David Sanger: "The Perfect Weapon" (2018)

During the "fake news" crisis that started with Donald Trump and Brexit in 2016, it has also become clear that cyberwarfare is not only about cyberterrorism and cyberespionage but also about cyberpropaganda. Hitler, Mussolini and Stalin were masters of information warfare before they were masters of military warfare. The difference of course is that software can propagate by itself, and very quickly.

The first major "doctrine" that includes cyberwarfare is credited to Russian general Valery Gerasimov, who wrote an article in 2013 in a Russian magazine about hybrid warfare, which should include cyberwarfare.

The first major case of cyber-espionage was "Moonlight Maze" in 1998: Russian hackers stole countless documents from US military bases. Later the Chinese stole the plans of the F-35 fighter jet from Lockheed Martin, a fact that Lockheed realized only in 2007 (and those plans were probably used to design China's J-20 fighter jet).

Russia became using "cyberweapons" (not just cyber-espionage) when Putin started targeting the former Soviet republics: there was a massive cyberattack on Estonia in April 2007 and in August 2008, during the Russian invasion of Georgia, Georgia suffered a similar massive cyberattack. In October 2008 the NSA (National Security Agency) discovered that Russian software had infiltrated the Pentagon itself (using an incredibly simple system: leaving infected USB drives around until a Pentagon employee picked one up and plugged it into a Pentagon laptop). In December 2009 Google realized that China had infiltrated its computers ("Operation Aurora").

Far from being simply a victim, in 2005 the USA (in collaboration with Israel) engineered one of the most spectacular cyber-attacks: Stuxnet (aka "Operation Olympic Games"), a software that sabotaged the Iran's nuclear facilities until mid 2010.

In 2011 Iran responded to Stuxnet by targeting at least 46 major financial institutions in the USA and the Bowman Avenue Dam. In 2012 Iran unleashed the "Shamoon" malware on Saudi Arabia's oil giant Saudi Aramco. In 2013 the attacker was a contractor working at the NSA, Edward Snowden, who used software to steal thousands of confidential documents. Some of those documents, published in 2014 by the New York Times and Der Spiegel, showed that the NSA had infiltrated Chinese companies, including the headquarters of Chinese telecommunications giant Huawei.

North Korea rose to prominence in the world of cyberwarfare in March 2013 when its hackers successfully attacked South Korea's organizations. In November 2014 a group called "Guardians of Peace" hacked Sony and demanded the deletion of a satirical comedy about North Korea's dictator Jong-un Kim. The USA eventually blamed North Korea but the case remains open as many cyber-experts suspect it was an "inside job" by a Sony employee. North Korea's biggest success stories were the theft of millions of dollars from Bangladesh's Central Bank (2016) and the theft in South Korea of US plans to decapitate the North Korean regime (2017).

Russia set up Glavset (Internet Research Agency) in 2013 in St Petersburg to carry out cyberwarfare. Russia's campaign against Ukraine, following the invasion and annexation of Crimea in 2014, started in earnest with a cyberattack on Ukraine's power grid in December 2015 which left 230,000 Ukrainian families in the dark for several hours. But Russia had already attacked Ukraine with a massive misinformation campaign. That was the prelude to Glavset's operations in the USA itself: in 2015 Glavset began working on influencing the US presidential elections. At the same time another Russian agency, GRU (the Russian CIA), was working in the same space and in March 2016 its hackers successfully embarrassed the Hillary Clinton campaign by publishing confidential emails. The two agencies continued to work to make sure that Donald Trump (a crook somehow affiliated with Putin) would become president (in November 2016 Trump ended up losing the election by three million votes but becoming president on a technicality).

Again, the USA was not just a victim. In February 2015 Kaspersky Lab (a Russian firm) published a detailed report about the "Equation Group", widely considered being NSA agents, and about the technology that led to Stuxnet. And in August 2016 a group known as the Shadow Brokers posted on the Internet malware produced by the NSA. One of these NSA malware tools was Eternal Blue, which hackers (possibly from North Korea) used in April 2017 to attack computers around the world, notably in Britain and Russia (computers that had not installed the patch to protect from Eternal Blue). On May 12, 2017, the worldwide WannaCry ransomware used this exploit to attack unpatched computers. Then another NSA contractor, Harold Martin, stole a huge trove of data before he was arrested in October 2016 (whether he was a member of the Shadow Brokers or not is still unknown). In 2016 North Korea's Musudan missile tests kept failing because of a successful US cyber-operation.

Meanwhile, Trump was helping Russia get away with the interference in US elections. Trump did absolutely nothing to prevent further Russian attacks on the USA. In fact, he fired one after the other all the officials who pressured him to protect the USA from Russian cyberattacks (and even from North Korean cyberattacks).

Sanger's book came out in 2018, just before a former Cambridge Analytica employee, Christopher Wylie, revealed that Cambridge Analytica, using a software developed by Aleksandr Kogan at Cambridge University, had stolen the private information of millions of Facebook users and used it to manipulate political elections. That was the equivalent of a cyberweapon used within a civil war.

Then there's been an expansion of cybercrime, but also of cyberpolice: in 2018 Ukraine arrested Gennady Kapkanov, who set up the "Avalanche" network used by more than 200 cybercriminals around the world, and in 2019 Georgia arrested Alexander Konovolov, the ringleader of the GozNym cyber-crime gang which stole millions from banks.

Perhaps even more disturbing was the fact that in 2020 a Florida teenager, Graham Ivan Clark, masterminded a massive Twitter hack against some of the world's richest and most influential people and companies. For fun.

International cyberwarfare has only increased since then: in 2019 Iran's banks were attacked and information about 15 million accounts was stolen and published online and the New York Times revealed an extensive program by the USA to attack the Russian power grid with malware; in 2020 Russian hackers breached multiple US government agencies (the "SolarWind" hack); in 2021 Microsoft accused China of a state-sponsored cyber-attack on Microsoft Exchange servers worldwide, Russian hackers "DarkSide" disrupted a major fuel pipeline of the USA (the Colonial Pipeline), and Russian hackers "REvil" unleashed a ransomware attack on the software firm Kaseya.

Unfortunately, Sanger is not a computer scientist and therefore says very little about the specific technologies that can be used to wage cyberwarfare, in particular about artificial intelligence. It is a pity that such a powerful book omits any technical discussion of the weapons it talks about.

P.S.