Gordon Goldstein is the author of “Lessons in Disaster: McGeorge Bundy and the Path to War in Vietnam.”
By Shane Harris
Houghton Mifflin Harcourt.
263 pp. $27
North Korea’s alleged hack attack against the Sony Corporation is a spectacular escalation in the conduct of global cyberwarfare. As Shane Harris says in his timely new work of contemporary history, “@War,” the momentum for a cyber confrontation has been growing inexorably in recent years. The United States and its adversaries have been assiduously building their cyber-arsenals for the past decade and today can engage in a range of operations across the spectrum of spying, surveillance and sabotage, as well as in offensive and defensive military action. In 2013, according to Harris, U.S. Cyber Command consisted of 900 people; the Defense Department plans to grow that cyber-force to 6,000 by the end of 2016. As Harris notes, “The Internet has become a battlefield.”
The book’s title and thematic ambition come from President Dwight Eisenhower’s dramatic warning, as he left office in 1961, that the United States was threatened by a dangerous matrix of power, a “military-industrial complex” that could swallow American society. Harris writes that today a similar risk exists in the convergence of the aggressive capabilities and programs of the National Security Agency and the gigantic data warehouse controlled by America’s Internet giants. A portion of those government surveillance programs facilitated by the U.S. technology industry was exposed in 2013 by former NSA contractor Edward Snowden. “In its zeal to protect cyberspace,” Harris argues, “the government, in partnership with corporations, is making it more vulnerable.”
Aspects of this narrative are familiar. In the aftermath of the 9/11 terrorist attacks, a 24-hour-a-day data-collection operation was established in the Signals Intelligence Directorate of the NSA. It was code-named Stellar Wind. Over time the NSA enlisted the major players in the U.S. technology and Internet industries — Microsoft, Google, Facebook, YouTube, Apple, Yahoo and others — to facilitate a new surveillance system called Prism, which collected e-mail and Internet communications from hundreds of millions of users. In addition to the cooperation that the NSA extracted consensually, Harris recounts, it initiated a program of covert surveillance, tapping into the undersea cables of Google and Yahoo, “stealing communications as they traveled between the companies’ overseas private data centers and the public Internet.” American cyber-programs are ambitious in their scope. According to classified intelligence documents leaked by Snowden, the Tailored Access Operations office of the NSA has implanted spying devices in at least 85,000 computer systems in 89 countries.
Cyber-operations were refined and advanced in the Iraq war, where signals intelligence officers such as Bob Stasio brought digital innovation to the battlefield. A devoted fan of the HBO series “The Wire,” Stasio was “particularly fond of one character, Lester, who uncovers a network of drug dealers in Baltimore by tracking their cell phone calls,” Harris reports. “Stasio wanted to do the same thing in Iraq.” With access to the telecommunications networks running in and out of the country, he and a team of technical experts were able to hack into the full array of insurgent communications, infecting computers with spyware that allowed the Americans “to track every word their enemy typed, every website visited, every e-mail sent. And they could capture all the passwords the enemy used for logging in to web forums where fighters panned attacks.” The operation penetrated al-Qaeda’s intranet for command and control, which the Americans called Obelisk. “And once inside,” Harris writes, “NSA hackers implanted malicious software in Jihadi forums, tricking readers to click on links that installed spyware on their computers.”
Harris traces the dawn of modern cyber-espionage to 2006, when the Chinese military mounted an audacious operation to systematically hack defense contractors entrusted with the $337 billion development program of the F-35 Joint Strike Fighter aircraft. Chinese hackers siphoned off several terabytes of information about the aircraft’s operating system and offensive and defensive capabilities. The security breach marked an epochal moment in the history of intelligence operations, Harris observes. “In another era, running a human spy inside an American corporation and planting a listening device would have counted as a heroic feat of espionage. Now one just had to infect a computer with a malicious software program or intercept a communication over the Internet and listen in from the other side of the world.”
Harris provides a chilling portrait of China’s cyber-espionage and hacking operations, which Gen. Keith Alexander, the first leader of U.S. Cyber Command and a former director of the NSA, has characterized as having facilitated “the greatest transfer of wealth in history.” The vibrant hacker community in China today works in loose coordination with the People’s Liberation Army and is united by nationalistic pride, a belief in the legitimacy of economic espionage and relentlessly applied technological skill. The most notorious Chinese hacker program, known as Unit 61398, is based outside Shanghai and operates from a 12-story, 130,000-square-foot building capable of holding 2,000 people. Unit 61398 has broken into the computer systems of at least 150 target institutions, including the New York Times, the Wall Street Journal and The Washington Post, according to the cybersecurity consulting firm Mandiant. The United States will be outnumbered in this contest with China for years to come. “If the Chinese military stopped growing its cyber forces today,” Harris notes, “it would still be at least five times larger than the Americans’.”
The author’s reporting appears to be assiduous and methodical, relying on what he says are more than 1,000 interviews conducted over his years covering the national security and cyber beat as a Washington journalist and think tank expert. While the narrative of “@War” is thoughtful and deliberately developed, its editing is decidedly not. This book is littered with confusing jumps and oscillations in the timeline between 2003, 2012, 2009, 2007 and 2001; and repetitions of facts and details. The reader learns at least twice in different parts of the text that President George W. Bush enjoyed using “the Google” to view satellite images of his Texas ranch, that the decision to wage a cyberwar in Iraq was made in 15 minutes, and that Gen. Keith Alexander, leader of U.S. Cyber Command, eschewed his uniform in favor of blue jeans and a black T-shirt to address a hacker convention in Las Vegas.
While the editing of “@War” is underwhelming, its subject matter is extraordinary and urgent, as Pyongyang’s presumptive cyberattack on a major global corporation demonstrates. America’s national security and commercial technology strategy is today subject to constant and disruptive change. Disparate cyberthreats — from foreign powers, organized criminal interests and anarchic, nonstate actors of growing strength — are accelerating massively, as this fascinating account illustrates. It is unclear, however, whether the formidable intellectual assets of the U.S. foreign policy establishment and America’s preponderant technology industry can coalesce to meet the complex strategic challenge of the moment.