A War Waged in Code:
The Real-Life Security Issues Behind THE ADVERSARY
By Reece Hirsch
THE ADVERSARY is inspired by the very real threats posed by the new generation of sophisticated computer viruses exemplified by the so-called Stuxnet virus. Stuxnet was a computer worm, or virus, discovered in 2010 that was believed to have been created by the United States and Israeli intelligence agencies to attack Iran's nuclear facilities. The Stuxnet virus was designed to target only the centrifuges at Iran's Natanz nuclear enrichment center, causing the delicate machines to speed up or slow down and then explode like so many expensive shrapnel bombs.
Unlike a bomb that is destroyed upon detonation, however, the code that makes up a weapon of cyberwarfare like Stuxnet remains out there in the world after it has been deployed. Stuxnet was designed to erase itself after it achieved its purpose, but the code malfunctioned and the virus was spread via the Internet, thus bringing it to attention of the media. THE ADVERSARY considers what might happen if the code for such a dangerous, state-sponsored virus came into the possession of black hat hackers who retooled the virus into a weapon of cyberterrorism that could be turned back against the US.
When I began writing THE ADVERSARY, I was basing my story on oft-repeated rumors that Stuxnet had been created by the US and/or Israel. As I was finishing the book, those rumors were confirmed in a June 1, 2012 article in the New York Times in which David Sanger reported that Stuxnet was indeed part of a joint operation of the NSA and Unit 8200, its Israeli counterpart, dubbed "Olympic Games," which was begun under President George W. Bush and expanded under President Obama. The Times further reported that the Stuxnet virus may have set back the Iranian nuclear program by 18 months to two years.
The Lurker virus that is central to THE ADVERSARY is closed modeled on Stuxnet, including the way it operates by taking control of the programmable logic controllers (PLCs). PLCs are digital computers that govern a vast array of functions, from manufacturing assembly lines to the electrical grid.
Although the definition of what constitutes cyberwarfare is still fluid, it is clear that sophisticated computer viruses like Stuxnet are powerful weapons and that their use, at least in certain cases, may be acts of war. But this is not warfare in the traditional sense because it may be conducted anonymously and by small groups of individuals. In traditional warfare, the adversary is usually obvious, as represented by a plane dropping a bomb or an invading army. Sophisticated, "smart-bomb" computer viruses like Stuxnet could pose threats to our critical infrastructure, like the electrical grid, chemical plants or nuclear facilities, but the barrier to entry is much lower than what is needed to develop a nuclear weapons capability.
THE ADVERSARY explores the scary prospect that we may be entering a new age of cyberterrorism. Computer viruses are no longer merely the harmless annoyances that crash your home computer. They may be as dangerous as nuclear weapons, but far harder to track and neutralize.
Son of Big Brother:
The Real-Life Privacy Issues Behind THE INSIDER
by Reece Hirsch
At one time or another, we've all had that sense that we were being watched. Your pulse quickens and the hairs stand up on the back of your neck, even though there's absolutely no evidence that anyone is observing you. While most dismiss that feeling as a momentary spasm of paranoia, it turns out that, all too often, it may be justified. The government is gathering vast amounts of data about all of us as part of its efforts to combat terrorism, and that fact underlies one of the key plot elements of my debut legal thriller, THE INSIDER.
THE INSIDER tells the story of Will Connelly, a young corporate attorney in a San Francisco law firm, who has just made partner. His first assignment as a partner is to negotiate a merger transaction involving Jupiter Software, the world's leading maker of encryption programs. Will is asked to take over as lead counsel for the transaction because the attorney who was conducting the negotiations has just died under highly suspicious circumstances. As he conducts due diligence for the transaction, Will soon discovers that Jupiter Software was built upon a secret.
In the early Nineties, the National Security Agency (NSA) developed a powerful encryption device known as the Clipper Chip, which was to be used to encrypt telecommunications transmissions. The encryption software was to be made available for use by private businesses and individuals. However, the Clipper Chip was designed to provide government agencies with "key access" to all encrypted transmissions for law enforcement and national security purposes. The program was criticized in Congressional hearings based upon privacy concerns and was ultimately abandoned in 1995.
THE INSIDER posits that the Clipper Chip program was never really abandoned, but went forward through an undisclosed deal between the NSA and a private software company, and that the NSA continued to secretly monitor the communications of private citizens during the ensuing years. THE INSIDER also considers what might happen if the encryption keys that permitted government access to that vast volume of personal communications fell into the wrong hands.
As an attorney specializing in privacy and security issues, I've long been aware of the Clipper Chip program. The program was real, but it was entirely abandoned by 1996. However, the issues highlighted in THE INSIDER are still very much with us today and have never been more timely. In the wake of 9-11, the NSA has continued striving to achieve what was once referred to as "Total Information Awareness," accumulating staggering volumes of records of telephone and e-mail communications by private citizens. In order to gather these vast stores of data, the NSA requires the cooperation of private business, particularly telecommunications companies and Internet service providers. Now that the NSA's Prism program has come to light based upon the disclosures of Edward Snowden, THE INSIDER seems even more relevant today than when it was published in 2010.
On December 16, 2005, the New York Times published a front-page story revealing a covert, long-standing domestic surveillance program that had been conducted by the NSA under the Bush Administration in the years following the September 11 attacks. This was the other major inspiration for the premise of THE INSIDER. I simply imagined that such a program had been conducted since 1995, and had begun with the supposedly scrapped Clipper Chip program. I found the notion that telecoms might share their enormous stores of private transaction data with the government for domestic surveillance, without appropriate scrutiny or oversight, to be particularly troubling.
If you're interested in reading a well-researched, thorough, and thoroughly frightening, account of the government's surveillance programs over the past 25 years, I recommend "The Watchers: The Rise of America's Surveillance State" by Shane Harris (The Penguin Press, 2010). While I can't begin to do justice to that story in all its complexity, I would like to point out a few events that demonstrate why government surveillance, and private sector cooperation in that effort, are issues that are not going away anytime soon.
While it can be argued that there is a need for our government to access personal data to combat terrorism and other threats, the personal privacy rights of Americans cannot be disregarded in that process. THE INSIDER paints a picture of what can happen when the government goes too far in secretly gathering and using our personal information, a picture that is, unfortunately, not very far removed from reality.