From Reagan's Cyber Plan To Apple Vs. FBI: 'Everything Is Up For Grabs'

Mar 22, 2016
Originally published on March 23, 2016 5:55 am

The heated debate between the FBI and Apple over the encryption of the iPhone used by Syed Rizwan Farook, one of the two people who massacred 14 people in San Bernardino in December, took an unexpected turn Monday when the FBI announced that a third party had come forward with a way to possibly unlock the phone without Apple's involvement.

Journalist Fred Kaplan tells Fresh Air's Terry Gross that the third party in question is "almost certainly a private security company that specializes in breaking into systems."

Kaplan, who writes about the history of cyberwar in his new book Dark Territory, has been following the Apple encryption debate closely in his Slate column War Stories. He says Apple's reputation for security made it "kind of inevitable" that a professional hacker firm would cooperate with the FBI in the effort to unlock Farook's phone.

But Kaplan speculates that the FBI may have some reservations about a third party's involvement in the issue. "My guess is ... they wanted to [proceed] with this court case where they thought they had a very good case to establish a new legal precedent for the FBI to get into these kinds of systems whenever they wanted," Kaplan says.

He adds that the case is about much more than Farook's phone. "I'm not really sure what they think is in this phone," he says. "My strong guess is that the phone has very little to do with it; it's the creation of a precedent for getting into other phones. In that sense, Apple's concerns have some validity."

Regardless of how the Apple encryption issue is resolved, Kaplan warns that we are increasingly living in an age of cyber vulnerability. "Our individual lives are out there on the net," he says. "It's there for anybody who has the talents and resources to pick it up. ... Everything is up for grabs."


Interview Highlights

On why Syed Rizwan Farook's phone is not necessarily a good example for the issue of cybersecurity and privacy

This is not a Fourth Amendment case. Not only did the county own the phone, but the county has given consent for the government to do whatever it wants with this phone. It's not a First Amendment case — it's not a privacy case, because the shooter is dead. You lose your privacy rights when you're dead.

It's not a good political optics case from Apple's point of view. This isn't some two-bit hustler or drug dealer. This is a mass murderer with alleged ties to an international terrorist organization. I don't know, to my mind, Apple has made a big mistake in pursing this as vigorously as they have. ...

I was talking last night with a former senior intelligence official, let's say, who put forth the theory that this outside party that's come up with a solution might, in fact, be someone put up by Apple, so they can avoid going to trial on this. I tend to doubt that. The consequences of that fact leaking would be devastating to Apple's commercial record, but it does give you a sense of how a lot of people in the industry, including I've found many people who agree with Apple on the principles, are puzzled why [Apple's CEO Tim] Cook is making such a big deal out of this test case, which they see as a bad case to propound his principles of privacy.

On Apple's past cooperation with the government

There have been about 70 occasions when Apple has submitted to requests or court orders by the Foreign Intelligence Surveillance Court to open up phones. This leads to a broader point, and a larger point about what this case is really about: Communications companies have cooperated or been complicit with law enforcement and intelligence going back nearly a century.

In the 1920s, a U.S. intelligence agency persuaded Western Union to give them access to every telegraph going in and out of the country. When telephones came along, there was a very active relationship with AT&T, both with the FBI and with the NSA to allow them to tap phones. In the Internet age, it's actually gotten even more interlocked.

If you're a company like, say, Microsoft or Cisco and you've got some products that you want to sell to the Defense Department, these products have to be vetted for security. Who vets them? A section of the NSA called the Information Assurance Directorate.

When Microsoft submitted its first Windows operating system to the NSA for vetting, this Directorate found 1,500 points of vulnerability. Then they helped patch a lot of these vulnerable points. Not all of them — they left a few open — so that when foreign governments or foreign entities bought this operating system, the NSA would know where to go hack them. Microsoft was fine with looking the other way on this. Even as recently as 2009 the Chinese hacked into Google's Chrome system, getting into its source code and the NSA helped Google patch up the flaw.

So what's really going on here, at bottom, is that the FBI wants to maintain this longstanding relationship, which was secret, pretty much secret, until Edward Snowden blew the whistle on it. They want to maintain this relationship, going into a new era of stronger encryption, whereas Tim Cook of Apple, who has long had misgivings about cooperating in general, wants to create a technology that disrupts, maybe even shatters this arrangement.

On how cyber defense was created, in part, because President Reagan saw WarGames, a 1983 movie about a teenager who unwittingly hacks into the main computer of the North American Aerospace Defense Command and almost triggers World War III

[Reagan is] up at Camp David on one of his five-day weekends in June of '83 and he watches a lot of movies. He watched WarGames. ... So Reagan's back in the White House the following Wednesday and there's a big national security meeting, not about this, it was about something else completely different. But at one point he puts down his index cards and he says, "Has anybody seen this movie WarGames?"

It had just come out, nobody had seen it. He launches into this very detailed plot description and people are looking around the room, raising their eyebrows, wondering "Where's this going?" So he turns to Gen. John Vessey who is the chairman of the Joint Chiefs of Staff and he says, "General, could something like this really happen?" And Vessey says, "I'll look into that Mr. President." And he comes back a week later and he says, "Mr. President, the problem is much worse than you think." This led, nine months later, to the writing of the first presidential directive on telecommunications and computer security. But then it took a side road.

As it happened, and as you might think is logical, the NSA essentially took over the writing of this directive and they wrote it so that the NSA would be in charge of setting security and standards for all computers in the United States, not just the government but everybody's. Well there were a number of people on Capitol Hill who didn't like that, so they changed it, but that was where it began.

If you read this directive ... it elevated cybersecurity, as it was later called, to a national political level. It raised the first tensions between privacy and national security, at least in this realm. It generated the first active struggles between the NSA and other agencies and branches of government. And so, the [stories] that we are seeing unfold in today's newspapers got their start with this bizarre incident watching WarGames and then asking a question that made everybody in the room roll their eyeballs.

On a hack into Sheldon Adelson's casino network

In 2013 in a public forum, Obama's nuclear talks with Iran had just begun, and [Adelson] was asked what would you do about this? And he said, "My idea is to drop a nuclear bomb in the Iranian deserts and say, 'There. See that? This is what's going to happen to you if you maintain a hard line on these nuclear talks.' "

A few months later, in February of 2014, he fell victim, his whole hotel chain, fell victim to a massive cyberattack by the Iranian government and they wiped out hard drives, they hacked into Social Security numbers, to bank accounts, to client accounts, and they put up on the screens, "This is what happens when you talk about using weapons of mass destruction." The interesting thing about this attack, well first of all, this guy, he ran a $20 billion casino industry, his cybersecurity staff consisted of five technicians at the time. The second interesting thing about this is if you hack into a casino, you could steal a lot of money, right? These guys did not steal a dime. They didn't touch a dime. They were interested in sending a message, and in protesting a political statement.

So you could see this attack as the first instance when cyberweapons were used not for espionage, not to steal trade secrets, not for hacking into military networks and achieving some kind of advantage in future war, but to send a political message, to object to someone's politics. This was more famously followed just a few months later by North Korea's hack into Sony Pictures for putting out a movie that insulted their leader, Kim Jong-un. So this shows that we're entering a new phase of cyberwar, when anybody can be a target and for any number of purposes. It has become a tool of international relations broadly speaking.

On the NSA's "intrusive powers"

When the Chinese hacked into the federal employment records and the personnel records and made off with tens maybe hundreds of thousands of records of government personnel, Jim Clapper, the director of national intelligence, was asked about this attack in a hearing, a congressional hearing, and he said, "Well, I don't know if it was an attack. It was more an act of espionage, similar to the kinds of things we do too." ...

The Snowden revelations made a big splash probably more abroad than here, but here as well, because it seemed that the NSA was hacking into domestic communications as well. ...

What these people could do if all the legal restrictions were dropped. They just have amazingly intrusive powers. They can get into any network they want to get in — in fact this Apple case, if the NSA saw that this phone represented a national security threat, if there was something in this phone that they needed to get right away, the NSA could hack into this phone without Apple's cooperation. ... The fact that the NSA is not doing this, at this moment, they would have to go get something signed by the attorney general to do it, but the fact that they're not doing it suggests that they don't regard this phone as continuing anything that's terribly useful.

Copyright 2016 Fresh Air. To see more, visit Fresh Air.

Transcript

TERRY GROSS, HOST:

This is FRESH AIR. I'm Terry Gross. There's been a surprising turn in what was shaping up to be a big test about the government's right to order a tech company to enable the FBI to unlock a cellphone or device and access information. And it's coming at the same time as the new terrorist attack in Belgium. The FBI had asked Apple to enable the agency to access information on the iPhone used by Syed Farook, one of the two terrorists who massacred 14 people at a holiday office party in San Bernardino last December. This case was expected to go to the Supreme Court and have lasting effects on determining the balance between privacy and security. But yesterday, the FBI said a third party had come forward with a way to unlock the phone. The Justice Department said it would file a report by April 5 on the FBI's progress.

My guest, Fred Kaplan, has been writing about this case in his Slate column "War Stories." And he's the author of the new book "Dark Territory: The Secret History Of Cyber War," which we'll talk about in a few minutes. Kaplan's other books include "The Wizards Of Armageddon," an inside history of nuclear strategy, and "The Insurgents: David Patraeus And The Plot To Change The American Way Of War." He was a reporter for The Boston Globe for about 20 years.

Fred Kaplan, welcome back to FRESH AIR. Before we talk about this new development in the conflict between the FBI and Apple, let's talk about what the conflict is about.

FRED KAPLAN: Right. Basically, the FBI wants Apple to open up this phone that belonged to the San Bernardino terrorist who launched the mass murder on an office building, killing 14 people. They don't want them to open up the phone. They understand the complications of that, but they discovered a security layer in the phone that if somebody tries to type the pass code incorrectly 10 times, all the data on the phone is erased.

So the FBI is saying, look, we just want you to alter that security layer so that, you know, you can try a thousand times or 10,000 times before the data are erased. And then we'll come in - or you can do this because there's commercial software that you can do this - come in and apply what's called brute force to the problem, just, you know, throwing a thousand passwords per second at this thing, and it'll eventually open it up. But Apple is saying, no, we can't do this because it'll undermine the security of this phone and all other phones, and you're violating our First Amendment rights by compelling us to write new code, that this is a violation of free speech - compelled speech they called it.

There's a big technical argument of whether - whether any of these arguments have legitimacy. I think that what's really going on here has very little to do with the phone in particular. It has to do with the century-long tradition of compliance between telecommunications companies and law enforcement and the intelligence community. The FBI is trying to create a new legal precedent that will carry over this tradition into a new age of tighter encryption, and Apple wants to disrupt this tradition.

GROSS: Well, before we get to what the larger implications are and what kind of test case this will be if it ends up going to the Supreme Court, let's get back to where we are right now and what we know right now. And right now, it looks like this might not be a test case, that this might be circumvented because the FBI says it has a third-party, an outside party, who says that it can help the FBI find a pass code way into this phone. So does anyone have any idea who this third party might be?

KAPLAN: I think a good guess can be made. It's almost certainly a private security company that specializes in breaking into systems. There are dozens...

GROSS: Do we mean professional hackers here?

KAPLAN: Yeah, I do. That - there are - there are dozens of companies - in the trade, it's called zero-day exploits; in other words, people who find vulnerabilities in computers, telephones, operating systems and so forth that have never been discovered before. In the world of espionage and crime, zero-day exploits are valuable commodities. There are companies that pursue them assiduously, and they are paid handsomely by intelligence agencies, foreign and domestic, and by criminal organizations.

Well, some of these companies are quite legitimate, and they don't deal with foreign intelligence or with criminal organizations, but some of them are rather dark.

But, you know, you can imagine how it works. It's valuable for the companies themselves. Somebody who takes a look at this and says, here, you've got a serious security hole in this problem. And they say, thank you very much. Here's $100,000. Or the same thing - the NSA has people that do this, too, but they can't be everywhere all at once. So I've been told that - you know, imagine this. The FBI says, oh, the Apple phone is so tight we can't break into it without Apple's cooperation. Apple says, we are the tightest organization in the world. Our entire brand depends on being totally secure. Well, if you're somebody who works in one of these professional hacker firms, you're saying, let me give this a try. And it was kind of inevitable that someone came up with a solution.

My guess is - and it's just a guess at this point - the FBI is not pleased about this. They wanted to pursue with this court case where they thought they had a very good case to establish a new legal precedent for the FBI to get into these kinds of systems whenever they wanted. They would rather do it legally, but it's a funny thing. The 1789 law that allows them to ask a company to help them do this, there's one - there are a few exceptions that a company can cite in obeying this law. And one of them is that if there is any other way that the government can get into the system without calling on them to cooperate, the government has to pursue that other way. So the FBI is kind of trapped. They have to break in - they have to see if this professional hacker solution works. And so the court date, which I believe was going to be this week, is put off until April 5 when FBI is supposed to come back and say whether it worked or not.

GROSS: You know, it's funny. What on the surface seems like a real victory, like there's going to be away into this phone for the FBI, is in a way kind of a defeat for both parties. If the FBI wanted to use this as a test case and now it might not become one, that's kind of bad for the FBI. As far as Apple goes, if there were professional hackers who found a way around the pass code system, then it undermines Apple's sense of, like, we have extraordinary security. No one will ever be able to break in.

KAPLAN: Yeah, that's right. They sort of asked for it. No, yeah - looking at it, these guys know what the digital landscape looks like. They should've anticipated that this would happen. I think the FBI didn't anticipate that Apple would put up such a fierce fight against their order. And maybe Apple really believes their own hype. Maybe they believe that other hackers out there can't get into their wares.

GROSS: Well, let's get back to this court case because it might end up going to the Supreme Court. We don't know yet if this will end up being a test case or not. We don't know yet whether this third party really has a solution that will unlock the phone.

KAPLAN: That's right.

GROSS: So where things stand now is that the FBI took this case to court. A magistrate judge ordered Apple to comply with the FBI, which meant - what? - that the judge ordered Apple to write software that would enable this phone to instead of having, say, 10 pass code tries before all the information is erased, the FBI could try, like, a hundred or thousand or a million or 2 million tries before all the information on the phone was erased.

KAPLAN: Right, or - or - or some solution that would - that would get around the current security code.

GROSS: OK. So Tim's Cook's response to the judge's order was what?

KAPLAN: Oh, well, he made a few responses. One was that this violates our First Amendment right, that he likened writing code to free speech, and the government was demanding compelled speech. And there were other arguments equally oblique and obscure.

You know, one problem that we have here is that all of the case history and legislative history for these kinds of issues antedates the age of the Internet and smartphones and things like this. It is - if some real law is going to be created on this, it will have to go to the Supreme Court, which will have to decide how the First Amendment, Fourth Amendment and Fifth Amendment are - can be applied to this new era, how they should be applied. As you know, the Supreme Court and courts in general tend to avoid these kinds of big, big, precedent-setting issues. They would rather settle this on as narrow a finding as possible, and both the FBI and Apple - assuming that this does go forth in the courts - are both deliberately making it very hard for them to do so.

GROSS: In terms of how the Fourth Amendment, about search and seizure, applies to this case between Apple and the FBI, it kind of doesn't apply because...

KAPLAN: Yeah.

GROSS: ...The phone was actually owned by the county of San Bernardino and not by Syed Farook. So can you discuss the implications of that in this case?

KAPLAN: Right. This is not a Fourth Amendment case. Not only did the county own the phone, but the county has given consent for the government to do whatever it wants with this phone. It's not a First Amendment case. It's not a privacy case because the shooter is dead. You lose your privacy rights when you're dead. It's not a good political optics case from Apple's point of view. This isn't some, you know, two-bit hustler or drug dealer. This is a mass murderer with alleged ties to an international terrorist organization.

So I don't know. To my mind, Apple has made a big mistake in pursuing this as vigorously as they have. And in fact, I was talking last night with a former senior intelligence official, let's say, who put forth the theory that this outside party that's come up with a solution might in fact be someone put up by Apple (laughter) so they can avoid going to trial on this. I tend to doubt that. The consequences of that fact leaking would be devastating to Apple's commercial record. But it does give you a sense of how a lot of people in the industry, including - I've found many people who agree with Apple on the principles are puzzled why Cook is making such a big deal out of this test case, which they see as a bad case to propound his principles of privacy.

GROSS: So if this case that we've been talking about does not become a test case because the FBI ends up going with a third party who successfully gets into the iPhone of Syed Farook, do you think that the FBI will be looking for another test case to give it legal authority to go to a tech company and say, we need your help in breaking into the phone of a terrorist?

KAPLAN: Yes, definitely because they don't want the premise of this arrangement to change. They want it to be the assumption that the government has the right to come in and ask for these things, except under certain circumstances, rather than the government really doesn't have the right to ask for this stuff, except under certain circumstances. So, yeah, they'll be looking for another legal way into this.

GROSS: What do you think the FBI hopes to get from Syed Farook's cellphone that it doesn't already have? It already has the metadata from the phone. In other words, it already knows who Syed Farook called and, I assume, who called him.

KAPLAN: Right. That information, which is called metadata, is - those are ordinary, normal, routine business records held by the phone companies, you know, Verizon or whatever phone service he was using. And they already have that, and in fact, the director of the NSA has said in a public interview that the metadata showed no contact with a foreign number calling into or called from that phone. So again, I'm not really sure what they think is in this phone. My strong guess is that the phone has very little to do with it. It's the creation of a precedent for getting into other phones. So in that sense, Apple's concerns have some validity.

GROSS: Because if the FBI gets into this phone, it's a precedent.

KAPLAN: Because if they can - yeah. If they create a precedent for getting into this phone, they can use that as a precedent for getting into others.

GROSS: If you're just joining us, my guest is Fred Kaplan. He's been covering national security for many years. He writes the "War Stories" column for Slate, and now he has a new book, which is called "Dark Territory: The Secret History Of Cyber War." We'll be back after this short break. This is FRESH AIR.

(SOUNDBITE OF MUSIC)

GROSS: This is FRESH AIR. And if you're just joining us, my guest is Fred Kaplan. He's been writing about national security issues for years. He wrote that 1983 book "The Wizards Of Armageddon," which is about the scientists who actually created the nuclear weapons and the policy people who created the policies around them. His new book is called "Dark Territory: The Secret History Of Cyber War." He writes the "War Stories" column for Slate. So has Apple cooperated with the FBI in the past?

KAPLAN: Yeah, there have been about 70 occasions when Apple has submitted to requests or court orders by the Foreign Intelligence Surveillance Court to open up phones. And this leads to a broader point and a larger point of what this case is really about. Communications companies have cooperated or been complicit with law enforcement and intelligence going back nearly a century.

In the 1920s, a U.S. intelligence agency persuaded Western Union to give them access to every telegraph going in and out of the country. When telephones came along, there was a very active relationship with AT&T both with the FBI and with the NSA to allow them to tap phones. In the Internet age, it's actually gotten even more interlocked. If you're a company like, say, Microsoft or Cisco and you've got some products that you want to sell to the Defense Department, these products have to be vetted for security. Who vets them? A section of the NSA called the Information Assurance Directorate.

When Microsoft submitted its first Windows operating system to the NSA for vetting, this directorate found 1,500 points of vulnerability. Now - then they helped patch a lot of these vulnerable points - not all of them. They left a few open so that when foreign governments or foreign entities bought this operating system, the NSA would know where to go hack them. And Microsoft was fine with looking the other way on this. Even as recently as 2009, the Chinese hacked into Google's Chrome system, getting into its source code. And the NSA helped Google patch up the flaws.

So what's really going on here, at bottom, is that the FBI wants to maintain this long-standing relationship, which was secret - pretty much secret until Edward Snowden blew the whistle on it. They want to maintain this relationship going into a new era of stronger encryption, whereas Tim Cook of Apple, who has long had misgivings about cooperating in general, wants to create a technology that disrupts, maybe even shatters this arrangement.

GROSS: So just so I understand this relationship that the NSA has had with tech companies in the past is that with new products that the NSA wanted to use, their people would help find the vulnerabilities in the system so that the NSA could then help patch those vulnerabilities. But they'd leave a couple of those vulnerabilities open as backdoors. These are the famous backdoors we've heard so much about so that the NSA, if necessary - if they deemed it necessary could go in and access information.

KAPLAN: Yes, that's right.

GROSS: I think it's sometimes difficult to read public opinion on a case like this because on the one hand, I think most people it's, like, do what you need to do to stop those terrorists. And on the other hand, it's, like, we want our privacy. Do not invade our privacy. And between last night and today, we've learned the news not only of this change in the FBI-Apple story but also in the terrorist attack on Brussels.

KAPLAN: Right.

GROSS: And I'm wondering if you think that that terrorist attack is going to have any influence on how this particular case between Apple and the FBI is perceived.

KAPLAN: I think it does. And I think the Paris case did as well. There are stories out there that the terrorists used encrypted technology to communicate with each other. I don't know if that's true. If it is true, that makes the FBI's general argument for wanting ways around encryption, it makes it very strong - much stronger. And also yeah, you're right. If it turns out that well, wait a minute, Apple's stuff isn't quite as completely secure as they have boasted, well, then what does it matter if the government comes in or if some professional hack comes in? So yeah, I think the developments in the news on both sides - the new development in the Sony case and the greater urgency when it comes to matters of terrorism - don't help - don't help Apple at all politically or legally.

GROSS: My guest is Fred Kaplan. He writes the "War Stories" column for Slate. After a short break, we'll talk about his new book, "Dark Territory: The Secret History Of Cyber War." I'm Terry Gross, and this is FRESH AIR.

(SOUNDBITE OF MUSIC)

GROSS: This is FRESH AIR. I'm Terry Gross, back with Fred Kaplan, author of the new book "Dark Territory: The Secret History Of Cyber War." It sheds some light on a subject surrounded by secrecy by explaining the debates and evolving policies on cyber war or reporting on cyberattacks and counter attacks and examining the complicated relationship between the government and telecom and tech companies. Kaplan writes that many large corporations were slow to recognize the importance of cybersecurity.

So in writing about how a lot of businesses were slow to take cybersecurity threats seriously and didn't want to spend the amount of money that it would take to have really secure computer operations, you write about a hack into Sheldon Adelson's casino network. And he owns three really big casinos - The Sands - wait, name what they are.

KAPLAN: He owns the - he's a majority stockholder in the Las Vegas Sands corporation, which owns the Venetian, The Palazzo and a sister resort called The Sands in Bethlehem, Pa. So...

GROSS: And I should say he's also famous as being very wealthy, a staunch supporter of Israel and giving a lot of money to politicians who share his views.

KAPLAN: Right. In 2013, in a public forum, Obama's nuclear talks with Iran had just begun. And he was asked what would you do about this? And he said, I would - my idea is to drop a nuclear bomb in the Iranian desert and say there, see that? This is what's going to happen to you if you maintain a tight - a hard line on these nuclear talks.

Well, a few months later, in February of 2014, he fell victim - his whole hotel chain fell victim to a massive cyberattack by the Iranian government. And they wiped out hard drives. They hacked into Social Security numbers to bank accounts, to client accounts. And they put up on the screens this is what happens when you talk about using weapons of mass destruction.

Now, the interesting thing about this attack - well, first of all, this guy - he ran $20 billion casino industry - his cybersecurity staff consisted of five technicians at the time. The second interesting thing about this is that, you know, if you hack into a casino, I mean, you could steal a lot of money, right? These guys did not steal a dime. They didn't touch a dime. They were interested in sending a message and in protesting a political statement.

And so you could see this attack as the first instance when cyber weapons were used not for espionage, not to trade - to steal trade secrets, not for hacking into military networks and achieving some kind of advantage in a future war but to send a political message, to object to someone's politics. This was more famously followed just a few months later by North Korea's hack into Sony Pictures for putting out a movie that insulted their leader, Kim Jong Un. So this shows that we're entering a new phase of cyber war when anybody can be a target and for any number of purposes. It has become a tool of international relations broadly speaking.

GROSS: And in the Sony hack, one of the things that the people who did the hack accomplished was embarrassing leaders of Sony by making private emails public. So...

KAPLAN: That's right.

GROSS: ...It's interesting that, like, embarrassment becomes just, like, part of the attack, part of the goal of the attack.

KAPLAN: That's right. And another interesting thing about the Sony attack - this is the only instance of all the hacks that have been done against banks, against the Pentagon, against defense industries, this was the first instance where the president of the United States went on national television and said that we consider this a major attack and will retaliate against it in a matter and time of our choosing, which seems - you know, who would've thought that this kind of attack would animate a president to make a statement like this? But, you know, what was said afterwards by other officials is that, you know, this may just be a stupid movie, but it is free expression. It speaks to our values. It is what we are as a society. And it has - we have to signal our determination to stop these kinds of attacks.

GROSS: We've been talking about cybersecurity and cyber war. The United States has launched cyberattacks. We've had attacks launched against us. But some of the cyberattacks that we've launched, I don't think many people know about it. As an example, you wrote about how a cyberattack was used in 2007 in Iraq. And you say this was, like, four years into the Iraq War when U.S. forces were starting to make headway. And the official story credited the turnaround to President Bush's troop surge and Gen. Petraeus' adoption of counterinsurgency strategy. But at the same time, there was a cyber-war campaign going on that helped a lot. What was that campaign?

KAPLAN: Right. At some point in 2006-2007, special operations forces were capturing insurgent computers. And so the NSA came over to Iraq. Over a period of a few years, there were 6,000 NSA analysts in Iraq. Twenty-two of them were killed while going out on expeditions by roadside bombs. And what they did - they hacked into the computers, they got the passwords, they got the e-mail lists, and they brought over linguists as well. And so they would type a message to all receivers on somebody's list and say - you know, it'd say something like let's meet at such and such a place tomorrow at 4 o'clock. And when they all got there at 4 o'clock, there waiting for them would be a bunch of U.S. operations forces who would kill them or, you know, drones could watch insurgents laying roadside bombs, and they could follow them. But before the NSA came over there, this information would go back to Washington and then that would be funneled to Fort Meade headquarters and then back to the Pentagon. And by the time it got back to Iraq, 16 hours will have passed. Well, with the NSA on the ground, this could be processed in one minute, and they could be directed to kill those insurgents. So in those two ways, in 2007, about 4,000 insurgents were killed. And this put a huge dent in insurgence operations and their command control, in the trust they had within each other. You know, they would get a message let's meet tomorrow at 4 o'clock, and they would say who's sending this? Is this really our guys, or is it the Americans doing this? And it rattled their cages and unraveled their operations for quite a while.

GROSS: If you're just joining us, my guest is Fred Kaplan. And his new book is called "Dark Territory: The Secret History Of Cyber War." Let's take a short break and then we'll be back. This is FRESH AIR.

(SOUNDBITE OF MUSIC)

GROSS: This is FRESH AIR. And if you're just joining us, my guest is journalist Fred Kaplan. He writes the "War Stories" column for Slate. He's been covering national security for decades, and his new book is called "Dark Territory: The Secret History Of Cyber War."

Your book starts with the very beginnings of cyberdefense, with President Reagan and, believe it or not, the 1983 film "WarGames" starring Matthew Broderick. This is a great story that's been starting to make the rounds ever since your book was published. So the story begins with Reagan watching the 1983 movie "WarGames." And then what?

KAPLAN: Well, yeah, he's up at Camp David on one of his five-day weekends in June of '83, and he watches - yeah, he watches a lot of movies. He watched "WarGames." You're just - to remind people, this was the movie where Matthew Broderick plays this tech whiz teenager who unwittingly hacks into the main computer of the North American Aerospace Defense Command and, thinking that he's playing a new online game called "Global Thermonuclear War," almost triggers World War III.

So Reagan's back in the White House the following Wednesday, and there's a big national security meeting - not about this. It was about something else completely different. But at one point, he puts down his index cards and he says, has anybody seen this movie "WarGames"?

It had just come out, nobody had seen it, so he launches into this very detailed plot description. And people are, you know, looking around the room, raising their eyebrows, wondering, where is this going? And so he turns to Gen. John Vesi, who is the chairman of the Joint Chiefs of Staff, and he says General, could something like this really happen?

And Vesi says, I'll look into that, Mr. President. And he comes back a week later and he says Mr. President, the problem is much worse than you think. And this led, nine months later, to the writing of the first presidential directive on telecommunications and computer security.

But then it took a side road. As it happened, and as you might think is logical, the NSA essentially took over the writing of this directive. And they wrote it so that the NSA would be in charge of setting security and standards for all computers in the United States. Not just the government, but everybody's.

Well, there were a number of people on Capitol Hill who didn't like that, so they changed it. But that was where it began. That was - if you read this directive - and it's been declassified since. It's called NSDD 145. It reads a lot like the things you read now.

You know, our computer systems are coming under attack, they're vulnerable to electronic interference. This could be done by foreign agents, by criminals, by terrorists - I mean, (laughter) it's this same thing that we're reading over and over.

But it laid out the argument, it elevated cybersecurity, as it was later called, to a national, political level. It raised the first tensions between privacy and national security, at least in this realm. It generated the first active struggles between the NSA and other agencies and branches of government.

And so, you know, the story that we're seeing unfold in today's newspapers got their start with this bizarre incident of Ronald Reagan watching "WarGames" and then asking a question that made everybody in the room roll their eyeballs.

GROSS: So when did they fix that vulnerability so that you couldn't, like, randomly dial numbers and end up tapping into Defense Department computers?

KAPLAN: Well, you know, back in those days that's how computers worked. They were on phone modems. They don't work on phone modems now, but you can still hack into networks. You know, when the Pentagon plays war games where - you know, military exercises where they test the command control of their systems, you know, their security - can somebody hack into our command control?

And once you're hacked into a network, you can shut it down, you can throw in false messages, you can really make a mess. And every time they've played a game like this, the intruder gets in. The red team gets in every single time.

GROSS: OK, that's not good (laughter).

KAPLAN: No, it's not good.

GROSS: So how...

KAPLAN: ...In fact, this is kind of an interesting - this is something that I learned after I wrote the book, so it's not - this is like bonus material for the DVD - book. The Navy is now teaching its sailors on ships to use a sextant to navigate by the stars just in case, during a war, someone hacks into the data link with the GPS satellites.

That's sort of the condition that we're in. We're having to go back and retrain for early 20th-century techniques because the military, too, is - our whole qualitative advantage is built on systems that are hooked up to computer networks. And if that's - if those are hacked, they're going to find it much harder to know where they are, much less to fight a battle in an area.

GROSS: So something else about U.S. cyberattacks that I found really interesting from your book was that in the early '90s during Desert Storm or Gulf War I, after Iraq invaded Kuwait and we went to war, Gen. Schwarzkopf said we're going to take out Iraq's eyes and ears, you know, so that they can't use any of their technology to - not only to spy on us, but to know where their own planes were and - take out all their communications.

And Schwarzkopf meant we're going to bomb them. We're going to bomb the - all the telecommunications centers. But the cyber people within the Bush administration - and this is the first Bush - were saying well, you can do this through cyberattacks. Would you talk about the kind of dispute that happened within the Bush administration about whether it should be bombs or cyberattacks that took out their telecommunications?

KAPLAN: Right. In the lead up to that war, nobody in intelligence or military really knew much about Iraq, knew much about Saddam Hussein. So there was this interagency intelligence committee created within the Pentagon that had some NSA officials in it as well, and they found out everything.

And one thing they found out was that Saddam Hussein had laid fiber optic cable all the way down to Bosra and then into Kuwait City when he invaded Kuwait. And he would use that to communicate with his generals, tell them what to do.

At the time, the U.S. government did not know how to penetrate fiber optic cable. They do now, but at the time they didn't, so they went to the manufacturer, the European manufacturer who had made and laid this fiber optic cable. They told U.S. intelligence where the switches were on this cable.

And so the first night of bombing, among the targets hit were the switches. At that point, Saddam Hussein had to go to his backup means of communication, which were through microwave signals. And waiting for this development, waiting - orbiting right overhead was a new, top secret spy satellite which intercepted microwave transmissions.

And so because of this, the U.S. was able to follow everything that Saddam Hussein and his generals were saying, doing, where they were going. And, you know, that's one reason why the ground portion of the war only took four days, is because this bit of intelligence was known.

Now there were other things - at various points, the U.S. had to do certain things, and it would be good if this was not detected by the Iraqis. There was one moment when they made an enormous flanking movement off - they were going to invade from the side, and they had to keep secret the movement of these troops. And they wanted to turn off a radar station, an Iraqi radar station, for 24 hours.

They didn't need to bomb it and probably kill people. They just needed it to be turned off. And they had a proposal to do this through cyber means, and Schwarzkopf said no, I want to bomb it.

And it went to the secretary of defense, who was Dick Cheney, who - like many other officials - had never used a computer. And he asked them, well, what is the - what are the odds that your idea for doing this will succeed? And, you know, they really didn't know. They couldn't say, whereas, you know, the chance that a bomb would destroy it was pretty sure. So they went with a bomb.

So this campaign was a very early instance of what might be called proto-cyber war, but it was still in an unknown state. People didn't quite trust it yet, but it did show that - the campaign did show that doing something like this to manipulate Saddam's communications, what later was called information warfare and then later became known as cyber warfare, that it would work. It could have some application in a real war.

GROSS: Well, I'll tell you what. Let's take a short break here, and then we'll talk more about cyber war and cybersecurity. My guest is Fred Kaplan. He's the author of the new book "Dark Territory: The Secret History Of Cyber War," and he writes the "War Stories" column for Slate. We'll be right back. This is FRESH AIR.

(SOUNDBITE OF MUSIC)

GROSS: This is FRESH AIR. And if you're just joining us, my guest is journalist Fred Kaplan. He writes the "War Stories" column for Slate. He's been covering national security for decades. And his new book is called "Dark Territory: The Secret History Of Cyber War." So let's go back to where we started this interview about the case between the FBI and Apple. I think a lot of Americans feel kind of caught in the middle on this one because on the one hand, people don't want to feel like they're under surveillance by the FBI or the NSA. On the other hand, the tech companies already have so much information on us. They have our IDs. They have our Social Security numbers. They have all this information about where we shop and who we're in contact with and what photos we have, what our likes and dislikes are. And I wonder if you want to reflect on that at all.

KAPLAN: Yeah, well, it is true. I mean, one thing that this latest development in the Apple case brings to light once again is that there is no such thing as a perfectly closed black box that nobody can hack into. Everything is hack able. I think in the United States, there's sort of a resigned acceptance of this now. I mean, think of all the times that you have scrolled down, you know, 10,000 words of agreed language that you have neither read nor agreed to and yet checked the I agreed box just so you can get to the program that you want to use. We kind of accept this.

And when it leads to disasters of one sort or another, we're shocked. But there's no reason to be shocked.

I mean, I'm thinking of the instance when the Chinese hacked into the records of the Office of Personnel Management and stole away, you know, everything about tens of thousands or 100,000 government employees. And, you know, James Clapper, the director of national intelligence, was asked at a congressional hearing about this cyberattack. And he said, well, I don't know if this is an attack really. It's more an act of espionage, very similar to the kinds of things that we do as well. So this is really a part of modern life. This is an inherent feature of the age when everyone and everything is online.

The Snowden revelations made a big splash probably more abroad than here but here as well because it seemed that the NSA was hacking into domestic communications as well. And I write one chapter about a commission that President Obama appointed to investigate these charges of abuse and to suggest reforms. And one conclusion they came up with was that - well, in terms of actual abuse, there seems to be very little. I mean, the NSA is not using its amazing powers of intrusiveness to, you know, track down political dissidents in America or antiwar activists or people of another party or even people who are just American citizens if they knew that they were American citizens. However, they also warned that there is a tremendous potential for abuse.

And after the commission's report came out, one of its members - Geoffrey Stone - who's a law professor at the University of Chicago, who's written books about what happens to the First Amendment during wartime - he was invited to go give a speech at NSA headquarters in Fort Meade about, you know, the lessons that he'd learned and what he would recommend going forward. And he said, you know, when I came to this commission - I'm a civil libertarian - I thought based on what I'd read in the papers that the NSA was a rogue agency. I realize now that's not true, that there are very good people. You're basically following your political master's orders. You make mistakes, but that's what they basically are, mistakes. They're not systematic violations of the law.

So the American people - you deserve the American people's respect, but you do not deserve their trust. We should not trust what you are doing. The need for outside monitoring is immense because what these people could do if all the legal restrictions were dropped - they just have amazingly intrusive powers.

GROSS: So after writing your book about cyber war, did you change the security of your personal computers?

KAPLAN: (Laughter) Yeah, a little bit. But, you know, here's the thing about that - and people have asked me this question - what you do? What should I do? If all you're worried about is some criminal or mischief maker hacking into your computer and, you know, stealing your Netflix account number or getting into your banking account or something like that, there are things you can do. You know, it's the equivalent of getting a better lock for your front door, putting in a burglar alarm, that sort of thing. But if somebody really wants to come after you, if somebody really wants something that you have and they're really good at it - and especially if they have the resources and wherewithal of a nation state, there's really not much you can do about it.

GROSS: Well, Fred Kaplan, thank you so much for coming back to FRESH AIR.

KAPLAN: Oh, thank you.

GROSS: Fred Kaplan writes the "War Stories" column for Slate and is the author of the new book "Dark Territory: The Secret History Of Cyber War." Tomorrow on FRESH AIR, how the presidential primary process became the long confusing, inconsistent process that it is and what the process might be if the Republicans have a brokered convention. We'll talk with Elaine Kamarck, author of the book "Primary Politics." She's on the Harvard faculty, is a senior fellow at the Brookings Institution and was on the commission that created Democratic superdelegates. I hope you'll join us.

(SOUNDBITE OF MUSIC)

GROSS: FRESH AIR's executive producer is Danny Miller. Our interviews and reviews are produced and edited by Amy Salit, Phyllis Myers, Ann Marie Baldonado, Sam Briger, Lauren Krenzel, John Sheehan, Heidi Saman, Therese Madden and Thea Chaloner. Transcript provided by NPR, Copyright NPR.