Information Security News: Iraq's Crash Course in Cyberwar

[InfoSec News <isn () c4i org>]

Forwarded from: William Knowles <wk () c4i org>

http://www.wired.com/news/conflict/0,2100,58901,00.html

By Brian McWilliams 
May 22, 2003

While the United States deployed its troops to the Persian Gulf in 
March, some Iraqis prepared for war by surfing the Web. 

Internet traffic records kept by the operator of C4I.org reveal that 
Iraqis developed an avid interest in psychological tactics and 
military links just prior to the combat action against them. The 
private Web portal provides links to sites that detail how information 
is used in warfare.

C4I.org logged hundreds of visits from Internet addresses assigned to 
Iraq's government-controlled Warkaa and Uruklink Internet services 
between November 2002 and March 2003. 

Experts said the site data confirms their belief that, despite 
technological obstacles, Iraq's government relied on the Internet for 
its intelligence operations. 

"Iraq is one of the least-wired countries, but all this is expected," 
said Dorothy Denning, a professor in the defense analysis department 
at the Naval Postgraduate School. "It's not surprising that they would 
be using it for intelligence gathering. Everyone else is doing it."

C4I.org takes its name from the military acronym for "command and 
control, communications, computers and intelligence." The site hosts a 
variety of documents and links about the use of "information warfare," 
which the Pentagon defines (PDF) as "actions taken to influence, 
affect or defend information, information systems and 
decision-making." 

Information warfare also includes a range of activities, from physical 
or virtual attacks on enemy information systems to "psychological 
operations" aimed at influencing the emotions and behavior of 
adversaries. 

Excerpts from C4I.org's server log files indicate that Iraqi Web 
surfers had a particular interest in documents about psychological 
operations, including an unclassified manual (PDF) on the subject 
published by the U.S. Marine Corps in 2001. 

So-called "referrer" entries in the log files show that much of 
C4I.org's Iraq traffic originated from Yahoo and Google searches. 
Search terms that led Iraqis to the C4I site include "computer 
warfare," "NASA computer network," "Echelon" and "airborne computer." 

C4I.org's operator William Knowles said the traffic from Iraq caught 
his eye last December, when visits from an IP address assigned to 
Warkaa spiked. 

According to Knowles, the traffic surge may have been driven by 
numerous media reports at the time about the Pentagon's plans to 
include psychological warfare in its battle plan. 

"I think the Iraqis only had a very basic knowledge of the subject, 
and they were probably cramming for the final exam," said Knowles, a 
computer security consultant who runs C4I.org in his spare time.

James Lewis, a senior fellow at the Center for Strategic & 
International Studies, said C4I.org's logs illustrate that the 
Internet is a double-edged sword for U.S. military strategists. 

"The Internet changes the nature of intelligence activity," said 
Lewis. "Because we're an open society, the Internet makes it easier 
for our enemies to collect intelligence. But it's also a lot easier 
for us to manipulate or put out information intended to frighten the 
enemy." 

To intimidate or confuse Saddam Hussein's military, U.S. military 
sources may have planted prewar stories about electromagnetic pulse 
bombs, GPS jammers and other high-tech gadgetry, Lewis said. 

Before they were knocked offline in late March, Iraq's Uruklink and 
Warkaa ISPs connected both government and civilian users to the 
Internet backbone over satellite links. 

Because Iraq's Internet traffic emanated from a handful of IP 
addresses, it's impossible to pinpoint who in the country was 
accessing C4I.org. Site visitors could have been citizens surfing out 
of curiosity, or Iraq's Mukhabarat intelligence officers or other 
members of the Baghdad regime on a mission. 

It's also possible that some of the visitors were journalists from the 
United States or other countries. The Al Rasheed and Palestine hotels 
in Baghdad, where many journalists stayed, reportedly had Internet 
connections through Uruklink. 

But referrer records show many of C4I.org's visitors from Iraq used 
AlMisbar.com, an English-to-Arabic translation service, to access the 
site, suggesting they were native Arabic speakers. 

U.S. officials publicly acknowledged a January mass e-mailing to 
persuade Iraqis to surrender and eschew the use of chemical weapons. 
However, no reports were confirmed of cyberattacks against Iraq by the 
U.S. government. Bombs, not government hackers, finally took Baghdad's 
Internet services offline in late March. 

Contrary to some predictions, the U.S. invasion of Iraq did not 
generate a wave of retaliatory hacking of U.S. targets. For example, a 
Malaysian virus writer and Al Qaeda sympathizer didn't deliver on his 
threat to release a "megavirus" once the United States invaded. 

According to Lewis, Iraq's Internet infrastructure was "antique" -- 
too undersized and unreliable to engage in information warfare. Even 
if Iraq's military officials had contracted with sympathizers in a 
high-tech nation to research or initiate cyberwar actions, he said, 
they probably concluded it wouldn't contribute much to their mission. 

"If you know U.S. planes are going to be dropping things on your head, 
what cybertool is going to stop that?" he asked. "There isn't one. Why 
waste your time thinking about it?" 

Knowles, however, said he believes that the United States' enemies may 
increasingly turn to cyberattacks to blunt the awesome power of the 
U.S. military. 

"Desperate people do desperate things," said Knowles. "If you're 
thinking like Saddam Hussein, you'll probably look at anything that 
helps you. Not as a singular event, but alongside a physical attack." 

In the weeks before the bombs rained down on their country, some 
Iraqis surfed the Web for much more mundane information. 

Google searches on some of the common IPs used by Iraqis showed 
records of their visits to stamp-collecting, dating and robotics 
sites. A couple of Iraqis posted messages in guest books at a site 
offering help for students studying authors such as Hemingway and 
Shakespeare. 

More ominous was a March visit from an Iraq address to a NASA site 
that houses information about global positioning systems. In February, 
someone using a computer in Iraq posted a greeting at a website 
dedicated to computer virus programming. 

The last record of Iraqi visitors to C4I.org came just days before the 
war began. On March 17, several hits were logged from Iraq to the 
site's page about cryptography, which contained a banner ad for a 
betting site. The ad invited viewers to place a wager on the question, 
"Will Saddam Hussein be the leader of Iraq on June 30?" 


 
*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.