I have just read and reviewed Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers by Andy Greenberg (Doubleday, 2019). My review won’t be published until the book is in print in November, but the story the book tells haunts me.
“Sandworm” is the name given to the entity behind much of the cyber mischief that has disrupted nations and other organizations since the 1980s. It was finally identified in late 2018 as an element called 74455, a subordinate unit of the Russian government’s GRU. “GRU” is the English version of the Russian acronym ГРУ, which means Main Intelligence Directorate. The GRU is Russia’s largest foreign intelligence agency.
The work of 74455 was first espionage and later sabotage against countries and organizations unfriendly to Russia. It was responsible for the crippling of the entire infrastructure of Estonia, Georgia, Ukraine (twice), and many other locations. It was behind the hacking of the U. S. Democratic National Committee (DNC) and the damning information leaked to WikiLeaks. Whether the leaked emails affected the outcome of the 2016 election is still open to debate. In June 2017, A. P. Moller-Maresk, a Danish business conglomerate active in transport, logistics and energy, with 574 offices in 130 countries, was mutilated by a cyberattack. The list goes on and on.
The story told in Sandworm shocked me. I had no idea the threat was so great. The U.S. is vulnerable. If 74455 launched a cybersabotage attack against us, government and industry both could be hobbled coincident with the destruction of factories and machinery and the closing of hospitals and schools. It is a terrifying prospect.
As I noted in my review, I’m familiar with the U.S. National Security Agency and other intelligence agencies—I had a thirty-five year career in intelligence. I have no doubt that the U.S. government knows far more about 74455 than Greenberg reveals in his book. And I know that the U.S. created Stuxnet, the most destructive and effective cybersabotage tool known. It was used to attack Iranian computers controlling uranium enrichment at Natanz and destroyed 984 centrifuges, effectively bringing the effort to a halt. It may be that the reason we have not been subject to a cybersabotage strike is that we have tools to ward off 74455’s weapons. Since all information on the U.S. cyber armory is classified, the public has no way of knowing.
What we do know is that our president, while still a candidate, celebrated the hacks of the DNC and even expressed hope that the hackers had breached Hillary Clinton’s private email server. The U.S. intelligence community was unified in the conclusion that Russian hackers were behind the attack on the DNC, a finding that Trump denied.
I know from bitter experience what happens when intelligence is ignored: people die. The possibility that our government might dismiss intelligence or fail to act in the face of a cyber threat is a matter of grave concern.