by Marc Goodman
Of course, why even bother with going after piddly airport X-ray machines if the goal is to cause a major air disaster? The global air traffic control system too depends on screens, ones that hackers have already successfully attacked on numerous occasions. According to the Department of Transportation’s inspector general, “Hackers have hobbled air traffic control systems in Alaska, seized control of FAA network servers, stolen the personal information from 48,000 current and former FAA employees and installed malicious code on air traffic networks.” The inspector general “warned that the FAA isn’t well equipped to identify intrusions into its computer systems” and noted that the agency had “detection sensors at only 11 of its 734 facilities across the country.” Moreover, a security audit of the FAA’s air traffic control networks uncovered 763 high-risk technological vulnerabilities within the system.
In the United States, the Federal Aviation Administration is spending billions to upgrade the nation’s air traffic control system. The new system, called the Next Generation Air Transportation System, or NextGen, “will be highly automated. It will rely on GPS instead of radar to locate planes” (yes, the same GPS vulnerable to widespread systemic jamming and spoofing attacks). The FAA’s upgrade will allow for more planes, helicopters, and even drones into our overly crowded skies by using automatic dependent surveillance-broadcast (ADS-B) network, little bits of computer code that a plane will constantly emit over radio frequencies to announce its identity and position to the world. Unfortunately, these signals are both unencrypted and unauthenticated. As a result, they can be spoofed, causing chaos on the screens of air traffic controllers. Were hackers to inject one hundred extra phantom flights onto a controller’s screen, panic would ensue. If the ruse ran for just an hour, the effects would ripple throughout the world of civil aviation, crippling global air travel. Worse, air force analysts published an article in the International Journal of Critical Infrastructure Protection that warned that systemic flaws in ADS-B “could have disastrous consequences including confusion, aircraft groundings, and even plane crashes if exploited by adversaries.”
Hackers commandeering the screens of the world’s air traffic controllers is indeed a frightening prospect, but even more mundane screen hacks can have momentous consequences, such as those against our voting systems. Nowadays, even good old-fashioned ballot boxes are transforming themselves into software programs and touch screens. While rigging elections is nothing new (Saddam Hussein and Kim Jong-un both achieved 100 percent voter approval using paper ballots), the transition to entirely digital systems creates new opportunities to not just hack computers but hack democracy as well. There are dozens of reports of electronic voting systems being compromised around the world.
In Washington, D.C., officials wanted to make it easier for their citizens to vote, especially absentee voters on active military duty. In response, the city spent hundreds of thousands of dollars on an electronic voting system. District officials were rightly concerned, nonetheless, about the possibility of online vote rigging. Thus, before they actually launched their system, they put it live online and dared hackers to see if they could break the integrity of the online voting mechanics. Within forty-eight hours, researchers from the University of Michigan were able to take full control of the Board of Elections’ server. Not only could they change any votes that came in, but they were also able to see how every voter voted, thereby breaching the secrecy of the ballot system upon which democracy is based. Once the Michigan team had its way with the district’s voting technology, the final ballot tally wasn’t even close: Bender, the antihero robot of Futurama fame, was elected school board president by a landslide. He wasn’t actually running, but he was the successful write-in candidate, garnering the most votes.
Interestingly, while roaming around on the computers they had compromised, the University of Michigan team encountered other hackers from Iran, India, and China also trying to subvert the system. As a calling card and final insult to the world of online voting, the Wolverine hackers altered the district’s software so that anytime voters clicked the submit button for their ballots, their computers’ speakers would be taken over, and they would be treated to a resounding chorus of the University of Michigan fight song. District officials did not realize the system had even been compromised until two days after the breach, when an elderly citizen called city hall to say she found the online process easier than making it to the polling station. Only when she informed district officials how much she enjoyed the song that played after she had voted did the Board of Elections realize it had a problem. The experience of the District of Columbia is not unique, nor is the integrity of electronic voting systems in America and around the world an esoteric question, but one that is central to democracy itself. When votes become electrons recorded in computers, there is an opportunity for malicious actors to exert influence.
The problem with voting and managing air traffic control on screens is that the systems running these critical infrastructures are wholly insecure. By adopting them into our everyday lives without reflecting on the plainly obvious consequences, we are growing ever more connected, dependent, and vulnerable to subterfuge and putting ourselves at grave risk for future catastrophes. Given the opportunity for nation-states to hack a nation’s critical information infrastructures, it should come as no surprise that they are increasingly doing just that for the purposes of warfare and armed conflict.
Smoke Screens and the Fog of War
All warfare is based upon deception.
SUN TZU
Since the days of Sun Tzu, military forces have relied on the art of deception in order to obtain a tactical advantage over their enemies. In ancient Greece, it was the gift of a large wooden horse presented to the people of Troy that misled. During World War II, it was the fake radio transmissions and inflatable balloon tanks of Operation Fortitude that falsely signaled an Allied invasion on the beaches of Calais (vice Normandy) and allowed American and British troops to retake the European continent and defeat the Nazis. Given that today’s soldiers experience the world through their computer screens, it is only logical that that information technology has become the latest battlefield in warfare. Screens tell battle commanders the locations of their aircraft, ships, tanks, and troops. Screens manage logistics and supplies, and screens provide up-to-the-moment intelligence on the plans, capabilities, and intentions of the enemy. Of course it should come as no surprise that they too are increasingly the targets of choice when attempting to deceive or defeat an enemy.
In modern military doctrine, there are many names for these types of activities, alternatively described as information operations, electronic warfare, computer network operations, information warfare, or psychological operations. Their common goal is to “influence, disrupt, corrupt, or usurp the decision making of adversaries.” In years past, this might have been done by spreading false rumors and misinformation by word of mouth to one’s adversaries or by dropping leaflets over civilian populations with propaganda messages. Today it’s all about the screens. Screens and information technologies are perfectly suited for deception. The code is weak and readily corruptible, making the systems deeply vulnerable. These systems are almost all connected in one way or another to the global information grid, allowing them to be penetrated by enemies thousands of miles away. Finally, these technologies form part of any nation’s critical information infrastructure, a dependency that makes a government and a people vulnerable when these systems are attacked or debilitated.
Some of these attempts at deception are simplistic. In the battle between the Syrian government and its rebel forces, a Reuters news site was hacked to disseminate a false news report suggesting the rebels had suffered tremendous defeat in Aleppo, which in fact they hadn’t. Other digital smoke screens are much more sophisticated, such as the reported successful hacking of Syrian military radar capabilities by Israel Defense Forces preceding an attack against a nuclear site under construction in northern Syria. Dubbed Operation Orch
ard, the air strike successfully destroyed a secret military nuclear reactor being built with the assistance of the North Koreans. The raid required the Israelis to overfly Syria deep into the country’s territory, nearly to the border with Iraq. In order to do so without a hot war breaking out and the Israeli jets being shot down, the Israelis hacked Syrian air defenses, effectively blinding the Assad government to the attack as it was happening. Though enemy jets were en route to their target deep inside Syria, all was calm and clear on the screens of the Syrian air force. The screens showed a different reality on the ground from that in the sky.
In the world of information operations, the players are many, and those perpetrating the attacks one day may find themselves victims the next. Such was the case at the height of the Israeli conflict with Hamas in the Gaza Strip in January 2009. Inside both Israel and Gaza, tensions were running high. As the Israelis began to mobilize troops in the south for a possible incursion into Gaza, hundreds of reservists began to receive their “Tzav Shmone,” or emergency call for duty messages, via both voice mail and texts on their mobile phones. The reserves were being activated, and things were getting serious for all parties.
Many Israeli soldiers were ordered to report, however, not to the front along the southern border with Gaza but rather to the very north of the country, to an Israel Defense Forces recruitment center in Haifa. As it turned out, these Tzav Shmone were fictitious, likely perpetrated by Hamas. At a time when Israel needed its soldiers to report for duty near Gaza, they were being misdirected to the north, because they relied on their screens for instructions. Sun Tzu would have been proud. Both Israel and Hamas have mounted electronic psychological warfare against each other and Hamas claimed it was capable of sending seventy thousand text message an hour to Israeli mobile phones, proving technological tools developed by nation-states rapidly devolve into the hands of both non-state actors and terrorist organizations in time.
There is another way both governments and non-state actors are battling for supremacy over your screens—via sock puppetry. Remember those 140 million fictitious Facebook accounts? Not all of them are destined to be used as fake Likes for Shakira. As it turns out, military and intelligence officials around the world have flocked to social media in an effort to manipulate and deceive what is seen on our screens. It was widely reported that the U.S. government extensively uses sock puppets as part of its psychological operations (psyops) to counter “extremist ideology and propaganda.” What that means is that the Americans monitor jihadist Web forums, and when “Abdul” says “death to the infidels,” the Pentagon can have a virtual “Hassan” in its back pocket ready to respond with a verse from the Quran extolling peace, mercy, and understanding. Of course that’s just the beginning of the capability. Fake personas scale too, and with thousands of sock puppets under one’s control, influence and opportunity for deception grow exponentially.
In June 2011, it was revealed that the U.S. Central Command had awarded a $2.76 million contract to a California company to create fake online personas for the purpose of manipulating online conversations and spreading pro-American points of view in social media. Each fake online persona was contractually required to have a plausible personal history and that “up to 50 US-based controllers … be able to operate false identities from their workstations ‘without fear of being discovered by sophisticated adversaries.’ ” The military’s goal was to create an online persona management dashboard that would allow each human serviceman or servicewoman to control ten separate identities based around the world in order to “degrade the enemy narrative.” Talk about an exponential projection of force! The sock puppets operated in Arabic, Farsi, Urdu, and Pashto and allowed U.S. service personnel working around the clock to manipulate online conversations as desired. The sock puppet contract was part of a much larger $200 million military coalition operation, ironically called Operation Earnest Voice (OEV). OEV was first developed in Iraq “as a psychological warfare weapon against the online presence of al-Qaida supporters and … jihadists across Pakistan, Afghanistan and the Middle East.”
Once an exponential virtual deception engine has been constructed, those who run and operate it have tremendous power to quell dissent and “degrade the narrative” of their enemies. The only things preventing the use of such a tool for domestic oppression would be public policy and the law—both quite malleable and fungible themselves. According to Freedom House, an NGO founded in 1941 to advocate for democracy and human rights, at least twenty-two governments around the world manipulate social media for propaganda purposes, including Venezuela, Egypt, and Malaysia.
In Russia, an undercover investigation by the St. Petersburg Times revealed that numerous covert organizations exist that hire young tech savvy “Internet operators” to post pro-Kremlin articles and comments online and to smear opposition leaders. Each Internet operator is paid approximately $36 for a full eight-hour shift and is expected to write at least a hundred posts a day. Russia’s president, Vladimir Putin, a former KGB lieutenant colonel, is well versed in the art of propaganda and reportedly uses an “invisible army of social media propagandists” to generate up to forty thousand comments a day on his behalf. Whether the international or domestic press in Russia is writing about gay rights or opposition candidates, armies of sock puppets are poised to strike back instantly and with a vengeance. In recognition of their outstanding service to the nation, particularly during the “liberation” of Crimea, Putin awarded many of these social media operatives “Orders of Service to the Fatherland.”
Of course the Russian operation to shape what people see on their screens is paltry compared with the capabilities developed by the People’s Republic of China. According to the Beijing News and state media reports, China employs approximately 2 million online propaganda workers to help shape online public opinion and manage domestic Internet surveillance. These commentators are paid to “blitz social media with state-approved news and ideas.” In early 2013, China’s propaganda chief, Lu Wei, whose official title is chairman of State Internet Information Office, directed his 2.06 million netizens to open up accounts on social media sites such as Weibo, a Twitter-like micro-blogging site, in order to spread “positive energy” and help guide online discussions of sensitive topics “in a positive direction.” These workers also received training on how to frame online discussions and steer conversations away from political hot potatoes as well as to question the value of Western concepts of democracy.
Government sock puppetry is a powerful complement to censorship and Internet surveillance. Censorship ensures the greatest number of “undesirable” ideas never make it past a national firewall, and if they do, legions of sock puppets can be covertly unleashed to undermine any idea that does not sit well with those in power. In both instances, screens are heavily manipulated to ensure those in power stay there and that no threatening new ideas challenge their authority. Each and every day around the world, display wars are taking place as governments, multinational corporations, criminals, and terrorists battle to shape and control what is seen online. What ensues is a real but covert war on reality, one that is meant to blind us to the truth. Sadly, the situation is about to get much worse as new generations of even more powerful technologies come online, further separating us from ever experiencing a reality that has not been in one shape or form intermediated by somebody else.
Control, Alt, Deceit
One of the definitions of sanity is the ability to tell real from unreal. Soon we’ll need a new definition.
ALVIN TOFFLER
In 1865, Congress passed legislation allowing the director of the U.S. Mint to add the motto “In God we trust” to all gold and silver coins minted for circulation. The line, originally drawn from the fourth stanza of “The Star-Spangled Banner,” has since become the official motto of the United States. While many Americans on a spiritual level have deep convictions about their trust in God, from a practical perspective something has shifted. They may go to temple on Friday nights
or church on Sundays, but they look at screens every single day. It is as if we have transformed into an “in screen we trust” culture. If something is on a screen, whether it be a computer, iPad, industrial control system, street sign, GPS device, radar installation, or mobile phone, our first inclination is to trust what we see before us. However, we have shown time and time again that everything from our friends on Facebook to the numbers we dial on our mobile phones can be rigged to deceive us. The problem is that we are leading lives fully intermediated by screens and other technologies that, although they give the appearance of transparency, are in fact programmed, controlled, and operated by others. Worse, none of us have a freaking clue as to how any of it works.
Increasingly, we are living in a “black box” society, one in which magical boxes provide directions, report the news, execute stock trades, make phone calls, recommend restaurants, and put the world’s knowledge at our fingertips. But how all this mystical technology operates is almost completely opaque to the average user. While most of us are pleased not to have to learn the intricacies of writing computer code in order to make a phone call, visit an ATM, vote, or apply the ABS brakes on our cars, those who possess this know-how are at a distinct advantage moving forward. They are poised to shape the world for the great unwashed masses who would rather leave such technical unpleasantries to others to sort out. In an exponentially changing world driven by Moore’s law, Moore’s outlaws very much have the upper hand.