May 15, 1997

Article at South China Morning Post

FEATURE | Hackers wage war at push of a button

The online frontline has arrived, and military strategists in the industrialised world are worried: in the war across electronic borders, anyone can be a superpower.

By Wilson da Silva

THE UNITED STATES is at war. But it is a war that involves no fighter planes, no tanks and no troops in combat. It is a conflict that requires no declaration of war by the Congress and no authorisation by U.S. President Bill Clinton.

And yet, the country is under attack. According to a report to the Congress released last year, U.S.  defence computers were hacked 250,000 times in 1995 alone. The attacks were successful in 65 per cent of cases. Only four per cent of the computer incursions were detected, and less than a third of these were actually reported to superiors.

Welcome to the age of Information Warfare. In this seemingly invisible form of combat, there is no need to spill blood on the battlefield: the enemy can achieve the same aims without a single shot fired. They can disrupt air traffic control, confuse radar systems, jam banking networks or crash a country’s Internet.

They may well be talented teenagers with keyboards and too much time on their hands; doing the Net equivalent of joyriding or graffiti tagging. Certainly most of the intruders detected don’t steal sensitive files or destroy documents. 

But then, very few of the attacks are actually detected. What is worrying defence scientists is that an increasing number of hacker attacks are wreaking damage to military systems. And it has started to dawn on defence officials that they have no way of knowing whether a hacker is a just a hotshot Netsurfer, or the agent of an unfriendly foreign power.

Defence experts may be able to trace a hacker back a number of  Internet nodes around the world; but any hacker worth their salt will make sure the trail eventually goes cold – preferably in a country far from them.  Something else has occurred to defence strategists: if teenagers can crack military computers using software freely available on scores of computer bulletin boards, using strategies freely discussed on Internet newsgroups – couldn’t a professional military outfit be capable of much more? 

The United States is not the only country to be concerned. Attacks have been detected in Britain, Australia and a number of European countries. Late last year, Australia’s defence forces opened a new laboratory in Canberra with a charter to tackle command and control security and develop information warfare strategies. It is part of Project Takari, a 15-year programme established by the Defence Science and Technology Organisation that will involve 250 scientists and stretch into the year 2010.

Although Australian installations are unlikely to be as much of a “honeypot” for hackers as military icons like the Pentagon, they are occurring.

“It doesn’t take a lot to generate an attack, and you can wreak a lot of damage,” says Dr Brian Billard, chief of military computing systems at the Adelaide laboratories of the organisation. “It’s not like a nuclear capability; you don’t need lots of money and an intensive programme. It’s relatively easy to mount a successful attack. And they don’t have to be countries – they can be sectional interests like organised crime.”

Billard, along with an increasing number of military thinkers in the West, has come to the realisation that technologically advanced national are sitting ducks when it comes to information warfare. With good communications networks and a sophisticated economy heavily reliant on technology, industrialised countries are the prime targets.

And they are wide open. While they spend billions patrolling the seas and skies against incursions of sovereignty, their “datasphere” is unprotected. Hackers – whether spies, criminals or just joyriders – can dial into computer networks, steal information or bring down civilian systems, and disrupt military operations. Their “data borders” are unpatroled. There is no defence of the electronic realm.

“The fact is, we are no longer a four-dimensional environment of air, land, sea and space. Information operations introduces a fifth dimension of warfare,” U.S. Air Force vice chief of staff General Thomas Moorman told a recent defence conference in Australia.

Moorman should know: between March and April 1994, the U.S. Air Force’s premier command and control research facility, the Rome Laboratory in New York, detected a volley of unauthorised incursions emanating from the Internet. More than 150 attacks were logged. The attackers fired off software weapons like “Trojan horses” and “sniffers” to access and control Rome’s operational network.

The Trojans, or virus-like sub-programs, were designed to attach themselves to legitimate users, then open up a trail behind them so the hackers could follow. The sniffers parked themselves inside the air force computers and sucked passwords from legitimate users as they logged on, passing them on to the hackers.

Using these relatively common hacker techniques, the intruders were able to seize control of the lab’s computers for several days and establish unauthorised links to U.S. and overseas Internet sites, and hack into other systems. They copied and downloaded critical information such as air tasking orders – messages U.S. commanders use during wartime to transmit battle tactics, intelligence, and targeting information to pilots and other weapons systems operators.

They also covered their tracks. Three days into the attack, air force computing staff realised what was happening and tried to trace the intruders. They weaved their way back through commercial Internet sites on the U.S. east and west coast, several telephone switches in South America, before ending up in Britain.

There, the trail went cold. A post-mortem established there were two intruders; but no-one knows where they ultimately came from nor what they did with the sensitive military information they were able to steal. In the meantime, the U.S. Air Force spent US$450,000 hunting down and destroying the Trojans and sniffers in the bowels of their computers before they were assured they had restored network security.

“Had they decided, as a skilled attacker most certainly will, to bring down the network immediately after the initial intrusion, we would have been powerless to stop them,” an official report into the incident admitted.

No-one knows for sure how much sensitive information was stolen. The air force does know one thing: the air tasking system they spent three years and US$3 million developing had likely been compromised.

This is one of the many attacks against U.S. military establishments documented in the past few years. But how many went on undetected? The U.S. military has over 2.1 million computers, 10,000 local networks and 100 long-distance networks. 

In the past few years, the U.S. Defence Information Systems Agency has launched 38,000 attacks against the U.S. military’s own computers, using software and strategies commonly available on the Internet. To their surprise, 65 per cent of the time they gained access. Of the 24,700 successful intrusions, only 988 were detected by their defence colleagues. And those that did were not too keen on admitting they had been breached: only 267 were officially reported.

And there’s another thing: the frightening thing about information warfare – as far as the high-tech superpowers are concerned – is that it gives small nations as much firepower as large nations. Military strategists point a fearful finger at the Third World, drug cartels, the Mafia – any number of groups who may have the motivation to do harm and can get their hands on smart people and fancy hardware.

The U.S. National Security Agency estimates that at least 120 countries have established computer attack capabilities. In testimony to the U.S. Congress, it said that some 60 per cent of doctorates granted by U.S. universities in computer science and security are to foreigners, two-thirds of them nationals of Islamic countries or India. 

“Sophisticated countries are the ones that are going to be targeted,” says Billard. “At what point do we consider our national sovereignty under attack? And what is the appropriate response? Do we use the same technology in retaliation?”

There is also the potential to use these technologies to hobble a potential enemy – albeit one with some level of electronic sophistication.  “Information warfare is a fast-emerging arena which has the potential of turning the tide of conflict without firing a shot,”  General Moorman said. “Intrusion into data links, databases and local area networks can significantly inhibit an adversary’s ability to plan, executive and coordinate military operations. 

Dr Warren Harch, research leader of the Australian information warfare lab, was reluctant to discuss the kind of detection and protection strategies they are pursuing. Like much of the work on this area, information can be hard to come by. 

Asked if the information warfare research was just aimed at defending Australia against incursion, or also aimed at developing offensive capabilities against an enemy, he was cagey. “That’s something I can’t really talk about, other to say that we’re interested,” he said.