[Infowarrior] - Hillary Clinton Thinks Real-World Military Responses To Hacking Attacks Are A Nifty Idea

[Richard Forno]

Hillary Clinton Thinks Real-World Military Responses To Hacking Attacks Are A Nifty Idea

from the bombing-for-the-lulz dept

https://www.techdirt.com/articles/20160901/14363235418/hillary-clinton-thinks-real-world-military-responses-to-hacking-attacks-are-nifty-idea.shtml

While hacking and "cybersecurity" threats have long been used to justify awful government policy, the entire concept is clearly about to be turbocharged. With the rise in hacking attacks on the DNC, many were quick to call for renewed cyberattacks on Russia despite the fact that hard, transparent proof of Russian nation state involvement remains hard to come by (the idea being unsound either way). But in a speech last week, Presidential hopeful Hillary Clinton took things one step further by suggesting that she'll make it an administration goal to respond to cyberattacks with real-world military force:

"As President, I will make it clear that the United States will treat cyberattacks just like any other attack. We will be ready with serious political, economic, and military responses," she told the attendees, largely made up of veterans and their supporters. "We are going to invest in protecting our governmental networks and our national infrastructure," she continued. "I want us to lead the world in setting the rules in cyberspace. If America doesn't, others will."

There are several things wrong with this narrative. The US government and Western media seem to frequently go out of their way to imply that the United States is an innocent little hacking daisy, nobly defending itself from a wide variety of evil international threats. But as we saw with Stuxnet, the United States is very often the country doing the attacking, often with major negative impact on countries, companies and civilians worldwide. That the US has the moral high ground on cybersecurity is little more than a stale meme, and it needs to be put out of its misery. 

And granted, while Clinton was clearly trying to appeal to her veteran audience at the American Legion National Conference (most of whom likely can't tell a terabyte from T-Mobile), America's moral cybersecurity superiority was on proud display all the same:
"We need to respond to evolving threats from states like Russia, China, Iran and North Korea," Clinton said in the speech. "We need a military that is ready and agile so it can meet the full range of threats and operate on short notice across every domain – not just land, sea, air and space but also cyberspace. "You've seen reports. Russia's hacked into a lot of things, China has hacked into a lot of things. Russia even hacked into the Democratic National Committee, maybe even some state election systems. So we have got to step up our game. Make sure we are well defended and able to take the fight to those who go after us."
Again, you'll note that the United States is portrayed as an innocent and noble defender of cybersecurity freedom, when it's the one often engaging in frequently-unprovoked attacks the world over. Of course, Clinton and friends are well aware that the vast majority of the time it's impossible to know where an attack came from, and any hacker worth his or her salt simply doesn't leave footprints. That makes a real-world military or economic response to a nebulous, usually-unprovable threat simply idiotic. You'd assume Clinton knows this and was just doing some light pandering to the audience. 

But this rhetoric alone is still dangerous in that it opens the door wide to using hacking -- much like communism and Islamic extremism and numerous "isms" before them -- as a nebulous, endlessly mutable justification for a litany of bad US behavior. You could, for example, covertly hack a government, publicize its hacking response to your hack, using the press to help you justify military action. Given the US and global media's historical complicity in helping governments begin wars with jack shit for evidence, it shouldn't be hard to see how hacking is going to be a useful bad policy bogeyman du jour for decades to come. 

Despite some repeated, painful lessons on this front stretching back generations, forcing the government to show its math before it resorts to violence is simply not the US media's strong suit. And with hacking and cybersecurity being subjects the press and public are extra-violently ignorant about, we've created the opportunity for some incredible new sleight of hand when it comes to framing and justifying US domestic and international policy. If history is any indication, by next time this year we'll be blaming everything under the sun on Russian hackers because after all, two anonymous senior government officials said so. 

Healthy skepticism will be our ally as we stumble down the rabbit hole. While it's no surprise that Russia, like the United States is deeply-involved in nation state hacking, you'll note that actual evidence linking the Putin Administration to the recent rise in US hacking attacks remains fleeting. Most reports simply cite a single anonymous US government source, or security firms with a vested interest in selling services and products. That's not to say Putin and friends aren't busy hacking the US, but whether a country is responding to similar attacks by the United States (pdf) -- or is actually involved at all -- is rather important to transparently document before you begin trotting out awful new policies or worse, real world bombs.

--
It's better to burn out than fade away.