Dark Territory
Page 11
Here was Clarke’s chance to jump-start national policy—if not to revive FIDNET (that seemed out of the question for now), then at least to impose some rules on wayward bureaucracies and corporations. He strode into the Oval Office, where Clinton had already heard the news, and said, “This is the future of e-commerce, Mr. President.”
Clinton replied, a bit distantly, “Yeah, Gore’s always going on about ‘e-commerce.’ ”
Still, Clarke persuaded the president to hold a summit in the White House Cabinet Room, inviting twenty-one senior executives from the major computer and telecom companies—AT&T, Microsoft, Sun Microsystems, Hewlett-Packard, Intel, Cisco, and others—along with a handful of software luminaries from consulting firms and academia. Among this group was the now-famous Peiter Zatko, who identified himself on the official guest list as “Mudge.”
Zatko came into the meeting starstruck, nearly as much by the likes of Vint Cerf, one of the Internet’s inventors, as by the president of the United States. But after a few minutes of sitting through the discussion, he grew impatient. Clinton was impressive, asking insightful questions, drawing pertinent analogies, grasping the problem at its core. But the corporate execs were faking it, intoning that the attack had been “very sophisticated” without acknowledging that their own passivity had allowed it to happen.
A few weeks earlier, Mudge had gone legit. The L0pht was purchased by an Internet company called @stake, which turned the Watertown warehouse into a research lab for commercial software to block viruses and hackers. Still, he had no personal stake in the piece of theater unfolding before him, so he spoke up.
“Mr. President,” he said, “this attack was not sophisticated. It was trivial.” All the companies should have known that this could happen, but they hadn’t invested in preventive measures—which were readily available—because they had no incentive to do so. He didn’t elaborate on the point, but everyone knew what he meant by “incentives”: if an attack took place, no one would get punished, no stock prices would tank, and it would cost no more to repair the damage than it would have cost to obstruct an attack in the first place.
The room went silent. Finally, Vint Cerf, the Internet pioneer, said, “Mudge is right.” Zatko felt flattered and, under the circumstances, relieved.
As the meeting broke up, with everyone exchanging business cards and chatting, Clarke signaled Zatko to stick around. A few minutes later, the two went into the Oval Office and talked a bit more with the president. Clinton admired Zatko’s cowboy boots, hoisted his own snakeskins onto his desk, and disclosed that he owned boots made of every mammal on the planet. (“Don’t tell the liberals,” he whispered.) Zatko followed the president’s lead, engaging in more small talk. After a few minutes, a handshake, and a photo souvenir, Zatko bid farewell and walked out of the office with Clarke.
Zatko figured the president had enough on his mind, what with the persistent fallout from the Monica Lewinsky scandal (which had nearly led to his ouster), the fast-track Middle East peace talks (which would go nowhere), and the upcoming election (which Vice President Gore, the carrier of Clinton’s legacy, would lose to George W. Bush).
What Zatko didn’t know was that, while Clinton could muster genuine interest in the topic—or any other topic—at a meeting of high-powered executives, he didn’t care much about cyber and, really, never had. Clarke was the source, and usually the only White House source, of any energy and pressure on the issue.
Clarke knew that Zatko’s Cabinet Room diatribe was on the mark. The industry execs would never fix things voluntarily. In this sense, the meeting was almost comical, with several of them imploring the president to take action, then, a moment later, assuring him that they could handle the problem without government fiat.
The toned-down version of his National Plan for Information Systems Protection called for various cooperative ventures between the government and private industry to get under way by the end of 2000 and to be fully in place by May 2003. But the timetable seemed implausible. The banks were game; a number of them had readily agreed to form an industry-wide ISAC—an Information Sharing and Analysis Center—to deal with the challenge. This wasn’t so surprising: banks had been the targets of dozens of hackings, costing them millions of dollars and, potentially, the trust of high-rolling customers; some of the larger financial institutions had already hired computer specialists. But most of the other critical infrastructures—transportation, energy, water supply, emergency services—hadn’t been hacked: executives of those companies saw the threat as hypothetical; and, as Zatko had observed, they saw no incentive in spending money on security.
Even the software industry included few serious takers: they knew that security was a problem, but they also knew that installing truly secure systems would slow down a server’s operations, at a time when customers were paying good money for more speed. Some executives asked security advocates for a cost-benefit analysis: what were the odds of a truly catastrophic event; what would such an event cost them; how much would a security system cost, and what were the chances that the system would actually prevent intrusions? No one could answer these questions; there were no data to support an honest answer.
The Pentagon’s computer network task force was facing similar obstacles. Once, when Art Money, the assistant secretary of defense for command, control, communications, and intelligence, pushed for a 10 percent budget hike for network security, a general asked him whether the program would yield a 10 percent increase in security. Money went around to his technical friends, in the NSA and elsewhere, posing the question. No one could make any such assurance. The fact was, most generals and admirals wanted more tanks, planes, and ships; a billion dollars more for staving off computer attacks—a threat that most regarded as far-fetched, even after Eligible Receiver, Solar Sunrise, and Moonlight Maze (because, after all, they’d done no discernible damage to national security)—meant a billion dollars less for weapons.
But things were changing on the military side: in part because more and more colonels, even a few generals, were starting to take the problem seriously; in part because the flip side of cyber security—cyber warfare—was taking off in spades.
CHAPTER 7
* * *
DENY, EXPLOIT, CORRUPT, DESTROY
BACK in the summer of 1994, while Ken Minihan and his demon-dialers at Kelly Air Force Base were planning to shut down Haiti’s telephone network as a prelude to President Clinton’s impending invasion, a lieutenant colonel named Walter “Dusty” Rhoads was sitting in a command center in Norfolk, Virginia, waiting for the attack to begin.
Rhoads was immersed in Air Force black programs, having started out as a pilot of, first, an F-117 stealth fighter, then of various experimental aircraft in undisclosed locations. By the time of the Haiti campaign, he was chief of the Air Combat Command’s Information Warfare Branch at Nellis Air Force Base, Virginia, and, in that role, had converted Minihan’s phone-jamming idea into a detailed plan and coordinated it with other air operations.
For days, Rhoads and his staff were stuck in that office in Norfolk, going stir-crazy, pigging out on junk food, while coining code words for elaborate backup plans, in case one thing or another went wrong. The room was strewn with empty MoonPie boxes and Fresca cans, so he made those the code words: “Fresca” for Execute the war plan, “MoonPie” for Stand down.
After the Haitian putschists fled and the invasion was canceled, Rhoads realized that the setup had been a bit convoluted. He was working through Minihan’s Air Force Information Warfare Center, which was an intelligence shop, not an operations command; and, strictly speaking, intel and combat ops were separate endeavors, with Title 10 of the U.S. Code covering combat and Title 50 covering intelligence. Rhoads thought it would be a good idea to form an Air Force operations unit dedicated to information warfare.
Minihan pushed for the idea that fall, when he was reassigned to the Pentagon as the assistant chief of staff for intelligence. He sold the idea well. On August 15, 1
995, top officials ordered the creation of the 609th Air Information Warfare Squadron, to be located at Shaw Air Force Base, in South Carolina.
The official announcement declared that the squadron would be “the first of its kind designed to counter the increasing threat to Air Force information systems.” But few at the time took any such threat seriously; the Marsh Report, Eligible Receiver, Solar Sunrise, and Moonlight Maze wouldn’t dot the landscape for another two years. The squadron’s other, main mission—though it was never mentioned in public statements—was to develop ways to threaten the information systems of America’s adversaries.
Rhoads would be the squadron’s commander, while its operations officer would be a major named Andrew Weaver. The previous spring, Weaver had written an Air Staff pamphlet called Cornerstones of Information Warfare, defining the term as “any action to deny, exploit, corrupt, or destroy the enemy’s information and its functions,” with the ultimate intent of “degrading his will or capability to fight.” Weaver added, by way of illustration, “Bombing a telephone switching facility is information warfare. So is destroying the switching facility’s software.”
On October 1, the 609th was up and running, with a staff of just three officers—Rhoads, Weaver, and a staff assistant—occupying a tiny room in the Shaw headquarters basement, just large enough for three desks, one phone line, and two computers.
Within a year, the staff grew to sixty-six officers. Two thirds of them worked on the defensive side of the mission, one third on offense. But in terms of time and energy, the ratio was reversed—one third was devoted to defense, two thirds to offense—and those working the offensive side were kept in separate quarters, behind doors with combination locks.
In February 1997, the squadron held its first full Blue Flag exercise. The plan was for the offensive crew to mount an information warfare attack on Shaw’s air wing, while the defensive crew tried to blunt the attack. One of the air wing’s officers scoffed at the premise: the wing’s communications were all encrypted, he said; nobody can get in there.
But the aggressors broke the passwords, sniffed out the network, found holes, burrowed through, and, once inside, took control. They issued false orders to lighten the air wing’s weapons loads, so that the planes would inflict less damage against the enemy. They altered the routes and schedules of tanker aircraft, which were supposed to refuel fighter jets in midflight, as a result of which the fighters ran out of gas before they could carry out their missions.
It was a tabletop game, not a live-action exercise; but if the game had been real, if a wartime adversary had done what the aggressors of the 609th did, the U.S. Air Force’s war plan would have been wrecked. Some pilots, looking at their orders, might have realized something was amiss, and made adjustments, but from that point on, neither they nor their commanders would have known whether they could trust any orders they received or any information they saw or heard; they would have lost confidence in their command-control.
Toward the end of the game, following a canned script, the defense staved off the attack on the wing’s information systems and prevailed in battle. But in fact, everyone knew that the game was a rout in the opposite direction. If the aggressors hadn’t been limited by the game’s set of rules, they could have shut down the wing’s entire operations. Just as Eligible Receiver would demonstrate a few months later, on a wider playing field, the U.S. military—in this case, a vital wing of the Air Force—was horribly vulnerable to an information warfare attack and unable to do anything about it.
Rhoads knew how to shut down the air wing in the Blue Flag exercise because, back when he was chief of the Air Combat Command’s Information Warfare Branch, he’d used some of these same techniques in simulations of attacks on enemy air wings.
A few months after the Blue Flag demonstration, a real war broke out, and the new commanders of information warfare made their combat debut, better-positioned and higher-ranked than they’d been in the war against Saddam Hussein at the start of the decade.
* * *
For the previous year, the United States and its NATO allies had been enforcing the Dayton Accords—the December 1995 treaty ending Serbian president Slobodan Milosevic’s brutal war in Bosnia-Herzegovina—through an organization called the Stabilization Force, or SFOR, which was also hunting down Serbian war criminals and striving to ensure that the country’s elections, scheduled for September 1977, were free and fair.
SFOR had a “white” side, consisting of regular armed forces, and a “black” side, consisting of special-ops units and spies. The black side needed some help; Milosevic wasn’t cracking down on war criminals, as he’d promised. So it turned to J-39, Soup Campbell’s ultrasecret unit in the Pentagon’s Joint Staff that—through links with the NSA, the 609th Information Warfare Squadron, the Air Force Information Warfare Center in San Antonio, and other intelligence agencies—developed the tools and techniques for what they saw as the new face of combat.
J-39 got its first taste of action on July 10, 1997, with Operation Tango, in which five-man teams of British special-ops forces, pretending to be Red Cross officials, captured four of the most-wanted Serbian war criminals. The operation had been preceded by covert surveillance ops—tapping phones, tagging cars with GPS transmitters, and, in a few key areas, installing cameras inside objects that looked like rocks (a contraption designed by Army intelligence technicians at Fort Belvoir, Virginia).
At its peak, more than thirty thousand NATO troops took part in SFOR, a high-profile deployment by any measure, prompting Serbian citizens to mount frequent demonstrations against the Westerners’ presence. American officials soon realized that the protests were orchestrated by certain local TV newscasters, who told viewers to go to a specific location, at a specific time, and throw rocks at Western soldiers.
Eric Shinseki, the U.S. Army general in charge of NATO forces in Bosnia, asked the Joint Staff—which, in turn, ordered J-39—to devise some way of turning off TV transmitters when these newscasts came on the air.
Some of the J-39 technicians were from Texas and knew of remote-control devices used at oil wells to turn the pumps off and on. They contracted Sandia Laboratories, a high-tech defense firm, to build a similar device for this operation. Meanwhile, analysts at Kelly Air Force Base calculated that just five television towers were transmitting broadcasts to eighty-five percent of Serbian homes. Some Serbs, who were secretly working for SFOR’s black section, installed Sandia’s boxes on those five transmitters. Where agents couldn’t install them covertly, they told a guard that the box was a new filter for higher-resolution video quality; the guard waved them through.
Once the boxes were set up, engineers at SFOR headquarters monitored the TV stations. Whenever a newscaster started urging viewers to go demonstrate, they turned off the transmitter carrying that channel’s signals.
American officials also drew on their connections to Hollywood, persuading a few TV producers to provide popular programs to the one friendly local station. During the hours when demonstrations were frequently held, the station would run episodes of Baywatch, the most popular show in the world; many Serbs, who might otherwise have hit the streets to make trouble, stayed in to watch young women cavorting in bikinis.
General Shinseki visited headquarters for a demonstration of this technology. He asked the engineer who was monitoring the stations to turn off one of the transmission sites. The engineer flicked a switch, and the stations carried by that tower went dead.
Shinseki was amazed. One of the engineers, watching the general’s reaction, rolled his eyes and whispered to a colleague, “C’mon, it’s an on-off switch!”
This wasn’t the most sophisticated stunt the team was capable of pulling.
A few months later, it was clear the Dayton Accords were breaking down. General Wesley Clark, the NATO commander, started planning air strikes against Milosevic’s key military targets. The J-39 unit laid the groundwork well ahead of time.
The first step of any bombing run wou
ld be to disrupt or disable the enemy air-defense system. Two specialists, on loan from a special intelligence unit in Arizona, discovered that Serbia’s air-defense system ran through the country’s civilian telecommunications system. (Echoes of the aborted 1994 invasion of Haiti, when demon-dialers at Kelly Air Force Base learned the same thing about that country and planned to turn off the radar by flooding the entire phone system with busy signals.)
With the permission of Secretary of Defense William Cohen (who needed to approve any offensive operation involving information warfare), the J-39 unit—which had its own share of former demon-dialers—hacked into the Serbian phone system to scope out everything that General Clark and his planning staff might need to know: how it operated, where it was vulnerable.
The hack was enabled by two bits of good timing. First, CIA director George Tenet had recently created a clandestine unit called the IOC, the Information Operations Center, the main purpose of which was to send in spies to plant a device—a wiretap, a floppy disk, in later years a thumb drive, or whatever else it might take—that would allow SIGINT teams at the NSA or some other agency to intercept communications. In this instance, IOC installed a device at the Serbian phone company’s central station.
The other bit of luck was that the Serbs had recently given their phone system a software upgrade. The Swiss company that sold them the software gave U.S. intelligence the security codes.
Once the J-39 tech crews had broken into the Serbian phone system, they could roam through the entire network—including the air-defense lines and telecommunications for the entire Serbian military.
A U.S. Army colonel, monitoring the operation back in the Pentagon, briefed John Hamre, the deputy secretary of defense, on what was going on. Hamre asked how much confidence he had that the plan would frustrate the Serbian commanders.
The colonel replied, “Based on my experience as a battalion commander, if you pick up a phone and can’t hear or talk to anyone, it’s very frustrating.”