On the Possibility of Information Warfare?

denisonbigred asks: "With all of the talks about disarming Iraq's weapons of mass destruction, and all of the news coming out about Al Qaeda and other terrorist groups use of technology, I tend to wonder what is being done about the possibility of informational warfare. There must be a few geeks over in Iraq, and angry, subversive, geeks must be at least as dangerous as Iraq's rag-tag army. Is this a legitimate concern, and does anyone know what, if anything, is being done to address it?"

Not a big threat.

[zmalone]

I've seen lots of articles about the various "information warfare" scenarios. The impression I've gathered is that it just isn't that big of a threat. In the past we've had break-ins to US military computers, but outside of the negative publicity, not much came of it (didn't the famous late '80s German attacks only result in copies of VMS reaching East Germany?).

The various commercial web sites are another matter, but none of them are critical to anyones life, and if eBay or someone were to be broken into, very few people (and one company) would really suffer.

Now if that one cracker were to instead get into the US and begin shooting people from the trunk of a car, or go hijack a commercial plane, the damage would be far greater, and less education would be required to pull it off.

(There was an article on the Register about this about a month ago)

Re:Well...

[ivan256]

If you can hack into a power/water plant and make it not be happy, life becomes very bad.

I'm tired of hearing this crap spouted by the media and parroted by people who listen. This type of thing isn't going to happen, and it's not because we have amazing security, or because the hackers aren't smart enough, it's simply because these critical systems are not attached to the global network in any significant way. If they were on the net, sure we'd have to worry about them, but sensitive systems like this are connected through private leased lines, and there is a physical aspect to any successful attack scenario.

Re:better use for EMP bombs

[Iamthefallen]

I'd be very careful discussing things like this on public messageboards, even as speculation or in a joking manner. The above post, if shown to the wrong person, could very well result in an investigation, and in the current climate it doesn't take all that much for you to be tracked down and interrogated. Something that would definitely be a bad thing should you ever wish to seek employment that requires security clearance, not to mention having to explain to someone with a badge just why you posted suggestions on how to fight the US.

Am I paranoid? Possibly, that doesn't mean they're not out to get me though.

Information Warfare? What *IS* it?

[Sierran]

The problems with this whole scenario (and the whole lot of the 'doom and gloom' information warfare scenarios that the US Government and cronies have been pumping out for the past few years) are legion. Before anyone shoves a pamphlet at me, let me state that I have *worked* for RAND doing analysis and I've *read* the books. Here are, in my opinions, the problems as I see them.

1) Definition. In order to effectively do nasty things to the US using 'information warfare' you need to know what the heck IW is. Guess what: we don't. The US Military has 'Information Operations' but those are mostly modern takes on tactics and strategies that go back at least as far as Sun Tzu, and involve attempting to retain and collect information on the situation while denying the same to the enemy. We keep hearing about how vulnerable stuff on the internet is to tampering. There are horror stories almost weekly about how some hacker almost succeeded in shutting down LA's power, or almost took out an air traffic control node, etc. etc. Which of these is IW? All of them? Some?

2) Scale of Effort. Really, at some point, taking down LA's power grid is a lot more easily done by bribing Enron or by tossing some hand grenades over the fence at a substation than by hacking. Here's a quick exercise. Think of a bad scenario. Now figure out how many separate intrusions would probably be required to cause it, and then figure out how many of them would need to be done simultaneously. Sure, you might be able to get into a lot of the places than can cause harm - but to do so catastrophically and as a surprise attack, you'd need to access a lot of them at the same time. First of all, that means you'd need to set up access in advance (forget the movies, kids, hackers don't 'get into systems' in the space of time it takes to get fellated by John Travolta's hookers). Now, you have to suppose that all of those prior intrusions have not set off alarms, either through intrusion detection or through simple damage and response, so that they'll all work flawlessly when you need them.

3) Differentiation. You need to make sure that the failures you trigger don't just look like reg'lar old failures. Why? Because those actually happen all the time, and there are plans and general states of mind for those. A large portion of the effectiveness of 'InfoWar' as it's thrown around by the press seems to rest on 'shock value' like most traditional military operations. The problem is that instead of trying to cause confusion at a single point (the opposing commander), InfoWar is trying to panic a population's worth of responders (the sysadmins and troubleshooters who maintain the systems under attack). As far as those go, each 'component' failure will have to work hard to look different from things they worry about every day. There's no central authority (other than the stupid departments and agencies the US Gov't is busy setting up) to panic and spread the paralysis panic causes. Note: the root name servers suffered a fairly nasty attack just a while ago. Most internet users didn't notice. I'm sure some pulses were raised at the root server level, but that's a scenario they think about all the time.

4) Connectivity. Think about this carefully. What, precisely, can you get to via the internet, and how would you do it? Let's start at the attacker's end. So you're an Iraqi geek. Well, until the mid-to-late 1990s, you didn't have a single internet connection in the entire damn country; your national web pages were hosted in Jordan, and the U.S. Gov't was assiduously bombing all means of connecting with the outside world. Let's take an easily believable step and say you're a group of Iraqi geeks who've been prepositioned in internet cafes around the world! You're set! You're ready to go! Okay, um, what are you attacking? Again, those 'deep intrusion' hacks we keep reading about (like the recent British arrest) are done by people who have spent enormous amounts of time and effort getting into these systems in the first place, time that you likely don't have if you don't want to get nailed before IW-Day.

Other end. What are you attacking? There are all manner of horror stories about electrical switches and the like connected to the internet. Most of them ignore the fact that many of these examples are connected to the internet for MONITORING purposes and don't in fact accept input. There are, of course, those that do; however, again, they are designed to assume that at some point they'll lose connectivity, and should operate autonomously or manually. Why? Because 'The Internet' breaks alllll on its own more often than it gets attacked.

InfoWar would be a lot more frightening to me if it could be clearly and precisely defined, and done so in a way that CLEARLY explains why and how it would be a) more effective and b) easier than having sleeper agents in twenty-five cities toss hand grenades at telephone switching offices.

Re:better use for EMP bombs

[PD]

It's this sort of thinking that scares the hell out of me. Sooner or later somebody is going to give the US a bloody nose.

What kind of thinking would that be? I'm an anti-war pacifist, though you probably couldn't tell that from what I wrote.

The fact of the matter is that with the current tactics we use and adversaries we face, nobody can defeat the US military on the battlefield. They could cause a hell of a lot of trouble, but that would not give them victory.

I agree with you that someday someone will give us a serious bloody nose. But that doesn't reflect today's reality.

The arguments you gave are nice, but they're not related to what I was talking about. The first part of the post I was replying to was speaking of the possiblity of a few people with EMP bombs causing US military command and control to break down. There's not a chance in hell of that happening.