The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics

The Hacker and the State by Ben Buchanan explores the rapidly evolving world of cyber warfare and how state-sponsored hacking is reshaping global geopolitics. The book outlines real-world cyber incidents, offering an in-depth analysis of the impact of cyber operations on diplomacy, national security, and international relations. Ben Buchanan is a scholar in cybersecurity, intelligence, and statecraft, he has also served White House as an advisor to the President on Cybersecurity issues.

6 min read

black laptop computer turned on
black laptop computer turned on

Introduction

In today’s interconnected world, the battlefields of espionage and warfare have expanded beyond physical borders into the realm of cyberspace. In The Hacker and the State, Ben Buchanan illustrates how nations employ cyber espionage, sabotage, and covert operations to gain strategic advantages. This often blurs the lines between allies and adversaries, making the book essential reading for anyone interested in the international security. This post explores key takeaways from the book that highlight the complexity and scale of cyber warfare in today’s world.

1. Espionage: Intelligence Gathering Beyond Borders

  • One of the major themes in Buchanan’s book is the relentless and ongoing nature of cyber espionage. Government-backed hackers are continuously probing the networks of their adversaries, looking for vulnerabilities to exploit. This creates a perpetual "rat and mouse" game, where countries engage in a cycle of attacks and counterattacks. This often leads to blurred lines between allies, as even friendly nations engage in spying. For example, during President Obama’s tenure, the NSA targeted German Chancellor Angela Merkel, straining U.S.-German relations.

  • Another significant incident occurred during the 2004 Olympics in Greece, where the U.S. installed spy software under the pretence of security. Despite promise to remove it post-Olympics, surveillance continued, targeting high-ranking officials, including the Greek Prime Minister and his wife. The mysterious death of a Greek politician who opposed this operation raised suspicions about the potential dangers of espionage. These examples underscore how trust can be compromised through covert operations, revealing the precarious nature of international relations in the intelligence arena.

  • The U.S. often employs unconventional methods for intelligence gathering when formal channels are unavailable. One tactic involved using the DEA (Drug Enforcement Administration) as a cover for intelligence operations. In cases where countries refused to cooperate with the CIA, the DEA intervened under the guise of fighting narcotics, gaining access to vital information. Many nations believed the DEA focused solely on drug enforcement, unaware that data collected was often shared with the CIA for broader intelligence purposes.

  • Telecommunications companies play a crucial role in this landscape, often cooperating with government agencies by providing access to data and communications. Companies like AT&T and Vodafone have been known to share vast amounts of information, under the pretext of national security. Historically, the NSA has exploited loopholes to access data from companies like Google and Yahoo by intercepting data through cables, often with the help of telecommunications companies. This collaboration exemplifies how private companies become entangled in government surveillance efforts, further blurring the lines of trust and accountability.

2. Five Eyes and Intelligence Agencies

  • Buchanan introduces "passive collection," where states intercept communications between countries without noise. For example, during World War II, Britain intercepted a German message to the Mexican embassy offering territory in exchange for support against the U.S. This intelligence was crucial in influencing the U.S. decision to enter the war.

  • Before the establishment of the "Five Eyes" alliance, the U.S. and the U.K. were the sole intelligence-sharing partners. This partnership later expanded to include Canada, Australia, and New Zealand, forming a powerful global intelligence network.

  • Unlike the US, China lacks extensive passive intelligence collection capabilities. The US benefits from numerous alliances and treaties that allow access to intelligence from around the world, a network China does not possess. This difference underscores the unique global reach of American intelligence operations compared to China’s more limited scope.

3. Cyber Attacks as Political Weapons

  • North Korea’s retaliate against Sony Pictures for the release of The Interview, a film mocking Kim Jong Un. The attack exposed sensitive employee information, damaged reputations, and forced Sony to release the film digitally after threats from North Korea.

  • Russia has also employed cyber operations to disrupt elections in the U.S. and Europe. During the 2016 U.S. election, Russian hackers infiltrated campaign networks and launched propaganda campaigns through fake social media accounts.

  • China's Unit 61398 has targeted U.S. military organisations and private companies like Juniper Networks and U.S. Steel. The scale and impact of these operations have been substantial, with the unit specifically focusing on intellectual property and sensitive military information.

  • In February 2016, the Bangladesh Central Bank was victimised by a major cyberattack, where hackers sought to steal nearly $1 billion from the bank's account at the Federal Reserve Bank of New York. The attackers did not breach the SWIFT system itself but targeted the bank's internal systems. By manipulating the bank's infrastructure, including an HP printer used for transaction logs, the hackers ensured bank employees remained unaware of unauthorised transactions. The attack’s timing was critical, occurring over a weekend when responses from the Bangladesh Bank and the Federal Reserve were delayed. Although most transfers were flagged and blocked, the attackers successfully funnelled $81 million into accounts in the Philippines, where it was laundered through casinos.

  • In December 2015, Russian hackers launched a significant cyberattack on Ukraine's power grid, causing widespread outages that left nearly 230,000 people without electricity. The attackers employed malware to disrupt operations at several power distribution centres. A similar attack targeted Kyiv later that year, further demonstrating the vulnerability of critical infrastructure. This incident set a precedent for future threats, with Chinese hackers reportedly adopting similar tactics against India's power grid.

4. Cryptography & Shadowy World of Black Budgets

  • One of the complex challenges is the evolution of cryptography in espionage. Governments face difficulties in breaking into encrypted systems, leading them to develop new cryptographic techniques. Buchanan likens creating new encryption technologies to designing jet engines—a lengthy and intricate process which takes decades to perfect.

  • The PURPLE cipher machine, developed by Japan, was their equivalent to Germany's Enigma during World War II. Both machines were used for encrypting military communications. Enigma gained recognition while PURPLE did not.

  • The U.S. government allocates a dedicated "black budget" for espionage, surveillance, and covert operations. This secretive budget funds activities that are not publicly disclosed, allowing intelligence agencies to operate with a high degree of secrecy. The black budget supports advanced technology development and covert missions crucial for national security but remain hidden from public scrutiny.

5. High-Profile Hacks: Stuxnet, Wiper and NotPetya

  • The infamous Stuxnet attack, a joint U.S.-Israel cyber operation, is discussed as one of the most successful cyber sabotage campaigns in history. Targeting Iran’s nuclear program, Stuxnet destroyed over 1,000 centrifuges, crippling Iran’s uranium enrichment efforts. Initially, Iran believed the failure was due to engineering errors, unaware it was a sophisticated cyberattack, showcasing how cyberattacks can cause physical damage without immediate detection.

  • The Stuxnet attack set a precedent for other nations to adopt cyber warfare strategies. Iran later targeted Saudi Arabia’s oil infrastructure in retaliation for U.S.-led sanctions.

  • Wiper, another malicious program, specifically targeted Iranian systems, erasing all traces of its origin and purpose. This highly sophisticated malware left no clues behind, making it nearly impossible to trace its creators or understand its full functionality.

  • The book also mentioned one of the most devastating cyberattacks in history—NotPetya, unleashed by Russian hackers in 2017. NotPetya wiped out data across multiple sectors, causing unprecedented damage to companies like Maersk. Unlike Stuxnet, which was highly targeted, NotPetya spread uncontrollably, highlighting the unpredictable nature of cyber warfare.

6. Edward Snowden & The Shadow Brokers Leak

  • Buchanan also explores the impact of the Shadow Brokers leak, where a hacker group revealed and offered NSA's secret cyber weapons for sale online. This incident highlighted the vulnerabilities of even the most secure intelligence agencies, showing how powerful hacking tools could fall into the wrong hands, available to anyone willing to pay for them.

  • There are several possibilities for how NSA software was copied. One possibility is that an insider from the NSA could have stolen it. Another scenario is that a hacking group from China or Russia managed to take it. Additionally, while the NSA was actively using their software for passive collection, it could have been intercepted and stolen during those operations. Each of these scenarios highlights the vulnerabilities in even the most secure systems.

  • Edward Snowden leaked classified information to raise awareness about government surveillance practices, believing it was in the public's interest. In contrast, the Shadow Brokers leaked NSA tools primarily for financial gain, selling them to the highest bidder. While Snowden aimed to inform and protect citizens, the Shadow Brokers exploited sensitive information for profit.

7. The Role of Private Firms

  • Buchanan discusses how private cybersecurity firms have emerged as critical players in the realm of cyber warfare and espionage. These companies not only provide defensive measures for their clients but also engage in offensive operations, often collaborating with government agencies. A notable example is CrowdStrike, which played a pivotal role in identifying the Russian hackers behind the Democratic National Committee (DNC) breach during the 2016 U.S. elections.

  • Social media platforms like Facebook have also become battlegrounds in this global cyber conflict. In 2019, Facebook removed over 2 billion fake accounts, underscoring the pervasive use of social media manipulation in modern warfare.

  • By leveraging advanced threat intelligence and real-time data analytics, these firms are reshaping the landscape of cybersecurity, effectively becoming an extension of national security efforts. This partnership highlights the complexities of modern cyber warfare and raises questions about accountability, ethics, and the future of cybersecurity strategies.

Conclusion:

  • Ben Buchanan’s The Hacker and the State provides a chilling account of how nations weaponise cyberspace to advance their political and strategic interests. The book reveals the fragility of national digital infrastructures, with cyberattacks capable of stealing data, causing physical harm, sowing political unrest, and destabilising global systems.

  • As we delve deeper into the 21st century, Buchanan makes it clear that cyber warfare is not just a future prospect—it is a present reality. Governments, corporations, and individuals must remain vigilant and prepared to confront the challenges of this new geopolitical battleground.