Information Warfare: November 19, 1999

Archives

: The Internet (and especially World Wide Web) has become an extremely useful tool for many people, including the military. Although in use since 1969, the Internet spread quickly when it became a commercial operation in 1991, and really took off a few years later as the World Wide Web appeared. Unfortunately, the simplicity and efficiency of the Internet was achieved by using many tools and techniques put together by volunteers in an atmosphere of openness and trust. Turns out, as more people got onto the net, that you could not trust everyone. But the deed was already done, the software needed to keep the Internet going could not be recalled and beefed up with a lot of security features. And so we have an increasing number of hackers (people playing at going where they should not be) and crackers (those doing it with evil intent) making life miserable (or worse) for Internet users. 

The basic vulnerability of the net are the numerous ports that allow information to get in, and out, of a server. Each Internet location (or page on the World Wide Web) runs on a computer (called a server) that is permanently attached to the internet via a telephone connection. The Internet works because any user can quickly find a web page, file to download or whatever. A lot of the fancy stuff you can do on the web (shopping, games or simply flashy graphics on a web page) involve additional programs on the server that make it happen, and open the server up to illegal entry to those who know how the new software works. There are often several different programs running on the server to support one web page, and any one of these programs may have an intentional, or unintentional, opening for a web user to get inside the server. This is the hack (or crack.) In the early days of the web it was a harmless sport. But less honest crackers know that once on the server they can often take if over and cause all sorts of mischief. There are networks other than the Internet, and these can also be penetrated, but it is a lot harder. No network is perfect, thus none are completely invulnerable to attack. But some are very well protected. But this level of security requires time, money and talent to implement, and there's never enough of that to go around, especially in large organizations like the Department of Defense. A well protected server is also often more time consuming for a user to get at.

CYBER WAR TACTICS DEVELOPED: The US military has accepted the fact that it cannot totally protect its computer networks from cyber warfare attacks, and is moving instead to design networks able to survive such attacks with their basic services intact. The goal is to keep critical parts of the networks functioning despite any imaginable attack. Some potential attacks and the ways to
counter or survive them include:
@ Floods of Email can clog a network and shut it down. One solution is to provide a separate pathway for the most critical 5% of communications and insulate this from floodmail attacks. Other defenses include systems to detect when the volume of Email spikes sharply or when too many messages have the same (or no) content.
@ Programs could be inserted which consume computing power, slowing down the real functions of the network. Solutions include firewalls to limit one process from consuming more than a certain amount of memory or computing power, and systems to detect when the amount of power one function is consuming grows quickly or exponentially.
@ Hackers can try to copy files and release them to the public. Ways to counter this include dummy "bait" files that look interesting but are in fact nonsense, and are laced with traps and tracers that can reveal who went after the file in the first place.
@ Hackers may also try to corrupt good data files, leaving commanders with bad data (which they do not always realize is bad data) to make decisions from. Backup files exist, of course, and efforts are made to keep the hackers from noticing or accessing them. But to use a backup, you have to know that the data file has been corrupted. Checksum algorithms are one solution (if the file does not "add up" then it has been corrupted), and constant scans of randomly selected parts are another.
@ Staybehind programs can be inserted which allow a hacker to continue to gain access through a back door. New search systems scan the network continually looking for unusual data entry points, indicating an unauthorized entry point.
@ Programs can be left behind in a system that could be activated by command or on a certain date, resulting in destructive or disruptive processes. One defense is to periodically copy large sections of data to another (insulated) system and feed it random commands (or change the date) to see if anything happens. Other defenses include search systems that "notice" when a new program suddenly starts operating. --Stephen V Cole

 

X

ad

Help Keep Us From Drying Up

We need your help! Our subscription base has slowly been dwindling.

Each month we count on your contributions. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage.
Subscribe   Contribute   Close