Book Read Free

Dark Territory

Page 12

by Fred Kaplan


  “That’s good enough for me,” Hamre said.

  General Clark began the NATO bombing campaign on March 24, 1999. Air Force commanders didn’t trust the clever radar-spoofing scheme and instead ordered pilots to fly at very high altitudes, at least fifteen thousand feet, beyond the range of Serbian anti-air missiles. But on the few occasions when allied planes did dip low, J-39’s operators hacked into the air defense system as planned, and fed it false information, making the radar screen monitors think the planes were coming from the west, when in fact they were coming from the northwest.

  The deception had to be subtle; the radar had to be just a bit off, enough to make Serbian officers blame the miss on a mechanical flaw but not enough for them to suspect sabotage, in which case they might switch from automatic guidance to manual control. (The Serbs managed to shoot down two planes in the course of the war, an F-16 jet and an F-117 stealth fighter, when an officer made precisely that switch.) Otherwise, the air-defense crews kept aiming their weapons at swaths of the sky where no planes were flying.

  Another goal of J-39’s campaign was to drive a wedge between Milosevic’s paramilitary forces (known as the MUP) and the regular Yugoslav military (the VJ). The NSA had obtained phone and fax numbers for officers in both organizations. J-39 officers sent messages to the VJ leaders, expressing admiration for their professionalism in defending the Yugoslav people and urging them to remain apolitical. At one point, General Clark bombed the MUP and VJ headquarters at roughly the same time. While the planes were in flight, J-39 sent a message to VJ leaders, warning them to get out of the building. After both structures were destroyed, the MUP survivors—some of them injured, all of them shaken up—heard that the VJ officers had fled their headquarters ahead of time, unscathed, and so they began to suspect that VJ was collaborating with NATO. The distrust tore the two apart, just as J-39 intended.

  As J-39 operators dug deeper into the Serbian military’s command-control, they started intercepting communications between Milosevic and his cronies, many of them civilians. Again with the assistance of the NSA, the information warriors mapped this social network, learning as much as possible about the cronies themselves, including their financial holdings. As one way to pressure Milosevic and isolate him from his power base, they drew up a plan to freeze his cronies’ assets.

  The Pentagon’s lawyers overruled the proposal—in fact, adamantly rejected any plan designed to affect Serbian civilians. But then, over the weekend of April 17, the Belgrade marathon took place, in which runners of the 26.2-mile race twice crossed a bridge that had been a prominent target in the bombing campaign. The Serbian authorities touted the event—on local and international airwaves—as a defiant protest of NATO’s air war, proof of the West’s craven weakness in the face of the Serbian people’s courage and their loyalty to Milosevic.

  President Clinton watched a TV broadcast of the marathon in a foul mood. The previous Monday, a federal judge had found him in contempt of court for giving “intentionally false” testimony about his relations with White House intern Monica Lewinsky. And now this! Wes Clark had promised him that Milosevic would fold after a few days of bombing, yet four weeks had passed, and the bastard was thumbing his nose at the Western world.

  Clinton sent word to step up the pressure. Suddenly the Pentagon lawyers withdrew their objections to go after Milosevic’s cronies. J-39 commenced the next phase of operations the following Monday.I

  One of Milosevic’s major political donors owned a copper mine. J-39 sent him a letter, warning that the mine would be bombed if he didn’t stop supporting the Serbian president. The donor didn’t respond. Not long before, a CIA contractor had invented a device, made from long strands of carbon fiber, that short-circuited electrical wire on contact. An American combat plane flew over the copper mine, dropped the carbon fiber over the mine’s power line, and shut off its electricity. The repair was quick and easy, but so was the message. The donor received another letter, saying that the power outage was a warning: if he didn’t change his ways, bombs would fall. He instantly cut off contact with Milosevic.

  J-39 also stepped up its campaign to shut down Milosevic’s propaganda machine. A European satellite company was carrying the broadcasts of some pro-Milosevic stations. A senior officer in U.S. European Command visited the company’s chairman and told him that 80 percent of his board members were from NATO nations. When the chairman told him how much the Serbian stations were paying him, the American officer offered to pay a half million dollars more if he shut them down. He complied.

  Meanwhile, U.S. intelligence agencies had discovered that Milosevic’s children were vacationing in Greece. Spies took photos of them, lying on the beach. After one bombing run that turned off electrical power in Belgrade, American planes dropped leaflets with the photos beneath a headline blaring that Milosevic had sent his kids to sunbathe in Greece while his own people were sitting in the dark.

  Finally, J-39 embarked on a campaign to annoy Milosevic and those around him. They rang his home phone over and over, day and night. When someone picked up, they said nothing. The British equivalent of NSA—the Government Communications Headquarters, or GCHQ—monitored the calls and circulated tape recordings of Madame Milosevic cursing and slamming down the phone. One GCHQ merrily told his American counterpart, “We like it when they talk dirty to us.”

  The unit also called Milosevic’s generals on their home phones and played a recording of someone who identified himself as General Clark, jovially asking, in fluent Serbo-Croatian, how things were going and imploring them to stop fighting.

  On June 4, Milosevic surrendered. It was widely observed that no one had ever before won a war through airpower alone. But this war wasn’t won that way, either. It was won through a combination of the pummeling air strikes and the isolating impact of information warfare.

  Afterward, in a postwar PowerPoint briefing, Admiral James Ellis, Commander of Allied Forces, Southern Europe, hailed the information operation as “at once a great success . . . and perhaps the greatest failure of the war.” All the tools were in place, he went on, but “only a few were used.” The campaign employed “great people” with “great access to leadership,” but they hadn’t been integrated with the operational commands, so they had less impact “on planning and execution” than they might have had. The whole enterprise of information warfare, Ellis wrote, had “incredible potential” and “must become” a “point of main effort” in the asymmetric wars to come. However, the concept was “not yet understood by war fighters.” One reason for this lapse, he said, was that everything about information warfare was “classified beyond their access,” requiring special security clearances that only a few officers possessed. Had the tools and techniques been fully exploited, Ellis concluded, the war might have lasted half as long.

  This was the most telling aspect of the information warfare campaign: it was planned and carried out by a secret unit of the Pentagon’s Joint Staff, with assistance from the even more secretive NSA, CIA, and GCHQ. As the twentieth century came to a close, America’s military commanders weren’t yet willing to let hackers do the business of soldiers and bombardiers. A few senior officers were amenable to experimenting, but the Defense Department lacked the personnel or protocols to integrate this new dimension of war into an actual battle plan. The top generals had signed doctrinal documents on “information warfare” (and, before that, “counter command-control war”), but they didn’t appear to take the idea very seriously.

  A small group of spies and officers set out to change that.

  * * *

  I. J-39 also figured out how to hack into Milosevic’s own bank accounts; President Clinton was intrigued with the idea. But senior officials, especially in the Treasury Department, strongly advised against going down that road, warning of severe blowback. In subsequent years, intelligence agencies tracked down other hostile leaders’ finances, but the option of actually hacking their bank accounts was never actively pursued.

 
CHAPTER 8

  * * *

  TAILORED ACCESS

  ART MONEY was flustered. He was the ASD(C3I), the assistant secretary of defense for command, control, communications, and intelligence—and thus the Pentagon’s point man on information warfare, its civilian liaison with the NSA. The past few years should have vindicated his enthusiasms. Eligible Receiver, Solar Sunrise, and Moonlight Maze had sired an awareness that the military’s computer networks were vulnerable to attack. J-39’s operations in the Balkans proved that the vulnerabilities of other countries’ networks could be exploited for military gain—that knowing how to exploit them could give the United States an advantage in wartime. And yet, few of America’s senior officers evinced the slightest interest in the technology’s possibilities.

  Money’s interest in military technology dated back to a night in 1957, when, as a guard at an Army base in California, he looked up at the sky and saw Sputnik II, the Soviet Union’s second space satellite, orbiting the earth before the Americans had launched even a first—a beacon of the future, at once fearsome and enthralling. Four years later, he enrolled at San Jose State for an engineering degree. Lockheed’s plant in nearby Sunnyvale was hiring any engineer who could breathe. Money took a job on the night shift, helping to build the system that would launch the new Polaris missile from a tube in a submarine. Soon he was working on top secret spy satellites and, after earning his diploma, the highly classified devices that intercepted radio signals from Soviet missile tests.

  From there, he went to work for ESL, the firm that Bill Perry had founded to develop SIGINT equipment for the NSA and CIA; by 1990, Money rose to the rank of company president. Six years later, at the urging of Perry, his longtime mentor, who was now secretary of defense, he came to work at the Pentagon, as assistant secretary of the Air Force for research, development, and acquisition.

  That job put him in frequent touch with John Hamre, the Pentagon’s comptroller. In February 1998, Solar Sunrise erupted; Hamre, now deputy secretary of defense, realized, to his alarm, that no one around him knew what to do; so he convinced his boss, Secretary of Defense William Cohen, to make Art Money the new ASD(C3I).

  Money was a natural for the job. Hamre was set on turning cyber security into a top priority; Money, one of the Pentagon’s best-informed and most thoroughly connected officials on cyber matters, became his chief adviser on the subject. It was Money who suggested installing intrusion-detection systems on Defense Department computers. It was Money who brought Dusty Rhoads into J-39 after hearing about his work in the Blue Flag war games at the 609th Information Warfare Squadron. It was Money who brought together J-39, the NSA, and the CIA during the campaign in the Balkans.

  The concept of information warfare—or cyber warfare, as it was now called—should have taken off at this point, but it hadn’t because most of the top generals were still uninterested or, in some cases, resistant.

  In the summer of 1998, in the wake of Solar Sunrise, Money was instrumental in setting up JTF-CND—Joint Task Force-Computer Network Defense—as the office to coordinate protective measures for all Defense Department computer systems, including the manning of a 24/7 alert center and the drafting of protocols spelling out what to do in the event of an attack. In short, Money was piecing together the answer to the question Hamre posed at the start of Solar Sunrise: “Who’s in charge?”

  The initial plan was to give Joint Task Force-Computer Network Defense an offensive role as well, a mandate to develop options for attacking an adversary’s networks. Dusty Rhoads set up a small, hush-hush outpost to do just that. But he, Money, and Soup Campbell, the one-star general in charge of the task force, knew that the services wouldn’t grant such powers to a small bureau with no command authority.

  However, Campbell made a case that, to the extent the military services had plans or programs for cyber offensive operations (and he knew they did), the task force ought, at the very least, to be briefed on them. His argument was unassailable: the task force analysts needed to develop defenses against cyber attacks; knowing what kinds of attacks the U.S. military had devised would help them expand the range of defenses—since, whatever America was plotting against its adversaries, its adversaries would likely soon be plotting against America.

  Cohen bought the argument and wrote a memo to the service chiefs, ordering them to share their computer network attack plans with the joint task force. Yet at a meeting chaired by John Hamre, the vice chiefs of the Army, Navy, and Air Force—speaking on behalf of their bosses—blew the order off. They didn’t explicitly disobey the order; that would have been insubordination, a firing offense. Instead, they redefined their attack plans as something else, so they could say they had no such plans to brief. But their evasion was obvious: they just didn’t want to share these secrets with others, not even if the secretary of defense told them to do so.

  Clearly, the task force needed a broader charter and a home with more power. So, on April 1, 2000, JTF-CND became JTF-CNO, the O standing for “Operations,” and those operations included not just Computer Network Defense but also, explicitly, Computer Network Attack. The new task force was placed under the purview of U.S. Space Command, in Colorado Springs. It was an odd place to be, but SpaceCom was the only unit that wanted the mission. In any case, it was a command, invested with war-planning and war-fighting powers.

  Still, Money, Campbell, Hamre, and the new task force commander, Major General James D. Bryan, saw this, too, as a temporary arrangement. Colorado Springs was a long way from the Pentagon or any other power center; and the computer geeks from the task force were complaining that their counterparts at Space Command, who had to be meshed into the mission, didn’t know anything about cyber offense.

  Money felt that the cyber missions—especially those dealing with cyber offense—should ultimately be brought to the Fort Meade headquarters of the NSA. And so did the new NSA director, Lieutenant General Michael Hayden.

  * * *

  Mike Hayden came to the NSA in March 1999, succeeding Ken Minihan. It wasn’t the first time Hayden followed in his footsteps. For close to two years, beginning in January 1996, Hayden commanded Kelly Air Force Base in San Antonio. Kelly was where Minihan had run the Air Force Information Warfare Center, which pioneered much of what came to be called cyber warfare—offense and defense—and, by the time Hayden arrived, it had grown in sophistication and stature.

  Hayden knew little about the subject before his tenure at Kelly, but he quickly realized its possibilities. A systematic thinker who liked to place ideas in categories, he came up with a mission concept that he called GEDA—an acronym for Gain (collect information), Exploit (use the information to penetrate the enemy’s networks), Defend (prevent the enemy from penetrating our networks), Attack (don’t just penetrate the enemy network—disable, disorient, or destroy it).

  At first glance, the concept seemed obvious. But Hayden’s deeper point was that all these missions were intertwined—they all involved the same technology, the same networks, the same actions: intelligence and operations in cyberspace—cyber security, cyber espionage, and cyber war—were, in a fundamental sense, synonymous.

  Hayden was stationed overseas, as the intelligence chief for U.S. forces in South Korea, when Solar Sunrise and Moonlight Maze stirred panic in senior officialdom and made at least some generals realize that the trendy talk about “information warfare” might be worthy of attention. Suddenly, if just to stake a claim in upcoming budget battles, each of the services hung out a cyber shingle: the Army’s Land Information Warfare Activity, the Navy’s Naval Information Warfare Activity, and even a Marine Corps Computer Network Defense unit, joined the long-standing Air Force Information Warfare Center in the enterprise.

  Many of these entities had sprung up during Ken Minihan’s term as NSA director, and the trend worried him for three reasons. First, there were financial concerns: the defense budget was getting slashed in the wake of the Cold War; the NSA’s share was taking still deeper cuts; and he didn’t need
other, more narrowly focused entities—novices in a realm that the NSA had invented and mastered—to drain his resources further. Second, some of these aspiring cyber warriors had poor operational security; they were vulnerable to hacking by adversaries, and if an adversary broke into their networks, he might gain access to files that the NSA had shared.

  Finally, there was an existential concern. When Minihan became NSA director, Bill Perry told him, “Ken, you need to preserve the mystique of Fort Meade.” The mystique—that was the key to the place, Minihan realized early on: it was what swayed presidents, cabinet secretaries, committee chairmen, and teams of government lawyers to let the NSA operate in near-total secrecy, and with greater autonomy than the other intelligence agencies. Fort Meade was where brilliant, faceless code-makers and code-breakers did things that few outsiders could pretend to understand, much less duplicate; and, for nearly the entire post–World War II era, they’d played a huge, if largely unreported, role in keeping the peace.

  Now, the mystique was unraveling. With the Cold War’s demise, Minihan gutted the agency’s legendary A Group, the Soviet specialists, in order to devote more resources to emerging threats, including rogue regimes and terrorists. The agency could still boast of its core technical base: the cryptologists, the in-house labs, and their unique partnership with obscure outside contractors—that was where the mystique still glowed. Minihan needed to build up that base, expand its scope, shift its agenda, and preserve its mastery—not let it be diluted by lesser wannabes splashing in the same stream.

  Amid the profusion of entities claiming a piece of Fort Meade’s once-exclusive turf, and the parallel profusion of terms for what was essentially the same activity (“information warfare,” “information operations,” “cyber warfare,” and so forth), Minihan tried to draw the line. “I don’t care what you call it,” he often said to his political masters. “I just want you to call me.”

 

‹ Prev