How Today's Playgrounds Become Tomorrows
Battlefields...
Or will it?
A Special Report
by Shawn Pence
The Internet had become
a relatively peaceful home away from home (or from your home, for that matter) to many of
us over the last few years. There is seldom a day that many of us do not hop on the
internet, if ever so quickly, just to check our mail or the stocks or maybe business news.
Software today is heavily reliant on the internet , allowing us not only easy access to
patches and updates, but allowing us to cooperate and effectively "play" with
one another. Whether that play is simple communication or actual play, in online games
like Half-Life: TeamFortress or X-Wing: Alliance.
But that carefree,
easygoing internet of today is quickly becoming a brutal battlefield, with real
soldiers battling on it.
Though it has been
apparent from the very beginning of large distributed networks, like the internet, that
they would someday be a combat theater in their own right, it was the attack by an Israeli
hacker (known as the Analyzer) and his accomplices in California that piqued the nations
interest in February 1998 (ZDnet/UK CyberWars: Vigilance or Paranoia). These three young
men managed to move effortlessly, despite attempts by the paltry information defense lines
put in place to stop them, from Defense department computer to computer. From one network
to another. While this incident was little more than a prank, it alerted people from the
streets to the President of the United states that our information infrastructure, the
backbone of not only the US communications networks but the heart of the world wide web,
was sorely open for attack.
The reactions came
swiftly and, over the next year and a half, several military, governmental and private
sector organizations have been formed specifically with the purpose of curtailing acts of
information warfare. Organizations not only limited to the United States, but through many
other countries as well, including China, France, Russia and Great Britain. In addition,
major movements and military-political organizations are forming "task forces"
of their own to deal with the growing threat. Most notably are Spain's Basque ETA
Commandos, many Colombian Drug cartels and the Irish Republican Army.
Our country's defenses
are the most extravagant by far, boasting dozens of information warfare committees and
organizations. Most important are major co-operative efforts such as the National
Information Protection Center (NIPC). The NIPC is a group primarily consisting of special
agents from the FBI but also including representatives from the military and national
security sides of the government. Also notable in this arena are the Critical
Infrastructure Coordination Group and the US Commerce Department's Critical Infrastructure
Assurance Office (CIAO). Each of these is comprised of members of not only government
departments and organizations, but of representatives from major businesses and private
sector information specialists.
Lastly, and most
interestingly, if you ask me, is the Air Force Information Warfare Center (AFIWC) at Kelly
Air Force Base in San Antonio. The entire purpose for this group is to monitor and
"police" activity in the nations defense networks and to, in the event of an
actual cyber attack, go on the offensive against the attacker. Fighting fire with fire. To
paraphrase the words of Air Force Colonel James C. Massaro, commander of the AFIWC,
"(my) team is prepared to hack back - virus for virus, break-in for break-in, worm
for worm."
So there you have it, a
massive defense, paid for by the people to protect themselves and their businesses, ready
to act at a moments notice. The only problem is, no one knows how the cyberterrorist will
attack...or what...or when.
That's right, no one
knows. Oh sure, there is plenty of speculation. From collapsing the Stock exchange to
poisoning the food supply. But are these truly likely scenarios or are we submitting once
again to the "politics of panic?" Let's take a critical eye to four of the
proposed methods of attack.
Situation 1: The first
situation is the purposeful collapsing of a major stock exchange, Such as the
Nikkei(Tokyo) or New York.
The chances of this
being a likely target are incredibly small, despite what appears to most to be a big fat
juicy target. The problem with taking down a major exchange, especially one as large as
the NYSE, is that if your attack were successful, you'd damage and possibly annihilate
yourself! Most organizations, legitimate or not, have money that runs to or from them through
the market sources in place. If you take one down, the rest might possibly collapse
upon themselves as well, leaving a potential attacker with no funds of his own and no
simple way to acquire them. This defense, though based on sane reasoning (something which
terrorists are not typically characterized as having), is the "mutually assured
destruction" defense, the same one the United States and Soviet Union used to prevent
to launch of a nuclear weapon and which, despite it's naysayers, seems to have worked. To
quote Wayne Madsen, computer security expert and policy fellow at the Electronic Privacy
Information Center in Washington, D.C. "Most terrorists move their money through the
same networks; they stay in hotels." The FBI seems to disagree with Mr. Madsen, but
his reasoning is sound. The FBI also has vested interest in keeping the Cyberterrorism
hype loud and strong, since they are receiving special funding for these projects outside
of their normal yearly budgets.
There are many who do
not see the interconnection of the world market nor the connections between illicit
activities and major finical markets and channels, including the President of BeVar
Systems, Benedict Varela. To defend my position, let's look at the following logical
conclusions. Every major business, from Wall street Traders to Colombian drug cartels, use
a part of the world marketplace to move money, not out of want, but out of necessity. This
is not a guess, this is a fact. Money laundering is a necessary part of business for most
large scale criminal activities and this activity requires, eventually, the use of
professional financial organizations and professional legal and financial services (Hot Money and Civil Liability - Financial institutions and professional
advisers beware, A & L Goodbody
Solicitors)Just because the particular
market devices some companies use are not capable of being touched directly by the US
government does not mean that these same markets would remain unscathed should any part of
the world financial "village" crash or disappear. If the Nikkei drops, the NYSE
feels a hit, and so do the offshore trading companies in the Caribbean. So, the Yen
suddenly values itself higher? The US Dollar correspondingly will adjust. Even in
countries such as the US, just because money transfers are monitored and most, if not all
financial institutions lend full support to law enforcement, should they need it, it does
not preclude the fact that these countries and their financial institutions are not
vulnerable to use from illicit activities. (INCSR-International
Narcotics Control Strategy Report 1996 - Money Laundering). Let's not forget that
most of the illicit businesses and terrorist movements in the world also have
legal and legitimate fronts, business or political, that provide these illicit businesses
or movements with support; both financially and popularly. It is common knowledge that
so-called "organized crime" uses businesses, completely legitimate ones, to
protect the illegal activities. In addition, reactionary movements such as the Irish
Republican Army are backed and supported by the support of legitimate political parties,
such as the Sein Fein.
An important point put
forth by Mora Stevens in her address to
the Woodrow Wilson School Policy Conference 401A Intelligence Reform in the
Post-Cold War Era (read the Full address) reinforced the concept that large Organized
illegal businesses need to use the current financial systems
"...most organized crime groups are
only interested in political power for the security it would provide their organization
and are primarily motivated by money."
This article not only points out that
organized crime and terrorists may use the banks and financial institutions, but that some
of these organizations control the banks themselves. In this case, specifically
in Russia.
"The Russian Interior Ministry has
estimated that organized crime 'controls' most of Russia's 200 banks and half of its
financial capital ('"control' ranges from ownership and operation to influence over
bank decisions through threats of violence)"
Furthermore, Reuters news service
released articles containing the following texts (read the full article), attributed to the Swiss police.
"An analysis of several individual
cases allows one to conclude that it is very simple for people from the East to transfer
large sums of money to Switzerland from murky sources and that organized crime in eastern
countries is using Swiss financial services," said the police annual intelligence
report.
"To an increasing extent, dubious
people ... and dubious money from the East are starting or buying companies with no
visible business activity in Switzerland, acquiring financial stakes and buying property
and luxury goods, although Swiss middlemen or companies are often used as
intermediaries."
The Swiss financial structure is linked
directly with the other major markets and will take a beating should one of them fall or
be terribly disrupted.
Things are no different in terrorist
specific activities, either. In an article from the Jewish News of Greater Phoenix(article),
Matthew Dorf writes about large and continual fund transfers between the Palestinian Hamas
and the Texas-based Holy Land Foundation, under investigation by the US state department.
"According to an American
counterterrorism official, U.S. authorities have opened an investigation into the
Texas-based Holy Land Foundation's relationship to Hamas. U.S. law-enforcement officials
are weighing the evidence with an eye toward prosecuting Holy Land Foundation officials
under the 1996 anti-terrorism law that bans fund raising in the United States for known
terrorist groups, including Hamas".
Going even further, the
line between typical terrorism and organized crime is blurring, increasing the necessity
and probability of these terrorist groups using standard financial methods, just as the
organized crime syndicates do. In the article Terrorism and
Transnational Organized Crime: Implications of Convergence, Neal A.
Pollard, President of the Terrorism Research Center, writes:
"Terrorist groups are currently
interacting with transnational organized crime syndicates, especially narcotics cartels.
Peruvian Shining Path and Colombian FARC guerrillas have provided mercenary security
support for narcotics production and trafficking lines in South America, and there is
strong evidence that the Palestinian PFLP-GC has been using infrastructure in Lebanon to
support drug trafficking. In return, these terrorist groups receive enormous amounts of
money, more so than in “traditional” fund-raising operations such as kidnapping
and bank robbery—operations that are far riskier than supporting narcotics
trafficking. Furthermore, this interaction offers smuggling routes long established and
tested by crime syndicates for drug and arms running, potentially providing terrorists
with logistical infrastructure to clandestinely move people, arms and materiel...
Transnational criminal organizations derive their power through a low profile, working
within the existing structure, seeking not to attract the attention of
“legitimate” powers. However, criminal syndicates do work for money, and there
is no clear reason, given the right price, that such syndicates would not lend their
logistical, communications, and transportation infrastructures to support terrorist
operations."
Of course, the key phrase comes at the
end. Most specifically, the word "infrastructures." Important in the
infrastructures of any business are the distribution systems for monies collected from
various "enterprises." That money must be cleaned, and that's where the banks
and other financial institutions come into play.
Failure to see that most
public political and financial institutions will be affected by a major aspect of the
world market crashing is horribly shortsighted and I've found no disagreement on this
point. Of course, they will be affected. Correspondingly so will the illicit and illegal
activities connected to them, that's just plain common sense. Criminal activity and
terrorist organizations do not live in a vacuum. Let's not forget that, in the case of a
drug cartel, if the people of a country don't have the money to buy the drugs than the
sales from these cartels will necessarily drop correspondingly. Whether it be drug money,
money from the sale of illegal arms or even monies gathered from the sale of human beings,
on the large scale it still primarily goes through some sort of major financial
institution in one way or another.
The second, third and
fourth examples are put forth by one of the lead panic mongers in these issues, Barry C.
Collin, author of the Future of CyberTerrorism: Where the Physical and the Virtual Worlds
Converge. Mr. Collin, currently working with the Office of International Criminal
Justice (OICJ) and the Institute for Security and Intelligence, has put forth so
devastating a report that you would think that we are but mere nanoseconds away from
imminent destruction. Mr. Collin is far over-exaggerating the situation and proposing
situations so unlikely as to be impossible. Note how in the following examples, directly
from his paper, don't imply that these events might happen, but that they will.
Situation 2: "A
CyberTerrorist will remotely access the processing control systems of a cereal
manufacturer, change the levels of iron supplement, and sicken and kill the children of a
nation enjoying their food. That CyberTerrorist will then perform similar remote
alterations at a processor of infant formula. The key: the CyberTerrorist does not have to
be at the factory to execute these acts."
Ok, sufficiently scared?
Because now that Mr. Collin has been nice enough to make us all scared to death about
eating our morning Cocoa Puffs, let's look at the problems with his first situation.
Processing control systems are located
on factory floors and are loaded by technicians by hand. There is no reason to
allow access from the internet or via modem. Each plant is staffed individually
specifically for this reason.
Cereal and baby food companies aren't
stupid. These are big money operations by companies that hate lawsuits and know how the
American people feel about their children. There are massive quality control mechanisms in
place to test the food mix before it leaves the factory.
Even if the other two situations
aren't true, inventory tracking at these plants is excessive. The amount of iron in each
box is carefully noted, and if a massive amount of iron supplement suddenly turned up
missing from inventory, the first thought of the manufacturer would be to make sure it
hadn't ended up in the mix. This isn't good naturedness, this is the manufacturer covering
his butt. Lawsuit paranoia is a beautiful thing, sometimes.
So, there certainly seem to be some
holes in this situation, and those holes also translate over to a similar situation Mr.
Collin has put forth regarding Pharmaceutical companies.
Ok, one down, now let's take a look at
another of Mr. Collin's nearly Orwellian doomsday prophesies:
Situation 3: "A
CyberTerrorist will attack the next generation of air traffic control systems, and collide
two large civilian aircraft. This is a realistic scenario, since the CyberTerrorist
will also crack the aircraft's in-flight sensors. Much of the same can be done for rail
lines."
Oh, ok. This one is "a realistic
scenario." Now I believe you, Mr. Collins. This scenario has been a remote
probability, very remote, for some time and there are safeguards against it already in
place, because the National Transportation and Safety Board jumps at any possible way to
keep the planes from falling from the sky. But let's look at the two major problems with
this one.
Onboard flight systems are not
part of a network, they simply exchange data with the towers and Air traffic controllers.
They do not allow someone with access to the land-borne towers access to the plane's
systems. If that were the case, why don't towers fly planes, such as golfer Payne
Stewart's, to the ground before they run out of gas? The major commercial liners fare no
better as evidenced in the recent crash of Egypt Air Flight 990. The only information
available was from the tower readings until the "black box" was recovered. if
there was a way into the plane as it flew, don't you think the National Transportation and
Safety Board would have learned how to use it to their advantage?
Pilots have eyes and you can't turn
them off. These pilots are not just along for the ride. They actually fly these planes.
Pilots are especially alert when other planes are around, something onboard systems can
detect. They are usually more alert in such instances so they have a greater chance of not
smashing into another plane. The Human factor is mucho importanto here.
Ok, last situation coming up. Now, In my
critical analysis of the 6 possible scenarios provided by Mr. Collin, I've ended up
grouping them into three groups. The last group is really the final situation. Just in
case you're interested the groups are:
Remote Controlled Mixers of Death:
Cereal/Infant Formula and Pharmaceutical scenarios
Remote Controlled Objects of Doom:
The Air Traffic Control and Gas Pressure scenarios (see the original document for this one, it's wonderfully melodramatic)
"The CyberTerrorist doesn't
need a large truck" Defense of Destruction: In addition to Mr. Collin's unique
spin on the first situation, in which he cites the fact that "...a large
truck..." pulling alongside the Federal Reserve "...would be noticed,"
whereas a cyber terrorist can pull the heist from "another continent," He also
discusses the following situation. I'd like to stress the fact that these are exact
quotes.
Situation 4: "A
CyberTerrorist will place a number of bombs around a city, all simultaneously transmitting
unique numeric patterns, each bomb receiving each other's pattern. If one bomb stops
transmitting, all the bombs detonate simultaneously. The keys: 1) The CyberTerrorist does
not have to be strapped to any of these bombs; 2) no large truck is required; 3) the
number of bombs and urban dispersion are extensive; 4) the encrypted patterns cannot be
predicted and matched through alternate transmission; and 5) the number of bombs prevents
disarming them all simultaneously. The bombs will detonate."
Wow.
I mean it, wow. Not that this is so
perfect and ingenious a situation that we are all doomed to certain death, but that this
situation is so full of holes that it looks like the shirt I change my oil in. Let's take
the pleasure of point by point taking this one apart, shall we?
"The CyberTerrorist does not
have to be strapped to any of these bombs." Of course, this is also the case in
typical terrorist bombings. For some reason Mr. Collin is convinced that all normal
terrorists (and I use the word "normal" loosely) walk, eat and sleep, 24 hours a
day, with a bomb strapped to their back, making them easy prey. He also seems to think
that dying for their cause is something that stops would-be typical terrorists from doing
their deeds. Um, Mr. Collins, it seems many dead terrorists would disagree with you.
"No Large Truck is
required" There it is! Imagine the dialogue between two typical
terrorists.
Terrorist 1: "Gosh, I'd sure like to blow up a government building today,
Bob"
Terrorist 2:"But we don't have a truck, Ted"
Terrorist 1: "Well, Bob, that tanks that plan, you can't blow up a building
without a truck."
Terrorist 2: "But wait, Ted, we have AOL, We can do it from there and
without a truck!"
Despite the obvious ludicrous nature of this point, a simple question to Mr. Collin: How
do they get the computer bombs around the city...horseback?
"The number of bombs and
urban dispersion are extensive." Huh? Ok, so I get the point that there are a
lot of bombs, and that these would best be placed in a big city, but is that your whole
point? The mere fact that cities are big and terrorists have bombs just laying everywhere,
growing on trees, is not enough to convince me that these new CyberTerrorist will be more
likely to use this tactic. CyberTerrorist are, by definition, the fat lazy geeks of the
terrorist world. So they are even less likely, logically, to wander around the city
carrying bombs, especially without trucks.
"The
encrypted patterns cannot be predicted and matched through alternate transmission." Yeah,
right, and Windows is a flawless operating system. For this sort of encrypted System to
work the other bombs would need to "know" what signal to expect, which most
likely will repeat. Not only could those signals be duplicated and passed on in sequence,
but modern bomb squads could also use those very signals to locate the other bombs in the
sequence, the numbers of which would be limited by transportation purposes (See "2.
No Large Truck...")
"The number
of bombs prevents disarming them all simultaneously." Number of bombs is
limited, remember...no truck. Well, I'm no bomb disposal expert, but couldn't you just
remove the transmitter unit from the firing circuit so that the transmissions go on
normally while you diffuse the bomb in a normal manner? You'd need an extra battery to
power the transmitter, but I'm told the Bomb squad might have those. Or maybe you could
route the power from the battery around the firing circuit to the transmitter. Of course,
no amount of planning will help if the Bomb squad doesn't have a truck. You can't do anything
without a truck, and it has to be a large one.
Ok, so I've ridiculed
this one enough, suffice it to say that this particular scenario (not to mention all of
the others) has a few problems with it. but Mr. Collin has brought up another point in a
different section in his remarks that makes me worry. And not only professionally, mind
you, but personally.
Mr. Collin makes the
following remark in his paper, under the heading Crackers as Facilitators:
"Individuals
with a background in intelligence are aware that a frequent element of case execution is
enlisting the indigenous, sometimes called "facilitators," to assist in a
campaign. At the convergence of the physical and virtual worlds, the indigenous are the
crackers."
Now that might not
bother most of you reading this, but it does bother me, because part of my job is hacking,
since that's what we prefer to call it. I am a hacker. It's part of what makes me a better
technician than the other jokers out there. It also bothers me because there are a lot of
people like me in this country. Sure we hack, and we're good at it, but we are not
traitors to our country because of it. In fact, in the slowly approaching information
wars, the best defense this country can muster are the legions of intelligent and skilled
hackers that handle security matters such as these every day of their lives. Who do you
think staffs the AFIWC? Soldiers? No, hackers. Hackers with stripes, maybe, but hackers
first.
These people know the
ways in and where the damage could be done. The United states has more hackers and
computer security experts than any other country. Companies know this and routinely hire
hackers to not only test security systems but to design them. And these jobs pay well,
too, Mr. Collins. We, as hackers, are an asset, not a detriment, to this
country's computer security.
It's bad enough for us
hackers as it is without some "expert" beginning some sort of cyber McCarthyism and hunting down this nation's best and brightest programmers
because he thinks we might be "facilitators." What about the phone company,
Uncle Joe? If we didn't have phone lines no one would be able to hack us! Are we going to
form a new evil empire, the Cyberists? Hell bent on taking control of the computer system
and networks of the world!? Out to destroy freedom and democracy!?
No. Hardly.
We'll keep finding your security holes
and bringing these faults into the public eye. And we'll do it because we like doing it
and with no thanks from anyone.
Is CyberTerrorism real? Of course. It's
as real as anything virtual can be and a legitimate threat to people the world over. But
is this threat as certain as Mr. Collins portends it to be? No. The greatest threat we
face now from the cyber terrorist is propaganda, plain and simple. In the future, when the
world is far more connected than it currently is, some of the above scenarios may be
possible, but as the technologies develop and grow, so do the defenses.
And so do the hackers manning them.
Have something to say about
Cyberterrorism?
Let us Know! |