Of Hacks And Men -- Trump And American Cyberdefense

Photo credit: Gage Skidmore/flickr

As Donald J. Trump' bizzaro world fantasy becomes our frightening reality, the President-elect has gone out of his way to remind us that the rules of administrations past no longer apply. Since the election, Trump has seized every opportunity to attack legitimate news sources like the New York Times and CNN for "fake news," all while blithely sidestepping mountains of evidence that Russia had an extensive role in his victory.

Which is why The Donald's nominee for CIA director Mike Pompeo struck such an unexpectedly sane departure from the PEOTUS' line when he told senators at his confirmation that he would pursue a tougher line towards Moscow. Rather than poo-pooing charges that Moscow has been at least complicit in the plethora of leaks and hacks perpetrated in the run-up to the election, the Kansas Republican led with criticism of the Russian government, rightly dubbing them "sophisticated adversaries" against the U.S. in cyberspace.

That the top intelligence man in America is having a clear notion of Russia's malignant attitude towards the country has become more important than ever, especially since the latest round of cyberattacks exposes not just the critical flaws of our political system but in some of the nation's key infrastructure as well. Sadly, despite the fact that Republicans never miss a chance to hype their role as America's national defense party in contrast with the fickle Democrats, there are a number of critical vulnerabilities in the country's security infrastructure - two of which stand head and shoulders above the rest.

The first and arguably most crippling vulnerability pertains to America's electric grid. A recently detected hack in a machine associated to a Vermont utility sent shivers down the collective spines of the intelligence community. A malware code connected with a Russian hacking operation was recently discovered in a laptop associated with (but fortunately not connected to) the computer system operating Burlington Electric's power grid. An investigation is ongoing, but the conclusion drawn by the FBI and DHS in a report detailing the results of a separate investigation of the Russian hackers associated with the Vermont code is that the hackers obtained passwords using phishing techniques against email addresses harvested from Democratic emails released by Wikileaks. An attack against the power grid would not just be disastrous due to the ensuing blackout, but it would also catch the government completely unprepared.

As Tom Koppel pointed out in a searing indictment of the U.S.' power grid, the administration does not have the slightest inkling of a plan to deal with such an attack. And while the Vermont hack was a scare, swathes of Ukraine were really plunged into darkness by Russian hackers in December 2015 and December 2016. Security experts have pointed out that the country is being used as a "testbed for refining attacks on critical infrastructure, attacks that could be used across the world".

Predictably, and despite the fact that U.S. officials are aware of cyberattacks emanating from Russia since at least 2009, Trump has consistently questioned intelligence regarding such Russian attacks when not heaping lavish praise upon Russia's president Vladimir Putin.

The second example involves critical flaws in the woefully outdated system used by financial institutions the world over to transfer trillions of dollars each day. The Society for Worldwide Interbank Financial Telecommunication (SWIFT) system is a messaging system that most of the world's banks use to communicate payment orders. The system is used innumerable times each day to move gargantuan amounts of money - although other systems exist, none of them are as ubiquitous as SWIFT. However, the system is fraught with security holes. In June a group of hackers (possibly Russian) stole $10 million from a Ukrainian bank via the SWIFT system. Last May a group of hackers successfully stole $81 million from the Bangladesh central bank. Hackers stole the bank's credentials for international transfers and moved money it held with the Federal Reserve Bank of New York to entities listed in the Philippines and Sri Lanka. But for a misspelling of the word "foundation," the thieves might have made off with more.

The investigation of the breach in Bangladesh has also unearthed several other possible instances of theft using the SWIFT system in up to a dozen other banks as well. It's certainly possible that some thieves with better spelling skills have stolen more, too. According to a Russian security firm's investigation, a total of up to $1 billion may have been stolen from dozens of banks in just the past two years alone - the exact number may never be known as SWIFT does not disclose attacks on its systems. In addition, the success of the Bangladesh hackers has spurred on the Odinaff group, which is a criminal syndicate linked to Russia's Carbanak group, to develop software that steals critical information from SWIFT messages sent through infected computers.

Despite assurances from SWIFT that the system is safe, such proclamations about the fidelity of a outdated system with Swiss-cheese-like security come off more like a tweet from The Donald. The SWIFT organization doesn't believe its propaganda, either. A letter addressed to member banks obtained by Reuters a month ago warns of the "persistent, adaptive and sophisticated" threats that the system is currently facing, admitting that such attacks are "here to stay." The continuing, multi-million-dollar attacks against member banks have finally forced SWIFT to acknowledge the elephant in the room. The co-op is now contemplating the adoption of blockchain technology to shore up its security, but its recent announcement raised more questions than answers. It's unclear how much the transition will cost, how long it will take and just how secure their blockchain technology will be.

Whether we're talking about the electricity grid, the security of the financial system, or about the integrity of America's political institutions, one thing is clear: services we've been taking for granted are increasingly vulnerable to outside attacks. On January 20, an opinionated reality-television billionaire will morph from a Twitter tough guy to the most powerful man in the world. Should he continue down the well-trodden road of giving in to his ego and attacking America's intelligence community for saying mean things about his bestie Putin, the country's already porous defenses will eventually fall apart completely--with or without a wall.