In Cyberwars, U.S. equal parts problem, solution

In the 1980s, the world was introduced to the word “hacker,” a catchy term for brilliant young teenagers or even school dropouts who suddenly posed a real threat to the security of computer systems of the United States.

At the same time – even earlier – people from the Department of Defense, the computer industry and academia had created tools like Trojan Horses and Trap Doors in an attempt to ascertain whether data stored in time-sharing computer systems was secure.

Hackers might have been able to take down a website. At their most destructive, nation states with these invasive tools might be able to take down another nation.

So who posed the bigger threat? The answer should have been obvious.

Despite warnings to the contrary, the media and academia chose to focus on the hacker, conveniently ignoring published evidence that these tools in the hands of nation states presented tremendous potential as weapons.

That’s slowly changing, wrote Edward Hunt '03, a Ph.D. candidate in William & Mary’s American Studies Department. Hunt’s article “United States Government Computer Penetration Programs and the Implications for Cyberwar,” was the cover story in a recent issue of IEEE Annals of the History of Computing.

Hunt’s final product was the result of a thorough exploration of a variety of media sources, from The New York Times, Time magazine, Aviation Weekly and Space Technology and the Criminal Justice Journal. He also drew from books on the subject, among them “Cyber War,” (2010) “Crime by Computer,” (1976), “Computer Capers,” (1978), “Hackers,” (1984) and “Computer Security Basics” (1991). Those sources provided complementary evidence to a variety of technical studies carried out by the Department of Defense going back to the early 1970s; those studies formed the core of the historical record Hunt reviewed in his paper.

Hunt also presented his research findings at the 11th annual Graduate Research Symposium, winning a $500 award for “excellence in scholarship in the humanities and social sciences.”

Hunt believes his work has played a role in changing public perception of the potentially sinister nature of “computer penetration.”

“What I was trying to do with the paper was combat the perception that computer hackers, or young kids working at home  -- sort of late at night in their basements – posed a serious threat to system security,” he said. “I think that, given what we’ve seen recently and what I've found in the historical record, it’s a problematic perception.

“On one hand, while the United States might have the world’s best technology, on the other hand it has the leading offensive capabilities. And it’s becoming more and more apparent that we’re using them.”Edward Hunt combed through Department of Defense studies dating back to the 1970s in compiling his article.

Hunt said the recent disclosure of the Central Intelligence Agency’s plan from the early 1980s to sabotage the trans-Siberian pipeline in the Soviet Union, leading to what one official called “the most massive non-nuclear explosion and fire ever seen from space,” is just one example of a toxic concoction of media ignorance and misguided trust and deliberate government misinformation.

“A lot of reporters were using sources from the Department of Defense, which created the dilemma,” Hunt said. “The officials from DOD had a message they wanted to send, and the message was that computer systems in the U.S. were not safe and needed to be researched. The officials weren’t telling them what they were doing covertly, and this was reflected in the reporting in the media. I think a lot of journalists were unwilling to ask the hard questions: Are you in the DOD engaged in any offensive actions?

“During the early 1980s, when DOD officials were pointing to computer hackers or even the USSR, they were engaged in some of the first offensive operations against the USSR.”

 Even today, Hunt said, it took a programming error in the Stuxnet cyber weapon the U.S. used to sabotage Iran’s nuclear enrichment infrastructure for knowledge of the weapon to become public.

“It was part of a covert program called ‘Olympic Games,’” Hunt explained. “If it hadn’t been for a programing error in one of the versions of the Stuxnet that allowed it to leak to the Internet, no one would have known about it. The weapon wasn’t supposed to be released into the wild, some system analysts say, but because of a programming error in one version it leaked out onto the Internet. Security analysts found out about it, studied it and were able to speculate as to whom may have designed it.

“And about a year later, The New York Times ran a big article speculating that the U.S. and Israel were behind the Stuxnet weapon, which sources inside the government anonymously confirmed.”

For Hunt, it was a multi-year project, most of which was done for his master’s thesis. His undergraduate degree from W&M was in English, with a minor in information technology. He also has done graduate work at the University of Massachusetts in statistics and history.

“I’ve always been interested in the liberal-arts side,” he said, “but also history and information technology. In this paper, I believe I pulled together the best of those disciplines.

“There’s still a perception that computer-hacker kids are still out there, still causing trouble, but I think at the same time there is more of a realization that the more sophisticated threats are not coming from these computer hackers. The more serious threats are posed by other nation states.”