On the Possibility of Information Warfare? 48
denisonbigred asks: "With all of the talks about disarming Iraq's weapons of mass destruction, and all of the news coming out about Al Qaeda and other terrorist groups use of technology, I tend to wonder what is being done about the possibility of informational warfare. There must be a few geeks over in Iraq, and angry, subversive, geeks must be at least as dangerous as Iraq's rag-tag army. Is this a legitimate concern, and does anyone know what, if anything, is being done to address it?"
EMP bombs (Score:4, Interesting)
Taking out inadequately shielded stock exchanges, major database centres, backup facilities, etc, would have frightening consequences.
$0.02
better use for EMP bombs (Score:3, Interesting)
The US forces depend very much up electronic superiority. So, I would train my forces in small unit, dispersed light infrantry tactics, and use the EMP muntions to throw off the US advanatage. I would use shoulder Launched weopons (RPG and similiar) and heavy machine gun (man portable) to go after Helicopters and other CAS aircraft. Maybe lurk in probable CAS approach lanes. Use lots of land mines and ambushes to cause casualties against agressive US forces. Also I would go for rear eschalon logistics type stuff (people, stores, vehicles, etc.)
Of course, I would set loose 10-500 urban snipers and/or terrorist in the US itself to cause mayhem and confusion. Have the snipers taget people randomly. Haved the terrorist target malls and high school football games and other group activities. Maybe especially concentrate around military bases so as to disrupt the families of those solders/airmen/marines/sailors deployed. Thsi will tie up dommestic INtelligence aganecies, the press, and distract decision makers.
Somebody will do this. It is only a matter of time. Most likely sooner rather then later.
Meanwhile, the Homeland Security Director has developed a pretty colored coded alert board.
Re:better use for EMP bombs (Score:2)
Re:better use for EMP bombs (Score:3, Insightful)
I'd be very careful discussing things like this on public messageboards, even as speculation or in a joking manner. The above post, if shown to the wrong person, could very well result in an investigation, and in the current climate it doesn't take all that much for you to be tracked down and interrogated. Something that would definitely be a bad thing should you ever wish to seek employment that requires security clearance, not to mention having to explain to someone with a badge just why you posted suggestions on how to fight the US.
Am I paranoid? Possibly, that doesn't mean they're not out to get me though.
Re:better use for EMP bombs (Score:1)
Re:better use for EMP bombs (Score:2)
So, now that the enemy has been flopped over and reamed out with a roto-rooter, how are they going to coordinate enough of these EMP bomb explosions to be able to stop a force of a quarter-million soldiers, hundreds of tanks, thousands of artillery pieces, and the entire USAF who BTW gained complete air superiority 12 years ago and never gave it up?
EMP munitions are not a magic weapon, and a bunch of snipers cannot win a war. Even in Star Wars a bunch of Jedi can't win a war.
Re:better use for EMP bombs (Score:4, Interesting)
If an organisation were to set up shop in the US I think it would be almost impossible to catch them. Why was the DC sniper team caught? Imagine if they were part of an organised team. They would not have been caught. Now imagine there teams in 10 cities. The first teams goes down the second team starts up. Think that wouldn't cause problems? Now throw in cheap EMP weapons near major comuunications links. Then some shoulder weapons at the end of two or three runways.
Bush goes into Iraq get ready for the war to start in the US.
Re:better use for EMP bombs (Score:3, Insightful)
What kind of thinking would that be? I'm an anti-war pacifist, though you probably couldn't tell that from what I wrote.
The fact of the matter is that with the current tactics we use and adversaries we face, nobody can defeat the US military on the battlefield. They could cause a hell of a lot of trouble, but that would not give them victory.
I agree with you that someday someone will give us a serious bloody nose. But that doesn't reflect today's reality.
The arguments you gave are nice, but they're not related to what I was talking about. The first part of the post I was replying to was speaking of the possiblity of a few people with EMP bombs causing US military command and control to break down. There's not a chance in hell of that happening.
Re:better use for EMP bombs (Score:1)
The enemy has been destroyed, and there have been minimal friendly casualties. It's a total victory. Of course, we can't leave now or they'd come back!
i suppose you can define victory so that we have won, and the enemy has lost... but i believe that's the kind of thinking that the original poster was criticizing.
Completely out of turn, I might add. I wasn't even talking about that. He might have criticised me for thinking about any random topic. All I will say is WTF? What are you talking about? My statement wasn't even anything remotely like what you said.
what about the War on Drugs?
This is the kind of shit that gives liberals a bad name. And believe me, I'm a much bigger liberal than you. It makes me cringe. We all hate the war on drugs, but to even consider that it's an actual war gives away the fact that you know nothing of war. You haven't even taken the minimal amount of time to read a Tom Clancy novel! sheesh!
To repeat, the original poster claimed that a few dorks with EMP grenades could disrupt US military command and control. That's obviously complete bull, and you haven't made much of an argument against that point.
Re:better use for EMP bombs (Score:1)
Don't count on it though.
Not a big threat. (Score:4, Insightful)
I've seen lots of articles about the various "information warfare" scenarios. The impression I've gathered is that it just isn't that big of a threat. In the past we've had break-ins to US military computers, but outside of the negative publicity, not much came of it (didn't the famous late '80s German attacks only result in copies of VMS reaching East Germany?).
The various commercial web sites are another matter, but none of them are critical to anyones life, and if eBay or someone were to be broken into, very few people (and one company) would really suffer.
Now if that one cracker were to instead get into the US and begin shooting people from the trunk of a car, or go hijack a commercial plane, the damage would be far greater, and less education would be required to pull it off.
(There was an article on the Register about this about a month ago)Re:Not a big threat. (Score:3, Interesting)
Priorities (Score:5, Interesting)
Its a matter of simple math for priorities:
DDOS attacks and such : Millions/Billions of dollars lost, productivity set back by several days, economy wobbles a little.
Chem/bio/nuclear weapon goes off in USA: thousands/millions killed, economy enters danger zones due to intense fears, world economy really shakes, martial law, major restrictions in freedom.
Personally, Id rather we loose millions/billions of dollars than see thousands/millions die. Keep in mind though, attacking (with real weapons) information-routing centers is a whole other matter and could be just as bad.
Well... (Score:5, Interesting)
It deals with the various aspects of InfoWar and their implications. Your oversimpilification simply assumes that the worst possible thing would be a DDOS attack. Whereas you compare that to NBC (Nuclear,Bio, Chem) Weapontry.
InfoWarfare is roughly equivilent (in a strategic and policy sense) to terrorism mainly due to the fact that it does not recognize a "theatre" of war, and simply has the ability to target everything and everyone.
Like Intelligence Data, InfoWarfare is best used in conjunction with other avenues of attack. An attack on the communications infrastructure of our country (Disabling large chunks of the 'net and phone systems) with subsequent action to gain control of TV stations would have the same effect, in modern day terms, as the Dolittle raids. There, besides the staggering financial implications, would be little direct economic damage, but people would see that they could be hit that they are not invulnerable. This effect would be disasterous on the morale of this country and potenally adversly effect the poll standings of Bush. I say potentially becuase the Brittish, in the Battle of Brittain had much worse done to them and it only stiffened their resolve. But I digress.
Infowar is everything from hacking, propaganda, some aspects of intelligence gathering, to actually hurting people (If you can hack into a power/water plant and make it not be happy, life becomes very bad.) Also imagine if an Infowar attack disrupted the transportation mechinisms in this country for a week -- stores would start running out of food, mail wouldn't be delivered, people would absolutly panic.
The most dangerous aspect of InfoWar is the fact that it is the most easily done (You can be in a diffrent country and attack us) and most direcly reaching of attacks (Each person is directly confronted by the knowledge that they have been attacked.) While it cannot hold territory or cause enemy soldiers (unless of course one breaks into the C4I net) to break their positions, it becomes a fascinating secondary line of attack to break the morale of the country.
Re:Well... (Score:2)
Re:Well... (Score:1)
Re:Well... (Score:2)
Re:Well... (Score:5, Insightful)
I'm tired of hearing this crap spouted by the media and parroted by people who listen. This type of thing isn't going to happen, and it's not because we have amazing security, or because the hackers aren't smart enough, it's simply because these critical systems are not attached to the global network in any significant way. If they were on the net, sure we'd have to worry about them, but sensitive systems like this are connected through private leased lines, and there is a physical aspect to any successful attack scenario.
Hacking is not Information Warfare (Score:2, Interesting)
http://www.infowar.com/
http://www.psycom.net/
http://www.fas.org/irp/wwwinfo.html
uh oh (Score:2, Funny)
Other types of Information Warfare (Score:2)
Information warfare is the offensive and defensive use of information and information systems to deny, exploit, corrupt, or destroy, an adversary's information, information-based processes, information systems, and computer-based networks while protecting one's own. Such actions are designed to achieve advantages over military or business adversaries (Dr. Ivan Goldberg's definition)
Leaflet bombs, pirate radio broadcasts, news blackouts, all are parts of Information Warfare. It is much more broad than computers, and much more powerful.
umm, yeah (Score:4, Funny)
Hands up (Score:1)
Rather than modding me down, why not mod up the parent?-)
something to ponder... (Score:4, Interesting)
In the case of a DDoS attack, would you try to isolate the thousands of zombie nodes spewing bad traffic or SYN packets or shut down the control-channel (often IRC or some other mechanism). If you thought thousands of badly admin'ed MTA's in china gave you headaches with spam, what happens when some hotshot cranks out a new DDoS package and melts your routers off their racks? I have horrible visions of something out of Brazil with FBI/NSA/HomelandSecurity/KeystoneKops kicking down the doors at NOC's around the country and shutting down IRC servers or pushing Tier-1 providers to shut down particular types of traffic.
Call me cynical but I doubt that MaeEast-West would have the cohones to stand up to a squad of MP's led by Ashcroft brandishing the Homeland Security Act.
Take this a step further, what happens when Dubya decides to throw weight with the countries in the middle-east that provide/sell terestrial bandwidth to said 'Axis of [Electronic] Evil'. I remember my mother being in Chinatown the day of the Tienamen Square massacre, people were running around with photocopies of faxes and e-mailed lists of the injured and on-the-spot reports. The deluge of information that managed to get out was because people were able to bypass the government's news-blackout. That was a country trying to hide it's internal operations from the global community, could our government justify such actions in the name of 'Stamping out Terrorism' or bringing a hostile government system down? I don't have a good feel for how completely we shut down the information/telcom infrastructre when we went into Iraq last time. News got out, cleaned up by press pools and government-directed self-censorship of the general media outlets, but did we really turn Iraq into an information dead-zone? (please, if anyone has any good links, post a reply and include 'em!)
I can understand the military strategy behind denying your enemy any information except what you allow (Machivelli was writing about this half a millenia ago), but what happens when you are able to do this to an entire country.
I can understand the need to put a lid on a farm of military backed 5cr1pt-K1ddes, but who prevents it from happening in our own backyard next time... hmmm
not by itself (Score:1)
Heard 'round the world! (Score:5, Funny)
Subversive Iraqi Geek: "Imagine beowulf cluster of these!"
US Newscaster: "The idea behind the 'Thermonuclear Anthrax Cluster Bomb' is to take a lot of less powerful diseases, like the kind availible to the home consumer, and make them work together like one big disease."
The Office of Homeland Security: "The site 'Slashdot.org' appears to be planning terrorist actions. They say that they have a force at least as powerful as the Iraqi military."
GWB: "Terrorist Regimes, Dictators developing weapons of mass destruction, Internet users, and other evil-doers, must be stopped!"
Slashdot: "Here's a copy of the letter we got demanding that we turn over our server logs, and our responce. Post comments below."
Slashdot Poll: "The government's responce to our November 22nd posting on information warfare is:
A violation of our rights!
Perfectly acceptable considering the situation in Iraq
No surprise.
The perfect excuse for the DDOS attack I just started!
CowboyNeal is hiding in a mountain cabin somewhere in the northwest
The Office of Homeland Security: "Slashdot is encouraging a massive DDOS attack in responce to recent charges against it."
US Newscaster: "33% of inside sources have told us that terrorist leader CowboyNeal is hiding out in a mountain cabin somewhere in the northwest, though some have been quoted as saying "I'm in Canada, you insensitive clod!"."
Bin Ladin: "The recent uhh.. DDOS attacks.. are a great sign from.. what the hell is this shit? I thought I told you freaks to blow up buildings!"
Lord Bitman: "People who claim not to take this post seriously take this post way too seriously"
Iraq computer tech is very poor (Score:2)
One thing you have to keep in mind is that Iraq is under very strict UN sanctions and that their computer technology is quite limited. So there probably aren't as many Iraqi computer geeks as you might imagine. Not to say that Saddam isn't trying to build up his computer tech any way he can. This article [worldnetdaily.com] cites a classified military document that expresses concern over Iraq's attempt to import thousands of Playstation2 videogame consoles. Military officials fear that Saddam is trying to get around the UN sanctions on computer equipment by linking the videogame consoles together to form an ad-hoc parallel supercomputer. But the fact that they have to go to such extremes just goes to show you that their baseline computer capability is quite limited. Thus, computer access is probably also limited and there isn't enough free CPU cycles for Iraqi geeks to hone their cracking skills.
As for Al Queda, remember that they try to commit "spectacular attacks". Significant damage can be done via cyberattacks but those don't have the camera appeal of explosions. Remember these guys had the 9/11 attacks planned so that the second airplane would strike the twin towers long enough after the first so that reporters would already be on the scene and could witness the second explosion. And it would be hard for Al Queda to recruit new members simply by shuting down our stock exchange for a day or two.
GMD
It's called Propaganda (Score:1)
The information war is already in progress, and it's the one that is convincing the unwashed masses (and even some of the washed masses) that there is an immenent threat of warfare because Would-Be-Emperor Bush wants to bomb things.
This is the same war that allows Bush to made grand sweeping claims about the proof he has, but without showing it to anyone -- including the other countries who he wants to join in on his war. The (mis)information war has been in progress for a long time now, and the enemy is winning.
The war is in progress folks. Would the subversives in the room focus their attention here?
std mil responses (Score:2)
2 eliminate communications stations
3 eliminate public radio/tv towers
4 jam satellite transmission/reception
5 cut phone access
6 cut internet access
basically, if it pushes electrons around, it gets dis-connected.
do you remember Desert Storm?
Re:std mil responses (Score:2)
Angry, subversive geeks? (Score:2)
If I were a mad man... (Score:1)
Lets each of us assume for a lightning-fast while that we'd be geeks in Iraq. Wishing to be able to break down and restructure hw/sw, we'd go along with the system and shout all the necessary hail-hitler's just to get access to those restricted English sources in the University of Holy Hussein's library.
What would be one's first and foremost capability to remain sane enough to consume all the scientific information and to be creative enough to be able to put the gained information into some use? What would keep one's heart alive in such an environment?
Humour.
Weird, sarcastic, cynical, sceptical, dark-as-in-bending-all-light-backwards humour.
Be afraid, be very afraid; the ultimate jokers are going to take over
We lost the war, long ago (Score:1)
The concentration of the "news" into the hands of propagandist, and out of the hands of free citizens has happened gradually, and completely. You can't trust what you read or see in the corporate media. The information war is already lost to them.
Why else would we be fighting a war for SUVs?
--Mike--
Iraqi Geeks (Score:3, Interesting)
According to The CIA's World Factbook [cia.gov]:
- Population 24 million
- Phone lines 675,000 (2.8% of the population)
- Internet accounts 12,500 (0.052% of the population)
If you consider that Internet access is obviously determined by political reliability, not technical prowness, how many Iraqi geeks with Internet access do you think exist?I know Iraq could have a special elite Geek Squad or something, but normally you need a pretty good pool of applicants to recruit from. In the case of Iraq, I don't see it as fertile ground for geeks to get needed experience, however motivated they may be to help Saddam.
Also, we know cracking is all about trial and error, and Iraqi geeks are bound to be intimidated by Saddam's "succeed or we kill you" policy. That doesn't exactly encourage the hacker ethic, does it?
So no, I'm afraid Iraqi mastery of this subject is a pipe dream. I could believe Al Queda operatives could conduct cyberwar, because most of them are in fairly free countries and could take advantage of people's grievances and resentments to learn.
But not Iraq. Forget Iraq.
D
I hate to say it, but... (Score:1)
Corporate Commercialism Wins Informational War (Score:1)
Information Warfare? What *IS* it? (Score:5, Insightful)
1) Definition. In order to effectively do nasty things to the US using 'information warfare' you need to know what the heck IW is. Guess what: we don't. The US Military has 'Information Operations' but those are mostly modern takes on tactics and strategies that go back at least as far as Sun Tzu, and involve attempting to retain and collect information on the situation while denying the same to the enemy. We keep hearing about how vulnerable stuff on the internet is to tampering. There are horror stories almost weekly about how some hacker almost succeeded in shutting down LA's power, or almost took out an air traffic control node, etc. etc. Which of these is IW? All of them? Some?
2) Scale of Effort. Really, at some point, taking down LA's power grid is a lot more easily done by bribing Enron or by tossing some hand grenades over the fence at a substation than by hacking. Here's a quick exercise. Think of a bad scenario. Now figure out how many separate intrusions would probably be required to cause it, and then figure out how many of them would need to be done simultaneously. Sure, you might be able to get into a lot of the places than can cause harm - but to do so catastrophically and as a surprise attack, you'd need to access a lot of them at the same time. First of all, that means you'd need to set up access in advance (forget the movies, kids, hackers don't 'get into systems' in the space of time it takes to get fellated by John Travolta's hookers). Now, you have to suppose that all of those prior intrusions have not set off alarms, either through intrusion detection or through simple damage and response, so that they'll all work flawlessly when you need them.
3) Differentiation. You need to make sure that the failures you trigger don't just look like reg'lar old failures. Why? Because those actually happen all the time, and there are plans and general states of mind for those. A large portion of the effectiveness of 'InfoWar' as it's thrown around by the press seems to rest on 'shock value' like most traditional military operations. The problem is that instead of trying to cause confusion at a single point (the opposing commander), InfoWar is trying to panic a population's worth of responders (the sysadmins and troubleshooters who maintain the systems under attack). As far as those go, each 'component' failure will have to work hard to look different from things they worry about every day. There's no central authority (other than the stupid departments and agencies the US Gov't is busy setting up) to panic and spread the paralysis panic causes. Note: the root name servers suffered a fairly nasty attack just a while ago. Most internet users didn't notice. I'm sure some pulses were raised at the root server level, but that's a scenario they think about all the time.
4) Connectivity. Think about this carefully. What, precisely, can you get to via the internet, and how would you do it? Let's start at the attacker's end. So you're an Iraqi geek. Well, until the mid-to-late 1990s, you didn't have a single internet connection in the entire damn country; your national web pages were hosted in Jordan, and the U.S. Gov't was assiduously bombing all means of connecting with the outside world. Let's take an easily believable step and say you're a group of Iraqi geeks who've been prepositioned in internet cafes around the world! You're set! You're ready to go! Okay, um, what are you attacking? Again, those 'deep intrusion' hacks we keep reading about (like the recent British arrest) are done by people who have spent enormous amounts of time and effort getting into these systems in the first place, time that you likely don't have if you don't want to get nailed before IW-Day.
Other end. What are you attacking? There are all manner of horror stories about electrical switches and the like connected to the internet. Most of them ignore the fact that many of these examples are connected to the internet for MONITORING purposes and don't in fact accept input. There are, of course, those that do; however, again, they are designed to assume that at some point they'll lose connectivity, and should operate autonomously or manually. Why? Because 'The Internet' breaks alllll on its own more often than it gets attacked.
InfoWar would be a lot more frightening to me if it could be clearly and precisely defined, and done so in a way that CLEARLY explains why and how it would be a) more effective and b) easier than having sleeper agents in twenty-five cities toss hand grenades at telephone switching offices.