Cyber snooping & disruption

By B.Raman

(January 26, Chennai, Sri Lanka Guardian) Shortly after I retired on August 31,1994, I had prepared a brief paper on the dangers of what I called microchip moles----- that is, collection of intelligence through the cyber space by national adversaries.I also wrote a paper for the quarterly journal of the United Service Institute (USI) on what I called weapons of mass disruption---- a reference to microchip moles. On October 14,2000, the "Business Line" of the "Hindu" group of publications of Chennai had published an article written by me titled "Proxy War in Cyber Space".

It is repeated below. It is available at click here . In May 2000, I was nominated a member of the Special Task Force For the Revamping of the Intelligence Agencies set up by the Government of then Prime Minister Atal Behari Vajpayee under the chairmanship of Shri G.C.Saxena, former chief of the Research & Analysis Wing (R&AW). I prepared for it a paper on cyber intelligence (using the Internet for the collection of intelligence about others) and cyber counter-intelligence (preventing others from using the Internet for collecting intelligence about us). Some of the suggestions in my paper found mention in the final report of the Task Force. I do not know what follow-up action was taken by the Government. I came to understand that during one of his interactions with his Indian counterparts, Richard Armitage, the then US Deputy Secretary of State, proposed that the US and India co-operate in cyber security. He was reportedly concerned for three reasons---- the increasing Chinese capability for cyber intelligence and cyber disruption; the likelihood of Al Qaeda paralysing the global economy through cyber attacks and the security of the information systems (IS) of the increasing number of US companies outsourcing in India due to what Americans perceived as poor cyber-security consciousness and expertise in India. The Government of Shri Vajpayee accepted his suggestion and an Indo-US Cyber Security Forum was set up consisting of governmental as well as non-governmental experts. Some years later, the Government was shocked to find that the US agencies had used the Forum itself as a Trojan Horse in an attempt to penetrate the IS of the National Security Council Secretariat, which is part of the Prime Minister's Office. One does not know what happened to the Forum thereafter. The recent reports of extensive Chinese use of web snooping against their own nationals and foreigners should not have come as a surprise to those aware of the priority attached by the Chinese to acquiring a capability for information warfare ever since the first Gulf war of 1991. One of the biggest advantages of cyber snooping and disruption in peace time is its deniability. Google may accuse the Chinese of cyber snooping, but will not be able to prove it. Everyday, there are hundreds of instances of cyber snooping going on----- by governmental and non-governmental entities, by lone cyber warriors as well as State warriors. In the conventional intelligence world, physical surveillance is an important tool of counter-intelligence. Many human moles are detected and trapped through physical surveillance. Have we been able to develop a technique of cyber surveillance, as effective as human surveillance? Unless we do so,our cyber counter-intelligence will continue to be weak. Now read what I wrote on October 14,2000 ---B.Raman )

PROXY WAR IN CYBER SPACE

B. Raman

THE principal threats to networked information systems (IS) arise from paralysis or destruction, clandestine data distortion or transfer and defacements.

Paralysis or destruction could be caused either by directly interfering with the IS or by indirectly disabling the source of power supply or the telecommunication system, without which networks cannot function.

The Gulf war saw the US and the UK paralysing the networks in Iraq by direct interference with the IS through microchip moles planted in the hardware/software supplied to that country during the Iran-Iraq war of the 1980s as well as by aerial strikes on the telecommunication system. During the Kosovo conflict last year, the power stations in Belgrade were paralysed by the US through the use of the graphite bombs, thereby rendering the networks non-functional.

Effective use of the graphite bombs requires precise identification of the location of the power stations. With the Nuclear-Driven Radio Frequency Warheads (NDRF), reportedly under development by the US, such identification is not necessary.

From a satellite, one can reportedly cause the explosion of the NDRF at a height of 50-100 km above the target area, creating an intense electro-magnetic field which, it is claimed, would disrupt all command and control equipment, computer networks, powe r grids and telecommunication systems within a radius of about 1,000 km, without any radiation fall-out or other collateral damage on the ground.

Data distortion is a new stealth weapon, the dangers of which have not been adequately understood by security experts, particularly in India. When data are destroyed or defaced, one immediately notices it and can manage the resulting crisis with the help of back-up systems and redundancies, consciously created at different nodal points, in the State as well as in the private sector, as in University networks, for example, with the latter's co-operation.

Skillful and clandestine data distortion will often be noticed only after something has seriously gone wrong, such as a missile failing on the launch pad or going astray.

Data transfer, which involves the theft of sensitive or classified data from an IS, often remains unnoticed unless the establishment concerned has a competent computer security staff.

Data defacement is the most widely-reported, but not-so-dangerous of the possible threats to IS from internal or external elements. One notices it immediately after it has occurred and can take the necessary corrective action. In fact, defacements help o ne, in a way, by making one aware of the weak points in the IS.

Governments as well as private establishments avoid admitting penetration of their IS, lest public confidence in the dependability of their systems be shaken. As such, available statistics, tabulated by groups such as `Attrition', are often incomplete. M oreover, they document mostly instances of defacements. No reliable data are available of successful instances of IS penetration, which resulted in paralysis or destruction of systems or in data transfer or distortion.

But these statistics do give an idea of the increasing magnitude of the threats to IS security from hackers, working either independently or at the possible instance of intelligence agencies or alienated anti-government groups, including terrorists. Hack ers are the mercenaries of the new millennium and the advent of the networked IS has enabled individuals to wage a war against a state, unnoticed and often undetected till the worst has happened.

Since August 1995, there have been 7,912 reported instances of penetration for defacements, of which 5,149 or 65.08 per cent were in the US, and the remaining 2,763 or 34.92 per cent in other countries. Among the US establishments whose IS was reportedly penetrated were private companies (3,303), non-governmental organisations (556), network providers (435), universities and research laboratories (376), the navy (58), the National Aeronautics and Space Administration (50), the army (47), the air force ( 12), the Marines (5), other military establishments (34), the Department of Energy, which controls nuclear research laboratories (8), other government departments (231) and banks (47).

The large number of penetrations in the US could be attributed partly to the large spread of networked IS in the US, as compared to other countries, and to the better system of reporting due to the regular sensitisation of public servants and business ex ecutives about the need for prompt reporting of penetrations and about the dangers of a cover-up.

The US is believed to have the best IS security infrastructure in the world in terms of laws, trained computer security experts, protection technologies, and so on. The fact that, despite this, there have been so many instances of reported and often unde tected (until post-event) penetration would give an idea of the seriousness of the threats which countries such as India, which are at least 10 years behind the US in developing similar computer security consciousness and protection infrastructure, face from potential cyber invaders.

In Asia, the largest number of penetrations for defacements since 1995 has been from South Korea (142), followed by Japan (63), China (59), Malaysia (46), India (37), Singapore (20) and Pakistan (17). The much smaller number in Pakistan as compared to In dia does not necessarily mean that IS security there is better than in India. It is more due to the fact of a much larger spread of networks in India. The more the networks, the greater the possibility of penetration.

Pakistan lags far behind India in information technology (IT), but Gen. Pervez Musharraf, its self-styled chief executive, has embarked on an ambitious programme for catching up with India. Budgetary allocations have been increased considerably to promot e computer education and research and to persuade Pakistani IT experts in the West to help in this regard.

However, there is one domain in which Pakistan seems to have taken a lead over India -- in mobilising the resources of overseas Pakistani and other Islamic IT experts and hackers in its electronic psychological warfare (Psywar) against India and in raisi ng a dedicated corps of hackers, who could be used to identify weak points in the IS of Indian establishments and use them appropriately.

The potential of the World Wide Web (WWW) for Psywar purposes was realised by the Inter-Services Intelligence (ISI) long before the Indian intelligence did.

There are about 150 jehadi web sites today. They provide the following services:

*Dissemination of information regarding jehad in different countries.

*Instructions on how to become a Mujahideen, how to prepare improvised explosive devices, and so on.

*Database on where one could purchase arms and ammunition and their prices.

*A bibliography of 266 articles on urban guerilla warfare and low-intensity conflicts.

*Anti-state propaganda.

About one-third of these Web sites relate to the so-called jehad in Kashmir and are run by organisations such as the JKLF, the Harkat-ul-Mujahideen and the Lashkar-e-Toiba.

Groups such as Attrition periodically publish a list of the 10 most active hacker groups of the world. Two groups of Pakistani hackers, calling themselves `GforcePakistan' and `Pakistanhc' figure in this list. The first one is estimated to have caused 11 0 defacements all over the world since 1995 and the second 99. Their targets include not only India, but also the US to protest against the US attitude on Kashmir.

A third group, the Muslim Online Syndicate (MOS), surfaced in March last, with an unverified claim of having defaced almost 600 Web sites in India and taken control of several Indian Government and private computer systems, in protest against alleged Ind ian atrocities in Kashmir.

Mr D. Ian Hopper, the CNN's Interactive Technology editor, reported as follows: ``Unlike the majority of Web vandals, the MOS members say they secretly take control of a server, then deface the site only when they `have no more use' for the data or the s erver itself.''He quoted one of the members of the group as saying as that: ``The servers we control range from harmless mail and Web services to `heavy-duty' government servers. The data is only being archived for later use if deemed necessary.''

It was suspected that the MOS managed to have access to Indian Web sites and IS through Alabanza, a Pakistani-controlled American Internet Service Provider, which had reportedly a collaboration agreement with a well-known Indian dotcom company, without t he latter being aware of its Pakistani connection.

There are many other Pakistani and Islamic hacker groups which have been active, with some of them giving online tutorials on how to use malicious software and hack and even providing malicious software, which can be downloaded and sent to someone whose computer one wants to damage.

These groups describe the growing number of hackers in the Pakistani diaspora as ``Pakistan's greatest natural resource''. The fact that they are able to indulge in such blatantly illegal activities online despite stringent Western laws against cyber cri me and vandalism should be a matter of concern to Indian national security managers.

Cyber Space Security Management has already become an important component of National Security Management, Military-related Scientific Security Management and Intelligence Management all over the world. Future intrusions threatening our national security may not necessarily come from across the land frontier, or in air space or across maritime waters, but happen in cyberspace. Intelligence operations and covert actions will increasingly become cyber-based. It is important that our intelligence agencies gear themselves up to this new threat.

It is, therefore, advisable to put in place a `National Cyber Space Security Management Policy' to define the tasks that need attention, specify the responsibilities of the individual agencies and provide for an integrated approach and architecture, which is now lacking.

(The author is former Additional Secretary, Cabinet Secretariat, Government of India.)