Computer Crime Research Center

library/arquillap.jpg

Interview John Arquilla

Date: October 15, 2003
Source: Computer Crime Research Center


Page 1 2 3 4 5 Next
... brushed off. Perhaps the most fascinating aspect of cyber warfare in Kosovo came after the armistice and the Serbian withdrawal from Kosovo. A group of hackers known as the Black Hand didn't have to withdraw, because they weren't in Kosovo. They began to wage a campaign, a cyber war, to try to prevent the reconstitution of [civil] society.

This was at a time when there were few landlines for telecommunications, and the geography made cellphone communication somewhat problematic. I think the figures were that if you dialed the number, you had a one in four chance of ever connecting in a phone call. So the Internet and the World Wide Web were absolutely crucial to the reestablishment of communications and business. Both of these systems came under sustained hack attack by the Black Hand, we think, and perhaps some other hackers. These were defended against reasonably skillfully, and the rebuilding of Kosovo was enabled to proceed.

This is just one of several cyber wars that have erupted in different parts of the world. It is thought that mainland Chinese hackers are routinely attacking both infrastructure and the stock market in Taiwan. Hundreds of attacks are reported in cyberspace by South Korea that are believed to emanate from North Korea. We see shadow conflicts emerging here or there that, once again, impose some economic costs, but don't take lives. So, again, we have Sandburg's fog on its little cat feet coming in here and there.

But back to Kosovo -- it's important because cyberspace-based means were essential to the high performance of the air campaign. Cyberspace means of attack were used substantially by our adversaries, both during and after the conflict. ...



Define for me the situation, the overall picture on this one. Here we have a national security issue. Yet, for instance, in the United States, number one, huge amounts of military communication goes over through the private sector. Infrastructures which are also part of the national security issue here are all in the hands of the private sector. How difficult a situation do we have here, where government doesn't control the real means to fix the problem?

We have a substantial organizational problem when it comes to [encryption].



Who's to blame? So we have come a long way. I mean, we're to the point now where it is available, but it's not moving very fast. Is that because we don't understand threat? Is that because the Microsofts of the world are not pushing it, or the Apples or the computer companies? Or is that because of government? Where does the blame lie?

... Why aren't we more encrypted? I think there are several answers to that question. The first is that being more secure has efficiency costs that goes with it. Your machine will be slower. Lord knows, everybody wants a fast machine. They all brag about how fast their machine is. So in a business sense, it's probably seen as making you less competitive, to have to create more secure systems.

With that said, it was very heartening to see Microsoft stand down for a month a year ago, and say, "We're going to start thinking about security." That was a good thing.

Something else that has slowed the spread of strong encryption is the institutional resistance of our government. They have fought a rearguard action even after laws have been repealed that prevented the spread of strong encryption. This rearguard action is simply in the form of not telling people to go get encrypted, and, to some extent, also in trying to maintain export controls, strong crypto products. This is simply because law enforcement and intelligence feel that they will be constrained if they can't read everybody's mail or e-mail.

Finally, I think that we don't have more encryption, because it is a complicated issue. The average computer user wants to boot up and be online, and doing what they're doing. I think various research samples have shown that, even when people try to encrypt, they don't implement it correctly about half the time. So it would take a really sustained effort to get people to practice real, safe cyber surfing practices. So for those combination of reasons, we're under-encrypted right now. ...



Is that the secret answer though? We encrypt and this problem goes away?

If we move to strong encryption -- both to civil and military systems, and individuals at large -- I think we will deal with a great amount of the problem that exists already. There are some things that may persist. The distributed denial of service attack may be mitigated by some uses of encryption, but probably won't go away. The problem of trusted insiders who are disrupting systems themselves won't go away, even with a strong encryption system. Then there's one other threat, the rise of quantum computing, or spintronics. Instead of ones and zeros, plus or minuses of individual electronics can become a basis for advanced computing.

So we're looking at hackers and others who are developing very profoundly different kinds of codebreaking techniques. Some of this has to do with linking together many computers around the world. Some hackers have hundreds or thousands of zombies that they control. The zombie has come back to life in the information age now, as something that's controlled by a hacker that can be used to hotwire them all together to create computing power beyond our imagination. The strongest computer in the world is not a mainframe being manufactured in the United States or Japan. It's the parallel computer being hotwired by a hacker from some dusty office in some abandoned building.



[Moonlight Maze is] a real-world event that took place that proves the vulnerability. How? Why is it significant?

For me, Moonlight Maze, this intrusion into Defense Department computers that went on over a considerable period of time, is an existence proof of the vulnerabilities that the infosphere has, not only to disruption, but to exploitation by some adversary gaining access to very sensitive information, and doing so over a considerable period of time.

For me, it also suggested the risks of having a marginal line way of thinking about information security. Had the data in question that was being pilfered been strongly encrypted, it would have been of no use to the intruders. But the fact of the matter is most of the material taken was cued up at a printer where it's, first of all, not behind a secure firewall, and secondly, not at all encrypted. And so it was simply plucked.

The case also highlights the problem of identifying the ultimate user. Some tracking was done back to systems in Moscow, for example. But that, by no means, suggests that these were Russians doing this. It could easily have been someone operating in an entirely other part of the world who bounced off of a computer in Russia. Or it could have been the Russians. This, of course, was one of the themes of the short story I wrote on this subject. You simply don't know who's coming at you.



Is it also significant due to the fact that the sophistication shown for espionage reasons could also be used to attack our infrastructures or our military systems with as great a success as this was?

There's an interesting problem here, in that some events, like the Moonlight Maze intrusions, were simply exploitative in nature -- gaining access to information. But the means by which access was gained are observationally equivalent to the things that a hacker would do if he wanted to intrude and then engage in vast disruption. So we need to figure out how to deal with these problems that have to do with exploitation of systems, because that's our first basis for defense against attacks designed to take these systems down.



There is much talk of a very sophisticated program going on, and a lot of it is into power grids, gas companies, SCADA systems. What does this mean, and what should we be worried about?

... Cyberspace is being mapped all over the world, not just in the United States. It may be mapped by hackers who are trying to build large zombie farms. Or it may be hacked by terrorists working for themselves or for some other country to figure out how to attack the infrastructure of potential adversaries. For whatever reason it's going on -- and it's been happening for years -- when we do a pattern analysis of this, the trend in the mapping relates very closely to how we ourselves think about information warfare campaigns.

So it looks like the military analog of preparing the battlefield in the physical world is going on in the virtual world today. I think this is yet another forewarning. We have already seen the existence proof of capabilities to do great disruption. Now we have very clear indicators, and, I think, strategic warning that cyber war is being prepared for at a campaign level; not individual or isolated instances, but a campaign in which target after target or hit, day after day. ...



Operation Eligible Receiver is very significant. Everybody talks about it. Tell me, what was Eligible Receiver, and why is it significant? Why is it important to understand?

Eligible Receiver is a classified event about which I can't speak. What I can say is that when people say there is no existence proof of the seriousness of the cyber threat, to my mind, Eligible Receiver provides a convincing existence proof of the nature of the threat that we face.



People who...

Page 1 2 3 4 5 Next
Add comment  Email to a Friend

Copyright © 2001-2024 Computer Crime Research Center
CCRC logo