Neuromancer set the template for fictional depictions of hacking: colorful icons swooping through cyberspace in a glorified videogame. Sometimes the depiction is a little more sedate, but only a little: hackers frantically banging at keyboards as they break enemy defenses. Films like Swordfish or Hackers and many, many others make it seem rather glamorous, even visual.
Ghost Fleet falls right into that trap early on. Page 41:
“The young hacker focused on her attack, navigating the malware packet through the DIA networks while fighting back the desire to brush a bead of sweat off her nose with her gloved hands. The Pentagon’s autonomous network defenses, sensing the slight anomalies of her network streams, tried to identify and contain her attack. But this was where the integration of woman and machine triumphed above mere ‘big data.’ Hu was already two steps ahead, building systems components and then tearing them down before the data could be integrated enough for the DIA computers to see them as threats. Her left arm coiled and sprung, her fingers outstretched. Then the right did the same, this time a misdirect, steering the defense code to shut down further external access, essentially tricking the programs into focusing on locking the doors of a burning house, but leading a small ember on the outside for them to stamp on, so they’d think the fire was out.”
Needless to say, this is not how hacking works.
Hacking comes in two major flavors. The first is the all-out assault. The second is the stealthy compromise.
The Distributed Denial of Service (DDOS) attack is a prime example for the all-out assault. A large number of software bots are surreptitiously placed on computers all over the world, usually by getting someone to click on an infected link or attachment. The software then automatically downloads itself and send reports into a controller server (itself likely another hacked system). The number of bots can range up to the hundreds of thousands and be directed by a small handful of servers. When the attack is launched, all those computers fire off requests in such volumes to cause the receiving computers to lock up. This is somewhat like having several hundred 5-year-olds ask questions of one person at the same time.
A variation on this is a massive port scan: using the same botnet, hackers can check all the different places software listens to for communication. The bots will then try to crash the software listening on that port, hopefully getting the system to cough up another entryway in response, like a username or password. The botnet is effectively looking in all the computer’s pockets for a hole from which it can swipe the key. Again, the hacker “merely” pulls the trigger after aiming the botnet. You could, I suppose, have a scene of the hackers feverishly writing the code before they launch the attack. But nobody is going to be sitting in a room swooping through 3-D displays. No typing, no visuals.
Then there is the stealthy attack. The special forces to the DDOS tank army. The classic is stealing access to passwords, preferably from a network administrator. The attacker then moves through the network slowly and carefully. The problem with this method is lots of places log their access and strange places often get flagged. If it happens too often, they lock accounts. That is part of the reason why many sites require periodic password changes.
The problem with this model — the hacker working hands on — is that it’s far more traceable and slow. Better is to compromise a system and let a bot go to work. In fact, far better is to let a bot just plain do all the work. It’s faster and safer.
The most common bot for this is the infamous “malware”: viruses, worms, Trojan horses, etc. The single most famous example of malware that went above-and-beyond was Stuxnet. The authors of Stuxnet didn’t sit and click or wave their hands in real time as they manuevered their way into the Iranian nuclear facilities. They had someone pop in a USB drive and the rest was automated.
This makes it tremendously unsexy. The Stuxnet infection took a significant amount of time before it compromised the systems at the Iranian nuclear enrichment facility. And once it was in, there was no way to know if it had worked until the U.S. received human intelligence that the centrifuges it targeted had actually broken. The infected Iranian facility wasn’t hooked up to the internet, but even if had been, it would have been very, very dangerous to report back. Communications can be intercepted.
Now, the Chinese hacker is working in nine years in the future. Why couldn’t she use virtual reality to hack systems in 2024? Well, maybe she would write code using a V.R. headset and virtual keyboard, although I’m unclear as to why. But she wouldn’t interact with the cyberattacks once they were underway. That would just result in detection once the communications were intercepted. Moreover, the time it would have taken to send back data about what was happening and send back the response could be up to ten seconds on the round trip. Add another ten seconds for her reaction time. That is a lot of time for the DIA to realize something is wrong and start shutting the doors.
The authors talk about her and her bots trumping Big Data. It’s a nice buzzword, but it is totally meaningless in this context. Big Data might have been used as a way to train the DIA’s intrusion detection system to recognize which data flow patterns are normal activity and which might indicate an attack. But I have no idea what it would mean for the Chinese hacker to be “building systems components and then tearing them down.” As a description of cyberwarfare, it’s not even wrong; it’s meaningless.
In summary, the hacking in Ghost Fleet is derived from the silver screen, not the reality of today. It also is highly unlikely to be what comes about in ten years.
Now, to be fair, these scenes are just window-dressing. There is, in fact, a scene on page 37 in which a Venezuelan refugee accidentally infects U.S. defense systems in a realistic way. (Although I have to admit I have some doubts that you could actually copy malware onto a security badge — the article cited in their footnotes does not describe anything like the scene.) But there are much more serious problems with the way the cyberwar develops in Ghost Fleet, which we will get to in later installments.
Comments and criticisms very welcome!