Alexander Klimburg: The Dark Side of the Web
July 20, 2017

LAWAC President Terry McCarthy with Alexander Klimburg (right)

Eric Schmidt, one of the Google founders, has said that “the internet is the first thing that humanity has built that humanity doesn’t understand.” Containing data that amounts to 50 billion times the amount in the US Library of Congress, the indexed internet is simply too large for anyone to fully oversee – and that, according to Alexander Klimburg, is what makes it so hard to control and so open to abuse.

Initially the internet was invented in the US by altruistic researchers who wanted to create an easy way for freely exchanging information. But now it has acquired an increasingly dark and threatening side, as nations – including the US – find ways to use it as a weapon of war. Addressing a LAWAC Global Café Breakfast on July 20th, Klimburg said it was similar to the development of the wheel, which was originally invented to make pottery. “It was only about 2,500 BC when the Mesopotamians realized the wheel could be used for armed chariots that its function shifted.” This shift from a civilian to a military use of the wheel led to mobile warfare and a whole new direction for humanity. The same process is now occurring with the internet, as we see with cyber-attacks that affect large numbers of organizations across the world, shutting down systems, demanding ransom or destroying physical assets (like the Iranian nuclear centrifuges that were rendered inoperable by the Stuxnet virus).

And Klimburg says we haven’t seen anything yet – there has not been a “Hiroshima moment” when a cyber-attack has demonstrated the extent of destruction that could be caused by a full-scale application of all the cyber weapons that the world’s major cyber powers – the US, China and Russia primarily – could deploy. We know, for example, that Russian hackers have implanted malware in utilities around the US that could potentially be activated if the US and Russia were to find themselves in a state of war – a war that might itself be precipitated by some form of cyber-attack. But we don’t know what it would look like and how long it would take to recover if these “logic bombs” were to be detonated.

Klimburg says there is a vast gulf between how liberal democracies in the US and Europe view the internet, and how it is seen in authoritarian regimes like Russia and China, whose primary concern is not information exchange but protecting their own power. “Authoritarian regimes are always trying to restrict and control the flow of information,” he said, and that is why both China and Russia would like to see intergovernmental regulations empowered to control the internet, ideally through the UN. This would legitimize their own internal restrictions on the digital world. This runs against the US model of having the internet privately run – without a state actor being able to demand, in a theoretical example suggested by Klimburg, that a New York Times article they don’t like be delisted from the internet all around the world.

“Russia and China aren’t worried about the lights going out, or international law, they care about who controls the root of cyberspace - they want the simple solution to be government control, and there’s very little space for free speech in that kind of world.”

In the search for greater control, the Chinese are in the process of creating a “Total Surveillance Society”, said Klimburg, in which every move a citizen makes is logged online, contributing to a “social credit score.” If a citizen jaywalks, doesn’t pay his or her taxes, doesn’t visit an elderly relative or talks to a banned pro-democracy group then that citizen’s score would go down. If the citizen gives to charity, praises the communist party or performs some other activity deemed socially helpful, their score would go up. Higher scores would potentially allow citizens better access to schools, or upgrades on air travel or any other number of benefits. This has been termed “gamifying obedience to the state” – as if one’s real life is reduced to a simulated video game in a state-run panopticon in which one can win rewards or suffer penalties, all doled out by an omniscient state. Klimburg says this social credit score system could be fully operational across China in two to three years.

Russia produces some of the best coders in the world, said Klimburg, far more skilled and less easy to track than Chinese hackers. Much of Russia’s cyber capability rests within their intelligence services, the FSB and the GRU – but they also apparently use cyber criminals on a contract basis. Asked about the Russian involvement in the 2016 US elections, Klimburg said that this is a part of Russia’s information warfare strategy, where they seek not to cause physical damage to their enemies, but rather to influence public opinion and attack the legitimacy of western institutions. “Actually the Europeans have faced much worse,” he said. But the US is a much softer target, because of the very low level of confidence Americans have in their politicians and their media. “Only 20% of Americans think the mainstream media is doing a good job – and only 6% think Congress is doing a good job.” This makes America ripe for information warfare through fake news and other stratagems.

Asked about how the US should respond to the cyber capabilities of countries who are in a position to either cause damage to our physical infrastructure or interfere in our democracy, Klimburg said the US should not respond to information warfare in a tit for tat but should rather try to shut it out. He cited the example of Sweden that sustained very intense Russian hacking, and they just exposed it and shrugged it off – with the result that support for NATO in Sweden went up from 19% to 49% - exactly the opposite of what the Russian hackers were trying to achieve. And he said we should make it clear that we regard our electoral system as part of our critical infrastructure, and not something we will tolerate being interfered with by any foreign actors.