Subject: IW Mailing List iw/951221
Moderator's Note:
Subject: Navy hacked by Air Force

I talked to some people I know about the perported IW attack on a
battleship by the Air Force, and I thought I would help debunk this
story, which my contacts tell me is "wildly inaccurate", but looking
at a few facts.  Let's start with the title:

> War of the microchips: the day a hacker seized control of a US battleship

There are NO active US battleships!!! And there weren't any last
September.  So, at a minimum, there are factual errors.

> BY SIMPLY dialing the Internet and entering some well-judged keystrokes,
> a young US air force captain opened a potentially devastating new era in
> warfare in a secret experiment conducted late last September.  His
> target was no less than gaining unauthorised control of the US Navy's
> Atlantic Fleet. 

According to my sources this was not "SIMPLY dialing the Internet and
entering some well-judged keystrokes".  It was a controlled experiment
with participation of both Navy and Air Force, and involved a great deal
of planning by a large number of people.  It was performed using DoD
owned and properly keyed cryptographic devices designed to be allowed to
communicate with the systems being attacked.

> He was armed with nothing other than a shop-bought computer and modem. 
> He had no special insider knowledge but was known to be a computer
> whizzkid, just like the people the Pentagon most want to keep out.

100% wrong - he was an insider, he had a great deal of assitance, he had
cryptographic devices and keys, and he had special insider knowledge. 
If he was an Air Force captain, he could not have been all that young. 
Whizzkids are usually considered teenagers.  Anyone know of any teenaged
AF captains these days?

> A few clicks and whirrs were the only signs of activity.  And then a
> seemingly simple e-mail message entered the target ship's computer
> system. 
> targeted ships surrendered control as the codes buried in the e-mail
> message multiplied inside the ships' computers.  A whole naval battle
> group was, in effect, being run down a phone-line.  Fortunately, this

Not quite.  This was not an email sent from some Internet site and email
messages did not multiply inside the ships' computers.  Furthermore, the
total bandwidth of a phone line is nowhere near enough to "run" a naval
battle group, or probably even a naval kitchen for that matter.

> The exact method of entry remains a classified secret.

The first (only?) really true part of the story.
From: fc (Dr. Frederick B. Cohen)
Subject: Re: IW Mailing List iw/951220
Date: Wed, 20 Dec 1995 20:26:02 -0500 (EST)

> Date: Tue, 19 Dec 1995 21:05:31 -0500
> From: (Matthew G. Devost)
> Subject: Re: IW Mailing List iw/951219
> Perhaps...but I still haven't seen any indication that this "offensive"
> IW attack is going to be any worse than an unexpected server being
> selected Cool Site of the Day.  Perhaps a tech person from the group can
> give us a realistic estimate.  What are the effects of 10,000 people
> trying to hit the same site at the same time?

Some estimates of the effects of these attacks follow based on personal
experience and histories of similar events.

	- In the case of Web servers such as those described, the
	immediate effect of only 1 site hitting another is to take out
	the recieving site's Web services.

	This is based on numerous experiments, designing and testing
	a custom secure Web server to defend against denial of service,
	and testing a variety of denial of service attacks on local
	area networks.

	- Higher intensity can bring down other services on the server,
	bring down the server, open holes in the server for further
	exploitation, extend those attacks to systems trusting that
	system, bring down the surrounding network, bring down links
	between the sites, reduce overall network flow to where queues
	grow without bound, and eventually, you can bring down a big
	chunk of the Internet if you want to.

	This is based on several experiments under laboratory conditions
	and on real-world events such as mass mailings, spams, and mail
	loops.  Higher intensity is also a good way to cover up a real
	threat, which may be an underlying component of this public

	- If 10,000 people used the best widely available attack tools at
	the same time against sites all over France in a coordinated
	effort, it's likely they would gain root access to 40-60 percent
	of the machines on the Internet in France within a few hours. 
	After that, they could extend the attack, etc.

	This is based on about 2,000 sites that have tested themselves
	against widely known and commonly available threats using the vulnerability testing service.

	- If 10,000 uncoordinated people tried to get into one site, they
	would probably crash the site, slow down some intermediate
	nodes, and waste a lot of their time waiting for a crashed site
	to not respond.

In my estimation, it is almost certain that this particular attack will
end up involving less than 250 people and likely that it will involve
less than 50 people.

With the attack described in the posting and given these estimates of
participation, the attacked sites will likely be denied service for an
hour or two and there will be some nominal network slowdowns.
From: Potter B MSgt ACC/SCXX 
Subject: USAF Information Warfare Squadron Stands Up
Date: Wed, 20 Dec 95 21:03:00 EST

{Quoted verbatim from Air Force News Service -- Bob Potter}

     General Fogleman (USAF Chief of Staff) recently stressed the
importance of information warfare (IW) during remarks to the Scope
Warrior XI Conference of Air Force senior communicators.  "I think we
must view information warfare from three perspectives.  I'm going to
coin a new acronym, IAD, for 'infiltrate, attack, and defend.' Those
actions we take to gain and exploit information on the enemy fall into
the 'infiltrate' component of IW.  Those actions we take to deny,
corrupt, or destroy our adversary's information data bases constitute
the 'attack' component.  And those actions we take to protect our own
information systems and data bases make up the 'defend' component of IW. 

     "I'm convinced that our most important role will be to help
safeguard critical information, storage, and processing systems and the
data they contain so that we can rely on them with confidence.  That
makes the defend component of our information warfare IAD critical. 
Imagine the disruption of our flying operations if weather, navigation,
intelligence or flight instrumentation data is corrupted, or if we even
suspect that this data is corrupted. 

     "Given our success in the Gulf War, we can expect a shrewd foe to
attack our information systems and data bases as a means to undercut our
technological advantages.  Such an adversary would likely be able to
recruit a small cell of experienced computer and software engineers to
launch such an attack.  These could be individuals who are looking to
make a buck, or who have an ax to grind with the US.  And they could
make themselves extremely difficult to detect by our traditional
intelligence systems. 

     "In order to capitalize on what information warfare has to offer,
the Air Force has set up the initial elements of an information warfare
squadron at Shaw AFB under 9th Air Force.  This is an exciting
initiative in which we're empowering our people to design a combat
outfit over the next year. 

     "We're telling 9th Air Force to pull together everything they can
about information warfare.  We've asked them to look specifically at our
current information networks -- command, control, communications,
intelligence, and the like.  Then, determine how a joint force air
component commander (JFACC) can take advantage of all the information
systems and capabilities our nation has to offer.  And finally, build an
operational squadron that can deploy with the air component commander,
set up at the Air Operations Center, and conduct the full range of
information warfare activity. 

     "I envision this squadron will be responsible to the JFACC for
coordinating just about everything having to do with information.  It
will manage how we collect, process and disseminate information.  It
will orchestrate how we defend it.  And it will plan how we attack the
enemy's information capabilities.  An important part of this squadron's
responsibilities will include a 'reach back' capability for specific
tools from the Information Warfare Center. 

     "We'll rely on our bright, innovative people to determine what's
needed in terms of individual skills, communications, computers,
intelligence and any other equipment.  They will also develop the
initial IW concept of operation.  We will continue to refine the
resulting IW squadron over time as we gain practical experience and as
we capitalize on new developments in information technologies. 

     "This is no experiment.  This is the way we will conduct
information warfare in future crises and conflicts involving Air Force
From: "Marcus J. Ranum" 
Subject: Re: IW Mailing List iw/951220
Date: Wed, 20 Dec 1995 21:48:19 -0500 (EST)

>I'll agree with that conventional terrorism would be very effective.  A
>blood flows thicker than bits approach.  But...what if the target group
>did not want to shed blood? Lets clarify the original post and say that
>group involved is similar to the SDS of the 60s (the mainsteam section). 
>Same objectives, they just want to approach their objective without the
>loss of public support and without causing direct harm to the troops.

	Oh, you mean GreenPeace?

	Guerilla warfare need not be bloody. GreenPeace has been
astonishingly effective and has a great deal of popular support.
Again: why do "IW" when you can fight a low tech guerrilla war
cheaper and easier?

	There are 3 main axes to the military art:

	Of the 3, I'll tell you hands down which is deadlier. "IW"
is an uninteresting subset of strategy, and any strategic thinker
worth a pinch of salt will incorporate intelligence and adverse
intelligence operations into their strategic picture. Hyping
intelligence and disinformation as "IW" is all well and good and
has done wonders for certain people's budgets, but it's nothing
new or interesting.
Date: Thu, 21 Dec 1995 00:37:42 -0500
Subject: Re: IW Mailing List iw/951220

>From: "Jesse A Whyte" 
> Although I grant that IW is an upcoming weapon on the electronic
> battlefield, I would hardly say that one individual, with even a
> moderate amount of resources, could harness enough IT to potentially
> come to bear against actual armed forces.

I do not assume that my IW attack is against armed forces or the
military or the government.  Depending upon my motivation, I am going to
strike at the weakest point (Clauswitz) and that will likely be a
civilian/private infrustructure component. 

Do not fall into the trap that IW is an exclusive MIL domain.  Far from
it.  That it why I allow small-time cyber-terrorists into my model. 
From: John Young 
Date: Wed, 20 Dec 1995 17:22:32 -0500
Subject: DCI_kgb 

   The 12-20-95 WPost reports the Deutch/Perry move to
   kremlinize finance of the 13 spy agencies under the DCI 
   -- to transform the "vaguely associated medieval guilds 
   into a modern corporate team" -- and palmly slather $29 
   billion IC grease:

      National Forward Intelligence Program (CIA, NSA, DIA,
      NRO, parts of three G2s, DOE and FBI): $16bn.

      Tactical and Related Activities (warfighting support):

      Joint Military Intelligence (cryptology, aerial recon,
      counter-narc and mapping): "Several billion."
Date: Thu, 21 Dec 1995 10:08:02 -0500
From: (Jerry Leichter)
Subject: Definition of IW

In defining and thinking about information warfare, I think it's useful to 
consider what we include under air warfare.  Thus:

	- Use of air power to attack anything (ground forces, supplies,
		other air power):  Definitely air warfare.
	- Use of non-air weaponry to attack air power (AA guns):  Definitely
		air warfare.
	- Use of conventional weaponry to attack air power on the ground,
		whether support (airports) or actual parked aircraft:  Not
		air warfare.
	- Use of air assets to support air assets (in-flight refueling):  Air
	- Use of air assets in direct support of ground forces (air/tank
		coordination):  Air warfare (plus)
	- Use of air assets to supply otherwise isolated forces (Berlin
		airlift, various sieges).  Probably air warfare.
	- Use of air assets in "everyday" supply missions:  Probably *not*
		air warfare.
	- Use of aircraft to gather information:  Curiously, usually seen as
		intelligence, not air warfare.
	- Use of aircraft to drop propaganda leaflets:  Usually seen as part of
		psy-ops, not air warfare.

How did I draw these distinctions? Based on my own understanding, as a
native English speaker, of how the term "air warfare" is used in typical
civilian contexts.  I'm sure someone with a military background would
have different definitions; in fact, it's almost certain that their
definition will depend on what service branch they are associated with. 
Nevertheless, a pretty clear thread emerges from these and similar
examples: Air warfare encompasses that part of warfare where the unique
characteristics of aircraft determine the nature and even feasibility of
the mission, and it is those unique aspects that are central to the
*point* of the mission.  That's why the use of airplanes to resupply
surrounded, cut-off units "feels" like air warfare, while the use of the
same airplanes to fly supplies overseas feels like "just resupply": The
latter supplies *could* have been sent by ship.  (Of course, in some
cases the ship could not have gotten there soon enough.  That's when the
boundary gets fuzzy.)

As for most terms in natural language, it's difficult to come up with an
exact definition for air warfare.  Natural languages aren't like the
formal languages of mathematics or computer science.  Definition comes
from use.  The term "air warfare" has been in use for at least 50 years;
"information warfare", on the other hand, is new and its boundaries are
still to be determined.  Nevertheless, I'll suggest that those
boundaries will *probably* end up being drawn in roughly the same way as
they were for air warfare: Information warfare will encompass that part
of warfare where the unique characteristics of information technology
determine the nature and even feasibility of the mission, and it is
those unique aspect that are central to the *point* of the mission. 

Note that I've concentrated on information *technology*.  "Information"
is too broad and fuzzy an term to be useful in making distinctions. 
After all, if I shoot someone, at some level the reason he dies is that
I've disrupted some of the fundamental organizational information that
kept them alive.  Should that then be considered "information warfare"?
Concepts so broad that they cover everything are simply not useful. 
Date: Thu, 21 Dec 95 08:44:20 CST
Subject: Reading Shadows

     One point I'd like to bring up involves a little more than just
discussion of the concept.  I'd like to here more from those involved in
"reading the shadows".  Often in information collection we are not
reading the true piece of info but looking at the shadow of it.  Enough
readings of the shadow and the information takes shape.  Any interesting
stories involving IW and this type of info gathering? I'd like to hear
Date: Thu, 21 Dec 1995 10:31:01 -0500 (EST)
From: Clayton B Perce 

Here's some of my thoughts on IW:

Throughout history, revolutionary advances in technology and associated
doctrines have provoked revolutions in warfare.  I would suggest that
few advances are as revolutionary as those that open up completely new
domains where men and women can wage war.  The domains of land and sea
have been used for war for aeons, but advances such as the Wright flyer
and Sputnik only recently opened the way to air and space. 
There is a general realization that revolution is upon us again.  Recent
advances in information technology have not just given us new weapons
and support systems.  They've also opened the way to a new domain in
which to fight war, a realm of information combined with information
technology.  This "infospace" is something like the cyberspace worlds of
science-fiction, but it exists already, not just in some imagined

To operate successfully in this new realm, we need a common perspectve
from which to plan and operate.  But because this perspective
fundamentally shapes the way we think about and train for war, it's
vital that it be sound. 

My goal in this list is to get a better feel for, and maybe even
influence, the debates that are even now shaping the infospace
battlefields of the future. 
From: John Young 
Date: Thu, 21 Dec 1995 11:39:24 -0500
Subject: KGB_cia 

12-21-95. WPutz:

"In an unusual interview Yevgeny Primakov, head of the Russian Foreign
Intelligence Service, discussed problems and challenges facing his
intelligence agency in terms that often sounded like testimony that CIA
Director John M.  Deutch gave the House intelligence committee Tuesday. 

In comments that echoed those of his U.S.  counterparts, Primakov
charged that some post-Cold War budget cuts in his agency developed
'because the [Russian] press ganged up on us [and] many newspapers wrote
absurd things about us, including statements that foreign intelligence
was no longer necessary at all.' His remarks about media coverage were
similar to recent statements by Deutch and his predecessors, R.  James
Woolsey and Robert M.  Gates."