STRIKING BACK i ii STRIKING BACK The End of Peace in Cyberspace – And How to Restore It Lucas Kello YALE UNIVERSITY PRESS NEW HAVEN AND LONDON iii Copyright © 2022 Lucas Kello All rights reserved. This book may not be reproduced in whole or in part, in any form (beyond that copying permitted by Sections 107 and 108 of the U.S. Copyright Law and except by reviewers for the public press) without written permission from the publishers. For information about this and other Yale University Press publications, please contact: U.S. Office: [email protected] yalebooks.com Europe Office: [email protected] yalebooks.co.uk Set in Adobe Garamond Pro by IDSUK (DataConnection) Ltd Printed in Great Britain by TJ Books, Padstow, Cornwall Library of Congress Control Number: 2022939727 e-ISBN 978-0-300-25253-8 A catalogue record for this book is available from the British Library. 10 9 8 7 6 5 4 3 2 1 iv CONTENTS I ntroduction: The Evolving Menace of 1 Technological Aggression 1 Technological Revolution in Historical 21 Perspective: Lessons for Our Times 2 Cyber Legalism: The Limits of Law and Norms 45 3 Challenger States: Revisionism in the 63 International System 4 Russia and New Technological Threats to 75 Democracy 5 China and Cyberspace: The Rising Technological 104 Hegemon 6 The Dimensions of Current Strategy: To Deter 124 or Not to Deter? 7 Punctuated Deterrence: How to Strike Back 141 8 What Kind of NATO? Punctuated Deterrence 160 in Practice 9 Data Embassies and State Continuity: The Return 174 of Denial? 10 Conclusion: A Partial Restoration of Peace 203 Notes 211 Bibliography 248 Index 266 v vi INTRODUCTION The Evolving Menace of Technological Aggression 1972: PRELUDE TO OUR TIMES Markus Wolf, the Stasi’s chief of foreign activities, needed one thing to execute his plot: a viable target for bribery and blackmail among West Germany’s poli- ticians. It was the spring of 1972, a turning point in Cold War relations. Willy Brandt’s election as chancellor three years earlier had produced a relaxation of tensions in Europe under the mantle of Ostpolitik. Brandt’s signature foreign policy delivered notable spoils to the Communist bloc: a non-aggression treaty fixing the location of contested borders in Eastern Europe, formal recognition of Poland, commercial ties that could fuel economic growth, and a cross- border transit agreement. A calmer and stabler continent on which to pursue greater integration and arms reduction was in the offing. Gone were the decades of intense standoff, not least over the troubled status of West Berlin.1 Wolf and his political masters worried, however. Spoilers in the Bundestag threatened to ruin the mood of conciliation and deny Communists their prizes. Chief among them was Bundestag opposition leader Rainer Barzel of the Christian Democratic Union. Sensing an opportunity to replace Brandt as chancellor, Barzel prompted a parliamentary vote of no confidence in the government. He opposed Brandt’s economic opening and diplomatic rapprochement with the East. Communists throughout Europe looked on with concern. The cherished Ostpolitik was in peril of parliamentary derailment. And so began “Protect Brandt Week,” an information campaign headed by Wolf under Moscow’s instructions. The aim of the operation was to infiltrate the political firmament in Bonn and save Brandt – or rather, his policy – by disrupting the confidence vote. The very future of East–West relations was at stake. 1 STRIKING BACK Wolf found his target in Leo Wagner. The Bavarian Bundestag member from the Christian Social Union hardly fit the code name “Lion” that was given by his Stasi handlers. Wagner’s recruitment by the Stasi played out over several years. Operatives of Department X of the Main Directorate for Reconnaissance (HVA), which was responsible for information campaigns, had long monitored him. His intelligence profile noted: “Catholic, married, two children” – a picture of moral probity that did not accord with the secret reality of his nocturnal excursions. Among Stasi spies, he had the reputation of an unreliable debtor and an alcoholic scoundrel. Rumors had it that in a single night he spent thou- sands of deutschmarks on women and drinks. And yet he enjoyed high esteem among party officials. Fellow lawmakers did not foresee his path to personal and financial ruin. East German intelligence officials were more perceptive. “We tried to recruit Leo Wagner because he was so open to attack, especially for financial reasons,” recalled former Stasi agent Horst Kopp.2 This tale of political drama features no protagonists, only antagonists. The hook was ready to be dangled. Wagner had made first contact with the Stasi in the mid-1960s when he met Georg Fleissman, a Bavarian journalist and recruiter on Wolf’s team. Fleissman now showered the libertine Lion with money to fund his extravagances. “He just wanted to receive the money and maintain his lifestyle,” explained Kopp.3 Finding himself in a position where refusal to cooperate seemed impossible because it would expose his depravities to the public, Wagner almost immediately acceded to Fleissman’s request to abstain in the Bundestag vote.4 The vote that decided Brandt’s political fate on April 27, 1972, was tight. Merely two abstentions, Wagner’s and Julius Steiner’s, among Brandt’s political opponents, ensured his and his foreign policy’s survival (Stasi agents, it later emerged, had also bribed Steiner, another lost soul). The voting outcome was celebrated not only in the Chancellery but also in the Stasi headquarters on Ruschestrasse and in the Kremlin. CYBERSPACE AND THREATS TO DEMOCRATIC INTEGRITY Nothing in the Wagner episode stands out in the context of the current cyber revolution. Its main elements are familiar to us today: intense geopolitical 2 INTRODUCTION rivalry between the Kremlin and the West; a fractured political scene within democracies; some Western politicians hewing a closer line towards the adver- sary without grasping its opportunistic maneuvers; and naïve party figures assuming rather than questioning the integrity of their personal communica- tions and the secrecy of their private lives. The Wagner episode seems like a rehearsal for our own times. And like foreign electoral interference today, the Communist bloc’s intervention in West German domestic politics had more global than domestic implications. In short, the principles and objectives of Russian information warfare remain largely the same today as in the Cold War. But its scope and methods have changed dramatically. In relation to contemporary threats against demo- cratic systems, the episode of 1972 is as much an analogy as it is a disanalogy; we can derive relevant insights from it while also identifying differences. In Wagner’s time, before the era of the “social” Internet, foreign interfer- ence in Western domestic politics played out in a limited arena. The list of viable targets was small. Relevant information with which to ensnare them was difficult and costly to acquire. A successful intrusion required as sordid and feeble a character as Wagner operating at the heart of the democratic polity. Aided by misinformation traveling the radio waves and, more laboriously, the print media, Communist agents could achieve greater public effect than if their activities remained strictly private, as a form of blackmail. But still their information campaigns were typically circumscribed within a small locality or region. True, Department X often supplemented its campaigns with publicly diffused disinformation – for instance, the joint KGB–Stasi Operation INFEKTION that ran between 1983 and 1987 and which falsely attributed the origins of the HIV virus to a bioweapons research lab in Maryland.5 But generally, the private information space was a more potent operational realm than the public information space. The explosive expansion of cyberspace and especially the Internet during the last two decades has radically altered this situation. Today, an aspiring intruder into democratic politics has at his disposal nearly the entire political class among which to select possible targets of compromise. For who is the politi - cian who has never shared imprudences in an email or snapped indecencies on a mobile phone which are then accessible by sophisticated foreign hackers? 3 STRIKING BACK Hacking is only the latter stage of the problem; its essential precondition is the digitization of vast aspects of both public and private life that were never before captured in electronic form. The hacking activities of Russian military agents during the 2016 U.S. presidential election reveal the magnitude of the contemporary problem. In July 2016, two candidates faced each other in the race to represent the Democratic Party against Republican Party nominee Donald Trump in the presidential vote in November of that year. Bernie Sanders, the senator and former congressman representing Vermont who had until recently eschewed party affiliations, was the maverick option. He had disdained, often publicly, much of the Democratic Party’s established figures and policies. His opponent for the nomination was Hillary Clinton. As the former secretary of state under President Barack Obama and the wife of ex-President Bill Clinton, she was the conventional candidate. Sanders was a figure of revolutionary disruption within the party; Clinton was one of continuity. The former secretly worried many Democratic Party stalwarts for his promise to remake the party’s image; the latter represented a force of stability who promised invigoration through constancy. Therein lay the problem: although the party chiefs were meant to exercise strict neutrality in the candidate’s selection, many Sanders supporters suspected that the leadership secretly favored Clinton. WikiLeaks’ release of private email messages obtained by hackers from the GRU – the intelligence unit of the Russian military’s general staff – three days before the Democratic Convention, a time designed to cause maximum political discord within the party, gave proof to the lie of impartiality. The leaks revealed that party chairwoman Debbie Wasserman Schultz and other senior party figures in fact did favor Clinton. Public confirmation of the prejudice against Sanders instigated a crisis of legitimacy within the party among his voters. When Clinton was nominated, a fierce insurrection erupted within the party that may have cost Clinton enough Democratic votes in crucial swing states to deny her victory against Trump in November – a plausible if unprovable scenario.6 The GRU’s hack was remarkable for its brazenness and sophistication. Although innovative, the operation was neither new nor isolated. It fit a larger program of activity of using computer information as a tool to influence 4