Book Read Free

Dark Territory

Page 35

by Fred Kaplan

MIT (Massachusetts Institute of Technology), 9, 61, 73

  Mitchell, Andrea, 232

  Money, Art, 105, 122, 153, 279, 296n

  as assistant secretary of defense, 119, 120, 124–25

  MonkeyCalendar, 136

  Moonlight Maze Coordination Group, 86–88

  Moonlight Maze cyber attack, 78–79, 81–88, 98, 119, 123, 187, 212–13, 241, 276

  Russia and, 86–88, 213, 223

  Morell, Michael:

  CIA career of, 238–39, 252

  NSA case files reviewed by, 252–53

  in Review Group, 238–39, 252–54, 256

  Morris, Robert, Sr., 60

  Morris, Robert T., Jr., 60

  Morris Worm, 60, 62

  Moscow, U.S. embassy in, 12, 289n

  Mossad, 207

  Mudge, see Zatko, Peiter

  Mullen, Mike, 183

  Murtha, Jack, 193

  Nagasaki, atomic bombing of, 215

  Napolitano, Janet, 186–89

  NASDAQ, North Korean cyber attack on, 213

  Natanz, Iran, 203–4, 304n

  cyber attack on, see Stuxnet

  National Bureau of Standards, 34, 36

  National Geospatial-Intelligence Agency, 152

  National Infrastructure Protection Center, 166

  National Institute of Standards and Technology, 34, 36

  National Intelligence Directorate, 176, 242–43

  National Military Command Center, Eligible Receiver hacking of, 68–69

  National Military Strategy for Cyber Operations, 211

  National Plan for Information Systems Protection, 100–105, 139, 141–42

  “National Policy on Telecommunications and Automated Information Systems Security” (NSDD-145), 2–3, 7, 19–20, 27, 34, 54, 67, 72, 100, 188, 195, 241

  National Research Council, 54

  National Security Agency (NSA), 6–7, 12–13, 18–19, 27, 30–37, 54, 74, 78, 100, 110, 119, 122, 123–40, 147, 158, 176, 195, 219, 269, 288n

  Alexander as director of, 152, 155–56, 174, 178–81, 182–84, 185–86, 187, 189, 204, 211, 214, 231, 244, 247, 252, 253, 256

  anti-Milosevic campaign and, 114–15

  Army’s relations with, 151

  Bauded Signals Upgrade program in, 14, 22, 28

  broken personnel system of, 129–30

  budget cuts and, 123, 127

  CIA interaction with, 133–34

  civil liberties and, 3, 20, 188, 192, 194–96, 231, 239, 244–52, 264

  Clarke’s visit to, 90

  CNCI and, 178

  Cold War and, 12

  communication service providers and, 194

  computer crash at, 130, 131

  Computer Security Center of, 18–19, 34, 60

  Congress and, 3, 20, 27, 195–96

  counter-C2 campaign of, 16

  Data Network Technologies Branch of, 136

  digital communications data collected by, 196–97, 228–29, 230–35, 237–64

  domestic surveillance by, 230–35

  in Eligible Receiver 97 cyber attack exercise, see Eligible Receiver 97 cyber attack exercise

  executives’ report on shortcomings of, 127–28, 129–33

  as falling behind in digital technology, 126–27, 128, 129

  Flame virus of, 213

  fusion of Cyber Command and, 243, 260

  “Global Access Study” of, 28–29, 30

  Hayden as director of, 122, 125–26, 127–33, 135, 138, 151, 157–59

  Information Warfare Directorate of, 32, 40

  infrastructure security and, 280

  IOTC of, 124–26

  Iraq teams of, 159–60

  McConnell as director of, 29, 30–37, 128, 133, 172, 173, 193

  metadata collection and storage by, 64, 194–97, 230–35, 238, 245–47, 252–54, 261–62, 263

  Minihan as director of, 57, 58, 64, 122, 123–24, 125–26, 127, 128, 129, 131, 157, 179–80

  Mission Infrastructure Technologies Branch of, 136

  Moonlight Maze attack and, 79

  mystique of, 124, 184

  NSDD-145 and, 3, 20, 188, 195

  “One Hundred Days of Change” at, 130

  origins of, 11–12

  potential for abuse by, 251–52, 254, 264

  PRISM program of, 247–52

  and protection of civilian infrastructure, 186–89

  Red Team of, 57, 66, 67–68, 69–71, 72, 75, 76, 80, 182, 275

  Review Group briefings by, 244–52

  Review Group recommendations on, 256–57

  Rogers as director of, 282

  RTRG program of, 158–60

  Scientific Advisory Board of, 11

  secrecy of, 3, 178, 214–15, 234

  security complacency at, 17, 34

  Snowden leaks and, 64, 194, 228–30, 234, 242, 244, 245, 251, 257–59, 262, 282, 285, 298n

  Stellar Wind program of, 155n

  Stone’s speech to, 264

  Studeman as director of, 126–27, 275–76

  Telecommunications Network Technologies Branch of, 136

  Trailblazer program of, 132, 156–57

  Turbulence program of, 157–58

  National Security Agency (NSA), SIGINT Directorate of, 4–5, 18, 22, 29, 30, 33, 34, 90, 93, 125, 128, 130–31, 133, 172, 181, 204, 205, 207, 257

  A Group of, 124, 129

  changing role of, 214–15

  “Global Network” operations of, 131

  “Global Response” operations of, 131

  ground commanders and, 156, 185

  Tailored Access Operations of, see TAO

  National Security Council (NSC), 40, 97, 140, 150, 187, 188, 227

  National Security Directive 42, 66

  National Security Letters, 254–55, 260

  Review Group recommendations for, 256

  National Strategy to Secure Cyberspace, The, 141–42, 174, 199

  Naval Postgraduate School, 148

  Navy, U.S., 70, 79

  black programs of, 40, 44

  cryptology labs of, 7

  intelligence operations of, 14, 26–27

  Naval Information Warfare Activity of, 32, 123

  Nellis Air Force Base, 107

  Netscape Matrix, 35

  Network Security Monitoring, 60–63

  Neumann, John von, 8

  Neuromancer (Gibson), 45–46

  New York, N.Y., telecommunication switches in, 45

  New York Stock Exchange, North Korean cyber attack on, 213

  New York Times, 101

  Chinese hacking of, 223

  New Zealand, see five eyes

  NightStand, 136

  9/11 Commission, 171, 240

  Nixon, Richard, 251–52

  Noonan, Robert, 153–54

  North American Aerospace Defense Command (NORAD), 1, 10

  North Atlantic Treaty, Article 5 of, 163

  North Atlantic Treaty Organization (NATO), 110, 163, 273

  North Korea, 160, 198, 269

  cyber warfare and, 4, 213, 216, 268–71, 272n

  Internet shutdown in, 271–72

  Sony cyber attack by, 268–71, 272n

  Northrop Grumman Corporation, 127, 132

  NSDD-145 (“National Policy on Telecommunications and Automated Information Systems Security”), 2–3, 7, 19–20, 27, 34, 54, 67, 72, 100, 188, 195, 241

  NSPD-54, 178, 199

  nuclear weapons, 277, 278

  cyber warfare vs., 215–16

  Nunn, Sam, 46–47, 51, 59, 199

  critical infrastructure hearings of, 47–48

  Obama, Barack, 186, 187, 197–98, 201, 249, 259, 304n–5n

  Bush’s Stuxnet briefing of, 203

  Chinese cyber attacks and, 221–28, 235

  and cyber attack on Sony, 270–71

  cyber security as priority of, 200–201

  drone strikes supported by, 208

  “Improving Critical Infrastructure Cybersecurity” executive order of, 274

  intelligence review pa
nel appointed by, see President’s Review Group on Intelligence and Communication Technologies

  PPD-20 of, 217–20, 228, 314n–15n

  Stuxnet and, 203, 208–9, 210, 212

  terrorism as priority of, 197–98

  Xi’s summits with, 228–29, 308n

  Obama administration:

  cyber warfare and, 3–4

  metadata “white paper” of, 238

  Odom, William, 26, 28

  Office of Technology Assessment, U.S., 43

  Oklahoma City bombing, 39, 40, 89, 175

  Olympic Games, Operation, see Stuxnet

  Orchard, Operation, 161

  Pace, Peter, 211

  Pacific Command, U.S., 67, 80

  Pacific Gas & Electric, 52–53

  Pakistan, U.S. drone strikes in, 201, 208

  Paladin Capital Group, 233

  Paltalk, PRISM and, 247

  Panetta, Leon, as defense secretary, 220

  Parkes, Walter, 9–10, 32

  passwords, 82, 136

  Patriot Act (2001), 192

  Section 215 of, 245–46, 252–53, 261–63

  Section 505 of, 254

  sunset clause in, 261–63

  Paulson, Henry, 174, 175

  PDD-39 (“U.S. Policy on Counterterrorism”), 39–40, 46, 89

  PDD-63, see “Critical Infrastructure Protection” (PDD-63)

  Pentagon, 9/11 attack on, 141

  People’s Liberation Army, Unit 61398 of, 222–23, 225, 226, 242, 269

  Perry, William, 14–15, 67, 76, 124, 184, 220

  as secretary of defense, 57–58, 59, 66–67, 120

  Persian Gulf, 74

  Petraeus, David, 158–59, 160, 173

  phishing, 136

  Physical Vulnerability of Electric Systems to Natural Disasters and Sabotage (U.S. Office of Technology Assessment), 43–44

  PlayStation network, hacking of, 268

  Poitras, Laura, 229

  Polaris missile, 120

  Pollard, Neal, 75

  Powell, Colin, 23, 30, 32, 59, 64

  Power, Samantha, 239

  PPD-20 (“U.S. Cyber Operations Policy”), 217–20, 228, 314n–15n

  President Reagan: The Role of a Lifetime (Cannon), 287n–88n

  President’s Commission on Critical Infrastructure Protection, 49–55, 74

  Marsh as chairman of, 50

  members of, 49–50

  Minihan’s Eligible Receiver briefing to, 72

  report of, see Marsh Report (Critical Foundations)

  President’s Review Group on Intelligence and Communication Technologies (Review Group), 235, 238–40, 242–60, 264

  cyber security prioritized by, 257–58

  deadline of, 242

  FBI’s briefings of, 254–55

  K Street SCIF of, 243, 252

  NSA metadata collecting examined by, 245–47, 252–54, 262

  Obama’s meetings with, 242, 259

  and potential for abuse by intelligence agencies, 251–52, 259, 260

  PRISM and, 247–48

  public trust as priority of, 237–38, 258

  report of, see Liberty and Security in a Changing World

  staff of, 243, 258

  PRISM, 228, 247–52

  FISA Court and, 248, 249–50

  programmable logic controllers (PLCs), 204–5

  Protect America Act (2007), 193–95

  civil liberties and, 194–95

  Section 702 of, 248–49

  Putin, Vladimir, 162

  RageMaster, 136

  RAND Corporation, 8, 10, 51, 278, 316n

  RATs (Remote Access Trojans), 225–26

  Rattray, Gregory, 225

  RCA, 19

  Reagan, Ronald, 7, 19, 27, 67, 72, 183, 287n

  counter-C2 warfare and, 15–16

  Executive Order 12333 of, 288n

  NSDD-145 of, 2–3, 7, 19–20, 27, 34, 54, 67, 72, 100, 188, 195, 241

  “Star Wars” program and, 2

  WarGames and, 1–3, 6, 10, 19, 175

  Reagan administration, 54

  cyber warfare and, 1–3, 6–7

  Redford, Robert, 31

  regulation, corporate fear of, 98–99, 101, 176, 200, 274–75

  Remote Access Trojans (RATs), 225–26

  Reno, Janet, 39–40

  resilience, as goal of cyber security, 277

  Review Group, see President’s Review Group on Intelligence and Communication Technologies

  Rhoads, Walter “Dusty,” 107–8, 120, 121

  Rice, Condoleezza, 140–41, 150, 174

  Rice, Susan, 238, 239

  Riedel, Bruce, 199

  Rogen, Seth, 269, 270

  Rogers, Michael, 282, 285

  Ronfeldt, David, 291n

  RTRG (Real Time Regional Gateway), 158–60, 195

  Rumsfeld, Donald, 150–51, 155, 173

  Iraq insurgency downplayed by, 148, 150

  Russian Federation:

  CentCom hacking and, 182

  and cyber attack on Georgia, 164–66

  cyber attacks by, 4, 42, 164–66, 224

  Estonian cyber attack and, 163–64, 165

  Georgia invaded by, 164–66

  Moonlight Maze and, 86–88, 213, 223

  Sandia Laboratories, 111

  Sare, Michael, 71

  Saudi Aramco, Iranian cyber attack on, 213, 216

  SCADA (Supervisory Control and Data Acquisition) systems, 45

  Schaeffer, Richard, 181–82, 276

  Schell, Roger, 293n

  Schmidt, Howard, 188

  Schoomaker, Peter, 150–51

  Schwarzkopf, Norman, 23, 25, 151

  Science Applications International Corporation (SAIC), 132

  Scowcroft, Brent, 44

  2nd Circuit Court of Appeals, U.S., Section 215 ruling of, 262–63

  Secret Service, North Korean cyber attack on, 213

  “Security and Privacy in Computer Systems” (Ware), 8–9

  Senate, U.S.:

  Armed Services Committee of, 46, 71, 283

  Church Committee of, 37, 230, 252

  Foreign Relations Committee of, 197

  Governmental Affairs Committee of, 48, 94

  Intelligence Committee of, 35–36

  Select Committee on Intelligence of, 126, 127, 231–33, 256

  sensitive compartmented information facilities (SCIFs), 243

  September 11, 2001, terrorist attacks, 3, 140–41, 155, 171, 174, 192, 195, 241, 244, 261

  Serbia, U.S. hacking of phone systems in, 113, 132

  Shady RAT, Operation, 226

  Shalikashvili, John, 67, 68, 146

  Shamoon computer virus, 213–14

  Shaw Air Force Base, 7, 108–9

  Shiite Muslims, 147, 160

  Shinseki, Eric, 111, 112

  Siemens, logic controllers of, 204–5, 206, 211

  Signal Security Agency, 11

  609th Information Warfare Squadron, 7, 108–10, 120

  60 Minutes (TV program), 240

  Skype, PRISM and, 247

  Slocombe, Walter, 44

  Sneakers (film), 31–32, 33

  Snowden, Edward, 194

  NSA programs leaked by, 63–64, 228–30, 231, 234, 242, 244, 245, 251, 257–59, 262, 282, 285, 298n

  Social Security, 99

  Social Security numbers, hacking of, 265, 268

  Solar Sunrise cyber attack, 74–78, 80, 81, 98, 101, 119, 120, 123, 183, 187, 241

  Sonic.net, 77

  Sony Online Entertainment, hacking of, 268

  Sony Pictures Entertainment, North Korean cyber attack on, 268–71, 272n

  South China Morning Post, 229

  South Korea, North Korean cyber attacks on, 213, 269

  South Ossetia, 164–65, 241

  Soviet Union, 12, 13

  collapse of, 162

  Space Command, U.S., 122, 146

  Spiegel, Der 228, 229, 298n

  Sputnik II, 119

  Stabilization Force (SFOR), 110–12


  “Star Wars” program, 2

  Stasi, 235

  Stellar Wind, 155n

  Stimpy (pseudonym), 77–78

  Stimson, Henry, 11

  Stoll, Cliff, 61–62, 82–83

  Stone, Geoffrey:

  civil liberties expertise of, 239, 244, 251, 259, 264

  in Review Group, 239, 244, 246, 250–52, 253, 254, 264

  Strategic Command, U.S., 183

  Studeman, William, 21–22, 26, 27, 28, 30, 42, 84, 128

  as acting CIA director, 45

  as CIA deputy director, 41

  information warfare as focus of, 41

  as NSA director, 126–27, 275–76

  Stuxnet, 201, 213, 216, 217, 218–19, 228, 242, 304n–5n

  Alexander and, 204–5, 206

  Bush and, 203, 205, 206, 208, 209, 212, 215

  centrifuges speed manipulated by, 209

  exposure of, 210–11

  false data sent to monitors in, 208, 209

  Gates and, 206

  Iranian confidence as target of, 208

  Israel and, 207

  Natanz centrifuges targeted by, 203

  Obama and, 203, 208–9, 210, 212

  Siemens logic controllers infected by, 204–5, 211

  successes of, 209–10

  TAO and, 205–7

  valve controls overridden by, 207–20

  Summers, Lawrence, 200

  Sunni Muslims, 147, 160

  Sunstein, Cass, 239, 253

  Suter, 161

  Swire, Peter, 239–40, 243–44, 251, 253, 255

  Sylvania Labs, 14–15

  Symantec, 210, 211

  Syria:

  cyber attacks by, 4

  Israeli bombing of reactor in, 160–61, 198, 301n

  Taiwan, 224

  Taliban, 149, 229

  Tallinn, Estonia, 165

  cyber attack on, 162–64

  Tango, Operation, 111

  TAO (Office of Tailored Access Operations), 135–37, 156, 158, 182, 195, 273n

  hacking software of, 136

  Hayden and, 135

  Minihan and, 134–35

  Snowden leaks and, 229–30

  Stuxnet and, 205–7

  tools and techniques of, 298n

  Technical Advisory Group, 126

  telecom companies:

  metadata collection and, 194, 247, 248, 253, 263

  Snowden leaks and, 234

  telecommunication networks, switches in, 44–45

  Tenenbaum, Ehud (The Analyzer), 77, 78

  Tenet, George, 113, 140

  terrorism, terrorists:

  Bush (G.W.) administration complacency about, 140–41

  CNE and, 139

  cyber attacks by, 98

  FISA and, 192

  infrastructure as targets of, 39, 41, 42, 53

  Internet and, 35

  Obama’s focus on, 197–98

  post-9/11 fear of, 195

  Thompson, Fred, 95

  thumb drives, malware on, 182, 207, 304n

  Thurman, Max, 145

  Titan Rain, 224

  Toyota Prius, hacking of, 273n

 

‹ Prev