TECHNOIR
Page 14
Chapter 10
The Forever War
The battle on the Internet amongst the US, terrorists and Patriotic hackers
Just months into his first term, President Obama was making cyberwarfare a top priority. The Pentagon, he said, would be home to America’s new Cyber Command. These were smart and pragmatic moves, and made so early and easily in a President's first term. But they may become some of the most important set of decisions he ever makes. Because as the first decade of the 21st century comes to a close, mankind’s ability to connect through cyberspace was getting easier and cheaper literally by the day. A “connectivity” that was once a luxury, is now a necessity for the daily lives of billions of people. Thus severing the lines of this connectivity could literally mean the Apocalypse of an information kind, and what exactly follows is a nightmare humanity has never truly faced.
Downing the Internet could mean turning off modern life as we know it. Global business and finance systems would collapse. Draining bank accounts and erasing identities would be just a few personal nightmares that cyber-destruction or cyberwarfare could cause. Don't forget cyberspace is also interconnected, in most cases, to all of mankind’s most important physical infrastructures. Theoretically, experts say a team of covert hackers – whether civilian or part of a military unit – could shut down another nation's electrical grids, for example. And that of which can be shut down is a long, ominous list: Air traffic control towers could be blinded, phone systems cut dead, alarm systems deadened, traffic lights darkened, telecommunications silenced and satellite connections severed. Cyberattacks can also get dirty – literally. In 2001, an Australian hacker used the Internet, a wireless radio, and some software, to hack into the network that controlled the sewage lines of a coastal town near Queensland, Australia. The hacker promptly released a computer-hacked bowel movement of mega-proportions. He let loose 1 million liters of waste water into the ocean.
But the worst cyberwar scenario must be this: Hackers access a network or computer that runs a nation’s nuclear arsenal, and thus they have the power of hastening the Apocalypse. Scores of nations in the future will have an arsenal of warheads that will no doubt be part of a network that will be connected to the Internet. Will their network security be as robust as America's?
So it was no great surprise that President Obama stressed defense as being of tremendous importance for America and for today’s hyper-connected information age. More importantly, the US military has warned it cannot wage war if their Internet is down. But the Obama administration is also dead serious about the US’s growing offensive capability in cyberspace and the Internet. Sometimes referred in military parlance as “Computer Network Attack” or CNA.
In the early 1980s, as the industrial age lay dieing and the Information Age began to rise, the Cyberpunk genre of science fiction gave birth to the term “Cyberspace.” A genre that gained traction with the help of authors such as William Gibson who coined the term cyberspace and authored one of sci-fi’s greatest books, Neuromancer, which tells the story of a “console cowboy” in a terrifying future where life means surviving in two separate worlds: the physical and the virtual. Incredibly, Gibson predicted the advent of reality TV; he also predicted conflict in cyberspace. Roughly thirty years after Gibson’s cyber prophecies, Cyberwar is here and now. A reality that heralds an age when one nation's “I-force” can take down another nation’s cyberstructure – and probably the nation itself.
Indeed, the US and Russia are now wrangling over an arsenal that doesn't even spill blood. At the beginning of 2010, US and Russia were engaged in bilateral talks seeking to curtail an arms race in cyberspace. Russia has long sought a disarmament treaty for cyberspace, but the Bush administration, as it often did, refused to even come to the table
For the most part, CNA is computer-verse-computer warfare, hacker-verse-hacker, where the battlefield is cyberspace. One version of CNA under development across the globe, for example, are “Logic Bombs”, which can hide in networks for years and take them out when needed. But CNA doesn't entirely encompass super-secret codes. Microwave radiation devices can fry a network a mile a way, for instance. But how serious the American CNA arsenal is and how destructive, is a growing mystery. Yet the Joint Chiefs of Staff has said officially it wants to damage an enemy’s computer network “so badly that it cannot perform any function.” The Pentagon's cyberweapons are cloaked in hardcore secrecy. As for Russia's cyberweapons, perhaps their capabilities are a bit clearer.
In 2007, a series of cyberattacks or CNAs against the northern Europe nation of Estonia flooded scores of critical government and commercial websites, making them inaccessible for several days at a time. The attacks coming in the aftermath of Estonian government’s decision to relocate a Russian-related war monument. Attacks that sure appeared like cyberwarfare as the black-hat hackers had predicted years before. The Russian hackers shutdown many of Estonia’s critical online services, such as banking and finance, and for added insult, popular web sites defaced with hacker graffiti. For two weeks government servers were shocked and awed, and overloaded with information turning Estonia's cyberspace into a virtual pool of quick sand.
A virtual onslaught against Estonia is a smart thing if you’re going to war against them – the nation is considered one of the most connected on earth. An Estonian government official called it their “9/11”, even though no blood was shed. Estonians said Russians were bombarding their government servers with DDoS attacks better known as Denial of Service attacks. Some attacks originating from computers of the Russian government, they claimed.
According to experts, the attacks were made with the use of a BotNet – a web of hijacked and compromised computers, many personal, spread across the world. These “zombie computers”(also known as “nodes”), had previously been ambushed and overtaken by a Trojan Horse, virus or worm, without the owner of the computer even knowing. Just before the attack, the Russians organized their zombies like Roman flanxs, and ordered them remotely via a BotMaster, to march on Estonia servers by bombarding them with information or a request for information at a steady clip. Flooding web sites with so much traffic they crash. International authorities have taken notice that BotHerders act as mercenaries selling their BotNets to militaries and governments. The Georgia Tech Information Security Center reported that 10 percent of all computers online are part of a BotNet, and according to the CIA, there may be 1.3 billion computers around the globe connected to the Internet.
Not more than a year later after Estonia, Russia invaded its neighbor Georgia, and for the first time in history a cyberattack was used in conjunction with an armed conflict. But no one is sure if the attacks against sites such as the National Bank of Georgia and the Ministry of Foreign Affairs were committed by civilian hackers or military hackers. It's become a cyberwar mystery, making the prospects for cyberattacks even more tantalizing for those who have to wage modern warfare:
CNA is hard to trace. Plus CNA is relatively cheap and easily executable.
In 2009, North Korean hackers – as their country continued to teeter on the brink of total annihilation due to its psychopathic leadership – were accused of attacking with DDoS overloads on dozens of US government sites such as the Pentagon’s, the White House’s official site, and also the site of New York Stock Exchange. The White House site would continue to face attack well into 2010. It’s still not known if they were government hackers, civilians or paid mercenaries.
In the summer of 2009, “Hacktivists”, which are politically motivated hackers, kept Tehran a riot zone for several weeks with their ability to keep the lines of communication open by circumventing their government’s effort to wall-off Iran’s connection to the Internet. But as cyberspace has proven time and time again, information can flow like water through cloth. The Hacktivists used Facebook and Twitter to get their message out, coordinating hugely attended rallies.
In the US, as the Obama administration takes cyberwarfare to the center of the stage, the US m
ilitary along with the National Security Agency are no doubt building the technology, the networks, the computer power and the viruses, that may someday take down Chinese satellite links, thus hopefully turning the People’s Liberation Army blind and deaf as our forces close in.
Indeed, research into offensive computer warfare is ongoing at fever-pitched pace. You can also bet that billions have been spent on this research and the manpower to do it. Not long ago, and during the Bush administration when the Pentagon had devils-horns for the most exotic of weapons, one high-ranking Air Force officer basically gave notice to the rest of the world that rumors a Chinese military hacker unit was able to outwit and out-hack a US military hacker unit was nothing but bullshit.
“The effects that we could produce in and through cyberspace range from simple deterrence all the way to unmitigated destruction and defeat,” bragged Air Force Secretary Michael Wynne earlier this decade in an issue of Air and Space Power Journal. “However, it is important to emphasize that non-kinetic does not equate to nonlethal,” he wrote. “Just as we can use a kinetic attack to terrify rather than kill, so can we employ non-kinetic attacks to deliver a full spectrum of effects to irritate or cause tremendous loss of life and destruction of property.”
Non-kinetic attacks that cause tremendous loss of life? Wynne’s statements sound as if the US military has in the works the power to disintegrate enemies as they sit at their computers. But because the US has been so secret about its offensive cyber capabilities (or CNA), no one is sure what is truly being coded and programmed within some of the US cyberwarfare units now in existence.
As Capt. Damien Pickart of STRATCOM (Strategic Command) once told me: “The US military is capable of mounting offensive CNA. For security and classification reasons, we cannot discuss any specifics. However, given the increasing dependence on computer networks, any offensive or defensive computer capability is highly desirable.”
Desirable but also monstrously dangerous in the forms of worms and viruses. Past viruses and worms coded by angst teenagers have taken down huge areas of the Web, no less. Banking institutions brought to their knees by kids who don't even have a bank account. If a teenager can write lines of code that makes thousands of ATMs crash, what could a 100-man, highly-trained unit of professional hackers do with all the right tools and computer power? Perhaps more importantly, what type of worm or what virus could they possibly unleash?
“The reality is, once you press that Enter button, you can't control it,” said cyberwarfare expert Dan Verton to me, who has authored several books on the subject. “If the government were to release a virus to take down an enemies’ network, their radar, their electrical grid, you have no control what the virus might do after that.” No control in cyberspace is probably one good reason the US military remains silent about its emerging CNA arsenal. They may have virtual worms that could wreak havoc like virtual dragons; and thus trying to tame this power has become a main goal of research. In fact, in 2003, as the US prepared to invade Iraq, there was a plan in place to unleash a cyberattack against Saddam Hussein’s finances. An attack that could’ve knocked out his ability to pay for the war. But the Bush administration called it off.
“We knew we could pull it off – we had the tools,” said one senior official to the New York Times. But the White House was worried that the attack would spread to other financial networks and cripple the global markets, potentially costing Americans with their own friendly (financial) fire.
But a CNA against Iraq’s telephone networks was given a green light resulting in collateral damage. The attack also targeted networks helping with satellite communications. The attack, however, only temporarily took down the telephone, cell phone and satellite telephone systems that offered service in nations surrounding Iraq. In the New York Time article, John Arquilla, of the Naval Postgraduate School in Monterey, Calif., said, “Policy makers are tremendously sensitive to collateral damage by virtual weapons, but not nearly sensitive enough to damage by kinetic (conventional) weapons. The cyberwarriors are held back by extremely restrictive rules of engagement.”
What US Military Command or what units are waging CNA is a complicated question fogged by the Pentagon’s super tight-lipped approach to CNA. There is, for example, the 262nd Information Warfare Aggressor Squadron, an Air National Guard unit in Washington State, which has tapped into guardsmen employed at Microsoft, Adobe, and Cisco. The Air National Guard is also drawing from Sprint and Boeing for the Kansas- based 177th Information Aggressor Squadron. But obviously there are many more and their numbers growing.
The 262nd and 177th are just part-time cyberwarrior units, yet they may staff this nation’s best cyberwarriors considering where they work and what they do during the week (IT experts). The Air Force, which had designated itself the branch of the military that would lead the war in cyberspace, was reined in by the Pentagon in 2008 as moving this mission forward too fast and taking on too much. The responsibilities of cyberwarfare are now being distributed throughout all branches.
Nonetheless, the US military’s new focus on recruiting talent from high-tech companies raises a potential conflict of interest. Cisco’s routers and switches are considered the nervous system of the internet worldwide. Microsoft and Adobe products are used by hundreds of millions across the planet, and have suffered from programming errors that make them vulnerable to attack. Errors Microsoft and Adobe keep secret inside the company for weeks or months before they publicly offer a patch.
In the hands of an offensive cyberwar unit, advance knowledge of serious vulnerabilities could be devastating, says Robert Masse, a reformed hacker who founded Montreal-based computer security firm GoSecure. Cyberwarfare is “all about knowing exploits no one else knows about,” says Masse. “You need the exploits to break in. The people with the most exploits win.”
Some countries – notably China – have voiced concerns that Microsoft might pack backdoors in its closed-source operating systems and applications. In an effort to curb distrust, in 2003 Microsoft signed a pact with China, Russia, the United Kingdom, NATO and other nations to let them see the Windows source code. But the company is mum on whether it sees ethical problems in its engineers working part time for a military unit dedicated to hacking its products.
“Microsoft does not hold specifics about employees that are supporting cyber- warfare units),” said a Microsoft spokeswoman to me in 2007. “So to this end, there really is no comment on the types of work they are doing.” Cisco and Adobe also declined to comment.
Cybersecurity expert Richard Forno, who runs infowarrior.org, praised the recruitment effort. “The whole idea of an offensive information warfare unit, particularly a Computer Network Attack or CNA unit, is to build capabilities for possible exploitation down the road,” says Forno. “It just so happens the U.S. is lucky that the companies building the world's most popular and widely used IT products are based in the United States.”
Dan Verton says military personnel have told him numerous “black programs” involving CNA capabilities are also ongoing, while new polices and rules of engagement are now on the books. One classified CNA attack – a stealth-like attack unleashed by the US that has not remained a secret, claims Verton – took place in the mid-1990s against Serbia, during the Bosnian war. Verton says a team of US military ops was dropped into Serbia, and after cutting a wire leading to a major radar hub, connected a device that emitted phantom targets on Serb radar.
The ground for CNA was prepared in the summer of 2002, when President Bush signed National Security Presidential Directive 16, which ordered the government to prepare national-level guidance on U.S. policies for launching cyberattacks against enemies.
“I've got to tell you we spend more time on the computer network attack business than we do on computer network defense because so many people at very high levels are interested,” said Air Force Maj. Gen. John Bradley, during a speech at a 2002 Association of Old Crows conference. The group is the leading think tank on information and
electronic warfare.
Outside of defense of the America's most needed networks (phone, electric, banking, etc.), some experts suggest the reason the US needs to boost its CNA capabilities is because other nations may have a stronger and smarter cyberwarfare arsenal than the US. A CNA capability that may have already been tested against US networks and servers.
In the spring of 2001, Chinese fighter pilot Wang Wei-a wrecked his jet and died when he tried to buzz a US surveillance plane too close. Convinced the plane was spying on the homeland, the Chinese safely brought it down, detaining the Air Force crew. What happened next is considered one of the first ever “Hacktivist Wars”, or politically motivated hacker attacks. But the cyberconflict has a twist – did a group of young American hackers, presumably living off the parental dole, entice one of the world’s superpowers to set loose a military-programmed virus?
Patriotic American hackers – black hat amateurs if you will – initiated “Project China”, as told to this reporter in 2003, just days after the US Air Force crew was imprisoned. The plan was to round up a posse of pro-American hackers and attack Mainland China Web sites and networks. Attack, in this case, mostly meant inflicting cybervandalism, such as a web site defacement, which can be disruptive if you have to go through the network and seek out more poisonous code.
At the same time, a daily newspaper from Hong Kong, South China’s Morning Post, reported that hundreds of young Chinese hackers were going to return the favor in kind. Like two street gangs, the hackers began flexing their virtual attitude. “The whole thing started because we wanted to get their attention and we won't stop until the groups cease to exist and we humiliate them,” said an American hacktivist to the SCMP at the time. Within hours, the paper began hearing of “hundreds of defacements” laced with vulgar and racist remarks against Chinese corporate and government sites.