June 18, 1996

Article at The Sydney Morning Herald

TECHNOLOGY | Fighting the invisible enemy

Future world conflicts will not be resolved with military hardware and physical hardware and physical might. As WILSON da SILVA reports the victors will be those who best infiltrate the computer systems of their foes.

THE UNITED STATES is at war. So is Australia. This will come as a surprise to US President Bill Clinton and the US Congress, who haven’t signed a declaration of war. It will come as a surprise to the Prime Minister, John Howard, and his Cabinet, who have not authorised any military engagement.

And yet, both nations are under attack. According to a report to the Congress released last month, US defence computers were hacked 250,000 times last year, and it is estimated that 65 per cent of attacks were successful. Only 4 per cent were detected, and less than a third of these were actually reported to superiors.

Defence computers in Australia are also under attack. Defence security experts in Australia admit as much, although they never directly say so. 

Although Australian installations are unlikely to be as much of a “honeypot” for hackers as military icons like the Pentagon, they are occurring, and the best and brightest computer minds in the Australian military are being called into service to battle them.

In this seemingly invisible form of warfare, there is no need to spill blood on the battlefield: the enemy can achieve the same aims without a single shot fired. They can disrupt air traffic control, confuse radar systems, jam banking networks or crash a country’s Internet.

They may well be talented teenagers with keyboards and too much time on their hands, doing the Net equivalent of joyriding or graffiti tagging. Certainly most of the intruders detected don’t steal sensitive files or destroy documents. But then, only 4 per cent are detected.

However, an increasing number of hacker attacks are wreaking damage. And it has started to dawn on defence officials that they have no way of knowing whether a hacker is a just a hotshot Netsurfer or the agent of an unfriendly foreign power.

Defence experts may be able to trace a hacker to a number of Internet nodes around the world, but hackers worth their salt will make sure the trail eventually goes cold - preferably in a country far from them.

Something else occurs to them: if teenagers can crack military computers using software freely available on scores of computer bulletin boards, using strategies freely discussed on Internet newsgroups - couldn’t a professional military outfit be capable of much more?

“It doesn’t take a lot to generate an attack, and you can wreak a lot of damage,” says Dr Brian Billard, chief of military computing systems at the Adelaide labs of the Defence Science and Technology Organisation (DSTO).

“It’s not like a nuclear capability; you don’t need lots of money and an intensive program. It’s relatively easy to mount a successful attack.

“And they don’t have to be countries - they can be sectional interests like organised crime,” he said.

Billard, along with an increasing number of military thinkers in the West, is coming to the realisation that they are sitting ducks when it comes to Information Warfare.

With good communications networks and a sophisticated economy heavily reliant on technology, industrialised countries like Australia are the prime targets.

And they are wide open. While we spend billions patrolling our seas and skies against incursions of our sovereignty, our “datasphere” is unprotected.

Hackers - whether spies, criminals or just joyriders - can dial into computer networks in Australia, steal information or bring down civilian systems and disrupt military operations. Our “data borders” are unpatrolled. There is no defence of the electronic realm.

“The fact is, we are no longer a four-dimensional environment of air, land, sea and space. Information operations introduces a fifth dimension of warfare,” the Vice Chief of Staff of the United States Air Force, General Thomas Moorman, told a Canberra defence conference last week.

The general should know: between March and April 1994, the USAF’s premier command and control research facility, the Rome Laboratory in New York, detected a volley of unauthorised incursions emanating from the Internet.

More than 150 attacks were detected. The attackers fired off software weapons like “Trojan horses” and “sniffers” to access and control Rome’s operational network.

The Trojans, or virus-like subprograms, were designed to attach themselves to legitimate users, then open up a trail behind them so the hackers could follow.

The sniffers parked themselves inside the USAF computers and sucked passwords from legitimate users as they logged on, passing them on to the hackers.

Using these relatively common hacker techniques, the intruders were able to seize control of the lab’s computers for several days and establish unauthorised links to US and overseas Net sites, and hack into other systems.

They copied and downloaded critical information such as air tasking orders - messages US commanders use during wartime to transmit battle tactics, intelligence, and targeting information to pilots and other weapons systems operators.

They also covered their tracks. Three days into the attack, USAF computing staff realised what was happening and tried to trace the intruders. They weaved their way back through commercial Internet sites on the US east and west coasts, and several telephone switches in South America before ending up in Britain.

There, the trail went cold. A post-mortem established that there were two intruders, but no-one knows where they came from nor what they did with the sensitive military information they were able to steal. In the meantime, the USAF spent $625,000 hunting down the Trojans and sniffers in the bowels of their computers to restore security.

“Had they decided, as a skilled attacker most certainly will, to bring down the network immediately after the initial intrusion, we would have been powerless to stop them,” an official report into the incident said.

No-one knows for sure how much sensitive information was stolen. The USAF knows one thing: the air tasking system they spent three years and $4 million developing is now likely to be compromised.

This is one of the many attacks against US military establishments documented in the past few years. No doubt many more have gone undetected.

The US military has more than 2.1 million computers, 10,000 local networks and 100 long-distance networks. In the past few years, the US Defence Information Systems Agency has launched 38,000 attacks against the military’s own computers, using software and strategies commonly available on the Internet.

Sixty-five per cent of the time, the military hackers gained access. Of the 24,700 successful intrusions, only 988 were detected. Most didn’t like admitting they had been done: only 267 were officially reported.

Much the same may be occurring in Australia. But you won’t hear it from the military types. While they admit they are just as vulnerable to such attacks - in some cases, more so - they clam up when you ask if they’ve ever been a victim.

Researchers believe that the threat of information warfare is that it gives small nations as much firepower as large nations. Military strategists point a fearful finger at the Third World, drug cartels, the Mafia - any number of groups who may have the motivation to do harm and who possess some computer nous.

The US National Security Agency estimates that at least 120 countries have established computer attack capabilities.

About 60 per cent of doctorates granted by US universities in computer science and security are to foreigners, with two-thirds from Islamic countries or India.

“Sophisticated countries like Australia are the ones that are going to be targeted,” says DSTO’s Billard.

“At what point do we consider our national sovereignty under attack? And what is the appropriate response? Do we use the same technology in retaliation?

“There are a whole raft of problems we have to consider as a nation.”

But the threat can’t be illusory: last week, the DSTO opened a new laboratory in Canberra with a charter to tackle command and control security and develop information warfare strategies. It is part of Project Takari, a 15-year program established by the DSTO that will involve 250 scientists and stretch into 2010.

There is also the potential to use these technologies to hobble a potential enemy - albeit one with some level of electronic sophistication.

“Information warfare is a fast-emerging arena which has the potential of turning the tide of conflict without firing a shot,” General Moorman said. “Intrusion into data links, databases and local area networks can significantly inhibit an adversary’s ability to plan, executive and coordinate military operations.”

Dr Warren Harch, research leader of the “InfoWar” lab, was reluctant to discuss detection and protection strategies. Asked if the information warfare research was just aimed at defending Australia against incursion, or also aimed at developing offensive capabilities against an enemy, he was cagy. “That’s something I can’t really talk about, other than to say that we’re interested,” he said.