ARE OTHER GOVERNMENTS PREPARED FOR INFORMATION WARFARE?

Are other governments ready to use information-age tricks to use against their adversaries? Yes, to some extent. Case in point is as follows:

At first, the urgent phone call from the U.S. Transportation Department confounded Cheng Wang, a Long Island-based Webmaster for Falun Gong, the spiritual movement that has unnerved Chinese authorities. Why did the department think his computers were attacking theirs? The answer turned out to be startling. The electronic blitz hadn’t come, as it seemed, from various Falun Gong Internet sites. Rather, someone had lifted their electronic identities. Computer sleuths followed a trail back to the XinAn Information Service Center in Beijing–where an operator identified it as part of the Ministry of Public Security, China’s secret police.

Web hacking, it seems, isn’t just for amateurs anymore. While the recent rash of cybervandalism against some of e-commerce’s^[i] biggest names has garnered headlines, that’s only part of the story. From Beijing to Baku, governments and their surrogates are using the Internet to harass political opponents and unfriendly neighbors, to go after trade secrets, and to prepare for outright warfare. Burma’s military junta, for instance, is blamed for targeting the “Happy 99” e-mail virus at opponents who use the Net to advance their cause. Dissidents describe the attacks as inept–proof, perhaps, that dictatorships are still behind the hacking curve.

Hack Attack

But Burma is not alone in trying. In January 2000, hackers from Azerbaijan with names like “The Green Revenge” and “Hijack” tampered with dozens of Armenian-related Web sites, including host computers in the United States. Experts suspect involvement or support from the Azerbaijani government, which imposes tight controls over Internet use within its borders. Relations are tense between Azerbaijan and Armenia, who fought a war over the disputed territory of Nagorno-Karabakh, so it wasn’t long before the Armenians retaliated in kind. It is the first precedent of a physical battle going on-line.

In Cheng Wang’s case, his computers in Hauppauge, N.Y., were among Falun Gong sites around the world hit by a barrage of hacking attempts and e-mail “bombs” that coincided with a physical crackdown on the group’s practitioners in China. Several of the hacking incidents were traced to the mysterious XinAn office.

It is often difficult to track down who is to blame. But for networked Americans, who own 57% of the world’s computing capacity, such electronic conflict should be unsettling. True, the scariest scenarios dreamed up by experts, such as a hostile government disrupting financial markets, haven’t come to pass—yet. But more than a dozen countries,among them Russia, China, Iraq, Iran, and Cuba, are developing significant information warfare capabilities. A senior CIA official cited a Russian general who compared the disruptive effects of a cyberattack on a transportation or electrical grid to those of a nuclear weapon. China is considering whether to create a fourth branch of its armed services devoted to information warfare. The Pentagon isn’t sitting still either. The U.S. military’s offensive cyberwarfare programs are presently being consolidated at the U.S. Space Command in Colorado.

Nearly as worrisome as a cyberattack to experts is electronic espionage. From March 1998 until January 2001, intruders broke into computer systems belonging to the Pentagon, NASA, the Energy Department, and universities, making away with unclassified but still sensitive data. One of the worst computer security breaches in U.S. history that spawned an investigation was named Moonlight Maze. It pointed to a Russian intelligence-gathering operation.

Successful cyberwar is likely to be like that—no exploding munitions to tell someone they’re under attack. Tapping into an adversary’s command-and-control system could yield a gold mine of data about enemy plans. The longer a cyberspy conceals his or her presence, the longer the intelligence flows. Or false information about troop locations and battlefield conditions could be inserted into enemy computers, so that leaders would end up making decisions based on bogus information.

During the Kosovo bombing campaign in 1999, the Pentagon set up a high-level information-operations cell. All the tools were in place. But the United States mostly held back. By the time Pentagon lawyers approved cyberstrikes against Serbia, events had overtaken the need for them.

Double-Edged Sword

Cyberwar raises a host of unprecedented legal questions. The line between fair-game military sites and civilian infrastructure may not exist. There is collateral damage in cyberspace. If someone tampers with somebody’s control mechanisms, how assured are those individuals that it would stop right there? The United States, more dependent on computer networks than anyone, might lose the most in legitimizing cyberwar. Some countries, including Russia, have proposed what might be called “electronic arms control.” But the obstacles are daunting: Verifying a treaty would make counting Russian nuclear missiles look easy.

Among the sites hacked in the Caucasus Web war was one belonging to the D.C.-based Armenian National Institute, which studies the 1915–1918 Turkish genocide of Armenians. Logging onto http://www.armenian-genocide.org in late January 2000, one would have been redirected to a site offering information on Azerbaijan’s president.

For example, Austin-based InfoGlide Corporation, already has its own rules. InfoGlide Corporation makes powerful search software for such uses as insurance-fraud investigations. The company will not license the technology to nine countries and three U.S. government agencies because of the potential for privacy abuse.^{[ii ]}That hasn’t stopped at least one of those countries from trying. In 1998, a company tried to buy rights to the technology. It turned out to be a front for the Chinese government.

^[i]John R. Vacca, Electronic Commerce, Third Edition, Charles River Media, 2001.

^{[ii ]}John R. Vacca, Net Privacy: A Guide to Developing & Implementing an Ironclad ebusiness Privacy Plan, McGraw-Hill, 2001.