Are giving him a name tag. Welcome, michael and everyone else. I am jane harman, president and ceo of the Wilson Center. It is the best job on the planet because i get to talk to geniuses every single day. One of them who is not in my script but i will call around is meg king, she runs our science, technology and Innovation Program and is responsible for the schools we have on fridays to teach capitol hill staff about cyber and Artificial Intelligence and todays genius, that would be ben buchanan, our go to guy when we teach those schools and he has been trying to teach me for a while. I have been the repeater of all time at some of those schools. Im getting it but i have an analog brain and i thank ben for his patients. Been is a global fellow and he will discuss his latest book right now called Meghan Bedsted to Meghan Bedsted to hackers have changed the world. Cyberoperations are intelligibly part of International Relations and the gap between the United States and other countries has narrowed considerably. Got that . Narrowed considerably. From north koreas efforts to hack for cash 1 million worth against the bank of bangladesh to russias malign activity, from disinformation to electric blackouts in ukraine there is plenty to talk about. Understanding how cyber tools are used is beens specialty. Also taking care of analog brains, i give them credit for that. He was a marshall scholar and received a phd from Kings College in london and he knows everything. Even more important, i already said this. As a former member of congress, that would be me, who tried to ensure our Technical Intelligence collection tools werent cumbersome, were legal and were regularly reviewed by experts to prevent abuses i really salute ben buchanan for the kind of teaching hes doing to help staffers who come here not knowing enough about the subject and not knowing each other and the contribution he has made is just colossal. My theory as i just hinted his politicians are analog but our problems are digital in the Wilson Center is trying to change that. Here to moderate, a conversation with ben buchanan the genius is courtney kube, a correspondent covering National Security and the military and has spent a lot of time reporting on the intelligence and digital issues we are discussing today, especially election interference. There is election interference and it means a lot to us that courtney we come here and take time from the endless conversation about our ongoing primary election. Thank you so much and over to you, enjoy, everybody. Thank you. Hopefully we will all learn a bit, but one thing, i got an early copy of this, one of the few people who have the luxury of being able to read the hacker and the state Cyber Attacks and the new normal of geopolitics the hacker and the state Cyber Attacks and the new normal of geopolitics. Since most people havent had a chance to read it. Can you give an overview . What is the thesis of the book . Guest too often we talk about hacking between nations as if it was hypothetical like nuclear war, something off in the distance. Cyber pearl harbor or cyber 9 11 and the thesis of this book is it is the wrong way to look at it. In fact hacking between nations happens every single day. It is not an extraordinary activity but a daily one, part of the way nations compete in the modern era of statecraft and project power. What i wanted to do was take the discussion that is often very academic, very hypothetical, very theoretical and make it very real and say these are the stories of how nations hack one another and this is what it means for the international system. Every chapter is a different way nations project power in cyberspace from tapping fiberoptic cables to hacking banks, to blackouts and beyond. I want to tell the stories of what actually happens every day. Guest many people, americans around the world see Cyber Attacks and even Cyber Espionage as potential for casualties, mass casualties, chaos but you are looking at the space in between, the gray matter of what happens in hacking every single day. Get into the specific and fascinating cases, how would you characterize a cyberattack on a nation. How does that generally look today . Waiting for a cyber attack with planes crashing in cities burning you miss the activities that matter most, that actually happen. We see persistent, pervasive espionage, United States, china, russia, all these nations used Cyber Capabilities as tools of espionage. In some circumstances we see attacks, we have seen two blackouts caused by Russian Hackers in ukraine and destabilization operations, election interference being the primary example of a nation saying we will use hacking tools to interfere in an adversarys election. The categories are espionage and stabilization. Almost everything fits into one of those buckets, very little involves casualties that almost all is supported. Host you would say the Cyber Attacks are more pervasive but less destructive than in the past . Guest yes, insidious harm that happens, it is closer to Climate Change than a forest fire. Host one of the major reasons nations hack one another is this endless struggle to dominate for domination over many, even domination over the world. Do you still believe that is true . And has hacking become harder to prevent than it was in the past . Guest not only it is it harder to prevent but nations are getting more aggressive. This is a study of what happened in the last 20 or so years in this hacking business between nations and we see nations Getting Better and being less if you look at russia, if you go back to the 15 years russia was known as a still the actor in cyberspace. In contrast to the chinese smash and grab burglars russia was going to be methodical, slow, would hide below the radar and what we have seen since then, they have gotten much more aggressive and capable. I mentioned the two blackouts in ukraine. Everyone knows about the election interference in 2016 but there are other cases too. Probably the most distractive cyber attack in history did Something Like 10 billion in damage around the world and that is the low end estimate perpetrated by russia. Not only are hackers Getting Better but also more aggressive. Host you mention ukraine, russia attacked the power grid in ukraine 201516. What do you believe russias goal was . Was it messaging . Was it messaging the rest of the world they had the capability . If it was for distractive measures they fell short of their goal. What is a markable about 201516 blackouts, the firstever publicly known blackouts caused by cyber attack is it appears the attackers did less damage, they held something back. It leaves the question what were they trying to do . If it wasnt an allout attack what were they trying to do . There are two possibilities, the first is this was some kind of test refining the capabilities for use down the line or it sends a signal that this is russia saying to ukraine or to the world we have this capability, this thing you all have long feared, causing a blackout with a cyber attack, we can do that and what is particularly remarkable about the 2016 blackout is the tool the russians deployed to carry out the attack was automated and more scalable and it seems could work against American Power systems with some modification and that may be a suggestion not just to the ukrainians but the americans, this is capability in our arsenal we are not afraid to use. Host did that allow the United States or other western nations the ability to put in some sort of preventative measure so it couldnt happen in the us . It up to some of the russians hand, showed how the russians would carry this out. Could they develop a different capability . Strongly possible. Can the United States learn from it . Certainly possible. One hopes when you see a hypothetical fear blackout becomes real, certainly election Grid Security gets a lot of attention in the United States. It isnt perfect but not all doom and gloom. Where making progress on the electric security front. Host something that gets a lot of attention is massive bank tax or anything that involves large financial implications. Congressman harmon mentioned bank hacking. Mentioned that case, there are details in the book i have never heard about. Guest it is a remarkable ambition the North Koreans have that this is a country that probably is the most isolated country on earth and one of the ways they aim to fix the problem, to get hard currency for the regime is to have other banks and their most famous hack is a hack against bangladesh, the central bank for the country where they aspire to steal upwards of 1 billion, they get access to the bank account to interact with the International Banking system and they initiate transfers from the new york fed where the bank had its money to accounts the North Koreans control. They made up 5 of transfers so the transfers were blocked and only got 81 million instead of 1 billion. I posit these might be the most expensive in history the North Koreans made. What is significant about that case is it show the ambition of north korea in the discussion of bank hacking stops right there. This is much Broader Campaign that north korea hacked other banks, less success, had crypto currency exchanges, with valuable crypto currencies. He hacked atms and withdrew the money in a decentralized way. Nowhere is it more truth than banking operations. Host it was statement sanctions. Guest this is a priority for the regime to raise currency and this is one way to do it. Host i was surprised he wrote, north korea operators, that opens up the question, if they are risk tolerant and do they have regime that doesnt care about International Norms and laws what do you think they could do next in the hacking world . Guest this is only a question. I dont want to say this is real but a hypothetical thing that has been raised is if north korea is comfortable deleting transaction laws and interfering with integrity of the Financial System, and interfering with the integrity of the Financial System to do damage and any banker will tell you these transaction records are at the core of modern Financial System and one worry, that north korea might come back not for the purposes of funding the regime but for the purposes of trying to punch back against the west in a crisis. Host you talk about cyberespionage. It is so illustrative of the cat and mouse game that exists in Cyber Espionage and he was called the byzantine candor. Guest it is an nsa could ever chinese hacking grew. Host essentially a spearfishing campaign in the early 2000s. Tell us how it started and how it evolved over time. Guest byzantine candor was part of a broader set of chinese operations, the nsa codename for this. And they were striking many targets across the United States defense establishment, to get access to american officials and pulling information back and what was striking was what the nsa did. The Intelligence Agency said we have to stop this. The nsa hacked the hackers, figured out the computers from which the chinese operatives, they hacked those computers, had the home network of chinese hackers, the broader pla network trying out these operations, hacked the Internet Company that was selling to the chinese their internet service, to confirm who was behind these activities and they got advanced information on the chinese operations to come and they use that information to go and be ready to defend against the attacks when the chinese show up. It shows as you said the cat and mouse game that happened in cyberspace, this is a daily competition. All of this was out of public view. On a secret, this is the daily competition between the United States and china that is endemic to how nations operate in cyberspace. Host there was a stretch how many years between the us was able to counterspy on china . Guest it unfolded for a year and this was one battle in a broader war, when espionage case in a Broader Campaign. And they did very good. And stop the chinese activity. There are many in which the chinese activity went uninhibited. I tell the story of a Chinese Campaign against military aviation, gaining plans for the c17 warplane which is a cuttingedge plane being built in the us, chinese pull out reams of information about this plane. The information is so extensive they cant transport it all even digitally back to china so they make lists of the filenames in the list go to thousands of pages and they took the names of the files and set of all the files we couldnt pull back or read, which ones are important and it gives a sense of the extensive reach of the espionage efforts. Host something i found interesting in the chinese example is these hot points the chinese use. Can you explain how that works and how the nsa was able to intercede or intervene . Guest what is fascinating it is all cat and mouse, spy versus spy and deception and one way the chinese were carrying out the deception is they would Hack Computers in thirdparty countries and they would hack the United States from those computers. With the nsa had to do where they hacked back, they had to hack thirdparty Computers First which had no idea things were happening on their systems and they went up stream and made their way to the Chinese Networks and it is not just the chinese the do this, every nation takes precautions to disguise its hand when carrying out Cyber Espionage, the United States and its allies have hot points as well, the russians have an extensive thing they were doing for a time where they would hack Satellite Phone communications and beam it down to africa because they thought russian intelligence agencies might not be looking for western intelligence agencies were looking. It is constant game of trying to hide your hand to get more freedom of operation. Host Something Else that was fascinating, not only was it an example of the nsa taking a very offensive role in this and it paid off in the end, it was successful for them but i was surprised by the characterization of the pla. It is a sort section. When ben buchanan describes the plas actions, the chinese hackers were sloppy at times, demonstrating lack of discipline and Operational Security and even logged in on personal email accounts to check the stock portfolios and watched pornography. Guest all true. There are two reason someone could be sloppy in this business, the first is everyone has a boss, everyone has a budget, you can imagine the chinese hackers have a boss who want them to hit more targets faster so they will be sloppy and take shortcuts. The second is they get bored, they get lazy and they decide the odds of us getting hot caught are exceptionally a, why not see how the market is doing or other activities. That is shows the human side of this business. We think of hackers as the canonical stock art with the person in the hoodie behind the keyboard but in this case the chinese were also checking their facebook profile. Host you focus on shadow brokers. Tell us about them and what you learned about shadow brokers. Guest they are the single biggest mystery in the world of Cyber Operations. Every author has the one story, every journalist has it as well and the shadow brokers are mine and i got pieces of the story, a fascinating story but we dont know all the details. We do now at some point in 2016 nsa tools, in credibly powerful hacking tools started appearing online. One of these tools was so powerful nsa operator told the Washington Post it looks like fishing with dynamite. We dont know where it came from. Just came from a Mysterious Group on twitter and other platforms, shadow brokers and it proceeded for about 11 months or so, continually posting and burning these nsa tools and then stopped. There are theories about who did it, why they did it. Many people guessed that it was russian intelligence, this was a way of taking arrows out of the nsa quiver and handing it to others but what is remarkable about this case is it led to devastating cyberattacks. And with other capabilities, the leaked nsa tools. One was the most restrictive cyber attack in history, 10 billion of damage. Through four years later we cant pin it down we dont know who did it and thats why its one of the most significant leaks of classified information ever. I think they made it clear that they wanted money. Was this just nothing more than a criminal enterprise . Thats certainly a that certainly is the degree. Shout a brokers talk about how the get paid enough money they would stop. 13 of the case that a former insider or former contractor who decided that this was something to do to try to get money and then disappear. Again, another theory is we see many