The internet of the past, the 1990s through the early 2000s, has often been characterized as the Wild West. There’s a lot of truth in that sentiment, as the internet was new, unknown, and essentially lawless. At the time, it didn’t matter much, as the world was not nearly as connected as today. What harm was a GeoCities website, created by someone with low skills and lacking knowledge of web design, dedicated to an obscure Japanese cartoon that few in America had heard of? It was simply a fan voicing his support for something obscure, instead of hacking someone who didn’t agree that it was the greatest cartoon of the time.
As years passed, the internet grew up and cybercrime became more advanced, and so did our understanding of it. Hackers turned from cheeky ne’er-do-wells probing systems for fun to creating ransomware and affecting foreign affairs.
This is where the National Security Agency (NSA) steps in. The NSA, established by President Harry Truman, was created to manage intelligence communications and conduct cryptanalysis. As Norwich University explains, “Firstly, NSA analysts gather and decrypt intelligence from electronic communications and sources such as email, videos, photos, stored data, internet phone calls, chat, video conferencing, file transfers, and online social networking accounts.” The NSA then uses this intel “to protect the nation’s classified data and national security systems from unauthorized access and tampering by foreign and internal adversaries.”
They are likely most well known for the freedoms the Patriot Act gave them to spy not only internationally but domestically. For example, they conducted mass phone data collection, which was stopped by an amendment to the revised version of the act in 2015.
Despite spying on the American public, they do serve a very important function. For example, during elections, candidates use political intelligence consultants to run a successful campaign. Data and analysis on an array of topics including where campaigning is necessary, opposition research, and demographic data must be carefully protected, lest it be corrupted. The NSA ensures politicians’ data remains secure.
Under President Barack Obama, the NSA had freedom but took a defensive, status-quo stance. Under President Donald Trump, however, the shackles have been thrown off.
PPD-20 and Trump
The Obama-signed Presidential Policy Directive 20 (PPD-20) outlined how the NSA could take offensive action and what it needed for approval. The Trump Administration removed some of the restrictions imposed on cyberattacks and retaliation by the NSA and U.S. Cyber Command.
The first true cyberweapon, a worm known as Stuxnet, struck at Iran’s nuclear enrichment facilities. It required approval and oversight from multiple departments before it was put in use. Now, CyberCom does not need White House approval for individual attacks. Instead, we are entering an era of perpetual cyberwar; a war that will have no end.
Rob Joyce, former White House cyber coordinator and a senior official at the National Security Agency, believes the new U.S. policy governing cyberwarfare is more “thoughtful” than some of its critics might think, and that it will help the U.S. protect itself from further outside attacks, such as the Russian hack on the 2016 election.
However, because the restrictions are now relaxed, it means tensions could escalate and a cyberwar could brew.
The Threat of Escalation
“We are all standing knee deep in tinder and gasoline with vulnerabilities in cyberspace,” Jason Healey, a Bush Jr. cybersecurity official and a senior fellow at the Atlantic Council’s Cyber Statecraft Initiative, told reporters in a September conference call. “So, when I hear someone say that we have to fight fire with fire, I think of a lot of reasons for caution.”
As part of this new policy, the NSA contacted individual Russian agents to warn them that the NSA and CyberCom are monitoring their activities of spreading disinformation, as the Russian operatives did in the 2016 election. Shaming the agents may or may not be enough to deter them.
The NSA has also not been helped by a turbulent term. In March, Deputy Press Director Raj Shah announced that General H.R. McMaster would not be leaving his position as NSA Director. A week later, he left the department.
Lest we forget, the NSA does keep secrets. Some, when discovered and leaked, lead to more damage than simply acknowledging the secret and fixing the problem.
Finally, we end with a concrete example of how the NSA’s own secrets can be used against the U.S. public. Ransomware terrorized the world when WannaCry and its successors, Petya and NotPetya, attacked computers and U.K. hospitals in 2017. Hackers often demanded a $300 Bitcoin ransom or files would be permanently deleted from computers.
While the ransomware was eventually countered, it would have been simple to patch the backdoor into the Windows operating system long before the backdoor was used by hackers. How? Eternal Blue.
Eternal Blue was the codename the NSA gave the exploit, which it sat on and did not tell Microsoft about until after the Shadow Brokers group leaked it.
The NSA very likely has other vulnerabilities stockpiled, which it could, in theory, use offensively. As mentioned, however, using these exploits could spark a cyberwar with anyone from domestic hackers to foreign agents. The removal of the PPD-20 limits could prove beneficial, but risk of escalation needs to be at the forefront of the agency’s collective mind before carrying out any offensive operation. The internet may not be a lawless war zone yet, but it is looking more like the Wild West of yesterday.
Embed from Getty Images