Sabotaging National Security by Land, Air, Sea, and Cyberspace
Mapping threats facing the incoming Trump administration from Russia, China, and terror groups.
Hackers and cyber hacking are as old as the internet. The first known use of the terms can be found in the November 1963 issue of the Massachusetts Institute of Technology's student newspaper, The Tech. However, given the current social and political climate, hacking has evolved into a critical theater on the battlefield of national security. Just as the U.S. must defend its land, air, and sea from foreign and domestic attacks, today, it must also vigilantly protect against cyber attacks.
Despite several known cyber attacks from foreign and domestic bad actors, the integrity of the U.S. election process emerged relatively unscathed due to the vigilance of American cyber security experts. Nevertheless, leading national security experts continue to warn that cyber attacks on the nation's infrastructure did not end on November 5 with the end of the historic 2024 election cycle. Indeed, ongoing interference and disruption of worldwide internet infrastructures remain a constant and daily high-level national security concern.
Sabotage by Land and Sea
U.S. cyber security concerns are not limited to nefarious hackers lurking online, nor are they limited to within the United States itself. In mid-November, Russia, with the help of China, was suspected of sabotaging two critical underwater internet cables in the Baltic Sea. One of the severed cables connected Finland to Germany, and the other connected Sweden to Lithuania.
A Telia Lithuania telecommunications company spokesman told CNN, "The company’s monitoring systems could tell there was a cut due to the traffic disruption and that the cause was likely physical damage to the cable itself." Telia Lithuania also confirmed the disruption did not occur due to "equipment failure but by physical damage to the fiber optic cable," alerting the world to further acts of cyber sabotage.
European leaders suspect Moscow of severing the critical communication cables as a potential act of "hybrid warfare." Hybrid warfare combines non-military strategies and tactics, such as cyber sabotage, with conventional physical warfare. It creates chaos and undermines the security of its opponents. This type of warfare includes political, economic, and communication tactics, such as espionage, sabotage, disinformation, misinformation, and propaganda. Those tactics combine with conventional physical warfare strategies, causing the opponent to fight on several fronts simultaneously.
Since joining NATO in April 2023 and March 2024, Finland and Sweden have been highly alert to possible Russian espionage in the region. Their NATO memberships ended decades of neutrality, displeasing Russian President Vladimir Putin.
The West "took Finland and dragged it into NATO," Putin said in an interview on Russian TV. “There were no problems [with the Danes], but now there will be because we will now create the Leningrad military district and definitely concentrate military units there.”
Danish authorities investigated the travel history of one hundred percent of the ships traveling in the region at the time of the incident. As a result, the Danish Navy began shadowing a Chinese-registered cargo ship when it learned it passed directly over the undersea cables near the time the damage occurred. This same vessel sitting idle in Danish waters had also been docked at a western Russian port in mid-November before it headed west through the Baltic Straits.
Sources within Sweden's National Operative Department said while the Chinese vessel is "currently of interest," there may be other suspects. Danish authorities have deployed vessels to increase surveillance of the area, concluding the damage was caused deliberately.
While Russia was not directly accused of orchestrating the sabotage, European leaders condemned what they called "Moscow's escalating hybrid activities against NATO and European Union (EU) countries."
Germany's Defense Minister Boris Pistorius said, "Nobody believes these cables were accidentally cut off." Meanwhile, U.S. officials contradicted their EU counterparts, claiming the sabotage was, in fact, an accident. Two U.S. officials inexplicably told CNN the damage was likely not a deliberate attack but "caused by an anchor dragged from a passing vessel." While it is possible the damage was accidental, it's worth noting it came just days following the Biden administration permitting Ukrainian forces to use American-made long-range missiles against their Russian counterparts for the first time.
It's also worth noting that, contrary to what U.S. intelligence officials told CNN in September, Russia was actively assembling a secretive submarine unit called the General Staff Main Directorate for Deep Sea Research. Now known by its Russian acronym, GUGI, the unit's mission was assumed to be the surveillance and destruction of undersea internet cables the West relies on for critical communications.
In addition, former Russian president and Putin ally Dmitry Medvedev said undersea cables were fair game because the West was complicit in sabotaging the underwater Nord Stream gas pipelines. "If we proceed from the proven complicity of Western countries in blowing up the Nord Streams, then we have no constraints—even moral—left to prevent us from destroying the ocean floor cable communications of our enemies," Medvedev said in a post on Telegram.
In September 2022, a series of unexplained underwater explosions severely damaged the Nord Stream 1 and Nord Stream 2 natural gas pipelines in the Baltic Sea region. The official cause of those explosions is still unknown; however, Russian President Vladimir Putin accused the U.S. of being responsible for the attack, while European authorities blamed a team of Ukrainian divers working at the behest of Ukraine's President Volodymyr Zelensky.
It is believed Zelensky approved of the planned sabotage but failed to stop it after the Central Intelligence Agency (CIA) warned against it. Zelensky denied responsibility for the attacks and blamed Russia. While no arrests have been made after an extensive investigation, Baltic countries have increased surveillance of the area's undersea internet and energy infrastructures.
(READ MORE: A Senior Military Officer Speaks Out About Being Fired Over the COVID Shot)
Sabotage in Cyberspace
Most cyber hacks are ongoing, self-perpetuating, and occur any time of day or night. A breach in the file transfer software MOVEit has been rampaging through the cybersphere since at least early 2021. Likely initiated by Russian hackers who call themselves Cl0p, the ransomware extortion MOVEit file breach has affected over 15 million users and 121 organizations worldwide. Victims range from schools and universities to IT providers, international banking systems, and local governments.
Authorities say Cl0p’s true identity and location are not yet known. However, the group appears to be Russian-linked or at least comprised of Russian-speaking hackers, as its name is a play on the Russian word for “bug.” In 2021, Ukrainian authorities announced the arrests of six people tied to Cl0p, but it’s clear they were not essential members of the group, which continues to hack victims to this day.
The FBI said it was "aware of and investigating the recent exploitation of a MOVEit vulnerability by malicious ransomware actors." Meanwhile, on Twitter/X, the official U.S. State Department program Rewards for Justice announced a $10 million reward for information linked to Cl0p's cyber hacking activities or other hacking groups targeting American critical infrastructure by foreign governments.
#RewardsforJustice offers rewards up to $10 million for info about efforts to target U.S. critical infrastructure.
— Rewards for Justice (@RFJ_USA) July 23, 2024
Follow us to be the first to hear about our announcements! pic.twitter.com/BvHyh8OGzW
When targeting vulnerable websites, most hackers seek high-value data and information that can be quickly sold for profit or used to further political and ideological goals. Hackers also constantly probe security vulnerabilities within a site to exploit them in the future. In truth, no individual or organization is immune from cyberattacks. Government, financial services, nonprofits, and online retail sites are among the most attacked and hacked. Even the internet's archive, known as "the Wayback Machine," was hacked and damaged in late October.
Sabotage by Air and Sea[port]
Last month, the U.S. Coast Guard issued the second of two notices warning of the cyber security risk posed by Chinese-owned cranes at our nation's ports. Maritime Security (MARSEC) Directive 105-5 warned that additional security measures are needed to respond to the threat, and the "specific threats against maritime elements" should be assessed.
The People's Republic of China (PRC) has manufactured and installed almost 80 percent of all port cranes currently in U.S. ports. "By design, these cranes may be controlled, serviced, and programmed" remotely, leaving them vulnerable to cyber hacking and exploitation. This security vulnerability threatens our national transportation system and the safety of our waterfront facilities and vessels.
Last spring, the FBI discovered unauthorized electronic data collection devices and cellular modems on several Chinese-made cranes in the port of Baltimore.
The House Homeland Security Committee reported that these compromised cranes "pose significant cybersecurity and national security threats." The committee also determined that the devices could act as "Trojan horses," enabling the PRC and its military to exploit and manipulate U.S. maritime equipment and technology.
One thing is certain: hackers never sleep, and neither should U.S. cybersecurity officials. But who are these officials, and which government department protects us from these attacks? Only further investigation will reveal the truth.
(READ MORE: Joe Biden and Kamala Harris Discover a Spy in the Pentagon—and Give Her a Promotion)