by Shane Harris
[>] “We do a lot of collection”: Author interview, November 2013.
[>] The next morning, according to: Friedman’s account can be read at http://www.stratfor.com/weekly/hack-stratfor.
[>] One of the hackers: Vivien Lesnik Weisman, “A Conversation with Jeremy Hammond, American Political Prisoner Sentenced to 10 Years,” Huffington Post, November 19, 2013, http://www.huffingtonpost.com/vivien-lesnik-weisman/jeremy-hammond-q-and-a_b_4298969.html.
[>] But Stratfor wasn’t: Nicole Perlroth, “Inside the Stratfor Attack,” Bits, New York Times, March 12, 2012, http://bits.blogs.nytimes.com/2012/03/12/inside-the-stratfor-attack/?_r=0.
[>] But the hackers also: Ibid.
[>] It also settled a class-action: Basil Katz, “Stratfor to Settle Class Action Suit Over Hack,” Reuters, June 27, 2012, http://www.reuters.com/article/2012/06/28/us-stratfor-hack-lawsuit-idUSBRE85R03720120628.
[>] In 2013 the Justice Department: Matthew J. Schwartz, “Anonymous Hacker Claims FBI Directed LulzSec Hacks,” Dark Reading, InformationWeek, August 27, 2013, http://www.informationweek.com/security/risk-management/anonymous-hacker-claims-fbi-directed-lulzsec-hacks/d/d-id/1111306?.
[>] “What many do not know”: Hammond’s statement can be read at http://freejeremy.net/yours-in-struggle/statement-by-jeremy-hammond-on-sabus-sentencing/.
8. “Another Manhattan Project”
[>] “Is there anything else?”: The account of the meeting is based on two lengthy interviews with Mike McConnell, then the president’s director of national intelligence, as well as an interview with Fran Townsend, then Bush’s counterterrorism adviser, and retired air force general Dale Meyerrose, then a senior official in the Office of the Director of National Intelligence, 2009 and 2010.
[>] Among the secret plans and designs: The list of weapons and technologies is contained in a report from the Defense Science Board, Resilient Military Systems and the Advanced Cyber Threat, released in January 2013, http://www.acq.osd.mil/dsb/reports/ResilientMilitarySystems.CyberThreat.pdf. The list itself was not made public but was obtained by the Washington Post and can be read at http://www.washingtonpost.com/world/national-security/a-list-of-the-us-weapons-designs-and-technologies-compromised-by-hackers/2013/05/27/a95b2b12-c483-11e2-9fe2-6ee52d0eb7c1_story.html.
[>] That in itself was an extraordinary: See David Petraeus, “How We Won in Iraq,” Foreign Policy, October 29, 2013, http://www.foreignpolicy.com/articles/2013/10/29/david_petraeus_how_we_won_the_surge_in_iraq?page=0,3.
[>] “part sensor, part sentry”: William J. Lynn III, “Defending a New Domain: The Pentagon’s Cyberstrategy,” Foreign Affairs, September/October 2010, http://www.foreignaffairs.com/articles/66552/william-j-lynn-iii/defending-a-new-domain.
9. Buckshot Yankee
[>] Friday, October 24, 2008: Details of the Buckshot Yankee operation come from author interviews with current and former military and intelligence officials, including General Michael Basla, in June 2013, and a Defense Department analyst who participated in the program, in November 2013. Supplementary sources include: Ellen Nakashima, “Cyber-Intruder Sparks Massive Cyber Response—and Debate Over Dealing with Threats,” Washington Post, December 8, 2011, http://www.washingtonpost.com/national/national-security/cyber-intruder-sparks-response-debate/2011/12/06/gIQAxLuFgO_story.html; Jason Healey, ed., A Fierce Domain: Conflict in Cyberspace 1986 to 2012 (Vienna, VA: Cyber Conflict Studies Association, 2013); and William J. Lynn III, “Defending a New Domain: The Pentagon’s Cyberstrategy,” Foreign Affairs, September/October 2010, http://www.foreignaffairs.com/articles/66552/william-j-lynn-iii/defending-a-new-domain.
[>] “In so many words”: Author interview, June 2013.
[>] “It opened all our eyes”: Author interview, June 2013.
[>] According to a former Defense Department: Author interview, November 2013.
[>] Some officials who worked: Noah Shachtman, “Insiders Doubt 2008 Pentagon Hack Was Foreign Spy Attack,” Danger Room, Wired, August 25, 2010, http://www.wired.com/dangerroom/2010/08/insiders-doubt-2008-pentagon-hack-was-foreign-spy-attack/.
[>] “Alexander created this aura”: Author interview with former administration official who worked with Alexander and the White House on cyber security, August 2013.
[>] “If you pulled out a USB”: Author interview, March 2012.
10. The Secret Sauce
[>] During the campaign, Obama staffers’: Michael Isikoff, “Chinese Hacked Obama, McCain Campaigns, Took Internal Documents, Officials Say,” NBC News, June 6, 2013, http://investigations.nbcnews.com/_news/2013/06/06/18807056-chinese-hacked-obama-mccain-campaigns-took-internal-documents-officials-say.
[>] Now, as the forty-fourth president: “Securing Cyberspace for the 44th Presidency,” Center for Strategic and International Studies, December 2008, http://csis.org/files/media/csis/pubs/081208_securingcyberspace_44.pdf.
[>] Among them were: Author interviews with current and former US officials and a technical expert who analyzed Chinese spyware, May 2008.
[>] But these and other incursions: Author interview, 2013.
[>] In a particularly clever : An account of the spear phishing is contained in a State Department cable published by WikiLeaks. See also the author’s “Chinese Spies May Have Tried to Impersonate Journalist Bruce Stokes,” Washingtonian, February 2, 2011, http://www.washingtonian.com/blogs/capitalcomment/washingtonian/chinese-spies-may-have-tried-to-impersonate-journalist-bruce-stokes.php.
[>] Also in 2009 a senior: Author interviews with a current State Department official and a former State Department official, 2012–2013.
[>] Charlie Croom, a retired: Author interview, January 2014.
[>] Obama didn’t say where, but intelligence: The link between hackers and the Brazilian blackouts was first reported by CBS News’ 60 Minutes, November 6, 2009, http://www.cbsnews.com/news/cyber-war-sabotaging-the-system-06-11-2009/. In January 2008, Tom Donahue, the CIA’s chief cyber security officer, said publicly that hackers had breached the computer systems of utility companies outside the United States and had demanded ransom. Donahue spoke at a security conference in New Orleans. “All involved intrusions through the Internet,” he said. He didn’t name the countries or cities affected.
[>] Owners and operators: See Shane Harris, “China’s Cyber-Militia,” National Journal, May 31, 2008, http://www.nationaljournal.com/magazine/china-s-cyber-militia-20080531.
[>] He was carrying: Author interview with former US official. 2013.
[>] At NSA the plan: Author interviews with former intelligence and administration officials, 2011–2013.
[>] Alexander told them: Author interviews with two congressional staff members who were in meetings with Alexander, as well as a former administration official who worked with Alexander and the White House on cyber security issues, August 2013.
[>] “They’re pretty mad”: Author interview with former congressional staff member who was in the room, October 2013.
[>] By the time she arrived: Information about Lute’s work at the Homeland Security Department comes from former department officials who worked with her, a senior law enforcement official who works on cyber security issues with multiple agencies and their senior officials, and congressional staff members who work on committees that oversee aspects of the Homeland Security Department’s mission.
[>] Homeland Security’s computer-emergency watch: Richard L. Skinner, “Einstein Presents Big Challenge to U.S.-CERT,” GovInfo Security, June 22, 2010, http://www.govinfosecurity.com/einstein-presents-big-challenge-to-us-cert-a-2677/op-1.
[>] In March, Rod Beckstrom quit: Beckstrom’s resignation letter was published by the Wall Street Journal, http://online.wsj.com/public/resources/documents/BeckstromResignation.pdf.
[>] Practically a technophobe: Author interview, September 28, 2012.
[>] “Pretend the Manhattan”: Author interviews with two former administration officials, September and October 2013.
[>] “There’s a presumption”: Author intervie
w with senior law enforcement official, September 2013.
[>] “His attitude was, ‘If’”: Author interview with former senior security official, October 2013.
[>] “I’ve been behind the curtain”: Author interview with former administration official who worked with Alexander and the White House on cyber security issues, August 2013.
[>] “I do not have the authority”: Keith Alexander spoke on February 9, 2011, at the AFCEA Defending America Cyberspace Symposium. See http://www.soteradefense.com/media/events/afcea-defending-america-cyberspace-symposium-2011/. A senior US law enforcement official also provided an account of the dueling speeches and op-eds between Alexander and Lute.
[>] On February 14, three days: Jane Holl Lute and Bruce McConnell, “A Civil Perspective on Cybersecurity,” Threat Level, Wired, February 14, 2011, http://www.wired.com/threatlevel/2011/02/dhs-op-ed/.
[>] He gave his speech: Declan McCullagh, “NSA Chief Wants to Protect ‘Critical’ Private Networks,” CNET, February 17, 2011, http://news.cnet.com/8301-31921_3-20033126-281.html.
[>] “There’s a lot of folks”: Keith Alexander spoke on February 22, 2011, at the AFCEA Homeland Security Conference in Washington, DC. “CyberCom Commander Calls for Government Protection of Critical Infrastructure,” Homeland Security News Wire, February 23, 2011, http://www.homelandsecuritynewswire.com/cybercom-commander-calls-government-protection-critical-infrastructure. The entirety of Alexander’s speech can be watched at http://www.youtube.com/watch?v=Z_lLSP_1Ng0.
[>] Of fifty-two cases: Ellen Nakashima, “Cyber Defense Effort Is Mixed, Study Finds,” Washington Post, January 12, 2012, http://www.washingtonpost.com/world/national-security/cyber-defense-effort-is-mixed-study-finds/2012/01/11/gIQAAu0YtP_story.html.
[>] “They thought he was an idiot”: Author interview, August 2013.
[>] “Halfway through the meeting”: Author interview with Steve Chabinsky, July 2013.
[>] “The Russians will alert”: Author interview with senior law enforcement official, October 2013.
[>] As of 2013, the NSA: Keith Alexander provided the figures on NSA employment in public remarks at a cyber security event sponsored by Politico in Washington, DC, on October 8, 2013, http://www.politico.com/events/cyber-7-the-seven-key-questions/.
11. The Corporate Counterstrike
[>] “a highly sophisticated”: David Drummond, “A New Approach to China,” Google blog, January 12, 2010, http://googleblog.blogspot.com/2010/01/new-approach-to-china.html.
[>] “crown jewels”: John Markoff, “Cyberattack on Google Said to Hit Password System,” New York Times, April 19, 2010, http://www.nytimes.com/2010/04/20/technology/20google.html?_r=0.
[>] “Google broke in”: Author conversation with said official, February 2013.
[>] Google uncovered evidence: For more on Google’s investigation, see David E. Sanger and John Markoff, “After Google’s Stand on China, US Treads Lightly,” New York Times, January 14, 2010, http://www.nytimes.com/2010/01/15/world/asia/15diplo.html?_r=0.
[>] Deputy Secretary of State James Steinberg : Author interview with a US intelligence agency consultant with knowledge of the conversation, February 2010. In a separate interview with Steinberg, in October 2013, he said he could not recall if he learned the news at the cocktail party, but he confirmed that Google approached the State Department the night before going public and informed officials of its intentions.
[>] “It gave us an opportunity”: Author interview.
[>] “cooperative research and development agreement”: Siobhan Gorman and Jessica E. Vascarellaro, “Google Working with NSA to Investigate Cyber Attack,” Wall Street Journal, February 4, 2010, http://online.wsj.com/news/articles/SB10001424052748704041504575044920905689954?mod=WSJ_latestheadlines. News of the agreement between the NSA and Google was first reported in the Washington Post, Ellen Nakashima, “Google to Enlist NSA to Help It Ward Off Cyberattacks,” February 4, 2010, http://www.washingtonpost.com/wp-dyn/content/article/2010/02/03/AR2010020304057.html.
[>] The government could command: See NSA’s Prism overview presentation at http://s3.documentcloud.org/documents/807036/prism-entier.pdf.
[>] Shortly after the China revelation: Michael Riley, “US Agencies Said to Swap Data with Thousands of Firms,” Bloomberg.com, June 15, 2013, http://www.bloomberg.com/news/2013-06-14/u-s-agencies-said-to-swap-data-with-thousands-of-firms.html.
[>] A security research firm soon: Kim Zetter, “Google Hackers Targeted Source Code of More Than 30 Companies,” Threat Level, Wired, January 13, 2010, http://www.wired.com/threatlevel/2010/01/google-hack-attack/.
[>] “The scope of this”: Kim Zetter, “Report Details Hacks Targeting Google, Others,” Threat Level, Wired, February 3, 2010, http://www.wired.com/threatlevel/2010/02/apt-hacks/.
[>] “They indoctrinate someone”: Author interview, August 2013.
[>] “We scare the bejeezus”: Tom Gjelten, “Cyber Briefings ‘Scare the Bejeezus’ Out of CEOs,” NPR, May 9, 2012, http://www.npr.org/2012/05/09/152296621/cyber-briefings-scare-the-bejeezus-out-of-ceos.
[>] Several classified programs allow: Author interviews with current and former intelligence officials and security experts. See also Riley, “US Agencies Said to Swap Data.”
[>] Microsoft, for instance: Ibid. Glenn Greenwald et al., “Microsoft Handed the NSA Access to Encrypted Messages,” Guardian, July 11, 2013, http://www.theguardian.com/world/2013/jul/11/microsoft-nsa-collaboration-user-data
[>] Cisco, one of the world’s: Author interview.
[>] And McAfee: See Riley, “US Agencies Said to Swap.”
[>] In 2010 a researcher at IBM: Andy Greenberg, “Cisco’s Backdoor for Hackers,” Forbes, February 3, 2010, http://www.forbes.com/2010/02/03/hackers-networking-equipment-technology-security-cisco.html?partner=relatedstoriesbox.
[>] The Homeland Security Department also conducts: The list of meetings and their agenda can be found at http://www.dhs.gov/cross-sector-working-groups.
[>] After the terrorist attacks, the NSA: See the case documents for USA v. Nacchio, in particular “Exhibit 1 to Mr. Nacchio’s Reply to SEC. 5 Submission,” which contains FBI Form 302 Regarding November 14, 2005, Interview of James F. X. Payne, a former Qwest executive. See also Shane Harris, The Watchers: The Rise of America’s Surveillance State (New York: Penguin Press, 2010), p. 16, which describes in further detail the interactions between Qwest and the NSA.
[>] To obtain the information: See the Homeland Security Department’s list of critical infrastructure sectors, http://www.dhs.gov/critical-infrastructure-sectors.
[>] In a speech in 2013: Major General John Davis, Speech to the Armed Forces Communications and Electronics Association (AFCEA) International Cyber Symposium, Baltimore Convention Center, June 25, 2013, http://www.dvidshub.net/video/294716/mg-davis-afcea#.UpSILmQ6Ve6#ixzz2lkc87oRy.
12. Spring Awakening
[>] In March of that year: Author interviews with current and former US officials and security experts, including a spokesperson for the Homeland Security Department, May 2012. A subsequent interview was conducted in October 2013 with a former senior FBI official who worked on the case. The intrusions against natural gas companies were first reported in Mark Clayton, “Alert: Major Cyber Attack Aimed at Natural Gas Pipeline Companies,” Christian Science Monitor, May 5, 2012, http://www.csmonitor.com/USA/2012/0505/Alert-Major-cyber-attack-aimed-at-natural-gas-pipeline-companies.
[>] But at the height of the Cold War: See Thomas Reed, At the Abyss: An Insider’s History of the Cold War (New York: Presidio Press, 2004).
[>] The alerts from companies: Author interview, October 2013.
[>] They shared “mitigation strategies”: Author interview with Homeland Security Department official, May 2012.
[>] That summer, Homeland Security: Information Sharing Environment 2013 Annual Report to the Congress, http://www.ise.gov/annual-report/section1.html#section-4.
[>] Homeland Security, the FBI, the Energy Department: Department of Homeland S
ecurity Industrial Control Systems Cyber Emergency Response Team, Monthly Monitor (ICS—MM201310), July–September 2013, released October 31, 2013, http://ics-cert.us-cert.gov/sites/default/files/Monitors/NCCIC_ICS-CERT_Monitor_Jul-Sep2013.pdf.
[>] Shell, Schlumberger, and other: Zain Shauk, “Phishing Still Hooks Energy Workers,” FuelFix, December 22, 2013, http://fuelfix.com/blog/2013/12/22/phishing-still-hooks-energy-workers/.
[>] In a rare public appearance: Berlin spoke at a cyber security conference at the Newsuem in Washington, DC, on May 22, 2013.
[>] A few months after the intrusions: Brian Krebs, “Chinese Hackers Blamed for Intrusion at Energy industry Giant Telvent,” KrebsonSecurity, September 26, 2012, http://krebsonsecurity.com/2012/09/chinese-hackers-blamed-for-intrusion-at-energy-industry-giant-telvent/.
[>] But the country also needs: World Bank, “GDP Growth,” http://data.worldbank.org/indicator/NY.GDP.MKTP.KD.ZG
[>] China is the world’s second-largest: US Energy Information Administration, http://www.eia.gov/countries/country-data.cfm?fips=CH.
[>] At least one US energy company: Michael Riley and Dune Lawrence, “Hackers Linked to China’s Army Seen from E.U. to D.C.,” Bloomberg.com, July 26, 2012, http://www.bloomberg.com/news/2012-07-26/china-hackers-hit-eu-point-man-and-d-c-with-byzantine-candor.html.
[>] And the country has pursued legitimate paths: Ryan Dezember and James T. Areddy, “China Foothold in US Energy,” Wall Street Journal, March 6, 2012, http://online.wsj.com/news/articles/SB10001424052970204883304577223083067806776.
[>] By one estimate, the flow: Nicole Perlroth and Quentin Hardy, “Bank Hacking Was the Work of Iranians, Officials Say,” New York Times, January 8, 2013, http://www.nytimes.com/2013/01/09/technology/online-banking-attacks-were-work-of-iran-us-officials-say.html?pagewanted=all&_r=3&.