As it becomes more and more clear the United States government is accelerating efforts to establish a policy and improve the government's ability to respond to cyber attacks, the openness and freedom of the Internet is more and more at stake. Also, specific to an organization like WikiLeaks, the government may be on its way to crafting legal authority to take WikiLeaks out with DDoS or DNS attacks. (Of course, many already believe the US was behind the attack on the WikiLeaks website that took place just as WikiLeaks was beginning to release the US State Embassy cables.)
Marcy Wheeler, guest on the podcast this week, gets into this saying, "If you agree that bringing down speech is a legitimate cyber warfare tactic and if you agree that WikiLeaks was an attack on defense infrastructure or maybe State Department infrastructure, then you can easily get to the justification of okay we can do a DDOS attack on WikiLeaks," and finds the US government may be working to create legal justification for such attacks.
Wheeler blogs at Firedoglake as Emptywheel. She primarily covers the national security establishment in the United States and has written many blog posts on WikiLeaks, Bradley Manning and cyber security, with her most recent post on all of this being, "The Cyberwar Campaign against Jihadi Literature and WikiLeaks."
You can listen to the podcast by clicking on the embedded player below. (Or, you can go here and download or listen to the podcast on cyber security and cyber warfare.)
Here is a transcript of the first few minutes of the interview:
KEVIN GOSZTOLA, host: We’ve seen a lot of --- It seems like there’s been an escalation in the policymaking around cybersecurity and on cyber warfare and just I noted your post that you wrote about jihadist literature and WikiLeaks and some things related to cyber war and I just thought this would be a good place to open and you could talk about what you’ve been covering on this area.
MARCY WHEELER, FDL blogger: There are a couple questions on cyber war. One is we’ve put to some degree the National Security Administration—so the same people who wiretap us and wiretap everyone else in the world—we’ve put them in charge of our cyber warfare and one of the concerns going into that—And I should take a step back. DHS [Department of Homeland Security] is technically in charge of our cyber security but NSA has a big chunk of it. And so, given the NSA has a big chunk of it and given that they are part of DOD and given that their job is to wiretap people, what kind of trouble are we going to get into a) with them attacking extensively American targets and b) with them attacking free speech? And so, that’s a debate that’s gone on for two, three, four, five years.
The other background piece, which I’ve been interested in, since we’re talking about WikiLeaks—Everyone knows WikiLeaks, or everyone assumes WikiLeaks, was brought down in the United States by a DNS attack courtesy of the United States and the question nobody has ever answered is was that an attack done by an entity of a federal governement, did they outsource it someone like HBGary or something like that to some kind of contractor. So, in the scheme of cyber warfare, those of us who watch these kinds of things need to always looking for the answer of under of under what legal authority did the United States or some legal entity put up to it by the United States take down WikiLeaks in December 2010.
And so, the post I did [June 1] –there’s been a bunch of posts. There was one in the Wall Street Journal yesterday and then one in both the New York Times and the Washington Post today. Basically, what happened is that the Defense Authorization, which was voted out of the House on Thursday, authorizes DOD to engage in cyber warfare but limits to something encapsulated under an AUMF, so basically they can strike at targets like al Qaeda but not necessarily Iran. And then also to defend DOD targets. So that happened Thursday and it became closer to that being law.
Before that happened the administration had said we aren’t very happy about that. We want to engage constructively. And so, since then and since a bunch of defense contractors got hacked over the weekend or got hacked the week before and that became public over the weekend, then there’s been a bunch of discussion over the past days about what cyber warfare is going to look like for the United States going forward and the most interesting article for me was written by Ellen Nakashima from the Washington Post today because she basically laid out some of the things the government said it can do under cyber warfare.
Aside from, because the Administration has objected before to having to brief Congress every quarter on what kind of cyber warfare they’re doing, it goes back about year – She laid out some of the grounds on which it appears the Administration wants to expand what Congress has already given them the means to do. And part of that is just we want to be able to go in and identify where Iran’s weak points are so when we go to cyber war against Iran we’ll be able to take them down quickly. And that’s one thing. But the most interesting thing about her article is that she talked about – She tried to put it in terms of where this amendment, this defense authorization came from, and she wanted to give the Executive Branch to give the administration, for example, to bring down the al Qaeda magazine for al Qaeda in the Arabian peninsula. And that’s important.
If you look at the structure that they laid out—I’m not even going to say free speech cause it’s Yemen—But you can bring down speech as a viable target in cyber warfare and that’s what the House Armed Forces Committee basically voted out on Thursday. And the administration doesn’t argue that. They say they want more power. But, if you translate that to what it would mean to someone who is a “defense target,” that would authorize them to do what somebody had done to WikiLeaks in December, which is bring them down on a DDOS attack. So in other words it’s a very loaded statement but what they are basically saying is that they consider speech a legitimate target of cyber warfare and so long as that applies—they consider that and I don’t guarantee this is true. I mean, again I am still trying to figure out how they legally justify to themselves bringing down free speech in the United States—But if you agree that speech is a legitimate cyber warfare tactic and if you agree that WikiLeaks was an attack on defense infrastructure or maybe State Department infrastructure, then you can easily get to the justification of okay we can do a DDOS attack on WikiLeaks.
There’s some interesting stuff going on in the arguments about cyber warfare and Congress is already impinging on free speech. And then the Administration is asking for more.
Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer