The shadowy world of cybercrime was exposed in the recent federal indictment of eight men accused of manipulating computer networks and ATMs to steal $45 million over seven months. The heist combined sophisticated hacking with street-level hustle. In New York City alone, thieves struck 2,904 cash machines over 10 hours on a single day in February.
For all the wonders of the digital revolution, there is a turbulent and largely hidden underside of theft and disruption that grows by the day; the losses are often not counted in stacks of $20 bills but rather in millions of dollars of intellectual property stolen or compromised. Computer networks are vital to American capitalism and society but remain surprisingly vulnerable to hijack and hijinks.
Also worrisome is the threat of cyberattack on the nation's infrastructure, such as electric grids or dams. The Department of Homeland Security has issued a 13-page alert about possible attacks on industrial control systems. According to a report in The Washington Post, the warning expressed concern that an assault could go "beyond intellectual property theft to include the use of cyber to disrupt ... control processes."
The department did not identify the adversary, but there has been concern about Iran's ability to carry out cyberattacks like the one that destroyed 30,000 computers at the state-owned Saudi oil company Aramco.
Why does this matter? One of the first digital weapons to target industrial control systems was Stuxnet, a computer worm reportedly invented by the United States and Israel to damage equipment in Iran used to enrich uranium that could be used in a bomb. If Stuxnet was successful, as sources have claimed, it caused Iran's centrifuges to fail. As a method of slowing the march toward a nuclear weapon, Stuxnet was ingenious and preferable to a conventional bombing attack.
In cyberspace, however, the United States is not the only powerful actor. Other states increasingly have the capability and the willingness to attack.