[ISN] Iraq's Crash Course in Cyberwar

From: InfoSec News (isnat_private)
Date: Thu May 22 2003 - 22:23:23 PDT

  • Next message: InfoSec News: "[ISN] Worker vengeance makes its way online"

    Forwarded from: William Knowles <wkat_private>
    
    http://www.wired.com/news/conflict/0,2100,58901,00.html
    
    By Brian McWilliams 
    May 22, 2003
    
    While the United States deployed its troops to the Persian Gulf in 
    March, some Iraqis prepared for war by surfing the Web. 
    
    Internet traffic records kept by the operator of C4I.org reveal that 
    Iraqis developed an avid interest in psychological tactics and 
    military links just prior to the combat action against them. The 
    private Web portal provides links to sites that detail how information 
    is used in warfare.
    
    C4I.org logged hundreds of visits from Internet addresses assigned to 
    Iraq's government-controlled Warkaa and Uruklink Internet services 
    between November 2002 and March 2003. 
    
    Experts said the site data confirms their belief that, despite 
    technological obstacles, Iraq's government relied on the Internet for 
    its intelligence operations. 
    
    "Iraq is one of the least-wired countries, but all this is expected," 
    said Dorothy Denning, a professor in the defense analysis department 
    at the Naval Postgraduate School. "It's not surprising that they would 
    be using it for intelligence gathering. Everyone else is doing it."
    
    C4I.org takes its name from the military acronym for "command and 
    control, communications, computers and intelligence." The site hosts a 
    variety of documents and links about the use of "information warfare," 
    which the Pentagon defines (PDF) as "actions taken to influence, 
    affect or defend information, information systems and 
    decision-making." 
    
    Information warfare also includes a range of activities, from physical 
    or virtual attacks on enemy information systems to "psychological 
    operations" aimed at influencing the emotions and behavior of 
    adversaries. 
    
    Excerpts from C4I.org's server log files indicate that Iraqi Web 
    surfers had a particular interest in documents about psychological 
    operations, including an unclassified manual (PDF) on the subject 
    published by the U.S. Marine Corps in 2001. 
    
    So-called "referrer" entries in the log files show that much of 
    C4I.org's Iraq traffic originated from Yahoo and Google searches. 
    Search terms that led Iraqis to the C4I site include "computer 
    warfare," "NASA computer network," "Echelon" and "airborne computer." 
    
    C4I.org's operator William Knowles said the traffic from Iraq caught 
    his eye last December, when visits from an IP address assigned to 
    Warkaa spiked. 
    
    According to Knowles, the traffic surge may have been driven by 
    numerous media reports at the time about the Pentagon's plans to 
    include psychological warfare in its battle plan. 
    
    "I think the Iraqis only had a very basic knowledge of the subject, 
    and they were probably cramming for the final exam," said Knowles, a 
    computer security consultant who runs C4I.org in his spare time.
    
    James Lewis, a senior fellow at the Center for Strategic & 
    International Studies, said C4I.org's logs illustrate that the 
    Internet is a double-edged sword for U.S. military strategists. 
    
    "The Internet changes the nature of intelligence activity," said 
    Lewis. "Because we're an open society, the Internet makes it easier 
    for our enemies to collect intelligence. But it's also a lot easier 
    for us to manipulate or put out information intended to frighten the 
    enemy." 
    
    To intimidate or confuse Saddam Hussein's military, U.S. military 
    sources may have planted prewar stories about electromagnetic pulse 
    bombs, GPS jammers and other high-tech gadgetry, Lewis said. 
    
    Before they were knocked offline in late March, Iraq's Uruklink and 
    Warkaa ISPs connected both government and civilian users to the 
    Internet backbone over satellite links. 
    
    Because Iraq's Internet traffic emanated from a handful of IP 
    addresses, it's impossible to pinpoint who in the country was 
    accessing C4I.org. Site visitors could have been citizens surfing out 
    of curiosity, or Iraq's Mukhabarat intelligence officers or other 
    members of the Baghdad regime on a mission. 
    
    It's also possible that some of the visitors were journalists from the 
    United States or other countries. The Al Rasheed and Palestine hotels 
    in Baghdad, where many journalists stayed, reportedly had Internet 
    connections through Uruklink. 
    
    But referrer records show many of C4I.org's visitors from Iraq used 
    AlMisbar.com, an English-to-Arabic translation service, to access the 
    site, suggesting they were native Arabic speakers. 
    
    U.S. officials publicly acknowledged a January mass e-mailing to 
    persuade Iraqis to surrender and eschew the use of chemical weapons. 
    However, no reports were confirmed of cyberattacks against Iraq by the 
    U.S. government. Bombs, not government hackers, finally took Baghdad's 
    Internet services offline in late March. 
    
    Contrary to some predictions, the U.S. invasion of Iraq did not 
    generate a wave of retaliatory hacking of U.S. targets. For example, a 
    Malaysian virus writer and Al Qaeda sympathizer didn't deliver on his 
    threat to release a "megavirus" once the United States invaded. 
    
    According to Lewis, Iraq's Internet infrastructure was "antique" -- 
    too undersized and unreliable to engage in information warfare. Even 
    if Iraq's military officials had contracted with sympathizers in a 
    high-tech nation to research or initiate cyberwar actions, he said, 
    they probably concluded it wouldn't contribute much to their mission. 
    
    "If you know U.S. planes are going to be dropping things on your head, 
    what cybertool is going to stop that?" he asked. "There isn't one. Why 
    waste your time thinking about it?" 
    
    Knowles, however, said he believes that the United States' enemies may 
    increasingly turn to cyberattacks to blunt the awesome power of the 
    U.S. military. 
    
    "Desperate people do desperate things," said Knowles. "If you're 
    thinking like Saddam Hussein, you'll probably look at anything that 
    helps you. Not as a singular event, but alongside a physical attack." 
    
    In the weeks before the bombs rained down on their country, some 
    Iraqis surfed the Web for much more mundane information. 
    
    Google searches on some of the common IPs used by Iraqis showed 
    records of their visits to stamp-collecting, dating and robotics 
    sites. A couple of Iraqis posted messages in guest books at a site 
    offering help for students studying authors such as Hemingway and 
    Shakespeare. 
    
    More ominous was a March visit from an Iraq address to a NASA site 
    that houses information about global positioning systems. In February, 
    someone using a computer in Iraq posted a greeting at a website 
    dedicated to computer virus programming. 
    
    The last record of Iraqi visitors to C4I.org came just days before the 
    war began. On March 17, several hits were logged from Iraq to the 
    site's page about cryptography, which contained a banner ad for a 
    betting site. The ad invited viewers to place a wager on the question, 
    "Will Saddam Hussein be the leader of Iraq on June 30?" 
    
    
     
    *==============================================================*
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    ================================================================
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    *==============================================================*
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri May 23 2003 - 00:58:40 PDT