The cyber-ruffians who briefly tanked the stock market recently by faking a news tweet about an attack at the White House showed how much damage can be done with a few well-placed keystrokes. Those who hacked into a Department of Labor website earlier this week could have wreaked even more havoc, say, if they successfully tweaked the monthly jobs report.
Neither seemed particularly sophisticated, or malicious. But they do beg the obvious question: How much damage could a group of well-trained hackers do, economic and otherwise, if they really wanted to?
That’s a question that Paul Rosenzweig has been thinking about for awhile. He’s a former top US Department of Homeland Security official and author of the recently published book, “Cyber Warfare: How Conflicts in Cyberspace Are Challenging America and Changing the World.“ The book’s cheerful premise? That technological advances, combined with the ubiquity of the Internet, have spawned a near-infinite range of potentially grave security threats to governments, commercial entities and individuals.
It doesn’t take Rosenzweig long to come up with some unsettling scenarios. Most involve either disruption or disinformation, like the Associated Press Twitter account hack.
Here are just a few of them:
How serious are these threats? “All of these are very, very real vulnerabilities,” says Rosenzweig. ”There are people who would love to do these to us but don’t have the capability, yet, like Al Qaeda. There are others, like Russia, China and Iran, who could do much of it, and they might do it at some point. But when, and why, we don’t know.” One question is whether state actors like Russia, China and Iran would authorize something that could be construed as an act of war, or certainly a serious provocation that could prompt a US military cyber-response.
Rosenzweig, who now runs the Red Branch Law & Consulting firm, wouldn’t talk about the work he did on highly-classified “Red Teams” tasked by the government to think up such scenarios as a way of thwarting them. But he says such efforts are becoming increasingly urgent as cybersecurity experts try to anticipate what kind of hacks could really do serious damage.