In a week where, say, the iconic brand Tupperware declared bankruptcy and University of Michigan researchers unveiled a squid-inspired screen that doesn’t use electronics, the most startling stories have been about, of all things, pagers and walkie-talkies.
 |
| Pushing that red button probably isn't going to be good. Credit: Bing Image Creator |
Now, most of us don’t think much about either pagers or walkie-talkies these days, and when we do, we definitely don’t think about them exploding. But that’s what happened in Lebanon this week, in ones carried by members of Hezbollah. Scores of people were killed and thousands injured, many of them innocent bystanders. The suspicion, not officially confirmed, is that Israel engineered the explosions.
I don’t
want to get into a discussion about the Middle East quagmire, and I condemn the
killing of innocent civilians on either side, but what I can’t get my mind
around is the tradecraft of the whole thing. This was not a casual weekend
cyberattack by some guys sitting in their basements; this was a
years-in-the-making, deeply embedded, carefully planned move.
A former
Israeli intelligence official told WaPo that, first, intelligence
agencies had to determine “what Hezbollah needs, what are its gaps, which shell
companies it works with, where they are, who are the contacts,” then “you need
to create an infrastructure of companies, in which one sells to another who
sells to another.” It’s not clear, for
example, if Israel someone planted the devices during the manufacturing process
or during the shipping, or, indeed, if its shell companies actually were
the manufacturer or shipping company.
Either
way, this is some James Bond kind of shit.
The
Washington Post reports
that this is what Israeli officials call a “red-button” capability, “meaning a
potentially devastating penetration of an adversary that can remain dormant for
months if not years before being activated.” One has to wonder what other red
buttons are out there.
Exploded pager. Credit: AFP
Many have
attributed the attacks to Israel’s Unit 8200, which is roughly equivalent to
the NSA. An article
in Reuters described the unit as “famous for a work culture that
emphasizes out-of-the-box thinking to tackle issues previously not encountered
or imagined.” Making pagers explode upon
command certainly falls in that category.
If you’re
thinking, well, I don’t carry either a pager or a walkie-talkie, and, in any
event, I’m not a member of Hezbollah, don’t be so quick to think you are off
the hook. If you use a device that is connected to the internet – be it a
phone, a TV, a car, even a toaster – you might want to be wondering if it comes
with a red button. And who might be in control of that button.
Just
today, for example, the Biden Administration proposed
a ban on Chinese software used in cars. “Cars today have cameras,
microphones, GPS tracking and other technologies connected to the internet. It
doesn’t take much imagination to understand how a foreign adversary with access
to this information could pose a serious risk to both our national security and
the privacy of U.S. citizens,” said Commerce Secretary Gina Raimondo. “In an
extreme situation, foreign adversaries could shut down or take control of all
their vehicles operating in the United States all at the same time.”
“The
precedent is significant, and I think it just reflects the complexities of a
world where a lot of connected devices can be weaponized,” Brad Setser, a
senior fellow at the Council on Foreign Relations, told
The New York Times. In a Wall
Street Journal op-ed, Mike
Gallaher, head of defense for Palantir Technologies, wrote: “Anyone with
control over a portion of the technology stack such as semiconductors, cellular
modules, or hardware devices, can use it to snoop, incapacitate or kill.”
Similarly,
Bruce Schneier, a security technologist,
warned: “Our international supply chains for computerized equipment leave us
vulnerable. And we have no good means to defend ourselves…The targets won’t be
just terrorists. Our computers are vulnerable, and increasingly so are our
cars, our refrigerators, our home thermostats and many other useful things in
our orbits. Targets are everywhere.”
If all
this seems far-fetched, last week the FBI, NSA, and the Cyber National Mission
Force (CNMF) issued
a Joint Cybersecurity Advisory detailing how the FBI had just taken control
of a botnet of 260,000 devices. “The Justice Department is zeroing in on the
Chinese government backed hacking groups that target the devices of innocent
Americans and pose a serious threat to our national security,” said
Attorney General Merrick B. Garland. The hacking group is called Flax Typhoon,
working for a company called Integrity Technology Group, which is believed to
be controlled by the Chinese government.
Ars
Technica described the network as a “sophisticated,
multi-tier structure that allows the botnet to operate at a massive scale.” It
is the second such botnet taken down this year, and one has to wonder how many others
remain active. Neither of these attacks were believed to be preparing anything
to explode, being more focused on surveillance, but their malware impacts could
certainly cause economic or physical damage.
Unit 8200,
meet Flax Typhoon.
Sophisticated? Yeah. Credit: Black Lotus Labs
Earlier
this year Microsoft said
Flax Typhoon had infiltrated dozens of organizations in Taiwan, targeting “government
agencies and education, critical manufacturing, and information technology
organizations in Taiwan.” Red buttons abound.
--------------
Ian Bogost, a contributing writer for The
Atlantic, tried to be reassuring, saying
that your smartphone “almost surely” wasn’t going to just explode one day. “In
theory,” Professor Bogost writes, “someone could interfere with such a device,
either during manufacture or afterward. But they would have to go to great
effort to do so, especially at large scale. Of course, this same risk applies
not just to gadgets but to any manufactured good.”
The
trouble is, there are such people willing to go to such great effort, at large
scale.
We live in
a connected world, and it is growing evermore connected. That has been, for the
most part, a blessing, but we need to recognize that it can also be a curse, in
a very real, very physical way.
If you
thought pagers exploding was scary, wait until self-driving cars start crashing
on purpose. Wait until your TVs or laptops start exploding. Or wait until the
nanobots inside you that you thought were helping you suddenly start wreaking
havoc instead.
If you think
the current red button capabilities are scary, wait until they are created –
and controlled – by AI.
No comments:
Post a Comment