Information Warfare: A Wee Bit Offensive

Archives

March 27, 2010: Department of Defense Internet systems, increasingly under attack, are now being equipped to fight back, sort of. Taking a page from the corporate playbook, the Pentagon is sending off many of its programmers and Internet engineers to take classes in how to hack into the Pentagon. Not just the Pentagon, but any corporate, or private, network. It's long been common for Internet security personnel to test their defenses by attacking them. Some "white hat hackers" (as opposed to the evil "black hat hackers") made a very good living selling their attack skills, to reveal flaws, or confirm defenses. Seven years ago, this was standardized with the establishment of the EC (E Commerce Consultants) Council, which certified who were known and qualified white hat hackers. This made it easier for white hats to get work, and for companies to find qualified, and trustworthy, hackers to help with network security. Now the Department of Defense is paying to get members of its Internet security staff certified as white hats, or at least trained to be able to do what the black hats do. While many in the Department of Defense have been calling for a more attack-minded posture, when it comes to those who are constantly attacking Pentagon networks, the best that can be done right now is to train more insiders to think, and operate, like outsiders.

The U.S. Department of Defense is the largest user of computers, and networks, in the world. This includes 11 million Internet users, over six million PCs and over 15,000 networks. This has always attracted a lot of hacker attention. For over a decade, all the services have been scrambling to get their Cyber War defenses strengthened. But so many networks and PCs make an attractive target, and provide many potential weak areas that can be penetrated. The Department of Defense systems suffer thousands of serious attacks a day.

Many people are trying to get into Department of Defense networks, and the practitioners are doing it covertly, to avoid the victims realizing the danger and increasing their defenses. The key here is hiding your tracks. The earliest signs of major foreign attacks was the highly damaging Code Red virus of 2001, which apparently came from China. It was discovered, picked apart and the origin of the virus was traced. China denied any responsibility and believed they had got away with it.

This penetration was on the same scale as several others in the last few years. There have been at least a dozen major attacks, hitting targets like the State Department, the National Defense University, the Naval War College and Fort Hood. Each of these cost $20-30 million to clean up after. Nothing was said about how defenses were adjusted as a result of these attacks. But that's normal, as hacking is all about keeping your own secrets, and finding out what everyone else's are.

China, unlike other nations hostile to America (North Korea, Cuba, Iran), has a large and growing Internet presence. China has thousands of skilled Internet programmers, and has admitted it is putting together military units for developing and using cyberweapons. These undeclared, and unofficial, Cyber War operations, mainly for espionage, have been going on for over a decade now. And the tools available to the attackers are becoming more powerful. Helping out the government hackers are several dozen gangs that undertake large scale criminal operations on the Internet. Most people see the results in the form of spam email (over 90 percent of all email is spam) and operations that secretly take over personal and business PCs, so these computers can secretly transmit spam, or huge quantities of bogus messages that shut down targeted web sites (DDOS, or distributed denial or service attacks). The gangs also specialize on finding all manner of secret, or sensitive, information, and selling it. Intelligence agencies are often eager buyers.

It appears that China and Russia, or at least their security services, have made deals with some of the gangs. It works like this. If the secret police want some Internet-based spying done, or a DDOS attack unleashed on someone, the gangs will do it, or help government Cyber War organizations do so. In return, the gangs have a safe haven. The gangs have to refrain from major operations against the country they are in, but most of the targets are in the West (that's where most of the money is). Of course, no one will admit to this sort of thing. But criminal gangs working for the secret police is an ancient practice in these two countries, something that goes back centuries.

The U.S. is the main target for the Internet-based espionage, and has not yet come up with a way to get the foreign hackers to stop. American officials don't want details of this war reported in the media either, because the losses are embarrassing, as is the lack of an effective plan to halt the plundering. Occasionally, some details leak out, like the military asking Congress for permission to use more aggressive methods in going after the cyber spies. This quiet war could have enormous implications for any future conventional conflict. The Chinese are going after military technology, and it's not always obvious what they've got, and what they haven't. This increases the probability of some nasty, and painful, surprises when the shooting starts.

 Little information on American defensive efforts becomes public, for the obvious reason that this would help the people trying to hack their way in. But there is a lot of activity in the Internet defense area. It will be years, if not decades, before the full story is known of who got what from whom, and how. Just like any past situation involving espionage and technology.