Governments at War If I asked you who your friends were, you'd answer without hesitation. That's because human relationships are based on mutual interest and affection, simple qualities that are largely subjective. If I asked you to identify friends of the United States, again, you would answer without hesitation. In that instance, however, your answer would probably be dead wrong. In diplomatic circles, the word ally describes any foreign nation that shares common territorial, ideological, or economic interests with your own. We call this or that foreign state an ally based on various treaties, a handful of assurances, and on occasion, binding contracts. For example, we count France and Israel as allies. Each occupies a geographical region that we have interest in protecting, and each shares with us a vision of democracy. (The French stood with us against the Nazis, and we have long supported Israel in the repatriation of Jews driven from Soviet Russia.) If these nations are our friends, why are they spying on us? In the last decade, the United States has been the target of widespread technological and industrial espionage, often perpetrated by friends and allies. In 1997, the American Society for Industrial Security identified several nations that routinely conduct industrial espionage against the United States. Of those, these nations were most prominent: France Germany Israel China South Korea Four are considered U.S. allies. Caution Do you fly Air France? If so, watch what you say on the telephone. Air France has been caught intercepting electronic communications of American tourists in transit to Europe. France's espionage activities are particularly prominent. On January 12, 1998, the Los Angeles Times reported that French intelligence had penetrated some 70 U.S. corporations, including Boeing and Texas Instruments. Like most nations spying on us, France employs these generic intelligence-gathering techniques: Eavesdropping Penetrating computer networks Stealing proprietary information Do you still believe that France is an ally? You're probably shocked that I would say all this. Let me take a different angle. If you're a French, Israeli, German, or South Korean national, know this: The U.S. government spies on your countrymen 24 hours a day, 7 days a week. In fact, every industrialized country does it. That's simply the way it is; nations have their own economic and political agendas. These agendas naturally and necessarily have far greater priority than pacts made with allies. In other words, we can't blame France for trying. The problem is, times have changed drastically. For 10,000 years, spying, sabotage, and warfare have all required human participation. Indeed, the spy's face has changed little throughout the ages. Whether he was a stealthy infiltrator, an agent-of-influence, or an agent provocateur, he was, above all, human. The rules have since changed. Telecommunications and computer technology have made electronic espionage and warfare not simply fanciful notions, but hard realities. Therefore, hostile foreign nations need not send human spies anymore. Instead, they can send packets and why not? Packets are cheaper. Packets don't drink or smoke (that we know of), they don't gamble, and they cannot be compromised by virtue of reputation, sexual indiscretion, or criminal record. Most importantly, packets are invisible (at least to folks who maintain poor security practices). From this, it's only a small step to imagine the Internet as a superb espionage tool. Unfortunately, many government sources have been slow to recognize this. Instead, the Internet spy scenario was considered pulp fiction wildly exaggerated fantasies of military and intelligence experts who had no war to keep them occupied and therefore turned to conjecture for amusement. Can the Internet Be Used for Espionage? The better question is, how often is the Internet used for espionage? Analysts have hotly debated for quite some time now whether the Internet could be used for spying. They can stop arguing, however, because it is already happening. For example, the Soviet Union's space shuttle program was based on American technology stolen from the Internet. Designs were acquired from various technical universities online. In fact, Robert Windrem, in "How Soviets Stole a Shuttle," says that: So thorough was the online acquisition, the National Security Agency learned, that the Soviets were using two East-West research centers in Vienna and Helsinki as covers to funnel the information to Moscow, where it kept printers going "almost constantly". Intelligence officials told NBC News that the Soviets had saved billions on their shuttle program by using online spying. The Soviets have long recognized the Internet as a valid intelligence source. An Internet legend gained international fame by breaking a KGB spy ring that used the Internet to steal American secrets. I refer here to Clifford Stoll, an astronomer then working at a university in Berkeley, California. Stoll set out to discover the source of a 75-cent accounting error. During his investigation, he learned that someone had broken into the university's computers. Instead of confronting the intruder, Stoll watched the activity. What he saw was disturbing. The intruder was using Stoll's servers as a launch point. The real targets were military computers, including servers at the Pentagon. The intruder was probing for information on U.S. nuclear preparedness. Stoll recognized this for what it was: spying. He therefore contacted the Federal Bureau of Investigation. However, to Stoll's surprise, FBI agents dismissed the entire incident and refused to offer assistance. Stoll began his own investigation. What followed has since become the most well known chapter in Internet folklore. After analyzing chained connections through the telephone system, Stoll traced the spy to Germany. His evidence would ultimately prompt the FBI, the CIA, and the West German Secret Police to get involved. In March 1989, Clifford Stoll was credited with cracking a German spy ring that stole our secrets from the Net and sold them to the KGB. (An interesting side note: The German spies received not only money, but also large amounts of cocaine for their services.)  The full story can be read in The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage, by Clifford Stoll. Mass Market Paperback, ISBN: 0-67172-688-9.
The Threat Gets More Personal These cases are intriguing but reveal only a glimpse of what's to come. Today, hostile foreign nations are studying how to use the Internet to attack us. The new threat, therefore, is not simply espionage but all-out Internet warfare. Are we ready? Sort of. Information warfare has been on the minds of defense officials for years. Recent studies suggest that we'll experience our first real information warfare attack within 20 years. Most hostile foreign nations are already preparing for it: Defense officials and information systems security experts believe that over 120 foreign countries are developing information warfare techniques. These techniques enable our enemies to seize control of or harm sensitive Defense information systems or public networks, which Defense relies upon for communications. Terrorists or other adversaries now have the United States to launch untraceable attacks from anywhere in the world. They could infect critical systems, including weapons and command and control systems, with sophisticated computer viruses, potentially causing them to malfunction. They could also prevent our military forces from communicating and disrupt our supply and logistics lines by attacking key Defense systems. "Information Security: Computer Attacks at Department of Defense Pose Increasing Risks." (Testimony, 05/22/96, GAO/T-AIMD-96-92). Most information warfare policy papers center on the importance of information warfare in a wartime situation. However, some U.S. information warfare specialists have recognized that we needn't be at war to be attacked: The United States should expect that its information systems are vulnerable to attack. It should further expect that attacks, when they come, may come in advance of any formal declaration of hostile intent by an adversary state This is what we have to look forward to in 2020 or sooner. "A Theory of Information Warfare; Preparing For 2020." Colonel Richard Szafranski, USAF. The real question is this: If they attack, what can they do to us? The answer might surprise you. The President's Commission on Critical Infrastructure Protection (a group studying U.S. vulnerability) has identified key resources that can be attacked via the Internet. Here are a few: Information and communications Electrical power systems Gas and oil transportation and storage Banking and finance Transportation Water supply systems Emergency services Government services In 1998, the PCCIP delivered a report with preliminary findings. They, too, concluded that we might be attacked without warning: Potentially serious cyber attacks can be conceived and planned without detectable logistic preparation. They can be invisibly reconnoitered, clandestinely rehearsed, and then mounted in a matter of minutes or even seconds without revealing the identity and location of the attacker. Is the situation that critical? Who Holds the Cards? Technology is a strange and wonderful thing. Depending on who's using it, the same technology used to create Godzilla can also be used to create weapons of mass destruction. For this reason, technology transfer has been tightly controlled for almost five decades. During that time, however, commercial advances have dramatically influenced the distribution of high-grade technology. Thirty years ago, for example, the U.S. government held all the cards; the average U.S. citizen held next to nothing. Today, the average American has access to technology so advanced that it starts to come close to technology currently possessed by the government. Encryption technology is a good example. Many Americans use encryption programs to protect their personal data from prying eyes. Some of these encryption programs (such as Pretty Good Privacy) produce military-grade encryption. This is sufficiently strong that U.S. intelligence agencies have a hard time cracking it within a reasonable amount of time, and time is often of the essence. Note Encryption has already thwarted several criminal investigations. For example, in the case of famed cracker Kevin Mitnick, the prosecution had a problem: Mitnick encrypted much of his personal data. As reported by David Thomas from Online Journalism: The encrypted data still posed a problem for the court. As is stands, government officials are holding the encrypted files and have no idea of their contents. The defense claims that information in those files may prove exculpatory, but revealing their contents to the government would violate Mitnick's Fifth Amendment protection against self-incrimination. Further, pros ecutors have indicated that they will not be using the encrypted files against Mitnick, but they refuse to return the evidence because they do not know what information the files hold. Ultimately, the court sided with the prosecution. Judge Pfaelzer described Mitnick as "tremendously clever to put everyone in this position" but indicated that "as long as he (Mitnick) has the keys in his pocket, the court is going to do nothing about it." Advanced technology has trickled down to the public. In many cases, crackers and hackers have taken this technology and rapidly improved it. Meanwhile, the government moves along more slowly, tied down by restrictive and archaic policies. As a result, the private sector has caught (and in some cases, surpassed) the government in some fields of research. This is a matter of national concern and has sparked an angry debate. Consider the Mitnick case. Do you believe that the government is entitled to Mitnick's encryption key so it can find out what's inside those files? That's a hard question to answer. If Mitnick has a right to conceal that information, so does everybody. In the meantime, there's a more pressing question: How does this technology trickle-down affect our readiness for an Internet attack? Can the United States Protect the National Information Infrastructure? From a military standpoint, there's no comparison between the United States and even a gang of third-world nations. The same is not true, however, in respect to information warfare. In March 1997, a Swedish cracker penetrated and disabled a 911 system in Florida. Eleven counties were affected. The cracker amused himself by connecting 911 operators to one another (or simply denying service altogether). Note The Swedish case was not the first instance of crackers disrupting 911 service. In Chesterfield, New Jersey, a group dubbed the Legion of Doom was charged with similar crimes. What was their motivation? "[T]o attempt to penetrate 911 computer systems and infect them with viruses to cause havoc." Note Another disturbing case occurred in March 1997, when a Rutland, Massachusetts, teenager cracked an airport. During the attack, the airport control tower and communication facilities were disabled for six hours. (The airport fire department was also disabled.) It was reported as follows: "Public health and safety were threatened by the outage which resulted in the loss of tele phone service, until approximately 3:30 p.m., to the Federal Aviation Administration Tower at the Worcester Airport, to the Worcester Airport Fire Department, and to other related concerns such as airport security, the weather service, and various private airfreight companies. Further, as a result of the outage, both the main radio transmitter, which is connected to the tower by the loop carrier system, and a circuit which enables aircraft to send an electric signal to activate the runway lights on approach were not operational for this same period of time." Transport News, March 1998. The introduction of advanced minicomputers has forever changed the balance of power. The average Pentium and Alpha processors are more powerful than many mainframes were five years ago. Add to this advances in Linux clustering and distributed processing solutions, and with relatively cheap hardware you can start approaching the processing power that was previously only known by a few government and research institutes. A third-world nation could theoretically pose a threat to our national information infrastructure. Using advanced microcomputers (and some high-speed connections), a third-world nation could wage a successful information warfare campaign against the United States at costs well within its means. In fact, bona fide cyberterrorism will probably emerge in the next few years. Furthermore, the mere availability of such advanced technology threatens our military future in the "real" world. Nations such as Russia and China have progressed slowly because they lacked access to such technology. Their missiles are less accurate because their technology base was less advanced. U.S. defense programs, however, were sufficiently advanced that even when we appeared to make concessions in the arms race, we really made no concessions at all. Here's an example: The United States only agreed to quit nuclear tests after we developed the technology to perform such tests using computer modeling. As the United States'perceived enemies obtain more sophisticated computer technology, their weapons will become more sophisticated but it's not simply weapons that make the difference. It's the combination of weapons, communication, and information. If our enemies can alter our information, or prevent us from accessing it, they can gain a tremendous tactical military advantage. This could make up for shortcomings in other areas. Shane D. Deichman reports the following in his paper "On Information War:" A key element of the information warfare environment is the participants need not possess superpower status. Any power (even those not considered nation-states) with a modicum of technology can disrupt fragile C2 networks and deny critical information services. Rather than a Mahanian "information control" strategy that attempts to dominate all segments of the information spectrum, though, a more realistic strategy for U.S. forces is one of "information denial" (that is, the denial of access to truthful information). Perhaps a question less asked, however, is, should the U.S. government be responsible for protecting all of the U.S. infrastructure? After all, aren't the companies that operate systems like our telephone networks FOR PROFIT? Shouldn't the protection of these systems be one of their primary concerns? You'd think so, wouldn't you? Although the U.S. government has more then its fair share of problems and tasks, organizations turning to the government to make their information security problems go away are missing the point. Information security is everyone's problem welcome to the party. What Would an Information Attack Look Like? There hasn't yet been an all-out information war. The distributed denial of service attacks that hit in February 2000 definitely opened some eyes, but it's difficult to say how a full-scale attack would be conducted. Military officials aren't willing to talk specifics. We can speculate, however, as many think tanks do. In February 2000, some of the largest sites were knocked off the Internet using distributed denial of service tools. The attack made headlines in just about every news publication out there. One of the early reports can be seen at http://www.computerworld.com/cwi/story/0,1199,NAV47_STO43010,00.html. Specialists from Rand Corporation, for example, have engaged in some armchair planning. They delivered a report that posed various questions about the United States'readiness and made recommendations for intensive study on the subject: We suggest analytical exercises to identify what cyberwar, and the different modalities of cyberwar, may look like in the early twenty-first century when the new technologies should be more advanced, reliable, and internetted than at present. These exercises should consider opponents that the United States may face in high- and low-intensity conflicts. CYBERWAR IS COMING! "International Policy Department." John Arquilla and David Ronfeldt, RAND. 1993. Taylor & Francis. ISBN 0-14959-339-0. Not surprisingly, military and intelligence analysts are learning a great deal simply by studying how the Internet works (and how Americans use it). Much current research is aimed at defining what types of threats the Internet poses to political structures. Charles Swett, an assistant for strategic assessment at the Pentagon, made strides in this area. He released a report titled "Strategic Assessment: The Internet." In it, he addressed how the Internet will influence American domestic politics. He suggested that special groups can use the Internet to network amongst themselves. He offered one example in particular: Another, somewhat startling, example, is a message posted on the Internet on December 16, 1994, calling for nationwide protests against the Republican Party's Contract with America. The message accuses the Contract with America of being, in effect, class war, race war, gender war, and generational war, and urges recipients to "mobilize thousands of demonstrations in local communities across the nation," "fill the jails by engaging in acts of civil disobedience," and engage in other disruptive actions. Swett predicted that this would ultimately lead to domestic threats. However, he also suggested that these elements are vulnerable to attack: Political groups whose operations are coordinated through the Internet will be vulnerable to having their operations disrupted by false messages inserted by opposing groups. Note Mr. Swett was more correct than he realized. What he described has already happened. In recent years, several wars have erupted on Usenet between Scientologists and their critics. These wars were attended by some fairly mysterious happenings. At one stage of a particularly ugly struggle, just when the Scientologists seemed overwhelmed by their adversaries, a curious thing happened: And thus it was that in late 1994, postings began to vanish from alt.religion.scientology, occasionally with an explanation that the postings had been "canceled because of copyright infringement." To this day, it is not known who was behind the deployment of these "cancelbots," as they are known. Again, the CoS disclaimed responsibility, and the anti-Scientology crowd began to refer to this anonymous participant simply as the "Cancelbunny," a tongue-in-cheek reference to both the Energizer bunny and to a well-known Net inhabitant, the Cancelmoose, who has taken it upon himself (itself? themselves?) to set up a cancelbot- issuing process to deal with other kinds of spamming incidents. But whoever or whatever the Cancelbunny may be, its efforts were quickly met by the development of yet another software weapon, appropriately dubbed "Lazarus," that resurrects canceled messages (or, more accurately, simply alerts the original poster, and all other participants in the newsgroup, that a specific message has been canceled, leaving it up to the original poster to reinstate the message if he or she were not the party that issued the cancel command). "The First Internet War; The State of Nature and the First Internet War: Scientology, its Critics, Anarchy, and Law in Cyberspace." David G. Post. Reason magazine, April 1996. ( 1996 David G. Post. Permission granted to redistribute freely, in whole or in part, with this notice attached.) Swett closed his report with several observations about monitoring general Internet traffic on a wholesale basis: Monitoring of that traffic would need to be supported by automated filters that pass through for human analysis only those messages that satisfy certain relevance criteria. What Swett described (though he might not have realized it) is a complex, automated, domestic intelligence system. In other words, welcome to 1984. In all probability, early attempts to use the Internet to ascertain and mold political sentiment will be directed toward a country's own people. But that's about theoretical, domestic information warfare. What about actual Internet warfare? What are some likely targets? The Rand Corporation claims to know. In their paper "Information Warfare: A Two-Edged Sword," Rand specialists wrote Information war has no front line. Potential battlefields are anywhere networked systems enable access oil and gas pipelines, for example, electric power grids, telephone switching networks. In sum, the U.S. homeland may no longer provide a sanctuary from outside attack. For more information, see http://www.rand.org/publications/RRR/RRR.fall95.cyber/infor_war.html. In their paper, Rand authors described an imaginary attack set in the not-so-distant future. They predicted the following events: Electrical and telephone systems in the United States would be knocked out for hours. Freight and passenger trains would derail or collide. Oil refineries would ignite. Our financial system would fail, including automatic tellers. Well-organized domestic extremists would make strategic strikes. Computer-controlled weapons systems would malfunction. Experts suggest that this could happen in a matter of hours. That's a chilling thought. Is it true? Are we really that dependent on technology, or are our government agencies fishing for funding? The truth is that we are that dependent on technology. 
| 
FF0157.pdf