In the summer of 2009, “Hacktivists”, which are politically motivated hackers, kept Tehran a riot zone for several weeks with their ability to keep the lines of communication open by circumventing their government’s effort to wall-off Iran’s connection to the Internet. But as cyberspace has proven time and time again, information can flow like water through cloth. The Hacktivists used Facebook and Twitter to get their message out, coordinating hugely attended rallies.
In the US, as the Obama administration takes cyberwarfare to the center of the stage, the US military along with the National Security Agency are no doubt building the technology, the networks, the computer power and the viruses, that may someday take down Chinese satellite links, thus hopefully turning the People’s Liberation Army blind and deaf as our forces close in.
Indeed, research into offensive computer warfare is ongoing at fever-pitched pace. You can also bet that billions have been spent on this research and the manpower to do it. Not long ago, and during the Bush administration when the Pentagon had devils-horns for the most exotic of weapons, one high-ranking Air Force officer basically gave notice to the rest of the world that rumors a Chinese military hacker unit was able to outwit and out-hack a US military hacker unit was nothing but bullshit.
“The effects that we could produce in and through cyberspace range from simple deterrence all the way to unmitigated destruction and defeat,” bragged Air Force Secretary Michael Wynne earlier this decade in an issue of
Air and Space Power Journal
. “However, it is important to emphasize that non-kinetic does not equate to nonlethal,” he wrote. “Just as we can use a kinetic attack to terrify rather than kill, so can we employ non-kinetic attacks to deliver a full spectrum of effects to irritate or cause tremendous loss of life and destruction of property.”
Non-kinetic attacks that cause tremendous loss of life? Wynne’s statements sound as if the US military has in the works the power to disintegrate enemies as they sit at their computers. But because the US has been so secret about its offensive cyber capabilities (or CNA), no one is sure what is truly being coded and programmed within some of the US cyberwarfare units now in existence.
As Capt. Damien Pickart of
STRATCOM
(Strategic Command) once told me: “The US military is capable of mounting offensive CNA. For security and classification reasons, we cannot discuss any specifics. However, given the increasing dependence on computer networks, any offensive or defensive computer capability is highly desirable.”
Desirable but also monstrously dangerous in the forms of worms and viruses. Past viruses and worms coded by angst teenagers have taken down huge areas of the Web, no less. Banking institutions brought to their knees by kids who don't even have a bank account. If a teenager can write lines of code that makes thousands of ATMs crash, what could a 100-man, highly-trained unit of professional hackers do with all the right tools and computer power? Perhaps more importantly, what type of worm or what virus could they possibly unleash?
“The reality is, once you press that Enter button, you can't control it,” said cyberwarfare expert Dan Verton to me, who has authored several books on the subject. “If the government were to release a virus to take down an enemies’ network, their radar, their electrical grid, you have no control what the virus might do after that.” No control in cyberspace is probably one good reason the US military remains silent about its emerging CNA arsenal. They may have virtual worms that could wreak havoc like virtual dragons; and thus trying to tame this power has become a main goal of research. In fact, in 2003, as the US prepared to invade Iraq, there was a plan in place to unleash a cyberattack against Saddam Hussein’s finances. An attack that could’ve knocked out his ability to pay for the war. But the Bush administration called it off.
“We knew we could pull it off – we had the tools,” said one senior official to the
New York Times
. But the White House was worried that the attack would spread to other financial networks and cripple the global markets, potentially costing Americans with their own friendly (financial) fire.
But a CNA against Iraq’s telephone networks was given a green light resulting in collateral damage. The attack also targeted networks helping with satellite communications. The attack, however, only temporarily took down the telephone, cell phone and satellite telephone systems that offered service in nations surrounding Iraq. In the
New York Time
article, John Arquilla, of the Naval Postgraduate School in Monterey, Calif., said, “Policy makers are tremendously sensitive to collateral damage by virtual weapons, but not nearly sensitive enough to damage by kinetic (conventional) weapons. The cyberwarriors are held back by extremely restrictive rules of engagement.”
What US Military Command or what units are waging CNA is a complicated question fogged by the Pentagon’s super tight-lipped approach to CNA. There is, for example, the 262nd Information Warfare Aggressor Squadron, an Air National Guard unit in Washington State, which has tapped into guardsmen employed at Microsoft, Adobe, and Cisco. The Air National Guard is also drawing from Sprint and Boeing for the Kansas- based 177th Information Aggressor Squadron. But obviously there are many more and their numbers growing.
The 262nd and 177th are just part-time cyberwarrior units, yet they may staff this nation’s best cyberwarriors considering where they work and what they do during the week (IT experts). The Air Force, which had designated itself the branch of the military that would lead the war in cyberspace, was reined in by the Pentagon in 2008 as moving this mission forward too fast and taking on too much. The responsibilities of cyberwarfare are now being distributed throughout all branches.
Nonetheless, the US military’s new focus on recruiting talent from high-tech companies raises a potential conflict of interest. Cisco’s routers and switches are considered the nervous system of the internet worldwide. Microsoft and Adobe products are used by hundreds of millions across the planet, and have suffered from programming errors that make them vulnerable to attack. Errors Microsoft and Adobe keep secret inside the company for weeks or months before they publicly offer a patch.
In the hands of an offensive cyberwar unit, advance knowledge of serious vulnerabilities could be devastating, says Robert Masse, a reformed hacker who founded Montreal-based computer security firm GoSecure. Cyberwarfare is “all about knowing exploits no one else knows about,” says Masse. “You need the exploits to break in. The people with the most exploits win.”
Some countries – notably China – have voiced concerns that Microsoft might pack backdoors in its closed-source operating systems and applications. In an effort to curb distrust, in 2003 Microsoft signed a pact with China, Russia, the United Kingdom, NATO and other nations to let them see the Windows source code. But the company is mum on whether it sees ethical problems in its engineers working part time for a military unit dedicated to hacking its products.
“Microsoft does not hold specifics about employees that are supporting cyber- warfare units),” said a Microsoft spokeswoman to me in 2007. “So to this end, there really is no comment on the types of work they are doing.” Cisco and Adobe also declined to comment.
Cybersecurity expert Richard Forno, who runs infowarrior.org, praised the recruitment effort. “The whole idea of an offensive information warfare unit, particularly a Computer Network Attack or CNA unit, is to build capabilities for possible exploitation down the road,” says Forno. “It just so happens the U.S. is lucky that the companies building the world's most popular and widely used IT products are based in the United States.”
Dan Verton says military personnel have told him numerous “black programs” involving CNA capabilities are also ongoing, while new polices and rules of engagement are now on the books. One classified CNA attack – a stealth-like attack unleashed by the US that has not remained a secret, claims Verton – took place in the mid-1990s against Serbia, during the Bosnian war. Verton says a team of US military ops was dropped into Serbia, and after cutting a wire leading to a major radar hub, connected a device that emitted phantom targets on Serb radar.
The ground for CNA was prepared in the summer of 2002, when President Bush signed National Security Presidential Directive 16, which ordered the government to prepare national-level guidance on U.S. policies for launching cyberattacks against enemies.
“I've got to tell you we spend more time on the computer network attack business than we do on computer network defense because so many people at very high levels are interested,” said Air Force Maj. Gen. John Bradley, during a speech at a 2002 Association of Old Crows conference. The group is the leading think tank on information and electronic warfare.
Outside of defense of the America's most needed networks (phone, electric, banking, etc.), some experts suggest the reason the US needs to boost its CNA capabilities is because other nations may have a stronger and smarter cyberwarfare arsenal than the US. A CNA capability that may have already been tested against US networks and servers.
In the spring of 2001, Chinese fighter pilot Wang Wei-a wrecked his jet and died when he tried to buzz a US surveillance plane too close. Convinced the plane was spying on the homeland, the Chinese safely brought it down, detaining the Air Force crew. What happened next is considered one of the first ever “Hacktivist Wars”, or politically motivated hacker attacks. But the cyberconflict has a twist – did a group of young American hackers, presumably living off the parental dole, entice one of the world’s superpowers to set loose a military-programmed virus?
Patriotic American hackers – black hat amateurs if you will – initiated “Project China”, as told to this reporter in 2003, just days after the US Air Force crew was imprisoned. The plan was to round up a posse of pro-American hackers and attack Mainland China Web sites and networks. Attack, in this case, mostly meant inflicting cybervandalism, such as a web site defacement, which can be disruptive if you have to go through the network and seek out more poisonous code.
At the same time, a daily newspaper from Hong Kong,
South China’s Morning Post
, reported that hundreds of young Chinese hackers were going to return the favor in kind. Like two street gangs, the hackers began flexing their virtual attitude. “The whole thing started because we wanted to get their attention and we won't stop until the groups cease to exist and we humiliate them,” said an American hacktivist to the SCMP at the time. Within hours, the paper began hearing of “hundreds of defacements” laced with vulgar and racist remarks against Chinese corporate and government sites.
Just days after the hacker conflict cooled, the White House and FBI’s National Infrastructure Protection Center became aware of a massive scanning operation coming out of China, says Verton, who’s consulted for the Department of Homeland Security. Searching for computers running a Microsoft web server exploitation.
“At the time, there was speculation that it was some sort of test virus released by the Chinese government. It was very sophisticated. But I don’t think we will ever know the whole truth,” said Verton.
Soon after the attack began, the virus – which would later be revealed as the computer worm “
Code Red
” – was programmed to penetrate American university and government-type networks, particularly those with the Microsoft IIS Web server software and Windows’ NT or 2000 operating systems. A worm does not infect via e-mail. Instead it “worms” its way through vulnerability after vulnerability in a computer and its files. And if a Web site was hosted from an infected computer, it was defaced with a “Hacked by Chinese” banner with a red and yellow background. Several days after the mass infection of hundreds-of-thousands of machines, the wormed computers began attacking the Whitehouse.gov domain with Denial of Service attacks.
“That theory [Code Red released by the Chinese government] has been floating around for a year now,” said Tiffany Olson Jones to me back when she was a spokesperson for the Office of Homeland Security.
Again no blood was shed, but the disruption that Code Red caused to the number of global workers who use a computer at their place of employment was phenomenal. Computer security experts and institutions both estimated that Code Red cost over $1 billion in lost productivity. Ten years later in 2010, and showing how this problem will probably never go away, Chinese hackers (again miliary or civilian?) raided Google’s source code.
But without question, the war in cyberspace that has dragged on the longest is the cyberwar still raging between Al Qaeda, and their Islamo-fascist allies, against the United States. And even though neither side is shedding real blood in the virtual world, there is no doubt the cyberwar being waged in conjunction with the War on Terror has become one of this war’s most contested struggles.
And while some analysts argue a cyberwar will never have the equality of pain and suffering of real war, the two have become so strongly linked, the fundamental differences between them are vanishing and thus are becoming one.
A foreshadowing of this virtual struggle of incredible proportions can be traced to mountain tops of Afghanistan a few months after 9/11. Amidst the rugged terrain and gray background, the Taliban were escaping. B-52s were overhead, laying down missile after missile. Lasering the targets from the ground were American special forces, who were closing in themselves.