On June 6, 2013, a story broke which would go on to change the world. It concerned thousands of classified memos, emails and other data taken by a contractor from the United States government’s National Security Agency (NSA).
The leak was huge in scope and described covert operations against other nations. The documents also laid bare a massive data collection programme on US citizens (and everyone else.) That contractor was Edward Snowden and the shockwaves from his disclosure are still being felt today.
Little was known about the NSA, even by those within the US government; the intelligence community used to joke that its initials stood for ‘No Such Agency’.
It’s difficult to call the public’s reaction disproportionate. The agency’s practice, through a programme named PRISM, of storing data on every telephone call made and email sent through US servers, including those by innocent US citizens, was shocking and illegal. Underpinning this public outcry, however, was a profound global unease. People vaguely understood that they needed to be protected from online threats and they had a rough idea that this was the stated remit of the NSA. However, even today, few really have a grasp of what cybersecurity involves; what an attack might look like, or what the government could do to stop it.
In Dark Territory: The Secret History of Cyber War Fred Kaplan sets out to shed some much-needed light on the realm of cyberwarfare and the shadowy history of the agency which was to make it its speciality. The book traces the NSA back to its inception in the early 1950s, and meticulously charts the struggles, conflicts, setbacks and presidential panics which helped it become the technical behemoth exposed to the world in 2013.
We learn the threats and opportunities of cyber war are nothing new. The use of intercepted intelligence was a key tactic for Roman infantrymen, who captured enemy messengers in order to learn and counter the movements of their enemies. In the Second World War, British codebreakers led by Alan Turing at Bletchley Park helped to turn the tide by decrypting messages sent by the Germans and Japanese.
Used correctly, this approach can leave the enemy command unable to trust the information they’re receiving from the field, distorting their view of a battle. Kaplan tracks the development of these tactics through various US conflicts, tracing the NSA’s growing capabilities from Moscow to the Middle East.
As an early example of this arms race, and in a passage worthy of any spy thriller, Kaplan examines the NSA's tactics in Cold War Moscow. At the time, Russia had begun to switch its military broadcasts using radio waves – relatively easy to scoop up – to shorter range microwaves, which are trickier to intercept. In order to pick up conversations between generals and the Kremlin, the US set up listening equipment on the 10th floor of the US Embassy. But all this tech generated a high level of microwave activity in itself. Realising what was going on, the Soviets retaliated by setting up microwave listening posts in US cities, often pointed at the offices of high-ranking generals in an effort to eavesdrop on their conversations. This risk of interception was dealt with by the Americans by simply playing muzak (elevator music) in their offices to confuse any listening transmitters.
As the NSA became increasingly sophisticated, the agency realised that its techniques had the potential to lead to a more humane, and in many ways more intelligent, form of conflict. Traditionally, generals wanting to take down enemy infrastructure would approach the problem in a typically American way – drop bombs on it. The NSA had a better idea – if their operatives were able to hack into the computers controlling the system, they might be able to disable it silently from the inside – no loss of life and no danger to US troops.
This approach was met with extreme suspicion by the old guard. In the heat of battle, generals wanted something they were sure would work; why rely on a hacked computer breaking when you could just explode the thing?
This argument was to continue for decades. Kaplan examines numerous operations where the NSA pressed its point home. One particularly gripping example is given in the Stuxnet worm, software written by the NSA targeted at Iran's nuclear programme.
At the time, Iran had acquired a large number of centrifuges – machines with large spinning paddles which enrich uranium to the point that it can be used to make nuclear weapons. The NSA built software able to take over the computers controlling the centrifuges and so slow them down or force them to spin so violently that they flew apart.
Importantly, the goal here was not to destroy every centrifuge at once; this would look far too suspicious. Instead, the worm was used to disrupt production just enough that any breakages were likely to be blamed on the scientists operating the machines, causing the military to fire perfectly good staff and setting the programme back still further. The NSA's approach was extremely effective, and helped to set in motion the events which led to the 2015 deal where Iran agreed to restrict its nuclear activity.
The agency’s interventions also took place on a cultural level. After the war in Bosnia-Herzegovina ended in 1995, tens of thousands of NATO troops were deployed to the country. In protest at this foreign presence, citizens began taking to the streets to pelt the soldiers with rocks. Realising that these demonstrations were being organised by local TV stations, US generals asked the NSA to find a means of disrupting the broadcasts. One of its responses? The weaponisation of bikinis.
The NSA persuaded a sympathetic local broadcaster to schedule showings of the world's most popular TV show at the hours scheduled for demonstrations. This show was Baywatch, a drama about American lifeguards, famous for its big hair, slow motion jogging and swimwear. As a result, many men who would otherwise be on the streets chose to stay in and watch Pamela Anderson.
The NSA's successes were not always remembered, and it had to struggle to convince a series of often uninterested presidents that its techniques were effective.
This struggle comprises one of Dark Territory's major themes, and some of Kaplan's best research concerns the political machinations, theatrical flourishes and demonstrations of power by NSA commanders to make the US sit up and take notice.
One of the agency’s key strengths was, and remains, its connection to private industry. For years, the most highly-prized weapons in the agency’s arsenal were undetected bugs in commercial software, known as “zero-day exploits”. The most effective of these could be used to get into the systems of anyone using the software. For these to work, however, it was important that the bugs weren’t patched, and software companies from US-friendly countries were complicit in keeping these vulnerabilities unfixed, as well as helping the agency to collect data for its controversial PRISM programme.
In return, the NSA helped many firms, including Google and Microsoft, to strengthen their software in other areas and to repair damage from cyber attacks.
When Snowden’s revelations laid bare this cooperation, companies scrambled to distance themselves – a reaction Kaplan compares to Captain Renault’s protestations in Casablanca, who howls during a police bust that he is “shocked, shocked that gambling is going on in here” just as his winnings are delivered.
While the NSA has since distanced itself from zero-day exploits, this history is particularly relevant as we watch Apple resisting a government demand to create backdoors in its encryption.
For some, the NSA has been seen as the ultimate government bad guy. Dark Territory paints a far more complex picture, exposing the human motivations, blunders and triumphs of an agency which, in many cases, was primarily trying to protect its country. Kaplan's decision to focus on personalities can sometimes get in the way of the issues he wants to raise, and his descriptions of military bureaucracy can border on the obsessive. His approach, however, goes some way towards humanising the governmental machine and lends the book a strong narrative flow.
Kaplan’s research is impressively detailed and the book is peppered with colourful asides. The book is also deeply relevant. We need to be able to have an informed public discussion on what exactly constitutes an act of online aggression and the issue of civil liberties – Kaplan’s balanced, non-technical examination of what is at stake is vital in this respect.
A key lesson from this book is that we cannot afford to be complacent about scrutinising those who aim to keep us safe. This is illustrated in a quote from Geoffrey Stone, a US law professor and civil libertarian who participated in a post-Snowden review of the agency’s activities, in a speech to NSA headquarters. “I found”, he said, “to my surprise, that the NSA deserves the respect and appreciation of the American people. But it should never, ever be trusted.”
Josh Smith is a software developer and researcher at the Demos think tank.