Dark Territory

Home > Other > Dark Territory > Page 29
Dark Territory Page 29

by Fred Kaplan


  or visit us online to sign up at

  eBookNews.SimonandSchuster.com

  NOTES

  MUCH OF the material in this book comes from interviews, all conducted on background, with more than a hundred participants in the story, many of them followed up with email, phone calls, or repeated in-person interviews. (For more about these sources, see the Acknowledgments.) In the Notes that follow, I have not cited sources for material that comes strictly from interviews. For material that comes in part from written sources (books, articles, documents, and so forth) and in part from interviews, I have cited those sources, followed by “and interviews.”

  CHAPTER 1: “COULD SOMETHING LIKE THIS REALLY HAPPEN?”

  That night’s feature: During his eight years as president, at Camp David and in the White House screening room, Reagan watched 374 movies, an average of nearly one a week, though often more. (“Movies Watched at Camp David and White House,” Aug. 19, 1988, 1st Lady Staff Office Papers, Ronald Reagan Library.) WarGames was an unusual choice; he usually watched adventures, light comedies, or musicals. But one of the film’s screenwriters, Lawrence Lasker, was the son of the actress Jane Greer and the producer Edward Lasker, old friends of Reagan from his days as a Hollywood movie star. Lawrence used his family connections to get a print to the president. (Interviews.)

  The following Wednesday morning: Office of the President, Presidential Briefing Papers, Box 31, 06/08/1983 (case file 150708) (1), Ronald Reagan Library; and interviews. This meeting is mentioned in Lou Cannon, President Reagan: The Role of a Lifetime (New York: Simon & Schuster, 1991), 38, but, in addition to getting the date wrong, Cannon depicts it as just another wacky case of Reagan taking movies too seriously; he doesn’t recount the president’s question to Gen. Vessey, nor does he seem aware that the viewing and this subsequent White House meeting had an impact on history. See also Michael Warner, “Cybersecurity: A Pre-history,” Intelligence and National Security, Oct. 2012.

  “highly susceptible to interception”: NSDD-145 has since been declassified: http://fas.org/irp/offdocs/nsdd145.htm.

  Established in 1952: As later codified in Executive Order 12333, signed by Ronald Reagan on Dec. 4, 1981, the NSA and FBI were barred from undertaking foreign intelligence collection “for the purpose of acquiring information concerning the domestic activities of United States persons,” this last phrase referring to American citizens, legal residents, and corporations (http://www.archives.gov/federal-register/codification/executive-order/12333.html).

  In its first three years: Ellen Nakashima, “Pentagon to Boost Cybersecurity Force,” Washington Post, Jan. 27, 2013; and interviews.

  In the American Civil War: Edward J. Glantz, “Guide to Civil War Intelligence,” The Intelligencer: Journal of U.S. Intelligence Studies (Winter/Spring 2011), 57; Jason Healey, ed., A Fierce Domain: Conflict in Cyberspace, 1986 to 2012 (Washington, D.C.: Atlantic Council, 2013), 27.

  During World War II: See esp. David Kahn, The Codebreakers (New York: Scribner; rev. ed., 1996), Ch. 14.

  a man named Donald Latham: Warner, “Cybersecurity: A Pre-history”; and interviews.

  In April 1967: Willis H. Ware, Security and Privacy in Computer Systems (Santa Monica: RAND Corporation, P-3544, 1967). This led to a 1970 report by a Defense Science Board task force, known as “the Ware Panel,” Security Controls for Computer Systems (declassified by RAND Corporation as R-609-1, 1979); and interviews.

  He well understood: Willis H. Ware, RAND and the Information Evolution: A History in Essays and Vignettes (Santa Monica: RAND Corporation, 2008).

  Ware was particularly concerned: Ibid., 152ff.

  In 1980, Lawrence Lasker and Walter Parkes: Extra features, WarGames: The 25th Anniversary Edition, Blu-ray disc; and interviews.

  The National Security Agency had its roots: See Kahn, The Codebreakers, 352. The stories about the tenth floor of the embassy and Inman’s response to reports of a fire are from interviews. The fact that U.S. intelligence was listening in on Brezhnev’s limo conversations (though not its method) was revealed by Jack Anderson, “CIA Eavesdrops on Kremlin Chiefs,” Washington Post, Sept. 16, 1971. Anderson’s source was a right-wing Senate aide who argued that the transcripts proved the Russians were cheating on the latest nuclear arms control treaty. After Anderson’s story appeared, the Russians started encrypting their phone conversations. The NSA broke the codes. Then the Russians installed more advanced encryption, and that was the end of the operation. (All this backstory is from interviews.)

  In his second term as president: Don Oberdorfer, From the Cold War to a New Era (Baltimore: Johns Hopkins University Press, 1998), 67.

  When they found out about the microwaves: Associated Press, “Russia Admits Microwaves Shot at US Embassy,” July 26, 1976; “Science: Moscow Microwaves,” Time, Feb. 23, 1976. The news stories note that personnel on the tenth floor were experiencing health problems due to the microwave beams. The stories don’t reveal—probably the reporters didn’t know—the purpose of the beams (they quote embassy officials saying they’re baffled about them) or the activities on the tenth floor.

  took to playing Muzak: As a defense reporter for The Boston Globe in the 1980s, I often heard Muzak when I interviewed senior Pentagon officials in their offices. I asked one of them why it was playing. He pointed to his window, which overlooked the Potomac, and said the Russians might be listening with microwave beams.

  CHAPTER 2: “IT’S ALL ABOUT THE INFORMATION”

  Its number-one mission: Most of this is from interviews, but see also Christopher Ford and David Rosenberg, The Admirals’ Advantage: U.S. Navy Operational Intelligence in World War II and the Cold War (Annapolis: Naval Institute Press, 2005), esp. Ch. 5. (All the material about Desert Storm is from interviews.)

  McConnell sat up as he watched: Though Sneakers inspired McConnell to call the concept “information warfare,” the phrase had been used before, first by weapons scientist Thomas P. Rona in a Boeing Company monograph, “Weapon Systems and Information War” (Boeing Aerospace Company, July 1976). Rona was referring not to computers but to technology that theoretically enhanced the capability of certain weapons systems by linking them to intelligence sensors.

  “decapitate the enemy’s command structure”: Warner, “Cybersecurity: A Pre-history.”

  McConnell pushed hard for the Clipper Chip: Jeffrey R. Yost, “An Interview with Dorothy E. Denning,” OH 424, Computer Security History Project, April 11, 2013, Charles Babbage Institute, University of Minnesota, http://conservancy.umn.edu/bitstream/handle/11299/156519/oh424ded.pdf?sequence=1; and interviews.

  CHAPTER 3: A CYBER PEARL HARBOR

  “critical national infrastructure”: President Bill Clinton, PDD-39, “U.S. Policy on Counterterrorism,” June 21, 1995, http://fas.org/irp/offdocs/pdd/pdd-39.pdf.

  Reno turned the task over: Most of the material on the Critical Infrastructure Working Group comes from interviews with several participants, though some is from Kathi Ann Brown, Critical Path: A Brief History of Critical Infrastructure Protection in the United States (Fairfax, VA: Spectrum Publishing Group, 2006), Chs. 5, 6. All details about briefings and private conversations within the group come from interviews.

  “high-tech matters”: Memo, JoAnn Harris, through Deputy Attorney General [Jamie Gorelick] to Attorney General, “Computer Crime Initiative Action Plan,” May 6, 1994; Memo, Deputy Attorney General [Gorelick], “Formation of Information Infrastructure Task Force Coordinating Committee,” July 19, 1994 (provided to author); and interviews.

  In recent times: Security in Cyberspace: Hearings Before the Permanent Subcommittee on Investigations of the Comm. on Government Affairs. 104th Cong. (1996). (statement of Jamie Gorelick, Deputy Attorney General of the United States.)

  the interagency meetings with Bill Studeman: Studeman’s role on interagency panels comes from Douglas F. Garthoff, Directors of Central Intelligence as Leaders of the U.S. Intelligence Community, 1946–2005 (Washington, D.C.: CIA Center for the Study of Intelligen
ce, 2005), 267. That he and Gorelick met every two weeks was noted in Security in Cyberspace: Hearings Before the Permanent Subcommittee on Investigations of the Comm. on Government Affairs. 104th Cong. (1996). (statement of Jamie Gorelick, Deputy Attorney General of the United States.)

  One branch of J Department: “Critical nodes” theory has fallen short in real-life wars. The Air Force attack plan for the 1990–91 Gulf War focused on eighty-four targets as the key “nodes”: destroy those targets, and the regime would collapse like a house of cards. In fact, the war didn’t end until a half million U.S. and allied troops crushed Iraq’s army on the ground. See Michael Gordon and Bernard Trainor, The Generals’ War (New York: Little, Brown, 1995), Ch. 4; Fred Kaplan, Daydream Believers (Hoboken: John Wiley & Sons, 2008), 20–21.

  Capping Greene’s briefing, the CIA: Brown, Critical Path, 78; and interviews.

  “in light of the breadth”: This language was reproduced in a memorandum from Attorney General to the National Security Council, on March 16, http://fas.org/sgp/othergov/munromem.htm.

  One word was floating around: The first use of “cyber war” was probably John Arquilla and David Ronfeldt, Cyberwar Is Coming! (Santa Monica: RAND Corporation, 1993), but their use of the phrase was more like what came to be called “netcentric warfare” or the “revolution in military affairs,” not “cyber war” as it later came to be understood.

  “may have experienced as many as 250,000 attacks”: General Accounting Office, “Information Security: Computer Attacks at Department of Defense Pose Increasing Risks” (GAO/AIMD-96-84), May 22, 1996. The report attributes the estimate to a study by the Pentagon’s Defense Information Security Agency.

  “Certain national infrastructures”: President Bill Clinton, Executive Order 13010, “Critical Infrastructure Protection,” July 15, 1996, http://fas.org/irp/offdocs/eo13010.htm.

  “We have not yet had a terrorist”: Jamie Gorelick, Security in Cyberspace: Hearings Before the Permanent Subcommittee on Investigations of the Comm. on Government Affairs. 104th Cong. (1996) (Statement of Jamie Gorelick, Deputy Attorney General of the United States.)

  America’s programs in this realm: There were only a few slipups in revealing the existence of a cyber offensive program, and they were little noticed. In May 1995, Emmett Paige, assistant secretary of defense for command, control, communications, and intelligence, said at a conference at the National Defense University, “We have an offensive [cyber] capability, but we can’t discuss it. . . . You’d feel good about it if you knew about it.” The next month, Navy Captain William Gravell, director of the Joint Staff’s information warfare group, said at a conference in Arlington, “We are at the first stage of a comprehensive effort [in information warfare]. . . . What we have been doing up to now is building some very powerful offensive systems.” As for now, he added, “there is no current policy in these matters.” That would remain true for many years after. Both remarks were quoted in Neil Munro, “Pentagon Developing Cyberspace Weapons,” Washington Technology, June 22, 1995—with no follow-up in any mass media, http://washingtontechnology.com/Articles/1995/06/22/Pentagon-Developing-Cyberspace-Weapons.aspx.

  Marsh and the commissioners first convened: Brown, Critical Path, 93. The rest of the material on the commission comes from interviews.

  “Just as the terrible long-range weapons”: White House, Critical Foundations: Protecting America’s Infrastructures: The Report of the President’s Commission on Critical Infrastructure Protection, Oct. 1997, http://fas.org/sgp/library/pccip.pdf.

  “a serious threat to communications infrastructure”: Commission on Engineering and Technical Systems, National Research Council, Growing Vulnerability of the Public Switched Networks: Implications for National Security Emergency Preparedness (Washington, D.C.: National Academy Press, 1989), 9.

  “The modern thief”: Commission on Engineering and Technical Systems, National Research Council, Computers at Risk: Safe Computing in the Information Age (Washington, D.C.: National Academy Press, 1991), 7.

  “increasing dependency”: Report of the Defense Science Board Task Force on Information Warfare-Defense (Washington, D.C.: Office of the Undersecretary of Defense [Acquisition and Technology], 1996). Quotes are from Duane Andrews, cover letter to Craig Fields, Nov. 27, 1996.

  “In our efforts to battle”: Transcript, President Bill Clinton, Address to Naval Academy, Annapolis, MD, May 22, 1998, http://www.cnn.com/ALLPOLITICS/1998/05/22/clinton.academy/transcript.html.

  CHAPTER 4: ELIGIBLE RECEIVER

  On June 9, 1997: Most of the material on Eligible Receiver comes from interviews with participants, but some also comes from these printed sources: Brig. Gen. Bruce Wright, “Eligible Receiver 97,” PowerPoint briefing, n.d. (declassified; obtained from the Cyber Conflict Studies Association); Dillon Zhou, “Findings on Past US Cyber Exercises for ‘Cyber Exercises: Yesterday, Today and Tomorrow’ ” (Washington, D.C.: Cyber Conflict Studies Association, March 2012); Warner, “Cybersecurity: A Pre-history.”

  The first nightmare case: For more on the Morris Worm, see Cliff Stoll, The Cuckoo’s Egg (New York: Doubleday, 1989), 385ff; Mark W. Eichin and Jon A. Rochlis, “With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988” (MIT, Feb. 9, 1989), presented at the 1989 IEEE Symposium on Research in Security and Privacy, http://www.utdallas.edu/~edsha/UGsecurity/internet-worm-MIT.pdf.

  Todd Heberlein’s innovation: Richard Bejtlich, The Practice of Network Security Monitoring (San Francisco: No Starch Press, 2013), esp. the foreword (by Todd Heberlein) and Ch. 1; Richard Bejtlich, TAO Security blog, “Network Security Monitoring History,” April 11, 2007, http://taosecurity.blogspot.com/2007/04/network-security-monitoring-history.html; and interviews. Bejtlich, who was an officer at the Air Force Information Warfare Center, later became chief security officer at Mandiant, one of the leading private cyber security firms. The founding president, Kevin Mandia, rose through Air Force ranks as a cyber crime specialist at the Office of Special Investigations; during that time, he frequently visited AFIWC, where he learned of—and was greatly influenced by—its network security monitoring system.

  A junior officer: That was Bejtlich. See a version of his review at http://www.amazon.com/review/RLLSEQRTT5DIF.

  “banner warning”: Letter, Robert S. Mueller III, Assistant Attorney General, Criminal Division, to James H. Burrows, Director, Computer Systems Laboratory, National Institute of Standards and Technology, Department of Commerce, Oct. 7, 1992, http://www.netsq.com/Documents_html/DOJ_1992_letter/.

  by the time he left the Pentagon: Bejtlich, “Network Security Monitoring History.”

  These systems had to clear a high bar: In the 1980s, the Information Assurance Directorate’s Computer Security Center wrote a series of manuals, setting the standards for “trusted computer systems.” The manuals were called the “Rainbow Series,” for the bright colors of their covers. The key book was the first one, the so-called Orange Book, “Trusted Computer Systems Evaluation Criteria,” published in 1983. Most of the work was done by the Center’s director, Roger Schell, who, a decade earlier, had helped the intelligence community penetrate adversary communications systems and thus knew that U.S. systems would soon be vulnerable too.

  On February 16, 1997: CJCS Instruction No. 3510.01, “No-Notice Interoperability Exercise (NIEX) Program,” quoted in Zhou, “Findings on Past US Cyber Exercises for ‘Cyber Exercises: Yesterday, Today and Tomorrow.’ ”

  The game laid out a three-phase scenario: Wright, “Eligible Receiver 97,” PowerPoint briefing, The rest of the section is based on interviews with participants.

  The person answering the phone: Matt Devost of the Coalition Vulnerability Assessment Team had experienced similar problems when he tried to find the American commander’s computer password during one of the five eyes nations’ war games. First, he unleashed a widely available software program that, in roughly one second’s time, tried out every word in the dictionary with variations. Then he phoned the commander’s
office, said he was with a group that wanted him to come speak, and asked for a biographical summary. He used the information on that sheet to generate new passwords, and broke through with “Rutgers” (where the commander’s son was going to college) followed by a two-digit number.

  it only briefly alluded to: White House, Critical Foundations: Protecting America’s Infrastructures: The Report of the President’s Commission on Critical Infrastructure Protection, Oct. 1997, 8, http://fas.org/irp/offdocs/nsdd145.htm.

  CHAPTER 5: SOLAR SUNRISE, MOONLIGHT MAZE

  On February 3, 1998: The tale of Solar Sunrise comes mainly from interviews but also from Richard Power, “Joy Riders: Mischief That Leads to Mayhem,” InforMIT, Oct. 30, 2000, http://www.informit.com/articles/article.aspx?p=19603&seqNum=4; Solar Sunrise: Dawn of a New Threat, FBI training video, www.wired.com/2008/09/video-solar-sun/; Michael Warner, “Cybersecurity: A Pre-history;” and sources cited below.

  “the first shots”: Bradley Graham, “US Studies a New Threat: Cyber Attack,” Washington Post, May 24, 1998.

  “concern that the intrusions”: FBI, Memo, NID/CID to all field agents, Feb. 9, 1998 (declassified, obtained from the Cyber Conflict Studies Association).

  “going to retire”: Power, “Joy Riders.”

  “the most organized”: Rajiv Chandrasekaran and Elizabeth Corcoran, “Teens Suspected of Breaking into U.S. Computers,” Washington Post, Feb. 28, 1998.

  Israeli police arrested Tenenbaum: Dan Reed and David L. Wilson, “Whiz-Kid Hacker Caught,” San Jose Mercury News, March 19, 1998, http://web.archive.org/web/20001007150311/http://www.mercurycenter.com/archives/reprints/hacker110698.htm; Ofri Ilany, “Israeli Hacker Said Behind Global Ring That Stole Millions,” Haaretz, Oct. 6, 2008, http://www.haaretz.com/print-edition/news/israeli-hacker-said-behind-global-ring-that-stole-millions-1.255053.

  “not more than the typical hack”: FBI, Memo, [sender and recipient redacted], “Multiple Intrusions at DoD Facilities,” Feb. 12, 1998 (obtained from the Cyber Conflict Studies Association files).

 

‹ Prev