Watchdogs Under Watch is a series of personal stories from journalists, bloggers, and activists around the world, as they encounter and combat surveillance and cyber security issues. This series and corresponding report, written for the Center for International Media Assistance, is in partnership with Radio Netherlands Worldwide.
Digital security has become one of the most controversial issues in political, cultural and social circles. With the widespread techniques available today to some states to spy and monitor the internet, it seems the discussion has been taken from a science fiction novel or from the pages of George Orwell’s 1984. I always found it strange that digital security “affects us all” but for me stayed confined to the internet in a virtual, faraway world.
But in April 2011, the New York Times wrote an article about malware called “Stuxnet” that was found in uranium enrichment centers in Iran. This program disabled the centrifuges in nuclear reactors, which lead to a delay in Iran’s nuclear program for at least one or two years.
The news about Stuxnet spread on the news and via social media and became the “talk of the day.” Many of the articles contained information about the development of this “cyberweapon” and about the enormous amount of work and expertise involved in its programming…Some people speculated that the United States and Israel were behind it and that this cyber attack contributed in avoiding a military attack on Iran and the subsequent political and military risks.
The technical side aroused my attention and admiration. It is amazing that armies can be replaced with software that doesn’t leave traces, and doesn’t cause the loss of human lives. So I followed the technical reports that were published by Kaspersky with enthusiasm and eager anticipation.
But the big surprise came when code samples of Stuxnet were shared on the internet to study and possibly try to rebuild it (which raised concern among many politicians).
At first glance, it seems madness to download a program designed to breach electronic security in full awareness and intention…But there are techniques that allow you to create a safe space (in theory) to download and study this kind of program. And since I don’t have any nuclear reactors at home that may explode, the risks were limited.
So after changing the settings of an old computer, which took me some hours, and after hesitation about the effectiveness of these settings, I disconnected all electronic devices from the network and downloaded the program.
Source comic: https://xkcd.com/350/
Building an “electronic anti-nuclear weapon” was not on my list of interests, but I wanted to take a look at the programming techniques and keep a safe copy of “Stuxnet” as a digital souvenir of this story that sounds almost fictional and may be historic in the so-called digital war to stop nuclear weapons.
I spent hours on my old computer to satisfy my curiosity and compare the long technical reports. The second day, I did a long search on technological breaches that affected a number of important resources and infrastructure. The search words I used mostly revolved around the “Scada” systems, which are applied a lot in industrial systems. I was surprised that many dangerous accidents happened as a result of pirating multiple systems. To name just a few: the explosion of an oil pipeline in Siberia; a system hack causing a disruption of air navigation for 6 hours in an airport; paralyzing the electricity network in the northeast of the United States; disabling railway systems; disabling the sewage system.
A simulation of a system disruption caused by an electronic attack, by CNN:
Knowing these details about digital security breaches and how they spill over to the real world and affect our daily life, made me think of what could pose a serious threat…Especially since we come closer and closer to an “Internet of things” in which most devices, from the fridge to the car, are connected to the net.
For example, controlling your car and knowing its location is not a figment of the imagination: in the United States of America, after the crime of the Boston marathon, the police tracked the stolen car through its GPS system, which contributed to a happy end and catching the criminal … but the question remains about using the same techniques for things like harassment, stealing or kidnapping.
While the discussion on digital security goes on at internet governance fora, should we keep focusing on how to achieve digital security of people, or are overall security concerns urgent and should we start to discuss them, even if they make the discussion difficult and complex?