Colin Nagy | December 24, 2020

Why is this interesting? - The Cyber Civics Edition

On hacking, diplomacy, and a new era of espionage

Colin here. With geopolitics, there’s a lot happening underneath the figurative waterline. In the past, when tanks were moved into position on a border or a carrier group was sent to a region to prepare for an invasion, there was a playbook for the media on how to cover the events. But as a lot of conflict is migrating into new digital territories, there’s an entire front that is hidden from the view of the public, and it is also hugely difficult for even experts to parse. Put simply, the geopolitical events that are shaping our world, and the future, are increasingly happening out of sight. 

With cyber activities, foreign actors have a new and highly effective approach that comes without much of the cost or risk associated with other forms of warfare. Instead of competing on who can have the biggest fleet of ships or the most tanks, nations like Russia are able to pursue an “asset-light” approach. It’s no longer a Cold War-style arms race. Now, policy agendas can be affected using digital tools at an unimaginable scale. 

In the realm of espionage, we are conditioned to think of the John Le Carre (RIP) cliches of cat-and-mouse games in far-flung locales complete with surveillance on foot, embassy dinners, and diplomats being expelled in tit-for-tat retributions. Intelligence came in drips mostly from human sources. And in some cases, these small bits of this intelligence could change the course of a country, economy, or even a war. But now, a lot of espionage is happening digitally at a much larger scale, and it has implications for diplomacy and the future of foreign policy. 

One such example, the recent US government hack by Russia, has been mostly explained and covered in abstract terms. People know systems were compromised but they don’t know, in aggregate what it all means. Given the complexity and amount left to learn, this is understandable. But the distance between most people’s understanding of conflict and the reality of what’s happening out there right now is vast. 

There are a few reporters covering these types of hacks and modern-day espionage, and Axios’s Zach Dorfman is one of the best. He reports on the recent hack

What we know: Who was (probably) behind it. Cyber operators likely working for the SVR, a Russian intelligence service, compromised the software of IT contractor SolarWinds to gain access to these government networks — and have been potentially roaming in them since March. The group's history. The same hacking unit, known as APT29 or Cozy Bear, hacked prominent cybersecurity vendor FireEye. Cozy Bear was also behind a major compromise in 2014 and 2015 of Pentagon, White House and State Department email systems. In the FireEye breach, Russian spies stole the tools the U.S. firm’s own hackers used to see if clients’ networks were secure — tools that, in theory, Russia could repurpose for malign hacking. The operators also seemed interested in FireEye’s government clients. The upper limit of the hack's potential reach: Some 18,000 SolarWinds customers — not individuals, institutions — may have been breached in the campaign, said SolarWinds.

Why is this interesting? 

Even for people who are attuned to geopolitics, news like this is hard to parse. So many people were paying attention to potential election hacking, that something like this—an unprecedented hack of the United States government networks—has actually gone under-covered. Spy-versus-spy is far easier to report than something as abstract as data.

You get the sense that most of the major networks and newspapers don’t know how to get their heads around this new reality. Only specialized reporters, like Dorfman, are able to actually explain what is happening. And indeed, as he recently wrote, “The battle over data—who controls it, who secures it, who can steal it, and how it can be used for economic and security objectives—is defining the global conflict between Washington and Beijing.” 

Take the Office of Personnel Management (OPM) hack from a few years ago as an example. While it was a huge breach, it flew under the radar of the general public. And maybe that’s reasonable. But then when you consider it as potentially connected to a much larger series of events that includes 2018’s Marriott hack, the American Airlines hack, and the Sabre hack, then things get a lot more complicated. If you can link names to locations to information showing where a person was at a given time, you get insights that could present a fundamental threat to intelligence personnel, and, as a result, national security. This is the new ballgame. 

As students, we study the forms of government: how bills are passed and the basic principles that we think people need to know to be citizens of a democracy. Perhaps today, there is a need for a new form of “cyber civics.” Meaning the average citizen needs to have a bit more fluency about data, security, and how breaches of information systems can have huge implications for their day-to-day lives, national security, and in many cases, democracy. As one of Dorfman’s sources says, “Just through its cyberattacks alone, the PRC [China] has vacuumed up the personal data of much of the American population, including data on our health, finances, travel and other sensitive information.”

Does this mean people need to be fluent in code or adopt a hacking mindset? No. It just means that there needs to be a baseline level of digital education about data, systems, and how our security and safety are linked to them. What does the inane TikTok video your child shares actually give away? Turns out a lot. And when combined with lots of other forms of data, it starts to get scary. I don’t have the cyber civics solution offhand, but judging by how quickly the worlds of data and cyber espionage are moving, a more educated populace seems necessary. (CJN)

Movie of the day: 

Sadly, my favorite Muppet special ever, A Muppet Family Christmas, is not available on any of the services to buy or stream (this apparently has to do with the music rights). All is not lost, though, as someone has posted the full version on YouTube. The quality isn’t great, but the jokes are all there, including my favorite Muppet joke of all time. (NRB)

Quick Links:

Thanks for reading,

Noah (NRB) & Colin (CJN)

Why is this interesting? is a daily email from Noah Brier & Colin Nagy (and friends!) about interesting things. If you’ve enjoyed this edition, please consider forwarding it to a friend. If you’re reading it for the first time, consider subscribing (it’s free!).

Books & Literature
Gourmet & Fine Foods
Home & Lifestyle
Hospitality & Travel
Media & Entertainment
Office & School Supplies
Other
Specialty Categories
TV Show
Technology & Gadgets
Apparel & Accessories
Apps & Software
Attractions & Museums
Audio & Video
Beauty & Health
Children’s Books
Comics & Graphic Novels
Computing & Mobile
Fiction
Food
Furniture & Decor
Gifts & Special Occasions
Hotels & Inns
Kitchen & Cooking
Limited Editions & Collectibles
Mobility & Transportation
Movies & Films
Music & Albums
Non-Alcoholic Beverages
Non-Fiction
Other Products
Outdoor & Camping Gear
Pens & Writing Instruments
Restaurants, Bars, & Cafes
Smart Home & Security
Stationary
Sustainable & Eco-Friendly
Tools, Hardware, & Supplies
Toys & Games
Video Games
Wearables
Wine & Spirits
© WITI Industries, LLC.