Leaked doc shows USA has started an Internet War: Schneier

Bruce Schneier points out that the leaked top-secret list of electronic attack targets picked by the Obama administration is tantamount to a declaration of Internet War on foreign powers, and shows the US government planning attacks that make the much-vaunted Chinese attacks on the USA look tame by comparison.

That's the key question: How much of what the United States is currently doing is an act of war by international definitions? Already we're accusing China of penetrating our systems in order to map "military capabilities that could be exploited during a crisis." What PPD-20 and Snowden describe is much worse, and certainly China, and other countries, are doing the same.

All of this mapping of vulnerabilities and keeping them secret for offensive use makes the Internet less secure, and these pre-targeted, ready-to-unleash cyberweapons are destabalizing forces on international relationships. Rooting around other countries' networks, analyzing vulnerabilities, creating back doors, and leaving logic bombs could easily be construed as an act of war. And all it takes is one over-achieving national leader for this all to tumble into actual war.

It's time to stop the madness. Yes, our military needs to invest in cyberwar capabilities, but we also need international rules of cyberwar, more transparency from our own government on what we are and are not doing, international cooperation between governments and viable cyberweapons treaties. Yes, these are difficult. Yes, it's a long slow process. Yes, there won't be international consensus, certainly not in the beginning. But even with all of those problems, it's a better path to go down than the one we're on now.

We can start by taking most of the money we're investing in offensive cyberwar capabilities and spend them on national cyberspace resilience.

Has U.S. started an Internet war?


  1. If the Department of Defense would just live up to its name, this wouldn’t be an issue.

    1.  They* would claim they do. 

      *NATO in general, that is. Can’t link to that often enough during the last weeks. It predates the leaks by three days! Nobody seems to recall the rattles of the sabre, now.

  2. Very destabilising. I’m often a bit mystified by the assumptions of power, particularly the notion that existence is war. I grew up in Canada, which like most places in the world is “nowhere” and I have no sense that being more powerful is better than less powerful; no sense that dominating is better than just doing your own thing quietly in the corner without really having a huge impact on anyone else. “Hello, Norway. I understand you were measured as best place to live in the world again. Is that because  you have an offensive, militarist view of the world and hard won hegemony as the only super power?” 
    “We just try to have a nice life.”

  3. Government actions that can be reasonably interpreted as acts of war are alarming of course. But is that the right interpretation of all of this? Don’t we like what hackers, crackers and those who poke holes in hardware and security software measures do because it purportedly makes the system stronger and better for everyone? And don’t we spend plenty of commenting energy scorning the laws and regulations that criminalize those useful pastimes? Mapping vulnerabilities and trying exploits…is that really what we want to understand as forbidden/act of war?

    1.  Well, the conventional example would be to fire a few missiles and see if their AA is up to the task. Just testing the defenses!

    2.  you seem to be missing a key element:
      we like it when they test the security of those systems and then TELL them about them and help them FIX it, not exploit it for their own gain…we(okay i shouldn’t speak for everyone so I) HATE those people. that is what malware writers, spammers,script kiddies, and the entertainment industry do.

  4. A good part of the problem is people think that cyberwar is like conventional war. They believe that cyberweapons are like conventional weapons. This mistake can kill us all.

    You can make a tank and not use it. A tank crew can become expert, but never be deployed. You can make a nuke and stockpile it forever. But, a cyberwar asset can’t exist, unless it is deployed and active.

    There are 2 major kinds of cyberwar assets: Exploits and Experts.

    Exploits only exist if you discover them, develop them and keep them from being fixed. We all use the same internet. We all use the same tools. Any exploit in China or Iran is also in America. You can’t fix it in America without making it possible for our enemies to fix it. In order to have an attack vector, we have to keep ourselves vulnerable to the same attack.

    Cyberwar experts are only relevant if they are skilled at attacking our enemies. China embraces this concept. It looks like America does as well.

    When a nation says it is developing cyberwar capacity, it is not mounting a passive defense. It is actually declaring war. It is saying that it will actively work to weaken and destabilize the internet. It is saying it will immediately start practicing on it’s enemies.

    Our only hope is if we can educate enough people that attack is not the same as defense. Attack can sometimes inform defense, but that is the limit of it’s contribution. Almost all the important skills and techniques of defense are different from attack. They include things like: Building communities; Preparing for a better future; Learning how to create; Learning how to motivate others; Learning how to deal when things go wrong. Attack doesn’t get you any of that.

    We must learn to properly value attack and defense. Right now, we seem to have it backwards. Billions for attack and destruction. Almost nothing for defense and resilience.

    1. a cyberwar asset can’t exist, unless it is deployed and active.

      Codswallop. We could threaten to drop weev off on one of their beaches.

      1. > We could threaten to drop weev off on one of their beaches.

        Hmm. Throw in the Kardashians and we would have a destructive force, the Likes Of Which The World Has NEVER WITNESSED!Forget what I said.FEAR US AND TREMBLE!!!

  5. I guess I don’t see how this potential “real” war could be of use to either side. It sounds like it would slow the river of money upward, and what’s the point of that?

    1.  because some people don’t like it when people break into their computers, steal information and use it against them.
      of course “what’s the point of it” massively misunderstands war in general, it assumes there IS a point, that war is a logical thing that people enter into for entirely sane and reasonable reasons and for which there is no chance of losing big time.

  6. I am pissed beyond words over the NSA spying.  I hope that Hillary is shot down in 2016 by a candidate that thinks that maybe pissing on the fourth amendment because Americans are cowards when it comes to terrorism isn’t such a good idea.  I even have a sliver of  (admittedly futile) hope that the Republicans will find their civil libertarian balls and put forth a candidate who feels that maybe the fourth amendment is one of the good ones.  That the US has plans for cyberwar though?  This really doesn’t upset me at all.

    I wouldn’t be shocked to learn that the US has plans to invade Canada, nuke France, and annex Mexico.  This doesn’t bother me.  Of all the horrible shit the US government is doing, pondering paranoid war plans is one of the more legitimate activities.  

    Pondering the unthinkable wars, and war with China REALLY is unthinkable, is something they should be doing.  You keep it in your back pocket so that if for some reason it suddenly becomes relevant, you have something to work off of.  There isn’t a reason in the world to use that sort of thing today, but who knows what the future holds?  The right series of events could lead to a sudden and violent change in the Chinese government and a threatened Japan, and suddenly war with China isn’t so unthinkable.  So, having a plan to fill the Chinese defense computers with lol cats and and gay pr0n is a-okay in my book.  I don’t begrudge China having plans to invade Japan and cyberfuck the US just in case the US loses its mind (uh, more so then it already has) or Japan suddenly decides it misses the 1940s.This does point out a wider problem though.  All the nation state cyberfucking plans rest on an internet architecture that is fundamentally insecure.  The same weaknesses that allow the NSA to spy on everyone make it so that there are gaping holes in the defenses against nation states messing with the infrastructure.  Not all, but a lot of these exploits rely on a weak link in security.  Encrypting the fuck out of the internet would go a long way to making everyone safer.

    1. The objection isn’t that the US has plans, Rindan – as you say, it’s the military’s job to have plans for every crazy war scenario they can think of.  The problem is that the US is actually doing it.  In computer security, there’s almost no such thing as capability “in reserve” – the only way to get the ability to launch a planned attack in the future is to launch actual attacks right now.  Which is being done.

      Their “planning” is making the internet less safe for everyone, all the time.  It’s a bit like conducting joint international military exercises with live ammo.  In urban areas.

  7. i have been saying this since we learned stuxnet was released by the us government as an attack on iran.
    the whitehouse said that they would treat cyberattacks as declarations of war, so logically us using a cyber attack on iran must be a declaration of WAR.

  8. “we also need international rules of cyberwar”

    That’s the most absurd thing I’ve read on the internets, ever. As if anyone would ever obey such rules. As if we were smart enough to come up with a reasonable set of rules. As if the ones we came up with for conventional warfare (an absurd idea in itself) have any mitigating effect.

    We don’t have the slightest idea how our infant global network is going to effect our society in the long run, so how can we possibly codify acceptable ways of waging war through it?

    1. Another way to look at it would be to marvel at the delicate balance of unlikely events that had to coincide to give us a free internet and to wonder how we got so goddamn lucky that the thing wasn’t just a weapon of mass destruction from day one.

      It is as if life suddenly sprung up where no one was paying attention and now we can only hope we’re so robust as to stick.

  9. The Geneva Protocols were instituted as a result of the use of horrific weapons such as mustard gas and the like.  In order to institute firm international rules for cyber warfare, the society as a whole to need to experience equally drastic effects from these new modes of warfare.  Major bigtime twitter outtage or waste release at a nuke plant would do.       

    1. I’d like to make it exceedingly clear that I do not wish for this to happen, but I wouldn’t be surprised if there are efforts underway to develop and execute Stuxnet-style penetration attacks against major US infrastructure.

    2.  Major bigtime twitter outtage

      Dear God, I’ll wake up in a cold sweat tonight worrying about that.

  10. Oh look…. Governments are running espionage over the internet, in exactly the same way they’ve always run it in meatspace. Everyone has always spied on everyone else. They just spy on their enemies more.

    1.  But they didn’t have to build a hole in the back of every single person’s mailbox just to read the ambassador’s mail. 

      But you do get points for the first person to do the ‘internet yawn’ when somebody starts talking about an actually serious, dangerous problem.

  11. What goes around, comes around.

    The US never learns:

    Financing, training and arming crazy muslim fanatics – wondering when they don’t stop attacking. 

    Toppling democratic elected governments – wondering that the new theocratic dictatorial regime hates you. 

    Starting a secret cyberwar – complaining that they get attacked in return.

  12. Since the PCs hardware and software is rather diluted and Linux is gaining traction, I would start by checking my home router software… I think it is safe to assume a NSA surprise backdoor might be dormant on Ciscos and other leading US providers.

    Is there any open source, ready-to-go Raspberry Pi router implementation?

Comments are closed.