Real consequences with “proportionate” retaliation must be levied against bad actors online, whether nation-states or jihadist recruiters, as “the only way ultimately we can change the world we’re currently in, which is in many respects like the Wild West,” said a former top Justice Department official.
John P. Carlin, who served as assistant attorney general for national security from April 2014 through October 2016, just released Dawn of the Code War: America’s Battle Against Russia, China, and the Rising Global Cyber Threat, detailing the Justice Department and FBI battle against online terror recruitment operations, hackers and cyber espionage, the dark net and more.
Carlin, who now chairs Morrison & Foerster’s Global Risk and Crisis Management practice group, also previously served as chief of staff and senior counsel to former FBI Director Robert Mueller, was national coordinator for the DOJ’s Computer Hacking and Intellectual Property (CHIP) program, and was an assistant U.S. Attorney for the District of Columbia.
Under his leadership, the DOJ’s National Security Division worked with the U.S. Attorney’s Office on cases including the hacking of Sony Pictures Entertainment, the Boston Marathon bombing, and Chinese economic espionage.
Carlin stressed to attendees at the Government Technology & Services Coalition’s Cyber Day last week in Fairfax, Va., that “success is preventing an attack from occurring in the first place,” and it’s critical for the public and private sector to work together to disrupt threats. “If we leave this to private companies on their own, it’s unfair; they won’t succeed,” he said of cyber threats and espionage. Blended threats, he said, are “what we need to watch over the next 5 years.”
On the online evolution of terrorism and the ability of groups to adapt with technological advances, Carlin emphasized how terror groups are able to “create this echo chamber of hate” that seamlessly infiltrates the United States and can “convince human beings to turn themselves into weapons to kill,” particularly easily recruited youths.
Carlin told HSToday that “we need to continually analyze what the intelligence is showing about how the threat changes,” including the “exploitation of social media and the way that might lead to criminal or violent action.”
“So we’ve had what looks like nation-states doing it; we’ve had repeated indictments lay out in detail how Russia, in particular, has been targeting social media,” he said. Iran was also targeting social media providers, as Facebook has detailed in its reports of removing offending accounts, “and then you have news that China, as well, is staring to get active in this space.”
Social media has also fostered “those inspired by homegrown ideologies of hate, particularly with the [Pittsburgh synagogue shooting] — they put a spotlight on another way where this radicalization, this echo chamber of hate, encourages people to violence.”
HSToday asked Carlin about how groups representing varying ideologies can benefit from what other extremist entities have learned in the past few years about operating, evolving and thriving in the online sphere.
“We’ve definitely seen nation-states that don’t agree on many issues mimic each other’s tactics and strategies online,” he replied. “And so it follows that you‘re going to see, as there’s a lot of public discussion about what works and what doesn’t work for terrorist groups and those who want to kill, you’re going to see them start to mimic each other’s tactics.”
Carlin noted that the intent for cyber jihad is not new, with an al-Qaeda video declaring in 2012 that it was game on for the “electronic jihad” that would exploit cyber vulnerabilities and target critical infrastructure. Other groups have followed in vows to focus online.
“We’ve seen groups who are acting for political aims, like the [pro-Assad] Syrian Electronic Army and the Iranian Revolutionary Guard Corps committing attacks,” he said. “The second question, though, is when are they going to realize that there’s a highly segmented criminal market where, if they haven’t developed that capability, they can rent the tools that somebody else has developed and use them. And that would be the trend to be concerned about… you just go onto the dark web where there are various sophisticated online marketplaces that look a lot like Amazon for crooks, complete with five-star reviews for different products.”
Nation-states could be the sellers in these dark-market deals, or could provide harbor for the sellers. “You could see nation-state tools for sale, and certain nation-states act as proxies for terrorist groups – they need to watch those transactions,” he noted.
Carlin declared that, to be victorious in the code wars, “what we need to do is clear.”
“Fantastic work is happening across the government in order to figure out who’s committing some of these attacks,” he said. “No. 2, we need to see a trend toward making it public; for instance, the Sept. 25 Department of Justice guidance that says they’re going to make public, or work to make public, interference in our elections, but other cases they’ve brought, whether it’s Chinese espionage, whether it’s North Korean involvement in WannaCry, or pick your case of what the Russians have been doing lately from undermining elections to indiscriminately attacking companies through NotPetya to attacking the Olympics and anti-doping authorities.”
Figure out who did it, make it public, he said, and levy consequences — “and with consequences we have to take it out of the box of relations with any one particular country and make it conduct-based, just like we have in other arenas,” like nations that support terrorism or are dabbling in weapons of mass destruction. “We should be clear in advance if you do this, if you violate certain norms such as stealing and putting our companies out of business, indiscriminately unleashing malware like NotPetya, or undermining our core institutions like democracy, no matter who you are we will retaliate.”
“We will retaliate proportionately, and proportionately means we will impose a cost greater than whatever benefit you think that you’re getting,” Carlin continued. “And then we will use all of our tools from the criminal system to military to the Treasury Department sanctions to raise those costs, and we’ll do it together with our partners. We need to both clearly message that, if it’s going to have a deterrence effect, and action it so that it’s clear we follow through.”