War in the Fifth Domain E-Book

◊

The New Era of Cyber Attacks

The logic of a cyber attack, or a series of them, becoming a cyber pandemic has to do with its spread, magnitude and duration. The scenarios that arise involve massive attacks at all levels: security, health, transport, commerce, finance, energy, data storage, communications and so on. But the fact that there is talk of a “pandemic” has to do with using a fear that is still fresh. Since in the cyber world the analogy of viruses and infections is used to account for malicious software (malware), it is clever to replicate the idea of a pandemic as a generalized evil, a widespread crisis from which only by isolating ourselves (staying at home or unplugging all our devices), maybe we can get out.

The idea used to support this narrative is the following: we are increasingly dependent on connectivity, we are increasingly vulnerable and exposed, we are beginning to see hacks of significant proportions, we have to prepare for a scenario of potential cyber pandemic. The video that the World Economic Forum released in January 2021 stated: “The Covid-19 pandemic has shaken our economies and societies to the core, and has shown us how vulnerable we are to biological threats. In the digital world, similar risks are being overlooked right now. A cyberattack with COVID-like characteristics would spread faster and further than any biological virus. Its reproductive rate would be around 10 times greater than what we´ve experienced with the coronavirus. One of the fastest worms in history, the 2003 Slammer/Sapphire worm, doubled in size approximately every 8.5 seconds, infecting over 75.000 devices in 10 minutes and almost 11 million devices in 24 hours. Fortunately – at least until now – cyber attacks have not impacted our health the way the pandemics have. But the economic damages, and therefore the impact they have in our daily lives have been equal and sometimes even greater. The only way to stop the exponential propagation of a COVID-like cyber threat is to fully disconnect the millions of vulnerable devices from one another and from the Internet. All of this in matter of days. A single day without the internet would cost our economies more than 50 billion US dollars and that is before considering economic and social damages should these devices be linked to essential services, such as transports or healthcare. As the digital realm increasingly merges with our physical worlds, the ripple effects of cyber attacks on our safety just keep on expanding and at a faster pace than what we are preparing for. Covid-19 was known as an anticipated risk, so is the digital equivalent. Let´s be better prepared for that one. The time is now.”

The use of the word “pandemic” and the comparison between the spread of a biological virus and the spread of computer viruses is very clever on the part of those who are presenting the issue. We have lived through the coronavirus pandemic: shattered economies, fear, confinements, greater control by governments (and also by Internet companies). The digital pandemic, say those who are alerting us of its arrival, promises to be similar, but much worse. The speed of the attacks will be such that in a matter of days, all the devices could be disconnected. The only solution will be the Internet Kill Switch, a simultaneous shutdown of millions of devices, of the ability to connect with each other and with the Internet.

What would be at stake with a global digital blackout? It is clear that these power elites do not pose scenarios with innocence: on the one hand, what they simulate ends up happening, and on the other with their activities and reports they impose their own agenda. A “digital pandemic” is something that does not exist and that they are trying to impose as a threat. However, there are similarities to the Covid-19 pandemic that we could outline (which have nothing to do with the virus or the pandemic itself). Faced with external threats, systems failure, loss of information, and everything that would entail the fall of transportation, security, health, finance and supply chain systems, a total blackout will be necessary, and a new start with new security measures. We will be so afraid that we will be willing to give up whatever it is in exchange for this “security” that they themselves are outlining. It would be, then, to alter the security systems at a global level, to implement information control measures (and content blocking, as companies such as Facebook and Google already do, but in the Chinese style in terms of total control). During the Covid-19 pandemic, “disinformation” has caused deaths, such was the message from the White House through different spokespersons, and that was the justification for the “collaboration” between authorized information sources (WHO, CDC, etc.) and the giants of the Internet. “Disinformation” includes every voice that opposes the dominant narrative, every voice that questions, doubts or simply tells another story.

To implement restrictive and control measures, it is necessary a great crisis to justify it, a situation of chaos and fear that gives them the “reasons” for this implementation and at the same time causes the public to receive such measures with relief or pleasure.

•

◊

A Danger Called “Zero-Day”

In February 2021, journalist Nicole Perlroth published the book Thisis how they Tell Me the World Ends: The Cyberweapons Arms Race. The book is the result of a seven-year investigation into the market for buying and selling what is known as “zero-days”. In an epidemic, patient zero is spoken of as the beginning of contagion. In the cyber world, zero-day is a flaw that cannot be repaired, a vulnerability that can potentially be a weapon. What Perlroth alerts is that governments and intelligence agencies have been buying these system “flaws” from hackers and saving them for eventual use. With this, they have generated a zero-day buying and selling market, something no one talks about.

For example, in 2015 the FBI paid a group of hackers a million dollars for a flaw that allowed access to iPhones. That hole in the system would eventually allow them to spy on people in cases of terrorism, pedophilia, espionage, and so on. Then other states offered more money to buy that “zero-day”, which by the time she published the book was already worth 2.5 million. And Perlroth explains something that is key: as long as the government has this “vulnerability” stored and does not give it to Apple so that they can block or repair it, instead of “taking care” of citizens or ensuring their safety, they are putting both citizens and infrastructure at risk. The same happens with Microsoft failures, and all those that governments buy and store. By the way, why doesn’t Bill Gates talk about this, which is ultimately his topic, and only talks about climate change, vaccines and pandemics? This cybernetic arms race, driven by this competition between governments: don’t they generate through this joint work with hackers the very weapons with which they will be attacked? We could say the same about the coronavirus: wasn´t it the gain of function studies what caused (by accidental or deliberate leak) the pandemic?

Perlroth’s book proposes an end of the world in which cyber weapons bring down all systems, throwing the world into a general chaos in which there is no electricity supply, no hospitals, no food. It would no longer be about “backdoors” that work silently to steal information, or about espionage, or about connectivity. The end of the world she describes is that of a cyber arms race that leads to global sabotage: massive attacks that bring systems down and plunge the world into a dark and tragic chaos.

In 2017, a group of hackers entered the zero-days archive of the NSA (National Security Agency), and stole all those weapons that were stored there, to later use them in hacks to trains in Germany, hospitals in England, airlines from India, Chinese universities and the Japanese police among others, in an attack that was called WannaCry. Let us also remember the participation of Russian hackers in the 2016 US presidential elections, and Russian hacks to Ukraine, which may have circumvented them, among other reasons, because it does not have such a high level of digitization.