Welcome to Tech Stuff, a production from I Heart Radio. Hey there, and welcome to tech Stuff. I'm your host, Jonathan Strickland. I'm an executive producer with I Heart Radio and a love of all things tech, and I am currently hard at work on an episode that's about cybersecurity, cyber warfare, AI, the AI arms race China. It's a lot of stuff, a lot of different parts. This is largely brought on because recently the Pentagon's chief software officer resigned and in the process left a very angry and detailed list of grievances that led to his decision to resign. So I'm working on an episode that really dives into all of that and explains what the landscape is, what the concerns are, kind of tries to examine how realistic certain threats are or whether there might be other mitigating factors. As it turns out, these things get very, very complicated, not just because of the technology, but because the way the rest of the world works. Like, we can't divorce technology from the way things happen in the world, right, I Mean, they obey the same sort of restrictions that the rest of us do. So anyway, long story short, too late. I'm still working on that piece. I want to make sure that it's as good as I can possibly make it before I publish it. So in the spirit of that piece, I thought we could listen to a classic episode of Tech Stuff. This one published way back on June two thousand nine, and it is titled are We in Cyber War? So this episode is more than a decade old. It's with me and original co host Chris Pullette, and we just have this discussion. And it's interesting to go back and listen to this because obviously things have progressed a lot since two thousand nine. The cyber threats have grown significantly since two thousand nine. They were already significant then, but they're even more so now. So I think it's a great starting point to kind of say, here's where we were more than a decade ago, and then that will lead into what will be Friday's episode, which will be the deeper dive on the current landscape, why people in positions of authority in different tech departments within the United States are concerned, and what's going on with China and whether or not that's going to have a long lasting impact. So let's go and listen to this classic episode and I'll be back at the end to kind of chat a little bit more before we wrap up Enjoy. Unfortunately, we have some serious things to talk about. Actually, we have some pretty scary stuff to talk about. This. This I think is even scarier than our zombie computers and Halloween shows combined. Really, yeah, I think. So. Okay, so we're gonna talk today about cyber war. It's not pirate war, cyber war. Cyber war, so we're all we're not talking about tron here um, nor are we talking about war games, both of which are awesome movies, so put them to the top of your Netflix queue. Um. No, we're talking about using computers to either spy upon, or sabotage or otherwise inflict some sort of harm upon a nation. Um. And this can be done by one of a dozen different entities. That's the That's one of the scary things about cyber war, is that? All Right? So in classic warfare, you know, usually you you would talk about two different nations, or perhaps two different factions within a nation, fighting one another. Pretty easy to identify who the parties involved are, right, normally, yeah, because guys shooting at you, right, and normally they have you know, uniforms of some kind on you know, not to shoot your own guy. Yeah, yeah, there's some there's some general little rules that make it easier to know which guys are the ones you're supposed to be shooting. Um. Cyber war is not quite that clean cut. The problem with cyber war is that the attacks can come from anywhere. They can come from another country. They can come from patriots within another country that are acting on their own. That could come from essentially a mercenary, a hacker that's hired to do this sort of thing. Um, that could come from someone who's just trying to cause mischief and they don't have any other motives. Uh. So it an attack that can come from another country, or that it can come from within the country that is being attacked. I mean, you know you're talking about uh sort of a cyber terrorism in a way. Yeah. And as a matter of fact, him, it could be somebody sitting in his jammie, is in his living room in the computer. You know, it doesn't need to be somebody out you know, skulking around the streets or you know, somewhere in a foxhole. Heck, it could be someone parked in your driveway, hacking into your WiFi. Good point, and it's that's why we're talking about how scary this is. It's um and and on another level, it's also scary because it takes so little, relatively speaking to UH to perform an effective cyber attack. Now, when you're talking about a traditional attack on from one nation on to another, you're talking about billions of dollars worth of equipment, of of personnel. UH. You know, the things that have to go behind a war machine. I mean, we're that's a huge investment. When you're talking about cyber attacks, you're talking about a computer and a computer connection, and you know, you might have a couple of other little bells and whistles to help you along, but you really you don't necessarily need it if you know what you're doing and you have the right software. So it's one of those things wherefore a very low small entrance fee. I guess you could say you could have a huge, huge impact. As a matter of fact, your computer could be used to carry out a cyber attack. Yes, if you've if you've installed some kind of malware like a virus or a worm that UH can turn your machine into a zombie someone else can direct your computer to UH to send email and a denial of service attack which basically floods UM floods computers with spam and other and other requests if you will, for information. The thing is that doesn't require any cost on the part of on the part of the attack or at all, because all the machines are essentially donated, you know, from somebody else, right and the and to make matters worse, UH, when when anyone in authority tries to trace the source of the attack, they might come to your computer and never find the person who actually infected your computer in the first place. So then you become the person of interest, the person who's under suspicion for committing an attack, and the whole time you were completely unaware. Um. Actually, that's another big, big issue with the cyber warfare problem. Even when you can detect an attack and trace it back, you can never be a sure that the last place you you trace it back to is in fact the original spot of the attack, because there are these you know, there's there are things like proxy sites, there are the zombie computers where there's always the possibility that there's one more link you haven't found yet that will take you back even further. So that's uh, you know, if you if you uh, if you were to detect, say an attack, and you say, well, we've traced it back to China, you can never be sure that that the Chinese government was behind it. It could have been patriots in China who had the same sort of goals as the government of China, but we're acting on their own. Or it could have even been a people in a totally different country that just managed to use proxy sites in China to fool you into thinking that's where the attack came from. So it's really insidious. Um And you might wonder, well, how how vulnerable are we to these sort of attacks? And I guess it really depends on which system you're talking about, because you know, the Internet is a network of networks, right right, so any given network or any given computer could be the weak spot, you know, and and there are just tons of computers as part of the Internet. You know, every time you were computer is hooked up for Internet access, you become part of this giant cloud. Um. So, and then the really sophisticated crackers, those are the really nasty hackers. Those are the ones who can find ways to manipulate a network in ways that you know, most people don't think of, right and and to give you an idea of how vulnerable certain systems can be. Back in seven, there was a secret experiment the Department of Defense commissioned and it was called Eligible Receiver. I remember that. Yeah, this isn't This was kind of an eye opener um. Now a lot of Eligible Receiver, A lot of that mission remains classified, so we don't know all the details. But what we do know is that part of the the experiment involved getting a group of hackers together, giving them some very basic computing hardware and software, and telling them to try and break their way into the Pentagon's computer system. And it took them three days using basic computers and basic software. Uh, three day is just for regular hackers. These aren't necessarily the people who are who have a you know, an actual motive to break into the Pentagon and the fact that they're part of an experiment, right, It's not like they have a government breathing down their next saying we need access to this information. Uh So that's that's pretty sobering to think that within three days one of the nation's most important computing systems was compromised, even though it was an inside job and an experiment, right, well, they there have been attempts to shore that up since then, and in fact they conduct regular exercises in order to do that. In fact, there was one not that long ago. Every year they there are students from Army, Navy, Air Force, and the Coast Guarden Merchant Marine, as well as the Naval Postgraduate Academy and the Air Force Institute of Technology. And basically it's it's uh, undergrads were given the opportunity to defend themselves from an attack by the n s a UM and UH every year they undergo this experiment, and uh, the West Point held out the longest and they the Army got to defend their title. But they were using Lenox computers. But this is apparently a normal thing. Um. The Defense Department is only graduating eighties students a year from schools of cyber war in the United States, according to the New York Times article that I read about it. UM. And if you're wondering, this is the fifty seven Information Aggressor Squadron. They're based in Nellis Air Force Base, and they are they they are. They are. They make a point of doing this test every year, and um, you know they it's one of those things where they are making a conscious effort to attack and defend UH computer networks. And apparently the uh you know, the nerds are nerds everywhere, even at West Point Um according to the way, according to the way the article was written. They get a little ribbing for being the geeks of the group. But even the you know, the the future officers that graduate from their know the importance of the computer network because that's one of the very first things they do. They're about to deploy these guys to Afghanistan as a matter of fact, and the first thing they're gonna do is set up a secure internet connection, and they have to be ready to defend themselves against denial of the denial of service attacks and uh another attacks. So I mean, they're they're coming right out of the service academies with knowledge of how to attack and to protect UM computer networks, military computer networks. There's a bit more to go with our conversation about the state of cyber war in this classic episode, but before we get to that, let's take a quick break. You usually we call those sort of exercises red team attacks UM where a group is is designated to play the part of an UM adversary and that's the Red team. And the Red team's job is to is to achieve their goals by whatever means necessary. So in other words, you know, you're not supposed to necessarily follow a certain protocol or rules. You're supposed to be inventive and creative and try and find new ways to to really compromise or defeat the other team and UM, because that's exactly what the enemy is going to do. You know, the enemy is not going to play by rules necessarily, especially if you're talking about enemies that you can't predict. I mean, they may not even be directly involved with any other government or or official agency. So UM and and you know, we government websites and our government web servers and and systems aren't the only targets. One of the big targets in the United States, and it's been in the news quite a bit over the spring of two thousand nine is the electric grid and UH. Part of the problem with that is that systems like the electric grid and and some water and fuel systems are using UM, using the software that that directly ties into hardware, and if you just change a few settings, you can cause catastrophic damage to the the equipment. UM. There was a video that was on CNN for a while where some uh, some electric utility experts showed that with just a couple of tweaks, you could completely destroy a generator by changing some settings through the computer system, and they essentially turned a generator into a pile of scrap metal. UM. Yeah, it was very sobering to me to see that, because not that long ago the news broke out that the United States electric grid, certain parts of it anyway, uh, has been under attack by some cyber spies over the last several years. And I don't really know who it is, right right right. They've traced them back mostly to China and Russia. But again um, both China and Russia deny that they had anything to do with it. But I mean, of course, wouldn't you. The thing is it, you know, those countries are are gradually becoming more and more uh, computer centric, and it you know, it could be anybody. It could be you know, it could it could be that they are directly involved, UM, or it could be that it's groups of of individuals within those countries, or like we said, it could even be that the attacks are ultimately originating somewhere else, but we're only able to trace them back as far as Russia and China. So that's that's the other issue with the Internet is that it is a global entity, and so law enforcement officials only have so much authority to pursue cyber attacks. You know, they can cross over borders easily on the Internet, but law enforcement can't. They don't necessarily have the authority to pursue an investigation beyond the borders of you know, whatever their jurisdiction is. So that also makes life much more complicated when you're talking about fending off cyber warfare attacks. Yeah, you know, uh, it wasn't even that long ago that some countries were complaining of real cyber attacks launched on their inner infrastructure, like Estonia not too long ago, and uh they were blaming the Russians for that attack. But that was back in in two thousand seven, all those years ago. Yeah, all those both years ago. Yeah. Well, you know they say that Internet time is sort of like dog years. It's about that would make it about fourteen years ago in Internet, So I guess so, um. Yeah. And then of course there's the example of the Dalai Lama's office that the Tibetan office that was uh. They knew they were being watched, right, they were absolutely certain that their systems had been compromised UM, and they hired a Canadian firm to investigate. In the Canadian firm found that indeed, there there were programs installed upon the Dali lamas Uh computer systems, and that it appeared to be coming from an offshore island off the coast of a China. And the software even included UM controls that would allow people on the other end to activate audio and video software UM and hardware so that they could turn on if the computer had a webcam or a microphone, they could turn it on and turn it into a remote listening station, so they could actually spy on the goings on of these offices remotely. UM. So, I mean, this is a very real problem worldwide. It's not just something that we have to worry about in the United States or or you know, any other specific nation. It's it's pretty much if if you have computers, there's a good chance there's another party somewhere that's really interested in finding out what you know and what you don't know and what you're up to. Yep, and um, there's there's even another component to it that I know we were gonna stick, uh mainly to talking about how you could use computers to launch computer attacks, but um, another facet of this that I think is interesting was sort of relates to a blog post I wrote in early April um on the tech stuff blog that talked about the Moldovan pro democracy protesters and they weren't launching computer attacks, but what they were doing was using uh social networking sites like Twitter and Facebook to coordinate their efforts sort of like flash mobs. They could go ahead and use computer networks like those and uh text messaging to discuss where and when they were going to organize and meet and hold a demonstration. So that's um, I mean, that's you know, relying on the network staying up and rather than taking them down. But UM, I just it's just kind of funny because you know, you don't think of you think of Facebook and Twitter or something we use for fun or to to keep up with people, and just another way that you can use them to actually, I mean, those could those could just as well have been used to hold a violent, you know, attack on someone. Say, you know, meet at this corner at one forty in the afternoon, Uh, you know, and have everybody show up and start fighting. Well, if the law enforcement is unaware of it or the military forces are unaware of it, you know, that could be a devastating attack, and it could be used by virtually anybody. Chris and I have a bit more to say about cyber war in general, and we'll get to that after this quick break. The dangers of these attacks go beyond just damaging a network or shutting down a system. UM. One of the big fears that a lot of security folks have is that what if you were to coordinate a physical attack with a cyber attack. So what if you were to target a major city and first you bring down the city's power grid through a cyber attack, and then you couple that with an actual physical attack like bombs or or whatever, and that UM together, that would cause a real panic because suddenly you have an entire population that that doesn't have access to UM information the way they normally would, and yet there is obviously chaos going on. And uh that that really is the true definition of terrorism. There you're you're inspiring terror in the victim. UM. Now would this be nationwide? Probably not. For one thing, the electric grid is really much a pretty much a regional kind of thing. UM. But it's something that every region could theoretically be vulnerable to without the right security measures in place. UM. I. Now, that sort of attack obviously would have to come from a much more organized group. UM. It would have to come from a country or organization that had a strong financial backing to be able to fund the physical side of the attack. UM. So that that narrows down the list of possible suspects who could do that. But it's still within the realm of possibility. And it's one of those things that you know, keep security people up at night. Sure sure UM. And you know, I'm really not certain what we're going to be able to do short of pulling all the plugs um to make it h an impost complete and utter impossibility that they could carry out those kinds of attacks, because UM, it's just going to require constant monitoring and searching for vulnerabilities. That's why the efforts of those who are participating in those um those computer security uh war games, if you will, UM, there they're so important because they're searching, they're actively searching for those vulnerabilities in the system and try, you know, to try to find ways to patch them up before they can be hacked into. But um, you know, I think that any time that you update those systems, you're going to open up new vulnerabilities and new problems. And you know, it's just one of those things where the people who whose job it is to pay attention to it are just going to have to stay constantly vigilant to prevent something like that from happening. And it is even more complicated when you think that. You know, not every system runs on the same software or operating system or whatever, so some of them are proprietary and uh and and so you might find something that works as a great security measure for one system, but it's not at all applicable to any other. So it is a huge challenge. I mean, well, what's the response to that. Do you go ahead and try and standardize everything so that hopefully the same measures will work across the board. Because if you do that and someone does find a vulnerability, suddenly they've got a vulnerability that works across all systems. So I mean it's a yeah, it's a double edged sword, and it's it's there are no easy answers. We've got people who are way smarter than I am working on this UM and I wish them the best because this is this is scary stuff. Now. Are we all in danger of something like this happening anytime soon? I don't know. I don't know. I don't think so. I mean, I'm not I'm not staying up at night worrying the next day about that's going to be the day when the cyber war attack is going to happen. But it's I mean, it is possible. It's just not necessarily something that you know that I'm gonna have to worry about on a day to day basis. Well, the more systems come online UM in more places around the world, I think it's going to be it becomes sort of like you know, aerial assaults were after you know, that became a real possibility in the twentieth century. It's it's going to be something that a well planned military strategy is going to include. You got your ground groops, you know, air see and internet. Anything that can take down the computer network, the computer the communications network, the power grid, all at one time. If you can do that, then you know you'll panic the citizenry, and that just gives you a better chance. I can pretty much guarantee that just about every modern nation in the world has some sort of plan like that in place. Um, and I can also guarantee that they're not going to share that because that kind of defeats the purpose of the plan. Yeah, but you know, my Internet connection goes down plenty without anybody attacking it. So and I occasionally lose power if I sneeze too hard, so or maybe a blackout. It's one of the two either way. All right, then I'm done. I'm yeah. That's all I have divulge to the public. That wraps up that classic episode of tech stuff. Like I said, you know, a lot has happened in the the you know, twelve years since we recorded that episode. Uh, things have have evolved dramatically. We have all sorts of different threats. We have to be aware of things like like uh, like supply chain threats like we saw with the solar winds hack. That's just one example. So when Friday's episode publishes, I'll have a more full discussion about cybersecurity in general. As well as why are we seeing the various departments within the United States Defense Department lagging behind when it comes to cybersecurity, what might be done about it, how does China factor into it? And more so, tune into Friday's episode for a deeper dive into all of that. I appreciate your patients. This means we will not have a classic episode on Friday, So today was your classic episode. And as always, if you have such austions for topics I should cover in tech stuff, whether it's a specific technology, a trend, a company, maybe that's the history of a tech that you want to know more about. Reach out to me on Twitter. The handle for the show is text stuff H s W and I'll talk to you again really soon. Y tex Stuff is an I Heart Radio production. For more podcasts from my Heart Radio, visit the i Heart Radio app, Apple Podcasts, or wherever you listen to your favorite shows.

Welcome to Tech Stuff, a production from I Heart Radio. Hey there, and welcome to tech Stuff. I'm your host, Jonathan Strickland. I'm an executive producer with I Heart Radio and a love of all things tech, and I am currently hard at work on an episode that's about cybersecurity, cyber warfare, AI, the AI arms race China. It's a lot of stuff, a lot of different parts. This is largely brought on because recently the Pentagon's chief software officer resigned and in the process left a very angry and detailed list of grievances that led to his decision to resign. So I'm working on an episode that really dives into all of that and explains what the landscape is, what the concerns are, kind of tries to examine how realistic certain threats are or whether there might be other mitigating factors. As it turns out, these things get very, very complicated, not just because of the technology, but because the way the rest of the world works. Like, we can't divorce technology from the way things happen in the world, right, I Mean, they obey the same sort of restrictions that the rest of us do. So anyway, long story short, too late. I'm still working on that piece. I want to make sure that it's as good as I can possibly make it before I publish it. So in the spirit of that piece, I thought we could listen to a classic episode of Tech Stuff. This one published way back on June two thousand nine, and it is titled are We in Cyber War? So this episode is more than a decade old. It's with me and original co host Chris Pullette, and we just have this discussion. And it's interesting to go back and listen to this because obviously things have progressed a lot since two thousand nine. The cyber threats have grown significantly since two thousand nine. They were already significant then, but they're even more so now. So I think it's a great starting point to kind of say, here's where we were more than a decade ago, and then that will lead into what will be Friday's episode, which will be the deeper dive on the current landscape, why people in positions of authority in different tech departments within the United States are concerned, and what's going on with China and whether or not that's going to have a long lasting impact. So let's go and listen to this classic episode and I'll be back at the end to kind of chat a little bit more before we wrap up Enjoy. Unfortunately, we have some serious things to talk about. Actually, we have some pretty scary stuff to talk about. This. This I think is even scarier than our zombie computers and Halloween shows combined. Really, yeah, I think. So. Okay, so we're gonna talk today about cyber war. It's not pirate war, cyber war. Cyber war, so we're all we're not talking about tron here um, nor are we talking about war games, both of which are awesome movies, so put them to the top of your Netflix queue. Um. No, we're talking about using computers to either spy upon, or sabotage or otherwise inflict some sort of harm upon a nation. Um. And this can be done by one of a dozen different entities. That's the That's one of the scary things about cyber war, is that? All Right? So in classic warfare, you know, usually you you would talk about two different nations, or perhaps two different factions within a nation, fighting one another. Pretty easy to identify who the parties involved are, right, normally, yeah, because guys shooting at you, right, and normally they have you know, uniforms of some kind on you know, not to shoot your own guy. Yeah, yeah, there's some there's some general little rules that make it easier to know which guys are the ones you're supposed to be shooting. Um. Cyber war is not quite that clean cut. The problem with cyber war is that the attacks can come from anywhere. They can come from another country. They can come from patriots within another country that are acting on their own. That could come from essentially a mercenary, a hacker that's hired to do this sort of thing. Um, that could come from someone who's just trying to cause mischief and they don't have any other motives. Uh. So it an attack that can come from another country, or that it can come from within the country that is being attacked. I mean, you know you're talking about uh sort of a cyber terrorism in a way. Yeah. And as a matter of fact, him, it could be somebody sitting in his jammie, is in his living room in the computer. You know, it doesn't need to be somebody out you know, skulking around the streets or you know, somewhere in a foxhole. Heck, it could be someone parked in your driveway, hacking into your WiFi. Good point, and it's that's why we're talking about how scary this is. It's um and and on another level, it's also scary because it takes so little, relatively speaking to UH to perform an effective cyber attack. Now, when you're talking about a traditional attack on from one nation on to another, you're talking about billions of dollars worth of equipment, of of personnel. UH. You know, the things that have to go behind a war machine. I mean, we're that's a huge investment. When you're talking about cyber attacks, you're talking about a computer and a computer connection, and you know, you might have a couple of other little bells and whistles to help you along, but you really you don't necessarily need it if you know what you're doing and you have the right software. So it's one of those things wherefore a very low small entrance fee. I guess you could say you could have a huge, huge impact. As a matter of fact, your computer could be used to carry out a cyber attack. Yes, if you've if you've installed some kind of malware like a virus or a worm that UH can turn your machine into a zombie someone else can direct your computer to UH to send email and a denial of service attack which basically floods UM floods computers with spam and other and other requests if you will, for information. The thing is that doesn't require any cost on the part of on the part of the attack or at all, because all the machines are essentially donated, you know, from somebody else, right and the and to make matters worse, UH, when when anyone in authority tries to trace the source of the attack, they might come to your computer and never find the person who actually infected your computer in the first place. So then you become the person of interest, the person who's under suspicion for committing an attack, and the whole time you were completely unaware. Um. Actually, that's another big, big issue with the cyber warfare problem. Even when you can detect an attack and trace it back, you can never be a sure that the last place you you trace it back to is in fact the original spot of the attack, because there are these you know, there's there are things like proxy sites, there are the zombie computers where there's always the possibility that there's one more link you haven't found yet that will take you back even further. So that's uh, you know, if you if you uh, if you were to detect, say an attack, and you say, well, we've traced it back to China, you can never be sure that that the Chinese government was behind it. It could have been patriots in China who had the same sort of goals as the government of China, but we're acting on their own. Or it could have even been a people in a totally different country that just managed to use proxy sites in China to fool you into thinking that's where the attack came from. So it's really insidious. Um And you might wonder, well, how how vulnerable are we to these sort of attacks? And I guess it really depends on which system you're talking about, because you know, the Internet is a network of networks, right right, so any given network or any given computer could be the weak spot, you know, and and there are just tons of computers as part of the Internet. You know, every time you were computer is hooked up for Internet access, you become part of this giant cloud. Um. So, and then the really sophisticated crackers, those are the really nasty hackers. Those are the ones who can find ways to manipulate a network in ways that you know, most people don't think of, right and and to give you an idea of how vulnerable certain systems can be. Back in seven, there was a secret experiment the Department of Defense commissioned and it was called Eligible Receiver. I remember that. Yeah, this isn't This was kind of an eye opener um. Now a lot of Eligible Receiver, A lot of that mission remains classified, so we don't know all the details. But what we do know is that part of the the experiment involved getting a group of hackers together, giving them some very basic computing hardware and software, and telling them to try and break their way into the Pentagon's computer system. And it took them three days using basic computers and basic software. Uh, three day is just for regular hackers. These aren't necessarily the people who are who have a you know, an actual motive to break into the Pentagon and the fact that they're part of an experiment, right, It's not like they have a government breathing down their next saying we need access to this information. Uh So that's that's pretty sobering to think that within three days one of the nation's most important computing systems was compromised, even though it was an inside job and an experiment, right, well, they there have been attempts to shore that up since then, and in fact they conduct regular exercises in order to do that. In fact, there was one not that long ago. Every year they there are students from Army, Navy, Air Force, and the Coast Guarden Merchant Marine, as well as the Naval Postgraduate Academy and the Air Force Institute of Technology. And basically it's it's uh, undergrads were given the opportunity to defend themselves from an attack by the n s a UM and UH every year they undergo this experiment, and uh, the West Point held out the longest and they the Army got to defend their title. But they were using Lenox computers. But this is apparently a normal thing. Um. The Defense Department is only graduating eighties students a year from schools of cyber war in the United States, according to the New York Times article that I read about it. UM. And if you're wondering, this is the fifty seven Information Aggressor Squadron. They're based in Nellis Air Force Base, and they are they they are. They are. They make a point of doing this test every year, and um, you know they it's one of those things where they are making a conscious effort to attack and defend UH computer networks. And apparently the uh you know, the nerds are nerds everywhere, even at West Point Um according to the way, according to the way the article was written. They get a little ribbing for being the geeks of the group. But even the you know, the the future officers that graduate from their know the importance of the computer network because that's one of the very first things they do. They're about to deploy these guys to Afghanistan as a matter of fact, and the first thing they're gonna do is set up a secure internet connection, and they have to be ready to defend themselves against denial of the denial of service attacks and uh another attacks. So I mean, they're they're coming right out of the service academies with knowledge of how to attack and to protect UM computer networks, military computer networks. There's a bit more to go with our conversation about the state of cyber war in this classic episode, but before we get to that, let's take a quick break. You usually we call those sort of exercises red team attacks UM where a group is is designated to play the part of an UM adversary and that's the Red team. And the Red team's job is to is to achieve their goals by whatever means necessary. So in other words, you know, you're not supposed to necessarily follow a certain protocol or rules. You're supposed to be inventive and creative and try and find new ways to to really compromise or defeat the other team and UM, because that's exactly what the enemy is going to do. You know, the enemy is not going to play by rules necessarily, especially if you're talking about enemies that you can't predict. I mean, they may not even be directly involved with any other government or or official agency. So UM and and you know, we government websites and our government web servers and and systems aren't the only targets. One of the big targets in the United States, and it's been in the news quite a bit over the spring of two thousand nine is the electric grid and UH. Part of the problem with that is that systems like the electric grid and and some water and fuel systems are using UM, using the software that that directly ties into hardware, and if you just change a few settings, you can cause catastrophic damage to the the equipment. UM. There was a video that was on CNN for a while where some uh, some electric utility experts showed that with just a couple of tweaks, you could completely destroy a generator by changing some settings through the computer system, and they essentially turned a generator into a pile of scrap metal. UM. Yeah, it was very sobering to me to see that, because not that long ago the news broke out that the United States electric grid, certain parts of it anyway, uh, has been under attack by some cyber spies over the last several years. And I don't really know who it is, right right right. They've traced them back mostly to China and Russia. But again um, both China and Russia deny that they had anything to do with it. But I mean, of course, wouldn't you. The thing is it, you know, those countries are are gradually becoming more and more uh, computer centric, and it you know, it could be anybody. It could be you know, it could it could be that they are directly involved, UM, or it could be that it's groups of of individuals within those countries, or like we said, it could even be that the attacks are ultimately originating somewhere else, but we're only able to trace them back as far as Russia and China. So that's that's the other issue with the Internet is that it is a global entity, and so law enforcement officials only have so much authority to pursue cyber attacks. You know, they can cross over borders easily on the Internet, but law enforcement can't. They don't necessarily have the authority to pursue an investigation beyond the borders of you know, whatever their jurisdiction is. So that also makes life much more complicated when you're talking about fending off cyber warfare attacks. Yeah, you know, uh, it wasn't even that long ago that some countries were complaining of real cyber attacks launched on their inner infrastructure, like Estonia not too long ago, and uh they were blaming the Russians for that attack. But that was back in in two thousand seven, all those years ago. Yeah, all those both years ago. Yeah. Well, you know they say that Internet time is sort of like dog years. It's about that would make it about fourteen years ago in Internet, So I guess so, um. Yeah. And then of course there's the example of the Dalai Lama's office that the Tibetan office that was uh. They knew they were being watched, right, they were absolutely certain that their systems had been compromised UM, and they hired a Canadian firm to investigate. In the Canadian firm found that indeed, there there were programs installed upon the Dali lamas Uh computer systems, and that it appeared to be coming from an offshore island off the coast of a China. And the software even included UM controls that would allow people on the other end to activate audio and video software UM and hardware so that they could turn on if the computer had a webcam or a microphone, they could turn it on and turn it into a remote listening station, so they could actually spy on the goings on of these offices remotely. UM. So, I mean, this is a very real problem worldwide. It's not just something that we have to worry about in the United States or or you know, any other specific nation. It's it's pretty much if if you have computers, there's a good chance there's another party somewhere that's really interested in finding out what you know and what you don't know and what you're up to. Yep, and um, there's there's even another component to it that I know we were gonna stick, uh mainly to talking about how you could use computers to launch computer attacks, but um, another facet of this that I think is interesting was sort of relates to a blog post I wrote in early April um on the tech stuff blog that talked about the Moldovan pro democracy protesters and they weren't launching computer attacks, but what they were doing was using uh social networking sites like Twitter and Facebook to coordinate their efforts sort of like flash mobs. They could go ahead and use computer networks like those and uh text messaging to discuss where and when they were going to organize and meet and hold a demonstration. So that's um, I mean, that's you know, relying on the network staying up and rather than taking them down. But UM, I just it's just kind of funny because you know, you don't think of you think of Facebook and Twitter or something we use for fun or to to keep up with people, and just another way that you can use them to actually, I mean, those could those could just as well have been used to hold a violent, you know, attack on someone. Say, you know, meet at this corner at one forty in the afternoon, Uh, you know, and have everybody show up and start fighting. Well, if the law enforcement is unaware of it or the military forces are unaware of it, you know, that could be a devastating attack, and it could be used by virtually anybody. Chris and I have a bit more to say about cyber war in general, and we'll get to that after this quick break. The dangers of these attacks go beyond just damaging a network or shutting down a system. UM. One of the big fears that a lot of security folks have is that what if you were to coordinate a physical attack with a cyber attack. So what if you were to target a major city and first you bring down the city's power grid through a cyber attack, and then you couple that with an actual physical attack like bombs or or whatever, and that UM together, that would cause a real panic because suddenly you have an entire population that that doesn't have access to UM information the way they normally would, and yet there is obviously chaos going on. And uh that that really is the true definition of terrorism. There you're you're inspiring terror in the victim. UM. Now would this be nationwide? Probably not. For one thing, the electric grid is really much a pretty much a regional kind of thing. UM. But it's something that every region could theoretically be vulnerable to without the right security measures in place. UM. I. Now, that sort of attack obviously would have to come from a much more organized group. UM. It would have to come from a country or organization that had a strong financial backing to be able to fund the physical side of the attack. UM. So that that narrows down the list of possible suspects who could do that. But it's still within the realm of possibility. And it's one of those things that you know, keep security people up at night. Sure sure UM. And you know, I'm really not certain what we're going to be able to do short of pulling all the plugs um to make it h an impost complete and utter impossibility that they could carry out those kinds of attacks, because UM, it's just going to require constant monitoring and searching for vulnerabilities. That's why the efforts of those who are participating in those um those computer security uh war games, if you will, UM, there they're so important because they're searching, they're actively searching for those vulnerabilities in the system and try, you know, to try to find ways to patch them up before they can be hacked into. But um, you know, I think that any time that you update those systems, you're going to open up new vulnerabilities and new problems. And you know, it's just one of those things where the people who whose job it is to pay attention to it are just going to have to stay constantly vigilant to prevent something like that from happening. And it is even more complicated when you think that. You know, not every system runs on the same software or operating system or whatever, so some of them are proprietary and uh and and so you might find something that works as a great security measure for one system, but it's not at all applicable to any other. So it is a huge challenge. I mean, well, what's the response to that. Do you go ahead and try and standardize everything so that hopefully the same measures will work across the board. Because if you do that and someone does find a vulnerability, suddenly they've got a vulnerability that works across all systems. So I mean it's a yeah, it's a double edged sword, and it's it's there are no easy answers. We've got people who are way smarter than I am working on this UM and I wish them the best because this is this is scary stuff. Now. Are we all in danger of something like this happening anytime soon? I don't know. I don't know. I don't think so. I mean, I'm not I'm not staying up at night worrying the next day about that's going to be the day when the cyber war attack is going to happen. But it's I mean, it is possible. It's just not necessarily something that you know that I'm gonna have to worry about on a day to day basis. Well, the more systems come online UM in more places around the world, I think it's going to be it becomes sort of like you know, aerial assaults were after you know, that became a real possibility in the twentieth century. It's it's going to be something that a well planned military strategy is going to include. You got your ground groops, you know, air see and internet. Anything that can take down the computer network, the computer the communications network, the power grid, all at one time. If you can do that, then you know you'll panic the citizenry, and that just gives you a better chance. I can pretty much guarantee that just about every modern nation in the world has some sort of plan like that in place. Um, and I can also guarantee that they're not going to share that because that kind of defeats the purpose of the plan. Yeah, but you know, my Internet connection goes down plenty without anybody attacking it. So and I occasionally lose power if I sneeze too hard, so or maybe a blackout. It's one of the two either way. All right, then I'm done. I'm yeah. That's all I have divulge to the public. That wraps up that classic episode of tech stuff. Like I said, you know, a lot has happened in the the you know, twelve years since we recorded that episode. Uh, things have have evolved dramatically. We have all sorts of different threats. We have to be aware of things like like uh, like supply chain threats like we saw with the solar winds hack. That's just one example. So when Friday's episode publishes, I'll have a more full discussion about cybersecurity in general. As well as why are we seeing the various departments within the United States Defense Department lagging behind when it comes to cybersecurity, what might be done about it, how does China factor into it? And more so, tune into Friday's episode for a deeper dive into all of that. I appreciate your patients. This means we will not have a classic episode on Friday, So today was your classic episode. And as always, if you have such austions for topics I should cover in tech stuff, whether it's a specific technology, a trend, a company, maybe that's the history of a tech that you want to know more about. Reach out to me on Twitter. The handle for the show is text stuff H s W and I'll talk to you again really soon. Y tex Stuff is an I Heart Radio production. For more podcasts from my Heart Radio, visit the i Heart Radio app, Apple Podcasts, or wherever you listen to your favorite shows.