[iwar] Historical posting


From: Fred Cohen
From: fc@all.net
To: iwar@onelist.com
Mon, Jan 1, 1999 

fc  Mon Jan 1, 1999
Received: (from fc@localhost) by all.net (8.9.3/8.7.3) id FAA15269 for iwar@onelist.com; Tue, 18 Apr 2000 05:21:43 -0700
To: iwar@onelist.com
MIME-Version: 1.0
Mailing-List: list iwar@egroups.com; contact iwar-owner@egroups.com
Delivered-To: mailing list iwar@egroups.com
Precedence: bulk
List-Unsubscribe: 
Date: Mon, Jan 1, 1999
From: Fred Cohen 
Reply-To: iwar@egroups.com
Subject: [iwar] Historical posting

          


            
 http://www.usnews.com/usnews/issue/000313/cyberwar.htm


<BR><FONT SIZE=+2 FACE="ARIAL, HELVETICA" color="#000066"><B>A glimpse
of cyberwarfare</B></FONT><BR><!--END HEADLINE-->

<FONT SIZE=+1 FACE="ARIAL, HELVETICA" color="#666666"><I>Governments
ready information-age tricks to use against their
adversaries</I></FONT><P> <P>



<!-- BTX byline, 4 line drop cap, sidehead, end bullet --> <P>

<B>By Warren P.  Strobel</B> <P>

<P>At first, the urgent phone call from the U.S.  Transportation
Department confounded Cheng Wang, a Long Island-based webmaster for
Falun Gong, the spiritual movement that has unnerved Chinese
authorities.  Why did the department think his computers were attacking
theirs? The answer turned out to be startling.  The electronic blitz
hadn't come, as it seemed, from various Falun Gong Internet sites. 
Rather, someone had lifted their electronic identities.  Computer
sleuths followed a trail back to the XinAn Information Service Center in
Beijing&#150;where an operator identified it as part of the Ministry of
Public Security, China's secret police.</P> <P><P>Web hacking, it seems,
isn't just for amateurs anymore.  While the recent rash of
cybervandalism against some of E-commerce's biggest names has garnered
headlines, that's only part of the story.  From Beijing to Baku,
governments and their surrogates are using the Internet to harrass
political opponents and unfriendly neighbors, to go after trade secrets,
and to prepare for outright warfare.  Burma's military junta, for
instance, is blamed for targeting the "Happy 99" E-mail virus at
opponents who use the Net to advance their cause.  Dissidents describe
the attacks as inept&#150;proof, perhaps, that dictatorships are still
behind the hacking curve.</P> <P>

<P>Hack attack.  But Burma is not alone in trying.  In January, hackers
from Azerbaijan with names like "The Green Revenge" and "Hijack"
tampered with dozens of Armenian-related Web sites, including host
computers in the United States.  Experts suspect involvement or support
from the Azerbaijani government, which imposes tight controls over
Internet use within its borders.  Relations are tense between Azerbaijan
and Armenia, which fought a war over the disputed territory of
Nagorno-Karabakh, so it wasn't long before the Armenians retaliated in
kind.  It is "the first precedent of a physical battle going online,"
says Jonathan Peizer of the Open Society Institute, whose Azerbaijani
office was affected by the attack.  </P> <P>

<P>In Cheng Wang's case, his computers in Hauppauge, N.Y., were among
Falun Gong sites around the world hit by a barrage of hacking attempts
and E-mail "bombs" that coincided with a physical crackdown on the
group's practitioners in China.  Several of the hacking incidents were
traced to the mysterious XinAn office.</P> <P><P>It is often difficult
to track down who is to blame.  But for networked Americans, who own 46
percent of the world's computing capacity, such electronic conflict
should be unsettling.  True, the scariest scenarios dreamed up by
experts, such as a hostile government disrupting financial markets,
haven't come to pass&#150;yet.  But more than a dozen
countries&#150;among them Russia, China, Iraq, Iran, and Cuba&#150;are
developing significant information-warfare capabilities.  A senior CIA
official cited a Russian general who compared the disruptive effects of
a cyberattack on a transportation or electrical grid to those of a
nuclear weapon.  China is considering whether to create a fourth branch
of its armed services devoted to information warfare.  The Pentagon
isn't sitting still either.  Come October, the U.S.  military's
offensive cyberwarfare programs will be consolidated at the U.S.  Space
Command in Colorado.</P> <P>

<P>Nearly as worrisome as a cyberattack to experts is electronic
espionage.  From March 1998 until last May, intruders broke into
computer systems belonging to the Pentagon, NASA, the Energy Department,
and universities, making away with unclassified, but still sensitive,
data.  One of the worst computer security breaches in U.S.  history, it
spawned an investigation, named Moonlight Maze, that pointed to a
Russian intelligence-gathering operation.</P> <P>

<P>Successful cyberwar is likely to be like that&#150;no exploding
munitions to tell you you're under attack.  Tapping into an adversary's
command-and-control system could yield a gold mine of data about enemy
plans.  The longer a cyberspy conceals his presence, the longer the
intelligence flows.  Or, false information about troop locations and
battlefield conditions could be inserted into enemy computers, so that
leaders would end up making decisions based on bogus information.  </P>
<P><P>During the Kosovo bombing campaign last year, the Pentagon set up
a high-level information-operations cell.  "All the tools were in
place," according to an internal briefing prepared by Adm.  James Ellis,
NATO's No.  2 military commander during the war.  But the United States
mostly held back.  By the time Pentagon lawyers approved cyberstrikes
against Serbia, events had overtaken the need for them.  </P> <P>

<P>Double-edged sword.  Cyberwar raises a host of unprecedented legal
questions.  The line between fair-game military sites and civilian
infrastructure may not exist.  "There <I>is </I>collateral damage in
cyberspace," says John Thomas, formerly a top Pentagon
information-security official now with AverStar Inc., an
information-technology firm.  "If you diddle with somebody's control
mechanisms, how assured are you that it would stop right there?" The
United States, more dependent on computer networks than anyone, might
lose the most in legitimizing cyberwar.  Some countries, including
Russia, have proposed what might be called "electronic arms control."
But the obstacles are daunting: Verifying a treaty would make counting
Russian nuclear missiles look easy.</P> <P>

<P>Among the sites hacked in the Caucasus Web war was one belonging to
the D.C.-based Armenian National Institute, which studies the 1915-18
Turkish genocide of Armenians.  Logging onto
<I>www.armenian-genocide.org </I>in late January, you would have been
redirected to a site offering information on Azerbaijan's president.  "I
would certainly encourage everyone to desist, if not indeed [call] a
total cease-fire," said institute Director Rouben Adalian, who reported
the matter to the FBI.</P> <P>P>Jay Valentine already has his own rules. 
Valentine is president and CEO of Austin-based InfoGlide Corp., which
makes powerful search software for such uses as insurance-fraud
investigations.  He will not license the technology to nine countries
and three U.S.  government agencies because of the potential for privacy
abuse.  That hasn't stopped at least one of those countries from trying. 
Two years ago, Valentine says, a company tried to buy rights to the
technology.  It turned out to be a front&#150;for the Chinese
government.  </P> <P>

<I>With Richard J.  Newman</I> <P>

FC