Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

11/18/2009
09:27 AM
Gadi Evron
Gadi Evron
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

NSA Iraqi Computer Attacks And U.S. Defense

A National Journal Magazine article called "The Cyberwar Plan" has been making waves the last few days in our circles -- it's about how cell phone and computer attacks were supposedly used against Iraqi insurgents by the National Security Agency (NSA). Its significance is far more than just what's on the surface, however.

A National Journal Magazine article called "The Cyberwar Plan" has been making waves the last few days in our circles -- it's about how cell phone and computer attacks were supposedly used against Iraqi insurgents by the National Security Agency (NSA). Its significance is far more than just what's on the surface, however.The article describes several issues and that in my opinion confuses what matters: the supposed computerized attacks in Iraq, and the cyber offensive capabilities being admitted, their impact on the United States' cyber defense stance, international relations, and diplomacy.

By the description in the article, some of the techniques used in Iraq were blocked cell phone signals, users (terrorists) were located and possibly "dealt with," and disinformation was sent to them to disrupt enemy operations or lead them into ambushes.

"With this capability, the Americans could deceive their adversaries with false information, including messages to lead unwitting insurgents into the fire of waiting U.S. soldiers."

While these operations, if the claims are true, could certainly be achieved by computerized attacks, it seems like overkill. It makes much more sense that while computerized attacks were used, trusted older techniques took point -- SIGINT (Signals Intelligence) to locate and decipher communication sources and networks, EW (Electronic Warfare) to interfere with them, and Intelligence Warfare, or Information Operations, to seed disinformation.

In the U.S., information operations such as the latter are a part of information warfare doctrine, right along with computer attacks. Which means the terminology needs to be double-checked when looking at an American source. In this case, however, officials are clearly stating computer attacks were used.

The article also mentions a 1999 operation in Yugoslavia, which was a proof of concept and therefore not fully utilized:

"The U.S. conducted its first focused experiments with cyberattacks during the 1999 bombing of Yugoslavia, when it intervened to stop the slaughter of ethnic Albanians in Kosovo. An information operations cell was set up as part of the bombing campaign. The cell's mission was to penetrate the Serbian national air defense system, published accounts and knowledgeable officials said, and to make fake signals representing aircraft show up on Serbian screens. The false signals would have confused the Serbian response to the invasion and perhaps destroyed commanders' confidence in their own defenses."
Regardless of what the precise technology used in Iraq was, the U.S. admitting to the use of such capabilities during actual fighting is fascinating, which brings me to why this article is so interesting. If the reports mentioned are true, it is plausible the U.S. now employs two additional information warfare strategies:

1. Cyber warfare has been recognized as strategic power on par with WMD for at least two decades. However, recently the world at-large became aware of its potential, with cyberattacks being launched by who appears to be opponents and enemies of the US. Or with the potential impact to destabilize or destroy critical infrastructure, regardless of source.

Military power is often about perception, and thus past operations previously designated not for public consumption are being declassified. It seems that the U.S. is making a stand as to its abilities, and advertises them for the world to see as part of their party-line and PR strategy.

I would put money on the famous Jane's magazine adding a cyber offensive capabilities department within the year.

2. Deterrence has been a hot topic in U.S. defense circles ever since the Cold War, and in the past two years it has been suggested to be used in the cyber realm as well. That notion is ridiculous, due to reasons varying from plausible deniability of Internet attackers to lack of ability to attribute cyberattacks to a perpetrator to begin with.

Still, as it has been gaining ground, it is possible a deterrence doctrine has been pushed forward and is being used. For deterrence to work, information needs to be released as to why the U.S. is a scary country to attack due to possible retribution.

It is interesting to see information warfare being publicly admitted to, which means it is no longer just a tool used just by intelligence organizations for espionage reasons, but rather as a weapon of warfighting. And that at least some folks in the US, who were quoted in the article, take cyber defense seriously -- deterrence nonsense aside. People such as Bob Gourley, Air Force Lt. Gen. Harry Raduege, Matt Stern, a retired lieutenant colonel, and Col. Charles Williamson III (smart guy who unfortunately also helped start the cyber deterrence nonsense with his article on military botnets), along with many others in government and industry.

Oh yeah, and the attacks against the cellular network? That's cool, and even cooler that it's public.

Follow Gadi Evron on Twitter: http://twitter.com/gadievron

Gadi Evron is an independent security strategist based in Israel. Special to Dark Reading. Gadi is CEO and founder of Cymmetria, a cyber deception startup and chairman of the Israeli CERT. Previously, he was vice president of cybersecurity strategy for Kaspersky Lab and led PwC's Cyber Security Center of Excellence, located in Israel. He is widely recognized for ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/27/2020
Modern Day Insider Threat: Network Bugs That Are Stealing Your Data
David Pearson, Principal Threat Researcher,  10/21/2020
Are You One COVID-19 Test Away From a Cybersecurity Disaster?
Alan Brill, Senior Managing Director, Cyber Risk Practice, Kroll,  10/21/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27956
PUBLISHED: 2020-10-28
An Arbitrary File Upload in the Upload Image component in SourceCodester Car Rental Management System 1.0 allows the user to conduct remote code execution via admin/index.php?page=manage_car because .php files can be uploaded to admin/assets/uploads/ (under the web root).
CVE-2020-27957
PUBLISHED: 2020-10-28
The RandomGameUnit extension for MediaWiki through 1.35 was not properly escaping various title-related data. When certain varieties of games were created within MediaWiki, their names or titles could be manipulated to generate stored XSS within the RandomGameUnit extension.
CVE-2020-16140
PUBLISHED: 2020-10-27
The search functionality of the Greenmart theme 2.4.2 for WordPress is vulnerable to XSS.
CVE-2020-9982
PUBLISHED: 2020-10-27
This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Apple Music 3.4.0 for Android. A malicious application may be able to leak a user's credentials.
CVE-2020-3855
PUBLISHED: 2020-10-27
An access issue was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. A malicious application may be able to overwrite arbitrary files.