Air Date 4/2/2022
[00:00:00] JAY TOMLINSON - HOST, BEST OF THE LEFT: Welcome to this episode of the award-winning Best of the Left podcast in which we should take a look at the modern reality of cyber war. It's not the mass destruction of attacks that were imagined to look like a cyber Pearl Harbor, but the much more subtle cyber attacks that often fly under the radar and live in the gray area in attempts to inflict harm without provoking counter-attack. Clips today are from Longform; Today, Explained; The Inquiry; The PBS News Hour; Think from NBC News; Your Undivided Attention; and with an additional members-only clip from What Next: TBD.
Andy Greenberg - Longform - Air Date 12-11-19
[00:00:40] ANDY GREENBERG: I came to this story because Wired's editors, actually in late 2016, they asked me to find a big story of cyber war. In fact, they wanted to do a takeover of the whole magazine, in the way that the New York Times magazine does sometimes about like climate change or the middle east, to do an entire issue just on cyber war.
And I was resistant to that idea, actually. I mean, I said yes, because of course you say yes to like doing that sort of big thing. But I think that they had on their mind, like something about the election hacking of 2016, like Russian hackers who had meddled in the 2016 presidential election, which I didn't see as cyber war.
So I went looking for what I could serve up as like a real cyber war story. And I had been reading about what had happened in Ukraine, what was happening in Ukraine, I should say. And the fact that a group of hackers had caused the first ever blackout triggered with a cyber attack.
[00:01:33] EVAN RATLIFF - HOST, LONGFORM: This is the 2015?
[00:01:34] ANDY GREENBERG: That's right. In December of 2015. And as I read more and I talked to the sources about what was actually happening in Ukraine, I could see that actually it was part of a much larger campaign of attacks all across Ukraine, that it hits every part of Ukrainian society. Then finally kind of climaxing in 2015 with this blackout where the hackers had taken over the mouse movements of these grid operators in a Western Ukrainian electric utility. And these poor staff in the control room had watched as the mouse on their screen was clicking through circuit breakers and opening them and turning off the power to thousands of Ukrainian civilians, and they couldn't do anything about it. They were locked out of their own computers. And that to me was like, this is not only like a almost Hollywood-style hacking event, but it's in the midst of this actual cyber war unfolding.
I could see that there was a story, a real cyber war story to be told. And as I was reading about this, it happened again, these hackers turned off the power in the capital of Kyiv in the second ever blackout in history caused by hackers. And so at this point, I was like, who are these hackers? And I, I went back to the initial discovery of this one group that had carried out this series of attacks. They had been found by a little company called iSIGHT Partners outside of DC, and they appeared to be Russian because in fact, iSIGHT's analysts had found an open server that the hackers were using that had a Russian language "how to" file for how to use this malware that they were planting on all of their victims' computers.
[00:03:04] EVAN RATLIFF - HOST, LONGFORM: Not the best job of covering their tracks.
[00:03:06] ANDY GREENBERG: No, it seems like they learned over time about how to be a little more careful. But also, at that point, this one group was in each instance of planting their malware, they had a little snippet of code and those snippets were references to the scifi novel Dune.
And so iSIGHT, the company that discovered this network of attacks, called them "Sandworm" in a reference to this kind of monstrous, underground creature that lives in the deserts of Dune in this book, which turned out to be this kind of perfect name for this group that stays beneath the surface and then occasionally rises to do terribly destructive things.
So they soon found that the same hackers had also planted their malware in the US grid as well. When I found that out, I was like, this is bigger than I even had thought. In fact, at that point I told Wired's editors that we didn't have time to do a full takeover of the issue; we needed to just write this story. This was a very substantial and distinct story of the first true cyber war unfolding in Ukraine with implications for American national security. And we did a normal cover story about Sandworm and these attacks in Ukraine. And the premise of it was that we should watch what's happening in Ukraine because it's become a test lab for cyber war, that that's cyber war happening in Ukraine will sooner or later spill outs to the west.
Which turned out to be exactly what happened.
[00:04:27] EVAN RATLIFF - HOST, LONGFORM: Yeah, indeed. That is what took place. Well, that's what I mean. I feel like this is a book that I, in some sense, I've been waiting for someone to write and it's partly because since really the nineties, if you follow this stuff, people in talking about digital Pearl Harbor, or then it became digital 9/11, this phrase for an event, a cyber attack or a cyber war exercise spills over into the real world in some dramatic way.
But I feel like that also represents a challenge. When you first approached it, did you feel, having covered this for many years, cynical about the idea that this could be possible? Or were you a person who thought, oh, this is coming; I see the signs of it coming?
[00:05:08] ANDY GREENBERG: Right. I think cyber war, like even when my editors asked for that, I was like, well, that's a term that has all of his baggage because we've all read these stories of what if hackers turn off the power? What of hackers destroyed all the computers inside of a bank? What if hackers took down the medical records systems of hospitals? And those are played out, sort of fear-mongery stories about some hypothetical future. It just happens that actually this has happened now. And the story that I tell him this book is about all of those things happening. Literally all of those things I just mentioned happens in Ukraine, and then actually the rest of the world too, this Ukrainian cyber war did spill out to become, I don't want to say a cyber 9/11, because it's like, I dunno, that's kind of a terrible phrase, but it's like this kind of massive global cyber attack really did happen. In fact, it happened the day that Wired cover story hit newsstands, bizarrely, this prediction. You don't really want your prediction to come true that quickly. You don't even really get credit for it if it happens that day. But that is basically the NotPetya -- this climactic, truly catastrophic piece of malware -- hit Ukraine and spread to the rest of the world the very day that this predictive story came out in Wired.
[00:06:22] EVAN RATLIFF - HOST, LONGFORM: That's amazing.
[00:06:23] ANDY GREENBERG: Yeah, it was kind of bizarre. I mean, we didn't immediately recognize that. Because NotPetya, this worm, was made to look like ransomware, like a piece of malware that locks up your computer and you're supposed to pay some amount of money. $300 is what's -- your screen goes black and then shows this ransom message asking for $300 in Bitcoin to unlock your computer. It turned out that even if you paid that you wouldn't get your computer back, it would remain in fact fully encrypted and destroyed, essentially. NotPetya was a destructive worm that was made to look like a cyber criminal ransomware worm.
[00:06:57] EVAN RATLIFF - HOST, LONGFORM: I feel like there are a lot of reporting challenges in this, approaching these subjects. And in particular, that really fascinated me. And one of them is just the fact that victims of these particular attacks are often reluctant to talk about the way they were victimized. So I'm particularly interested in, for NotPetya, you write about how Maersk, this big shipping company, was afflicted in absolute disaster for global logistics, commerce and their company, hundreds of millions of dollars, if I recall correctly.
So how did you get people from inside there to tell you what happened? You have it in very intimate detail what happened to them.
[00:07:37] ANDY GREENBERG: Well, you're right, that getting victims of a cyber war attack to talk is absolutely a huge challenge in this kind of reporting.
But I found that the easiest trick -- first, before we get to the Maersk -- was to talk to Ukrainians, because even in that first piece I did for Wired, I had been to Ukraine, I went to Ukraine. I talked to the operators of these facilities who had been attacked with these sabotage events that cause blackouts.
And I found that Ukrainians are always willing to tell those stories. And they also are experiencing things that nobody else is experiencing in the world, but they're tired of the global community ignoring this war, this invasion from Russia. So --
[00:08:10] EVAN RATLIFF - HOST, LONGFORM: So when you showed up, they were like, come.
[00:08:11] ANDY GREENBERG: Yeah, here's the video I filmed on my iPhone of the mouse cursor being taken over to cause a blackout. It's kind of a reporter's dream.
So when NotPetya hits and we started to see the scale of it, that it was costing global companies hundreds of millions of dollars, ultimately $10 billion in damages, more by far than anything we'd ever seen before, I went back to Ukraine and spent this whirlwinds week getting almost an oral history of the effects of this malware that had carpet bombed the entire internet of Ukraine before it spread to the west. It just really devastated the Ukrainian entire digital ecosystem. And it took down hundreds of companies, every government agency, hospitals, hit every power company, multiple airports. And Ukraine, I don't think it's an exaggeration to say it, is the kind of cyber apocalyptic event we've been waiting for. And I heard from each of these Ukrainian sources, their personal story. So I spent the day trying to rescue the entire health ministries network. And then I left to go home and found that I couldn't swipe my card to get on the subway. And then I had to go try to find cash to buy a physical token, to get on the Metro, but actually all the ATM's in the whole neighborhood were down. And I found one ATM that had some cash, but a tiny cash limit. And I waited in line to get some cash. And then I managed to buy this token and get to my neighborhood. But then I tried to buy groceries and the payment system was down at my grocery store and I had to go back out into this kind of chaotic fog of war, this feeling of -- one guy actually described it to me as a kind of feeling of a disorientation as if he was missing a limb, that everything was broken. And other people described it as a kind of end of the world movie that they were suddenly in the middle of.
So Ukrainians were very willing to talk about this. And that was easy, if you just go there and ask. The real challenge was to get somebody outside of Ukraine to tell the story of how their institution was just devastated by this. We knew because all of these multinationals had reported to their shareholders, hundreds of millions of dollars in damages, like Maersk, the world's biggest shipping firm, had lost $300 million. FedEx had lost $400 million. Merck, the pharmaceutical company, had lost $870 million. So I started the kind of really laborious process of building a new beat of trying to get any of these companies I didn't cover it all to tell me that story. And none of them would officially, so it was all just back-channeling with anonymous sources.
How America’s gas got hacked - Today, Explained - Air Date 5-12-21
[00:10:40] SEAN RAMESWARAM - HOST, TODAY, EXPLAINED: At what point, rob, did ransomware attacks get so established that an outfit like Darkside could have a hotline and a bunch of contractors and a public facing PR operation?
[00:10:54] ROBERT M. LEE: To be fair, this has been for years now that these groups have operated like businesses.
Uh, what we've seen recently, though, is in the last couple of years, there's been so many remote vulnerabilities-- so, vulnerabilities that take advantage of how you log in to work, and how you get access from a remote home location. Um, those vulnerabilities coming out, which allows these criminals more access than ever, and a targeting these companies.
[00:11:18] SEAN RAMESWARAM - HOST, TODAY, EXPLAINED: And we've covered this issue before on the show, when... you know, this was a huge problem in Baltimore...
[00:11:24] ARCHIVE NEWS CLIP: Baltimore city leaders voted Wednesday to use $6 million in park funding to help pay for a ransomware attack that infected local government computers last May.
[00:11:34] SEAN RAMESWARAM - HOST, TODAY, EXPLAINED: Lily told us about how problematic ransomware attacks have been in the past year during this pandemic, especially attacks on hospitals. But how typical are the kinds of attacks that we're seeing this week with this Colonial Pipeline?
[00:11:48] ROBERT M. LEE: Yeah, it's not typical for an IT, or this corporate network, uh, compromised impact operations. It can happen, but that's not super common.
However, there's a lot of these cases that happen, and they're way more common than people realize, on the operations side. Like, we... we get called in all the time to when folks are... are experiencing ransomware attacks and others on their production environments. Um, it's just generally not reported and it usually doesn't have the type of impact that we saw.
[00:12:17] SEAN RAMESWARAM - HOST, TODAY, EXPLAINED: I mean, I imagine it's a pretty profitable business to be executing these ransomware attacks, especially ones as big as the one we saw this week on the Colonial Pipeline. How profitable a business is it to try and protect companies from these kinds of attacks?
[00:12:31] ROBERT M. LEE: Yeah. Not... not as profitable. If you want to make money, the criminal and criminal route is probably better. But you can't sleep well at night with that.
So, uh, each of these ransomware groups, when they target these companies, it's a multi-million dollar ransom. Which may not sound huge-- I mean, obviously scales up the size of the companies-- um, but that's very impactful. And when they're running, you know, dozens of these at a time, it's an extremely profitable business for these gangs.
[00:12:55] SEAN RAMESWARAM - HOST, TODAY, EXPLAINED: And can you and your team actually protect these companies from these kinds of attacks?
[00:13:00] ROBERT M. LEE: There are so many companies that go to battle with these adversaries every day, and you never hear about them, they never make the news, because they're winning, and they're doing really well.
And, what we see time and time again, is a lot of the security work put in these companies is preventative. It's, "How do we prevent attacks? How do we prevent issues? How do we put up our guard?"
But if you don't actually have visibility what's happening inside the house, and you can't detect and you can't respond, that's when people get in trouble. And on the operation side of the house, these operation technology environments, uh, it's historically just been preventative.
So people are waking up to the fact that we need to do more on that side of the house and make sure that we can be more proactive against these threats. A lot of these companies don't do the things that they could or should. And. I'm not saying that in context of Colonial, a lot of the things that they're doing right now seem really good. But when you talk about various city and municipal infrastructure, they are definitely lagging in the investments that happen at other companies.
And if you look at it-- the industrial sector at large-- they historically significantly lag financial sector and others who are doing a lot more in security.
So I don't think it's an issue of, "Do we not know how to do it?" It's usually an issue of, "Are we investing in the problem?"
[00:14:06] SEAN RAMESWARAM - HOST, TODAY, EXPLAINED: And who's the "We?" Is the... is the United States government? Is it these businesses? Who is it?
[00:14:11] ROBERT M. LEE: I put that in the context of the businesses. I think it's very fair that everyone always goes, "What is the government doing about this? What can the government do more?" et cetera.
But, you know, the government's got their own problems. You have the OPM breach...
[00:14:22] ARCHIVE NEWS CLIP: More than 21 million Americans had personal information stolen from government files in a data breach that was six times as large as originally disclosed.
[00:14:31] ROBERT M. LEE: The Solar Winds breach...
[00:14:33] ARCHIVE NEWS CLIP: Reverberations continue about this large-scale computer hacking operation that infiltrated the networks of several government agencies and thousands of private companies.
[00:14:43] ROBERT M. LEE: So, like, we're constantly hearing about federal government networks getting compromised, and they've got a lot of mission space to do. So they don't need to be trying to fix everybody else's problem. They need to fix theirs. And then share the insights of how they did it, and share those lessons learned, and encourage the private sector to do the right things.
[00:15:01] SEAN RAMESWARAM - HOST, TODAY, EXPLAINED: I mean, is there also a, sorta, prosecution side of this that isn't happening? I mean, when we talk about a company like Darkside that seems to be operating on such a, sort of, like, corporate level: they've got a hotline; they've got a PR agency; they're donating to charities. Like, it... it starts to make you wonder if they're being policed at the level they should be, when they're executing these kinds of attacks we saw this week.
[00:15:28] ROBERT M. LEE: They're not being policed at all.
So, when you look at criminal prosecution rates, and what's actually happened in this space, if DoJ, Department of Justice, FBI, whoever, says something, these companies are still operating out of Russia, Eastern Europe, Brazil, Iran, North Korea; places that are not all too excited to go and do the bidding of U S or Canadian law enforcement, uh, and lock these companies, and these people, up.
Also, a lot of times these foreign military intelligence services, sometimes, have a symbiotic relationship with these criminal groups, where they're learning from them. They're getting capabilities from them, they're using some of their people. So, there's not a big advantage to them to do anything to them, which means they operate with complete, uh, you know, sort of, novelty.
[00:16:11] SEAN RAMESWARAM - HOST, TODAY, EXPLAINED: I mean, when you bring up Russia, North Korea, Iran, less-so Brazil, of course, I start to wonder, where is the line between the Solar Winds attacks and the Colonial Pipeline attacks? How do we differentiate the two, if some of these hackers are based in Russia or North Korea?
[00:16:30] ROBERT M. LEE: Yeah, it can be difficult for sure. But where the U S government has taken a position before, is if it can really identify that it was state-directed. If the, uh, Kremlin, as an example, directed the operation, whether or not it was Russian military or Russian civilians, that if it was directed by the Russian government, there's culpability and responsibility of Russian government, you see sanctions, you see actions as it... and there's consequences. Not... doesn't fix it, but there are some consequences.
When you really can't make that connection, like here with Darkside, they could have a connection to the Russian government, but we just don't know. Then there's not a whole lot you can do, besides hoping that Russian or Eastern European police happened to take action.
[00:17:10] SEAN RAMESWARAM - HOST, TODAY, EXPLAINED: Hm.
Rob, I understand that you used to be in the NSA. Is that right?
[00:17:14] ROBERT M. LEE: Correct.
[00:17:14] SEAN RAMESWARAM - HOST, TODAY, EXPLAINED: Are we allowed to talk about that?
[00:17:16] ROBERT M. LEE: Yeah, sure.
[00:17:16] SEAN RAMESWARAM - HOST, TODAY, EXPLAINED: I mean the United States hacks all these other countries, too, right?
[00:17:20] ROBERT M. LEE: Oh, yeah.
[00:17:22] SEAN RAMESWARAM - HOST, TODAY, EXPLAINED: Cool. I'm glad you're as forthcoming as you are.
I mean, that makes me wonder, is part of the reason we don't police this at all, according to you that we also, apparently, as a country, enjoy hacking all of these other countries, and we don't want to be saying, "You shouldn't be doing that," because we're doing it.
[00:17:44] ROBERT M. LEE: Well, it's even worse. We say you shouldn't be doing it, and then the other countries go, "Well, hold on now," you know, and like, "You're being a little hypocritical, here."
Um, and so, I don't think, internationally, we have too many legs to stand on that topic.
And we'll say, "Hey, now we play by certain rules. We don't steal intellectual property and pass it to our private sector companies like China does, we don't do criminal hacking and let them run amok like Russia does."
But, at the same time, Russia and China will come back, and be, like, "Well, we don't do certain things that you do."
And it's this... this back-and-forth of different perspectives. And ultimately, policy is mired by things that aren't technical in reality. Like, they're not grounded in technical realities, and they, uh, they often confuse the... the technical with the policy, and then it's just communication between states.
So I... I don't mean to dodge it at all. Just say, ah, we look hypocritical; we act hypocritical; but a lot of times we do the right things, but it's, sort of, our world view in terms of what is, and isn't right.
Is Russia at War with the West? Part 1 - The Inquiry - Air Date 11-21-18
[00:18:44] KAVITA PURI - HOST, THE INQUIRY: This is Oystein Borgen, a foreign correspondent for Norwegian independent television TV 2. In 2013, he was digging into some of the negative aspects of the Sochi Olympics.
[00:18:57] OYSTEIN BORGEN: And it began feeling as if the Russian state was out to get me. So basically since that time I've been exposed to almost the entire bag of tricks that the Kremlin has—harassment arrest, hacking, threats, and trolling online by people working for the Russian authorities or people that I perceive as their proxies.
[00:19:20] KAVITA PURI - HOST, THE INQUIRY: He is very clear about what he thinks is going on between Russia and the West. He calls it a hybrid war.
[00:19:29] OYSTEIN BORGEN: It's obviously not a war involving bullets or bombs. What we're basically seeing is a coordinated campaign against basically all Western democracies, where they try to undermine our systems and divide our populations with different methods.
[00:19:48] KAVITA PURI - HOST, THE INQUIRY: And as a journalist, how have you seen that happening?
[00:19:52] OYSTEIN BORGEN: I was able to witness it firsthand when they tried out some of these techniques, and that happened in 2008 when Russia invaded parts of Georgia in the caucuses.
[00:20:07] ARCHIVE NEWS CLIP: The flare-ups the worst fighting in years between the former Soviet Republic of Georgia and a breakaway region called South Ossetia, which Moscow supports and is vowed to protect. After fighting over...
[00:20:20] OYSTEIN BORGEN: We saw how the Russian side used cyber attacks and the spreading of fake news and outright propaganda against Georgia at the same time as they built up their military forces. But I think at the same time, the concept was not so developed at that time.
[00:20:36] KAVITA PURI - HOST, THE INQUIRY: A few years later, he was covering Russia's annexation of Crimea and he noticed their approach had become more sophisticated, and he seen these tactics being used in his home country of Norway. How you view this Russian influence depends on where you live. In the north Norwegian share a border and even a common culture with Russia.
[00:21:00] OYSTEIN BORGEN: A lot of Norwegians living in the northern most parts of the country still feel a sense of gratitude since the Red Army soldiers liberated the Arctic parts to Norway from fascist Germany in 1944.
[00:21:19] KAVITA PURI - HOST, THE INQUIRY: But in the south, the people don't feel the same connection, and Oystein Borgen believes the Russians are exploiting this division within Norway. In 2015 Russian troops led in thousands of refugees across the border into Norway. It wasn't an isolated incident.
[00:21:42] OYSTEIN BORGEN: We had a very curious episode where Russian Vice Premier Dmitry Rogozin suddenly started posting photos of himself on Twitter from the Norwegian island Svlabard.
[00:21:54] KAVITA PURI - HOST, THE INQUIRY: The Russian politician wasn't even meant to be on the island. He was on a sanctioned list for his role in the illegal annexation of Crimea.
[00:22:03] OYSTEIN BORGEN: And we also saw a hashtag campaign in Russian social media that echoed some of what happened before the takeover of Crimea, which said " Svalbard is ours".
[00:22:17] KAVITA PURI - HOST, THE INQUIRY: Then, on top of these multi-pronged attacks, came another odd event. At the start of the program, we told you about the 62 year old Norwegian pensioner Frode Berg who visited Moscow for spot of Christmas shopping. He's now in a Russian high security prison on espionage charges. He'd been found by Russian officials to be carrying 3000 euros inside named envelopes destined, they say, for secret agents inside Russia. Oystein Borgen explains there was a twist in the story.
[00:22:56] OYSTEIN BORGEN: In April a Norwegian newspaper ran the story about how Mr. Berg had confided to his friends back home, that he was actually some sort of freelancer for what he thought to be the intelligence service.
[00:23:12] KAVITA PURI - HOST, THE INQUIRY: Mr. Berg seems an unlikely spy, doesn't he? He's 62. He's a pensioner. He's a former border patrol guard. What a Norwegians making of this case?
[00:23:22] OYSTEIN BORGEN: They find it very, very strange.
[00:23:28] KAVITA PURI - HOST, THE INQUIRY: It is a strange case. Whether or not Frode Berg is a spy, his arrest and the discussion around it have played out exactly as the Russians hoped it would, according to Oystein Borgen.
[00:23:42] OYSTEIN BORGEN: We have seen during the past few months that the population, especially in northern Norway, has really been turning against our own authorities in this case.
[00:23:51] KAVITA PURI - HOST, THE INQUIRY: This low level disruption is happening across the world, not just in Norway. Oystein Borgen believes Russia is waging a war, a hybrid war using diplomatic and military threats combined with online and cyber attacks.
How prepared is the U.S. to fend off cyber warfare? Better at offense than defense, author says - PBS NewsHour - Air Date 8-6-18
[00:24:08] JUDY WOODRUFF - HOST, PBS NEWSHOUR: The book is The Perfect Weapon: War, Sabotage and Fear in the Cyber Age. I don't normally say this in an interview, fear is in the title, but this is a frightening book. Did you mean for it to be?
[00:24:22] DAVID SANGAR: I meant it more to be an explanatory book, but it's an explanatory book about a frightening time. And the frightening part of this is that cyber-weapons have moved, almost without us recognizing it, to be the primary way, Judy, that countries are beginning to undercut each other, do short-of-war operations against each other—operations that they don't think will start a military response.
We spent years worrying about the giant cyber-Pearl Harbor that was going to cut off all the lights from Boston to Washington or San Francisco to L.A. and, in fact, that kind of blinded us to the much more subtle uses of cyber, in which all of us are the collateral damage to this war among states that's going on far above our heads.
[00:25:10] JUDY WOODRUFF - HOST, PBS NEWSHOUR: You have so many fascinating stories in here. You had, I think, incredible access to some of the key players. One of the points you make, David Sanger, or is that the US has not only stressed secrecy above all, but it's been much more comfortable talking about what other countries are doing to the US than it's ever been willing to talk about what the US is doing to others.
[00:25:33] DAVID SANGAR: We've hit this moment, Judy, where I think, in the reporting, I became convinced that the secrecy surrounding cyber, which arises from the fact that it was one of the first weapons developed by the intelligence agencies—and they're naturally secretive—is actually beginning to become a security problem for us, because it's getting in the way of us establishing rules and deterrents.
So, let me give you an example. We have felt free to go attack nuclear facilities in Iran, or, as this book reveals, North Korea's missile program. And yet, because we won't talk about our own capabilities and operations, we can't get the government involved in a serious conversation about what's off-limits.
[00:26:19] JUDY WOODRUFF - HOST, PBS NEWSHOUR: And why haven't US officials been more willing to talk about that?
[00:26:23] DAVID SANGAR: They've confused keeping secrecy around how we build these weapons and what we do from the secrecy about how we want to go use them. And, even in the nuclear age, we kept everything about how we built nuclear weapons, where we stored them secret, and we had a big public debate about how we wanted to go use them, and it ended up in a completely different place.
[00:26:46] JUDY WOODRUFF - HOST, PBS NEWSHOUR: You write at one point that the US is still ahead, but you said that China and Russia are very close to catching up, and maybe even North Korea and Iran. How well-equipped right now is the US to fend off a major cyber-attack?
[00:27:02] DAVID SANGAR: We're much better at our offense than we are at our defense, and that's partly because most of the targets in the United States are in private hands—utilities, financial firms—but also because even while our cyber-defenses have improved, and they have improved dramatically in the past five years, the number of targets has expanded so dramatically that we can't keep up.
So you now have an internet-connected refrigerator or the cameras outside your house, if you have got them, are Internet-connected, your autonomous car—there are so many new ways in that, no matter how much better we get a defense, it seems like there are more targets.
[00:27:43] JUDY WOODRUFF - HOST, PBS NEWSHOUR: One of the things that arises out of this, and because the timing of the book, is what happened in 2016, the reported Russian attempt to interfere in the US election. What did you find out about that? Did you come away convinced that that happened?
[00:27:57] DAVID SANGAR: I not only came away convinced that it happened, but I came away convinced that we missed huge numbers of signals running up to it.
There are four chapters in the book on Russia, but the first one starts in Ukraine, and it's called "Putin's Petri Dish," because, basically, every single thing the Russians did us, they tried out in Ukraine first. And we didn't have the imagination to think that they would take that and try it here.
The second thing was, the FBI was way too slow on the investigation into what happened at the DNC. It took nine months before they really got everybody to wake up to it, and even then, the British had to step in and warn us that Russian military intelligence was inside the DNC. Then the White House got involved in a lengthy internal debate about whether to call out President Putin. Once again, they made the decision that they had made when the Russians went into the White House, the State Department, and the Joint Chiefs of Staff, not to publicly penalize the Russians, at least before the election.
[00:29:02] JUDY WOODRUFF - HOST, PBS NEWSHOUR: And, of course, the whole argument about whether President Obama moved quickly enough or not.
[00:29:07] DAVID SANGAR: And aggressively enough.
[00:29:08] JUDY WOODRUFF - HOST, PBS NEWSHOUR: And aggressively enough.
Last thing, David Sanger, you ask an important question at the end about how the US is really almost seen as a hypocrite, because we argue against other countries interfering in what we do, and yet it's something that the US is guilty of doing. Then you go on to say, it's up to us, up to the United States, to come up with ways to control this monster that we have created, that the US has created.
Do you think that's going to happen?
[00:29:37] DAVID SANGAR: If so, it's going to happen very gradually, and it's going to require a change of view in the United States and a change of view among our adversaries.
One of the ideas that's kicked around, you hear the president of Microsoft, Brad Smith, talk about it, you hear executives at Siemens and other places talk about it, is having some kind of a digital Geneva Convention, some rules about what you wouldn't do to civilians.
Now, would they get violated all the time? Sure, but then again, the Syrians violate the Geneva Conventions every time they gas civilians. But at least we would begin to have some norms of behavior. And the few efforts so far to start that at the U.N. have really died off.
[00:30:17] JUDY WOODRUFF - HOST, PBS NEWSHOUR: Which is a bleak prospect for the future.
[00:30:19] DAVID SANGAR: It is. You don't want to wait until you have such a big, paralyzing set of events or a series of smaller, but incredibly damaging cyber-attacks, for us to think about those in retrospect.
Is Russia at War with the West? Part 2 - The Inquiry - Air Date 11-21-18
[00:30:35] KAVITA PURI - HOST, THE INQUIRY: If cyberspace is the new global battlefield, there was a pressing question for NATO.
[00:30:42] MICHAEL SCHMITT: "How does international law govern cyber operations?" and I was appointed the director of the project.
[00:30:48] KAVITA PURI - HOST, THE INQUIRY: Over three years, he led a team of experts and produced what is known as the Tallinn Manual. It sets out when cyber attacks break international law on armed conflict, and when a state can act in response.
I asked Michael Schmidt if the Russians had broken the law with the cyber attack on the Democratic National Committee before the 2016 US election.
Hacking the DNC and leaking emails, is that armed conflict in a cyber sense?
[00:31:21] MICHAEL SCHMITT: Well, it's clearly not an armed conflict. It's clearly not a wrongful use of force. Why? Because the consequences were not severe enough. Then the next question is whether it's an intervention in the internal affairs of another state, and there, I think the jury's out on that one.
[00:31:48] KAVITA PURI - HOST, THE INQUIRY: If it's not an act of war, what is it?
[00:31:52] MICHAEL SCHMITT: The Russian DNC operations were the classic example of operating in the gray zone. If the Russians changed the election returns, there's no doubt whatsoever that would be a breach of sovereignty, but that's not what we understand the Russians necessarily to have done.
Instead, they feigned personalities online. They engaged in a very robust, clever influence campaign. And so we have the international law community arguing over what the Russians did and I have to applaud, I don't applaud the result, but as an attorney, I'm impressed by their acumen here. What they're doing is they're identifying those areas where, even though we agree upon the rule, we're not in complete agreement on the application of the rule, and that's where they operate—right up to the edge.
[00:32:45] KAVITA PURI - HOST, THE INQUIRY: It sounds to me like they've read your Tallinn Manual.
[00:32:48] MICHAEL SCHMITT: I suspect they have read the Tallinn Manual.
[00:32:52] KAVITA PURI - HOST, THE INQUIRY: You say this is not armed conflicts in the legalistic term, but isn't this just what war looks like now in the 21st century?
[00:33:01] MICHAEL SCHMITT: Yeah, that's an interesting observation. I think we need to avoid being sloppy about the term "war" or "armed conflict" because when you get to that threshold, you really take off the gloves. That's the point at which operations become lethal.
[00:33:16] KAVITA PURI - HOST, THE INQUIRY: Michael Schmidt believes a Russian cyber attack has not constituted an act of war in the legal sense, which would justify the use of force by another state in response. Russia is certainly operating in the gray zone, edging up to the boundaries of what is and is not legal, what is and is not war. And this gray zone extends beyond the realm of cyber attacks.
Russia Perfected Its Cyberwarfare In Ukraine — America Could Pay The Price - Think | NBC News - Air Date 11-23-19
[00:33:45] ANDY GREENBERG: Flashing back to the fall of 2014, a group of Americans, cybersecurity analysts at a company called iSIGHT Partners found that this piece of malware called BlackEnergy was being used for -- they thought -- spying on targets across NATO, Eastern Europe and also the United States. But as they and other cybersecurity analysts looked deeper, it seemed to be the kind of reconnaissance for cyber attack, for bridging a digital-physical divide, for starting to mess with the controls of things like water systems, like the electric grid. When that was exposed, this group of hackers, who iSIGHT had named Sandworm, essentially went to ground and didn't reappear for another year.
A year after Sandworm was first spotted doing those reconnaissance attacks across Europe and the West, it reappeared and now was fully in attack mode and it hits the Ukrainian railway, it hits the Kyiv airport, it hit a series of media companies, and it was using a data-destroying tool called KillDisk. In December of 2015, just a couple of days before Christmas, three Ukrainian power utilities were hit with not only KillDisk, but also a far more insidious attack. In the hardest hit of the three Ukrainian power utilities, Prykarpattyaoblenergo, the hackers had in fact used a whole arsenal of attacks. They use KillDisk to wipe all the machines, barrage of phone calls against the company who owned their phone systems. They attacked the backup power supply for the utility itself, so that when they triggered the blackout, even the utility was thrown into darkness. And then finally, when they did trigger that blackout, they did it in this very haunting fashion, by taking over the actual mouse movements of some of the operators and locking them out of their computers so that the operators were watching as their own mouse cursor was clicking through circuit breakers, turning them off one by one, cutting the power to whole swaths of the country.
The first Ukrainian blackout was an entirely unprecedented event in the history of cybersecurity. And it offered an opportunity to say to Russia and its state-sponsored hackers like Sandworm: This is not okay. This is not something we, as a global society, will tolerate. You can't attack the infrastructure of civilians in this indiscriminate way. But nobody exactly said that. And the United States certainly didn't. And the opportunity was missed in a way. We never drew that red line. We were very distracted by another Russian cyber attack -- in fact, a series of them, not Sandworm; instead, called Fancy Bear -- had infiltrated the Democratic National Committee in a kind of an influence operation designed to meddle in the US election and help elect Donald Trump. Even as the Obama administration was actually rebuking the Kremlin for its election hacking, they didn't mention the Ukrainian blackout. That was a missed opportunity. And I think it telegraphed to Putin and to the Kremlin, they could test whatever cyber war capabilities they wanted in Ukraine.
So then in the late 2016, just after the election of Donald Trump, another wave of Russian cyber attacks hit Ukraine. This second wave of attacks was even more destructive than the first. One cybersecurity analyst -- Marina Krotofil, described it to me as in the first case, it was a bunch of street thugs who were just smashing everything. In this case, they were ninjas. They weren't clicking through circuit breakers with a hijacked mouse. They use this piece of code that did it automatically: industroyer or crash_override was the first-ever automated blackout tool; at a push of a button can, like a machine gun, hit all of the circuit breakers at the utility.
And that's what happened. You don't build a tool like this just to use it once. You build it as a kind of a repeatable attack that you can drop somewhere else and it will cause a blackout again. Russian hackers were experimenting with new techniques in Ukraine that had become their kind of test lab for cyber war.
In June of 2017, a worm hit in the country called NotPetya. It was an incredibly destructive, automated worm that spread from machine to machine. Practically the entire national internet of Ukraine was shut down within hours. And that includes banks, the railway system, airports, every government agency, tons of Ukrainian companies, Ukrainian hospitals, all essentially had no computers.
But it didn't end there. A worm doesn't recognize national borders. The world's largest shipping firm, Maersk; FedEx; the pharmaceutical company Merck all suffered hundreds of millions of dollars of damages. For Maersk, for instance, that meant that 17 of their terminals in ports around the world ceased operation.
Massive ships covered in tens of thousands of shipping containers were pulling into ports around the world and they couldn't be unloaded. Tens of thousands of trucks are lining up outside of these ports because the terminal gates were frozen shut. A fifth of the world's entire shipping capacity was frozen on the spot and would not recover for weeks.
The White House estimated that NotPetya did at least $10 billion of damage. That's by far the biggest cyber attack in history. The Russian attacks on Ukraine that the United States and the West have been willing to ignore for so long because they were someone else's far-away problem were no longer far away. They were everywhere at once.
It was clear to forensic investigators in the private sector almost immediately that NotPetya was linked with these blackout attacks in Ukraine, that it was all the work of this group under the larger banner of Sandworm.
Another thing that came to light around the same time is that a series of American power grid targets had also been breached by Russian hackers.
Finally in early 2018, the US, Australia, New Zealand, Britain, and Canada together issued this rebuke of Russia, naming NotPetya not only as a Russian cyber weapon, but but attributing it to a very certain agency, the Russian military intelligence agency known as the GRU. The GRU was the same agency responsible for Fancy Bear, the hackers who had meddled in the US election. There was forensic evidence tying all these attacks together.
Eventually it became clear that Sandworm and Fancy Bear were essentially two sides of the same coin. They were both just parts of the GRU and it showed that the GRU was in fact, so brazenly hacking the world in multiple respects, not just with these kinds of influence operations, but in these acts of direct massive sabotage.
Is World War III Already Here? - Your Undivided Attention - Air Date 1-3-22
[00:40:43] LIEUTENANT GENERAL H.R. MCMASTER: When I was in the White House, of course we were examining what had occurred during the 2016 election and what I concluded and what I believe I leave today is that Russia doesn't care who wins our elections, what they really care about is that a large number of Americans doubt the legitimacy of the result.
So they want to reduce confidence, again, in our democratic principles and institutions and processes, and polarize us and pit us against each other. The other key conclusion is I think that Russia doesn't create the divisions in our society, but they're doing everything they can to widen those gaps among Americans.
If you look at just their bot and troll traffic in 2016, and really carrying on beyond that, the vast majority of that traffic and those actions and appropriations of sites and so forth is aimed at issues of race, to divide us on issues of race. You know what, hey, we're doing a pretty good job of that ourselves already, right? With this interaction between identity politics and various forms of bigotry and racism that I believe actually draw strength from each other and contribute to forces that are splitting us apart from one another.
And of course, where this is most evident is on social media and the work that you've done to expose this is super important. To show how these algorithms that are designed to get more and more advertising money through more and more clicks, and to do that by showing people more and more extreme content is a major force that is aiding and abetting our enemies.
What Russia added on to this is a very sophisticated campaign to attack individuals and to create a psychological effect where actually people within a particular administration actually distrusted each other.
These were the attacks that occurred against me and the National Security Council staff under the hashtag #FireMcMaster or the hashtag #McMasterLeaksThing and so forth. The Atlantic council's digital forensics labs said it was the largest Russian attack on any individual up to that point.
And the reason why the Russians came after me is because they saw me as an impediment to their agenda, which really was to get sanctions relief. Actually what was happening is there were more sanctions placed on them as a result of the Magnitsky Act, but also as a result of what they had done during the election and a whole range of illegal activity internationally with Prigozhin and these organizations associated with the internet research agency and so forth.
And also what they wanted to do is diminish confidence in the NSC staff, by fostering this "deep state" narrative. It was ultimately, I think what they hoped is that even the President of the United States would no longer have confidence in his own administration, and therefore be less confident and less effective.
Of course they love the polarization, the political polarization, both parties played into this to score partisan political points. So we make ourselves vulnerable to this really.
The attacks on me began with attacks from this amorphous movement of the alt-right who saw me as an impediment to their agenda within the Trump administration. What happened is the IRA just jumped all over it and said, "Hey, what can we do to add to this?" and so you had some of these odious characters who sow conspiracy theories on the pseudo media, joined in by various bloggers and people who are particularly active on Twitter. They created this snowball effect that was aimed at attacking me and members of the NSC staff, I think really to drive a wedge between president Trump and the NSC staff.
So I think that we have to expect more of this, and this idea of AI enabled messaging. They can take the data that they take from you in terms of understanding your preferences and predilections, and then just feed you messages and material that are going to move you psychologically in a certain direction.
I think this is a very grave danger, and I think we haven't learned enough from recent conflicts going back the Russian attacks on the Baltic states in 2007. On the precursor to the attacks on Georgia in 2008. The 2013-14 campaign that ended up with the annexation of Crimea and invasion of Ukraine.
These were specific uses of information space to reduce will and to set conditions for physical aggression. And I think we have to learn that, apply that to what's going on around Ukraine today. What's going on on the borders of Poland with weaponizing migrants on the Belarusian border. I think we don't pay enough attention to how these activities in cyberspace, and social media is a subset of that, relate to aggression in the physical world and enable aggression in the physical world.
[00:45:18] TRISTAN HARRIS - HOST, YOUR UNDIVIDED ATTENTION: You also fight an information war and actually that brings up a quote by Marshall McLuhan saying, in 1968, that, World War III would be a global information war that would make no distinction between civilian and military combatants, and that to me is just so accurate to what we're facing today.
Obviously there needs to be an education, and one of the things that I think I find, I've talked more in the last year to more national security leaders, and there's a naivete that I think civilians can sometimes have about being peace time or war time. I think it's important for people to also understand the broader set of conflict or competitions that are happening.
I know when we spoke with our friend R. P. Eddy, we talked about a list of some of the things that are happening in the broader space of global competition, buzzing satellites, ramming fishing vessels. Would you say a little bit about the broader context in which this is taking place? Because I think I feel the urgency to what you're talking about to a degree that if we don't get our act together, if we don't suspend our partisan differences and focus on our shared identity and rough consensus to statements, we can all agree the zip code shouldn't determine your longtime prospects and let's all work on that together, but I think for people to understand a little bit more about what is that great power conflict and what are some of the things that are happening in the broader arena, which motivate why we need to drop all these differences and focus on how we can actually show that the form of liberal democracy can actually work in the global stage in the 21st century.
[00:46:40] LIEUTENANT GENERAL H.R. MCMASTER: Absolutely. So this is a really important point. This information space has created a new arena of competition, and we've largely been absent from it under the belief that it would be a benign arena or it would be completely beneficial to connect everybody and to have the ease of communication.
Our adversaries, in the meantime, have weaponized it against their own populations to tighten the totalitarian power over people and to mobilize people's social networks against them, if they have the temerity to oppose the government. But then against us, to again, widen the gaps within our own society, pit us against one another, and really reduce our confidence, and even who we are as people,
The Hackers Who Took Down the Colonial Pipeline - What Next: TBD | Tech, power, and the future - Air Date 5-21-21
[00:47:17] LIZZIE O'LEARY - HOST, WHAT NEXT TBD: The groups that are doing the hacking are pretty varied too. In reading your reporting, I’ve been really struck by how sophisticated an ecosystem we’re talking about here, that there are all these specialties and subspecialties. Can you explain kind of who does what?
[00:47:34] DAVID OBERTI: Certainly, yeah. It’s almost like hacking has developed its own supply chain for ransomware with its own specializations and different groups that may farm out different capabilities elsewhere. So to sort of take you through the supply chain, you know, maybe you have one set of specialists who are really good at breaking into companies' computer networks. They’ll figure out how to do that and either advertise their capability to do that to other groups or say that they’ve done so. They’ve actually established a foothold in a computer network and either sell or lease that foothold to other folks. And then they pass along that information to a group that writes software to deploy ransomware. So maybe you have specialists that are particularly good at coding that sort of malicious software. Then that group can in turn farm out their progress to another set of hackers who may actually deploy that ransomware for any particular company. So talking to an expert yesterday who works in this stuff and they were saying it’s gotten so sophisticated that in some cases these ransomware groups have effectively built out just platforms that non-technical people can use. She even used the term "point and click" for how simple it was.
[00:48:46] LIZZIE O'LEARY - HOST, WHAT NEXT TBD: So if I, Lizzie O’Leary, want to launch a ransomware attack on, I don’t know, some company. Slate! Sorry, Slate. I can do that with this software?
[00:48:58] DAVID OBERTI: I think you, Lizzie O’Leary, might need to study a little bit, but I don’t think it’d be that big of a leap.
[00:49:04] LIZZIE O'LEARY - HOST, WHAT NEXT TBD: One model likely what was used in the colonial hack is called ransomware as a service. It’s a lot like software as a service where a central owner licenses out their software like Dropbox or Slack, just in this case for crime.
[00:49:19] DAVID OBERTI: So essentially, I mean, think of a franchise model, any chain restaurant, McDonald’s, or whatever. You know, you have a core owner or core group of people who maybe started the organization. They developed a secret recipe, secret sauce to go on your Big Mac. And then they farmed that out to different people who could run franchises elsewhere and basically spread the brand, spread the business, and give that early owner a cut of the action. That’s essentially what’s happening with some of these ransomware groups. You had some hackers who developed a piece of code, this ransomware strain, and they’re basically allowing other people to come in and say, you can use this code and you can deploy it on certain types of organizations, which these folks may or may not follow. And then you give us between ten or twenty five percent of the proceeds.
[00:50:08] LIZZIE O'LEARY - HOST, WHAT NEXT TBD: How many operators are doing this kind of thing?
[00:50:11] DAVID OBERTI: There’s a handful that incident responders tend to focus on in the kind of ebb and flow over the course of years. So there was a string of ransomware called Ryuk several years ago. There’s a string of ransomware called Maze. There’s also a ransomware group known as REvil, which is not a made-up name. Those groups basically wax and wane based on how successful they are, some of the law enforcement pushback that they’re getting and their ability to stay focused and attack certain types of companies successfully.
[00:50:44] LIZZIE O'LEARY - HOST, WHAT NEXT TBD: One group that’s been growing over the last year is DarkSide. It was likely their ransomware that took down the Colonial Pipeline. Most observers who study ransomware think DarkSide is based in Eastern Europe, maybe Russia. And some research says that since the beginning of this year, the group has made about 60 million dollars. DarkSide seems to specialize in ransomware as a service. And until recently, when its website disappeared, it had job boards and a blog with vaguely corporate language and a set of guiding principles. DarkSide has this completely bananas "Why Choose Us" section that was on their website that they advertise to potential customers. I mean, I just want to read some of this. "We are a new product on the market, but that does not mean we have no experience and we came from nowhere. We receive millions of dollars profit by partnering with other well-known crypto hackers."
I feel like I’m reading the "Who we are" on an insurance company’s website.
[00:51:44] DAVID OBERTI: Yeah. And then they go on to say that because you work with us, you will have the reputation of working with us within the ransomware world. So they're even looking out for their employees' next career moves.
[00:51:56] LIZZIE O'LEARY - HOST, WHAT NEXT TBD: There’s this interesting thing in here that says, "Based on our principles, we will not attack the following target." So medicine, funeral services, education, non-profit organizations and governments -- like they’re selling themselves as a high-minded group.
[00:52:11] DAVID OBERTI: It's interesting that you point that out. You know, hospitals, schools, governments, those tend to be the places that inflict the most pain. And maybe some of these hackers want to see themselves as almost Robin Hood-like figures. But I mean, as we’ve seen with Colonial, with the US in particular, most of the quote unquote "infrastructure" in the US is owned by private companies. So you could be going after this faceless oil and gas company that no one has ever really heard of. But it could have a huge impact on folks in North Carolina who are trying to fill up their Ford F-150 or whatever. So I think that lines, particularly for US companies, because so much of our infrastructure is really privatized, have really blurred for a lot of these victims.
[00:52:52] LIZZIE O'LEARY - HOST, WHAT NEXT TBD: I want to walk through what happened with Colonial. According to your colleagues at the Journal, on May 7th, an employee found a ransom note from hackers on a control room computer. And then everything was locked. How quickly did you realize, oh, this is a big one?
[00:53:10] DAVID OBERTI: I realized it when I got the news alert Saturday morning about 8:00 a.m. as I was in bed saying, man, my weekend is screwed. But I think it happened pretty fast. You know, once a firm like Colonial can understand what data is locked up, they can chart out what it will take to get back online, which could be very significant. And then they bring in third party groups to help them investigate this sort of thing and basically make a call. Now, the interesting thing with them is just by virtue of them being an oil and gas company and transporting so much fuel to the East Coast, they made a very, very quick call to pay this hacker $4.4 million.
Oftentimes you see negotiations over these things drawn out over the course of days or potentially longer. But they obviously thought, just given the various pressures and the potential impact, that they needed to make a decision really fast.
[00:54:05] LIZZIE O'LEARY - HOST, WHAT NEXT TBD: You told me last year and you’ve written about this, that typically the FBI says don’t pay. But as you noted, that the CEO of Colonial, Joseph Blunt, said they paid the ransom in consultation with experts who had previously dealt with the criminal organization behind the attacks. So that sentence to me is like, OK, they know who they’re dealing with and they are assessing this group’s track record, what’s going on behind the scenes there?
[00:54:36] DAVID OBERTI: Yeah, so there’s a couple of different types of companies that have sprung up in response to the ransomware surge. One of them is what we in the cyber world called "incident response," which is basically when you have a breach, you have a problem, you call up a company that specializes in basically how to deal with the fallout from a hack. And they can tell you with a pretty good degree of certainty, this group is a group that can successfully unlock some of the data that they said that it can unlock, or this group maybe is a group that is more willing to talk down their demand from 10 million dollars to five million dollars, potentially. Separate from that, you also have negotiators who come in, and those are folks who communicate directly with some of these ransomware groups, either through emails or other online chat rooms, et cetera. And they will play this weird sort of cat-and-mouse game where on the one hand, they’re trying to stall for as long as possible because they want to give companies' internal security teams an opportunity to figure out exactly what happened and what was accessed or stolen. On the other hand, they want to poke the hackers a little bit to try to glean some insight, like some hints about what it is exactly they think they have, whether that’s particularly sensitive data, something that’s even more valuable in some respects, whether it’s personal data about an executive, whether it’s H.R. data. And then ultimately those two types of firms will consult with executives at a company. They’re saying, hey, we think that if you decide to pay this money, you’ll end up working out for you.
[00:56:08] LIZZIE O'LEARY - HOST, WHAT NEXT TBD: As the threat of ransomware has grown, and more and more companies have hired people to help them defend themselves, another issue has emerged. Who is on the hook for all the money?
[00:56:20] DAVID OBERTI: Over the last year, insurers have experienced a total upheaval in the market for this sort of thing. And that’s driven largely by ransomware, because these incidents cost so much money. So oftentimes insurers, they have in the past offered companies full coverage for ransomware incidents. They will pay for your incident response. If you eventually feel the need to pay the ransom, we’ll cover that as well. But just by virtue of some of these attackers requesting or demanding more or more money or doing so much damage to computer systems, that the sort of fallout cost tens of millions of dollars in some cases, these insurers aren't making money like they used to. So what you’ve seen is some companies begin to restrict what their insurance covers. So there’s been a few examples of insurers who say we will no longer cover ransomware payments, for example.
[00:57:13] LIZZIE O'LEARY - HOST, WHAT NEXT TBD: Really?
[00:57:14] DAVID OBERTI: Others have just jacked up their prices to an incredible extent. I talked to a cyber insurer recently, has got a 20 thousand policyholders across the country. He said across this book over the last year, they’ve raised prices by twenty to twenty five percent. So you have this huge, huge uptick in what companies are paying to prevent this sort of thing. And then separately, that is driving this big discussion among insurance people to probe and question to what extent the proliferation of cyber insurance is actually helping feed some of these attacks, and whether attackers, once they break into computer systems, they actually move around and try to find a company’s insurance policy so they know exactly what it is they could ask for and probably get back in return.
[00:57:59] JAY TOMLINSON - HOST, BEST OF THE LEFT: We've just heard clips today, starting with Longform explaining what real cyber war looks like. Today, Explained discussed defending against hacking and why the US has no moral high ground in this war. The Inquiry discussed the hybrid diplomatic and cyber war being waged to undermine democracies. The PBS NewsHour looked at the need for setting guidelines for cyber war before things spiral out of control. The Inquiry looked at the way cyber war is most effective and hardest to respond to when it's carried out in the gray area. Think from NBC News showed how attacks spread when they are not responded to. And Your Undivided Attention discussed the weaponization of social media to sow division.
That's what everyone heard, but members also heard a bonus clip from What Next: TBD discussing the changing landscape of a ransomware as a service and the upheaval in the cyber insurance industry. To hear that and have all of our bonus content delivered seamlessly into your new members-only podcast feed that you'll receive, sign up to support the show at bestoftheleft.com/support, or request a financial hardship membership, because we don't make a lack of funds a barrier to hearing more information. Every request is granted. No questions asked.
And now, we'll hear from you.
Puberty blockers experimental? - Maria in Pennsylvania
[00:59:21] VOICEMAILER: MARIA IN PENNSILVANIA: Hi, this is Maria in Pennsylvania, and I was just listening to the anti-trans agenda episode. And there was a comment made that puberty blockers are reversible that has not been proven. All puberty blockers and cross-sex hormones used on minors are experimental. I think it's important for you guys to share facts and I would ask you to please look into it and share a correction your next episode, because it is very, very misleading. They are a hundred percent experimental. I will send some links by email and I'll also put my name so you could connect me to this voicemail. Thank you. Bye.
Final comments on the deception and logical fallacies at the heart of critiques of gender affirming care
[01:00:07] JAY TOMLINSON - HOST, BEST OF THE LEFT: Thanks to all those who called into the voicemail line or wrote in their messages to be played as VoicedMails. If you'd like to leave a comment or a question of your own to be played on the show, you can record a message at 202 999 3991, or write me a message to [email protected].
First of all, don't forget to join our growing Discord community and add your thoughts to all of the discussions happening there. You can find the link in the show notes for details on how to join.
Now, we just heard from Maria, by voicemail. I'm going to get to the points made there, but as promised, Maria also did email, and in this email included a quote from an op-ed writer. And I don't have any reason to know or trust this person, but this quote is relatively innocuous and has a question follow-up. So, the quote from the op-ed reads, "Nearly 100% of children who begin puberty blockers will proceed to cross sex hormones in surgeries,"
And then Maria asks-- you know, as I said, I don't know if that's true, but let's take it as granted for a moment-- and Maria asks, "If puberty blockers are supposed to be an opportunity to pause, then why does virtually every minor who takes puberty-blockers end up on cross-sex hormones, which are definitely not reversible?"
To which I respond, "That sounds like wonderful evidence that puberty blockers are not being overprescribed, and that the kids and parents who go down that treatment path really are making the right decision in the vast majority of cases."
I mean, if there were a substantial number of cases in which puberty blockers were used, and then regretted, or kid goes off of them, and decides to proceed with the gender they were assigned at birth-- well, then you could make the case that, well, these are being over prescribed. You know, people are going into it not knowing what they're doing. But if nearly all who go into the puberty blocking phase come out and proceed to the cross sex hormone phase, that sounds like great news to me.
But, uh, Maria seemed to be questioning that.
But onto the main points that she made in her voicemail. Let's start with a claim that puberty blocker's reversibility has not been proven. And that, "All puberty blockers and cross-sex hormones used on minors are experimental."
And note that Maria goes on to emphasize the misleading nature of claiming the treatments are safe, or reversible, or whatever it was being implied there, when they are in fact experimental; which I find humorous, based on how profoundly misleading the arguments about experimental treatments are from those opposing gender-affirming treatment for gender dysphoric kids.
And to be clear, Maria never explicitly opposed those treatments. I don't know Maria's take on any of that, other than, that they are experimental. But these arguments that Maria is making are merely echoes of those who do explicitly oppose these treatments.
So, Maria provided this quote from the National Health Service in the UK. It says, "Puberty blockers pause the physical changes of puberty, such as breast development and facial hair. Little is known about the long-term side effects of hormone or puberty blockers in children with gender dysphoria."
But what Maria left out is the very next line, which I had to go read on the site itself, which reads, "Although the Gender Identity Development Service advises this is a physically reversible treatment, if stopped, it is not known what psychological effects may be."
So even the page that Maria sent me to to correct my facts continues to say that the treatment is physically reversible, and the only caveat is about unknown psychological effects.
The page also goes on the list other long-term aspects of the treatment that are simply not known at this time. And now the issue of there being unknown longterm impacts flows right into the claim of the treatments being experimental. So I think explaining one will explain both.
Experimental is one of those very squishy terms in medicine that can basically be bent to mean whatever a person or entity wants it to mean, while also sowing doubt in those who don't know anything about a treatment.
For instance, insurance companies are big users of the term "experimental" because they apply it to any treatment they can to give themselves an excuse to not cover the costs of the treatment. Now, that's for a financial motivation but it is motivated reasoning and the less.
Similarly, those who have an ideological motivation to oppose gender affirming treatment are far more likely to endorse the idea of puberty blockers being "experimental" than standard science-oriented researchers.
Still, though, I mean, you can't just get away with calling something experimental cause you don't like it. There's gotta be some sort of kernel of truth to it to build on. And there is. Here's a quote from a helpful article: "Puberty Blockers: Experimental Treatment, or Safe and Effective?" and it reads: "Longitudinal research into puberty blockers is difficult to carry out. Good quality research revolves around good quality studies or trials. Long-term medical studies are randomized, controlled, and double blind."
And so, carrying out high quality studies runs into two major problems that this article explains. "First, puberty blockers are typically used for the immediate treatment of gender dysphoria and long-term harm reduction. It would be unethical to be faced with 100 teenagers who are asking for blockers and carry out a trial in which only half of them were accessing the care they needed, with the other half getting no treatment at all. This would require us to deny a group of young people, who were clearly suffering, access to a medication, which is known to improve health outcomes for the sake of further research."
And I'll... I'll pause right here to say that... Let's say maybe it is possible to carry out such a trial ethically. For instance, my partner, Amanda, has a rare disease and has been part of a clinical trial with double-blind treatment and placebo is being doled out. In that trial, there were safety off-ramps for participants who were not responding to the treatment.
So, if they weren't seeing the benefits that they needed from the medicine, they could be unblinded from the trial. And if they were being given the placebo, then they could get the real treatment. So, maybe the same thing could be done for gender dysphoric youth.
Oh, but wait. Here's the other problem. Continuing with the article. "Secondly because puberty blockers suppress the physiological changes of puberty, in any longitudinal study, it would quickly become apparent which group was the control group when the changes brought about by puberty began to manifest. This would prevent the test from being double blind, thereby invalidating any data that might come from it. As such, we must rely on observational research, of which there is plenty. Best practice in this instance, and the only real ethical option available, is to give the treatment we know appears to be safe and effective and monitor what happens over time."
So why is this treatment seen as experimental by critics, even though it's been in practice for decades? Because we don't have great long-term studies on the effects. And if this treatment has been in practice for decades, then why don't we have long-term studies on the effects? Because it is basically unethical to do such research.
So where does that leave us? We are left with a gap in our understanding, the size of which can be exaggerated in order to sway opinion about the treatment.
And the part that I think is most misleading about how people approach this gap in our knowledge is that those who are the quickest to point out the treatment being experimental almost invariably ignore the impacts of not providing treatment.
That is also an experiment we could be doing on our kids. Let's see what happens when kids are experiencing gender dysphoria, and we don't give them treatment. Let's just see how that goes. Just like not voting, not treating gender dysphoria is not a neutral option. It is an active option with concrete impacts.
So, as with nearly all medical treatments, the decision about whether to follow a treatment plan is based on weighing the positive benefits against the negative side effects. And the observational evidence we have is clear enough on the subject for all major medical entities, including the NHS that Maria pointed me to, that gender affirming care is appropriate to offer for kids, in consultation with their parents and doctors.
Highlighting the experimental nature of the treatment due to the lack of longitudinal trials is really not much more than a scare tactic, which ends up being directed more at the general public, who are totally ignorant of these issues, than at the individuals and families directly confronted with these decisions, who are clearly going to do their own research and listen more to the experts.
But I just have to say, that Maria's message reminded me quite starkly of a trope of bad faith discourse. And so I went looking for an explanation of exactly what I was thinking of, and I found it in this article: "Sowing Seeds of Doubt: How Some Scientists Can Twist the Facts to Suit Ends Other Than Scientific Truth." And this is from Chemical and Engineering News. So it has nothing to do with trans kids in any way.
It reads, "One of the strongest methods to deflect attention away from what the science has actually concluded, is to find ways to exaggerate the amount of uncertainty. Since there is always uncertainty in science-- scientists work at the boundary between known and unknown-- any strongly supported result can be potentially countered by reference to uncertainty in an assumption, a piece of data, or an experimental procedure, regardless of how well characterized that uncertainty is, or how robust the original result. This tactic implicitly constructs the logical fallacy of suggesting that, because we do not know everything, we therefore know nothing. The manufacturing of doubt has been a deliberate tactic in many politically contentious circumstances, most famously in the tobacco industry's multi-decade attempt to hide the harmful effects of smoking from the public. Indeed, the famous memo from a Brown and Williamson executive declaring that 'Doubt is our product' finds its echo in almost every anti-science campaign."
But in this case, the lives at risk aren't those being propagandized into smoking cigarettes, who were, at least at the time, not feeling any social pressure to change anything about themselves, or their self identity, or anything like that. I mean, smoking was considered a perfectly acceptable habit back in the seventies.
No, now the lives at risk are those who face hatred from both inside and out, due to their gender dysphoria. And the rampant discrimination from individuals and structures alike that come with being trans in a society that is constantly questioning their existence, or their right to life-improving medical treatment.
And the worst part about this side of the anti-trans propaganda campaign is that people like Maria, I believe-- I don't know about Maria, but people like Maria-- see themselves as on the side of the angels, and not necessarily protecting the rigid gender hierarchy of the patriarchy, the way conservatives do, but thinking that they're advocating for the best possible outcome for cisgender women and trans kids alike. But they're actually playing the role of the useful idiot, who means well, and thinks they're dealing in facts and good faith discussion, while they're actually peddling the same propaganda that's helping perpetuate the anti-science, anti-trans campaign that's putting those who they claim to be standing up for into existential danger.
As always keep the comments coming in at 202 999 3991, or by emailing me to [email protected]. Thanks everyone for listening.
Thanks to Deon Clark and Erin Clayton for their research work for the show and participation in our bonus episodes.
Thanks to the Monosyllabic Transcriptionist Trio, Ben, Ken, and Scott, for their volunteer work helping put our transcripts together.
Thanks to Amanda Hoffman for all of her work on our social media outlets, activism segments, graphic designing, web mastering, and bonus show co-hosting.
And thanks to those who support the show by becoming a member or purchasing gift memberships at bestoftheleft.com/support, through our Patreon page, or from right inside the Apple podcast app. Membership is how you get instant access to our incredibly good bonus episodes, in addition to there being extra content and no ads in all of our regular episodes, all through your regular podcast player. And, special full access to our Discord community as well.
So, coming to you from far outside the conventional wisdom of Washington, DC, my name is Jay, and this has been the best of a lot podcasts coming to twice weekly, thanks entirely to the members and donors to the show from bestoftheleft.Com.