Who Do You Trust Less: The NSA or Anonymous?
Intelligence officials seem to be polishing up their case to take on Anonymous like a 'stateless' terrorist group.
The director of the National Security Agency, Gen. Keith Alexander, told various high-level audiences that the loosely affiliated group, Anonymous, would soon have the capability "to bring about a limited power outage through a cyberattack," according to an anonymously sourced article in the Wall Street Journal today.
The Journal admits that Anonymous "has never listed a power blackout as a goal," but warned that "some federal officials believe Anonymous is headed in a more disruptive direction," anyway.
The Anonymous-affiliated Twitter account, @YourAnonNews, responded with a blunt denial. "NSA head engages in alarmist rhetoric & fear-mongering," they wrote today. "Why would Anons take out power grids when lives depend on them?"
Security expert Christopher Soghoian displayed skepticism about the NSA warning, too. "I'm confused," he tweeted, "What will happen in next year or 2 to give anonymous ability to hack power grid. Either the grid is secure or insecure."
The Journal article, following the line of "U.S. intelligence officials" lumped together Anonymous into a new cyber axis of evil that consisted of al Qaeda operatives, Chinese cyberspies, Russian cyberspies, and ... a bunch of random people in IRC rooms using relatively unsophisticated denial-of-service attacks.
U.S. intelligence officials already have found what they say is evidence of Chinese and Russian cyberspies snooping in computer systems that run the electric grid, possibly in preparation for a conflict with the U.S. The governments of China and Russia have denied any involvement.
A stateless group like Anonymous doesn't yet have that capability, officials say. But if the group's members around the world developed or acquired it, an attack on the power grid would become far more likely, according to cybersecurity experts.
Note the use of the word "stateless." While it *can* apply to refugees and other entities, government officials tend to apply that adjective to a specific set of groups: People the American government labels terrorists, most particularly al Qaeda. Here's the normal deployment of the word from the 9/11 Commission report:
Our enemy is twofold: al Qaeda, a stateless network of terrorists that struck us on 9/11; and a radical ideological movement in the Islamic world, inspired in part by al Qaeda, which has spawned terrorist groups and violence across the globe. [emphasis mine]
So, now we know the frame through which the intelligence community sees Anonymous. That helps make sense of the scenarios that officials floated linking Anonymous to enemies of the United States.
"Possible scenarios discussed, the former official said, included one in which a foreign government developed the attack capability and outsourced it to a group like Anonymous, or if a U.S. adversary like al Qaeda hired hackers to mount a cyberattack," the article continued.
The overheated cyber rhetoric reminds some of the way the Bush Administration used yellowcake uranium in the lead-up to the Iraq war.
"Evidence to sustain such dire warnings is conspicuously absent," wrote George Mason's Jerry Brito and Tate Watkins last week in Wired's Threat Level. "In many respects, rhetoric about cyber catastrophe resembles threat inflation we saw in the run-up to the Iraq War. And while Congress' passing of comprehensive cybersecurity legislation wouldn't lead to war, it could saddle us with an expensive and overreaching cyber-industrial complex."
The weird thing is that the thinking in the Journal piece, which seems to place Anonymous somewhere between Iran and a Colombian drug cartel on the danger scale, seems to garner serious consideration from our national security officials, perhaps because the word 'cyber' sounds so scary. The article concludes:
White House spokeswoman Caitlin Hayden said she couldn't discuss details of internal deliberations, but she said the administration "has made cybersecurity a top priority, and we are working tirelessly to protect ourselves from the threats we face, whether they come from other nations, cyber criminals, or from stateless activist hacker groups."
Note that word again, "stateless," and ask yourself if Anonymous should be deemed a terrorist group. Who has Anonymous hurt? What kinds of laws have they broken? Are they pursuing weapons? Do they sell drugs? Do they have guns? What credible evidence do we have that they are trying to hurt regular citizens? If not, what is gained by lumping them in along with real and persistent threats to Americans?
One doesn't have to support Anonymous' methods, goals, or aesthetics to worry about the US response to them in the intelligence community.