Home » The U.S. now likens cyberattacks to terrorism. Here’s what that could mean

The U.S. now likens cyberattacks to terrorism. Here’s what that could mean

First came a ransomware attack that caused fuel shortages and lines at U.S. gas stations, as seen here in North Carolina last month. Then came attacks on meat processing operations. (Jonathan Drake/Reuters)

The director of the FBI compares this moment to 9/11: A time of reckoning about a threat that’s increasingly proven its ability to destabilize society.

He’s referring to cyberattacks.

Recent digital ransom attacks have accelerated an acknowledgment in Washington that the current trajectory is untenable.

That’s after meat plants were shuttered temporarily including in Canada this week; after cars lined up at empty U.S. gas stations when a major pipeline was hacked.

A hacker recently tampered with chemical levels at a water-treatment plant in Florida. Nuclear and other power facilities, voting systems, political parties, hospitals and governments have all been compromised.

“This is our new normal,” said Nicole Perlroth, a cybersecurity reporter at The New York Times and author of a new book on the history of cyberattacks.

Unless governments start taking the threat more seriously, she said in an interview: “This is only going to keep happening.”

The issue appears on the U.S. political agenda now.

U.S. lawmakers next week will grill the CEO of Colonial Pipeline, the company at the centre of a recent cyber attack, at two separate hearings in the House and Senate. The Justice Department has labelled the threat as on par with terrorism.

U.S. President Joe Biden intends to raise hacking in his first meeting with Russian President Vladimir Putin later this mont

The Biden administration is also reportedly mulling cyberattacks of its own against Russians, enraged at ransomware attacks from that country.

Yet Americans must weigh such attack plans against the reality that in a tit-for-tat exchange, their highly connected nation is as exposed as any on Earth and filled with potential targets for reprisal.

Meanwhile international talks are inching along at the United Nations toward a so-called digital Geneva Convention — a global pact on what cybercrimes must be off-limits.

That effort remains a long way off and h are wary of the Russian-led initiative, fearing authoritarian governments might use it to crack down on political dissent.

Perlroth’s new book, This Is How They Tell Me The World Ends, explores two key questions: How did we get here? And where do we go next?






How a market was born

It begins with programmers in the 1990s who hacked as a hobby, probing software for security flaws and trying to alert companies.

They were treated as a nuisance or worse by companies like Microsoft that resented their products being picked apart.

John Watters bought a cash-strapped tech company and began paying hackers for what they discovered in the early2000s, then published their findings in security reports he sold to corporate clients.

A market was born.

It involved a brand new commodity, the discovery and sale of so-called zero-days — software flaws that allow intruders to inflict damage with zero warning.

Intelligence agencies came calling. Perlroth writes that deep-pocketed buyers affiliated with the U.S. government transformed the market.

Zero-days Watters once bought for $400 were suddenly going for $150,000 to U.S. government contractors; employees at the National Security Agency were quitting government jobs and doubling their annual salary by selling just one hack

17 days ago

Organizations hit by a ransomware attack face a plethora of encrypted data and a hefty price tag to retrieve it. And many find that whether they pay the ransom or not, the attacks are extremely costly. 2:09

The power of military cyberweapons came to public light in a 2010 attack on an Iranian uranium plant that slowed Iran’s nuclear program.

Foreign states and criminal gangs awoke to the possibilities of stockpiling zero-days. Unknown buyers were now offering hackers multimillion-dollar paydays.

‘This would only end badly’

Perlroth’s book describes a hacking conference in Vancouver a decade ago where one NSA veteran scanned a room filled with attendees from all over the world and shook his head, realizing that the United States was about to lose control of weapons it helped create.

“This, the man told himself, would only end badly,” she writes.

Catastrophe struck a few years later, in the aftermath of the public revelations by Edward Snowden of the NSA’s programs.

Suspected Russian hackers dumped online the NSA’s stockpile of zero-days, which have since been used around the world in countless criminal attacks.

The 2017 WannaCry attack, for example, using the NSA’s tools knocked hundreds of thousands of computers offline.

Criminals demanded ransom payments and disrupted hospitals in Britain, numerous government offices and companies in 150 countries, in sectors including automobiles, rail, and package-delivery.

Zaraki Kenpachi