Attacks — State-Level Cyber Capabilities

The capabilities of states and their intelligence agencies are extremely formidable. Even in normal, non-all-out-AGI-race times (and from the little we know publicly), nation-states (or less advanced actors) have been able to:

• Zero-click hack any desired iPhone and Mac with just a phone number,
• Infiltrate an airgapped atomic weapons program,
• Modify Google source code,
• Find dozens of zero-days a year that take on average of 7 years to detect,
• Spearfish major tech companies,
• Install keyloggers on employee devices,
• Insert trapdoors in encryption schemes,
• Steal information via electromagnetic emanations or vibration,
• Use just the noise from your computer to determine where you are on a video game map or steal a password,
• Gain direct access to sensitive systems like nuclear power plants,
• Exfiltrate 22 million security clearance files from the USG,
• Expose the financial information of 110 million customers by planting vulnerabilities in HVAC systems,
• Compromise computer hardware supply chains at large scale,
• Slip malicious code into updates to software dependencies used by top tech companies and the USG
• … let alone planting spies or seducing, cajoling, or threatening employees (which happens effectively at large scales, but is less public)
• … let alone special forces operations and similar (when things really get hot).