In this era of fake news, hacking and increasing online surveillance, traditional notions of espionage and warfare are being rapidly revised. More and more, major disruptions to the global order emerge through cyber attacks, social media and other forms of digital manipulation, with the main players being states, tech companies, organised criminal enterprises… and bored teenagers.
In 2019, the Centre for International Security Studies (CISS) invited leading international experts on digital attacks and cyber warfare to speak on the theme of Future Insecurity at the CISS Global Forum.
David E. Sanger (New York Times national security correspondent) explored the nature of cyber warfare, while Professor Ron Deibert (Director of The Citizen Lab) revealed how this technology is employed by states in acts of targeted digital espionage against civil society.
In his talk at the University of Sydney (co-sponsored by The New York Times Australia), David Sanger outlined the key arguments of his best-selling book, The Perfect Weapon: War, Sabotage & Fear in the Cyber Age. In his view, cyber makes the perfect weapon because it is dirt cheap, can be scaled up or down and is easily deniable. But despite the now pervasive cyber threat, states and security agencies have been slow to respond to this nontraditional security challenge.
Unlike nuclear weapons, which require specialist facilities, infrastructure and millions of dollars to build, cyber attacks require only some stolen code, a couple of teenagers and a case of red bull. Perhaps this is why cyber escaped the attention of security agencies, who regarded the technology as primarily a surveillance tool rather than a weapon.
But what happens when the use of cyber warfare by states becomes normalised?
In the course of his investigation Sanger discovered a U.S. program to hack North Korea’s missile systems. While the program never eventuated, its existence raises questions about whether this or a similar program of cyber warfare could be expanded to command and control the systems of countries such as China or Russia. Sanger suggests that if the capacity to disrupt missile systems becomes the new normal, states may lose confidence in their defensive capacity leading to the launch of pre-emptive strikes before missile technology is compromised.
So, how do we mitigate this threat when the mere existence of the technology itself introduces a new level of strategic instability and insecurity? There is no easy answer.
While David Sanger highlighted the implications of cyber warfare for states and security agencies, Professor Deibert’s talk on ‘Tracking Digital Espionage’ focused on cyber attacks perpetrated by state actors against individuals.
At the Citizen Lab, Deibert and his ‘digital detectives’ document instances of state-based digital espionage targeting human rights activists and civil society. These attacks send an infected link via text message which embeds spyware on the recipient’s mobile phone. The perpetrator thereby gains access to the recipient’s mobile phone activity, communications and geolocation services.
Citizen Lab classify targeted digital espionage as a ‘silent epidemic’ threatening a crisis of democracy.
Much of Citizen Lab’s work focuses on the activities of the NSO Group, a self-described cyber warfare company that sells to international governments. While their technology is sold under the guise of fighting crime and terrorism, according to investigations undertaken by Citizen Lab, it has enabled governments to track and target their opponents, particularly civil society activists and human rights defenders.
The outcomes of this targeted digital espionage are shocking. During his talk, Deibert highlighted the case of Omar Abdulaziz, a Saudi dissident living in Canada. Citizen Lab began working with Abdulaziz when they discovered he was the victim of a digital espionage campaign by Saudi authorities who were monitoring his mobile phone communications.
In a tragic twist, Abdulaziz had been communicating with Jamal Khashoggi prior to his brutal murder in Istanbul. They exchanged sensitive information about a plan to mobilise social media activists in a campaign against the Saudi regime. Citizen Lab concluded that information gathered from the surveillance of Abdulaziz played a role in the murder of Khashoggi and that Khashoggi’s own devices were likely compromised.
Both Sanger and Deibert highlighted the ‘future insecurity’ the world faces as the weaponisation of cyber technology proceeds, while international law and regulations fail to keep pace. The use of cyber warfare will continue to create new asymmetries in global politics, as states undermine each other’s digital and national security, and individuals are manipulated and targeted by campaigns of disinformation, or worse, digital espionage.