Fighting terror is a digital affair
Source: Daily Trojan online
Date: January 15, 2004
Above the Golden Gate Bridge, facing out into the San Francisco Bay, stand the turrets and hollow gun casings of an abandoned military outpost.
It seems antiquated in our ultra-modern world of cyber-terrorism and surgical bombing, but just half a century ago, during the Korean War and World War II, soldiers stood at the ready with guns facing east, just in case our enemies tried to walk through the front door and damage the critical port of San Francisco.
The crumbling, overgrown military bases in the hills above the city, with the look and feel of bad government construction, are some of the last remnants of the old ways of defense. The soldiers that once would man the guns of such posts, finger at the trigger, are now warming desk chairs, fingers poised over keyboards, patrolling cyber space for trouble.
Trouble doesn't walk in the front door anymore. In fact, trouble doesn't have an address either. Knowing U.S. soldiers were being trained in cyber warfare, and so, last year I filed a Freedom of Information Act request for all of the investigations closed in 2002 with one of the cyber intelligence agencies of the U.S. military. My mission: to find out what was happening in this war we never hear about.
I received truckloads of documents — most of them almost black with heavy and nervous redacting. While the agency filled my request, they called me numerous times for me to explain exactly what I wanted with the information.
It seems the government would prefer if no one knew about this work, neither the enemy nor Joe Six-pack American.
Truthfully, I can't understand most of the reports, and all of the good cases with international hackers were sent on to the CIA. So, I didn't get the full scoop, but I still caught a glimpse of the new virtual battlefield where many of our active duty soldiers — big guys in camouflage with side arms — are fighting an enemy they can only detect matrix-like through a sea of computer code.
The shot across the bow is what the agency people call a "knock." Soldiers patrol our computer systems of greatest national security^; when an intruder attempts entry into the system, they first "knock" on the outer firewalls. Most of these knocks are detected and then a soldier tries to follow the would-be intruder through a maze of headers and code. Sites like the Department of Defense receive thousands of "knocks" a day.
Some of the "knocks" are not detected until the intruder has slipped inside the system and is only discovered because information is taken out of the site. Operation Moonlight Maze was the hunt a few years back for the Russian hacker who took untold streams of data out of the Pentagon system before he was detected and shut out. Our intelligence believes this was a Russian government-sanctioned activity — and Russia is an ally.
At this point, it's unclear — the government isn't talking, and my stacks of documents only speak for one of many cyber-intelligence agencies — just how many of these "knocks" are from organized terror groups, nation states — both friend and foe — or free agent hackers trying to stir up chaos. But what is clear is that despite the thick firewalls and the forces on duty protecting our systems, it wouldn't be hard for a good hacker could put the hurt on.
Consider operation "Eligible Receiver," a Pentagon project to gauge the thickness of our virtual fortress. Back in 1998, the Department of Defense planned a war game, commissioning 35 government hackers to try to take down the country. Reports of this operation vary wildly, from a complete cover-up and denial to the description "electronic Pearl Harbor."
Pentagon official John Hamre went on record, saying: "A year ago, concerned for this, the department undertook the first systematic exercise to determine the nation's vulnerability and the department's vulnerability to cyber war. And it was startling, frankly. We got about 30, 35 folks who became the attackers, the red team ... We didn't really let them take down the power system in the country, but we made them prove that they knew how to do it."
The Washington Post reported, "Many details of the exercise, dubbed Eligible Receiver, remain closely held. But according to official sources, a group of 35 National Security Agency specialists simulated a series of rolling power outages and 911 emergency phone overloads in Washington and a handful of other cities.
They showed that large-scale blackouts could be caused by targeting computerized sensing and control devices known as Supervisory Control and Data Acquisition systems, which have become common substitutes for human monitors in operating electrical, oil, gas, transportation and water treatment systems."
What all of this means to me is that we are moving toward the time when wars won't be fought with mortars and rounds^; when battle guns will be as antiquated as the crumbling outposts along the Pacific^; when computer geeks will be our sentinels.
So if you think a pop-up ad is the most peril you could encounter online, think of the soldiers typing long hours, chasing evil with an information technology degree and a modem. In our no-borders, no city walls world we enjoy, we still employ soldiers at the watchtowers.
^macro[showdigestcomments;^uri;Fighting terror is a digital affair]