Why is this interesting? - The Cyber Civics Edition
On hacking, diplomacy, and a new era of espionage
Colin here. With geopolitics, there’s a lot happening underneath the figurative waterline. In the past, when tanks were moved into position on a border or a carrier group was sent to a region to prepare for an invasion, there was a playbook for the media on how to cover the events. But as a lot of conflict is migrating into new digital territories, there’s an entire front that is hidden from the view of the public, and it is also hugely difficult for even experts to parse. Put simply, the geopolitical events that are shaping our world, and the future, are increasingly happening out of sight.
With cyber activities, foreign actors have a new and highly effective approach that comes without much of the cost or risk associated with other forms of warfare. Instead of competing on who can have the biggest fleet of ships or the most tanks, nations like Russia are able to pursue an “asset-light” approach. It’s no longer a Cold War-style arms race. Now, policy agendas can be affected using digital tools at an unimaginable scale.
In the realm of espionage, we are conditioned to think of the John Le Carre (RIP) cliches of cat-and-mouse games in far-flung locales complete with surveillance on foot, embassy dinners, and diplomats being expelled in tit-for-tat retributions. Intelligence came in drips mostly from human sources. And in some cases, these small bits of this intelligence could change the course of a country, economy, or even a war. But now, a lot of espionage is happening digitally at a much larger scale, and it has implications for diplomacy and the future of foreign policy.
One such example, the recent US government hack by Russia, has been mostly explained and covered in abstract terms. People know systems were compromised but they don’t know, in aggregate what it all means. Given the complexity and amount left to learn, this is understandable. But the distance between most people’s understanding of conflict and the reality of what’s happening out there right now is vast.
There are a few reporters covering these types of hacks and modern-day espionage, and Axios’s Zach Dorfman is one of the best. He reports on the recent hack:
What we know: Who was (probably) behind it. Cyber operators likely working for the SVR, a Russian intelligence service, compromised the software of IT contractor SolarWinds to gain access to these government networks — and have been potentially roaming in them since March. The group's history. The same hacking unit, known as APT29 or Cozy Bear, hacked prominent cybersecurity vendor FireEye. Cozy Bear was also behind a major compromise in 2014 and 2015 of Pentagon, White House and State Department email systems. In the FireEye breach, Russian spies stole the tools the U.S. firm’s own hackers used to see if clients’ networks were secure — tools that, in theory, Russia could repurpose for malign hacking. The operators also seemed interested in FireEye’s government clients. The upper limit of the hack's potential reach: Some 18,000 SolarWinds customers — not individuals, institutions — may have been breached in the campaign, said SolarWinds.
Why is this interesting?
Even for people who are attuned to geopolitics, news like this is hard to parse. So many people were paying attention to potential election hacking, that something like this—an unprecedented hack of the United States government networks—has actually gone under-covered. Spy-versus-spy is far easier to report than something as abstract as data.
You get the sense that most of the major networks and newspapers don’t know how to get their heads around this new reality. Only specialized reporters, like Dorfman, are able to actually explain what is happening. And indeed, as he recently wrote, “The battle over data—who controls it, who secures it, who can steal it, and how it can be used for economic and security objectives—is defining the global conflict between Washington and Beijing.”
Take the Office of Personnel Management (OPM) hack from a few years ago as an example. While it was a huge breach, it flew under the radar of the general public. And maybe that’s reasonable. But then when you consider it as potentially connected to a much larger series of events that includes 2018’s Marriott hack, the American Airlines hack, and the Sabre hack, then things get a lot more complicated. If you can link names to locations to information showing where a person was at a given time, you get insights that could present a fundamental threat to intelligence personnel, and, as a result, national security. This is the new ballgame.
As students, we study the forms of government: how bills are passed and the basic principles that we think people need to know to be citizens of a democracy. Perhaps today, there is a need for a new form of “cyber civics.” Meaning the average citizen needs to have a bit more fluency about data, security, and how breaches of information systems can have huge implications for their day-to-day lives, national security, and in many cases, democracy. As one of Dorfman’s sources says, “Just through its cyberattacks alone, the PRC [China] has vacuumed up the personal data of much of the American population, including data on our health, finances, travel and other sensitive information.”
Does this mean people need to be fluent in code or adopt a hacking mindset? No. It just means that there needs to be a baseline level of digital education about data, systems, and how our security and safety are linked to them. What does the inane TikTok video your child shares actually give away? Turns out a lot. And when combined with lots of other forms of data, it starts to get scary. I don’t have the cyber civics solution offhand, but judging by how quickly the worlds of data and cyber espionage are moving, a more educated populace seems necessary. (CJN)
Movie of the day:
Sadly, my favorite Muppet special ever, A Muppet Family Christmas, is not available on any of the services to buy or stream (this apparently has to do with the music rights). All is not lost, though, as someone has posted the full version on YouTube. The quality isn’t great, but the jokes are all there, including my favorite Muppet joke of all time. (NRB)
Quick Links:
This came up in WITI Slack the other day and it’s a fun/nerdy topic: A guide to entity relationship diagrams (NRB)
The first WITI podcast is now up. Check it out. We did a deep dive on the hazing topic, with Noah, Chris E., and myself. Enjoy. It is raw and unproduced, but we will improve them over time. (CJN)
Per yesterday’s Hazing Edition: What a Fraternity Hazing Death Revealed About the Painful Search for an Asian-American Identity (NRB)
Thanks for reading,
Noah (NRB) & Colin (CJN)
—
Why is this interesting? is a daily email from Noah Brier & Colin Nagy (and friends!) about interesting things. If you’ve enjoyed this edition, please consider forwarding it to a friend. If you’re reading it for the first time, consider subscribing (it’s free!).