A glimpse of cyberwarfare

Subject: huridocs-tech A glimpse of cyberwarfare
Date: Mon, 03 Apr 2000 11:19:00 +0100
Edited/Distributed by HURINet - The Human Rights Information Network
---------------------------------------------------------------------
## author     : keenan@BARD.EDU
## date       : 31.03.00
---------------------------------------------------------------------
US News and World Report  - 13 March 2000

A glimpse of cyberwarfare

Governments ready information-age tricks to use against
their adversaries By Warren P. Strobel

At first, the urgent phone call from the U.S. Transportation
Department confounded Cheng Wang, a Long Island-based
webmaster for Falun Gong, the spiritual movement that has
unnerved Chinese authorities. Why did the department think
his computers were attacking theirs? The answer turned out
to be startling. The electronic blitz hadn't come, as it
seemed, from various Falun Gong Internet sites. Rather,
someone had lifted their electronic identities. Computer
sleuths followed a trail back to the XinAn Information
Service Center in Beijing-where an operator identified it as
part of the Ministry of Public Security, China's secret
police.

Web hacking, it seems, isn't just for amateurs anymore.
While the recent rash of cybervandalism against some of
E-commerce's biggest names has garnered headlines, that's
only part of the story. From Beijing to Baku, governments
and their surrogates are using the Internet to harrass
political opponents and unfriendly neighbors, to go after
trade secrets, and to prepare for outright warfare. Burma's
military junta, for instance, is blamed for targeting the
"Happy 99" E-mail virus at opponents who use the Net to
advance their cause. Dissidents describe the attacks as
inept-proof, perhaps, that dictatorships are still behind
the hacking curve.

Hack attack. But Burma is not alone in trying. In January,
hackers from Azerbaijan with names like "The Green Revenge"
and "Hijack" tampered with dozens of Armenian-related Web
sites, including host computers in the United States.
Experts suspect involvement or support from the Azerbaijani
government, which imposes tight controls over Internet use
within its borders. Relations are tense between Azerbaijan
and Armenia, which fought a war over the disputed territory
of Nagorno-Karabakh, so it wasn't long before the Armenians
retaliated in kind. It is "the first precedent of a physical
battle going online," says Jonathan Peizer of the Open
Society Institute, whose Azerbaijani office was affected by
the attack.

In Cheng Wang's case, his computers in Hauppauge, N.Y., were
among Falun Gong sites around the world hit by a barrage of
hacking attempts and E-mail "bombs" that coincided with a
physical crackdown on the group's practitioners in China.
Several of the hacking incidents were traced to the
mysterious XinAn office.

It is often difficult to track down who is to blame. But for
networked Americans, who own 46 percent of the world's
computing capacity, such electronic conflict should be
unsettling. True, the scariest scenarios dreamed up by
experts, such as a hostile government disrupting financial
markets, haven't come to pass-yet. But more than a dozen
countries-among them Russia, China, Iraq, Iran, and Cuba-are
developing significant information-warfare capabilities. A
senior CIA official cited a Russian general who compared the
disruptive effects of a cyberattack on a transportation or
electrical grid to those of a nuclear weapon. China is
considering whether to create a fourth branch of its armed
services devoted to information warfare. The Pentagon isn't
sitting still either. Come October, the U.S. military's
offensive cyberwarfare programs will be consolidated at the
U.S. Space Command in Colorado.

Nearly as worrisome as a cyberattack to experts is
electronic espionage. >From March 1998 until last May,
intruders broke into computer systems belonging to the
Pentagon, NASA, the Energy Department, and universities,
making away with unclassified, but still sensitive, data.
One of the worst computer security breaches in U.S. history,
it spawned an investigation, named Moonlight Maze, that
pointed to a Russian intelligence-gathering operation.

Successful cyberwar is likely to be like that-no exploding
munitions to tell you you're under attack. Tapping into an
adversary's command-and-control system could yield a gold
mine of data about enemy plans. The longer a cyberspy
conceals his presence, the longer the intelligence flows.
Or, false information about troop locations and battlefield
conditions could be inserted into enemy computers, so that
leaders would end up making decisions based on bogus
information.

During the Kosovo bombing campaign last year, the Pentagon
set up a high-level information-operations cell. "All the
tools were in place," according to an internal briefing
prepared by Adm. James Ellis, NATO's No. 2 military
commander during the war. But the United States mostly held
back. By the time Pentagon lawyers approved cyberstrikes
against Serbia, events had overtaken the need for them.

Double-edged sword. Cyberwar raises a host of unprecedented
legal questions. The line between fair-game military sites
and civilian infrastructure may not exist. "There is
collateral damage in cyberspace," says John Thomas, formerly
a top Pentagon information-security official now with
AverStar Inc., an information-technology firm. "If you
diddle with somebody's control mechanisms, how assured are
you that it would stop right there?" The United States, more
dependent on computer networks than anyone, might lose the
most in legitimizing cyberwar. Some countries, including
Russia, have proposed what might be called "electronic arms
control." But the obstacles are daunting: Verifying a treaty
would make counting Russian nuclear missiles look easy.

Among the sites hacked in the Caucasus Web war was one
belonging to the D.C.-based Armenian National Institute,
which studies the 1915-18 Turkish genocide of Armenians.
Logging onto www.armenian-genocide.org in late January, you
would have been redirected to a site offering information on
Azerbaijan's president. "I would certainly encourage
everyone to desist, if not indeed [call] a total
cease-fire," said institute Director Rouben Adalian, who
reported the matter to the FBI.

Jay Valentine already has his own rules. Valentine is
president and CEO of Austin-based InfoGlide Corp., which
makes powerful search software for such uses as
insurance-fraud investigations. He will not license the
technology to nine countries and three U.S. government
agencies because of the potential for privacy abuse. That
hasn't stopped at least one of those countries from trying.
Two years ago, Valentine says, a company tried to buy rights
to the technology. It turned out to be a front-for the
Chinese government.

With Richard J. Newman





----------------------------------
Send mail for the 'huridocs-tech' list to 'huridocs-tech@hrea.org'.
Mail administrative requests to 'majordomo@hrea.org'.
For additional assistance, send mail to: 'owner-huridocs-tech@hrea.org'.
Archives of previous messages posted to the list can be found at:
http://www.hrea.org/lists/huridocs-tech/markup/maillist.html
Prev by Date: Shaping the Network Society (Seattle, 20-23 May)
Next by Date: Call for papers: Internet, democracy and public goods
Previous by thread: GKP and GKII Seeking Journalists
Next by thread: Global Conference of Citizens Network
[Reply to this message] [Start a new topic] [Date Index] [Thread Index] [Author Index] [Subject Index] [List Home Page] [HREA Home Page]