* subscribe at http://techPolice.com

(this article is old but its good and its about Rome, NY which is a few milles away 
from me so I decided to send this)


from http://www.afa.org/  March 1997 Issue

Information warfare is no longer the stuff of futuristic role-playing exercises. It's 
already here.

In spring 1994, Air Force security officers tracking a computer intrusion suddenly 
found themselves face-to-face with a horrifying prospect: inadvertent cyberwar--and 
perhaps worse--between the United States and North Korea.

The Air Force had for weeks been trying to catch a hacker they knew only as 
"Datastream Cowboy." From a base that appeared to be located in Britain, Datastream 
was rampaging through the computers of Rome Laboratory, N.Y., and other defense 

He was downloading files and leaving behind "sniffer"1 programs capable of 
eavesdropping on sensitive electronic communications. Worse, he was using these same 
Air Force systems as launching pads for false-flag Internet attacks on other 
computers--including those of other nations.

On April 15, as Air Force investigators covertly watched, Datastream came online at 
the Rome Lab system and then quickly gained access to a third computer. On-screen file 
data identified this other computer as belonging to a "Korean Atomic Research 
Institute." The hacker filched all the data on the Korean system, pulling it back and 
storing it in a corner of Rome's memory.

The Air Force investigators were shocked. They couldn't tell if the computer that 
Datastream had just penetrated belonged to South Korea or North Korea. Had this vandal 
just stolen the most sensitive secrets of the unpredictable "Hermit Kingdom"? If so, 
how would the often paranoid and always dangerous North Koreans react?

"Act of War"?

The Air Force conducted a full study, results of which were released this year. The 
report stated, in part, "The concern was that . . . the North Koreans would think the 
. . . transfer . . . was an intrusion by the US Air Force, which could be perceived as 
an aggressive act of war."

As it turned out, there was no actual cause for worry that an enraged Pyongyang would 
hurl missiles or troops south to retaliate against US forces; the computer in question 
belonged to South Korea. Datastream himself was no terrorist or foreign military 
operative but a London teenager named Richard Pryce, who curled up on the floor and 
cried when police arrived to arrest him.

Still, American officials viewed the incident as a clear wake-up call for the entire 
Department of Defense. In his brief rampage, one youthful hacker had compromised 30 
Rome Lab computer systems. The specter of an international incident and perhaps open 
conflict flashed before Washington officials. Surely some of America's adversaries 
had, or would soon have, the capability to do far worse.

Such incidents have convinced the US government that information warfare is no longer 
just the stuff of role-playing exercises set safely in the next century. As far as 
many experts in the US government are concerned, it is already here--and it is time to 
start planning serious defenses.

"Just as we prepare for a conventional weapons attack, we must be ready for attacks on 
our computer networks," said Sen. Sam Nunn, the now-retired Georgia Democrat, during 
wide-ranging Congressional hearings on the issue last summer.

Today, the Pentagon, the White House, the intelligence community, and many private 
businesses are spending lots of time considering the implications of a broad subject 
they have dubbed "IW," for information warfare.

"Information warfare has become central to the way nations fight wars, and it is 
critical to Air Force operations in the twenty-first century," says service guidance 
issued by Air Force Chief of Staff Gen. Ronald R. Fogleman.

For the military, "information warfare" means much more than providing physical 
security for defense-related computers. Info war has an offensive component, too, 
comprising various capabilities for attacking an adversary's computers, 
communications, and information sources. It can even cover a time-honored military 
means of achieving victory: the timely use of superior information about terrain or 
opposing forces for tactical purposes.

Maj. Gen. John P. Casciano, the assistant chief of staff for Intelligence, spelled out 
the breadth of IW at AFA's Los Angeles symposium, held in October. The definition of 
IW used by the Air Force, he explained, was "any action to deny, exploit, corrupt, or 
destroy the enemy's information and its functions; protecting ourselves against those 
actions; and exploiting our own military information functions."

It is not a purely modern phenomenon, USAF officials said, but the concept has become 
much more important in the information age. Satellites, computers, faxes, video 
cameras, and modems have given today's military forces a startling capability to 
create and disseminate information. This flood of data changes battlefield realities, 
alters conclusions, and redirects actions.

Information technologies have proven to be tremendous military force-multipliers. 
Their very usefulness creates a defensive problem, however.

Weakness in Strength

"We must recognize . . . that the same qualities making modern information functions 
so indispensable, make them alarmingly vulnerable," said Col. Frank Morgan, commander 
of the Air Force Information Warfare Center, Kelly AFB, Tex.

By itself, the military cannot hope to address every one of these vulnerabilities. The 
dependence of US armed forces on commercial technologies and communications may 
represent a weak link in America's info war armor.

Not too long ago, almost all of the information critical to Air Force planning and 
execution was transmitted over secure links. Now, 90 percent of it travels through 
commercial systems, according to service estimates. For instance, service officials 
point out that fuel orders and logistics data--information essential to the success of 
a sudden deployment--usually travels over essentially unprotected commercial lines. 
Blood and medical supplies are ordered the same way. Telemedicine capabilities are 
becoming increasingly important in the military for long-distance health diagnostics; 
these capabilities, based on rapid electronic transmissions, are also at risk.

Even something as common as an automatic teller machine might represent a military 
vulnerability. A sophisticated adversary might be able to track the movements of key 
military personnel via ATM withdrawal data, for instance. Alternatively, the simple 
electronic looting of a soldier's financial accounts could profoundly affect his or 
her morale.

"We have to streamline our support functions to take advantage of technology and cut 
down costs, but it means we are more at risk," said General Casciano.

Furthermore, vulnerabilities of commercial systems could cause problems at a strategic 
level. IW attacks might play havoc with the US electrical grid, for instance, or 
decimate commercial banking systems. Clever hackers could redirect speeding trains 
onto the same track or cause air traffic controllers to misdirect airliners.

Wary of the emerging dangers, the White House last July established a Commission on 
Critical Infrastructure Protection to weigh the implications of the threat. Members 
are considering whether it is a truly imminent danger or possibly an overhyped 
annoyance. "Is [the IW problem] a Sherman tank coming at us, or is it just a kid 
carrying a Ping-Pong paddle?" asks Roger Molander, a Rand Corp. analyst and one of the 
country's foremost experts on IW. "No one really knows."

Most of the weapons of IW are themselves composed of electrons and focus on software.

Worms on the March

For years, hackers have been using the simple technique of guessing the passwords 
needed to enter remote computing systems. (The word "password," for instance, is a 
more common password than one might think.) Once inside a computer's cyberspace, 
vandalism can be easy. More sophisticated users can then insert a self-replicating 
program, often known as a "worm." Churning worms keep growing and growing, taking up 
more and more memory, and eventually jam system software.

The spread of powerful personal computers has made it possible for hackers to crack 
password defenses simply by trying many possible combinations of letters. Once inside, 
the covert insertion of a software "backdoor" allows adversaries to reenter a system 
at will. Another hacker tool--the "sweeper"--will do just what its name suggests: 
sweep all data banks clean of their information. "Sniffers" are eavesdropping programs 
that monitor electronic communications, providing useful intelligence analogous to 
that achieved by wiretapping telephones.

Today, however, the highest form of software attack may be what is called "packet 
forge spoofing." This activity results in the subtle--and secret--alteration of data. 
A file containing an adversary's order of battle, for instance, may suddenly show a 
fighter squadron where none existed before. The idea, explained one defense contractor 
whose firm works on the offensive side of cyberwar, is simple. "It's much better to 
get a guy's system to give him wrong information than no information at all," he said.

Moreover, powerful workstations are not necessary to create these weapons. The attacks 
on Rome Lab were launched from the computer equivalent of a Cessna prop plane; it was 
a slow, 25-megahertz, 486 SX desktop computer whose hard drive contained only 170 
megabytes of space. After all, a whole arsenal of IW software is openly posted at 
various sites on the Internet. Log in, point and click, and--presto!--you're an 
electron warrior.

Other tools could directly target the embedded computers in aircraft and other 
high-tech weapon systems. Directed energy bursts, for example, might fry an aircraft's 
avionics, and the alteration of Global Positioning System navigation data could put a 
long-range bomber far off course. Flight controls might be disabled through 
radio-frequency insertion of corrupt computer codes.

Defense planners also maintain that the physical destruction of crucial computer 
assets qualifies as an act of information war. Such activity might be as simple as 
attachment of a powerful magnet to a hard drive by special operations forces or as 
blunt as an old-fashioned laser-guided bomb down the air vent of an underground 
computer center.

Air Force officials separate the IW threat into three categories, of varying degrees 
of danger.

The thrill-seeking hackers--or "ankle biters," in General Casciano's phrase--who pose 
the most limited challenge. Datastream Cowboy was an archetype of this threat.
Freelancers with a purpose. These can range from a lone individual with an antinuclear 
agenda to subnational groups, such as the Strano Leftist Network, a loose 
Internet-oriented Italian agglomeration that recently launched politically oriented 
attacks on computers in France and Mexico.
Nation-states. US officials worry that info war might take place on something of a 
level battlefield. For example, production of stealth aircraft takes a huge national 
investment, but the production of a truly deadly computer virus might be cheap enough 
for even the poorest government to afford.
250,000 Hacks

The threat no longer is theoretical. A recent General Accounting Office study 
estimated that Pentagon computers absorb some 250,000 hacker attacks per year--and 
that 65 percent of these attacks are at least partially successful. In late 1996, most 
DoD information on the Internet had to be temporarily shut down after a hacker damaged 
an Air Force home page on the World Wide Web.

Most hackers tend to scoff at the notion that they represent a national security 
threat. The overwhelming majority of them, they point out, target military computers 
that handle unclassified information. Even so, their actions can be costly and 
exasperating. Some hackers do gain access to sensitive areas: Datastream Cowboy 
managed to make off with communications that had been classified "secret." In the late 
1980s, the so-called "Hannover Hacker" attacked US systems, searching for data to sell 
to the East German government.

As for other nations, about 18 have active defensive or offensive IW programs, 
according to Air Force documents.

To date, it is not clear whether and to what extent this activity constitutes a direct 
threat to the US. The US National Intelligence Council has produced a classified 
report on known foreign efforts or plans to attack crucial national data networks, 
such as the Defense Switched Network telephone system. Officials have not revealed its 
conclusions publicly, though they acknowledge that computer-assisted intrusions into 
the systems used by banks and other financial institutions have so far been isolated, 
with the goal limited to theft.

John M. Deutch, then CIA director, told Congress last summer that such incidents may 
begin to threaten the nation's economic well-being if they increase. "In addition, we 
do not fully understand the real source and purpose of these events," he said. "Some 
may be sponsored by foreign adversaries in support of broader political, economic, or 
military goals."

Three Thrusts

Information warfare is currently the focus of three general, overlapping efforts 
within the US defense-industrial structure. One of these efforts centers on activity 
in think tanks. Science Applications International Corp., for instance, recently 
launched a Center for Information Strategy and Policy to run seminars and produce 
papers on the subject, as well as systems planning and crisis simulations. Rand Corp. 
has carried out ground-breaking IW work, including several well-attended game-playing 
exercises for government officials. A 1995 game focused on a Persian Gulf War 
scenario, with Iran attempting to destabilize Saudi Arabia. The game setup called for 
Iran to use such methods as destruction of a Dhahran refinery by meddling with its 
computerized controls. In 1996, the Rand story line was tension between China and 
Taiwan. Sixty mid- to upper-level US officials attended.

The other hotbeds of IW thinking are, first, the Pentagon and the armed services and, 
second, the White House and the intelligence community.

Within the US military, all evidence is that the services take IW seriously. All 
branches, for instance, have headquarters staff position papers on the subject that 
are in various stages of development. The Air Force seems clearly out in front when it 
comes to IW planning. That's not just the opinion of USAF leaders, either.

"The Air Force is furthest along," says Rand's Mr. Molander. "They've got some good 
training programs going."

USAF leaders have rejected any notion of a separate IW command and say, instead, that 
all major commands must be ready to conduct defensive info war functions.

Specialized organizations established so far include the 609th Information Warfare 
Squadron, a prototype unit located at Shaw AFB, S. C., that studies the use of 
offensive and defensive IW tactics and techniques, and the Air Force Information 
Warfare Center, charged with developing and maintaining general IW capabilities.

AFIWC has been up and running since 1993 at Kelly AFB. Its experts were crucial in 
cracking the Datastream case. AFIWC hacker teams travel throughout the Air Force to 
assess computer security at individual Air Force bases. For instance, a recent AFIWC 
simulated attack on Charleston AFB, S. C., breached six computer systems--with two of 
these taken over completely. These attack techniques range from sophisticated cracking 
efforts to such simple acts as flipping over user mouse pads and keyboards in search 
of passwords written down by forgetful users.

Under the Base Network Control Center initiative, the Air Force is building electronic 
"fences" around all of its installations. This $68 million effort will erect data fire 
walls between base local networks and the Internet and other commercial communications 
providers, while providing network monitoring equipment to detect any hacker 

For the near future, the most significant Air Force IW item concerns education, 
according to officials. Air University has produced a video on the subject, called 
"Cyberstrike," and is now circulating it around the Air Force. Maxwell AFB, Ala., home 
of Air University, is offering two IW courses--a three-day version for general 
officers and senior civilians and a five-day version for others. USAF's first 
Information Warfare Training Lab is now open for business at Goodfellow AFB, Tex.

Surprise Attack

Not everyone believes the Pentagon is taking information warfare seriously enough or 
is putting enough resources into its efforts. In January, the Defense Science Board, 
issuing a report on defenses against IW, warned that the nation faced a possible 
electronic Pearl Harbor in the near future. DSB members are recommending that DoD 
spend at least $3 billion more than planned on IW over the next five years.

The study concluded that the Defense Department needs to designate a focal point for 
IW in the Pentagon. It recommends establishment of a Pentagon-wide electronic 
"aggressor" team to help assess vulnerability. And it says that R&D spending in the 
area needs to be expanded.

Though today's commercial products can provide some quick protection for the 
military's 2.1 million computers, they generally aren't able to handle the sheer scale 
of the Pentagon's distributed computer environment, according to the DSB. One 
particular need: a system that can automatically track an attack to its source. In 
addition, said the DSB report, the US needs to be prepared for the aftermath of a 
determined IW attack. That means identifying and hardening a minimum essential 
information infrastructure--a limited fail-safe system capable of surviving large 
outages and performing critical defense functions.

"The infrastructure must be designed to function in the presence of failed components, 
systems, and networks," concluded the study. "The risk . . . must be managed since it 
cannot be avoided."

The DSB is not the only high-level government group working on the overall IW problem. 
The President's Commission on Critical Infrastructure Protection is charged with 
looking at vulnerabilities in broad commercial systems, including telecommunications 
nets, electrical power systems, supply systems, banking, and transportation. The panel 
expects to issue its own report in early summer.

Protection of these high-level strategic targets may be the most challenging--and 
important--aspect of IW as the twenty-first century approaches. That is because the 
Pentagon needs to maintain its access to such systems, yet it cannot exert much 
control over how they defend themselves.

Mr. Molander, the Rand analyst, warned, "The services are in no position to foster 
protection for these elements of the infrastructure, which they're going to depend 

Defense officials point out that big commercial systems, by their very nature, foster 
interaction with the outside world and with potential problems. Banks judge themselves 
successful if they can convince more people to use their ATM networks. Cellular phones 
are spreading around the world faster than any electronic technology since television, 
yet in some markets they're already losing up to 30 percent of their revenue via fraud.

"Information warfare has no front line," says a comprehensive Rand study of the 
subject. "In addition, the means of deterrence and retaliation are uncertain and may 
rely on traditional military instruments in addition to IW threats. In sum, the US 
homeland may no longer provide a sanctuary from outside attack."

Peter Grier, the Washington bureau chief of the Christian Science Monitor, is a 
longtime defense correspondent and regular contributor to Air Force Magazine. His most 
recent article, "The Jet Age in Review," appeared in the February 1997 issue.

1 SNIFFER is a registered trademark of Network General Technology Corp., a wholly 
owned subsidiary of Network General Corp. The Network General SNIFFER product should 
not be confused or mistaken with any other products

Source: http://www.afa.org/magazine/0397atwar.html

Feel the Need to Read? 
Then check out the great deals on magazines you can get by
signing up through Topica. Info and entertainment do come
cheap if you click here:

--via http://techPolice.com
archive: http://theMezz.com/cybercrime/archive
subscribe: [EMAIL PROTECTED]
--via http://theMezz.com

EASY UNSUBSCRIBE click here: http://topica.com/u/?b1dhr0.b2EDp2
Or send an email To: [EMAIL PROTECTED]
This email was sent to: archive@jab.org

T O P I C A -- Register now to manage your mail!

Reply via email to