There is a reason why we believe that crime can keep us safe: the crime was a bloody masterpiece.
In 2007, the United States, along with Israel, attacked Iran’s Nataz nuclear facility, destroying about a fifth of Iran’s centrifuges. That attack, known as Stuxnet, in Microsoft and Siemens industrial software as “zero days”, spreads using seven holes. (Only one was previously revealed, but never patched). Short term, Stuxnet was a resounding success. This superseded Iran’s nuclear ambitions and prevented Israelis from bombing Natazaz and starting the Third World War. In the long run, it showed allies and opponents what they were missing and changed the Digital World Order.
In the decade that followed, the arms race was born.
NSA analysts left the agency to start cyber weapons factories, such as Vulnerability Research Labs in Virginia, which sold the click-and-shoot tool to American agencies and our closest Five Eyes English-speaking partners. A contractor, Immunity Inc., founded by a former NSA analyst, started on a slippery slope. First, staff say, Immunity trained consultants such as Booz Allen, then defense contractor Raytheon, then the Dutch and Norway governments. But soon the Turkish army knocked.
Companies such as CyberPoint took it further, deploying themselves overseas, sharing devices, and turning the UAE eventually on its own. In Europe, hackers of the Pentagon’s spyware, such as hacking teams, started trading the same equipment for Russia, then Sudan, which used them ruthlessly.
As the market expanded beyond the NSA’s direct control, the agency’s focus shifted to crime. The NSA knew that it had the same weaknesses it was looking for elsewhere and would one day attack Americans. For this dilemma its North American exceptionalism was to boil down to an abbreviated form – Nobus – which is “nobody.” If the agency found a vulnerability it believed it could only exploit it, it submitted it.
Part of this strategy was General Paul Nakasone, the current NSA director – and George Washington and before him Chinese strategist Sun Tzu – known as “active defense”.
In modern warfare, “active defense” amounts to hacking enemy networks. It has been a mutual destruction assured for the digital age: we hacked Russia’s troll network and its grid as a display of force; Iran’s nuclear facilities, to take out its centrifuges; And Huawei’s source code to sneak its customers into Iran, Syria and North Korea for espionage and to establish an early warning system for the NSA, in theory, to set off attacks before they hit.