Has the recent Wikileaks revelations started the process of digitally disrupting the defence industry?
I can’t even count the number of movies I’ve watched where there is a ‘secret’ item that the heroes are trying to ether prevent from falling into the wrong hands, or obtain from their nemesis in order to prevent some global catastrophe.
These items can be a mutated virus developed in a highly secret lab, maybe the codes to some new technology. In the latest Star Wars film, Rogue One, it was about obtaining the plans to the Death Star, so it could be disabled and if I’m not mistaken in the Jungle Book King Louie was keen to get his furry hands on ‘mans read fire’ and wield its considerable power.
Never once in all of these films could a weapon be simply obtained by doing a quick copy and paste in a text editor, but after the revelations from Wikileaks last week it can now.
As todays news agenda seems to move at a breakneck speed, let me just remind you of what Wikileaks released into the public consciousness on Tuesday March 7th 2017, a day that may just be noted as hugely significant when the history books on early 21st century cyber warfare are written a generation from now.
They published over 8,500 documents and files from inside the Central Intelligence Agency, the civilian foreign intelligence service of the United States, that was a complete breakdown of their hacking arsenal, or cyber weapons to give it its slightly more recognisable description.
Here is a quote from the Wikileaks Press Release about this latest dump of documents, that they refer to a ‘Vault 7’.
“Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized “zero day” exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.”
That statement would suggest that in the most basic terms the cyber cat has been let out of the bag and what this means in the real world is, well, let me quote Wikileaks again…
“Once a single cyber ‘weapon’ is ‘loose’ it can spread around the world in seconds, to be used by rival states, cyber mafia and teenage hackers alike.”
The CIA issued a response to the Wikileaks release and not surprisingly said…
“We have no comment on the authenticity of purported intelligence documents released by Wikileaks or on the status of any investigation into the source of the documents”
What is the most surprising, or alarming aspect of this whole affair? Are you ‘surprised’ that one of the intelligence agencies of the worlds one remaining super power had these ‘weapons’? I’m not. Or perhaps that Wikileaks continues with its quest cause major embarrassment to world powers by publication of such material? Nope, not surprised by that either.
In fact I’m not surprised by any of it. It’s just the same disruptive force of software technology that has cut its teeth on more mundane industries as communication, music and media, just applied to the global defence industry.
Technology can democratise industries previously deemed unassailable. It lowers the cost of entry and allows those with skills and determination to make an impact. With any such democratisation the previous incumbents of that industry will ignore this shift, continuing to focus their efforts on the expansion of traditional ‘hardware’ in the delusion that ‘the front line’ and ‘national borders’ are still physical entities that cannot be breached.
These boundaries in the digital domain are now more blurred than ever. The release of these documents and the acknowledgement that such sophisticated hacking tools are in the wild, ensures that nation states can appear as hackers and hackers can appear as nation states.
The wars of the future will be played out in the shadows on a level playing field of technology. They will be armed with tools that were not bought a global arms fair, but downloaded from the dark web. Tools that give the same power to an individual or a small collection of cyber vigilantes that are available to the worlds leading intelligence agencies.
These tools were stolen, lost, or misplaced by an organisation whose HQ in Langley, Virginia, must be protected by enough military grade hardware security known to man and it proved to be totally ineffective.
That should be the lesson learned from this Wikileaks revelation and perhaps that would actually make quite a good movie.