A Deterrent for the Next Hackers

Ally Sheedy, Matthew Broderick and John Wood in ‘WarGames,’ 1983. Photo: ...


Ally Sheedy, Matthew Broderick and John Wood in ‘WarGames,’ 1983.



Photo:

MGM/Everett Collection

SolarWinds

hack explained” is a popular internet search term. Sadly, very little has yet been explained.

The words “inside job” have been bandied mainly on expert blogs and online forums, not yet in the mainstream press. But we might suspect the human factor will turn out to have played a key role.

Edward Snowden

was the security flaw that led to a previous government data disaster.

John Podesta

was the unwitting flaw that put Democratic campaign emails in the hands of presumptively Russian hackers.

Software code and network systems may have inherent vulnerabilities but as systems become more complex and harder to penetrate, corrupting or fooling an authorized human will increasingly be the cost-effective avenue of attack. Once upon a time, we could tell ourselves any holes in our network systems were bound to be discovered and exploited. Not unreasonably, our sotto voce response was: Thanks for letting us know. Praise God the vulnerability was discovered sooner rather than later.

Industrial-strength corruption and sabotage of networks by state actors is the concern now. Closing holes is still important but more important will be deterring and shaping the incentives of attackers.

Matthew Broderick plays hacker David Lightman in ‘WarGames,’ 1983.



Photo:

MGM/Everett Collection

A security expert tells Reuters he alerted the Texas company SolarWinds last year to a sloppy password vulnerability, but Reuters was quick to add the defect didn’t play a role in the latest attack. Its perpetrator likely had no place in his plan for serendipity; his goal from the start was to target and break a specific company because its software offered access to the networks of thousands of other companies and government agencies.

Russia is the likely culprit according to Secretary of State

Mike Pompeo

and others. A blog post by Microsoft President

Brad Smith

is widely quoted in press accounts, urging cooperation between government and private firms to detect and fight off intrusions, which is fine but ought to be a secondary priority.

The SolarWinds hackers did not seek to disable the systems they accessed as North Korea did in its 2014

Sony

hack. To Russia, the cost would have outweighed the potential benefit, since the U.S. was expected to be able to identify and retaliate against such an attacker.

Incentive and deterrence, the usual tools of statecraft, are working here even if we don’t see it. Indeed, only after it was discovered did the latest attack likely begin to serve its deepest purpose for Russia: to intimidate and coerce U.S. elites. On the media hysteria front Russia may be winning the spy vs. spy wars. On every other front Russia has been losing. The mysterious “Panama Papers” and “Paradise Papers” leak of banking documents in 2016 and 2017 was plainly seen by the Kremlin as a Western attempt to embarrass

Vladimir Putin

and his financial cronies. This month a trove of 16-year-old emails came into public view showing how one of Mr. Putin’s crony scions,

Kirill Shamalov,

became an overnight billionaire after marrying Mr. Putin’s daughter.

Russia’s hands behind the Malaysian airliner shootdown, the polonium murder of a Russian émigré in the U.K., the attempted murder of another with a nerve agent, were all exposed with ease in the world press. Even the names and photos of individual suspects were published. In the past few days, the private outfit Bellingcat exploited the corruption of Russia’s domestic data markets to name and persuasively describe the activities of the Russian agents allegedly involved in August’s attempted murder of opposition politician

Alexander Navalny.

Looming over all, the role of Kremlin agents in a 1999 spate of domestic terrorist bombings that cemented Mr. Putin’s rise has been extensively revealed in the public domain. Awaited is only a Western government’s or intelligence agency’s decision to out Mr. Putin for the crime.

Let’s use the right word, with the right associations—not hacker but attacker. If Russia is the culprit, the regime’s second-greatest sensitivity (after its inability to keep secrets) is sanctions that prevent regime favorites from traveling in the West and securing their wealth under Western laws. Sanctions work, contrary to shibboleth: Governments carefully weigh the potential costs of their actions even if those costs don’t always deter them. So maybe arrest a few children of Russian oligarchs living in the West as accessories to money laundering. Maybe seize a few yachts and Fifth Avenue mansions. Make sure the names of Russian cybercriminals appear conspicuously on the terrorist lists from which names occasionally disappear for drone-related reasons.

Matthew Broderick

in “WarGames” isn’t the prototype. When the hacker we worried about was the random teenager we could never identify in advance, investment in defense was the way to go. The problem is different now. Russia needs to be kept in its place, with a punch in the nose if necessary, not least because the real long-term challenge is China. Russia is stuck with a leader who, with options limited, is focused on regime survival above all, at the expense even of Russia’s national interests. The Russian people will be among the beneficiaries of setting limits on his behavior.

Copyright ©2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

Appeared in the December 23, 2020, print edition.

Source link

COMMENTS

Name

Africa,728,Americas,3907,Art & Culture,14221,Arts,6333,Arts & Design,1524,Asia,3114,Automobile,415,Baseball,502,Basketball,401,Books,3725,Business,5166,Celebrity,2592,Cricket,605,Crime,121,Cryptocurrency,1389,Dance,586,Defense,796,Diplomatic Relations,2451,Economy,1008,Editorial,260,Education,1118,Elections,291,Energy & Environment,2988,Entertainment,22083,Environment,3468,Europe,4063,Faith & Religion,205,Family & Life,775,Fashion & Style,3085,Finance,18972,Food & Drink,3575,Football,1026,Games,74,Gossip,10245,Health & Fitness,3916,Health Care,870,Hockey,181,Home & Garden,880,Humour,950,Latin America,49,Lifestyle,16224,Media,490,Middle East,1398,Movies,1581,Music,2485,Opinion,2732,Other,11226,Other Sports,4868,Political News,11236,Political Protests,2280,Politics,17282,Real Estate,1686,Relationship,63,Retail,3069,Science,2472,Science & Tech,9483,Soccer,159,Space & Cosmos,275,Sports,11399,Technology,3268,Tennis,504,Theater,1561,Transportation,275,Travel,2437,TV,3528,US Sports,1434,Video News,3531,War & Conflict,1026,Weird News,954,World,15562,
ltr
item
Newsrust: A Deterrent for the Next Hackers
A Deterrent for the Next Hackers
https://images.wsj.net/im-276853/social
Newsrust
https://www.newsrust.com/2020/12/a-deterrent-for-next-hackers.html
https://www.newsrust.com/
https://www.newsrust.com/
https://www.newsrust.com/2020/12/a-deterrent-for-next-hackers.html
true
732247599994189300
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share to a social network STEP 2: Click the link on your social network Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy Table of Content