Jared Cohen - The New Digital Age

So if we take it as a given that prison contraband networks will generally outsmart the officials charged with shutting them down, and that mobile phones will remain in high demand for inmates, what options remain to thwart the Pul-e-Charkhi scenario from playing out elsewhere? The most obvious solution is simply cutting off access, jamming the networks so that inmates’ illicit phones become little more than expensive platforms for playing Tetris. But it stands to reason that someone could figure out a way to get over that hurdle. Perhaps live pigeons won’t work, but small drones designed to look like pigeons and act as mobile Wi-Fi hot spots might.

Monitoring and tapping the mobile activity among prisoners is another option for law enforcement. The intelligence gathered from listening in could, among other things, shed light on how illicit networks operate. A more subversive solution could be to intentionally co-opt the contraband networks by getting devices into prisoners’ hands that are actually filled with traps to inadvertently give up information. Loaded with malware that will allow activity on each phone to be traced, these phones would be designed to give up secrets easily without inmates’ knowledge. This may ultimately prove more effective than human informants, and safer, too.

Some societies will ensure that a prisoner disappears from the Internet entirely while behind bars. By court order his virtual identity would be frozen, laws would prevent anyone from trying to contact, interact with or even advertise to his frozen profile, and once he was released, he would be required to provide his probation officer with access rights to his online accounts. The digital-age equivalent of an ankle bracelet will be government-imposed software that tracks and restricts online activity, not just for the obvious cases like child molesters (whose Internet activity is sometimes restricted as a condition of probation) but for all convicted criminals for the duration of their probation. 2Someone found guilty of insider trading could be temporarily barred from all forms of e-commerce: no trading, online banking or buying things on the Internet. Or someone subjected to a restraining order would be restricted from visiting the social-networking profiles of the targeted person and his or her friends, or even searching for his or her name online.

Alas, many of these solutions will be circumvented in the age of cyber terrorism, as more and more criminals operate invisibly.

The Rise of Terrorist

Hackers

How serious someone considers the threat of cyber terrorism likely depends on that person’s view of hacking. For some, the image of a basement-dwelling teenager commandeering phone systems for a joyride endures, but hacking has developed considerably in the past decade, transformed from a hobby into a controversial mainstream activity. The emergence of “hacktivists” (politically or socially motivated hackers) and groups like the hacking collective Anonymous signals a maturation of message and method and hints at what we can expect in the coming years. Increasingly, hackers will find ways to organize themselves around common causes. They will conduct sophisticated attacks on whomever they deem a proper target and then publicize their successes widely. These groups will continue to demand attention from the governments and institutions they attack, and their threats may come to be taken more seriously than one might expect judging from today’s activities, which mostly seem like stunts. The story of WikiLeaks, the secrets-publishing website we discussed earlier, and its sympathetic hacker allies is an illustrative example.

The arrest of WikiLeaks’ cofounder Julian Assange in December 2010 sparked flurries of outrage around the world, particularly among the many activists, hackers and computer experts who believed his indictment on sexual-assault charges was politically motivated. Shortly thereafter, a series of cyber attacks crippled, among others, the websites for Amazon, which had revoked WikiLeaks’ use of its servers, and MasterCard and PayPal, which had both stopped processing donations for WikiLeaks.

This campaign, officially titled Operation Avenge Assange, was coordinated by Anonymous, a loosely knit collective of hackers and activists already responsible for a string of prominent DDoS attacks against the Church of Scientology and other targets. During Operation Avenge Assange, the group vowed to take revenge on any organization that lined up against WikiLeaks: “While we don’t have much of an affiliation with WikiLeaks, we fight for the same reasons. We want transparency and we counter censorship. The attempts to silence WikiLeaks are long strides closer to a world where we cannot say what we think and are unable to express our opinions and ideas. We cannot let this happen.… This is why we intend to utilize our resources to raise awareness, attack those against and support those who are helping lead our world to freedom and democracy.” The corporate websites were back online within several hours, but their disabling was very public and could have affected millions of customers. Most of those customers had no idea the websites were vulnerable in the first place. In other words, the hacktivists made their point. A string of global investigations followed, leading to the arrest of dozens of suspected participants in the Netherlands, Turkey, the United States, Spain and Switzerland, among other states.

Neither WikiLeaks nor groups like Anonymous are terrorist organizations, although some might claim that hackers who engage in activities like stealing and publishing personal and classified information online might as well be. The information released on WikiLeaks put lives at risk and inflicted serious diplomatic damage. 3And that’s the point: Whatever lines existed between the harmless hackers and the dangerous ones (or between hackers and cyber terrorists, for that matter) have become increasingly blurred in the post-9/11 era. Decentralized collectives like Anonymous demonstrate clearly that a collection of determined people who don’t know each other, and without having met in person, can organize themselves and have a real impact in virtual space. In fact, no critical mass is necessary—an individual with technical prowess (computer-engineering skill, for example) can commandeer thousands of machines to do his bidding. What will happen in the future when there are more of these groups? Will they all fight on the side of free speech? Recent examples suggest we should begin preparing for other possibilities.

In 2011, the world met a twenty-one-year-old Iranian software engineer, apparently working in Tehran, who called himself Comodohacker. He was unusual compared to other hacktivists, who generally combat government control over the Internet, because as he told The New York Times via e-mail, he believed his country “should have control over Google, Skype, Yahoo!, etc.” He made it clear that he was intentionally working to thwart antigovernment dissidents within Iran. “I’m breaking all encryption algorithms,” he said, “and giving power to my country to control all of them.”

Boasting aside, Comodohacker was able to forge more than five hundred Internet security certificates, which allowed him to thwart “trusted website” verification and elicit confidential or personal information from unwitting targets. It was estimated that his efforts compromised the communications of as many as three hundred thousand unsuspecting Iranians over the course of the summer. He targeted companies whose products were known to be used by dissident Iranians (Google and Skype), or those with special symbolic significance. He said he attacked a Dutch company, DigiNotar, because Dutch peacekeepers failed to protect Bosnian Muslims in Srebrenica in 1995.