The Dread Pirate Roberts, head of the most brazen drug trafficking site in the world, was a walking contradiction. Though the government says he raked in $80 million in commissions from running Silk Road, he allegedly lived under a false name in one bedroom of a San Francisco home that he shared with two other guys and for which he paid $1,000 a month in cash. Though his alleged alter ego penned manifestos about ending "violence, coercion, and all forms of force," the FBI claims that he tried to arrange a hit on someone who had blackmailed him. And though he ran a site widely assumed to be under investigation by some of the most powerful agencies in the US government, the Dread Pirate Robert appears to have been remarkably sloppy—so sloppy that the government finally put a name to the peg leg: Ross William Ulbricht.
The DOD of course has a long history of jump-starting innovation. Historically, it has taken the megafunding and top-down control structures of the federal government to do the kind of investing required to create important technology for the military. Digital photography, GPS, the Internet itself—all were nourished by defense contracts before being opened up to the private sector, which then turned them into billion-dollar industries. ... Now the flow has reversed. Defense has been caught in the throes of the same upheaval that has disrupted legacy industries, unseated politicians, and upended global dynamics. In the digital age, innovation more often comes from smaller entrepreneurs than from the hierarchical structures that were the hallmark of 20th-century government and business. ... Defense contracting is notorious for bureaucratic lethargy and technological backwardness. And executives are leery of appearing to be too close to the US government while they seek to expand overseas. Put bluntly, they don’t want to alienate potential customers. ... The Valley is a place where brainpower is its own kind of currency, and Carter, who holds a PhD in theoretical physics from Oxford, made an impression on the locals. ... somehow Carter must instill the seeds of a cultural and logistical overhaul that will make the modern military-industrial complex nimble enough to provide the kind of innovation and support its 21st-century fighting force needs.
One Thursday in January 2001, Maksym Igor Popov, a 20-year-old Ukrainian man, walked nervously through the doors of the United States embassy in London. While Popov could have been mistaken for an exchange student applying for a visa, in truth he was a hacker, part of an Eastern European gang that had been raiding US companies and carrying out extortion and fraud. A wave of such attacks was portending a new kind of cold war, between the US and organized criminals in the former Soviet bloc, and Popov, baby-faced and pudgy, with glasses and a crew cut, was about to become the conflict’s first defector. ... The once-friendly FBI agents threw Popov in an isolation room, then returned an hour later with a federal prosecutor, a defense attorney, and a take-it-or-leave-it offer: Popov was going to be their informant, working all day, every day, to lure his crime partners into an FBI trap. If he refused, he’d go to prison. ... Popov was shocked. He’d been played for a durak—a fool. He was placed under 24-hour guard at an FBI safe house in Fair Lakes, Virginia, and instructed to talk to his friends in Russian chat rooms while the bureau recorded everything. But Popov had some tricks of his own. He pretended to cooperate while using Russian colloquialisms to warn his associates that he’d been conscripted into a US government sting. ... There seemed no escape from a future of endless jail cells and anonymous American courtrooms. ... Except that in a backwater FBI office in Santa Ana, California, an up-and-coming agent named Ernest “E. J.” Hilbert saw that the government needed Popov more than anyone knew. ... They called the operation Ant City. Now that he was back online, Popov adopted a new identity and began hanging out in underground chat rooms and posting on CarderPlanet, portraying himself as a big-time Ukrainian scammer with an insatiable hunger for stolen credit cards. ... One thing Popov had always known about Eastern European hackers: All they really wanted was a job.
Many companies already have the ability to run keyword searches of employees’ emails, looking for worrisome words and phrases like embezzle and I loathe this job. But the Stroz Friedberg software, called Scout, aspires to go a giant step further, detecting indirectly, through unconscious syntactic and grammatical clues, workers’ anger, financial or personal stress, and other tip-offs that an employee might be about to lose it. ... To measure employees’ disgruntlement, for instance, it uses an algorithm based on linguistic tells found to connote feelings of victimization, anger, and blame. ... It’s not illegal to be disgruntled. But today’s frustrated worker could engineer tomorrow’s hundred-million-dollar data breach. Scout is being marketed as a cutting-edge weapon in the growing arsenal that helps corporations combat “insider threat,” the phenomenon of employees going bad. Workers who commit fraud or embezzlement are one example, but so are “bad leavers”—employees or contractors who, when they depart, steal intellectual property or other confidential data, sabotage the information technology system, or threaten to do so unless they’re paid off. Workplace violence is a growing concern too. ... Though companies have long been arming themselves against cyberattack by external hackers, often presumed to come from distant lands like Russia and China, they’re increasingly realizing that many assaults are launched from within—by, say, the quiet guy down the hall whose contract wasn’t renewed.
The group of European black-hat hackers who launched the attack against New York had spent much of the previous decade breaking into American corporate networks — credit-card companies, hospitals, big-box retailers — mostly for profit, and sometimes just because they could. When those attacks became routine, the group moved into more politically inclined hacks, both against and on behalf of various governments, rigging elections15 and fomenting dissent. In the summer of 2016, the hackers received an anonymous offer of $100 million to perform a cyberattack that would debilitate a major American city. ... to self-identified anarchists with a reflexively nihilistic will to power, the proposition had some appeal. Causing disruption was something that had been on their minds recently, as their conversations veered toward the problems with global capitalism, the rise of technocentrism, bitcoin, and the hubris required to nominate a man like Donald Trump. Their animus got more personal when American authorities arrested a well-respected white-hat hacker who had broken into an insulin pump in order to show the dangers of connecting devices without proper security. The black hats were on the opposite end of the ideological spectrum but had more empathy for their fellow hacker than they did for the American people, who, they felt, deserved a comeuppance ... The plan was to show how much of modern life in a city like New York could be disrupted by purely digital means. The hackers would get paid, but they also hoped their attack would dent America’s complacent faith in order and in the technology and political authority that undergirded it. As a bonus, their services would be in even greater demand.
He's not the genius cranking out code, the analyst looking for the next big IPO, the hand-shaking CEO, or the wartime general turning a pile of intel into a plan. He's the guy who can talk to all of those people, understand them, and combine their strengths into a matrix none individually would have imagined. ... He didn't even have a particularly military bearing. While other guys pumped iron, the lithe little yoga dude they called Dr. Spaghetti Man was stretching and breathing on the wrestling mats, an Ivy Leaguer downward-dogging in a world of booyah. ... As a DARPA program manager, White could name his project. And the “thing” he wanted to make was a new breed of search engines, capable of mining the entirety of the Internet. ... White’s Memex project would be a portfolio approach. Some tools would dive into the dark Web and present all the hidden onion sites to be found there as a list, something previously considered too difficult to bother with. Others would index and sort the enormous flows of deep and dark Web online forums (which are otherwise unsearchable). Others would monitor social-media trends, connect photos, read handwritten information, or strip out data from Web pages and cross-index the results into data maps.
America’s War with Russia’s greatest cybercriminal began in the spring of 2009, when special agent James Craig, a rookie in the FBI’s Omaha, Nebraska, field office, began looking into a strange pair of electronic thefts. ... The leading victim in the case was a subsidiary of the payments-processing giant First Data, which lost $450,000 that May. That was quickly followed by a $100,000 theft from a client of the First National Bank of Omaha. What was odd, Craig noticed, was that the thefts seemed to have been executed from the victims’ own IP addresses, using their own logins and passwords. Examining their computers, he saw that they were infected with the same malware: something called the Zeus Trojan horse. ... The ruse is known as a “man in the browser” attack. While you sit at your computer logging into seemingly secure websites, the malware modifies pages before they load, siphoning away your credentials and your account balance. Only when you log in from a different computer do you even realize the money is gone.
It is reasonable for executives to be anxious. Both Gregg Steinhafel and Beth Jacob, Target’s former chief executive and ex-information officer respectively, lost their jobs following the data breach. The average tenure of a CISO at a company is a little more than two years, according to the Ponemon Institute. This is partly due to the fact that these professionals are in such high demand, but also due to job insecurity of those in the role. ... The average cost of a data breach is $4m, according to security researcher Mr Ponemon, or around $158 for each compromised record. In fact, the figure can vary considerably.
A year ago a hacker stole $55 million of a virtual currency known as ether. This is the story of the bold attempt to rewrite that history. ... Rather than moving bitcoin from one user to another, the ethereum blockchain hosts fully functioning computer programs called smart contracts—essentially agreements that enforce themselves by means of code rather than courts. That means they can automate the life cycle of bond payments, say, or ensure that pharmaceutical companies can authenticate the sources of their drugs. Yet smart contracts are also new and mostly untested. Like all software, they are only as reliable as their coding—and Gün was pretty sure he’d found a big problem. ... Gün feared the bug could allow a hacker to make unlimited ATM-like withdrawals from the millions, even if the attacker, who'd have needed to be an investor, had only $10 in his account. ... This staggering amount of money lived inside a program called a decentralized autonomous organization, or DAO. Dreamed up less than a year earlier and governed by a smart contract, the DAO was intended to democratize how ethereum projects are funded. Thousands of dreamers and schemers and developers who populate the cutting edge of computer science, most of them young, had invested in the DAO.
As big as it was, the heist could have been a lot bigger. The hackers originally intended to funnel $951 million of Bangladesh Bank’s money into phony accounts, according to various investigations. Via Swift, they fired off a series of messages to the New York Fed to do just that. The theft of the full amount was only averted because, after the initial payments had been made, several transactions were flagged “for sanction compliance review,” ... Since then, Philippine authorities have recovered almost a fifth of the stolen money and returned it to Bangladesh, but most of the rest, after flowing through a series of accounts, a money-transfer company, and into local casinos, disappeared into the muggy Manila air. ... All but cut off from the world and hamstrung by sanctions imposed by the United Nations, the U.S., South Korea, and Japan, North Korea needs convertible currencies to finance imports, among other things. It uses a shifting array of agents, shipping companies, and brokers to bring in illicit cash