Governments at War
If I asked you who your friends were, you'd
answer without hesitation. That's because human relationships are based on
mutual interest and affection, simple qualities that are largely
subjective. If I asked you to identify friends of the United States, again, you would answer without hesitation. In that instance, however, your
answer would probably be dead wrong.
In diplomatic circles, the word ally
describes any foreign nation that shares common territorial, ideological,
or economic interests with your own. We call this or that foreign state an
ally based on various treaties, a handful of assurances, and on occasion,
binding contracts.
For example, we count France and Israel as allies. Each occupies a geographical region that we have interest in protecting,
and each shares with us a vision of democracy. (The French stood with us
against the Nazis, and we have long supported Israel in the repatriation of
Jews driven from Soviet Russia.) If these nations are our friends, why are
they spying on us?
In the last decade, the United States has been the target
of widespread technological and industrial espionage, often perpetrated by
friends and allies. In 1997, the American Society for Industrial Security
identified several nations that routinely conduct industrial espionage
against the United States. Of those, these nations were most
prominent:
·
France
·
Germany
·
Israel
·
China
·
South Korea
Four are considered U.S. allies.
Caution
Do you fly Air France? If so, watch what you say on the
telephone. Air France has been caught intercepting electronic
communications of American tourists in transit to Europe.
France's espionage activities are particularly prominent.
On January 12, 1998, the Los Angeles Times
reported that French intelligence had penetrated some 70 U.S. corporations, including Boeing and Texas Instruments. Like most nations spying on us, France employs these generic intelligence-gathering techniques:
·
Eavesdropping
·
Penetrating computer networks
·
Stealing proprietary information
Do you still believe that France is an ally?
You're probably shocked that I would say all this. Let me
take a different angle. If you're a French, Israeli, German, or South
Korean national, know this: The U.S. government spies on your countrymen 24
hours a day, 7 days a week. In fact, every industrialized country does it.
That's simply the way it is; nations have their own economic and political
agendas. These agendas naturally—and necessarily—have far greater priority
than pacts made with allies. In other words, we can't blame France for trying.
The problem is, times have changed drastically. For 10,000
years, spying, sabotage, and warfare have all required human participation.
Indeed, the spy's face has changed little throughout the ages. Whether he
was a stealthy infiltrator, an agent-of-influence, or an agent provocateur,
he was, above all, human.
The rules have since changed. Telecommunications and
computer technology have made electronic espionage and warfare not simply
fanciful notions, but hard realities. Therefore, hostile foreign nations
need not send human spies anymore. Instead, they can send packets—and why
not? Packets are cheaper. Packets don't drink or smoke
(that we know of), they don't gamble, and they cannot be compromised by
virtue of reputation, sexual indiscretion, or criminal record. Most
importantly, packets are invisible (at least to folks who maintain poor
security practices).
From this, it's only a small step to imagine the Internet
as a superb espionage tool. Unfortunately, many government sources have
been slow to recognize this. Instead, the Internet spy scenario was
considered pulp fiction—wildly exaggerated fantasies of military and
intelligence experts who had no war to keep them occupied and therefore turned to conjecture for amusement.
Can the Internet Be Used for Espionage?
The better question is, how often
is the Internet used for espionage? Analysts have
hotly debated for quite some time now whether the Internet could be used
for spying. They can stop arguing, however, because it is already
happening. For example, the Soviet Union's space shuttle program was based
on American technology stolen from the Internet. Designs were acquired from
various technical universities online. In fact, Robert Windrem, in
"How Soviets Stole a Shuttle," says that:
So thorough was the online acquisition, the National
Security Agency learned, that the Soviets were using two East-West research
centers in Vienna and Helsinki as covers to funnel the information to Moscow,
where it kept printers going "almost constantly".…Intelligence
officials told NBC News that the Soviets had saved billions on their
shuttle program by using online spying.
The Soviets have long recognized the Internet as a valid
intelligence source. An Internet legend gained international fame by
breaking a KGB spy ring that used the Internet to steal American secrets. I
refer here to Clifford Stoll, an astronomer then working at a university in Berkeley, California.
Stoll set out to discover the source of a 75-cent
accounting error. During his investigation, he learned that someone had
broken into the university's computers. Instead of confronting the
intruder, Stoll watched the activity. What he saw was
disturbing.
The intruder was using Stoll's servers as a launch point.
The real targets were military computers, including servers at the
Pentagon. The intruder was probing for information on U.S. nuclear preparedness. Stoll recognized this for what it was: spying. He therefore
contacted the Federal Bureau of Investigation. However, to Stoll's
surprise, FBI agents dismissed the entire incident and refused to offer
assistance. Stoll began his own investigation. What followed has since
become the most well known chapter in Internet folklore.
After analyzing chained connections through the telephone
system, Stoll traced the spy to Germany. His evidence would ultimately
prompt the FBI, the CIA, and the West German Secret Police to get involved.
In March 1989, Clifford Stoll was credited with cracking a German spy ring
that stole our secrets from the Net and sold them to the KGB. (An
interesting side note: The German spies received not only money, but also
large amounts of cocaine for their services.)
 The full story can be read in The Cuckoo's Egg: Tracking a Spy Through the Maze of
Computer Espionage, by Clifford Stoll. Mass Market Paperback, ISBN:
0-67172-688-9.
The Threat Gets More Personal
These cases are intriguing but reveal
only a glimpse of what's to come. Today, hostile foreign nations are
studying how to use the Internet to attack us. The new threat, therefore,
is not simply espionage but all-out Internet warfare. Are we ready? Sort
of.
Information warfare has been on the minds of defense
officials for years. Recent studies suggest that we'll experience our first
real information warfare attack within 20 years. Most hostile foreign
nations are already preparing for it:
Defense officials and information systems security experts
believe that over 120 foreign countries are developing information warfare
techniques. These techniques enable our enemies to seize
control of or harm sensitive Defense information systems or public
networks, which Defense relies upon for communications. Terrorists or other
adversaries now have the United States to launch untraceable attacks from
anywhere in the world. They could infect critical systems, including
weapons and command and control systems, with sophisticated computer
viruses, potentially causing them to malfunction. They could also prevent
our military forces from communicating and disrupt our supply and logistics
lines by attacking key Defense systems.
—"Information Security: Computer Attacks at
Department of Defense Pose Increasing Risks." (Testimony, 05/22/96,
GAO/T-AIMD-96-92).
Most information warfare policy papers center on the
importance of information warfare in a wartime situation. However, some U.S. information warfare specialists have recognized
that we needn't be at war to be attacked:
The United States should expect that its information
systems are vulnerable to attack. It should further expect that attacks,
when they come, may come in advance of any formal declaration of hostile intent by an adversary state…This is what we have to look
forward to in 2020 or sooner.
—"A Theory of Information Warfare; Preparing For
2020." Colonel Richard Szafranski, USAF.
The real question is this: If they attack, what can they
do to us? The answer might surprise you.
The President's Commission on Critical Infrastructure
Protection (a group studying U.S. vulnerability) has identified key
resources that can be attacked via the Internet. Here are a few:
·
Information and communications
·
Electrical power systems
·
Gas and oil transportation and storage
·
Banking and finance
·
Transportation
·
Water supply systems
·
Emergency services
·
Government services
In 1998, the PCCIP delivered a report with preliminary
findings. They, too, concluded that we might be attacked without warning:
Potentially serious cyber attacks can be conceived and
planned without detectable logistic preparation. They can be invisibly
reconnoitered, clandestinely rehearsed, and then mounted in a matter of
minutes or even seconds without revealing the identity and location of the attacker.
Is the situation that critical?
Who Holds the Cards?
Technology is a strange and wonderful thing. Depending on
who's using it, the same technology used to create Godzilla can also be
used to create weapons of mass destruction. For this reason, technology transfer
has been tightly controlled for almost five decades.
During that time, however, commercial advances have
dramatically influenced the distribution of high-grade technology. Thirty
years ago, for example, the U.S. government held all the cards; the average
U.S. citizen held next to nothing. Today, the average American has access
to technology so advanced that it starts to come close
to technology currently possessed by the government.
Encryption technology is a good example. Many Americans
use encryption programs to protect their personal data from prying eyes.
Some of these encryption programs (such as Pretty Good Privacy) produce
military-grade encryption. This is sufficiently strong that U.S. intelligence agencies have a hard time cracking it within a reasonable amount of time,
and time is often of the essence.
Note
Encryption has already thwarted several
criminal investigations. For example, in the case of famed cracker Kevin
Mitnick, the prosecution had a problem: Mitnick encrypted much of his
personal data. As reported by David Thomas from Online Journalism:
The encrypted data still posed a problem for the court. As
is stands, government officials are holding the encrypted files and have no
idea of their contents. The defense claims that information in those files
may prove exculpatory, but revealing their contents to the government would
violate Mitnick's Fifth Amendment protection against self-incrimination. Further, pros ecutors have indicated that they will not
be using the encrypted files against Mitnick, but they refuse to return the
evidence because they do not know what information the files hold.
Ultimately, the court sided with the prosecution. Judge Pfaelzer described
Mitnick as "tremendously clever to put everyone in this position"
but indicated that "as long as he (Mitnick) has the keys in his
pocket, the court is going to do nothing about it."
Advanced technology has trickled down
to the public. In many cases, crackers and hackers have taken this
technology and rapidly improved it. Meanwhile, the government moves along
more slowly, tied down by restrictive and archaic policies. As a result,
the private sector has caught (and in some cases, surpassed) the government
in some fields of research.
This is a matter of national concern and has sparked an
angry debate. Consider the Mitnick case. Do you believe that the government
is entitled to Mitnick's encryption key so it can find out what's inside
those files? That's a hard question to answer. If Mitnick has a right to
conceal that information, so does everybody.
In the meantime, there's a more pressing question: How
does this technology trickle-down affect our readiness for an Internet
attack?
Can the United States Protect the National
Information Infrastructure?
From a military standpoint, there's no comparison between
the United States and even a gang of third-world nations. The same is not
true, however, in respect to information warfare.
In March 1997, a Swedish cracker penetrated and disabled a
911 system in Florida. Eleven counties were affected. The cracker amused
himself by connecting 911 operators to one another (or simply denying service altogether).
Note
The Swedish case was not the first instance of crackers
disrupting 911 service. In Chesterfield, New Jersey, a group dubbed the
Legion of Doom was charged with similar crimes. What was their motivation?
"[T]o attempt to penetrate 911 computer systems and infect them with
viruses to cause havoc."
Note
Another disturbing case occurred in March 1997, when a Rutland, Massachusetts, teenager cracked an airport. During the attack, the airport control
tower and communication facilities were disabled for six hours. (The
airport fire department was also disabled.) It was reported as follows:
"Public health and safety were threatened by the outage
which resulted in the loss of tele phone service, until approximately 3:30
p.m., to the Federal Aviation Administration Tower at the Worcester
Airport, to the Worcester Airport Fire Department, and
to other related concerns such as airport security, the weather service,
and various private airfreight companies. Further, as a result of the
outage, both the main radio transmitter, which is connected to the tower by
the loop carrier system, and a circuit which enables aircraft to send an
electric signal to activate the runway lights on approach were not
operational for this same period of time."
—Transport News, March
1998.
The introduction of advanced minicomputers has forever
changed the balance of power. The average Pentium and Alpha processors are
more powerful than many mainframes were five years ago. Add to this
advances in Linux clustering and distributed processing solutions, and with
relatively cheap hardware you can start approaching the processing power
that was previously only known by a few government and research institutes.
A third-world nation could theoretically pose a threat to
our national information infrastructure. Using advanced microcomputers (and
some high-speed connections), a third-world nation could wage a successful
information warfare campaign against the United States at costs well within
its means. In fact, bona fide cyberterrorism will probably emerge in the next few years.
Furthermore, the mere availability of such advanced
technology threatens our military future in the "real" world.
Nations such as Russia and China have progressed slowly because they lacked
access to such technology. Their missiles are less accurate because their
technology base was less advanced. U.S. defense programs, however, were
sufficiently advanced that even when we appeared to make concessions in the
arms race, we really made no concessions at all. Here's an example: The
United States only agreed to quit nuclear tests after we developed the
technology to perform such tests using computer modeling.
As the United States'perceived enemies obtain more
sophisticated computer technology, their weapons will become more
sophisticated—but it's not simply weapons that make the difference. It's
the combination of weapons, communication, and information. If our enemies
can alter our information, or prevent us from accessing it, they can gain a
tremendous tactical military advantage. This could make up for shortcomings
in other areas. Shane D. Deichman reports the following in his paper
"On Information War:"
A key element of the information warfare environment is
the participants need not possess superpower status. Any power (even those
not considered nation-states) with a modicum of technology can disrupt
fragile C2 networks and deny critical information services. Rather than a
Mahanian "information control" strategy that attempts to dominate
all segments of the information spectrum, though, a more realistic strategy
for U.S. forces is one of "information denial" (that is, the
denial of access to truthful information).
Perhaps a question less asked,
however, is, should the U.S. government be responsible for protecting all
of the U.S. infrastructure? After all, aren't the companies that operate
systems like our telephone networks FOR PROFIT? Shouldn't the protection of
these systems be one of their primary concerns?
You'd think so, wouldn't you? Although the U.S. government
has more then its fair share of problems and tasks, organizations turning
to the government to make their information security problems go away are
missing the point. Information security is everyone's problem—welcome to
the party.
What Would an Information Attack Look Like?
There hasn't yet been an all-out information war. The distributed denial of service
attacks that hit in February 2000 definitely opened some eyes, but it's
difficult to say how a full-scale attack would be conducted. Military
officials aren't willing to talk specifics. We can speculate, however, as
many think tanks do.
In February 2000, some of the largest
sites were knocked off the Internet using distributed denial of service
tools. The attack made headlines in just about every news publication out
there. One of the early reports can be seen at http://www.computerworld.com/cwi/story/0,1199,NAV47_STO43010,00.html.
Specialists from Rand Corporation, for example, have
engaged in some armchair planning. They delivered a report that posed
various questions about the United States'readiness and made
recommendations for intensive study
on the subject:
We suggest analytical exercises to identify what cyberwar,
and the different modalities of cyberwar, may look like in the early
twenty-first century when the new technologies should be more advanced,
reliable, and internetted than at present. These exercises should consider
opponents that the United States may face in high- and low-intensity
conflicts. CYBERWAR IS COMING!
—"International Policy Department." John
Arquilla and David Ronfeldt, RAND. 1993. Taylor & Francis. ISBN
0-14959-339-0.
Not surprisingly, military and intelligence analysts are
learning a great deal simply by studying how the Internet works (and how
Americans use it).
Much current research is aimed at defining what types of
threats the Internet poses to political structures. Charles Swett, an
assistant for strategic assessment at the Pentagon, made strides in this
area. He released a report titled "Strategic Assessment: The
Internet." In it, he addressed how the Internet will influence
American domestic politics. He suggested that special groups can use the
Internet to network amongst
themselves. He offered one example in particular:
Another, somewhat startling, example, is a message posted
on the Internet on December 16, 1994, calling for nationwide protests
against the Republican Party's Contract with America. The message accuses
the Contract with America of being, in effect, class war, race war, gender
war, and generational war, and urges recipients to "mobilize thousands
of demonstrations in local communities across the nation," "fill
the jails by engaging in acts of civil disobedience," and engage in
other disruptive actions.
Swett predicted that this would ultimately lead to
domestic threats. However, he also suggested that these elements are
vulnerable to attack:
Political groups whose operations are coordinated through
the Internet will be vulnerable to having their operations disrupted by false
messages inserted by opposing groups.
Note
Mr. Swett was more correct than he realized. What he
described has already happened. In recent years, several wars have erupted
on Usenet between Scientologists and their critics. These wars were
attended by some fairly mysterious happenings. At one stage of a
particularly ugly struggle, just
when the Scientologists seemed overwhelmed by their adversaries, a curious
thing happened:
And thus it was that in late 1994, postings began to
vanish from alt.religion.scientology, occasionally with an explanation that
the postings had been "canceled because of copyright
infringement." To this day, it is not known who was behind the
deployment of these "cancelbots," as they are known. Again, the
CoS disclaimed responsibility, and the anti-Scientology crowd began to
refer to this anonymous participant simply as the "Cancelbunny,"
a tongue-in-cheek reference to both the Energizer bunny and to a well-known
Net inhabitant, the Cancelmoose, who has taken it upon
himself (itself? themselves?) to set up a cancelbot- issuing process to
deal with other kinds of spamming incidents. But whoever or whatever the
Cancelbunny may be, its efforts were quickly met by the development of yet
another software weapon, appropriately dubbed "Lazarus," that
resurrects canceled messages (or, more accurately, simply alerts the
original poster, and all other participants in the newsgroup, that a
specific message has been canceled, leaving it up to the original poster to
reinstate the message if he or she were not the party that issued the cancel command).
—"The First Internet War; The State of Nature and the
First Internet War: Scientology, its Critics, Anarchy, and Law in
Cyberspace." David G. Post. Reason
magazine, April 1996. (© 1996 David G. Post. Permission granted to
redistribute freely, in whole or in part, with this notice attached.)
Swett closed his report with several observations about
monitoring general Internet traffic on a wholesale
basis:
Monitoring of that traffic would need to be supported by
automated filters that pass through for human analysis only those messages
that satisfy certain relevance criteria.
What Swett described (though he might not have realized
it) is a complex, automated, domestic intelligence system. In other words,
welcome to 1984. In all probability, early attempts to use the Internet to ascertain and mold political
sentiment will be directed toward a country's own people.
But that's about theoretical, domestic information
warfare. What about actual Internet warfare? What are some likely targets?
The Rand Corporation claims to know. In their paper "Information
Warfare: A Two-Edged Sword," Rand specialists wrote
Information war has no front line. Potential battlefields
are anywhere networked systems enable access—oil and gas pipelines, for
example, electric power grids, telephone switching networks. In sum, the
U.S. homeland may no longer provide a sanctuary from outside attack.
For more information, see http://www.rand.org/publications/RRR/RRR.fall95.cyber/infor_war.html.
In their paper, Rand authors described an imaginary attack
set in the not-so-distant future. They predicted the
following events:
·
Electrical and telephone systems in the United States would
be knocked out for hours.
·
Freight and passenger trains would derail or collide.
·
Oil refineries would ignite.
·
Our financial system would fail, including automatic tellers.
·
Well-organized domestic extremists would make strategic
strikes.
·
Computer-controlled weapons systems would malfunction.
Experts suggest that this could happen in a matter of
hours. That's a chilling thought. Is it true? Are we really that dependent
on technology, or are our government agencies fishing for funding?
The truth is that we are that dependent on technology.
|
FF0157.pdf