Technology

Think hacking’s bad now? You ain’t seen nothing yet

An organisation could launch a devastating attack—and then control the way it is interpreted by society

January 06, 2017
President Barack Obama delivers remarks at the National Cybersecurity and Communications Integration Center (NCCIC) in Arlington, Virginia, USA, ©Pool/ABACA USA/PA Images
President Barack Obama delivers remarks at the National Cybersecurity and Communications Integration Center (NCCIC) in Arlington, Virginia, USA, ©Pool/ABACA USA/PA Images

Since the early 1990s, governments have been aware of cyberthreats and their potentially devastating consequences. But initially, they identified the threats in different ways.

The American government was concerned with a possible attack against the country's infrastructure—powerplants, nuclear stations, transport systems and so on.

The Russian government took a different view. The Russian secret service was the direct successor of the KGB, poisoned by spymania, and despite all of Boris Yeltsin's reforms, stayed paranoid about the Americans. They were obsessed with a possible penetration (the uncovering—and then exploiting—of vulnerabilities in a system) and the stealing of government secrets by foreign intelligence agencies. It didn't help, obviously, that the internet had been invented by the Americans and its infrastructure was built all over the world, including in Russia, on American technology. This view was reflected in the Russian Information Security Doctrine, signed by Vladimir Putin in 2000. The list of identified threats included the “compromising of keys and cryptographic protection of information.”

The Russian command in charge of monitoring cyber threats was also worried about disinformation in cyberspace. But back then they believed that disinformation could be disseminated online only by traditional, mainstream international media outlets, and said it openly in the Doctrine: the list of threats also included the squeezing of Russian media out of the country’s information market and increasing dependency on foreign media.

In the 2000s these fears, both American and Russian, seemed misplaced—the cyberattack on American vital infrastructure never happened. “Since there have been cyber experts, they have predicted that a catastrophic attack was imminent. Yet nearly two decades along, all of cyberspace’s major disruptions have been lacking in scope, duration, and intensity. Cyberwar, then, has loomed but not swooped,” said Jason Healey in 2011. Healy was a director for Cyber Infrastructure Protection at the White House from 2003 to 2005, helped advise George Bush and coordinated US efforts to secure cyberspace and critical infrastructure.

In turn, Russian government communications were apparently safe from the American intrusion, and the Kremlin imposed such strict censorship that there was no threat posed by foreign media at all.

Then a new, third type of cyberthreat emerged. Informal actors—terrorists—found a new use for the internet as a recruitment and propaganda tool, and began spreading news, genuine and fake, via their websites and social media.

There were some menacing signs—an attack on a Ukrainian powerplant in December 2015, some government and defence computer systems penetrated by hackers. In addition, a massive wave of fake news began to rise. But tactics—hacking infrastructure, penetration and spreading fake news by informal actors with no easy attribution to a particular government—were not combined to achieve a particular political goal.

That could now change quickly for at least one reason. With social media on the rise, and trust in the mainstream media in decline, an organisation could launch a devastating attack and then control the way it is interpreted by society. The more democratic the society, the more devastating the effect is likely to be.

Let's think of a science-fiction scenario: in a not-so-distant future a massive wall gets erected, from the Black Sea to the Aegean Sea, to stop Syrian migrants from entering Europe. The construction of the wall is funded by the European Union. The sophisticated electronic system connected to this wall gets hacked. News of the hack is followed by a wave of fake news on social media reporting thousands of migrants coming to Europe, thanks to the broken system.

These reports would be contradicted by mainstream media outlets, which would not find evidence on the spot. Lots of people get sceptical. And then a number of EU official websites get hacked, and a massive package of emails leaked, along with a forged description of a top secret plan to organise an “accident” related to the wall. The purpose described in the forgery is to let in migrants and then give them citizenship in order to change the electoral balance in Europe, all of this designed to tilt the balance in favour of the ruling European bureaucracy. The media would report this plan as fake, the courts would sue the websites for spreading false information, and the European parliament would issue a strong condemning communique.

The question is then how many people across Europe would come to think that the media, the courts and the European parliament are just parts of a wide conspiracy to bring more migrants onto their doorstep, with the goal of compromising the elections. And what on earth would come out of the next elections in circumstances like that?