Data and Goliath (47 page)

Read Data and Goliath Online

Authors: Bruce Schneier

BOOK: Data and Goliath
7.89Mb size Format: txt, pdf, ePub

more moderate language:
Barack Obama (17 Jan 2014), “Obama’s speech on N.S.A. phone surveillance,”
New York Times
, http://www.nytimes.com/2014/01/18/us/politics/obamas-speech-on-nsa-phone-surveillance.html.

the Chinese company Huawei:
Michael S. Schmidt, Keith Bradsher, and Christine Hauser (8 Oct 2012), “U.S. panel
cites risks in Chinese equipment,”
New York Times
, http://www.nytimes.com/2012/10/09/us/us-panel-calls-huawei-and-zte-national-security-threat.html.

NSA has been doing exactly the same:
US National Security Agency (24 Jun 2008), “SOUFFLETROUGH: ANT product data,” http://leaksource.files.wordpress.com/2013/12/nsa-ant-souffletrough.jpg.
US National Security Agency (24 Jun 2008), “FEED-TROUGH: ANT product data,” http://leaksource.files.wordpress.com/2013/12/nsa-ant-feedthrough.jpg.
US National Security Agency (24 Jun 2008), “JETPLOW: ANT product data,” http://leaksource.files.wordpress.com/2013/12/nsa-ant-jetplow.jpg.
US National Security Agency (24 Jun 2008), “HEADWATER: ANT product data,” http://leaksource.files.wordpress.com/2013/12/nsa-ant-headwater.jpg.
US National Security Agency (24 Jun 2008), “HALLUXWATER: ANT product data,” http://leaksource.files.wordpress.com/2013/12/nsa-ant-halluxwater.jpg.

American-made equipment sold in China:
Jeremy Hsu (26 Mar 2014), “U.S. suspicions of China’s Huawei based partly on NSA’s
own spy tricks,”
IEEE Spectrum
, http://spectrum.ieee.org/tech-talk/computing/hardware/us-suspicions-of-chinas-huawei-based-partly-on-nsas-own-spy-tricks.

international espionage and attack:
In military terms, hacking for espionage is Computer Network Exfiltration—CNE—and
hacking to cause damage is Computer Network Attack—CNA. Alexander Klimburg and Heli
Tirmaa-Klaar (15 Apr 2011), “Cybersecurity and cyberpower: Concepts, conditions and
capabilities for cooperation for action within the EU,” Directorate-General for External
Policies of the Union, http://www.europarl.europa.eu/RegData/etudes/etudes/join/2011/433828/EXPO-SEDE_ET(2011)433828_EN.pdf.
Alexander Klimburg (2 Sep 2014), “Shades of cyber grey: Espionage and attack in cyberspace,”
Fletcher Forum of World Affairs
, http://www.fletcherforum.org/2014/09/02/klimburg.

Modern cyberespionage is a form of cyberattack:
It is not, however, “cyberwar.” That term has been way overused in political discourse.
For a good antidote, try this book. Thomas Rid (2013),
Cyber War Will Not Take Place
, Oxford University Press, http://thomasrid.org/no-cyber-war.

nationwide Internet blackout:
James Bamford (13 Aug 2014), “Edward Snowden: The untold story,”
Wired
, http://www.wired.com/2014/08/edward-snowden.

30 countries have cyberwar divisions:
Even more have cyberwar capabilities. George Mason University School of Public Policy
(Feb 2014), “Cyber security export markets 2014,” Virginia Economic Development Partnership,
http://exportvirginia.org/wp-content/uploads/2014/02/Report-on-Cyber-Security-Preface.pdf

Estonia was the victim:
Joshua Davis (21 Aug 2007), “Hackers take down the most wired country in Europe,”
Wired
, https://web.archive.org/web/20071019223411/http://www.wired.com/politics/security/magazine/15-09/ff_estonia.

ex-Soviet republic of Georgia:
John Markoff (13 Aug 2008), “Before the gunfire, cyberattacks,”
New York Times
http://www.nytimes.com/2008/08/13/technology/13cyber.html.

South Korea was the victim:
Matthew Weaver (8 Jul 2009), “Cyberattackers target South Korea and US,”
Guardian
, http://www.theguardian.com/world/2009/jul/08/south-korea-cyber-attack.

a pro-Kremlin youth group:
Charles Clover (11 Mar 2009), “Kremlin-backed group behind Estonia cyber blitz,”
Financial Times
, http://www.ft.com/cms/s/0/57536d5a-0ddc-11de-8ea3-
000
0779fd2ac.html.

the only person convicted:
Computer Weekly (13 Mar 2009), “Kids responsible for Estonia attack,”
Computer Weekly
, http://www.computerweekly.com/news/2240088733/Kids-responsible-for-Estonia-attack.

Stuxnet is the first military-grade:
David Kushner (26 Feb 2013), “The real story of Stuxnet,”
IEEE Spectrum
, http://spectrum.ieee.org/telecom/security/the-real-story-of-stuxnet. Kim Zetter
(2014),
Countdown to Zero Day: Stuxnet and the Launch of the
World’s First Digital Weapon,
Crown Publishers, http://books.google.com/books/?id=iBTpnQEACAAJ.

It was launched in 2009:
William J. Broad, John Markoff, and David E. Sanger (15 Jan 2011), “Israeli test
on worm called crucial in Iran nuclear delay,”
New York Times
, http://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html.

2012 attack against Saudi Aramco:
Nicole Perlroth (23 Oct 2012), “In cyberattack on Saudi firm, U.S. sees Iran firing
back,”
New York Times
, http://www.nytimes.com/2012/10/24/business/global/cyberattack-on-saudi-oil-firm-disquiets-us.html.
Reuters (9 Dec 2012), “Aramco says cyberattack was aimed at production,”
New York Times
, http://www.nytimes.com/2012/12/10/business/global/saudi-aramco-says-hackers-took-aim-at-its-production.html.

it makes sense to share data:
Derek S. Reveron (Summer 2008), “Counterterrorism and intelligence cooperation,”
Journal of Global Change and Governance
1, http://www.globalaffairsjournal.com/archive/Summer08/REVERON.pdf.

It makes the best sense to join:
Ross Anderson (23–24 Jun 2014), “Privacy versus government surveillance: Where network
effects meet public choice,” 13th Annual Workshop on the Economics of Information
Security, Pennsylvania State University, http://weis2014.econinfosec.org/papers/Anderson-WEIS2014.pdf.

the Five Eyes:
Nick Perry and Paisley Dodds (16 Jul 2013), “5-nation spy alliance too vital for
leaks to harm,” Associated Press, http://bigstory.ap.org/article/experts-say-us-spy-alliance-will-survive-snowden.

the Nine Eyes:
Henrik Moltke and Sebastian Gjerding (4 Nov 2013), “Denmark part of NSA inner circle,”
Information
, http://www.information.dk/477405.

the Fourteen Eyes:
Der Spiegel (22 Jul 2013), “‘Key partners’: Secret links between Germany and the
NSA,”
Der Spiegel
, http://www.spiegel.de/international/world/german-intelligence-worked-closely-with-nsa-on-data-surveillance-a-912355html.
Hubert Gude et al. (18 Jun 2014), “Spying together: Germany’s deep cooperation with
the NSA,”
Der Spiegel
, http://www.spiegel.de/international/germany/the-german-bnd-and-american-nsa-cooperate-more-closely-than-thought-a-975445.html.

Belgium, Italy, Spain, and Sweden:
Ewen MacAskill and James Ball (2 Nov 2013), “Portrait of the NSA: No detail too small
in quest for total surveillance,”
Guardian
, http://www.theguardian.com/world/2013/nov/02/nsa-portrait-total-surveillance.

the US partners with countries:
Jay Solomon and Siobhan Gorman (21 May 2009), “Pakistan, India and U.S. begin sharing
intelligence,”
Wall Street Journal
, http://online.wsj.com/news/articles/SB124287405244442187.

regimes like Saudi Arabia’s:
Ellen Knickmeyer and Siobhan Gorman (9 May 2012), “Behind foiled jet plot, stronger
Saudi ties,”
Wall Street Journal
, http://online.wsj.com/news/articles/SB1
000
1424052702304543904577394373945627482. Glenn Greenwald and Murtaza Hussain (25 Jul
2014), “The NSA’s new partner in spying: Saudi Arabia’s brutal state police,”
Intercept,
https://firstlook.org/theintercept/2014/07/25/nsas-new-partner-spying-saudi-arabias-brutal-state-police.

this gives the NSA access:
Edward Snowden (7 Mar 2014), “Statement to the European Parliament,” European Parliament,
http://www.europarl.europa.eu/document/activities/cont/201403/20140307ATT80674/20140307ATT80674EN.pdf.

the NSA spies on the Turkish government:
Andy Müller-Maguhn et al. (31 Aug 2014), “A two-faced friendship: Turkey is ‘partner
and target’ for the NSA,”
Der Spiegel
,
http://www.spiegel.de/international/documents-show-nsa-and-gchq-spied-on-partner-turkey-a-989011.html.
Laura Poitras et al. (31 Aug 2014), “How the NSA helped Turkey kill Kurdish rebels,”
Intercept
, https://firstlook.org/theintercept/2014/08/31/nsaturkeyspiegel.

NSA spies on the government of . . . Germany:
David E. Sanger (1 May 2014), “U.S. and Germany fail to reach a deal on spying,”
New York Times
, http://www.nytimes.com/2014/05/02/world/europe/us-and-germany-fail-to-reach-a-deal-on-spying.html.
Mark Landler (2 May 2014), “Merkel signals that tension persists over U.S. spying,”
New York Times
, http://www.nytimes.com/2014/05/03/world/europe/merkel-says-gaps-with-us-over-surveillance-remain.html.
Andy Müller-Maguhn et al. (14 Sep 2014), “Treasure map: The NSA breach of Telekom
and other German firms,”
Der Spiegel
, http://www.spiegel.de/international/world/snowden-documents-indicate-nsa-has-breached-deutsche-telekom-a-991503.html.

we spy on all of our partners:
Many people believe that the US and the UK spy on each other’s citizens as a way
of getting around their own domestic laws. It’s legal as long as they can convince
themselves that it’s “inadvertent.”

when the NSA touts its:
Justin Elliott and Theodoric Meyer (23 Oct 2013), “Claim on ‘attacks thwarted’ by
NSA spreads despite lack of evidence,”
Pro Publica
, http://www.propublica.org/article/claim-on-attacks-thwarted-by-nsa-spreads-despite-lack-of-evidence.

The NSA gives Israel’s:
Glenn Greenwald, Laura Poitras, and Ewen MacAskill (11 Sep 2013), “NSA shares raw
intelligence including Americans’ data with Israel,”
Guard
ian
, http://www.theguardian.com/world/2013/sep/11/nsa-americans-personal-data-israel-documents.

Even historical enemies:
Political considerations still matter. China has a serious problem with Uighur terrorists,
and would certainly welcome US help in dealing with the threat. The US won’t help,
of course, because continuing Uighur terrorism will help weaken China. Chien-peng
Chung (2002), “China’s ‘war on terror’: September 11 and Uighur separatism,”
Foreign Affairs
, http://www.foreignaffairs.com/articles/58030/chien-peng-chung/chinas-war-on-terror-september-11-and-uighur-separatism.
Elizabeth van Wie Davis (Jan 2008), “Uyghur Muslim ethnic separatism in Xinjiang,
China,” Asia-Pacific Center for Security Studies, http://www.apcss.org/college/publications/uyghur-muslim-ethnic-separatism-in-xinjiang-china.

After 9/11, Russia rebranded:
John Laughland (8 Sep 2004), “The Chechens’ American friends,”
Guardian
, http://www.theguardian.com/world/2004/sep/08/usa.russia. Simon Shuster (19 Sep 2011),
“How the war on terrorism did Russia a favor,”
Time
, http://content.time.com/time/world/article/0,8599,2093529,00.html. James Gordon
Meek (19 Feb 2014), “The secret battles between US forces and Chechen terrorists,”
ABC News
, http://abcnews.go.com/Blotter/secret-battles-us-forces-chechen-terrorists/story?id=22580688.

In 2011, Russia warned the US:
Tom Winter (25 Mar 2014), “Russia warned U.S. about Tsarnaev, but spelling issue
let him escape,”
NBC News
, http://www.nbcnews.com/storyline/boston-bombing-anniversary/russia-warned-u-s-about-tsarnaev-spelling-issue-let-him-n60836.

We returned the favor:
Laura Smith-Spart and Nick Paton Walsh (4 Feb 2014), “United States reveals ‘specific’
threats to Olympic Games,” CNN, http://www.cnn.com/2014/02/04/world/europe/russia-sochi-winter-olympics.

6: CONSOLIDATION OF INSTITUTIONAL CONTROL

more an alliance of interests:
Communications professor Robert M. McChesney called the symbiotic relationship between
big data and big government “a marriage made in heaven, with dire implications for
liberty and democracy.” Robert M. McChesney (2013),
Digital Disconnect: How Capitalism Is Turning the Internet against Democracy
, New Press, p. 21, http://books.google.com/books/?id=j_7EkTI8kVQC.

the NSA gets direct access:
We knew this even before Edward Snowden, from the previous NSA whistleblower Mark
Klein. Mark Klein (8 Jun 2006), “Declaration of Mark Klein,”
Hepting, et al., v. AT&T, et al.
, United States District Court, Northern District of California (No. C-06-0672-VRW),
https://www.eff.org/files/filenode/att/Mark%20Klein%20Unredacted%20Decl-Including%20Exhibits.pdf.
Ellen Nakashima (7 Nov 2007), “A story of surveillance,”
Washington Post
, http://www.washingtonpost.com/wp-dyn/content/article/2007/11/07/AR20071107
000
06.html.

GCHQ pays telcos:
James Ball, Luke Harding, and Juliette Garside (2 Aug 2013), “BT and Vodafone among
telecoms companies passing details to GCHQ,”
Guardian
, http://www.theguardian.com/business/2013/aug/02/telecoms-bt-vodafone-cables-gchq.

Vodafone gives:
Vodafone (2014), “Law enforcement disclosure report,” http://www.vodafone.com/content/sustainabilityreport/2014/index/operating_responsibly/privacy_and_security/law_enforcement.html.
Peter Svensson (9 Jun 2014), “Vodafone report sparks global surveillance debate,”
Associated Press, http://bigstory.ap.org/article/cellphone-operator-wades-surveillance-debate.
Juliette Garside (5 Jun 2014), “Vodafone reveals existence of secret wires that allow
state surveillance,”
Guardian
, http://www.theguardian.com/business/2014/jun/06/vodafone-reveals-secret-wires-allowing-state-surveillance.

Other books

If I Return by Bennett, Sawyer, The 12 NA's of Christmas
Stonewiser by Dora Machado
The Northern Approach by Jim Galford
The Last Chance by Darrien Lee
The Lucifer Deck by Lisa Smedman
Let It Snow... by Leslie Kelly, Jennifer Labrecque
Truly, Madly by Heather Webber
The Glory of Green by Judy Christie
Naughty Rendezvous by Lexie Davis