Loading...

The new security threats - Cyberterror

An assessment

Seminar Paper 2000 22 Pages

Politics - International Politics - Topic: Miscellaneous

Excerpt

Contents:

1) Introduction

2) Cyberterror: “Dependency equals Vulnerability”
2.1 Targets
2.2 Tools
2.3 Reactions – The State on the Defense ?

3) Offensive State use of the ‘Third Wave’: “Vulnerability equals Opportunity”
3.1 Interception Capabilities or the ‘Echelon’ Case
3.2 Internet Interception
3.3 Information Warfare or FM 100-6

4) Conclusion

5) Bibliography

1) Introduction

In this paper I will address the question if Cyberterror has to be viewed as one of the “New Security Threats” that will have to be dealt with as we enter the next millenium. To answer this I will highlight some of the possible targets in modern digitized states, democratic or not, and the means with which these targets can, and have been attacked. Throughout the paper I will show that, if there is any doubt about motivation, attacks on these very targets by ‘civilian’ Hackers have been carried out ever since the whole phenomenum started.

The question that has to be answered though is that of the reality and probability of cyberterror[1]. Here the rationale is that if cyberattack is feasible, and if the means are available to the enemies of industrialized nations, than it will happen. This of course under the presumption that the will of these groups to hurt highly industrialized, capitalist, and western nations still exists; an assumption that is in my view save to make.

Thus, lately, the US government, the EU, and others have included cyberattack in their list of the “new security threats” that have to be faced into the next century. But criticism has arisen as well. Civil liberty advocates have voiced their concern that the states are crying ‘wolf’ so as to create a pretense to curtailing information freedom as it is facilitated by the net. So what is the net assessment that can be made on the subject? Is the new technology a tool of empowerment for the ‘weak but angry’? What forms of use are to be expected on the net in regard to political activism? Are we facing an electronic Pearl Harbor, as some politicians and security experts would like us to believe? Who is the weak and who the strong in this equation?

Background

When asked which characteristics best describe the end of the 20th Century, and are most likely to influence the beginning of the 21st, a few things come to mind: The end of the Cold War and its bipolar world system, rising discrepancies between cultures and economies (North-South, and [Far-] East-West), the 'New World Order', and the inter linkage of these entities at a rising pace (Telecommunications, Internet, etc.), the 'Third Wave'[2].

The 'New World Order' will, and already is changing the way conflicts are shaped and how they are solved. The lack of superpower protection and the 'triumph' of liberal democracy will lead to world peace for the 'Global Village' in the eyes of fukoyamian optimists[3], or a return to regional and unchecked inter- and intra-state conflicts with uncertainty concerning 'outside power intervention' in the eyes of IR neo-neo-realists[4].

Cultural and territorial clashes remain unsolved or are reopened in this new world and conflict between 'revisionist' (revolutionary, hyper national, or religious fundamentalist) and 'status-quo' (democratic, conservative, and benign nationalist) states[5] will and have already occurred (Gulf War, Balkans, Ex SU, etc.).

On this background the interconnection of computer networks and the rising reliance of the (developed) world on information transmitted through telecommunications, in short the 'Third Wave', opens new ways of 'entry' into economies and communities and brings with it new threats of malicious use of these technologies. The arena of future ‘deep battles’[6] will most probably be ‘Cyberspace’[7], the genuine, if hard to grasp, realm that ‘exists’[8] somewhere between the computer terminals of the world connected through the ‘Net’, the ‘Matrix’. This Net is international in scope and growing swiftly and steadily. And it is growing in size, wealth, as well as political importance. This means that revisionist states as well as groups (terrorist or other) or even individuals now have, through the use of technology, the power to seriously challenge their opponents, opponents that they could not face on conventional terms in the past[9].

Examples for this exist. A recent threat by East Timor rebels to paralyze the Indonesian Military, economical and financial powerbase through the use of “a fleet of hackers” that are ready and waiting for their orders in the US and Europe[10]. All this in case Indonesia does not accept the outcome of the planned memorandum on East Timor independence.[11] It turned out to be not much more than just that, a threat, but while this scenario of an all out attack still lies in the future, civil disobedience and cyber sabotage have been practiced: On January 18 1998 the Mexican Zapatista rebels called sympathizers to spam Mexican government internet sites, thus overloading and blocking these sites.[12] Another call was put out for August 26 1999, an effort that succeeded just as well.[13]

The possibilities are many in this form of exchange, now called hackerism[14]. If they amount to what Joel Garman, Computer Hacker for the USAF declared: "Give me ten good men and I can paralyze the US"[15] remains to be seen.

2) Cyberterror

2.1 Targets

A decisive victory in any conflict can be defined as the situation into which he other side is put in where it lacks the ability to act freely, and is literally at the mercy of the opponent. This situation can be created by taking over the other side's 'vital territory', be it in the conventional sense (conquering high ground in battle; sinking the Armada; cutting the proverbial Achilles' heal; etc.) or other. All this does, and never has demanded for the complete and utter destruction of the enemy, but rather the smart maneuvering that leaves the opponent in the 'impasse'.

The Pillars of (western) nations (their 'vital territory') are their economic technological as well as military centers of power. These are huge organizations that are interconnected, international and highly computerized and dependent on the flow of information. This is also their weak point. The use of networks, the connecting of these networks and the very nature of computers create many loopholes through which these networks can be entered and tampered with. Entry and even taking over the control over these computerized centers of power poses the most serious threat to developed nations short of military conquest or nuclear (unconventional) blackmail.

How real is this threat though?

On Jan. 15 1990 AT&T's long distance telephone switching system collapsed and 70 mil calls were stopped[16]. A glitch in the computer program controlling the system led to the breakdown. This massive breakdown, if caused by "Phone Phreaks"[17] or not showed the inherent danger on the reliance on computers: The program was changed in such a way that the computer 'thought' (this is exactly what computers can't do! hence the problem) that everything was in order while regular problems went unnoticed, accumulated and started a chain reaction that led to the breakdown.

The AT&T breakdown is significant as in it's wake the US Secret Service started "Operation Sundevil", a nation-wide crackdown on hackers.

The US Secret Service (USSS) was given jurisdiction over credit card and computer fraud by congress in the 1984 ‘Comprehensive Crime Control Act’, and starts surveillance of hacker conventions and ‘boards’[18]. In September of 1988 a hacker called “Prophet” cracks BellSouth’s AIMSX computer network, gaining access to its ‘E911’ program. This program was established to create ‘parallel phone-lines’ for exclusive emergency use, the 911 number. The hacker passed on the program to ‘Knight Lightning’, a follow hacker, who subsequently published the E911 document in the “Phrack” e-newsletter[19]. Both are among the numerous hackers that are arrested by the USSS and the ‘Chicago Task Force’ during the first months of 1990. On March 7/8/9 the USSS and the ‘Arizona Organized Crime and Racketeering Bureau’ conduct “Operation Sundevil”, a coordinated action reaching from Miami to San Francisco across the whole US, raiding and arresting hackers, phreaks and so on.

The ‘Hacker Crackdown’ of 1990 has collectively become known as “Operation Sundevil”. Still, two months later switching station phone software crashes again, affecting Washington, LA, Pittsburgh and San Francisco. On Sept. 17 also AT&T crashes again, silencing New York and three major airports…

Phone companies were the targets for hacking from early on[20]. The huge amount of information (billing, connecting, etc.) processed by these companies caused their early and complete ‘embrace’ of the technology. Indicators that things were not always as it seems with their computers thus started early, during the 70's and 80's. Jerry Neil Schneider organized the 1971 ‘Western Electric & Pacific Telephone’ rip-off, stealing huge amounts of telecom equipment by changing order instructions of the company.[21] The same year the YIPL/TAP magazine is started by ‘Yippie Phone Phreaks’, sharing information on all kinds of phone mischief. In the early 80's Bell South's ‘Intrusion Task Force’ had found Freaks everywhere in their system, creating lines, avoiding charge, and spying on phone lines at will.

As it is though Telephone companies[22] are only one target that can be manipulated.

Banks and even more so stock markets deal with the perception of reality in the sense that trust, feeling of security, etc. are ever present, and crucial, in our relation to these bodies. Once this delicate relationship is disturbed they go out of business quickly and through interconnection could bring down significant parts of the ‘hated’ capitalist system. The ‘BCCI’ scandal can serve as an example for the possible scope of the damage. Damage done by actual hacking is kept secret by the banks though, who rather take the punches than publicize the fact that peoples' money might not be as save as one would believe.

The financial system of the West, the declared target of ideological terrorism in classical terms, is thus open to attack that, in the worst case, can bring it down without one hacker/terrorist even entering a bank, or the target country for that matter.

But the financial world is only one part of the ‘military-industrial complex’ of developed nations. Numerous cases of hacks into the computer networks of the Pentagon, FBI, CIA, DEA, etc. have been reported, mostly under a caption like "Teenager breaks into...", somewhat belittling the seriousness of the matter. In 1989 Clifford Stole, the Internet lab manager of Berkeley University discovered a young German hacker spying in the US, paid for by the KGB. This was the first case of international computer espionage discovered and described in the book "The Cuckoo's Egg"[23].

While the use of hackers for espionage purposes is worrying, the possibilities of Cyberwarfare are much more far reaching. The US Defense Establishment in particular the Defense Information Systems Agency employs so called 'Tiger Teams'[24], groups of hackers that probe military computer networks to discover weak spots. Joel Garman, a USAF hacker took over the USS Lasalle's Command and Control Center, changing target designations for the ship's massive guns: "if fired they would have hit hospitals and kindergartens instead of the intended military targets...".[25] In another probe he changed the flight plans of an F-15 squadron that was supposed to fly a refueling exercise over the Atlantic. If they had flown the mission, the fighter planes would have wound up hundreds of miles away from the refueling plane, running out of fuel over the ocean These incidents were performed by US personnel, and even with all these efforts the DISA recorded more than 255 real breaches in 1994.[26]

These examples show on the one hand the severity of the threat and the seriousness with which the Pentagon regards the problem. Cyberwar, in the eyes of the Pentagon is a cheap and low risk, as hard to track, option to hurt the West[27]. It is also a weapon, which is not and never was exclusively in the realm of high-tech specialists. The new freedom of information flow through the Internet delivers the "Tools of the trade" right to your PC.

[...]


[1] Terrorism: “Terror is a symbolic act designed to influence political behaviour by extranormal means, entailing the use or threat of violence.” Thornton, in Eckstein (ed.) 1964, p.73

[2] Peled, Seminar Hebrew U., 1999

[3] Fukoyama, 1989

[4] Miller, 1996

[5] Schweller, 1995; and Buzan, 1991; as quoted in Miller, 1996

[6] Battles fought away from the front-line be it in Cyberspace, on TV, or through other means that change peoples conception of reality. Alvin Toeffler "Future Shock" (Auth.) in BBC "The I Bomb", 1995

[7] Gibson, 1982

[8] It exists in very much the same way that telephone conversations between two people are real conversations, relevant, cognitive connections even though both side talk into a plastic apparatus on their desks and what they hear has been broken down into electronic impulses, transferred huge distances and reassembled by a machine. Their conversation takes place not in their respective offices, as none of them is 'present' in the others proximity, but they 'meet' in a space in-between, the space that is digital in shape but none the less genuine in its significance. In the world of computers this is called 'Cyberspace'.

[9] This technology is also being used by strong states, in what is known as PsyOps. We will concentrate on that aspect in the second part of the paper.

[10] Roetzer F., “Crackerangriff auf das virtuelle Osttimor”, 26.01.1999, http://www.heise.de/tp/deutsch/special/info/6363/1.html

[11] Ha’Arez Newspaper, 240899

[12] Dominguez R., Digital Zapatismo, Infowar, 1998

[13] Electronic Civil Disobedience, http://www.thing.net/~rdom/ecd/storm99.html

[14] Roetzer F., “Infowar und politischer Aktivismus”, 23.09.1998, http://www.heise.de/tp/deutsch/special/info/6292/1.html

[15] BBC World Focus, 30.07.1997

[16] The ‘Martin Luther King Day Crash’ strikes the AT&T long-distance network and stops calls nation wide.

[17] Persons misusing telecom facilities, by stealing and excessively using other peoples' access numbers ("shoulder surfing"), 'cloning' cell phones (thus avoiding billing, and tapping by the authorities, a favourite with drug dealers!), eavesdropping on calls, creating fictitious lines, using vacant long distance lines with the help of "Blue Box" hardware, changing switching programs, etc.. This branch of 'Cybercrime' is by far the most common and so far the most damaging practice.

[18] http://www-personal.umd.umich.edu/~nhughes/cyber/ha/chrono.html

[19] Steele, S., “Steve Jackson Games Versus United States Secret Service”, http://www.eff.org/pub/Legal/Cases/SJG/background.sjg

[20] In 1878 (!), two years after its invention, ‘teenage males’ are flung off the phone system by enraged authorities. http://www-personal.umd.umich.edu/~nhughes/cyber/ha/chrono.html

[21] Parker, D., Crime by Computer, 1976, p.59

[22] Since the invention of the telephone the company (-ies) were a favourite target for 'pranks'. This phenomenum spread when the possibilities for malicious, and profitable use became apparent and entered the anti-establishment scene during the 60's. The ideological 'father' of this way to hurt 'the system' was Abbie Hoffman who promoted the 'cause' in his book "Steal this Book" (A publication that was in the possession of the author, until it was borrowed and not returned!).

[23] Sterling, B., The Hacker Crackdown, 1994, http://surf.Germany.EU.net/bookland/inet/sterling/crackdown/

[24] BBC, World Focus, 30.07.1997

[25] ibid.

[26] M. Higgins, Chief, Counter Measures Division, DISA, BBC "The I Bomb", 1995

[27] Roetzer F., “Koennen Cracker Kriegsschiffe oder Panzer fernsteuern?”, 22.03.2000, http://www.heise.de/tp/deutsch/special/info/6683/1.html

Details

Pages
22
Year
2000
ISBN (eBook)
9783638877510
ISBN (Book)
9783638877657
File size
477 KB
Language
English
Catalog Number
v79530
Institution / College
erg International School - Hebrew University of Jerusalem, Israel – Department for Political Science
Grade
90
Tags
Cyberterror Citizen State Information

Author

Share

Previous

Title: The new security threats - Cyberterror