The Great Chinese Hack: Is America Vulnerable to Cyber Warfare?

On Tuesday, the New York Times revealed that a series of high-level computer hacks against American companies have been traced to a Chinese military unit in Shanghai. 

China was quick to deny the allegations, though I suppose very few people expected them to get on TV and release an admission of guilt — perhaps laden with LOLs and cat memes. The security firm Mandiant will be releasing the full 60-page report, which highlights the Chinese military's Unit 61398 and its long history of embedding itself on American networks to absorb data, passwords, and user information.  

 

Former Defense Secretary Leon Pannetta has often warned that America could soon be facing a massive cyber "Pearl Harbor" attack, which could cripple our country as a precursor to invasion. Many think this is an alarmist view that will help push cybersecurity legislation, but let’s look at what parts of our infrastructure could theoretically be affected by sophisticated attacks.

Our electric grids, gas lines, telecommunication towers, internet providers, financial systems, and news sources are all vulnerable to cyber attacks. Shutting these technologies down would be equivalent to vaulting most major cities back 100 years. Nuclear power plants, subway systems, train tracks, and air traffic control are also susceptible, and could cause mass death if manipulated into a loss of user control. Without food coming in, or efficient ways out, most cities could easily become desperate battlegrounds for survival. This would make for an ideal invasion platform, and China certainly has the troop numbers though luckily nowhere near a large enough navy to cross the Pacific.

Despite America’s relative isolation from the world, periodic attacks have managed to cross the oceans and land on our shores. In 1814, the British invaded and burned down the White House. In 1941, the Japanese air force executed a devastating attack on Pearl Harbor, crippling our Navy’s Pacific mobility. On September 11, terrorists hijacked several commercial flights and destroyed the World Trade Center in New York and the Pentagon building in D.C. But we’re past the days of troops parachuting onto our shores, fighter jet battles filling the sky, or tanks rolling through our streets. The missiles that fly across international borders are virtual.

 

As worrying as this new age of warfare may seem, we are still a long way from a cyber World War III. The simple truth is that China has far more vested interest in stealing information from us than crippling our society. By stealing our research and development, intellectual property, and corporate data, China can accelerate their homegrown industries. We built this monster with our huge outsourcing wave several years ago, and American companies have been teaching the Chinese all about our technologies for years so that they could manufacture it cheaply for us. Their knowledge has simply grown to the point where they are willing to exploit our vulnerabilities to learn more and continue their growth. There is a massive market for knock-off American goods in China, including hilarious fake Apple stores where even the employees believe they are working for Apple.

It’s been a week since President Obama issued his executive order instructing private owners of critical infrastructure to share data on cyber attacks with government officials. This is a generalized "beefing up" of online security because the alternative of going to war over these attacks is wholly unrealistic. America and China have a symbiotic relationship they manufacture cheap commodities purchased by American companies, absorbing some of our wealth; they in turn purchase government bonds absorbing American debt; and years later, when those bonds mature, they will again have a source of revenue from the American dollar. It’s a long-term marriage, and like any husband and wife there will always be some arguing, cheating, and perhaps a fleeting fantasy of smothering the other with a pillow – but we’re in it together for the long run. 

The most important thing to note is that America is not the soft target it often paints itself out to be, and certainly not on the government level. The successful STUXNET attacks against Iran’s nuclear program, charges against whistleblowers like Bradley Manning and Julian Assange, as well as prosecution of freedom of information champions like Aaron Swartz all serve to highlight America’s active involvement in hacking culture. Every nation has been trying to entice, recruit, jail, or enlist any known talent in the hacking world since the great crackdowns and round-ups of the 1990s. The hacker group "Anonymous" is probably the best example of those few computer-savvy individuals who wish to work outside of the nationally defined borders.

 

The future of warfare will definitely take place online to some degree. Even drones could theoretically be hacked and turned around to attack their own country. But as much as we’d like to head to our Red Dawn bunkers and shout "Wolverines!", that future is not happening any time soon.

How Spy Cams and Cyber Trolls Violate your Civil Liberties

Not too long ago, grabbing your secretary's behind with a wink and smile was an acceptable form of praise. It took a long civil movement and sexual harassment laws to slowly push the tendencies of the vulgar out of the workplace. More and more aspects of our lives are being lived online, and as such the criminalities, inequalities and injustices we experience are felt there. We're still struggling to figure out ways our biggest collective environment can remain open, accessible and safe.

If you were a voyeur in the old days, you used to have to climb suburban tree branches and peer through a bedroom window. Nowadays, perverts never have to leave the comfort of their own home. Instead, they utilize a million proxy spy-holes already integrated into our computers. This weekend, a hacker was arrested for blackmailing over 350 women, and forcing them to strip off their clothing in front of their webcams. He accessed their Facebook and email accounts, locked them out by changing the password and mined through their messages to find personal, compromising pictures. He then threatened to send the nude pictures to all their friends, co-workers and family members if they didn't perform live strip shows for him via webcam – which he would also record. He used the women's captured identities to pretend to be them with other friends online, and lure further women into compromising situations.

This might be one of the most visceral manifestations of the ongoing privacy debate, but it's certainly not the only one. Criminals can exploit the vulnerability of our computers and personal data as easily as they can be by governments or consumer businesses. The internet has become the ultimate communal platform, where we experience our daily dose of humanity: work, socializing, entertainment, crime and news. No one is immune to the changing nature of privacy, but not enough people are fighting to preserve our safety.

General Petraeus' recent affair could have been just another D.C. sex scandal, but invading the CIA Director's email has wide reaching implications. The storing of digital content and cyber harassment are certainly open to debate as a result of the incident. News Corps made headlines when they got embroiled in a very public phone-hacking scandal, targeting celebrities to gain extremely personal information. Anthony Weiner's political career came to a crashing halt when his Twitter account was hacked. A Florida-based Hacker was recently arrested for stealing nude photos and scripts from several Hollywood celebrities, including Scarlett Johansson and Mila Kunis. To some degree, people haven't been that outraged by these events, as our tabloid culture has normalized invading the privacy of those in the public eye.

But celebrities aren't the only ones who are vulnerable. Our lovers, roommates, friends and employers all have an avenue to affect our digital lives permanently. A Pennsylvania high school was recently sued for spying on children in their homes via the webcams of school issued laptops — perhaps a misguided attempt to catch 'pot smokers.' Last March, Dhuran Ravi, a former Rutgers University student, was convicted on charges of invasion of privacy for secretly spying on his gay roommate and posting a video of his sexual encounters online. His roommate committed suicide as a result. Many sites offer jilted men opportunities to shame their ex-girlfriends on an immense and permanent scale by posting their pictures online.

We put a lot of faith in the security of our devices and passwords, but if someone gained control over your computer, how much damage could they do? Webfecting, for instance, is a common practice of remotely accessing someone's webcam and turning it on without their knowledge. How many times have you walked across your room naked in front of your computer? If targeted by a hacker, would you choose to perform demeaning acts via your webcam for one pervert, or risk everyone you know getting an email with a picture of you naked? The potential for embarrassment doesn't stop there. Have you ever written an email about how much you hate your boss? Confessed that you still have deep feelings for an ex-lover? Ever bought something online you wouldn't want anyone else to know about? There's an incredible amount of damage someone can do, if they're motivated to devastate your life, and once the bubble is popped there's no putting it back together.

We've taken a passive approach to this problem so far, by relying on the numbers game and hoping hackers are too busy targeting someone else. That is the way most civil issues began: someone else's problem that eventually becomes big enough to involve us. So how do we go about balancing privacy and security online? How do we keep the internet an open platform where information is available, but also safe?

When it comes to online legislation, there are very few lobbies with political juice. Most notable are the internet providers, who represent the infrastructure but have conflicting visions for what the future of the internet should look like. American representatives walked out of the World Conference on International Telecommunications in Dubai last year, demonstrating a looming divide between pro-censorship governments and anti-censorship governments. Media Conglomerates and the MPAA represent most of the content online, but they're far more interested in stopping piracy or going to war with Kim Dotcom, rather than protecting the privacy of their audience. Finally, we have Google, Facebook and Microsoft spending millions on lobbying. Their business model relies on selling their user's data to advertisers. They've often joined in on the fight against online censorship, going toe to toe with the MPAA to keep the internet open and free, but that does little to address security concerns.

These are companies motivated by profit, not civil movements motivated by ideology. The internet brings us together like nothing else, but it also separates us through the mechanical barrier of our devices. There is an inherent diffusion of responsibility for how we act, because we're doing it through a machine, and it feels less real. We have to reclaim a standard of humanity, and enforce it through laws we believe will affect our desired equality. Sexual harassment laws were a proclamation that abuse would no longer be tolerated as an acceptable standard. That very same notion of protection needs to be emphatically offered to the every day internet user.

To that end, there are flourishing movements that need our support. The F.T.C. is pushing for phone and internet companies to include "Do Not Track" software in their devices, and reduce the scale of personal data stored by various companies — a battle still very much being fought by both sides. Apple is among many companies trying to move away from passwords altogether, and use facial-recognition to access devices. Security is becoming an ever-increasing focal point in the debate, but the movement's tipping point will come when the punishments start reflecting the severity of the crime. As more victims suffer technological attacks, we will begin to understand that taking over someone's computer is no different than breaking into their home, reading their journal and looking at the private pictures on their wall. It is an appalling and unacceptable violation of our evolving personal boundaries. Most states and counties punish this offense with $10,000 and a year in prison, when those numbers go up, the offenses will most likely go down.