The CrowdStrike bug disrupted the entire country for the better part of a week. Everyone is focusing on all the delayed flights and hospitals that had to shut down, and so on. But according to an opinion piece by Mick Mulvaney, who was director of the OMB, acting director of the CFPB, and chief of staff in the Trump administration, all of them missed the point.
Mulvaney was driving from Milwaukee to Chicago the day the CrowdStrike bug hit and needed to get gas. The gas station was accepting only cash because its credit card processor was hit by the bug and was down. In a war situation, attacking the credit card processor is just as good as blowing up an oil refinery (only easier). In both cases, the result is no gas.
We are already seeing this kind of asymmetric warfare. In 1982, a $200,000 Exocet missile sank a $50 million British warship. In Ukraine, $80,000 Javelin missiles are regularly destroying $5 million Russian tanks. There are plenty of other examples of cheap attacks that cause massive damage.
We haven't seen this in politics much yet, but don't hold your breath (but do see the item below on deepfakes). Suppose a hacker either affiliated with one side or rooting for one side penetrated the other side's main computer system and took control. What could it do? A lot. It might be able to get into the campaign's main bank account and wire tens or hundreds of millions of dollars to its account in Switzerland, and from there route it to Liechtenstein, then to the Cayman Islands, then to Nauru, and then break it up into smaller chunks and send them to hard-to-track offshore banks around the world. The campaign wouldn't be able to recover it.
Or suppose the hacker could send out a fake tweet from Donald Trump saying that he fully supported J.D. Vance's plan to give children the vote (to be exercised by their parents) so that large families would (rightfully) get many more votes than childless cat women. Or a fake tweet from the Harris campaign saying that on Jan. 20, 2025, at 1 p.m. she would order the CIA to capture Donald Trump and store him at Guantanamo Bay permanently so that the U.S. courts couldn't get him released. It is easy to think of incredibly damaging fake tweets (or press releases or notices on their website) either side could send out in the name of their opponent. Of course, the victim would vigorously deny the original message etc., but millions of people would believe the tweet/release/etc. and not the denial.
And then there are deepfake videos, like the one we had on Monday. But suppose a hacker could make one that was not quite so over the top and post it on the campaign's own website and block the campaign from removing it, by changing all the passwords. It could be up for hours and do immense damage. The possibilities are limitless and we doubt anyone is taking the threat seriously. After all, look at the damage the CrowdStrike bug did, and that was a simple bug, not a carefully planned attack with a serious attempt to make it difficult to undo the damage. If this becomes a reality, and it is not too hard to imagine that it could, we are in for some rough sailing. (V)