Security

In the wars of the future,
hackers will be the front-line troops

icon_bomba.jpg (3704 bytes)
writes Maria Nguyen in the Icon Section of the Sydney Morning Herald of Saturday, August 18, 2001

The next time you get an error message when trying to access your email, log into your bank account or buy groceries online, it could be more than the server being down. The country could be under attack.

The wars of the future will be fought on a new battleground - the Internet - according to defence experts. Soldiers of the future - hackers and "hactivists" - will carry notebooks, modems and cracking tools to exploit our reliance on digital systems, which already control everything from traffic lights and company inventory systems through to power grids and news services.
The Internet, which links the world's networks, will make it possible for attacks to be carried out from the other side of the globe, with the only clear risk to the attacker being counter cyber attacks.
The Code Red worm has demonstrated how vulnerable we are, but consequences such as the message "Hacked by Chinese", which appeared on infected computers, are the least of our worries.

Sabotage of a city's power structure, misinformation on sites or email, company intranets being breached with Trojan horses, funds being stolen from financial institutions, worm viruses deleting dates, Web sites being blasted with digital bombs using denial-of-service (DoS) programs ... a wide range of attacks is possible and is happening.
The potential damage is far-reaching, according to information-warfare experts such as James Adams, founder and former CEO of iDefense, a US intelligence consulting firm.
"As territory, money, power and economy - all the seeds of war - migrate to the virtual space, so will war itself," he says. "[Cyber war] is the virtual equivalent of nuclear deployment."
The world is becoming increasingly reliant on computer networks and the Internet to deliver critical services. They are used to manage power supplies and emergency services such as hospitals and the police. They support our financial and telecommunications systems, as well as our transportation and defence services.

Networks are the wheels that keep our economy and society running. But they also have the potential to destroy our security and way of life.
We're facing a doubled-edged sword, Adams says.

"It is one of the paradoxes of the information age that the more connected you are, the more vulnerable you become. The targets of attack can range from the purely military - command and control networks - to the civilian - financial markets, power or water supplies. These are now much easier to attack using cyber tools than they would be using conventional kinetic force with bombs and missiles."

Given society's crutch-like reliance on computers, the impact of a cyber war could be just as crippling as any missile attack.  In fact, cyber warfare has been described as "a digital Pearl Harbor". Anyone, any company or any society that relies on the Internet is at risk, putting connected countries, including Australia, in the front line.

Science fiction? Unfortunately not. According to the United States General Accounting Office, in 1999 and 2000, North America suffered 1,300 Net attacks on its defence Web sites.
"We can already see that cyberspace is increasingly a place of both communication and war," Adams says. "We know from what other countries such as China, Israel and France are doing that they see cyber warfare as a key component of future war."

Case in point: when a US spy plane collided with a Chinese fighter jet on April 1, there was not only a war of words between the countries' leaders; it led to a wave of cyber attacks. Up until the main protagonists called a truce on May 9, there were more than 14,000 co-ordinated hacks of both countries government and corporate systems.
Although groups working independently were probably responsible, evidence
suggests terrorist groups and even government-trained hackers could become involved in cyber warfare.

US experts have pointed out China and Russia as the two biggest threats in this age of Net warfare.
Since 1998, hackers using a Russian ISP have embarked on a three-year hacking campaign, dubbed Moonlight Maze, netting sensitive US secrets and research material to be sold to the highest bidder. The attacks penetrated security firewalls at NASA, the US Department of Defence, universities and research institutions. The Americans still have no idea who is behind it and they can't stop it.

In 1997 the Pentagon embarked on its own Net war exercise, called Eligible Receiver, where 34 US national security agents posed as Korean hackers and declared war on the US. With no advance intelligence, and with laptops bought at the local store and hacking tools freely available online, the "Koreans" broke into 40,000 Department of Defence systems and shut down power grids and emergency phone services to 12 cities, including Washington. They also played havoc with logistics, accessing arsenal requests from US fighter squadrons, sending the squadrons headlights instead of aircraft missiles.

Adams, who is also an adviser to the US Government on Internet defence, concedes Eligible Receiver was "a striking example of [America's] vulnerability and impotence".
This was the wake-up call the US Government needed. In 1998 President Bill Clinton set up the National Infrastructure Protection Centre (NIPC) as an Internet crime-fighting branch of the Federal Bureau of Investigation. Last year he launched a $US2 billion ($3.9 billion) research, education and training plan, effectively to train soldiers in Internet warfare, both in attack and defence.
However, in this Internet arms race, the Chinese are not far behind. In 1999 China established an Information Warfare Cell to spearhead the country's Internet fighting capability. According to global defence authority Jane's, China "is thought to be researching methods to insert computer viruses into foreign military and civilian computer networks".

Adams believes there are 30 countries, including China, Russia, India, France and Israel, that have developed offensive Internet warfare programs.
"Consider that if you buy a piece of hardware or software from [these] countries, there is a real concern that you will be buying doctored equipment that will siphon copies of all materials that pass across that hardware or software back to the country of manufacture," Adams warns.
In Australia, figures from the Australian Computer Emergency Response Team (AUSCERT), indicate that there has been a six-fold increase in computer attacks from 1998 to 2000, increasing from a total of 1,300 in 1998 to 8,000 last year.

The Australian Department of Defence and other government agencies are working with the private sector to research and understand the seriousness and scope of Internet warfare.
Australia does not yet have an Internet warfare unit such as the Clinton-initiated NIPC, although a Defence Department spokesperson said the department "is aware of these developments and accords a high priority to the issue".

"Increasing use of the Internet and information technology reliance will accentuate [cyber warfare's] role in modern warfare," the spokesperson said. "In the fast-moving world of information technology it is difficult to predict exactly what types of cyber attacks might dominate."
Earlier this year the Government allocated $2 million to create the E-Security Co-ordination Group to protect Australia's infrastructure from attack online. It also formed a sub-committee called the Critical Infrastructure Priorities Group to monitor ongoing threats and vulnerabilities.
Alan Dupont, from the Strategic and Defence Studies Centre at the Australian National University, believes that while Internet attacks will play a part in modern warfare, this form of attack is nothing new.

"I look at this as an age-old part of the art of war in a sense that for thousands of years, opponents have been trying to disrupt the other's capacity to send messages, store data and communicate," Dupont says. "And in a sense this is no different.
"What you're trying to deny the other person is accurate, timely information. The technology and the way in which you do it is very different but the actual aim of it is no different to what warfare has always been about, which is to degrade the other person's capacity to conduct war and ultimately to defeat them."

For poorer, weaker countries that are unable to raise modern armies to attack stronger opponents, cyber warfare is the perfect alternative to compensate for a lack of military might.
"There's a situation of asymmetric threat," Dupont says. "For example, the US has overwhelming military power in conventional warfare technologies and no country in its right mind is going to confront the US on conventional warfare means.
So what does an adversary do? It looks at what's called asymmetric warfare, [where] you target that country's weaknesses and vulnerabilities and you don't need lots of money and hardware to do wthat. So, in a sense you can consider this a weapon of the poor and the weak."
Online warfare means terrorist groups can take their guerilla activities online to inflict more damage. The Middle East conflict has already spread to the Internet, with the Palestinians and Israelis engaging in hack attacks and online propaganda.

In fact, the information highway could also be described as a misinformation highway. Propaganda is as easy to distribute as sending an email to a list of journalists from onlooking countries. Misinformation tactics - such as broadcasting false information online to enemy servers, using computer morphing to create a false image of the enemy's leader calling for a ceasefire - breeds an environment where you no longer know who and what to trust. Psychologically, this can damage a nation at war, Dupont says.

"The ability to create reality through propaganda is really what this is all about - to change or get into the minds of the enemy," Dupont says. "That's the important part of information warfare, not just taking out bits of infrastructure, but actually psychologically affecting a shift in the battlefield. Information warfare is a tool and one means of doing that.
"If the Americans were looking to attack Saddam Hussein, they'd be less inclined now to fire 'bomb pallets' and look more at how they can degrade his armed forces and his command control, and also actually put in his mind uncertainty and fear about what the Americans might do next. That's where the propaganda side comes in.

"I think the Bosnian conflict is a good example, because the Serbs were quite effective in saying their side of the picture by a variety of information warfare techniques."
At the height of the war, in 1999, the Serbs bombarded media outlets with emails containing graphic pictures of the effects of NATO bombings, including injured and dead Serbian civilians.
"And afterwards," says Dupont, "I think a lot of the NATO commanders believed they were done over by the Serbs."

Protect yourself

While you may not be able to stop all cyber attacks, you can protect yourself from many of the current viruses that are carried in email attachments by using and regularly updating anti-virus software and being cautious about opening attachments. Common anti-virus solutions include Symantec's Norton Antivirus 2001 and Trend's PC-Cillin 2000. Installing a firewall such as ZoneAlarm (www.zonealarm.com) is recommended to stop hackers for always-on connections, including cable Net access.
Common Internet weapons

Virus

Program that infects your computer and its files, corrupting or deleting them. It usually disguises itself inside Word documents or other email attachments. Once in your system, it makes copies of itself and spreads, like a virus. Example: the I Love You virus is said to have affected tens of millions of computers, costing an estimated $25 billion.
In the wars of the future, hackers will be the front-line troops, writes Maria Nguyen.
A malicious virus that replicates and carries itself across computer networks. A worm lives in the computer's memory, consuming its resources and potentially deleting data, so eventually the computer could shut down. Example: the Code Red worm scanned and infected servers across the Internet that were using Microsoft IlS server software, and computer networks using Windows NT or Windows 2000. The Code Red worm has mutated and is still on the loose, with hundreds of thousands of systems already infected.

Denial-of-Service Attack (DoS)

To access a Web site, your computer sends a message to the server hosting the site asking it to authenticate itself. In a DoS attack, the user sends so many authentication requests to the server that the server eventually shuts down because it can't keep up with the demand. Example: during the US-China hacking war that erupted after the mid-air collision in April, a Chinese hacker group claimed responsibility for the DoS attack that shut down the White House site for three hours.

iDefense
www.idefense.com

National Infrastructure Protection Center (NIPC)
www.nipc.gov

Federal Bureau of Investigation (FBI)
www.fbi.gov

Jane's
www.janes.com

AusCERT
www.auscert.com.au

Australian Department of Defence
www.defence.gov.au

Strategic and Defence Studies Centre
sdsc.anu.edu.au