300 N. Washington St.
Suite B-100
Alexandria, VA 22314

GlobalSecurity.org In the News

San Antonio Express-News July 30, 2016

DNC hack part of a cyber war that’s just begun

By Sig Christenson

A relatively short drive from Sea World, roughly 6,500 military and civilian workers are engaged in a largely unseen though increasingly critical war for secret information stored in government computers.

Last week, the war got less secret, and so a lot hotter.

The hacking of the Democratic National Committee’s computers and subsequent publication of embarassing emails triggered a flurry of analysis from government spy and cyber agencies, which pointed to Russia.

One of them is the National Security Agency, whose director oversees U.S. Cyber Command, which in turn includes the 24th Air Force at Port San Antonio and Army and Navy cybersecurity units in Georgia and Hawaii, respectively. The 25th Air Force is nearby on Joint Base San Antonio-Lackland’s Security Hill, while NSA Texas operates in a sprawling complex off of Potranco Road and West Military Drive.

The idea of a foreign power using its computer hacking resources to try to shape U.S. politics startled most Americans. But that idea has been hovering over modern statecraft and it cuts both ways, observers said.

“The Russians think we do this all the time,” former CIA Director Michael Hayden, said in a phone interview Friday. “The Russians think all those color revolutions in the post-Soviet states - the Orange Revolution, the Rose Revolution - they think we did that. We really didn’t, but they think we did.”

“So I think the Russians are trying to quote-unquote, give us a taste of what they think is our own medicine,” he added. “I think they were simply trying to demonstrate to us they can jerk us around, too, because they believe we’ve been jerking them around. This is more about getting inside our head than it was (that) they wanted Candidate X or Candidate Y to win.”

Hayden, who commanded the 25th Air Force in the late 1990s when it was known as the Air Intelligence Agency, is also a former NSA director. He said the NSA and the two Air Force units here perform different tasks under different legal authorities and different oversight regimes. They have to be well-integrated as they defend and attack computer systems, he added, but declined to elaborate.

“I can’t get into the operational division of labor, but there are divisions of labor and when I say they’re the best in the world — how to put this — having an overwhelming ability to steal other nation’s secrets doesn’t necessarily stop other nations from stealing yours,” Hayden said.

Marcia Klein, a 25th Air Force spokeswoman, said her organization gets tasking orders “from much higher levels in the joint community,” but could not divulge details on operations.

Echoing Hayden, however, John Pike, the founder of the website GlobalSecurity.org, said the larger mission of the 24th and 25th Air Forces involves Uncle Sam playing both offense and defense — “full-spectrum” operations.

That’s especially true of the NSA, which “guards our computers and breaks into other people’s computers,” Pike said. “They write our codes and try to crack the codes of other countries, they listen to phone conversations all over the world, they intercept email all over the world.

“They tap oceanic cables and they monitor other people’s communications satellites. Not a sparrow falls without them noticing. They’re doing some part of it there,” he added, referring to the San Antonio installation. “What part of it, I don’t know.”

All three government organizations are part of a growing military and private-sector IT presence in San Antonio that boasts 34,000 tech specialists around town.

The Express-News has reported that hackers at NSA Texas target Mexico, Cuba, Columbia, Venezuela and the Middle East. It noted the German publication Der Spiegel made public an NSA newsletter from 2006 that described as “all in a day’s work” such jobs as collecting “voice cuts” from an adversary’s phone system, using a terrorist’s email account to plant malware and helping the military locate a terrorist target.

Hayden, who left the NSA to head the CIA three months before the newsletter was published, chuckled after a reporter read the passage.

“That is an accurate, generic description of the kinds of things that the National Security Agency does,” he said. “They get a lot of money every year. You got to expect something from them.”

James Bamford, author of “Body Of Secrets” and other books about the NSA, said the Texas operation employs speakers fluent in Spanish, Arabic and Portugese.

“It's going to continue making news because we're moving into the era of cyberwarfare,” he said of the DNC hack. “It's the wave of the future.”

NSA Texas opened in the old Sony chip plant on the city’s Northwest Side some 11 years ago and has grown ever since. Retired Air Force Col. Chris Cook, a former director of the Air Intelligence Agency, believes NSA Texas has 3,000 to 4,000 workers.

Hackers need only find a single weak spot to crash into computer networks that Hayden and other experts say are so complex they’re difficult, if not quite impossible, to defend. University of Texas at Austin professor Suzanne Barber, director of a center that tries to raise cybersecurity awareness, said hackers tend to use three methods — a “malicious insider” helps them, they obtain a password and break in, or a computer user unwittingly opens the door, allowing malware to enter.

The malware can collect or destroy data.

“It goes on all the time, every day, in lots and lots of different situations,” Barber, author of more than 300 articles on cybersecurity related issues, said, adding that eduction and training are critical to rebuffing hackers.

Richard Butler, a Trinity University professor who has analyzed the impact of cybersecurity on the local economy, said the DNC hack “should be one more reminder to anybody wanting to secure their data that they really have to worry about it.”

How the DNC hack was done isn’t clear. It harkened back to the Watergate burglary in 1972 that led to President Nixon’s resignation two years later, but the controversy underscores how technology has changed. The break-in this time targeted a computer, not a building, and while five arrested burglars were tied to Nixon’s White House, the DNC was clueless about the latest intrusion.

“We make the point there are only two kinds of companies in the United States,” Hayden said. “Those who know they’ve been hacked and those who do not yet know.”

President Obama said the FBI and other agencies were looking into its possible Russian origins, telling NBC Nightly News, “What we do know is is that the Russians hack our systems. Not just government systems, but private systems. But you know, what the motives were in terms of the leaks, all that — I can't say directly. What I do know is that Donald Trump has repeatedly expressed admiration for Vladimir Putin.”

Questions about GOP nominee Trump’s previous ties to Moscow were quickly absorbed into the give and take of national politics. The give and take among spy agencies isn’t public. Hayden suggested the Russians will hear back from Washington. How that happens isn’t certain, but, he said “there are a lot of options” and not all of them are confined to the cyber domain.

Still, cyberspace is an increasingly popular venue for sending unmistakable messages to other countries.

Robert Butler, a former deputy assistant secretary of defense for cyber policy, said Russia conducted weeks of attacks on Estonia’s computer networks in 2007, and did the same thing to Georgia the following year. Malicious Russian cyber activity in the Crimea over recent years preceded Russia’s annexation of the territory from Ukraine — which also saw hackers take down its power grid late last year.

Russia denied involvement in those incidents, as it did this week when accused of the DNC hack.

“Based on those kinds of activities, we see a heightened escalation from what we call simple exploitation to disruptive activity to potentially destructive activity,” said Butler, a retired Air Force colonel living in San Antonio. “You take down a power grid, it’s not only affecting national security but public safety within another nation’s borders..”

The United States or Israel are thought to have been behind Stuxnet, a computer virus deployed to damage Iran’s capacity to build enrich nuclear bomb-making materials. Cook, the Air Intelligence Agency staff director, said both nations may have collaborated on what Wired magazine labeled the world’s first digital weapon, adding, “I don’t know who did it. I’d like to think it was us.”

The question late in the week was whether the Russians had pulled a variation of Stuxnet on the Democratic Party, something designed to undermine Democratic nominee Hillary Clinton’s campaign for the presidency. A bipartisan group of cybersecurity and counterterrorism officials warned that it was “an attack not on one party but on the integrity of American democracy. And it may not be the end of such attacks.”

Hayden was a co-signer of the statement, issued by the Aspen Institute Homeland Security Group.

“You’ve got people with real credentials saying (this is dangerous), people like me truly understanding that the worst could be yet to come,” he said.

Copyright 2016, Hearst Communications Inc.