[iwar] Interesting article on Cyberwar from SE Asia

From: Fred Cohen (fc@all.net)
Date: 2001-08-14 05:18:58


Return-Path: <sentto-279987-1605-997791544-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Tue, 14 Aug 2001 05:20:07 -0700 (PDT)
Received: (qmail 22822 invoked by uid 510); 14 Aug 2001 12:19:27 -0000
Received: from n18.groups.yahoo.com (216.115.96.68) by 204.181.12.215 with SMTP; 14 Aug 2001 12:19:27 -0000
X-eGroups-Return: sentto-279987-1605-997791544-fc=all.net@returns.onelist.com
Received: from [10.1.4.56] by mr.egroups.com with NNFMP; 14 Aug 2001 12:19:05 -0000
X-Sender: fc@big.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-7_3_1); 14 Aug 2001 12:19:04 -0000
Received: (qmail 87575 invoked from network); 14 Aug 2001 12:18:59 -0000
Received: from unknown (10.1.10.27) by l10.egroups.com with QMQP; 14 Aug 2001 12:18:59 -0000
Received: from unknown (HELO big.all.net) (65.0.156.78) by mta2 with SMTP; 14 Aug 2001 12:18:58 -0000
Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id FAA25660 for iwar@onelist.com; Tue, 14 Aug 2001 05:18:58 -0700
Message-Id: <200108141218.FAA25660@big.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Tue, 14 Aug 2001 05:18:58 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] Interesting article on Cyberwar from SE Asia
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

PROXY WAR IN CYBER SPACE

By B. Raman 
October 19, 2000
 
The principal threats to networked information systems
(IS) arise from paralysis or destruction, clandestine
data distortion or transfer and defacements. Paralysis
or destruction could be caused either by directly
interfering with the IS or by indirectly disabling the
source of power supply or the telecommunication
system, without which networks cannot function. 

The war in Iraq in 1991 saw the US and the UK
allegedly paralyzing the networks in Baghdad by direct
interference with the IS through microchip moles
planted in the hardware/software supplied to Iraq
during the Iran-Iraq war of the 1980s as well as by
aerial strikes on the telecommunication system. During
the Kosovo conflict last year, the power stations in
Belgrade were paralyzed by the US through the use of
the graphite bombs, thereby rendering the networks
non-functional. 

Effective use of the graphite bombs requires precise
identification of the location of the power stations.
With the Nuclear-Driven Radio Frequency Warheads
(NDRF), reportedly under development by the US, such
identification is not necessary. 

From a satellite, one can reportedly cause the
explosion of the NDRF at a height of 50 to 100 KMs
over a target area, creating an intense
electro-magnetic field, which, it is claimed, would
disrupt all command and control equipment, computer
networks, power grids and telecommunication systems
within a radius of about 1,000 kms, without any
radiation fall-out or other collateral damage on the
ground. 

Data distortion is a new stealth weapon, the dangers
of which have not been adequately understood by
security experts, particularly in India. When data are
destroyed or defaced, one immediately notices it and
can manage the resulting crisis with the help of
back-up systems and redundancies, consciously created
at different nodal points, in the State as well as in
the private sector, as in University networks for
example, with the latter's co-operation. 


Skilful and clandestine data distortion will often be
noticed only after something has seriously gone wrong,
such as a missile failing on the launch pad or going
astray. Data transfer, which involves the theft of
sensitive or classified data from an IS, often remains
unnoticed unless the establishment concerned has a
competent computer security staff. 

Data defacement is the most widely-reported, but
not-so-dangerous of the possible threats to IS from
internal or external elements. One notices it
immediately after it has occurred and can take the
necessary corrective action. In fact, defacements help
one, in a way, by making one aware of the weak points
in one's IS. 

Governments as well as private establishments avoid
admitting penetration of their IS, lest public
confidence in the dependability of their systems be
shaken. As such, available statistics, tabulated by
groups such as "Attrition", are often incomplete.
Moreover, they document mostly instances of
defacements. No reliable data are available of
successful instances of IS penetration, which resulted
in paralysis or destruction of systems or in data
transfer or distortion. 

But, these statistics do give an idea of the
increasing magnitude of the threats to IS security due
to the activities of hackers, working either
independently or at the possible instance of
intelligence agencies or alienated anti-government
groups, including terrorists. Hackers are the
mercenaries of the new millennium and the advent of
the networked IS has enabled individuals to wage a war
against a State, unnoticed and often undetected till
the worst has happened. 

Since August 1995, there have been 7,912 reported
instances of penetration for defacements, of which
5,149 or 65.08 per cent were in the US, and the
remaining 2,763 or 34.92 per cent were in other
countries. 

Amongst the US establishments whose IS was reportedly
penetrated were private companies (3,303),
non-governmental organizations (556), network
providers (435), universities and research
laboratories (376), the Navy (58), the National
Aeronautic and Space Administration (50), the Army
(47), the Air Force (12), the Marines (5), other
military establishments (34), the Department of
Energy, which controls nuclear research laboratories
(8), other Government departments (231) and banks
(47). 

The large number of penetrations in the US could be
attributed partly to the large spread of networked IS
in the US, as compared to other countries, and to the
better system of reporting due to the regular
sensitisation of public servants and business
executives about the need for prompt reporting of
penetrations and about the dangers of a cover-up. 

The US is believed to have the best IS security
infrastructure in the world in terms of laws, trained
computer security experts, protection technologies
etc. The fact that, despite this, there have been so
many instances of reported and often undetected (until
post-event) penetration would give an idea of the
seriousness of the threats which countries such as
India, which are at least 10 years behind the US in
developing similar computer security consciousness and
protection infrastructure, face from potential cyber
invaders. 

In Asia, the largest number of penetrations for
defacements since 1995 has been from South Korea
(142), followed by Japan (63), China (59), Malaysia
(46), India (37), Singapore (20) and Pakistan (17).
The much smaller number in Pakistan as compared to
India does not necessarily mean that IS security there
is better than in India. It is more due to the fact of
a much larger spread of networks in India. The more
the networks, the greater the possibility of
penetration. 

Pakistan lags far behind India in Information
Technology (IT), but Gen. Pervez Musharraf, its
self-styled Chief Executive, has embarked on an
ambitious program for catching up with India.
Budgetary allocations have been increased considerably
to promote computer education and research and to
persuade Pakistani IT experts in the West to help
Pakistan in this regard. 

However, there is one domain in which Pakistan seems
to have taken a lead over India -- in mobilizing the
resources of overseas Pakistani and other Islamic IT
experts and hackers in its electronic Psychological
Warfare (Psywar) against India and in raising a
dedicated corps of hackers, who could be used to
identify weak points in the IS of Indian
establishments and use them appropriately. 

The potential of the World Wide Web (WWW) for Psywar
purposes was realised by the Inter-Services
Intelligence (ISI) long before the Indian intelligence
did. 

There are about 150 jehadi websites on the WWW today.
They provide the following services: 

Dissemination of information regarding jehad in
different countries. 
Instructions on how to become a Mujahideen, how to
prepare improvised explosive devices etc. 
Database on where one could purchase arms and
ammunition and their prices. 
A bibliography of 266 articles on urban guerilla
warfare and low-intensity conflicts. 
Anti-State propaganda. 
About one-third of these web sites relate to the
so-called jehad in Kashmir and are run by
organizations such as the JKLF, the
Harkat-ul-Mujahideen, the Lashkar-e-Toiba etc. 

Groups such as Attrition periodically publish a list
of the 10 most active hacker groups of the world. Two
groups of Pakistani hackers, calling themselves
"GforcePakistan" and "Pakistanhc" figure in this list.
The first one is estimated to have caused 110
defacements all over the world since 1995 and the
second 99 defacements. Their targets include not only
India, but also the US to protest against the US
attitude on Kashmir. 

A third group calling itself the Muslim Online
Syndicate (MOS) surfaced in March last, with an
unverified claim of having defaced almost 600 Web
sites in India and taken control of several Indian
government and private computer systems, in protest
against alleged Indian atrocities in Kashmir. 

D. Ian Hopper, the CNN's Interactive Technology
Editor, reported as follows: "Unlike the majority of
Web vandals, the MOS members say they secretly take
control of a server, then deface the site only when
they "have no more use" for the data or the server
itself." 

He quoted one of the members of the group as saying as
follows: "The servers we control range from harmless
mail and Web services to 'heavyduty" government
servers. The data is only being archived for later use
if deemed necessary." 

It was suspected that the MOS managed to have access
to Indian Websites and IS through Alabanza, a
Pakistani-controlled American Internet Service
Provider, which had reportedly a colloboration
agreement with a well-known Indian dot.com company,
without the latter being aware of its Pakistani
connection. 

There are many other Pakistani and Islamic hacker
groups which have been active, with some of them
giving online tutorials on how to use malicious
software and hack and even providing malicious
software, which can be downloaded and sent to someone
whose computer one wants to damage. 

These groups describe the growing number of hackers in
the Pakistani Diaspora abroad as "Pakistan's greatest
natural resource". The fact that they are able to
indulge in such blatantly illegal activities online
despite stringent Western laws against cyber crime and
vandalism should be a matter of concern to Indian
national security managers. 

Cyber Space Security Management has already become an
important component of National Security Management,
Military-related Scientific Security Management and
Intelligence Management all over the world. Future
intrusions threatening our national security may not
necessarily come from across the land frontier, or in
air space or across maritime waters only, but could
also come in cyber space. Intelligence operations and
covert actions will be increasingly cyber based. 

It is important that our intelligence agencies gear
themselves up to this possibility from now onwards. It
is, therefore, advisable to put in place a National
Cyber Space Security Management policy to define the
tasks that need attention, specify the
responsibilities of the individual agencies and
provide for an integrated approach and architecture. -
Asiafeatures.com 

  The writer is Additional Secretary (Retd), Cabinet
Secretariat, Govt. of India, and, presently, Director,
Institute For Topical Studies, Chennai. E-mail:
corde@vsnl.com.  

=====
Ravi V Prasad
rvp@lycos.com, rvp@excite.com

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:39 PDT