Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

11/18/2009
09:27 AM
Gadi Evron
Gadi Evron
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

NSA Iraqi Computer Attacks And U.S. Defense

A National Journal Magazine article called "The Cyberwar Plan" has been making waves the last few days in our circles -- it's about how cell phone and computer attacks were supposedly used against Iraqi insurgents by the National Security Agency (NSA). Its significance is far more than just what's on the surface, however.

A National Journal Magazine article called "The Cyberwar Plan" has been making waves the last few days in our circles -- it's about how cell phone and computer attacks were supposedly used against Iraqi insurgents by the National Security Agency (NSA). Its significance is far more than just what's on the surface, however.The article describes several issues and that in my opinion confuses what matters: the supposed computerized attacks in Iraq, and the cyber offensive capabilities being admitted, their impact on the United States' cyber defense stance, international relations, and diplomacy.

By the description in the article, some of the techniques used in Iraq were blocked cell phone signals, users (terrorists) were located and possibly "dealt with," and disinformation was sent to them to disrupt enemy operations or lead them into ambushes.

"With this capability, the Americans could deceive their adversaries with false information, including messages to lead unwitting insurgents into the fire of waiting U.S. soldiers."

While these operations, if the claims are true, could certainly be achieved by computerized attacks, it seems like overkill. It makes much more sense that while computerized attacks were used, trusted older techniques took point -- SIGINT (Signals Intelligence) to locate and decipher communication sources and networks, EW (Electronic Warfare) to interfere with them, and Intelligence Warfare, or Information Operations, to seed disinformation.

In the U.S., information operations such as the latter are a part of information warfare doctrine, right along with computer attacks. Which means the terminology needs to be double-checked when looking at an American source. In this case, however, officials are clearly stating computer attacks were used.

The article also mentions a 1999 operation in Yugoslavia, which was a proof of concept and therefore not fully utilized:

"The U.S. conducted its first focused experiments with cyberattacks during the 1999 bombing of Yugoslavia, when it intervened to stop the slaughter of ethnic Albanians in Kosovo. An information operations cell was set up as part of the bombing campaign. The cell's mission was to penetrate the Serbian national air defense system, published accounts and knowledgeable officials said, and to make fake signals representing aircraft show up on Serbian screens. The false signals would have confused the Serbian response to the invasion and perhaps destroyed commanders' confidence in their own defenses."
Regardless of what the precise technology used in Iraq was, the U.S. admitting to the use of such capabilities during actual fighting is fascinating, which brings me to why this article is so interesting. If the reports mentioned are true, it is plausible the U.S. now employs two additional information warfare strategies:

1. Cyber warfare has been recognized as strategic power on par with WMD for at least two decades. However, recently the world at-large became aware of its potential, with cyberattacks being launched by who appears to be opponents and enemies of the US. Or with the potential impact to destabilize or destroy critical infrastructure, regardless of source.

Military power is often about perception, and thus past operations previously designated not for public consumption are being declassified. It seems that the U.S. is making a stand as to its abilities, and advertises them for the world to see as part of their party-line and PR strategy.

I would put money on the famous Jane's magazine adding a cyber offensive capabilities department within the year.

2. Deterrence has been a hot topic in U.S. defense circles ever since the Cold War, and in the past two years it has been suggested to be used in the cyber realm as well. That notion is ridiculous, due to reasons varying from plausible deniability of Internet attackers to lack of ability to attribute cyberattacks to a perpetrator to begin with.

Still, as it has been gaining ground, it is possible a deterrence doctrine has been pushed forward and is being used. For deterrence to work, information needs to be released as to why the U.S. is a scary country to attack due to possible retribution.

It is interesting to see information warfare being publicly admitted to, which means it is no longer just a tool used just by intelligence organizations for espionage reasons, but rather as a weapon of warfighting. And that at least some folks in the US, who were quoted in the article, take cyber defense seriously -- deterrence nonsense aside. People such as Bob Gourley, Air Force Lt. Gen. Harry Raduege, Matt Stern, a retired lieutenant colonel, and Col. Charles Williamson III (smart guy who unfortunately also helped start the cyber deterrence nonsense with his article on military botnets), along with many others in government and industry.

Oh yeah, and the attacks against the cellular network? That's cool, and even cooler that it's public.

Follow Gadi Evron on Twitter: http://twitter.com/gadievron

Gadi Evron is an independent security strategist based in Israel. Special to Dark Reading. Gadi is CEO and founder of Cymmetria, a cyber deception startup and chairman of the Israeli CERT. Previously, he was vice president of cybersecurity strategy for Kaspersky Lab and led PwC's Cyber Security Center of Excellence, located in Israel. He is widely recognized for ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15208
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can ...
CVE-2020-15209
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one....
CVE-2020-15210
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and ...
CVE-2020-15211
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices f...
CVE-2020-15212
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `outpu...