OSINFO - Open Sources Information

M Shamsur Rabb Khan
Freelancer
e-mail: samsur.khan@gmail.com

China's intensified cyber warfare against India is becoming a serious threat to national security. The desire to possess 'electronic dominance' over India has compelled Chinese hackers to attack many crucial Indian websites and over the past one and a half years, they have mounted almost daily attacks on Indian computer networks - both government and private. In October 2007, for example, Chinese hackers defaced over 143 Indian websites. A recent attack on a website called www.cabsec.gov.in, which is the nerve centre of the country's administration, was particularly hostile, due to which the site remained defaced for hours.

Web defacement is the term applied to the unauthorized modification of a website. In its place, other terms, such as web jacking, vandalism, cyber graffiti are also used. Phishing, on the other hand, is a term derived from fishing, and is a fraudulent activity on the Internet to acquire personal information. As in fishing, where the fisherman uses a bait to catch fish, in phishing, the hackers use spoofed e-mails to lure innocent Internet users and get their personal information like bank account number, credit card details, password and so on. According to the Gartner Survey, financial losses due to phishing attacks have risen to more than US$3.2 billion in the year 2007 alone.

In April 2008, Indian intelligence agencies detected Chinese hackers breaking into the computer network of the Ministry of External Affairs forcing the government to think about devising a new strategy to fortify the system. Though the intelligence agencies failed to get the identity of the hackers, the IP addresses left behind suggested Chinese hands. While hacking is a normal practice around the world, the cyber warfare threat from China has serious implications. At the core of the assault is the fact that the Chinese are constantly scanning and mapping India's official networks.

According to India's Computer Emergency Response Team (CERT-In), in the year 2006, a total of 5,211 Indian websites were defaced, on an average of about 14 websites per day. Of the total number of sites that were hacked and defaced, an overwhelming majority were in the .com domain (90 cases) followed by 26 in the .in domain. As many as 11 defacement incidents were also recorded in the .org domain. Of all hacking incidents in October, about 61 per cent related to phishing, 27 per cent to unauthorized scanning and 8 per cent to viruses/worms under the malicious code category. India, like the western countries, has been witnessing a massive rise in phishing attacks with incidents in 2006 180 per cent higher than in 2005, and the trend carrying through into 2007.

Read full post…

 

Essential Option for a Limited Response
Author(s): Raimundo Rodríguez Roca
Publisher(s): Athena Intelligence, University of Granada, Spain
Date of publication: 14 Feb 2008
Volume number: 3
Issue number: 1
Format: PDF
Pages: 23
URL: http://www.athenaintelligence.org/
Series: Athena Intelligence Journal

Description: The purpose of this article is to apply a theory of operational and tactical information operations (IO) employment as limited and non-lethal effects during counterinsurgency operations. It focuses on four integrating elements of IO: psychological operations, civil-military operations, public affairs and computer network operations. The author simulates a practical case of IO and develops a concept of operation. The approach presented is from a Spanish army perspective. He finds that the knowledge and managing of IO is of significance and will become essential to understand and face the scenes of future conflicts and new wars.

General note: © 2008 Athena Intelligence

Download:

• English - Download the full-text document (1.0 MB)

Statement of James Lewis Director and Senior Fellow Technology and Public Policy Program Center for Strategic and International Studies (CSIS)

Committee on House Armed Services Subcommittee on Terrorism, Unconventional Threats and Capabilities

April 01, 2008

I thank the committee for the opportunity to testify. As you know, we have seen new domains for conflict emerge in the last decade. These new domains are in space and in cyberspace. Cyberspace is in some ways the more interesting of the new domains, because the `price of entry` is low and also because it has been an area of significant U.S. vulnerability for many years, a vulnerability that has been eagerly exploited by our opponents.

We know that networks and information technology improve performance for both businesses and for militaries when they are used to provide better information and better coordination. One study examined exercises that pitted networked F-15s against F-15 relying only on traditional voice communications, and found that networking resulted in dramatic improvements in combat effectiveness.1 This study is indicative of the direction that future conflict is likely to take - the side with the informational advantage is more likely to win. We are only at the beginning of finding the organizational structures and tactics that will make full use of the new technologies that can provide informational advantage.

But at the same time, the use of these technologies has created serious new vulnerabilities.

These vulnerabilities are the result, in part, of the newness of the technologies themselves. Our opponents have seized the opportunity created by these vulnerabilities to engage in an extensive espionage campaign against the U.S. by mapping the vulnerabilities of our networks, accessing U.S. computers through these networks, and transferring sensitive information from the U.S. to their own computers.

There is also the possibility that when an unknown intruder has accessed a U.S. computer to steal information, he or she has also left something behind. We cannot say with assurance that a network that has been penetrated has also not been infected with hidden malware that could be triggered in a crisis, disrupting data and communications. This is not the ``electronic Pearl Harbor`` scenario that unfortunately dominated much of the early thinking about cyber security, but the potential for disruption and at least a temporary military advantage for an opponent as a result of attacking U.S. computer networks cannot be discounted.

None of our opponents will deliberately seek conventional military conflict with the U.S. Instead, they are attracted to asymmetric attacks, which look for and exploit areas where they are strong and the U.S. is weak and unaware. To achieve asymmetric advantage, some opponents will rely on terrorism or insurgent tactics, where combatants blend with the civilian population to attack the U.S. Other opponents plan to disrupt, destroy or deceive U.S. sensors and communications, to degrade our informational advantage. Their goal is to exploit vulnerabilities, places where U.S. assets are poorly defended.

Computer networks are just such a place. The nature of information technology and the internet means that in these asymmetric attacks in cyberspace, the advantage lies with the attacker. The internet was not designed to be a global network with millions of different devices all interconnected over a telecommunications backbone. The result is that there are many avenues for attack. Many different entities are exploring how to take advantage of vulnerabilities in cyberspace. These include nations, criminals, terrorist groups, political activists and perhaps even some corporations.

China and Russia are perhaps the most dangerous of our potential opponents. China has resources and is willing to spend them, and Russia has experience and skill. However, China and Russia are not the only nations interested in and capable of waging cyber warfare, nor are nation-states the only potential opponents in this new domain. The emergence of a powerful and skilled cybercrime community has serious implications for U.S. interests.

Over the last few years, cyber criminals have become technologically sophisticated and well-organized. These are not the amateurs of a few years ago. Cyber criminals have developed black markets where you can buy malware, guides to vulnerabilities, credit card numbers. There are contests among cyber criminals, to see who can be the first to hack a new system or to discover a new vulnerability. Some of these sites offer guarantees while others provide a rating system for potential buyers. It is possible to rent bot-nets, huge assemblies of hijacked computers to use in an attack, or even to hire hackers. As in any black market, an unwary buyer can end up being exploited, but a knowledgeable purchaser or one with resources and experience - and this customer base includes nations, companies, and terrorist groups - can find most of what they need for cyber attacks.

If we have underestimated the risks of cyber espionage and cyber crime, the risk of cyber terrorism is overstated. Terrorists do make extensive use of the global internet for recruitment, propaganda, fundraising, training, and for command and control. The ability of terrorist groups to use commercial communications networks has provided them with robust, flat organizations that are more difficult to defeat. It has provided them with a global presence they would not have been able to achieve twenty years ago. But this is not the equivalent of attacks with bombs or firearms, which terrorists prefer. Cyber weapons are not yet sufficiently lethal for terrorist use.

To date, cyber disruption and attacks on critical infrastructure remains largely hypothetical. Cybercrime and cyber espionage are the most serious problems. Cyber-espionage is a far greater problem for national security than many recognize. Last year, the U.S. government suffered a series of breaches of its computer networks.

These have been attributed to China and while attribution is always difficult when it comes to cyber attacks, we should note that senior officials in the German, French and British governmental also complained about Chinese hacking during the same time as the attacks on the U.S. occurred.

Using computer break-ins for espionage has a long history. The earliest breach I know of occurred in the 1980s, when the KGB hired West German hackers to penetrate U.S. military and research networks. There were also incidents in the 1990s involving the Departments of Energy and Defense. These incidents show that the cybersecurity problem is twenty years old, but last year we crossed a threshold in cyberattacks, with the noisy demonstrations launched against Estonia`s government networks and with the massive sustained attacks - some successful - on U.S. government networks and on the networks of allied countries.

In 2007, computer networks in the Departments of Defense, State and Commerce were penetrated and had to be taken off line for repair. It is likely that other agencies suffered breaches as well. The primary intent of these attacks was to collect information. What they revealed was a remarkable unevenness in the defense of U.S. networks. Some of our government networks, usually those providing the most sensitive services - are very secure. Other networks, including some that contain information about sensitive technologies are not as secure as we would like, whether these are at the Department of Energy or State, or even the Secretary of Defense`s unclassified email system, all of which have been hacked.

This series of attacks has prompted the U.S. to begin a major new initiative to improve the security of government computer systems. The Administration has reportedly issued a new, joint policy directive - National Security Policy Directive-54 and Homeland Security Policy Directive-23, which directs agencies to carry out a comprehensive federal cybersecurity initiative. Many of the initiative`s elements are highly classified - some would say over-classified - But there has been public discussion of some of its elements and the Administration has said it will make more information publicly available sometime in the next few months.

We know that the initiative allocates more money and personnel to cyber security. Federal spending on cybersecurity will increase ten to twelve percent, according to press reports. The Department of Homeland Security will expand the use of its `Einstein` system to monitor traffic in and out of Federal government networks.

Einstein will be reinforced by undisclosed NSA monitoring systems as well. Building on programs initiated in the Department of Defense, the Office of Management and Budget has mandated the use of the Federal Desktop Core Configuration, a secure standardized configuration for use on all Federal Computers. OMB has also begun a ``Trusted Internet Connections`` initiative (TIC), which will reduce the points of connection between Federal networks and the rest of the internet from hundreds to only fifty. The U.S. is considering whether to establish new organizations to oversee cyber security efforts, and existing organizations will be strengthened. Both DOD and the Intelligence community have increased their efforts in cyberspace. The initiative has twelve separate projects to improve cyber security, including one that will look at how to improve coordination with the private sector.

These are all very positive steps, but difficult issues remain to be solved. One such issue is improving coordination with the private sector. This will be a major test for the Initiative. The U.S. has mechanisms for coordinating public and private cyber security efforts, but in some ways these are continuation of the initial programs from the 1990s, such as the FBI`s National Infrastructure Protection Center (NIPC) or the Department of Commerce`s Critical Infrastructure Assurance Office (CIAO).

We need to rethink and improve how the government interacts, cooperates and coordinates with the private sector to assure better cyber security.

Another issue is that there is an international element to cyber security that must be addressed. These attacks on federal networks and critical infrastructure come over global networks. A national effort can provide only part of the solution. The U.S. will need to work with its allies and perhaps even with our opponents to change this. A sustained international effort could involve better cybercrime enforcement, new international norms for cyberspace, new collaborative mechanisms and, with our allies, agreed doctrine on securing networks and responding to attacks.

One advantage of better international cooperation is that it could increase the level of deterrence, at least for cyber criminals. Currently, some nations act as sanctuaries for cybercriminals. Cybercriminals who operate overseas can, with a little skill, almost eliminate the chances of being caught and prosecuted. Only international cooperation will change this.

Other forms of deterrence are less practical. It is difficult to deter by threatening counterattack if you do not know who is attacking. It is even more difficult to deter by threatening counterattack is you cannot estimate the degree of collateral damage. Attacks come over a global network to which we are all connected, and the attackers can use unsuspecting civilian computer networks, assembled into bot-nets to launch their attacks.

Last year`s attacks on Estonia are a good example of these problems. They are widely attributed to Russia, and in my view Russian intelligence services are almost certainly behind the attacks, yet there is no evidence to substantiate this. The attackers, a collection of cybercriminals and amateur hackers mobilized and encouraged by unknown entities used captive computers around the world, in Europe, china and in the U.S. A counterstrike against the attacking computers would have damaged innocent networks around the world. It would be a bold President who authorized counterstrikes when he or she does not know the target or the possible extent of collateral damage to friendly networks.

The attacks on Estonia highlight the problems of anonymity and attribution. The Internet is too anonymous, and too easily deceived. Identity management must be improved if cybersecurity is to be improved. This is a thorny subject, given the implications for privacy and civil liberties, but the anonymity of the internet makes it difficult to determine who is responsible for an attack or a crime, this difficulty with attribution makes it more difficult to deter attacks. Progress on measures such as HSPD-12.which will improve Federal credentials and authentication is crucial. The RealID program, although widely vilified, is also crucial for improving the quality of identity documents and procedures in the U.S. DOD has been a leader in better identity management with its Common Access Card Program Federal organization remains a challenge. The slow pace of the rollout of the Initiative was due in part to disagreements over which agency would have the lead. The Intelligence Community has the best capabilities for cyber defense in many ways, but there are civil liberties concerns and clear links to the renewal of the Foreign Intelligence Surveillance Act (FISA) over assigning the Director of National Intelligence the lead role. There are also concerns over giving the lead in cybersecurity to a military organization, such as the U.S. Strategic Command. The Department of Homeland Security, the civilian agency with the responsibilities for cyber security, would be the logical lead but there have been questions about its competence and authority. The previous administration had a cyber `czar,` who successfully began the immense effort required to reorient Federal policy and to develop strategies, but a ``Czar`` may no longer make sense now that the Department of Homeland Security has been created.

Government organization for cybersecurity reflects a larger challenge for the U.S. In effect, we have a vertical organization trying to respond to a horizontal threat.

This means we have four or five different and independent agencies each of whom are responsible for a part of the problem. There is no single agency responsible for the entire problem. Even at the White House we have two organizations - the Homeland Security Council and the National Security Council - that share responsibility for cyber security.

This sort of organizational problem is very difficult for governments to overcome. The creation of the Department of Defense in 1948 was an effort to develop collaborative and ``joint`` action to meet the problems of National Security. That effort was reinforced and given new impetus by the Goldwater- Nichols Act. DOD has worked for decades to achieve `jointness.` Other agencies are far behind in achieving a collaborative, `horizontal approach. The creation of the Department of Homeland Security can be seen as an effort to duplicate the 1948 solution for homeland security. The Intelligence Reform and Terrorist Prevention Act can also be seen as an effort to create an `intelligence enterprise` with a powerful CEO whose remit would stretch across multiple agencies.

I would wish reorganization on no administration, but the structure of our government is still largely based on a template created in the 1900s. This template is inefficient in many ways. Reorganization is unavoidable, but it will take years of effort. We do not have years, however, to respond to the new security threats in cyberspace.

To be fair, this problem extends beyond government. Our conceptual framework for thinking about security has moved beyond the cold war, but not by much. My concern is that conflict in cyberspace is seen the way that airplanes were seen in 1912 - interesting toys, but not a serious security or military issue. Some, pointing to Pearl Harbor and to 911, say that we will only reshape our thinking and our organization to deal with cybersecurity after some disaster has occurred. I hope this is not the case.

Federal organization, strategy and doctrine, coordination with the private sector and allies - these and other issues remain challenges despite the progress made by the President`s cybersecurity initiative. That the initiative comes in the last year of the Presidency also creates challenges. Any administration would face difficulties in making rapid progress on a new initiative after July. The political realities are that the Administration has between fourteen and sixteen weeks to implement its cyber initiative. Much can be done, but much will necessarily remain unfinished.

This means that the burden of improving cybersecurity will fall on the next administration when it takes office in January of 2009. That administration, whether Democratic or Republican, will inherit a cyber security situation that is much improved. It will also inherit a cyber security initiative that is a work in progress, with a number of unfinished elements. Like any new administration, it will have to ask what should it keep or continue from this initiative, what should it change or drop, and what new steps it should take to address this increasingly serious problem for national security.

Transitions are also, as the members of the Committee well know, a moment of opportunity. The new Administration will have a degree of good will and authority. Perhaps more importantly, it will have something of a clean slate when it comes to initiatives and organization. 2009, the first year of the next administration, provides an opportunity to take the Bush Administration`s cybersecurity initiative and advance it.

To help the new administration think about this opportunity, The Center for Strategic and International Studies (CSIS) established a nonpartisan commission on Cyber Security for the 44th Presidency - the administration that will take office in January 2009. CSIS is a nonpartisan, nonprofit research organization headquartered in Washington, D.C. with more than 200 staff and a large network of affiliated experts. Its focus is on security in a changing global environment.

CSIS`s has been conducting research, holding public events, and advising government agencies on cyber security since before 2000, and this body of work will provide the foundation for the Commission on Cyber Security for the 44th Presidency. CSIS routinely uses commissions, task forces and work groups to help it conduct analysis and develop recommendations. This approach lets us draw upon the broader communities of interest in Washington and benefit from their expertise and experience.

The goal of this effort is to look at cybersecurity as a problem for national security and develop recommendations for a comprehensive strategy to improve cyber security in federal systems and in critical infrastructure. The Commission will consider federal organization and strategy, cybersecurity norms and authorities, international issues, federal investment and acquisition policies, and it will explore ways in which the government can engage with the private sector.

The members of the commission are experts in cybersecurity with extensive government experience. In addition, CSIS intends to make the work of the Commission an inclusive process and has asked other experts and groups to participate in the development of recommendations and to make plenary presentations on substantive issues. Our first public briefing took place on March 12, in a well attended event where five widely recognized leaders in cybersecurity give their views and recommendations on how to move forward in cybersecurity. We plan to hold several more briefings in the next three months.

As part of this effort, we have created a number of working groups that will examine these issues in detail and develop specific recommendations. These groups have just begun their work. They include members of the commission and other experts, all of whom have volunteered their time for this effort. If the committee wishes, I can report back at a later stage on how their work has progressed. Our plan is for the Commission to complete its work by November 2008. The final product from the Commission will be a well-supported package of recommendations for improving cyber security that could help to guide U.S. policy in the future.

The advantage we gain from being network centric is eroded by uneven security. We will never have perfect security, but our goal, as a nation, should be to increase our ability to use network technologies to improve our military and economic performance while at the same time reduce the ability of our opponents to take advantage. Our hope is that the efforts of CSIS and the other participants in the commission can contribute in some way to this improvement.

One element of the CSIS projects is to reassess the larger strategic context for cybersecurity. This context is shaped by considerations involving national defense, law enforcement, intelligence and global economic competition. This may require a broader definition of national security. It is no surprise that one result of immense economic and technological change we are undergoing is that old assumptions about security and the policies based on those assumption do not work as well as they did in the past. The process of adjusting those policies to the new global environment is a major challenge for all governments. Each country in some way must respond to a world where the lines between government and commercial, and between domestic and foreign are blurred.

This blurring makes finding solutions to cybersecurity more difficult but achieving better cyber security and greater benefit from network centric operations requires this reassessment of the strategic context.

In the 1990s, there was considerable discussion of what the international security environment would look like after the cold war and what the new threats to US security would be in that environment. Much of this speculation was wrong, not in that it misidentified the new threats, but that it gave some threats more importance than they deserved. We underestimated the threat of global terrorism. We did not prepare adequately for cyber espionage. There were a few visionaries who pointed to these problems, but in the main, they were ignored.

In the last decade, the shape and nature of the new security environment has become clearer. We face new kinds of competition and new kinds of threats. In this new environment, the ability to operate in cyberspace and to defend against the operations of others in cyberspace is a crucial task for security. The United States has begun to take the steps needed to defend and to compete effectively in cyberspace, but we have only begun and there is much to do.

I thank the Committee again and I would be happy to take any questions.

Dublin - Research and Markets ( http://www.researchandmarkets.com/reports/c86829 ) has announced the addition of "U.S. Electronic Warfare Markets" to their offering

This Frost & Sullivan research service titled U.S. Electronic Warfare Markets outlines the U.S. Department of Defense (DoD) electronic warfare (EW) market's programs and funding. The study summarizes the major Research Development Test and Evaluation (RDT&E) and Procurement programs funded jointly and by the individual services. The impact of these and future EW plans on defense industry market participants is also included.

The U.S. Department of Defense (DoD) is paying greater attention to Electronic Warfare (EW) programs, due to the casualties sustained in Afghanistan and Iraq by insurgents armed with Improvised Explosive Devices (IEDs). In addition, China and Russia have improved their anti-air and anti-ship missiles with sophisticated tracking and guidance radars that incorporate EW countermeasures. Though their export is not widespread, it is anticipated in the near future. China has also begun, and Russia has resumed, routine out-of-area air and naval patrols, and both nations have also deployed new ballistic missile submarines equipped with long-range nuclear weapons. China has further demonstrated its ability to shoot down satellites, a platform U.S. forces are now totally dependent upon, leading many U.S. officials to contend that China may soon be a near-peer competitor in space.

However, joint airborne electronic attack (AEA) planning is being hampered because the DoD and the Air Force have not committed to funding and building a follow-on stand-off jamming capability to take over from the Navy Growler program in 2014. There are concerns that there will be a serious airborne EW capability gap by 2010, caused by too few U.S. assets and expected weapons advances made by potential adversaries. "There is a lack of DoD-wide decisive leadership and a joint-service coordinated plan," notes the analyst of this research service. "This hinders the industry from anticipating the technological needs of the armed forces and the required investment in engineering and manufacturing resources."

Renewed Air Force Interest in Electronic Warfare

The U.S. Air Force does not have the flexibility for planning and executing strike missions that it once had. The hope that stealth technology would make up for the lack of an inherent EW capability has not materialized, and when Navy and Marine Corps EA-6Bs begin to leave service, the Air Force will have fewer options to conduct unconventional missions that support ground force operations in the war against terrorism. The Air Force is also investigating collateral EW missions for the F-22, F35, and unmanned aerial vehicles (UAVs) as embedded antenna, sensor, and signal processing technologies become more advanced. For 2008, the Congress has provided $3,150.0 million to buy an additional 20 F-22 Raptors. With 79 airframes ready to go during 2008, they are considering appropriating funds for an additional 20 aircraft beyond the 183 that are programmed. An additional $680.0 million was added to the $1,800.0 million requested for 2008 for the F35 Joint Strike Fighter.

DoD EW spending in 2008 is expected to be about $1,258.5 million. The largest area of spending is airborne EW because of the emphasis on upgrading the EA-6B aircraft, the production of the F-22, and the development of the F-18G EW system. Ground EW is close behind, due to the spending to defeat Radio Frequency (RF) IEDs in Iraq and Afghanistan. "With regard to competition, the U.S. DoD EW market is led by Northrop Grumman, which is anticipated to account for 24.0 percent of the 2008 funding, mostly in the airborne EW sector," says the analyst. "Other leading EW industry participants are ITT, Raytheon, BAE, Boeing, and Tyco M/A-Com."

Companies mentioned:

- ITT

- Raytheon

- BAE

- Boeing

- Tyco M/A-Com

OFFUTT AIR FORCE BASE, Neb., March 14 -- The U.S. Department of Defense's American Forces Information Service issued the following press release:

Air Force Minuteman and Navy Trident missiles stand outside the headquarters of U.S. Strategic Command here as reminders of the command's mission of strategic deterrence and nuclear operations.

But walking past the missiles are servicemembers using cell phones and other wireless devices. And that, too, represents a mission of the command: cyberspace operations.

Air Force Gen. Kevin P. Chilton, commander of U.S. Strategic Command, said defense networks see more than a million suspicious "hits" a day.

"These are pings where someone is coming in and trying to open something or access information from someone within our military networks," Chilton said during an interview March 11. "This could be everything from some curious citizens, to people who maybe are trying to hack for sport, to people who are trying to collect information."

He said what concerns the command is what some people call data mining. This is where analysts use computers to shift through enormous quantities of data to glean information. It is the new form of espionage.

"The way I think of it is various organizations are coming in and doing espionage work," the general said. "You can imagine the downloading of files from personnel agencies or other branches of government."

In the past, to get that information "you would hire someone to break in with a flashlight in their teeth and go through the drawer and photograph the files," Chilton said. Now, all this information is stored on discs or on computers. Spies don't have to leave a computer terminal in their own countries to try to get this information.

China has written openly of cyber warfare, and U.S. officials write in the current "Military Power of the Peoples' Republic of China" assessment that Chinese officials see cyber warfare as an asymmetric brand of warfare.

"China's current thinking on asymmetric warfare is encapsulated by a military theory termed 'non-contact,' which seeks to attain a political goal by looking for auxiliary means beyond military boundaries or limits," the publication says. "Examples include: cyber warfare against civilian and military networks - especially against communications and logistics nodes; fifth column attacks, including sabotage and subversion, attacks on financial infrastructure; and, information operations."

There have been a number of "intrusions" against DoD computers from China, but the United States has not attributed these to any country. "The thing about China that gives us pause is they have written openly about their emphasis in particular areas: space, cyber," Chilton said.

In the cyber world it is tough to figure out who is attacking. In April 2007, Estonia came under cyber attack. The denial-of-service attack targeted the government, banks, newspapers and other computer dependent businesses. Estonian officials immediately charged Russia with initiating the attacks, but to date, a computer hacker in Estonia has been the only person charged in the attack.

"The kind of attack that you would worry about is the kinds of things we saw in Estonia last year - a denial-of-service attack, where they flood the system with so many e-mail 'botnets' you don't shut the system down, but you slow it down to the point that it's unusable," the general said.

STRATCOM and the rest of the military are more aware than ever of intrusions of their networks, reporting on them and taking actions.

"A big step forward for us was unity of effort," the general said. Joint Task Force Global Network Operations is part of the command tasked with defending the military and classified systems. The task force put in place guidelines and restrictions for the way the services operate in the cyber world. This includes security measures, firewalls and what people shouldn't be doing, the general said.

"We have a lot of work in front of us in training people in our military, because defense of the network goes from high-end technical solutions to the very low-end, which is making sure the very newest and youngest person on the network understands that their actions can create vulnerability that is significant and teach them what to watch out for and what they should and shouldn't do," Chilton said.

All computer defenders must be worried about the whole range of attacks or intrusions, Chilton said.

"You have to be worried about it all - I mean, we can have a bored 16-year-old do damage to our networks," he noted. "It's not just a nation-state that you worry about. It can be from any organization like al Qaeda."

BARKSDALE AIR FORCE BASE, Louisiana -- When a reporter enters the Air Force office of William Lord, a smile comes quickly to the two-star general's face as he darts from behind his immaculate desk to shake hands. Then, as an afterthought, he steps back and shuts his laptop as though holstering a sidearm.

Lord, boyish and enthusiastic, is a new kind of Air Force warrior -- the provisional chief of the service's first new major command since the early 1990s, the Cyber Command. With thousands of posts and enough bandwidth to choke a horse, the Cyber Command is dedicated to the proposition that the next war will be fought in the electromagnetic spectrum, and that computers are military weapons. In a windowless building across the base, Lord's cyber warriors are already perched 24 hours a day before banks of monitors, scanning Air Force networks for signs of hostile incursion.

"We have to change the way we think about warriors of the future," Lord enthuses, raising his jaw while a B-52 traces the sky outside his windows. "So if they can't run three miles with a pack on their backs but they can shut down a SCADA system, we need to have a culture where they fit in."

But before Lord and his geek warriors can settle in for the wars of the future, the general has to survive a battle of a decidedly different nature: a political and cultural tug of war over where the Cyber Command will set up its permanent headquarters. And that, for Lord and the Air Force, is where things get trickier than a Chinese Trojan horse.

With billions of dollars in contracts and millions in local spending on the line, 15 military towns from Hampton, Virginia, to Yuba City, California, are vying to win the Cyber Command, throwing in offers of land, academic and research tie-ins, and, in one case, an $11 million building with a moat. At a time when Cold War-era commands laden with aging aircraft are shriveling, the nascent Cyber Command is universally seen as a future-proof bet for expansion, in an era etched with portents of cyberwar.

Russian Hackers and Chinese Cyberspies

The news is everywhere. When Russian hackers were blamed for a wave of denial-of-service attacks against Estonian websites last spring, President Bush voiced concern that the United States would face the same risk. The national intelligence director, Michael McConnell, recently claimed a computer attack against a single U.S. bank could cause more economic harm than 9/11, and called for more National Security Agency surveillance of the internet. A CIA official followed up with a tale about cyber attackers causing multi-city power failures overseas. Some in the military believe Chinese cyberspies have already penetrated unclassified Pentagon computers.

Where buzz flows, money follows, and the investment in info-war comes as the Air Force cuts back personnel elsewhere to fund new aircraft: The service just finished phasing out 20,000 enlisted men and women, with plans to dump 20,000 more by 2011. The effect of military cutbacks on the surrounding communities can be devastating. "If you gain or lose a unit in a place where the military is already a major employer, it has a huge impact," says Chris Erickson, a New Mexico State University professor.

Unofficial estimates say 10,000 military and ancillary jobs could clump around the 500 posts at the Cyber Command's permanent headquarters. The governors of California, New Mexico and Louisiana are pitching their locales directly to the secretary of the Air Force. In December, Louisiana governor Bobby Jindal took advantage of a meeting with President Bush on Katrina recovery to lobby for the Cyber Command. A dozen congressional delegations have weighed in as well. Lord is feeling the heat.

"Oh Lord," the general sighs, "there's congressional pressure."

Location, Location, Location

"It would sure be nice to have it here," says Tammy Frank, manager of the Waffle House in Bossier, Louisiana, outside Barksdale's gates. She pushes her hair behind her ears and leans on the cash register. "My (preteen) son is into computers, and it will be easier for him to find a good job and stay here."

The Cyber Command was provisionally established on Barksdale's 22,000 acres in October, at the edge of a black lake stitched with swamp trees that narrow just above the water line. The placement was good news for Bossier, which took it as a sign that Louisiana would win the permanent command, too.

A military town for generations, this sprawling suburb-opolis has about 58,000 residents, including 7,000 active-duty and reserve personnel. Across the Red River in Shreveport, downtown buildings are crumbling and half-abandoned -- but Bossier is thriving. Now realtors are touting proximity to the Cyber Command as a selling point for houses, while local residents hope permanent placement will boost the local economy, and perhaps even infuse the town with high-tech esprit.

To persuade the Air Force of Bossier's potential as a Deep South Silicon Valley, city officials broke ground last month on a "Cyber Innovation Center," a $100 million office complex abutting Barksdale. The consortium paid $4.7 million for a 64-acre parcel, and they've raised $50 million from state and local government and another $50 million from the federal government for a complex of buildings, starting with an $11 million, 120,000-square-foot cyberfortress. Renderings show a moat and huge, silvery wedges of metal jutting outward from the building's base. There's a jet in the design, pointed toward the sky.

Built-In Force Protection

"The building has force protection designed into it," says Craig Spohn, who's heading the development. "It can withstand a multitude of attacks."

Spohn ambles with a limp across a newly cleared patch of an old pecan grove that will house the gleaming redoubt. The trees remaining on the land are leafless in the bright winter haze, and a B-52 floats through the sky beyond, headed for the strip at Barksdale. The sight of the 47-year old planes coming and going is so common here that only out-of-town visitors and aviation enthusiasts still stare at them.

The Dark Web Project

Federally funded through the National Science Foundation, the Dark Web's spiders have been crawling through the web for the past five years. As of 2007, they estimated there were about 50,000 sites of extremist/terrorist content when they looked beyond just traditional web pages. This number was a great increase from Dr. Gabriel Weimann of the University of Haifa's estimate that there were only 5000 terrorist web sites in 2006. From 2006-2007, the lab found the greatest increase in terrorist activities was on various new "web 2.0" sites, (a term they use to describe any new-generation web site including video sites, blogs, virtual worlds, etc.)

Currently, the Dark Web collection consists of the complete contents of only 1000 web sites in Arabic, Spanish, and English and the partial contents of 10,000 other sites. This collection is 2 TBs in size making it the largest open-source extremist/terrorist collection in the academic world. Researchers who would like to use this data in their own studies can contact the research center for access.

Where the Bad Guys Are

So far, the Dark Web has determined the following:

Second Life Griefers - A "Terrorist Attack?"

How They Find the Data

The Dark Web project uses various tools for collection, analysis, and visualization:

 

• READ FULL POST HERE

Text of report by Latvian newspaper Latvijas Avize

[Report by Mara Libeka: "Kazocins as Component in Information War"]

Ever since a Russian diplomat was expelled from Latvia [in January], newspapers which are close to the Kremlin have been focusing stronger attention on the director of the Latvian Bureau to Protect the Constitution [SAB], Janis Kazocins, claiming that he is obeying orders from the British special services.

The federal weekly Rossiyskii vesti, for instance, published a commentary by Dmitriy Yermolayev in its issue of 23-30 January in which the author worried about the expulsion of a diplomat just at a time when, for the first time since the restoration of Latvia's independence, the Russian foreign minister, Sergey Lavrov, visited Riga and when there were plans to present the Russian ambassador with Latvia's highest honour - the Order of Three Stars. Instead, write Yermolayev, the "present" given to the ambassador was the expulsion of a Russian diplomat. "Where is the answer to this riddle?", asks Yermolayev. He has an answer - the entire situation can be blamed on British General Janis Kazocins, who is of Latvian origin. The decision to expel the Russian diplomat was taken after "this gentleman" demanded that it be taken. Kazocins, writes Yermolayev, received instructions directly from London to say that the diplomat must be proclaimed persona non grata. He adds that there is another bit of intrigue in what happened. There is a harsh battle on the Latvian political stage, you see, between the governing coalition, which is run by local oligarchs, and the opposition, which is headed up by New Era. "And so we see that despite his important job, Janis Kazocins bowed before the opposition, not the coalition," writes Yermolayev.

The idea that Great Britain and the USA have much influence on Latvia's special services and that the special services have become vassals in the western battle against Russia has also been presented in the Russian newspaper Argumenty Nedeli, in an article called "London Attacks Through Riga." This newspaper, too, claims that the Russian diplomat was expelled from Latvia at the orders of the British special services. The British newspaper The Daily Mail has reported in response that Argumenty Nedeli has links to the Russian espionage service FSB, which at one time was run by none other than Russian President Vladimir Putin.

Latvian Response

All of these claims in the Russian mass media are carefully analysed by the Latvian Information Analysis Department (IAD), which is close to the prime minister. Its director, Andris Brekis, has his own theory about why the Russian press is so strongly focused on Kazocins at a time when his term in office is coming to a close.

Brekis: "The newspaper Rossiyskiye vesti was the first to write about Kazocins as a man who takes orders from the British special services. That is a newspaper which rose from the ashes quite recently because the Russian presidential administration became one of its publishers. The newspaper was basically bankrupt, but then it received substantial investments from the administration, and it recovered very well. People who write for this Kremlin-related newspaper include the author of the aforementioned article, Dmitriy Yermolayev - the former third secretary at the Russian embassy in Latvia who, after completing his diplomatic career here, was put on the Latvian blacklist and was refused an entry visa. That makes it quite understandable that his article is full of informational viruses about Latvia. These viruses are disseminated, and in pursuit of the goal, they are also subject to mutations in the Russian language newspapers here in Latvia, too."

History of Misinformation

Brekis said that articles with such misinformation in the Russian and the Latvian information space have been an ongoing issue ever since the restoration of Latvia's independence. Usually the articles are linked to specific events, and it is certain that in March the papers will again be writing about the rebirth of fascism in Latvia and the like [March 16 is the date when some Latvians commemorate the Latvian Legion, a military unit in the German armed forces during World War II]. "We are accustomed to this informational war, and we know that the Russian special services use the press publications that are close to them to publish misinformation with the single goal of influencing public opinion in a way that is favourable to Russia. Russian authors believe that the Latvian government lacks independence, is incapable of taking decisions, and is subject to some abstract diktat from the West - that is seen in the fact that the director of the special service is an employee of another country's special services and so on. This disinformation unquestionably has an effect on public opinion," admits Brekis.

The IAD director insisted that the concept of an information war is increasingly appearing in the public arena these days. Recently very high-ranking Russian government officials admitted publicly that Russia had begun an information war against the western world. They said nothing, however, about the fact that this war has been waged for many years, ever since Soviet times. Back then the special services trained people who then went to work for various press publications. It is far easier for them to work in the modern information space, because developed technologies mean that the availability of information is at a far higher level.

Brekis believes that against this background of misinformation, the public concerns in Latvia that Kazocins might be replaced - concerns which have been reproduced in the Latvian mass media - are not without justification, even though a political discussion about the matter has not yet begun. Brekis: "I know of no such discussion, although it has appeared in different press publications. The re-election of the SAB director is a very sensitive question in the local political environment, and particularly in the environment that is not friendly toward Latvia. Russia hates the fact that counterespionage functions in Latvia are handled at a high level of quality. When I talk to politicians who work for the executive branch of government, however, I see nothing to suggest that Kazocins should be replaced. Given the political circumstances which prevail, the procedure will be strictly observed. Proposals on the SAB director will be considered by the National Security Council."

Brekis said that the information environment right now is one of the most dangerous aspects of Latvia's security situation. The Latvian population is small and also crumbled, so it is easy for totalitarian regimes which have access to press publications and obeisant editors and journalists to affect public opinion. "The information war is a major process, and the press is just one element therein," said Brekis. HE added that the IAD analyses all press publications that are published in Latvia, except for regional newspapers, as well as major press publications from Russia and other countries. The IAD submits analysis of information about the special services to the National Security Council. Once every four years, it submits an analysis of threats against the state to the government. That analysis is used as the framework for conceptual documents about national security which are made public. In order to prepare the report, says Brekis, his department needs to know what the newspapers are writing.

Brekis: "Each year, as March 16 approaches, there are information campaigns against Latvia. The Russian press writes about fascism in Latvia and the rebirth of neo-Nazism. I think that the relevant services will make sure that any commemorative events at the Freedom Monument on March 16 will be very civilized, they will be controlled in a democratic way. Our services have the relevant experience, and each year the situation is better."

Source: Latvijas Avize, Riga, in Latvian 14 Feb 08