“The truth is that the cyber-universe is complex well beyond anyone’s understanding and exhibits behavior that no one predicted, and sometimes can’t even be explained well,” concluded JASON, an independent advisory group of the nation’s top scientists, in a November 2010 report to the Pentagon. “Our current security approaches have had limited success and have become an arms race with our adversaries.”
To picture the scale of cyberspace and the scope of the cybersecurity problem, think of the flow of electronic data around the world as filaments of light. Those virtual threads form a vast, brilliant cocoon around the globe.
The electronic impulses that carry the data move at lightning speed. A round-trip between Washington and Beijing online typically occurs in less time than it takes for a major leaguer’s fastball to cross home plate. Blink, and you miss it.
It almost doesn’t matter where hackers work. In the physics governing cyberspace, hackers, terrorists and cyberwarriors can operate virtually next door to regular people browsing the World Wide Web or sending e-mails or phone texts.
Charlie Miller works in suburban St. Louis, in a room that has a small desk, a laptop, a large monitor and power cords that snake across the floor. A wooden bookshelf holds technical manuals alongside his kids’ plastic toys and stuffed animals.
The main clue about what he does for a living is a wall poster for the movie “Hackers.” “Their Crime Is Curiosity,” it says.
The 39-year-old Miller is regarded by some as among the best hackers in the world, but he does not fit the stereotype of an alienated outsider. For starters, he is one of the good guys, a white-hat hacker. He is a security consultant, and he hunts zero days as a hobby. A father of two, trim and balding, he is deceptively modest about his special talents. But his résuméentry about his NSA experience speaks volumes:
“Performed computer network scanning and reconnaissance. Identified weaknesses and vulnerabilities in computer networks. Executed numerous computer network exploitations against foreign targets.”
Apple would not be happy about his plan to attack the iPhone. Like other technology companies, Apple does not want questions about security to taint its products. The company has a well-deserved reputation for developing strong software systems. (Apple officials declined to comment for this article.)
But Miller wasn’t being malicious. He wanted to have fun, prove that it could be done and let the attack serve as a warning about the insecurity of the networked world.