Wow! The national news media is reporting that Russia is and has been hacking the White House, State Department, Joint Chiefs of Staff, news media outlets, and private sector. President Barack Obama even confronted the Chinese President Xi Jinping and Russia's Vladimir Putin this week regarding cyber intrusions. That will certainly cause the intrusions to cease!
We have no strategy and no rules of engagement. It is truly the Wild West in cyberspace and has been for over 30 years. The Intelligence Community is the culprit-- they have been leveraging cyber since the early ‘90s. They don't want our leaders or citizens to know about our vulnerabilities or the significance of the threat so that they can continue to exploit them for their own missions. They have classified everything imaginable relating to cyber intrusions in order to exploit others with no regard to defense of our own government and private sector assets. The Intelligence Community is responsible for our current situation.
I continue to be disappointed in our government, political, private sector, and academic leaders. I am equally disappointed in the media, which is supposed to keep them honest. All act like this is something new. Something unique. Something out of the ordinary.
The fact is that we have been systematically victimized by the Russian/Soviet hackers and others for over 30 years. My first cyber case was the “Hanover Hacker Case” made famous by my source Dr. Cliff Stoll. Cliff's book, The Cuckoo's Egg, was published in 1989. Cliff discovered five West German hackers working for and paid for by the Soviet KGB to hack Department of Defense systems all over the world-- the first case of cyber espionage. I remember my frustration in 1986 while trying to convince the powers-to-be to let me run the investigation as an espionage case. This would bring additional resources, priority, and significance to the investigation. After extensive effort, I was turned down. I had to conduct the investigation as a larceny by fraud akin to a time and attendance fraud case. Leaders at all levels didn't understand. They argued that it couldn't be espionage given that the information was unclassified and had no value. Not much has changed, I'm afraid.
Ten years later in 1996, I was detailed to The Senate Permanent Subcommittee for Investigations as a Senate Investigator for Senator Sam Nunn. I was tasked to run a Senate Investigation on "Security in Cyberspace." We interviewed over 200 witnesses from the government and private sector as well as allies. One of my interviews was at the National Security Agency (NSA) where I was given a classified briefing on my Hanover Hacker case. They possessed far less detail and knew absolutely no additional information than what was already in the book, but it was still classified. The Cuckoo's Egg had been published nine years prior. I asked why. They explained that anything related to a compromise was classified. Amazing! This is a classic example of the Intelligence Community trying to hide the threat and vulnerabilities to protect their own myopic mission.
Thirty years later this is now supposedly something new! Nation states, criminals, and even children have been systematically spying on us, stealing our research and development, our intellectual property, our identities, our money, and most importantly-- our privacy. Old timers in the business have all read The Cuckoo's Egg. I suggest that they go back and read it again. If you haven't read it, you need to. Not much has changed except that we are now much more vulnerable and far more dependent on the Internet, computers, and networks. The threat, as we warned thirty years ago, would grow. Our vulnerability and dependence would grow.
Now hackers are influencing the 2016 Presidential election of the most powerful and most vulnerable nation in the world. We act as if we didn't see this coming.
Where has the media been for the last thirty years? The news media's job is supposed to be keeping our government leaders and politicians honest and accountable. All have dropped the ball and we are now in serious trouble. The media that do understand the weight of this situation are only published in the technical media outlets where they are preaching to the choir, so to speak. Reporters in the mainstream media never “got it” and shunned the ones that did, ignoring the malfeasance of our leaders.
The system has failed us. Pun intended.
Jim Christy is VP of Investigations and Digital Forensics at Cymmetria. Jim retired from the U.S. government in 2013, ending a career investigating computer crimes and running digital forensics labs that began in 1986 at the Air Force Office of Special Investigations.
Jim can be reached by email at email@example.com.
Connect with Jim on Twitter: @jimchristyusdfc