As I read more about the Stuxnet malware/virus that is infecting Iran’s Nuclear Program, I started wondering about the implications.
Investigators are widely reported as saying this is the most sophisticated piece of attack software they’ve ever seen. Actually, I suspect this is true only for the investigators that are not already in the “Community” (I love that term, which I first heard used in 3 Days of the Condor). This particular worm was discovered and made public. How many before it weren’t? How many reached their targets? How many were silently thwarted? Many here are not unhappy to hear of such a thing targeting Iran, but how many have targeted us? As a country that has reportedly bugged trans-oceanic telephone cables using divers from stealthy nuclear submarines and listened in to every imaginable conversation via satellites high above, I have to suspect we have digital weapons of mass destruction that may make the Stuxnet worm seem primitive by comparison. Frankly, I certainly hope we do, and that we moreover have equally as sophisticated defenses.
One of my Enterprise Irregular colleagues is planning a trip to China, and wondered what special arrangements he might need to make. He was chiefly worried that since so much of his personal productivity suite is in the Cloud, that China’s censoring might make it hard to get at some of it. Before too long someone mentioned that their firm never brings laptops into China–too much risk of data theft. Interesting. I have a friend that works in the security industry, and he has some harrowing stories to tell. Tons of online fraud comes out of Asia. It’s not just kids or small groups of individuals. It’s big organized crime and in some cases it’s state-sponsored. Companies can lose $10-15M in minutes when a BotNet armed with the sophisticated data and tools these CyberThieves have at their disposal attacks. Worse, the thieves will often wait a period of time before striking. They want some distance between their operation and the original identity theft. In some cases, it can be a delay of a couple of years.
My wife and I went to see Wall Street: Money Never Sleeps over the weekend as well, which is a firm reminder not just of bubbles and how the big playas gamble with our money instead of theirs. The bigger reminder from the movie for me is how much of our net worth is tied up in 1′s and 0′s stored in someone else’s Cloud somewhere. Those assets get hammered as these bubbles sweep through the stock market with increasing frequency (who would’ve predicted the DotCom crash would be followed so soon by an even worse crash?). But what happens when an organized, sophisticated, state-sponsored act of Digital Combat hits home? Let’s say Stuxnet causes that Iranian reactor to meltdown. Nuclear fallout in the Middle East? Is that a good thing for our markets, or more uncertainty that leads to a further crash? What happens if your trip to China meant that your laptop was exposed to cyber thieves who were not even Chinese, resulting in some calamity a year or two later?
There has been press about various governments searching computers as you cross the border. Largely, people have felt that this is unreasonable. What if it is determined that a search has to be done to seal the borders against some really malicious weapons-grade cyber virus?
Modern times bring new things to worry about. As if we didn’t already have enough.