YOU HAVEN T SEEN ANYTHING LIKE WHAT IS COMING | Computer Forensics: Computer Crime Scene Investigation (With CD-ROM) (Networking Series)

< Day Day Up >

YOU HAVEN'T SEEN ANYTHING LIKE WHAT IS COMING

Body count: 796. Cause: midair collision. The air traffic control system was 'cybotagged.' News reports indicate that FAA personnel complained that their radar screens were freezing, and were switching data tags (such as aircraft altitude data) between close-flying planes. Series of near-misses in skies throughout the country-and one head-on collision between passenger jets in a thunderstorm over New York, resulting in the deaths of all aboard. It's suspected that the automated route and altitude management program's collision-avoidance algorithm was damaged.

Body count: 1,807. Cause: midair collision with a structure. The navigation system of another passenger jet was taken over by hackers, leaving the pilots helpless as the jet nose-dived into the Sears Towers in Chicago. No reports yet on how the hackers got in. A couple of hit sites have posted theories, some of them pretty good.

A message posted to 60,000 newsgroups from a group known as 'The Vulture of Jihad' claimed credit for the attack. As they're an obscure Sunni sect known for abjuring the use of any technology, their claim, made during prayers in a mosque in Aleppo, was disregarded. Other Islamic splinter groups also claimed credit, along with a white supremacist faction and an anarchist syndicate. These claims were swiftly dismissed, too: All were missing the digital signature which the Islamic Liberation Army (ILA) had in both previous site hacks. The most outrageous theory as to the identity of the people responsible for the attack came on a hit site called the

'Hit Theorist.' It says the whole thing is a CIA, NSA, and DOD plot to generate support in Congress for increased spending of military and Black Ops operations.

Do these scenarios sound like spin-offs from Fox's X-Files: 'The Lone Gunmen'? Perhaps! But could it happen? You bet!

The E-Bomb: A Weapon of Electrical Mass Destruction

Perhaps the most dangerous of all of defensive and offensive weapons in the IW arsenal of the future is the E-Bomb. High Power Electro-Magnetic Pulse generation techniques and High Power Microwave (HPM) technology have matured to the point where practical E-Bombs (Electromagnetic bombs) are becoming technically feasible, with new applications in both strategic and tactical information warfare. The development of conventional E-Bomb devices allows their use in non-nuclear confrontations. This part of the chapter discusses aspects of the technology base, weapon delivery techniques and proposes a foundation for the use of such devices in warhead and bomb applications.

The prosecution of a successful Information Warfare (IW) campaign against an industrialized or post-industrial opponent will require a suitable set of tools. The efficient execution of an IW campaign against a modern industrial or post-industrial opponent will require the use of specialized tools designed to destroy information systems. E-Bombs (also popularized by USA's futuristic sci-fi show 'Dark Angel') built for this purpose, can provide, where delivered by suitable means, an effective tool for this purpose.

The EMP Effect

The ElectroMagnetic Pulse (EMP) effect was first observed during the early testing of high-altitude airburst nuclear weapons. The effect is characterized by the production of a very short (hundreds of nanoseconds) but intense electromagnetic pulse, which propagates away from its source with ever-diminishing intensity, governed by the theory of electromagnetism. The ElectroMagnetic Pulse is, in effect, an electromagnetic shock wave.

Note

EMP stands for electromagnetic pulse. The source can be a nuclear or a non-nuclear detonation. It can be used by special forces teams who infiltrate the enemy's and detonate a device near their electronic devices. It destroys the electronics of all computer and communication systems in a quite large area. The EMP bomb can be smaller than a HERF gun to cause a similar amount of damage and is typically used to damage not a single target (not aiming in one direction) but to damage all equipment near the bomb.

This pulse of energy produces a powerful electromagnetic field, particularly within the vicinity of the weapon burst. The field can be sufficiently strong to produce short-lived transient voltages of thousands of Volts (kiloVolts) on exposed electrical conductors, such as wires, or conductive tracks on printed circuit boards, where exposed.

It is this aspect of the EMP effect that is of military significance, as it can result in irreversible damage to a wide range of electrical and electronic equipment, particularly computers and radio or radar receivers. Subject to the electromagnetic hardness of the electronics, a measure of the equipment's resilience to this effect, and the intensity of the field produced by the weapon, the equipment can be irreversibly damaged or, in effect, electrically destroyed. The damage inflicted is not unlike that experienced through exposure to close proximity lightning strikes, and may require complete replacement of the equipment, or at least substantial portions thereof.

Commercial computer equipment is particularly vulnerable to EMP effects, as it is largely built up of high-density Metal Oxide Semiconductor (MOS) devices, which are very sensitive to exposure to high-voltage transients. What is significant about MOS devices is that very little energy is required to permanently wound or destroy them; any voltage typically in excess of ten volts can produce an effect termed 'gate breakdown,' which effectively destroys the device. Even if the pulse is not powerful enough to produce thermal damage, the power supply in the equipment will readily supply enough energy to complete the destructive process. Wounded devices may still function, but their reliability will be seriously impaired. Shielding electronics by equipment chassis provides only limited protection, as any cables running in and out of the equipment will behave very much like antennae, in effect, guiding the high-voltage transients into the equipment.

Computers used in data processing systems; communications systems; displays; industrial control applications, including road and rail signaling; and those embedded in military equipment, such as signal processors, electronic flight controls, and digital engine control systems, are all potentially vulnerable to the EMP effect.

Other electronic devices and electrical equipment may also be destroyed by the EMP effect. Telecommunications equipment can be highly vulnerable, due to the presence of lengthy copper cables between devices.^[i] Receivers of all varieties are particularly sensitive to EMP, as the highly sensitive miniature high-frequency transistors and diodes in such equipment are easily destroyed by exposure to high-voltage electrical transients. Therefore, radar and electronic warfare equipment, satellite, microwave, UHF, VHF, HF, and low-band communications equipment and television equipment are all potentially vulnerable to the EMP effect. It is significant that modern military platforms are densely packed with electronic equipment, and unless these platforms are well hardened, an EMP device can substantially reduce their function or render them unusable.

The Technology Base for Conventional Electromagnetic Bombs

The technology base which may be applied to the design of electromagnetic bombs is both diverse, and in many areas quite mature. Key technologies which are extant in the area are explosively pumped Flux Compression Generators (FCG), explosive or propellant driven Magneto-Hydrodynamic (MHD) generators and a range of HPM devices, the foremost of which is the Virtual Cathode Oscillator or Vircator. A wide range of experimental designs have been tested in these technology areas, and a considerable volume of work has been published in unclassified literature.

This part of the chapter will review the basic principles and attributes of these technologies, in relation to bomb and warhead applications. It is stressed that this treatment is not exhaustive, and is only intended to illustrate how the technology base can be adapted to an operationally deployable capability.

The Lethality of Electromagnetic Warheads

The issue of electromagnetic weapon lethality is complex. Unlike the technology base for weapon construction, which has been widely published in the open literature, lethality-related issues have been published much less frequently.

Although the calculation of electromagnetic field strengths achievable at a given radius for a given device design is a straightforward task, determining a kill probability for a given class of target under such conditions is not.

This is for good reasons. The first is that target types are very diverse in their electromagnetic hardness, or ability to resist damage. Equipment that has been intentionally shielded and hardened against electromagnetic attack will withstand greater orders of magnitude and field strengths than standard commercially rated equipment. Moreover, various manufacturer's implementations of like types of equipment may vary significantly in hardness due the idiosyncrasies of specific electrical designs, cabling schemes, and chassis/shielding designs used.

The second major problem area in determining lethality is that of coupling efficiency, which is a measure of how much power is transferred from the field produced by the weapon into the target. Only power coupled into the target can cause useful damage.

Targeting Electromagnetic Bombs

The task of identifying targets for attack with electromagnetic bombs can be complex. Certain categories of target will be very easy to identify and engage. Buildings housing government offices and, thus, computer equipment, production facilities, military bases, and known radar sites and communications nodes are all targets that can be readily identified through conventional photographic, satellite, imaging radar, electronic reconnaissance, and human operations. These targets are typically geographically fixed and, thus, may be attacked providing that the aircraft can penetrate to weapon release range. With the accuracy inherent in GPS/inertially guided weapons, the electromagnetic bomb can be programmed to detonate at the optimal position to inflict a maximum of electrical damage.

Mobile and camouflaged targets that radiate overtly can also be readily engaged. Mobile and relocatable air defense equipment, mobile communications nodes,^[ii] and naval vessels are all good examples of this category of target. While radiating, their positions can be precisely tracked with suitable Electronic Support Measures (ESM) and Emitter Locating Systems (ELS) carried either by the launch platform or a remote surveillance platform. In the latter instance, target coordinates can be continuously datalinked to the launch platform. As most such targets move relatively slowly, they are unlikely to escape the footprint of the electromagnetic bomb during the weapon's flight time.

Mobile or hidden targets that do not overtly radiate may present a problem, particularly should conventional means of targeting be employed. A technical solution to this problem does, however, exist for many types of target. This solution is the detection and tracking of Unintentional Emission (UE). UE has attracted most attention in the context of TEMPEST surveillance, where transient emanations leaking out from equipment due to poor shielding can be detected and, in many instances, demodulated to recover useful intelligence. Termed 'Van Eck radiation,' such emissions can only be suppressed by rigorous shielding and emission-control techniques, such as are employed in TEMPEST rated equipment.

Although the demodulation of UE can be a technically difficult task to perform well, in the context of targeting electromagnetic bombs this problem does not arise. To target such an emitter for attack requires only the ability to identify the type of emission and, thus, target type, and to isolate its position with sufficient accuracy to deliver the bomb. Because the emissions from computer monitors, peripherals, processor equipment, switchmode power supplies, electrical motors, internal combustion engine ignition systems, variable duty cycle electrical power controllers (thyristor or triac-based), superheterodyne receiver local oscillators, and computer networking cables are all distinct in their frequencies and modulations, a suitable Emitter Locating System can be designed to detect, identify, and track such sources of emission.

A good precedent for this targeting paradigm exists. During the SEA (Vietnam) conflict, the United States Air Force (USAF) operated a number of night interdiction gunships that used direction finding receivers to track the emissions from vehicle ignition systems. Once a truck was identified and tracked, the gunship would engage it.

Because UE occurs at relatively low power levels, the use of this detection method prior to the outbreak of hostilities can be difficult, as it may be necessary to overfly hostile territory to find signals of usable intensity. The use of stealthy reconnaissance aircraft or long range, stealthy Unmanned Aerial Vehicles (UAV) may be required. The latter also raises the possibility of autonomous electromagnetic-warhead-armed expendable UAVs, fitted with appropriate homing receivers. These would be programmed to loiter in a target area until a suitable emitter is detected, upon which the UAV would home in and expend itself against the target.

The Delivery of Conventional Electromagnetic Bombs

As with explosive warheads, electromagnetic warheads will occupy a volume of physical space and will also have some given mass (weight) determined by the density of the internal hardware. Like explosive warheads, electromagnetic warheads may be fitted to a range of delivery vehicles.

Known existing applications involve fitting an electromagnetic warhead to a cruise missile airframe. The choice of a cruise missile airframe will restrict the weight of the weapon to about 340 kg (750 lb), although some sacrifice in airframe fuel capacity could see this size increased. A limitation in all such applications is the need to carry an electrical energy storage device (a battery), to provide the current used to charge the capacitors used to prime the FCG prior to its discharge. Therefore, the available payload capacity will be split between the electrical storage and the weapon itself.

In wholly autonomous weapons such as cruise missiles, the size of the priming current source and its battery may well impose important limitations on weapon capability. Air-delivered bombs, which have a flight time between tens of seconds to minutes, could be built to exploit the launch aircraft's power systems. In such a bomb design, the bomb's capacitor bank can be charged by the launch aircraft enroute to target, and after release a much smaller onboard power supply could be used to maintain the charge in the priming source prior to weapon initiation.

An electromagnetic bomb delivered by a conventional aircraft can offer a much better ratio of electromagnetic device mass to total bomb mass, as most of the bomb mass can be dedicated to the electromagnetic-device installation itself. It follows, therefore, that for a given technology an electromagnetic bomb of identical mass to an electromagnetic-warhead-equipped missile can have a much greater lethality, assuming equal accuracy of delivery and technologically similar electromagnetic device design.

A missile-borne electromagnetic warhead installation will comprise the electromagnetic device, an electrical energy converter, and an onboard storage device such as a battery. As the weapon is pumped, the battery is drained. The electromagnetic device will be detonated by the missile's onboard fusing system. In a cruise missile, this will be tied to the navigation system; in an antishipping missile, the radar seeker; and in an air-to-air missile, the proximity fusing system. The warhead fraction (ratio of total payload [warhead] mass to launch mass of the weapon) will be between 15% and 30%.

An electromagnetic bomb warhead will comprise an electromagnetic device, an electrical energy converter, and an energy storage device to pump and sustain the electromagnetic device charge after separation from the delivery platform. Fusing could be provided by a radar altimeter fuse to airburst the bomb, a barometric fuse or in GPS/inertially guided bombs, the navigation system. The warhead fraction could be as high as 85%, with most of the usable mass occupied by the electromagnetic device and its supporting hardware.

Due to the potentially large lethal radius of an electromagnetic device, compared to an explosive device of similar mass, standoff delivery would be prudent. Although this is an inherent characteristic of weapons such as cruise missiles, potential applications of these devices to glidebombs, antishipping missiles and air-to-air missiles would dictate fire and forget guidance of the appropriate variety, to allow the launching aircraft to gain adequate separation of several miles before warhead detonation.

The recent advent of GPS satellite^[iii] navigation guidance kits for conventional bombs and glidebombs has provided the optimal means for cheaply delivering such weapons. Although GPS-guided weapons without differential GPS enhancements may lack the pinpoint accuracy of laser- or television-guided munitions, they are still quite accurate (CEP \(~~ 40 ft), cheap, and autonomous all-weather weapons (see sidebar, 'Helping Hackers Take Control of Military Satellites').

Helping Hackers Take Control Of Military Satellites

Defense contractor Exigent International Inc. recently disclosed that an unknown number of hackers broke into a U.S. Navy computer system and made off with source code that controls dozens of military and commercial satellite systems around the world. The Melbourne, Florida-based company indicated that the incident, which occurred December 24, 2000, may have compromised a small portion of an older version of its OS/COMET software that was stored on a computer at the Naval Research Laboratory in Washington. OS/COMET is commercial software that allows ground station operators to monitor satellite systems and communicate commands to those systems.

Only a portion of an older version of the source code was downloaded. Because one of Exigent's government customers was the target of this cyber crime, Exigent is working closely with, as well as domestic law enforcement and international organizations to remedy the breach of security.

However, experts agree that it is unclear how much damage the compromise has done to the security of dozens of military navigation and commercial communications satellites that use the software. Although the FBI has declined to comment on the investigation, the incident has been traced to systems in Sweden and a university in Kaiserslautern, Germany.

Hypothetically, the source code might allow an adversary to identify flaws that could be exploited at a later date to disrupt communications. But that's a lot easier said than done.

Although the OS/COMET software is now a commercial product, it started as a classified defense program in the 1980s. If the control systems using it left themselves open to penetration, possession of the source code could help figure out how to write malicious commands that could be sent to the satellites.

In addition to the Air Force's 24 NAVSTAR global positioning system (GPS) satellites, OS/COMET is used by the entire constellation of more than 70 satellites owned by Iridium LLC. The software is also used by several NASA programs, direct broadcast, and Internet satellite systems operated by DACOM, one of the largest telecommunications companies in Korea, and Food Automation-Service Techniques Inc., a Stratford, Connecticut-based manufacturer of electronic controls to major restaurant chains and commercial appliance manufacturers.

Word of the theft comes after the national Counterintelligence Center recently issued its annual report to Congress on foreign industrial espionage operations targeted at U.S. high-tech companies involved in military contracts. The report identified satellite communications systems technology as among the top four technologies most often targeted by foreign espionage efforts.

Countries with less developed industrial sectors often prefer older off-the-shelf hardware and software. They will also seek military technologies that are at least a generation old because such technologies cost less, are easier to procure, and are more suitable for integration into their military structures.

There's a tremendous amount you can learn from the code. Although military and commercial satellite control links are typically protected by encryption, companies should still be concerned about having a portion of this source code out in the open.

Clearly, it could help a hacker take control of a system. You want to control this information because all of a sudden hackers have all sorts of new tricks to exploit systems.

The companies and agencies affected by the theft should begin to 'carefully consider' how this software is used and how the systems connect. They need to review what the access mechanisms to these systems look like. However, it doesn't seem that these are easily accessible Internet systems.

Still, a major software revision may be necessary if the investigation uncovers more damage than originally thought. Because the intruder was detected, that should make it possible to minimize the practical consequences of the incident by revising the source code if necessary. This is probably just another case of cybervandalism. It's aggravating, but it's a fact of life.

The USAF has recently deployed the Northrop GPS-Aided Munition (GAM) on the B-2 bomber, and will then deploy the GPS/inertially guided GBU-29/30 Joint Direct Attack Munition (JDAM) and the AGM-154 Joint Stand-Off Weapon (JSOW) glidebomb. Other countries are also developing this technology. For example, the Australian BAeA Agile Glide Weapon (AGW) glidebomb is achieving a glide range of about 140 km (75 nmi) when launched from that altitude.

The importance of glidebombs as delivery means for HPM warheads is threefold. First, the glidebomb can be released from outside the effective radius of target air defenses, therefore minimizing the risk to the launch aircraft. Second, the large standoff range means that the aircraft can remain well clear of the bomb's effects. Finally the bomb's autopilot may be programmed to shape the terminal trajectory of the weapon, such that a target may be engaged from the most suitable altitude and aspect.

A major advantage of using electromagnetic bombs is that they may be delivered by any tactical aircraft with a nav-attack system capable of delivering GPS-guided munitions. As you can expect GPS-guided munitions to be become the standard weapon in use by Western air forces in the 21^st century, every aircraft capable of delivering a standard guided munition also becomes a potential delivery vehicle for an electromagnetic bomb. Should weapon ballistic properties be identical to the standard weapon, no software changes to the aircraft would be required.

Because of the simplicity of electromagnetic bombs in comparison with weapons such as Anti Radiation Missiles (ARM), it is not unreasonable to expect that these should be both cheaper to manufacture and easier to support in the field, thus allowing for more substantial weapon stocks. In turn, this makes saturation attacks a much more viable proposition.

Defense against Electromagnetic Bombs

The most effective defense against electromagnetic bombs is to prevent their delivery by destroying the launch platform or delivery vehicle, as is the case with nuclear weapons. This however may not always be possible, and, therefore, systems that can be expected to suffer exposure to the electromagnetic weapons effects must be electromagnetically hardened.

The most effective method is to wholly contain the equipment in an electrically conductive enclosure, termed a 'Faraday cage,' which prevents the electromagnetic field from gaining access to the protected equipment. However, most such equipment must communicate with and be fed with power from the outside world, and this can provide entry points via which electrical transients may enter the enclosure and cause damage. Although optical fibers address this requirement for transferring data in and out, electrical power feeds remain an ongoing vulnerability.

Where an electrically conductive channel must enter the enclosure, electromagnetic-arresting devices must be fitted. A range of devices exist, however, care must be taken in determining their parameters to ensure that they can deal with the rise time and strength of electrical transients produced by electromagnetic devices. Reports from the United States indicate that hardening measures attuned to the behavior of nuclear EMP bombs do not perform well when dealing with some conventional microwave electromagnetic device designs.

It is significant that hardening of systems must be carried out at a system level, as electromagnetic damage to any single element of a complex system could inhibit the function of the whole system. Hardening new build equipment and systems will add a substantial cost burden. Older equipment and systems may be impossible to harden properly and may require complete replacement. In simple terms, hardening by design is significantly easier than attempting to harden existing equipment.

An interesting aspect of electrical damage to targets is the possibility of wounding semiconductor devices, thereby causing equipment to suffer repetitive intermittent faults rather than complete failures. Such faults would tie down considerable maintenance resources while also diminishing the confidence of the operators in the equipment's reliability. Intermittent faults may not be possible to repair economically, thereby causing equipment in this state to be removed from service permanently, with considerable loss in maintenance hours during damage diagnosis. This factor must also be considered when assessing the hardness of equipment against electromagnetic attack, as partial or incomplete hardening may, in this fashion, cause more difficulties than it would solve. Indeed, shielding that is incomplete may resonate when excited by radiation and, thus, contribute to damage inflicted on the equipment contained within it.

Other than hardening against attack, facilities that are concealed should not radiate readily detectable emissions. Where radio frequency communications must be used, low probability of intercept (spread spectrum) techniques should be employed exclusively to preclude the use of site emissions for electromagnetic-targeting purposes. Appropriate suppression of UE is also mandatory.

Communications networks for voice, data, and services should employ topologies with sufficient redundancy and failover mechanisms to allow operation with multiple nodes and links inoperative. This will deny a user of electromagnetic bombs the option of disabling large portions if not the whole of the network by taking down one or more key nodes or links with a single or small number of attacks.

Limitations of Electromagnetic Bombs

The limitations of electromagnetic weapons are determined by weapon implementation and means of delivery. Weapon implementation will determine the electromagnetic field strength achievable at a given radius, and its spectral distribution. Means of delivery will constrain the accuracy with which the weapon can be positioned in relation to the intended target. Both constrain lethality.

In the context of targeting military equipment, it must be noted that thermionic technology (vacuum tube equipment) is substantially more resilient to the electromagnetic weapons effects than solid-state (transistor) technology. Therefore, a weapon optimized to destroy solid-state computers and receivers may cause little or no damage to a thermionic technology device, for instance early-1960s Soviet military equipment. Therefore, a hard electrical kill may not be achieved against such targets unless a suitable weapon is used.

This underscores another limitation of electromagnetic weapons, which is the difficulty in kill assessment. Radiating targets such as radars or communications equipment may continue to radiate after an attack even though their receivers and data processing systems have been damaged or destroyed. This means that equipment that has been successfully attacked may still appear to operate. Conversely, an opponent may shut down an emitter if attack is imminent and the absence of emissions means that the success or failure of the attack may not be immediately apparent.

Assessing whether an attack on a nonradiating emitter has been successful is more problematic. A good case can be made for developing tools specifically for the purpose of analyzing unintended emissions, not only for targeting purposes but also for kill assessment.

An important factor in assessing the lethal coverage of an electromagnetic weapon is atmospheric propagation. Although the relationship between electromagnetic field strength and distance from the weapon is one of an inverse square law in free space, the decay in lethal effect with increasing distance within the atmosphere will be greater due quantum physical absorption effects. This is particularly so at higher frequencies, and significant absorption peaks due water vapor and oxygen exist at frequencies above 20 GHz. These will, therefore, contain the effect of HPM weapons to shorter radii than are ideally achievable in the K and L frequency bands.

Means of delivery will limit the lethality of an electromagnetic bomb by introducing limits to the weapon's size and the accuracy of its delivery. Should the delivery error be of the order of the weapon's lethal radius for a given detonation altitude, lethality will be significantly diminished. This is of particular importance when assessing the lethality of unguided electromagnetic bombs, as delivery errors will be more substantial than those experienced with guided weapons such as GPS-guided bombs.

Therefore, accuracy of delivery and achievable lethal radius must be considered against the allowable collateral damage for the chosen target. Where collateral electrical damage is a consideration, accuracy of delivery and lethal radius are key parameters. An inaccurately delivered weapon of large lethal radius may be unusable against a target should the likely collateral electrical damage be beyond acceptable limits. This can be a major issue for users constrained by treaty provisions on collateral damage.

The Proliferation of Electromagnetic Bombs

At the time of this writing, the United States is one of several nations with the established technology base and the depth of specific experience to design weapons based upon this technology. However, the relative simplicity of the FCG and the Vircator suggests that any nation with even a 1940s technology base, once in possession of engineering drawings and specifications for such weapons, could manufacture them.

As an example, the fabrication of an effective FCG can be accomplished with basic electrical materials, common plastic explosives such as C-4 or Semtex, and readily available machine tools such as lathes and suitable mandrels for forming coils. Disregarding the overheads of design, which do not apply in this context, a two-stage FCG could be fabricated for a cost as low as $17,000-18,000, at Western labor rates. This cost could be even lower in a third-world or newly industrialized economy.

Although the relative simplicity and, thus, low cost of such weapons can be considered of benefit to first-world nations intending to build viable war stocks or maintain production in wartime, the possibility of less developed nations mass producing such weapons is alarming. The dependence of modern economies on first-world nations' information technology infrastructure, makes them highly vulnerable to attack with such weapons, providing that such weapons can be delivered to their targets.

Of major concern is the vulnerability resulting from increasing use of communications and data communications schemes based on copper cable media. If the copper medium were to be replaced en masse with optical fiber to achieve higher bandwidths, the communications infrastructure would become significantly more robust against electromagnetic attack as a result. However, the current trend is to exploit existing distribution media such as cable TV and telephone wiring to provide multiple Megabit/s data distribution (cable modems, ADSL/HDSL/VDSL) to premises. Moreover, the gradual replacement of coaxial Ethernet networking with 10-Base-T twisted pair equipment has further increased the vulnerability of wiring systems inside buildings. It is not unreasonable to assume that the data and services communications infrastructure in the West will remain a 'soft' electromagnetic target in the foreseeable future.

At this time, no counter-proliferation regimes exist. Should treaties be agreed to limit the proliferation of electromagnetic weapons, they would be virtually impossible to enforce given the common availability of suitable materials and tools.

With the former Soviet Union suffering significant economic difficulties, the possibility of microwave and pulse power technology designs leaking out to third-world nations or terrorist organizations should not be discounted. The threat of electromagnetic bomb proliferation is very real.

A Doctrine for the Use of Conventional Electromagnetic Bombs

A fundamental tenet of IW is that complex organizational systems such as governments, industries, and military forces cannot function without the flow of information through their structures. Information flows within these structures in several directions, under typical conditions of function. A trivial model for this function would see commands and directives flowing outward from a central decision-making element, with information about the state of the system flowing in the opposite direction. Real systems are substantially more complex.

This is of military significance because stopping this flow of information will severely debilitate the function of any such system. Stopping the outward flow of information produces paralysis, as commands cannot reach the elements that are to execute them. Stopping the inward flow of information isolates the decision-making element from reality, and, thus, severely inhibits its capacity to make rational decisions that are sensitive to the currency of information at hand.

The recent evolution of strategic (air) warfare indicates a growing trend toward targeting strategies that exploit this most fundamental vulnerability of any large and organized system. The Desert Storm air war of 1991 is a good instance, with a substantial effort expended against such targets. Indeed, the model used for modern strategic air attack places leadership and its supporting communications in the position of highest targeting priority. No less important, modern electronic combat concentrates on the disruption and destruction of communications and information-gathering sensors used to support military operations. Again, the Desert Storm air war provides a good illustration of the application of this method.

A strategy that stresses attack on the information-processing and communications elements of the targeted systems offers a very high payoff, as it will introduce an increasing level of paralysis and disorientation within its target. Electromagnetic bombs are a powerful tool in the implementation of such a strategy.

Computer Viruses

A virus is a code fragment that copies itself into a larger program, modifying that program. A virus executes only when its host program begins to run. The virus then replicates itself, infecting other programs as it reproduces.

Viruses are well known in every computer-based environment, so that it is not astonishing that this type of rough program is used in information warfare. One could imagine that the CIA (or Army, Air Force, etc.) inserts computer viruses into the switching networks of the enemy's phone system. As today's telephone systems are switched by computers, you can shut them down, or at least causing massive failure, with a virus as easy as you can shut down a 'normal' computer.

Worms

A worm is an independent program. It reproduces by copying itself in full-blown fashion from one computer to another, usually over a network. Unlike a virus, it usually doesn't modify other programs.

Also, if worms don't destroy data, they can cause the loss of communication by merely eating up resources and spreading through the networks. A worm can also easily be modified so that data deletion or worse occurs. With a 'wildlife' like this, you could imagine breaking down a networked environment such as a ATM and banking network.

Trojan Horses

A Trojan horse is a code fragment that hides inside a program and performs a disguised function. It's a popular mechanism for disguising a virus or a worm.

A Trojan horse could be camouflaged as a security-related tool, for example, like SATAN (Security Administrating Tool for Analyzing Networks). SATAN checks UNIX system for security holes and is freely available on the Internet. If someone edits this program so that it sends discovered security holes in an e-mail message back to him (Let's also include the password file? No problem.), the Cracker learns much information about vulnerable hosts and servers. A cleverly written Trojan horse does not leave traces of its presence and, because it does not cause detectable damage, it is hard to detect.

Logic Bombs

A logic bomb is a type of Trojan horse, used to release a virus, a worm, or some other system attack. It's either an independent program or a piece of code that's been planted by a system developer or programmer.

With the overwhelming existence of U.S.-based software (MS Windows or UNIX systems), the U.S. Government, or whomever you would like to imagine, could decide that no software would be allowed to be exported from that country without a Trojan horse. This hidden function could become active when a document with 'war against the USA' exists on the computer. Its activation could also be triggered from the outside. An effect could be to format the computers hard disks or to mail the document to the CIA.

Trap Doors

A trap door, or a back door, is a mechanism that's built into a system by its designer. The function of a trap door is to give the designer a way to sneak back into the system, circumventing normal system protection.

As previously mentioned, all U.S. software could be equipped with a trap door that would allow IW agencies to explore systems and the stored data on foreign countries. This could be most useful in cases of military strategic simulations and plans and would provide the DoD's intelligence with vital information.

Chipping

Just as software can contain unexpected functions, it is also possible to implement similar functions in hardware. Today's chips contain millions of integrated circuits that can easily be configured by the manufacturer so that they also contain some unexpected functions. They could be built so that they fail after a certain time, blow up after they receive a signal on a specific frequency, or send radio signals that allow identification of their exact location-the number of possible scenarios exceeds, by far, the scope of this chapter. The main problem with chipping is that the specific (adapted) chip be installed in the place that is useful for the information warrior. The easiest solution is to build the additional features into all the chips manufactured in the country that is interested in this type of IW.

Nano Machines and Microbes

In the future, Nano machines and microbes will provide the possibility to cause serious harm to a system. Unlike viruses, you can use these to attack not the software, but the hardware of a computer system. Nano machines are tiny robots (smaller than ants) that could be spread at an information center of the enemy. They crawl through the halls and offices until they find a computer. They are so small that they enter the computer through slots and shut down electronic circuits.

Another way to damage the hardware is a special breed of microbes. It is known that this special breed of microbes can eat oil, but what about if they were bred for eating silizium? They would destroy all integrated circuits in a computer lab, a site, a building, a town, and so on. Anyway, nano technology and microbes will be discussed in much greater detail later in the chapter.

Electronic Jamming

In the old days (and even today) electronic jamming was used to block communications channels at the enemy's equipment so that they couldn't receive any information. The next step is not to block their traffic, but, instead, overwhelm them with incorrect information-otherwise known as disinformation.

^[i]John R. Vacca, The Cabling Handbook (2nd Edition), Prentice Hall, 2001.

^[ii]John R. Vacca, i-mode Crash Course, McGraw-Hill, 2002.

^[iii]John R. Vacca, Satellite Encryption, Academic Press, 1999.

< Day Day Up >