Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


09:27 AM
Gadi Evron
Gadi Evron
Connect Directly

NSA Iraqi Computer Attacks And U.S. Defense

A National Journal Magazine article called "The Cyberwar Plan" has been making waves the last few days in our circles -- it's about how cell phone and computer attacks were supposedly used against Iraqi insurgents by the National Security Agency (NSA). Its significance is far more than just what's on the surface, however.

A National Journal Magazine article called "The Cyberwar Plan" has been making waves the last few days in our circles -- it's about how cell phone and computer attacks were supposedly used against Iraqi insurgents by the National Security Agency (NSA). Its significance is far more than just what's on the surface, however.The article describes several issues and that in my opinion confuses what matters: the supposed computerized attacks in Iraq, and the cyber offensive capabilities being admitted, their impact on the United States' cyber defense stance, international relations, and diplomacy.

By the description in the article, some of the techniques used in Iraq were blocked cell phone signals, users (terrorists) were located and possibly "dealt with," and disinformation was sent to them to disrupt enemy operations or lead them into ambushes.

"With this capability, the Americans could deceive their adversaries with false information, including messages to lead unwitting insurgents into the fire of waiting U.S. soldiers."

While these operations, if the claims are true, could certainly be achieved by computerized attacks, it seems like overkill. It makes much more sense that while computerized attacks were used, trusted older techniques took point -- SIGINT (Signals Intelligence) to locate and decipher communication sources and networks, EW (Electronic Warfare) to interfere with them, and Intelligence Warfare, or Information Operations, to seed disinformation.

In the U.S., information operations such as the latter are a part of information warfare doctrine, right along with computer attacks. Which means the terminology needs to be double-checked when looking at an American source. In this case, however, officials are clearly stating computer attacks were used.

The article also mentions a 1999 operation in Yugoslavia, which was a proof of concept and therefore not fully utilized:

"The U.S. conducted its first focused experiments with cyberattacks during the 1999 bombing of Yugoslavia, when it intervened to stop the slaughter of ethnic Albanians in Kosovo. An information operations cell was set up as part of the bombing campaign. The cell's mission was to penetrate the Serbian national air defense system, published accounts and knowledgeable officials said, and to make fake signals representing aircraft show up on Serbian screens. The false signals would have confused the Serbian response to the invasion and perhaps destroyed commanders' confidence in their own defenses."
Regardless of what the precise technology used in Iraq was, the U.S. admitting to the use of such capabilities during actual fighting is fascinating, which brings me to why this article is so interesting. If the reports mentioned are true, it is plausible the U.S. now employs two additional information warfare strategies:

1. Cyber warfare has been recognized as strategic power on par with WMD for at least two decades. However, recently the world at-large became aware of its potential, with cyberattacks being launched by who appears to be opponents and enemies of the US. Or with the potential impact to destabilize or destroy critical infrastructure, regardless of source.

Military power is often about perception, and thus past operations previously designated not for public consumption are being declassified. It seems that the U.S. is making a stand as to its abilities, and advertises them for the world to see as part of their party-line and PR strategy.

I would put money on the famous Jane's magazine adding a cyber offensive capabilities department within the year.

2. Deterrence has been a hot topic in U.S. defense circles ever since the Cold War, and in the past two years it has been suggested to be used in the cyber realm as well. That notion is ridiculous, due to reasons varying from plausible deniability of Internet attackers to lack of ability to attribute cyberattacks to a perpetrator to begin with.

Still, as it has been gaining ground, it is possible a deterrence doctrine has been pushed forward and is being used. For deterrence to work, information needs to be released as to why the U.S. is a scary country to attack due to possible retribution.

It is interesting to see information warfare being publicly admitted to, which means it is no longer just a tool used just by intelligence organizations for espionage reasons, but rather as a weapon of warfighting. And that at least some folks in the US, who were quoted in the article, take cyber defense seriously -- deterrence nonsense aside. People such as Bob Gourley, Air Force Lt. Gen. Harry Raduege, Matt Stern, a retired lieutenant colonel, and Col. Charles Williamson III (smart guy who unfortunately also helped start the cyber deterrence nonsense with his article on military botnets), along with many others in government and industry.

Oh yeah, and the attacks against the cellular network? That's cool, and even cooler that it's public.

Follow Gadi Evron on Twitter: http://twitter.com/gadievron

Gadi Evron is an independent security strategist based in Israel. Special to Dark Reading. Gadi is CEO and founder of Cymmetria, a cyber deception startup and chairman of the Israeli CERT. Previously, he was vice president of cybersecurity strategy for Kaspersky Lab and led PwC's Cyber Security Center of Excellence, located in Israel. He is widely recognized for ... View Full Bio


Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
'BootHole' Vulnerability Exposes Secure Boot Devices to Attack
Kelly Sheridan, Staff Editor, Dark Reading,  7/29/2020
Average Cost of a Data Breach: $3.86 Million
Jai Vijayan, Contributing Writer,  7/29/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-08-04
In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the ship...
PUBLISHED: 2020-08-04
Extreme Analytics in Extreme Management Center before allows unauthenticated reflected XSS via a parameter in a GET request, aka CFD-4887.
PUBLISHED: 2020-08-04
save-server (npm package) before version 1.05 is affected by a CSRF vulnerability, as there is no CSRF mitigation (Tokens etc.). The fix introduced in version version 1.05 unintentionally breaks uploading so version v1.0.7 is the fixed version. This is patched by implementing Double submit. The CSRF...
PUBLISHED: 2020-08-04
An exploitable arbitrary file delete vulnerability exists in SoftPerfect RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can allow an unprivileged user to delete any file on the filesystem. An attacker can send a malicious IRP to trigger this vulnerability.
PUBLISHED: 2020-08-04
An issue was discovered in the Gantt-Chart module before 5.5.4 for Jira. Due to a missing privilege check, it is possible to read and write to the module configuration of other users. This can also be used to deliver an XSS payload to other users' dashboards. To exploit this vulnerability, an attack...