Amanpour and Company

NOW, RUSSIA'S HACKING OPERATIONS, WHICH WE WERE JUST DISCUSSING, ARE ONLY THE START OF THE STORY. THE CYBER ARMS RACE IS A GLOBAL BATTLE, AND THE TARGETS AREN'T JUST NATION STATES. YOU AND I ARE VULNERABLE EVERY TIME WE LOG ON TO OUR EMAIL, ORDER A RIDE SHARE OR SWIPE OUR CREDIT CARD. BUT "NEW YORK TIMES" JOURNALIST NICOLE PEARLROTH SAYS THE U.S. IS STILL NOT DOING ENOUGH TO PROTECT ITS CITIZENS AND SHE'S THE AUTHOR OF "THIS IS HOW THEY TELL ME THE WORLD ENLDZ." AND HERE SHE IS. >> CHRISTIANE THANKS. THANKS FOR JOINING US. WHAT YOU DO SO WELL IN THIS BOOK IS LAY OUT A SERIES OF ALMOST MARKETPLACES THAT PEOPLE DON'T EVEN KNOW EXIST, THAT, YOU KNOW, THERE ARE HACKERS THAT INSIDE AND OUTSIDE GOVERNMENTS THAT ARE FINDING TINY VULNERABILITIES IN PIECES OF SOFTWARE WE ALL USE. BUT HOW THAT VIRUS OR HOW THAT PIECE OF CODE GETS INTO THE HANDS OF SOMEONE THAT CAN TAKE ACTION TO IT. I MEAN, IT'S SORT OF A BYZANTINE WORLD OF BIZARRE CHARACTERS, SOME OF THEM-- BUT THE FACT THAT PEOPLE ARE BUYING AND SELLING THIS. AND THIS IS JUST PART OF THE ARMAMENTS THAT COUNTRIES HAVE NOW. >> THAT'S WHY I WROTE THE BOOK IS BECAUSE I COULDN'T WRAP MY HEAD AROUND THE FACT THAT WE, THE U.S. TAXPAYER, PAY THE U.S. GOVERNMENT TO KEEP US SAFE IN TERMS OF NATIONAL SCURPT, BUT ALSO WE ASSUME CYBERSECURITY. AND IN A LOT OF CASES, THEY'RE LEAVING US MORE VULNERABLE TO PRESERVE THEIR ESPIONAGE OPERATIONS AND THEIR BATTLEFIELD PREPARATIONS. SO THE MOST BASIC LEVEL, I JUST COULDN'T WRAP MY HEAD AROUND THAT THE U.S. GOVERNMENT WOULD PAY HACKERS OR THEIR INTERMEDIARIES GOOD MONEY-- MILLIONS OF DOLLARS IN SOME CASES -- TO TURN OVER HOLES IN SOFTWARE, LIKE YOUR iPHONE I.O.S. SOFTWARE, SO THEY CAN STOCKPILE IT IN CASE THEY NEED TO USE IT TO SPY ON A TERRORIST OR DRUG CARTEL OR CHILD PREDATOR. AND THAT THREE DECADES AGO, THERE REALLY WASN'T THIS MORAL HAZARD BAKED IN BECAUSE IF WE FOUND A HOLE IN WAW WAY SOFTWARE, FOR THE MOST PART, AMERICANS WEREN'T USING HUEWI, BUT CHINA WAS AND NORTH KOREA AND IRAN AND SUDAN AND SYRIA. WE HAD A LEGITIMATE CASE TO MAKE THAT WE SHOULD BREAK INTO THAT SOFTWARE AND USE IT AS A BEACHHEAD TO SPY ON SOME OF OUR ADVERSARYS. THESE DAYS, THREE DECADES LATER-- AND HUEI IS AN EXCEPTION, AND WE'RE WITH FEW EXCEPTIONS, WE'RE ALL USING THE SAME TECHNOLOGY NOW. SO WHEN THE U.S. GOVERNMENT FINDS A FLAW IN MICROSOFT WINDOWS AND DOESN'T TELL MICROSOFT ABOUT IT SO MICROSOFT CAN FIX IT, THEY'RE NOT JUST LEAVING AMERICANS SAFE IN THE NAME OF THEIR COUNTER-INTELLIGENCE OPERATIONS. THEY'RE ALSO LEAVING A LOT OF OUR CRITICAL INFRASTRUCTURE SAFE BECAUSE AS MARK ANDRESSON PUT IT, SOFTWARE IS EATING THE WORLD. SO MICROSOFT WINDOWS AND OTHER SOFTWARE IS MAKING ITS WAY INTO OUR POWER GRID, INTO OUR GAS PIPELINES AND OTHER ENERGY INFRASTRUCTURE AND OUR HOSPITALS AND WATER TREATMENT, ET CETERA. SO THE STAKES KEEP GOING UP FOR THESE PROGRAMS. AND IT WAS JUST SURPRISING TO KNOW THAT EVEN SO, IT HASN'T REALLY CHANGED THE CALCULUS THAT MUCH ABOUT STOCKPILING VULNERABILITIES IN THE SOFTWARE THAT WE ALL USE NOW. >> YOU KNOW, JUST RECENTLY, IT WAS REVEALED THAT A PAIR OF HACKERS WORKED WITH THE DEPARTMENT OF JUSTICE. PEOPLE WILL REMEMBER THE HORRIBLE SHOOTING THAT HAPPENED? SAN BERNARDINO. BUT AFTER THAT, THERE WAS ALSO THIS KIND OF ETHICAL QUANDARY THAT THE U.S. GOVERNMENT SAYING TO APPLE, "HEY, WE WANT A WAY TO OPEN THIS iPHONE BECAUSE WE THINK THIS PERSON MIGHT HAVE HAD MORE INFORMATION ON THERE AND WE WANT TO BE AWBL TO OPEN IT." TIM COOK FAMOUSLY SAID, "NO, IF I CREATE A BACKDOOR FOR YOU, I CREATE A BACKDOOR FOR EVERYONE. THIS IS BAD POLICY." AND SUDDENLY THE DEPARTMENT OF JUSTICE STOPPED. THEY SAID NO, THAT'S ALL RIGHT. YOU DON'T HAVE TO. WE GOT OUR WAY BACK IN. AND NOW, YEARS LATER, WE'RE FIGURING OUT HOW THAT HAPPENED. BUT IT'S STUNNING TO THINK THAT TECHNICALLY, THAT VULNERABILITY COULD BE FOUND BY MORE THAN JUST THOSE TWO PEOPLE, EVEN THOUGH-- RIGHT. IT'S THAT WHEN THEY POKE A HOLE INTO SOMETHING, IF THE GOVERNMENT THINKS THEY CAN HOLD ON TO IT-- I MEAN, THERE'S KIND OF A SHELF LIFE FOR THESE THINGS. >> THAT'S RIGHT. AND THAT WAS A BIG DEAL. I HAD SIGNED ON TO DO THIS BOOK ABOUT THIS PARTICULAR MARKET IN 2014, AND I NEVER KNEW THAT A YEAR LATER, THE F.B.I. WOULD JUST COME OUT AND ANNOUNCE THAT IT HAD PAID A HACKER MORE THAN $1 MILLION FOR A WAY INTO APPLE'S DEVICES AND HAD NO PLANS OF TELLING APPLE ABOUT IT. AND, OF COURSE, WE KNOW, BECAUSE WE'VE ALL SEEN SO MANY HIGH-PROFILE CYBER ATTACKS, THAT WE'RE NOT THE ONLY ONE WHO WOULD BE LOOKING FOR THAT CAPABILITY. CHINA, RUSSIA, IRAN, THE UNITED ARAB EMIRATES, SAUDIS-- THEY ALL HAVE THEIR OWN REASONS FOR WANTING TO KEEP TABS ON iPHONE COMMUNICATIONS. I MEAN, WHAT MORE DO YOU WANT AS A SPAY AGENCY THAN TO TRACK SOMEONE'S LOCATION OR COMMUNICATIONS OR CONTACTS? AND THE GOING RATE THESE DAYS, ACTUALLY, IN 2021, FOR THAT SAME HOLE THAT THE F.B.I. PURCHASED FROM HACKERS IS ACTUALLY $2.5 MILLION. IT'S ALREADY DOUBLED FROM WHEN F.B.I. PAID THOSE HACKERS BACK IN 2015. AND WHAT'S INTERESTING TO ME IS THAT OTHER BROKERS HAVE POPPED UP IN ABU DHABI THAT SERVE EXCLUSIVELY THE SAUDIS AND THE EMIRATES AND THEY'LL OFFER $3 NATURAL THAT SAME CAPABILITY. SO WE'RE ALREADY GETTING OUTBID HERE IN THE UNITED STATES. AND THAT WAS A BIG FOCUS OF MY RESEARCH TRYING TO SEE JUST WHERE THESE CAPABILITIES AND THESE MARKETS WERE DRIFTING. BECAUSE FOR A LONG TIME, THE U.S. HAD THE BEST HACKERS AND TALENT AND CAPABILITIES. BUT WHAT HAS HAPPENED IS AS OTHER GOVERNMENTS' EYES HAVE OPENED TO THE POTENTIAL FOR THESE iPHONE OR WINDOWS VULNERABILITIES, THEY'VE STOOD UP THEIR OWN OFFENSIVE PROGRAMS, BUT THEY DON'T HAVE THE TALENT AND HACKERS WE HAVE HERE. BUT THERE IS NOW A MARKET, AND THEY CAN PAY HACKERS ALL OVER THE WORLD TO MEET THEIR DEMANDS FOR THESE CAPABILITIES. AND THEY ARE ACTIVELY OUT-BIDDING THE UNITED STATES IN THIS MARKET NOW. >> YOU KNOW, I THINK MAYBE BECAUSE OF WHAT HAPPENED ON JANUARY 6 AND JUST THE GEN GENERAL... STRESS THAT PEOPLE HAVE BEEN UNDER FOR PAST YEAR ABOUT POLITICS, ONE OF THE THINGS THAT-- ONE OF THE STORIES THAT KIND OF GETS BURIED IS THE MASSIVE HACKS THAT HAVE HAPPENED IN THE LAST FEW MONTHS, THE HACK BY THE RUSSIANS. WE LITERALLY HAVE THE ADMINISTRATION NOW PUTTING ECONOMIC SANCTIONS ON 16 DIFFERENT ENTITIES AND 16 PEOPLE. AND I WONDER IS THAT GOING TO BE ENOUGH OF A DETERRENT? I MEAN, BECAUSE IT SEEMS LIKE THE NATION STATES HAVE DONE THEIR COST-BENEFIT ANALYSIS, AND THIS IS JUST PART OF HOW COUNTRIES EXIST NOW. >> I THINK YOU'RE RIGHT. NOTHING WE HAVE DONE TO RUSSIA AFTER THE 2016 ELECTION, SUCH AS SANCTIONS, SUCH AS HACKING INTO THEIR GRID, STOPPED THEM FROM PULLING OFF THE LATEST ATTACK THAT WE'RE CALLING "SOLAR WINDS," BECAUSE THEY USED AN AMERICAN COMPANY TO BREAK INTO OUR FEDERAL AGENCIES. IT DIDN'T DETER THEM. BUT THERE IS A QUESTION-- AND I DON'T THINK WE'LL EVER GET TO THE BOTTOM OF THIS UNLESS WE'RE A FLY ON VLADIMIR PUTIN'S WALL. BUT WHEN THEY USED SOLAR WINDS TO BREAK INTO THESE FEDERAL AGENCIES AND GET INCREDIBLE ACCESS TO THE DEPARTMENT OF ENERGY AND OUR NUCLEAR LABS AND THE DEPARTMENT OF HOMELAND SECURITY AND OUR HOMELAND SECURITY SECRETARY'S EMAILS, YOU KNOW, THEY STOPPED SHORT OF ANY KIND OF PARALYSIS OR DEGRADATION OR DESTRUCTION INDEPENDENT WAY WE HAVE SEEN THEM USE THOSE ATTACKS IN UKRAINE, FOR EXAMPLE. THIS REALLY DOES APPEAR TO HAVE BEEN CLASSIC ESPIONAGE. AND IT WAS TIMED AROUND THE SAME TIME THAT WE WERE ALL WORRIED ABOUT FOREIGN INTERFERENCE. IN PARTICULAR, RUSSIAN INTERFERENCE IN THE 2020 ELECTION. SO THERE IS AN INTERESTING QUESTION HERE THAT I DON'T KNOW IF WE'LL EVER BE ABLE TO ANSWER WHICH IS DID ALL OF THE ATTENTION TO THE ELECTION AND THE SANCTIONS AND OUR OWN HACKING OF RUSSIA'S POWER GRID DETER THEM FROM DOING MORE IN 2020 TO HELP ELECT THEN-PRESIDENT TRUMP? DID IT SUNDAY THEM IN THE OTHER DIRECTION? THE TIMING WAS VERY CLEVER. THEY TOOK A DIRECT HIT AT OUR FEDERAL AGENCIES WHEN THOSE SAME AGENCIES WERE FOCUSED SO ACUTELY ON THE ELECTION AND OUR BACKEND ELECTIONS, THE INFRASTRUCTURE. SO PERHAPS IT WAS A DETERRENT. BUT, YOU KNOW, THEY ARE IN THESE SYSTEMS, AS WE SPEAK. IF IT IS THE ACTOR THAT WE THINK IT IS, A UNIT OF THE S.V.R., WE KNOW THEM WELL BECAUSE THEY ACTUALLY HACKED THE STATE DEPARTMENT AND THE WHITE HOUSE BACK IN 2014, 2015. AND WHEN I INTERVIEWED THOSE WHO WERE ON THE GROUND THAT WERE BROUGHT IN TO CLEAN UP FROM THAT ATTACK, I'LL NEVER FORGET. THEY DESCRIBED THE PROCESS OF KICKING THOSE HACKERS OUT AS HAND-TO-HAND DIGITAL COMBAT. THE FACT THAT THEY HAD FOUND THEM IN THESE DIGITAL HALLWAYS WASN'T ENOUGH TO SEND THEM PACKING. THEY WERE REALLY FIGHTING TO STAY IN THOSE NETWORKS. AND THE FACT THAT THOSE SAME HACKERS MIGHT HAVE BEEN IN OUR GOVERNMENT AGENCY SYSTEMS MONTHS BEFORE WE EVEN DISCOVERED THEM, YOU CAN PRETTY MUCH GUARANTEE THAT THERE IS A LONG LIST OF BACKDOORS PLANTED IN OUR FEDERAL I.T. SYSTEMS, AND THAT IT COULD BE A LONG TIME BEFORE WE CAN CONFIDENTLY SAY WE KICKED THEM OUT. >> YOU ALSO POINT OUT HOW SOME OF OUR BIGGEST COMPANIES HAVE BEEN TARGETS OF NATION STATES, NOT SOMETHING THAT THEY EXPECTED, NOT SOMETHING THAT THEY PREPARED FOR. AND WE HEAR ABOUT, YOU KNOW, HACKS OF HALF A BILLION FACEBOOK USERS' INFORMATION OR CLUBHOUSE BEING HACKED, ET CETERA. I WONDER HOW CONCERNED YOU THINK THAT AMERICANS SHOULD BE ABOUT THEIR OWN INFORMATION, CONSIDERING THAT WE'RE STORING IT IN AMAZON'S CLOUD AND IN GOOGLE'S CLOUD AND, YOU KNOW, I'M PRESSING "I ACCEPT" FOR LOTS AND LOTS OF THINGS THAT I'M NOT READING ALL THE WAY THROUGH. >> YES, I MEAN, IT IS INCREDIBLY FRUSTRATING TO BE SITTING IN SILICON VALLEY RIGHT THIS MOMENT AND HEARING THINGS LIKE MOVE FAST AND BREAK THINGS AND KEEP SHIPPING, AND SOFTWARE EATS THE WORLD, WITHOUT ANYONE MENTIONING SECURITY. YOU KNOW, WHEN I WAS IN UKRAINE, THEY HAVE SUFFERED EVERY KIND OF CYBER ATTACK FROM RUSSIA, INCLUDING RUSSIA TURNING OFF THE LIGHTS AND DECIMATING THEIR FEDERAL GOVERNMENT AGENCIES. AND THEY SAID, "YOU BETTER PAY A LOT MORE ATTENTION IN THE UNITED STATES TO WHAT'S HAPPENING HERE BECAUSE WE DON'T THINK THAT WE'RE THE END TARGET. WE THINK WE'RE SPRING TRAINING." AND WE WOULD NEVER CONSIDER USING A MACHINE TO CONSTRUCT OUR ELECTIONS. WE WILL BE DOING OUR ELECTIONS ON PEN AND PAPER, THANK YOU VERY MUCH." BUT, YEAH, TO YOUR POINT, YES, THE DATA IS GONE. NO MATTER WHAT YOU DO IN TERMS OF TRYING TO PROTECT YOUR HOUSE PURCHASE BY PUTTING IT THROUGH YOU KNOW, YOU'RE STILL GIVING YOUR ADDRESS AND YOUR NAME TO AMAZON. AND IF SOMEONE WANTS TO FIND OUT WHERE YOU LIVE, IT'S PRETTY EASY TO DO THAT. AND EVEN IF YOU'RE NOT TELLING ANYONE WHERE YOU'RE TRAVELING OR WHO YOU'RE MEETING WITH, THE G.P.S. ON YOUR PHONE THAT'S COLLECTED BY DATA MARKERS, NOT EVEN BY NATION STATES, IT'S JUST ENOUGH FOR ANYONE WHO WHO WOULD WANT TO KNOW WHO YOU ARE MEETING WITH. AND ALL OF THAT DATA HAS BEEN TARGETED BY HACKERS, AND FOREIGN NATION STATE HACKERS OVER THE LAST FIVE, SIX YEARS. YOU KNOW, WE HAVE SEEN CHINA HACK THE OFFICE OF PERSONAL MANAGEMENT, WHICH HAD A CLEARINGHOUSE OF DATA ON EVERYONE WHO HAD EVER APPLIED FOR A SECURITY CLEARANCE IN THE UNITED STATES. BUT WE HAVE ALSO SEEN THEM HACK EQUIFAX AND MARRIOTT AND A NUMBER OF AIRLINES AND HOSPITALITY COMPANIES BECAUSE THEY WANT TO KNOW WHERE WE ARE STAYING, WHERE WE ARE TRAVELING, IF THERE ARE CHINESE CITIZENS THAT ARE POTENTIALLY TRAVELING AND STAYING AT THOSE SAME PLACES SO THEY CAN ROOT OUT THEIR OWN CHINESE DOUBLE AGENTS, THAT KIND OF THING. SO ALL OF THAT IS OUT THERE. AND IN A LOT OF CASES, OUR PERSONAL DATA IS NOT ONLY SITTING ON THE DARK WEB. IT'S SITTING IN NATION STATE WAREHOUSES. SO WHAT CAN WE DO? WELL, WHAT I DO IS I JUST THINK WHAT IS THE THING THAT I HAVE THAT A NATION STATE OR CYBER CRIMINAL WOULD WANT? AND IN MY CASE, IT'S PROBABLY MY SOURCES. SO I GO TO RIDICULOUS LENGTHS THESE DAYS TO PROTECT MY SOURCES. AND IT'S MUCH HARDER IN THE PANDEMIC. YOU KNOW, I CAN USE SIGNAL, THE MESSAGING APP, BUT I WOULD MUCH RATHER MEET WITH PEOPLE IN PERSON AND I'D RATHER LEAVE MY DEVICES BEHIND. I'D RATHER GET A RIDE FROM SOMEONE ELSE AND NOT AN UBEROR DRIVE MYSELF BECAUSE MY CAR HAS G.P.S. NAVIGATION. I THINK ABOUT ALL OF THESE THINGS. THE AVERAGE AMERICAN IS NOT A NATION STATE TARGET. SO I THINK IT'S JUST IMPORTANT FOR PEOPLE TO THINK ABOUT WHAT IS IT THAT I HAVE THAT A NATION STATE OR CYBER CRIMINAL WANTS? IN MOST CASES IT'S PROBABLY YOUR EMAIL LOGINY CREDENTIALS WHICH IS THE KEYS TO THE CASTLE THESE DAYS, AND TO TURN ON YOUR AUTHENTICATION AND USE A DIFFERENT PASSWORD FOR YOUR EMAILS THAN ANYTHING ELSE, AND YOU'LL KNOCK OFF ABOUT 85% OF THE THREATS YOU COULD POSSIBLY FACE. >> I WONDER WHAT KEEPS YOU UP AT NIGHT KNOWING WHAT YOU KNOW NOW. NIINGS A WRAY WE-- ARE WE WINNING OR ARE WE LUCKY THAT WE'RE NOT LOSING? >> WELL, I WOULD SAY WE ARE LOSING. I THINK WE ARE-- AND THIS IS-- THIS IS JUST A STUNNING CONCLUSION I MADE IN DOING THE RESEARCH FOR THIS BOOK. THE UNITED STATES IS STILL THE WORLD'S TOP DOG IN THIS SPACE. WE ARE STILL THE WORLD'S OFFENSIVE CYBER SUPER POWER. BUT WE ALSO NOW ARE ONE OF THE MOST TARGETED NATION STATES ON EARTH, IF NOT THE MOST TARGETED, BY CYBER CRIMINALS AND OTHER NATION STATES. THEY RECKON THAT THEY SEE INCREDIBLE OPPORTUNITIES TO-- COUNTRIES LIKE I SAID, LIKE IRAN AND NORTH KOREA THAT CAN'T MATCH US ON THE BATTLEFIELD AND IN TERMS OF MILITARY SPENDING SEE THAT THERE ARE TREMENDOUS OPPORTUNITIES FOR THEM TO-- WITH CYBER ATTACKS AND THEY HAVE BEEN DOING THAT FOR QUITE A LONG TIME. BUT, ALSO, WE ARE THE MOST VULNERABLE. LIKE I SAID, IN UKRAINE THEY HAVE THE SENSE OF URGENCY. THEY'VE BEEN GETTING BEAT UP AND BLACKED OUT BY RUSSIA, THE WORLD'S SAFFIEST CYBER PREDATOR. BUT THEY'RE NOT DIGITIZED IN THE WAY WE ARE HERE. AND WE HAVE JUST BEEN PLUGGING EVERY LAST PIECE OF OUR CRITICAL INFRASTRUCTURE AND DATA INTO OF INTO THE INTERNET WITHOUT THINKING ABOUT SECURITY. SO WE HAVE CREATED, EFFECTIVELY, THE WORLD'S MOST LUCRATIVE CELTIC SURFACE. AND WE ARE SEEING PEOPLE KNOCK ON OUR DOORS EVERY DAY. SO WHAT I WORRY ABOUT IS THE FACT THAT THE U.S. GOVERNMENT'S POLICY AND APPROACH TO THIS HAS BEEN MORE HACKING, HAS BEEN WHAT THEY CALLED "DEFEND FORWARD." HACK OUR ADVERSARIES SO WE CAN GET AN EARLY ALERT SYSTEM FOR WHAT THEY HAVE PLANNED BEFORE THESE ATTACKS COME HIT U.S. NETWORKS. BUT AS WE JUST SAW WITH SOLAR WINDS, WE MISSED IT FOR NINE MONTHS. AND IT ACTUALLY WASN'T THE N.S.A. OR CYBER COMMAND THAT UNEARTHED THAT ATTACK. IT WAS FIREEYE, A PRIVATE SILICON VALLEY COMPANY AND ONLY AFTER IT WAS ITSELF HACKED BY RUSSIA, AND THEN WAS ABLE TO REWIND THE ATTACK AND FIGURED OUT THAT RUSSIA HAD COME IN THROUGH SOLAR WINDS, WHICH WAS USED BY ALL OF THESE FEDERAL AGENCIES. SO I THINK IT IS TIME, PROBABLY HIGH TIME WE ARE WAY PAST DUE TO REFOCUS ON OUR CYBER DEFENSE. >> THE TITLE OF THE BOOK IS, "THIS IS HOW THEY TELL ME THE WORLD ENDS." THANKS SO MUCH FOR JOIN US. >> THANK YOU SO MUCH. THIS WAS WONDERFUL.