The Deep State Will Not Dial Down Hacking
Periods of strife often benefit a small subset of interests quite well. The recent SolarWinds hack was no exception.
The events surrounding the SolarWinds supply chain breach raise questions about the efficacy of American intelligence services. But going down that rabbit hole is the last thing that the Deep State wants to do. Those intrepid souls who do poke around and ask hard questions typically end up like Congressman Otis Pike; quashed and condemned to obscurity. So maybe it’s no surprise that voices in the commentariat are performing an op-ed kabuki which positions the debate atop a neatly conscribed set of assumptions. Thus avoiding topics that elites might find threatening.
Full of Sound and Fury
If anything the SolarWinds media circus has been lively. Full of breathless descriptions delivered in ominous tones. The incident itself has been described as “historic,” “hard to understate,” and equated to a cyber “Pearl Harbor” (a term that was very popular years ago). The Perpetrators are similarly depicted as “top-tier” actors who demonstrated the sort of “sophistication and complex tradecraft” which is seen as the hallmark of a “state-sponsored” operation.
Yes sir, straight out of a Robert Ludlum novel.
Just understand that there’s a certain amount of damage control going on. No one, especially a highly paid executive, wants to admit that things fell apart under their watch. For instance, the password used to protect the server which transmitted SolarWinds’ malicious software update to thousands of big name corporate and government networks was “solarwinds123.” That, dear reader, is the kind of amateur-hour security vulnerability which bored teenagers can and will exploit.
Never mind that Microsoft detected intrusions on only about 40 systems out of the 18,000 customers that downloaded the bogus update. Since Microsoft’s initial announcement the number of impacted systems has been rescaled upwards to somewhere around 250. Still a small fraction, something like 1.4 percent of the total customer base. Furthermore, none of the compromised networks appear to be classified. Which makes sense because classified networks are usually air-gapped and heavily segmented.
Sorry Charlie, a bunch of breached public networks isn’t a game-changer. There are criminal botnets like 3ve that easily sport over a million compromised endpoints. What happened with SolarWinds is run of the mill subversion. The truth is that American spies have been jiggering supply chains and impersonating foreign entities on a global scale since the end of World War II and—hello—show no sign of slowing down. In fact if anyone knows how to hack foreign networks on an industrial scale it’s Uncle Sam.
A Deer in the Headlights
The real story here isn’t the SolarWinds hack. Rather it’s how the incursions went completely undetected by both SolarWinds and the United States government. Given the billions of tax dollars that politicians shower on spy masters their failure to achieve situational awareness in their own backyard is a bit disappointing. Adding insult to injury, it was an unaffiliated third party from the private sector that actually unearthed the hack. Had it not been for analysts at FireEye speaking up none of this might have come to light.
So much for the NSA’s goal of “information dominance.” Honestly you’d expect more from an organization that sports a functioning replica of the Enterprise Bridge.
Tech luminary Bruce Schneier offers an explanation. In a Guardian piece he observes that the Pentagon “prioritizes and spends many times more on offense than on defensive cybersecurity.” In other words secret groups like the NSA’s Office of Tailored Access Operations (TAO), the CIA’s Center for Cyber Intelligence (CCI), and joint programs like the Special Collection Service (SCS), are all teeth and no hide. Such that they neglect defensive capabilities on behalf of implementing a doctrine of “persistent engagement.” An offensive strategy that seeks to find out what the bad guys are up to by breaking into their networks and monitoring them 24/7.
The Internet has always been like one of those drunken brawls in the Wild West where everyone is getting punched by somebody else and the piano player never skips a beat. But as the country shifts to online platforms, the cost of being continually hacked at home will eventually outweigh the benefit of aggressively hacking networks abroad. Schneier recommends placing more emphasis on defense. He asserts that “we need to dampen this offensive arms race rather than exacerbate it, and work towards cyber peace.” Which probably sounds entirely reasonable to the average person. Your author included.
Therein lies the weakness of this stance.
Waving at the Political Abyss
The problem with suggesting that spies ease off on the hacking is that it fails to acknowledge the nature of the American power structure. The idea that reform is feasible hangs on the notion that U.S. foreign policy means well. That the mandarins of NATSEC generally aim to diffuse conflict rather than create it. An article of faith among the globalist crowd who state that good intentions justify America’s place as the “indispensable nation.”
This narrative has been challenged from the very top of the executive branch. Consider Harry Truman, who signed the same 1947 legislation that established the foundation for the current national security apparatus. In a biography aptly entitled Plain Speaking, the former President laid it all out (p. 392):
“Those fellows in the CIA don’t just report on wars and the like, they go out and make their own, and there’s nobody to keep track of what they’re up to. They spend billions of dollars on stirring up trouble so they’ll have something to report on.”
Truman was followed by other insiders. Intelligence officers like Philip Agee and John R, Stockwell who corroborated his allegations. More recently whistleblowers like Edward Snowden have channeled Truman’s skepticism. For example, in an open letter to Brazil Snowden explains what drives mass surveillance:
“These programs were never about terrorism: they’re about economic spying, social control, and diplomatic manipulation. They’re about power.”
There’s no doubt that civilians suffer horribly during periods of war, economic ruin, and political oppression. Yet these periods of strife often benefit a small subset of interests quite well. The end of World War I signaled the demise of the British Empire and the migration of the world’s financial center from London to New York City. Likewise, the completion of World War II gave birth to the American hegemon, which relied on a steady diet of proxy conflicts, friendly dictators, and military spending to collapse the Soviet Union. Within a decade or so of the Soviet Union’s dissolution the United States unilaterally launched the Global War on Terror. Leaving a trail of smoldering nations in its wake.
To tacitly presume that vast sources of wealth and power would, in a spontaneous fit of clarity, listen to reason and renounce an approach that has worked so well for them is closer to pleasant fiction than practical consideration. Particularly when Deep State minions have shown that they can consistently leverage backchannels to subvert public pressure.
Hence, like it or not, the drunken brawl will continue. As will the arms race. Though it may be cathartic to espouse a more perfect world as Mr. Schneier does, engineers preparing for the immediate future must ground their decisions on what will likely happen rather than what they believe should happen.
Bill Blunden is an independent investigator focusing on information security, anti-forensics, and institutional analysis. He is the author of several books, including The Rootkit Arsenal and Behold a Pale Farce: Cyberwar, Threat Inflation, and the Malware-Industrial Complex. Bill is the lead investigator at Below Gotham Labs.