Information Operations & Cyberspace Newsletter
Compiled by: Mr. Jeff Harley and Mr. Garrett Hendrickson
US Army Space and Missile Defense Command
Army Forces Strategic Command
Army Forces Cyber Command
G39, Information Operations and Cyberspace Division
Table of Contents
ARSTRAT IO Newsletter on OSS.net
Table of Contents
Vol. 10, no. 07 (26 January – 24 march 2010)
1. 7th Annual US Army Global Information Operations Conference
2. Pentagon Report Calls for Office of ‘Strategic Deception’
3. Pentagon Searches for ‘Digital DNA’ to Identify Hackers
4. U.S. Oil Companies Targets of 'Tenacious' Cyber Attacks
5. Is the U.S. Gearing Up for Cyber War?
6. Pseudo Operations and Counterinsurgency: Lessons from Other Countries
7. U.S. Navy Establishes Cyber Fleet
8. 82nd Soldiers Making a Difference in Haiti
9. Britain Looked To Israelis When Seeking the Masters of Military Deception
10. War Game Reveals U.S. Lacks Cyber-Crisis Skills
11. British Army Should Woo Public on YouTube and Twitter, Says RAF Chief
12. Dominant Air Power in the Information Age
13. Afghanistan Conflict An 'Information War'
14. The Real Meaning of Cyberwarfare
15. Changing the PSYOP Name
16. China Inspires the World
17. China's Secret Cyberterrorism
7th Annual US Army Global Information Operations Conference
US Army Space and Missile Defense Command/Army Forces Strategic Command/Army Forces Cyberspace Command (SMDC/ARSTRAT/ARFORCYBER) invite you to the 7th annual Army Global IO Conference, 4-7 May 2010, in Colorado Springs, CO. Additional information and points of contact are in the attached file below.
Table of Contents
Pentagon Report Calls for Office of ‘Strategic Deception’
By Noah Shachtman, Wired, January 26, 2010
The Defense Department needs to get better at lying and fooling people about its intentions. That’s the conclusion from an influential Pentagon panel, the Defense Science Board (DSB), which recommends that the military and intelligence communities join in a new agency devoted to “strategic surprise/deception.”
Tricking battlefield opponents has been a part of war since guys started beating each other with bones and sticks. But these days, such moves are harder to pull off, the DSB notes in a January report (.pdf) first unearthed by InsideDefense.com. “In an era of ubiquitous information access, anonymous leaks and public demands for transparency, deception operations are extraordinarily difficult. Nevertheless, successful strategic deception has in the past provided the United States with significant advantages that translated into operational and tactical success. Successful deception also minimizes U.S. vulnerabilities, while simultaneously setting conditions to surprise adversaries.”
The U.S. can’t wait until it’s at war with a particular country or group before engaging in this strategic trickery, however. “Deception cannot succeed in wartime without developing theory and doctrine in peacetime,” according to the DSB. “In order to mitigate or impart surprise, the United States should [begin] deception planning and action prior to the need for military operations.”
Doing that will not only requires an “understanding the enemy culture, standing beliefs, and intelligence-gathering process and decision cycle, as well as the soundness of its operational and tactical doctrine,” the DSB adds. Deception is also “reliant … on the close control of information, running agents (and double-agents) and creating stories that adversaries will readily believe.”
Such wholesale obfuscation can’t be done on an ad-hoc basis, or by a loose coalition of existing agencies. The DSB writes that ”to be effective, a permanent standing office with strong professional intelligence and operational expertise needs to be established.” I wonder: what would you call that organization? The Military Deception Agency? Or something a bit more … deceptive?
Table of Contents
Pentagon Searches for ‘Digital DNA’ to Identify Hackers
By Noah Shachtman, Wired News, January 26, 2010
One of the trickiest problems in cyber security is trying to figure who’s really behind an attack. Darpa, the Pentagon agency that created the Internet, is trying to fix that, with a new effort to develop the “cyber equivalent of fingerprints or DNA” that can identify even the best-cloaked hackers.
The recent malware hit on Google and other U.S. tech firms showed once again just how hard it is to pin a network strike on a particular person or group. Engineers are pretty sure the attack came from China, and it sure was sophisticated enough to come from a state military like China’s. But it’s hard to say conclusively that the People’s Liberation Army launched the strike.
It’s the kind of problem Darpa will try to solve with its “Cyber Genome” project. The idea “is to produce revolutionary cyber defense and investigatory technologies for the collection, identification, characterization, and presentation of properties and relationships from collected digital artifacts of software, data, and/or users,” the agency announced late Monday.
These “digital artifacts” will be collected from “traditional computers, personal digital assistants, and/or distributed information systems such as ‘cloud computers’,” as well as “from wired or wireless networks, or collected storage media. The format may include electronic documents or software (to include malicious software - malware).”
Ultimately, Darpa wants to develop the “digital equivalent of genotype, as well as observed and inferred phenotype in order to determine the identity, lineage, and provenance of digital artifacts and users.”
“In other words,” The Register’s Lew Page notes, “any code you write, perhaps even any document you create, might one day be traceable back to you - just as your DNA could be if found at a crime scene, and just as it used to be possible to identify radio operators even on encrypted channels by the distinctive ‘fist’ with which they operated their Morse keys. Or something like that, anyway.”
The Cyber Genome project kicks off this week with a conference in Virginia.
Table of Contents
U.S. Oil Companies Targets of 'Tenacious' Cyber Attacks
By Larry Barrett, eSecurityPlanent, January 27, 2010
Senior executives at the three of the world's largest oil and natural gas companies were targeted by a highly sophisticated and aggressive malware campaign in 2008 that was designed to steal key proprietary data—including multi-million-dollar research to locate the next great oil discovery—according to a report this week on the Christian Science Monitor Web site.
ExxonMobil (NYSE: XOM), ConocoPhillips (NYSE: COP) and Marathon Oil (NYSE: MRO) executives who were unwittingly duped by unsolicited e-mails caring the data-extracting malware were finally notified of the scam in early 2009, according to unnamed law enforcement and IT security experts quoted in the article.
Security experts familiar with the attacks said this new form of corporate and, quite possibly, nation-sponsored espionage utilized custom spyware that is virtually undetectable by antivirus software applications used by the vast majority of large companies around the globe.
Targeting senior executives in a company is not new, but the level of sophistication of these attacks take the concept to a whole new level.
This particular wave of attacks focused on proprietary data, including "bid data"—the files containing details on the quantity, value and location of oil discoveries around the word. Officials close to the investigation said some of the attacks appeared to originate in China and that servers located in the Communist nation were used to store some of the stolen data.
For now, officials at all three oil companies are refusing to comment on the attacks.
"What these guys [corporate officials] don't realize, because nobody tells them, is that a major foreign intelligence agency has taken control of major portions of their network," a person said to be familiar with the attacks told the CSM. "You can't get rid of this attacker very easily. It doesn't work like a normal virus. We've never seen anything this clever, this tenacious."
Those sentiments compelled security software giant McAfee on Tuesday to notify InternetNews.com and other media outlets that on Thursday it and the Center for Strategic and International Studies will reveal the results of an extensive global study chronicling the activities and impact of those perpetrating cyber attacks against critical infrastructure operators around the world.
"Their networks and control systems are under repeated cyber attacks, such as the recent attacks on Exxon and ConocoPhillips," McAfee said in the e-mailed statement. "(The report) will reveal cost and impact of cyber attacks on critical infrastructure such as electrical grids, oil and gas production, telecommunications and transportation networks."
McAfee and other leading security software vendors have repeatedly warned enterprise customers that coordinated hacking attacks using sophisticated malware threaten to undermine not only individual data security but American companies' ability to remain competitive in the global economy.
This latest security bombshell comes on the heels of this month's revelation that the computer networks owned and operated by Google and more than two dozen other U.S. companies were infiltrated by Chinese hackers—or possibly by hackers hired by or sympathetic to the Chinese government—through a flaw in Microsoft's Internet Explorer browser.
Chinese officials have denied any involvement in the attacks.
Details of the attack
Investigators told the oil company honchos that proprietary data, including e-mail passwords, messages and other sensitive data pertaining to oil exploration and discovery, was passed on to computers overseas including—in at least one instance—to a computer in China.
In one instance cited by officials close to the investigation, a senior executive at Marathon Oil received an e-mail that appeared to be a reply to an e-mail she had sent to a colleague based in another country. However, the executive knew something was amiss because the subject line read "Emergency Economic Stabilization Act," and she knew that she had never sent the original e-mail.
This particularly executive was savvy enough to avoid clicking on the embedded link in the body of the e-mail but others within Marathon did, allowing hackers to access and surveil a vast and potentially crippling reservoir of competitive proprietary information.
Executives at ExxonMobil and ConocoPhillips were targeted with almost identical versions of the e-mail scam, sources told the CSM.
"The recent cyber attacks attributed to China are targeting critical information in corporate databases," Thom VanHorn, vice president of marketing at security software vendor Application Security, said in an e-mail to InternetNews.com. "These attackers are after the sensitive and proprietary information that differentiate these large companies and provide them with competitive advantage."
"This news highlights an attack on oil companies, but attacks are occurring every day and no industry is immune," he added. "Industry research shows that today’s antivirus [programs] may miss 20 percent of Trojans. With that in mind, it is critical that organizations lock down and monitor the data where it is stored—in the database," he added.
Investigators looking into the oil company attacks said the attackers were definitely targeting specific information—the bid data—which would be especially valuable to state-owned energy companies looking for new oil reserves without having to invest millions in exploration costs.
In its latest cyber attack report, McAfee researchers warned that number of incidents and network infiltrations that appear to be linked to nation-states and political goals continue to increase.
"With critical infrastructure as likely targets of cyber attacks, and private company ownership of many of the information systems in these sectors, private companies will likely be caught in the crossfire," the McAfee report said. "There is active debate as to when a cyber attack reaches the threshold of damage and disruption to warrant being categorized as cyber warfare."
Table of Contents
Is the U.S. Gearing Up for Cyber War?
By Kenneth Corbin, eSecurityPlanet, January 27, 2010
WASHINGTON -- Military officials readily admit that government information systems are subject to constant attack from hackers domestic and abroad, with some commissioned by authorities in enemy nations.
But at what point does that routine sparring become cause for escalation, to the point where the U.S. military might mount something that could fairly be considered a cyber offensive?
We're not there yet, but we may be getting close, according to panelists here at a presentation at the State of the Net conference, an annual tech policy event hosted by the Congressional Internet Caucus.
"To me we're in the stage before warfare. We're in the stages of people poking around," said Jim Lewis, director of the Center for Strategic and International Studies. "I don't think we've seen a case of state versus state warfare."
But the extent to which the military should add cyber attack capabilities to its arsenal remains an unsettled question. Last year, the Pentagon announced plans to install a Cyber Command, but its implementation has been delayed in part due to questions raised by lawmakers over its ambitions for escalating offensive operations.
In the meantime, President Obama only last month tapped former Microsoft (NASDAQ: MSFT) chief security officer Howard Schmidt to serve as the administration's cybersecurity coordinator, filling a position he promised to create in May.
Wrestling to define cyber warfare
At a session later in today's conference, Schmidt said it is impossible to define cyber warfare, saying that one of his many priorities in bringing together military and civilian cybersecurity efforts would be to arrive at a practicable framework for the term.
Lewis readily admitted that war is a "squishy concept" in the cyber arena. At the same time, he remains a hawk on the subject, arguing that the military should not be constrained from launching a counter attack when a critical element of U.S. infrastructure comes under siege.
"I don't understand why the existing laws of war don't apply in cyber space," he said. "We have rules; we just need to figure out how to apply them."
But if Lewis is a hawk, then you can count Greg Nojeim, senior counsel at the Center for Democracy and Technology, as a dove by comparison. Nojeim worries about the absence of ground rules for executing cyber attacks, warning that the uncertainty over who has the authority to execute an offensive that stops somewhere short of a declaration of war -- and defies the traditional conventions of combat -- makes cyber warfare a risk not worth taking at this stage.
"The result I think is that we ought to be talking a lot more and focusing a lot more on the defensive side than on the offensive side," he said.
Nojeim in particular is concerned about a bill pending in the Senate that would give the president dramatic authority over private networks in the event of a major cyber attack, and allow the Commerce Department to gain access to cybersecurity logs in what could amount to a major breach of citizens' privacy.