and sister Ann for their enduring and lifelong support.

  Index

  The index that appeared in the print version of this title does not match the pages in your e-book. Please use the search function on your e-reading device to search for terms of interest. For your reference, the terms that appear in the print index are listed below.

  2016 US presidential election

  See also elections; Putin, Vladimir; Trump, Donald

  2600 magazine

  access control

  Acecard

  Achinsk Antivirus

  adversaries

  Air Force

  air gap

  alert

  antivirus software

  Anthony (online source)

  Apple

  Applied Mathematics Laboratories

  Arab American

  Arnica Valka, Romania

  community college

  assets

  cybercrime and

  defined

  management

  attacks

  Deep Blue

  Defense Department and

  defined

  hackers and

  man-in-the-middle

  terrorism

  See also cyberattacks; cybersecurity; DDoS (distributed denial-of-service) attacks; passive attacks; ransomware

  August Malware

  Australia Post

  authentication

  BaFin

  Ballybane, Galway, Ireland

  Banca Transilvania

  Behring Breivik, Anders

  Bell Telephone Company

  Belvedere, Tony

  Benghazi, Libya

  big shot

  birth dates, data theft and

  Bitcoin

  blacklist

  blockchain

  Blomkvist, Mikael

  Boeing

  Booz Allen Hamilton

  botnets

  bots

  Brik, Jakub

  Brooks Act

  bugs

  Bush, George W.

  Cafe Americain

  Captain Crunch

  Carnegie Mellon

  Ceauşescu, Nicolae

  Central Intelligence Agency (CIA)

  CEX.IO

  Chan, Caroline

  cybersecurity

  hack-a-thon

  Kreutz, René, and

  Mack, Charlie, and

  mentoring

  Raykoff, Bob, and

  SOC

  chief of staff, role of

  childcare

  China

  DDoS attacks

  futurethreat and

  hacking

  government intelligence/spying

  intellectual property theft

  NOW Bank and

  ransomware

  Silk Road

  See also Chou, Bolin

  Chou, Bolin “Bo”

  Citibank

  City Italia

  Clarksburg Federal Credit Union

  Clinton, Hillary

  cloud computing

  Cold War

  compliance

  Computer Sciences and Technology Lab (CST)

  Craigslist

  credentials

  credit card numbers

  ATMs and

  creation of fake numbers

  credit fraud

  dark web and

  NOW Bank and

  ransomware and

  theft of

  value

  See also identity theft

  credit unions

  critical infrastructure

  cryptocurrency

  cryptography

  CryptoLocker

  cryptomining

  Curtiss, John

  cyberarmy

  cyberattacks

  cyber-extortion

  cyberinfrastructure

  cyber-means

  cyberoperations

  cyber-reconnaissance

  cybersecurity

  challenges of

  Chan, Caroline, and

  cost

  credentials

  defined

  hackers and

  Israel and

  military and

  NOW Bank and

  Raykoff, Bob, and

  risk and

  See also security operations center (SOC)

  cyberspace

  cyberwar

  Daenerys Targaryen (fictional character)

  dark web

  See also Silk Road

  data breaches

  data integrity

  See also integrity

  data loss

  data mining

  DCLeaks

  DeBuffet, Lydia

  decryption

  See also encryption

 
Deep Blue

  denial of service (DoS) attacks

  Depeche Mode

  Depository Trust & Clearing Corporation

  Deutsche Bank

  Dev, Yuval

  digital forensics

  Direction Générale de la Sécurité Extérieure

  distributed denial-of-service (DDoS) attacks

  defined

  financial sector and

  NOW Bank and

  terrorism and

  See also attacks; cyberattacks; cybersecurity

  Drake

  Draper, John. See Captain Crunch

  Eastern Europe

  eBay

  Eisenhart, Churchill

  elections

  encryption

  apps and

  defined

  FIP and

  malware and

  engine control modules (ECMs)

  enterprise risk management

  Estonia

  euros

  event

  exfiltration

  exploit

  exploit kits

  See also rootkits

  exposure

  Fantastical Autographs

  Federal Bureau of Investigation (FBI)

  Federal Information Processing Standards (FIPS)

  Ferizi, Ardit

  financial crisis

  fingerprints database

  firewalls

  First Local Bank of Tallinn

  Fiverr

  flat network

  Fleur Stansbury

  fog walls

  Fort Lauderdale

  Fox News

  Frances (communications specialist)

  fraud

  banking

  credit cards

  social engineering

  US Computer Fraud and Abuse Act

  See also identity theft; phishing

  futurethreat

  Gabe (former spy)

  Gaddafi, Muammar

  gatekeepers

  General Maleur Street

  General Motors (GM)

  Georgetown University

  Gerie, Brendan “Tahir”

  Girl with the Dragon Tattoo, The (Larsson)

  GMBot

  Gomer Pyle (fictional character)

  Google

  Grand Central Station

  Gunther, Mikael

 

‹ Prev