Mr. Jeff Harley us army Space and Missile Defense Command Army Forces Strategic Command

Download 389 Kb.
Size389 Kb.
  1   2

Information Operations


Compiled by: Mr. Jeff Harley

US Army Space and Missile Defense Command

Army Forces Strategic Command

G39, Information Operations Division

The articles and information appearing herein are intended for educational and non-commercial purposes to promote discussion of research in the public interest. The views, opinions, and/or findings and recommendations contained in this summary are those of the original authors and should not be construed as an official position, policy, or decision of the United States Government, U.S. Department of the Army, or U.S. Army Strategic Command.

Table of Contents

ARSTRAT IO Newsletter on
ARSTRAT IO Newsletter at Joint Training Integration Group for Information Operations (JTIG-IO) - Information Operations (IO) Training Portal

Table of Contents

Vol. 12, no. 07 (May 2012)

  1. Army Cyber Pros Pitch In With Network Evaluation

  2. Platforms and Upgrades Will Change Electronic Warfare

  3. GPS Vulnerable To Hacks, Jamming

  4. Beijing’s Battle Plan

  5. U.S. Seen As Iran ‘Cyberarmy’ Target

  6. File On Hitler's Mental State Turns Up In Cambridge Home

  7. Profile of Adolf Hitler from 1942 uncovered

  8. Major Cyber Attack Aimed At Natural Gas Pipeline Companies

  9. Afghan National Security Forces Develop Information Operations

  10. Omaha Cast Net That Caught Cyberthieves

  11. Army Wants To Monitor Your Computer Activity

  12. A Clunky Cyberstrategy

  13. Us Army Cyber Command Has Never Seen A Cyber Attack

  14. Video: Chinese Information Warfare seminar

  15. Adm. McRaven Defends U.S. Information Operations Overseas

  16. China 'Pursuing Steady Military Build-Up'

  17. Winning Without Fighting: Chinese Legal Warfare

  18. Read No Evil – Senior Censor Defends Work, Denies Playing Big Brother

  19. NORAD, NORTHCOM Launch Joint Cyber Division

  20. Army Cyber Talks Strategic Vision, Operations with Swedish Delegation

  21. Hillary Clinton Confirms US Al-Qa'ida Cyber Attack

  22. Meet ‘Flame’, The Massive Spy Malware Infiltrating Iranian Computers

  23. 21st Century Chinese Cyber Warfare

  24. A Quiet Opening: North Koreans in a Changing Media Environment

  25. The 'Art of Clandestine Courier Delivery' Helped Bin Laden Stay Hidden for So Long

  26. Iran Deploys the Photoshop Weapon

Army Cyber Pros Pitch In With Network Evaluation

By Henry Kenyon, Defense Systems, May 01, 2012

The mission of the Army’s Network Integration Evaluation (NIE) is to test new communications, software and networking equipment under field conditions before committing to building and deploying them across the entire service. But when all of that new gear is hooked up into an operational network, someone has to check it for vulnerabilities and its ability to interoperate with other systems.

That’s the job of the 1st Information Operations (IO) Command, a brigade-sized unit comprising two battalions that is part of Army Cyber Command. Since the launch of NIE in 2011, a team of personnel from the 1st IO has been an integral part of the process. The unit’s role in the event is to assess any potential vulnerabilities or threats to the network posed by the new technologies under evaluation when they are connected into the system. “We’re a niche brigade—there’s only one active duty brigade in the Army that does what we do,” Col. Glenn Connor, commander of the 1st IO Command, told Defense Systems.

The 1st IO’s role is to monitor the entire network once all of the new systems are connected to it. The command’s team looks for connection and encryption vulnerabilities among other potential problems, said Lt. Col. Chris Quick, director of strategic communications at Army Cyber’s Strategic Initiatives Group.

The command’s first battalion is the unit most involved in the NIE. This unit’s mission is to find and assess vulnerabilities and then devise mitigations processes, procedures and recommendations to reduce risks to acceptable levels. There is no red-team work in the NIE to actively attack or undermine the network, the 1st IO’s role is purely for assessment at this point, Quick said. As the NIE progresses, the brigade may be given a different mission set, but for the moment it is responsible for assessment only, he said.

During the evaluation process, 1st IO personnel are positioned throughout the event to communicate with staff from the Army Evaluation and Test Command, System of Systems Integration Command, Office of the Assistant Secretary of the Army for Acquisition, Logistics, and Technology and the NIE staff—primarily its Network Integration Directorate, Connor said.

The evaluation teams also focus on the maneuver elements involved in the NIE. Mobile teams are embedded with the units testing gear in the field and also as staff communicating with the organizations involved for managing the event’s network. Members of the 1st IO staff include their assessments and observations into the daily update briefs generated at the end of each day that are sent to key officers and administrators. “The idea is, as we find things, to address them while they’re out there,” Connor said.

A great deal of information is exchanged before the evaluation even takes place, Connor said. Key areas such as the architecture, IP addresses, the IP range as well as all of the wireless systems are scanned and monitored. As the IP addresses come into the network, the 1st IO personnel first check to see if the network is running properly; for example, to determine if a system added to the network will cause it to crash or defeats certain operational needs.

“Getting the architecture right—getting all of those systems hooked up—is challenging. If there’s something that we can recommend to make that flow better, we do it on the fly,” Quick said.

If the staff detects any vulnerabilities or patches to vulnerabilities, it determines if those vulnerabilities conflict with any other systems in the overall network, Connor said. The goal of the process is to keep up a continual information flow between the soldiers testing the gear the 1st IO team and the contractors.

Assessments are conducted on a system-by-system basis followed by a formal assessment at the end of the event. The assessments are incorporated into the information assurance reports that are sent to the Army organizations responsible for approving equipment and software tested at the NIE, Connor said.

One area that Army Cyber is interested in examining is how Army policies affect soldiers on the ground trying to implement those requirements. The service’s information assurance policies are mature and plentiful, so seeing how they affect soldiers at the individual unit level trying to integrate them is a learning experience that is not seen outside of combat, Connor said.

While they do listen to soldier feedback and work with units, the team’s primary job is to spot technical vulnerabilities as the equipment is integrated in the field. The 1st IO personnel also provide insight into the physical security status of a device or software application and maintain a dialogue with the contractors. “You’ve got to be very selective with what you point out in the physical domain,” Connor said.

Table of Contents

Platforms and Upgrades Will Change Electronic Warfare

Posted by David A. Fulghum, Aviation Week blog, May 03, 2012

The U.S. Navy's F/A-XX strike fighter, the EA-18G Growler, an unmanned combat aircraft (currently exemplified by two X-47B test platforms) and a nascent arsenal of specialized air-launched standoff weapons are all part of a new emphasis on exploiting the electro-magnetic spectrum.

Airborne electronic warfare is growing quickly in part because its definition has been expanded to include electronic and cyber attack.

The discipline now encompasses electronic attack (which includes jamming and spoofing), electronic protection against jamming and cyber attack and offensive cyber capabilities to attack enemy networks. In addition, the Navy has just issued a request for information (RFI) for the Next Generation Jammer (NGJ) that will greatly improve the electronic attack capability of the Growler.

Navy officials are reluctant to talk about possible F/A-XX capabilities but aerospace industry officials contend that some capabilities will be similar to the F-22. The new strike-fighter design will likely fly faster, higher and farther into the threat ring than other Navy aircraft. That will produce an increase in its radar and infrared detection horizons and allow it to pinpoint targets for weapons launched from non-stealthy designs at lower altitudes and farther from the target. Another capability is expected to be the ability to slew sensors in unmanned strike and reconnaissance aircraft for realtime strike of popup targets.

“We’ll get the final request for proposals out sometime in June,” says Rear Adm. Donald Gaddis, program executive officer for tactical aircraft at Naval Air Systems Command. “Our emphasis is getting NGJ out there by 2020. Everybody is excited about it.”

Another RFI that has just hit the street is for the F/A-XX, a replacement for the Super Hornet. The new aircraft is scheduled for operations in 2030-35.

“We’re looking at replacing the Super Hornet when it reaches 9,000 flight hr.,” Gaddis says. About 150 Super Hornets will be modified for a 10,000 flight hour life, says Capt. Frank Morley, program manager for the F/A-18E/F and EA-18G.

“Attributes of the [F/A-XX] aircraft – speed, range, payload, growth – will be shaped by what else is going on. There is a lot of analytical work on manned and unmanned follow-on platforms, advanced networks and where we are headed with airsea battle.”

The desire to cut defense spending by adopting common programs also could become a factor in the Pentagon’s acquisition plans for new strike fighters. It could be that Congress and others may push for a joint F-X and F/A-XX competition.

“There’s always a chance,” Gaddis says. “I think that the Defense Secretary will want us to do a joint AOA. But the attributes of a carrier aircraft and an Air Force program may be different. We have to be ready for that.”

Yet another worry is that gaps will appear in the number of aircraft available for service if there is a long lag time between the end of Super Hornet production and the availability of F-35 Joint Strike Fighters.

“On the supersonic tactical aviation side, F-35 doesn’t [start replacing Super Hornets] until 2019. Does that leave a gap for when aircraft are actually available to the squadrons?”

As a result of the unknowns in future acquisition plans and budgets, the Navy believes it is necessary to continue investing in the Super Hornet flight plan. Upgrades are added and funded in increments.

Table of Contents

GPS Vulnerable To Hacks, Jamming

By Jesse Emspak, Discovery, May 4, 2012

This week, the South Korean government reported that electronic jamming signals from North Korea were affecting communications and GPS signals for passenger aircraft. So far, there has not been a serious threat to safety because the pilots were able to use supplemental navigation devices.

But how does a group disrupt signals from GPS or other communication systems in the first place?

The simplest way to is to drown them out in a barrage of other signals, said Adrian Graham, a consultant in electronic warfare and the author of a textbook on the subject. That means sending out a radio signal over a wide range of frequencies similar to the ones that GPS uses. Because GPS signals are not that strong; barrage jamming is rather like blasting music in a room and drowning out conversation. Another method is to drown out the satellite signal by beaming a narrowband signal directly to the GPS receiver, if its location is known.

"Even a very low-power jammer is very effective," Graham told Discovery News .

But to really hack GPS and create a safety hazard requires that one spoofs or falsifies the data the receiver gets. To do this one might duplicate a GPS signal and play it back to a passing aircraft with a slight variation to the time signal. Since a signal broadcast from the ground would be stronger than the ones coming from orbiting satellites, the plane's GPS receiver would lock on to the fake one. The pilot wouldn't know what was happening -- his GPS unit would give him a position that looked perfectly legitimate, but would gradually lead him away from his destination.

"If this brings a victim aircraft into hostile territory, it can in the worst case be shot down, with the culprit country being able to say that the aircraft strayed into restricted airspace," Graham said.

GPS isn't the only kind of communication signal that can be messed with. The U.S. military has several aircraft that are designed specifically to disrupt enemy communications. The EA-18G Growler, for instance, has been in service for the last three years and is capable of jamming enemy radar and communications, as well as destroying the installations.

Jamming communications and radar has a long history, going back to at least to World War II. Some early versions of stealth technology involved aircraft generating a signal at the same frequency as the radar. More sophisticated versions of the technique were used during the Vietnam War.

Variations in that method are used today, said Stan VanDerWerf, president of Advanced Capitol, a consulting firm and a former chief of electronic warfare and avionics at the Warner Robins Air Logistics Center at Robins Air Force Base. "Enemy radar is looking for ours," he said. "But we have a jammer, which receives energy from the radar, emulates the signal and sends it back out."

It won't make the target plane invisible, but it will make the radar operator's screen show misleading information that’s harder to decipher. A similar technique is used to fool radar-guided missiles into under- or over-estimating the speeds of their targets.

With digital communications, the problem of interference has become more complicated. Digital signals generally operate at lower power than their old-line analog cousins, so they are more vulnerable in some respects.

"Smart jamming" is a method that attacks specific digital networks, such as those for mobile phones, while leaving others intact. It involves attacking the network, as opposed to the signal. A hacker calls the local cell tower's base station, which is responsible for routing the calls through the network, and tells it to ignore everyone. The computer isn't smart enough to recognize the hack, and stops listening to the cell phone signals coming in. As a result, the calls don't go through.

Another method is to generate a signal that sounds to the phone just like a cell phone tower. Since the phone automatically locks onto the strongest signal around, it will go to the fake cell tower. The fake cell phone tower receives the signal and responds with a message that says, essentially, "Sure I will route your call," but then it does nothing.

In France, prisons use it to stop inmates from using cell phones. In the United States, jamming mobile phone communications is illegal, and the Federal Communications Commission in October said it was targeting retailers that say they sell devices designed to block mobile phones. But there is an ongoing debate about whether such technology should be available for correctional facilities. South Carolina petitioned the FCC to be allowed to do it, and selective call-blocking technology is used in some Mississippi prisons.

"Anything in the electromagnetic spectrum, these principles can be applied," VanDerWerf said.

The real problem for aircraft, especially civilian ones, is that jamming isn't visible. Many modern airplanes also use electronic compasses that are fed information from the GPS receivers. "You probably don't know you are being jammed -- there will likely be no indication," Graham said. "If it is cloudy or night you will have no external reference."

Table of Contents

Beijing’s Battle Plan

By Bill Gertz, FreeBeacon, April 27, 2012

China’s People’s Liberation Army is preparing to destroy U.S. computer and network infrastructure in future attacks and knock out satellites with microwave pulses, according to recently translated Chinese military writings.

A senior colonel in the General Staff Fourth Department—the cyber warfare and electronic spying section known as 4PLA—wrote in one article that Chinese electronic network attack plans call for a “system of systems” destruction plan.

U.S. cyber warfare combat capability “forms a great threat for our military in terms of carrying out joint campaigns and operations, and especially information operations,” wrote Col. Lin Shishan.

“In this regard, we must establish the information combat concept of ‘attack and destruction of system of systems,’ and from the point of view of structural resistance, regard information systems of the main opponent as a whole, look for crucial points in the architecture which will serve as precise attack targets of information operations in order to break the balance of their architecture, paralyze the work of the systems, and reach the goal of weakening and suppressing their ability to obtain information superiority,” Lin wrote in the Beijing journal “New Century and New Age.”

A second article in a Chinese military journal revealed new details on how China’s military is set to conduct high-power microwave attacks against satellites in space.

Authors Wu Gang, Song Zhiqiang, and Liu Bo of the China Academy of Space Technology stated that satellite systems are critical for China’s national security and economy, and as a result “satellite systems would unavoidably become the key target to attack by the enemy in modern warfare.”

Because Russia and the United States are developing anti-satellite weapons, the authors state, China must follow suit.

The Pentagon has said it is not developing space weapons, although a U.S. sea-based missile defense interceptor was used in 2008 to shoot down a falling satellite.

However, China’s military in 2007 successfully tested satellite-killing missiles and has developed electronic jammers and lasers for use against space systems, according to the Pentagon’s annual report to Congress on the PLA.

To destroy satellites, microwaves are fired in pulses and enter them through antennae, cables, or slots; once inside, they destroy electronic and other components, the Chinese article states.

“When the power or energy reaches a certain level of magnitude, it would interfere with the internal electronic equipment or components, rendering them unable to function normally, or even burning the semi-conductor components and integrated circuit of the electronic equipment,” the article says.

“Some military powers” already have space-based high-power microwave weapons that can fly close to spacecraft targets to be attacked, the report says.

It concludes that both ground-based and space-based high-power microwave weapons can damage orbiting satellites.

A third PLA paper published in March calls for China’s armed forces to expand “cyber dominance.”

Author Liu Wangxin said “some countries and organizations” are using the Internet to “carry out purposeful political and cultural infiltrations.”

“The information network will become the center of military actions,” Lui says.

Chinese national sovereignty is threatened by the use of the Internet because key information nodes and facilities are controlled by the United States, where most of the Internet trunk lines are based.

Expanding Chinese cyber warfare capabilities “has a direct bearing on the outcome of future informatized wars,” according to Liu, who noted that cyber weapons are strategic.

“While great importance is attached continuously to wartime actions, it is also necessary to pay special attention to non-wartime actions,” he writes. “For example, demonstrate the presence of the cyber military power through cyber reconnaissance, cyber deployment, and cyber protection activities; make use of the characteristics of the cyber operation force, which can take action rapidly, has strong gathering and reorganizing capability, and is able to carry out high-intensity confrontations, to effectively protect the information nodes in cyberspace.”

Dmitri Alperovitch, chief technology officer for CrowdStrike, who specializes in Chinese cyber warfare said the 4PLA colonel’s disclosure of plans for deep attacks against U.S. networks—not just front-line nodes—reveals a key Chinese warfighting goal.

“If this represents the official line of thinking, this means that the prospects are not good that a limited conflict in a Taiwan Straits would remain localized to that geography without escalating into an all-out war,” Alperovitch told the Free Beacon.

The writings make clear “the Chinese realize that our combat-supportive information systems are not only a great advantage, but our reliance on them is potentially one of our biggest weaknesses,” he said.

Of concern is the revelation that the Chinese are planning joint kinetic, electronic warfare and network attacks against U.S. systems, Alperovitch said.

“As expected, they view our communications and GPS navigation systems as priority targets at the start of a conflict and are spending time and effort figuring out their vulnerabilities and attack strategies,” he said.

The writings support the findings of the congressional U.S.-China Economic and Security Review Commission that stated in a report in March that China’s military seeks to integrate computer attacks with other military operations in what the PLA calls “information confrontation.”

“PLA leaders have embraced the idea that successful war-fighting is predicated on the ability to exert control over an adversary’s information and information systems, often preemptively,” the report said.

“This goal has effectively created a new strategic and tactical high ground, occupying which has become just as important for controlling the battle space as its geographic equivalent in the physical domain,” the report said.

Edward Timperlake, a former Pentagon technology security official, said the writings indicate China is preparing for future broad-spectrum warfare.

Timperlake noted that U.S. forces that are being built up in the Pacific need funding for “a new revolutionary technology/platform, training and tactics” to challenge the Chinese military’s high-tech warfare plans.

“They have not yet grasped this technology pivot—building a U.S. and allied honeycomb [command, control, communications, computers, intelligence surveillance, and reconnaissance] Pacific grid,” Timperlake said. “Thus being robust and redundant is our way ahead. The Chinese sense this, but they are focusing on our current capability, which they can hurt but which will hopefully rapidly evolve in a different direction.”

Table of Contents

U.S. Seen As Iran ‘Cyberarmy’ Target

By Shaun Waterman, Washington Times, April 25, 2012

Iran is recruiting a hacker army to target the U.S. power grid, water systems and other vital infrastructure for a cyberattack in a future confrontation with the United States, security specialists will warn Congress on Thursday.

"Elements of the [Iranian Revolutionary Guard Corps] have openly sought to pull hackers into the fold" of a religiously motivated cyberarmy, according to Frank J. Cilluffo, director of the Homeland Security Policy Institute at George Washington University.

Lawmakers from two House Homeland Security subcommittees will hold a joint hearing Thursday about the cyberthreat posed by Iran — as tensions over Tehran's nuclear program continue at a high level and as a possible Israeli strike against it looms.

The Washington Times obtained advance copies of witnesses' prepared testimony.

In his remarks, Mr. Cilluffo says that, in addition to the recruiting by the Revolutionary Guards, another extremist militia, the Basij, "are paid to do cyberwork on behalf of the regime, [and] provide much of the manpower for Iran's cyber-operations."

Both militias are thought to be under the control of Iran's clerical leadership, headed by supreme leader Ayatollah Ali Khamenei. Two Revolutionary Guard leaders have been indicted by U.S. prosecutors in connection with a suspected plot to assassinate Saudi Arabia's ambassador to the United States by bombing a prominent Washington restaurant.

"Over the past three years, the Iranian regime has invested heavily in both defensive and offensive capabilities in cyberspace," states testimony from Ilan Berman, vice president of the hawkish American Foreign Policy Council, in his remarks for Thursday's hearing.

Estimates of the skill level of Iran's hacker army vary, but Mr. Cilluffo points out that a veritable "arms bazaar of cyberweapons" is accessible through the Internet hacker underworld.

"Adversaries do not need capabilities, just intent and cash," he states.

Mr. Cilluffo was recruited by President Bush on Sept. 12, 2001, the day after the terrorist attacks on the World Trade Center and the Pentagon. He helped set up the Office of Homeland Security in the White House and left for George Washington University in 2003.

In 2009, Iran's nuclear program was attacked by a cyberweapon called Stuxnet. Although there is no definitive evidence of Stuxnet's origins, Iran has blamed the United States and Israel and has been girding for a conflict in cyberspace ever since.

"For the Iranian regime the conclusion [drawn from Stuxnet] is clear: War with the West, at least on the cyberfront, has [already] been joined, and the Iranian regime is mobilizing," states Mr. Berman.

The tensions between Iran and the West have taken unconventional forms besides cyberwarfare.

Iran claimed this month that it has been able to copy sensitive technology from a U.S. drone that crashed over its territory. It also has accused the United States and Israel of killing several of its nuclear scientists.

In a statement released Wednesday night, Rep. Dan Lungren, California Republican and chairman of the cybersecurity, infrastructure protection, and security technologies subcommittee said that "if recent reports are accurate that Tehran is investing $1 billion to expand their cyberwarfare capabilities, Iran will be a growing cyber threat to our U.S. homeland."

The congressional testimony will be presented as the world waits for the next round of talks about Iran's nuclear program – which Tehran insists is for peaceful purposes – next month in Iraq.

The United States and other members of the U.N. Security Council are pushing Iran to end its program of uranium enrichment. In exchange, trusted third-party countries would provide fuel for its civilian nuclear program. Enriched uranium can be used as fuel, but it can also be further enriched quickly and used in a nuclear weapon.

"Tensions between the West and Iran are increasing over Iran's illicit nuclear program, making the potential for an Iranian cyberattack against the homeland a real possibility," said Rep. Patrick Meehan, Pennsylvania Republican and chairman of the counterterrorism and intelligence subcommittee, the other panel at Thursday's hearing.

As negotiators prepare for the next round of talks, the tightening screw of international sanctions and the looming threat of an Israeli military strike against Iran's nuclear sites have provoked threats from leading figures in the Revolutionary Guards.

Mr. Cilluffo notes that "Iran is not monolithic: command and control there is murky, even within the [Revolutionary Guards], let alone what is outsourced."

He notes that the Lebanese-based militant Hezbollah movement — which Iran has frequently used as a terrorist proxy — has begun recruiting its own cybermilitia of skilled hackers.

"Iran has a long history of demonstrated readiness to employ proxies for terrorist purposes," Mr. Cilluffo's testimony states.

"There is little, if any, reason to think that Iran would hesitate to engage proxies to conduct cyberstrikes against perceived adversaries."

Those proxies could make it hard to prove that Iran was behind the attacks.

Mr. Berman's testimony notes that an extremist newspaper affiliated with the Revolutionary Guards last year warned the United States to "worry about 'an unknown player somewhere in the world' attacking a section of [U.S.] critical infrastructure."

In 2009 and 2010, a hacker group calling itself the Iranian Cyber Army attacked Twitter and the Chinese search engine Baidu, as well as Iranian websites belonging to the opposition Green Movement.

"In the event of a conflict in the Persian Gulf," attacks like that on Twitter "could provide Iran an avenue for psychological operations directed against the U.S. public," states Mr. Cilluffo.

Such operations would aim at sowing fear and confusion by attacking systems Americans use in their daily lives.

In a Persian Gulf military standoff, Iran also might combine computer-network attacks against U.S. military information and communications systems with more conventional jamming techniques "to degrade U.S. and allied radar systems, complicating both offensive and defensive operations," Mr. Cilluffo adds.

Some parts of the federal government, such as U.S. Strategic Command and the State Department's Nonproliferation Bureau, have begun to pay attention to the Iranian threat of a cyberattack, but no one in the administration is "tasked with comprehensively addressing the Iranian cyberwarfare threat," Mr. Berman warns.

"The U.S. government, in other words, has not yet even begun to get ready for cyberwar with Iran," he concludes.

Table of Contents

File On Hitler's Mental State Turns Up In Cambridge Home

From Cambridge News, 04/05/2012

A top secret psychological profile of Adolf Hitler – written by a Cambridge expert – has turned up 60 years on.

Cambridge University psychoanalyst, Joseph MacCurdy, penned the report in 1942 on the orders of Mark Abrams, a pioneer of market research, who served with the Government’s Psychological Warfare Board.

The report was based on a speech the Nazi leader made in 1942, which Dr MacCurdy studied.

The Cambridge academic’s analysis revealed that Hitler was displaying “epileptic defeatism” and was “seriously contemplating the possibility of utter defeat”.

It described the Fuhrer as a “paranoid messiah” who was caught in a “web of religious delusions”.

Remarkably, the report also made several accurate predictions about Hitler’s future tactics in the war, correctly forecasting he would not conquer Russia or attempt to take England by air again after defeat in the Battle of Britain.

The British war cabinet used information in the report for propaganda, openly mocking the Luftwaffe’s “impotence” when it was identified by experts as a sore point in Hitler’s speech.

Social historian, Dr Scott Anthony, found the document while at the home of a relative of Mr Abrams. He has now given it to Cambridge University.

Dr Anthony said it would have given the British Secret Service a fascinating insight into Hitler’s deteriorating mental condition.

He said: “I could not believe it when we found this document. I was completely shocked and I just kept reading it over and over again – it really is a fascinating piece of history.

“It has stayed with the family of the Abrams since the war and has never been read by anyone else.

“What is so amazing is how sophisticated the analysis of Hitler was. The psychological profiling of Hitler is a facet of the war that is not yet public knowledge but it appears the report was remarkably accurate and the recommendations at the end were implemented by the Allies.”

Table of Contents

Profile of Adolf Hitler from 1942 uncovered

From The Telegraph, 7 May 2012

Adolf Hitler had a "messiah complex" and became increasingly obsessed with the perceived Jewish "enemy within" as World War II turned against Germany, according to a secret 1942 assessment.

The British intelligence report, which lay apparently unread from the war until its recent rediscovery, found that the Nazi dictator turned to "Jew-phobia" as the likelihood of defeat increased.

The wartime analysis, now made public by the University of Cambridge, was commissioned by social scientist Mark Abrams and written by his colleague Joseph MacCurdy, a Cambridge academic.

Abrams, a world-renowned pioneer of market research and opinion polling, worked with the BBC's Overseas Propaganda Analysis Unit and the Psychological Warfare Board during World War II.

"At the time that it was written, the tide was starting to turn against Germany," said Cambridge historian Scott Anthony, who led research into Abrams which resulted in the paper being unearthed in a family collection.

"In response, Hitler began to turn his attentions to the German home front.

"This document shows that British intelligence sensed this happening.

"MacCurdy recognised that, faced with external failure, the Nazi leader was focusing on a perceived 'enemy within' instead - namely the Jews.

"Given that we now know that the 'final solution' was commencing, this makes for poignant reading."

Abrams thought that transcripts of Hitler's broadcasts could be close-read for propaganda and intelligence purposes, revealing hidden "latent content" and subconscious insights into the enemy's state of mind.

His work was fed directly into Allied counter-propaganda.

The newly re-aired analysis covered a radio speech Hitler gave on April 26, 1942.

"Its content would presumably reflect his morbid mental tendencies on the one hand and special knowledge available to him on the other," the opening lines said.

An earlier report found three such tendencies, termed "shamanism", "epilepsy" and "paranoia".

"Shamanism" referred to Hitler's hysteria and compulsion to feed off whipped-up crowds, which was in decline. MacCurdy's report pointed to the "dull flatness" of delivery in Hitler's broadcast.

The other two were developing characteristics.

"Epilepsy" covered his cold and ruthless streak, combined with a tendency to lose heart when ambitions failed. MacCurdy's analysis found Hitler's speech showed him to be "a man who is seriously contemplating the possibility of utter defeat".

"Paranoia" was the third and most worrying tendency, exposed through the dictator's "Messiah complex", in which Hitler thought he was leading a chosen people on a crusade against evil incarnate in the Jews, the paper said.

It notes an extension of the "Jew phobia" and says that Hitler now saw Jews not just as a threat to Germany, but as a "universal diabolical agency".

It is now known that weeks before the speech, senior Nazis had set plans in motion for the "final solution": the attempted extermination of the entire Jewish population.

"Hitler is caught up in a web of religious delusions," MacCurdy concluded.

"The Jews are the incarnation of evil, while he is the incarnation of the spirit of good.

"He is a god by whose sacrifice victory over evil may be achieved. He does not say this in so many words, but such a system of ideas would rationalise what he does say that is otherwise obscure."

The document has been added to an archive on Abrams' work held at Cambridge and is now available to researchers.

Table of Contents

Major Cyber Attack Aimed At Natural Gas Pipeline Companies

By Mark Clayton, Christian Science Monitor, May 5, 2012

A major cyber attack is currently under way aimed squarely at computer networks belonging to US natural gas pipeline companies, according to alerts issued to the industry by the US Department of Homeland Security.

At least three confidential "amber" alerts – the second most sensitive next to "red" – were issued by DHS beginning March 29, all warning of a "gas pipeline sector cyber intrusion campaign" against multiple pipeline companies. But the wave of cyber attacks, which apparently began four months ago – and may also affect Canadian natural gas pipeline companies – is continuing.

That fact was reaffirmed late Friday in a public, albeit less detailed, "incident response" report from the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), an arm of DHS based in Idaho Falls, Idaho. It reiterated warnings in the earlier confidential alerts made directly to pipeline companies and some power companies.

The ICS-CERT is charged with helping secure the nation's industrial control systems – computerized systems that open and close valves, switches, and factory processes vital to the chemical, industrial, and power sectors. Their "fly away" teams visit factories, power plants, and pipeline companies to investigate cyber intrusions.

"ICS-CERT has recently identified an active series of cyber intrusions targeting natural gas pipeline sector companies," the confidential April 13 alert warns. "Multiple natural gas pipeline organizations have reported either attempts or intrusions related to this campaign. The campaign appears to have started in late December 2011 and is active today."

Safeguarding industrial control systems from cyber attack is a major point of debate right now in Congress, which has been wrangling over whether to grant the federal government authority to require that vital sectors like the electric utility, oil and gas, and chemical industries meet certain levels of cyber security.

Approximately 200,000 miles of these interstate natural gas transmission pipelines in the US supply 25 percent of the nation's energy. Pipeline safety has been a major issue in recent years, highlighted by the San Bruno, Calif. pipeline explosion that killed eight people and destroyed 38 homes in the Bay Area in September 2010.

In Friday's public warning, ICS-CERT reaffirms that its "analysis of the malware and artifacts associated with these cyber attacks has positively identified this activity as related to a single campaign from a single source." It goes on to broadly describe a sophisticated "spear-phishing" campaign – an approach in which cyber attackers attempt to establish digital beachheads within corporate networks.

Spear-phishing has become one of the attack vectors of choice for cyber spies intent on infiltrating corporate networks. In such an attack, a specific person in the organization is researched, often using social networking sites like Facebook or LinkedIn in order to carefully craft a convincing e-mail that appears to be from a close associate.

But the seemingly benign e-mail typically contains a malicious software attachment or link. Once clicked on or opened, the malware or link creates a back-door for a hacker to then gain entry and begin prowling for valuable data.

Yet there are several intriguing and unusual aspects of the attacks and the US response to them not described in Friday's public notice. One is the greater level of detail in these alerts than in past alerts. Another is the unusual if not unprecedented request to leave the cyber spies alone for a little while.

Each of the three alerts, for instance, includes detailed descriptions of the cyber threat – much more detailed than previous ICS-CERT warnings over the years, say cyber security experts who have seen the alerts. Those private warnings included computer file names, computer IP addresses, and other key information that a company's cyber security experts could use to check to see if their networks have been infiltrated.

"This was far more detail than we've ever received in the past – and the number of alerts in succession was unusual," says one security expert who requested anonymity because he was sharing sensitive material. "It indicated to me this was pretty serious."

Amazingly, he says, companies were also specifically requested in a March 29 alert not to take action to remove the cyber spies if discovered on their networks, but to instead allow them to persist as long as company operations did not appear to be endangered.

"In essence they were saying: 'Do not put in any mitigation or blocks against these active intruders,’ " says the individual who has seen all three confidential alerts. "But if you're telling an investor-owned utility not to do anything, that's pretty unheard of. Step 1 is always block these guys and get them off the system. It's pretty unusual in the commercial world to just let them collect data. Heaven forbid that the intruders gain control. It kind of looks like our intel guys were trying to get more information."

Beyond indicating that multiple companies were targeted and some other systems compromised, neither the alerts nor the public notice indicate just how many companies have been infiltrated. The documents also do not indicate that any companies' pipeline operations – or their vital computerized industrial control systems that run pumps – have yet been affected.

But other cyber security experts familiar with the alerts warn that access to a company's corporate system can eventually allow a hacker to wind through a corporate network and into the vital industrial control processes. Those systems, if infiltrated, could allow hackers to manipulate pressure and other control system settings, potentially reaping explosions or other dangerous conditions.

"There's not enough information available yet to tell exactly what is the target or goal here," says Jonathan Pollet, founder of Red Tiger Security, who specializes in industrial control system security and who has worked extensively in the oil and gas industry. "But it's a concern because if they access the corporate network it's often just a short step to the next level and right into their control system network."

One reason ICS-CERT may have acted, he believes, is because of the large number of companies discovering attackers on their networks. As many as 20 companies have already come forward to tell ICS-CERT of the infiltrations, Mr. Pollet says. That number could not be independently verified. A DHS spokesman was unavailable to comment at press time Saturday.

Even so, there is at least some support for Pollet's assertion.

Sanaz Browarny, chief, intelligence and analysis, of the control systems security program at DHS, told a security conference last month that “on a daily basis, the U.S. is being targeted.” In her presentation, as reported in Homeland Security News Wire, she said that ICS-CERT’s response team had taken 17 trips to private utilities last year, seven of those as a direct result of sophisticated spear-phishing attacks. She did not, however, indicate the attacks were against a specific type of utility.

There are also signs the threat could extend across North America. A Canadian cyber security expert told the Monitor that authorities in his country also are on alert since the US warnings, although it is not clear if any Canadian companies are affected, he said.

At least one confidential US alert, a portion of which was obtained by the Monitor, urged companies to remain on guard – and send back information.

"ICS-CERT has received additional reports involving targeted and compromised organizations within the gas pipeline sector," according to the April 13 alert. "Analysis from those reports, including the analysis of hard drives and logs, has yielded new indicators of compromise…. Organizations are strongly encouraged to review this report and contact ICS-CERT to report their findings."

Table of Contents

Afghan National Security Forces Develop Information Operations

By Chief Petty Officer Oscar Troncoso, ISAF Regional Command North, 9 May 2012

CAMP SHAHEEN, MAZAR-E SHARIF, Balkh province, Afghanistan – Wars can be influenced, shaped and ultimately won or lost, with information. International Security Assistance Force leaders know all too well that part of the fight for the hearts and minds of the Afghan people is in the arena known as Information Operations.

The goal of Information Operations is to combat enemy misinformation that leads to misperceptions with accurate and reliable information that, on one hand, the population can trust, and on the other hand, chisel away at the will of the enemy. While building trust among the Afghan population has been one of ISAF’s most important challenges, it is even more critical that the element of trust is nurtured and sustained by Afghan National Security Forces.

At Regional Command North headquarters based in Camp Marmal, the Information Operations branch has played an important role for years during ISAF’s mission of supporting ANSF in order to provide security and disrupt insurgent activities, which results in a safe and stable population. An Information Operations section within the ANSF, however, had not yet been formally established – until now. A multi-national team of mentors, Maj. Lars Flink of the Netherlands army and Lt. Ian Roberts of the United States Navy, have been working at Camp Shaheen for the past four months to partner and assist with the establishment of an Information Operations department within the 209th Corps of the Afghan National Army.

“RC North has done a lot of planning in the information environment,” said Flink, who is an Information Operations training officer at the Army Staff Officers Training School in Amersfoort, Netherlands. “The best thing for them is to do it themselves. They know better how to communicate with their own population. The Army and security forces of Afghanistan are there to provide security and communicate the effects of that security so that their public can trust and support them. When we leave, this will be very important,” said Flink, who is winding down his second mission in Afghanistan.

According to Roberts, a reservist from Washington state who is also on his second mission in Afghanistan, the 209th Corps already had two important sides of the Afghan information triangle: Language Awareness Skills and Religious Cultural Awareness. The missing piece in the triad was Information Operations. This is where the support of the RC North Information Operations branch came in.

Lt. Col. Ghulam Mustafa of the 209th Corps is heading the partnership with Flink and Roberts. Mustafa leads a newly created team as part of the ANA’s new Information Operations branch. The 209th’s Info Ops branch is the first of its kind within the ANA, founded after the first Information Operations course in January, 2012. Mustafa, along with other ANA instructors, provided an Information Operations brief – the first for leaders of the 209th Corps - on April 16 at Camp Shaheen.

“It was general information about our new Information Operations department,” said Mustafa. “They were glad to be part of our presentation. It is an important part of the professional education of our officers. It is the first time that they hear about such information. I am sure that our Information Operations section will have a positive effect.”

Roberts believes that his partnership with Flink was enhanced, and not hindered, by the fact that he came from a different country.

“We complement each other culturally,” explained Roberts. “I offer an American perspective, and he offers me a perspective from the Netherlands. I see this added element in a coalition environment as a great advantage. That element added to the success of our working relationship.”

Flink’s approach with his collaboration with Roberts is no different than his approach with Afghans. “My partnership with Roberts is the same way as our partnership with our Afghan counterparts,” explained Flink. “It’s not about the rank. It’s about learning the culture here, and seeing how it works. I started going to Camp Shaheen with Roberts, who they already knew. I trusted him, and the Afghans saw that we worked well together. After my third trip to Camp Shaheen, Lt. Col. Mustafa introduced me to his peers. This was an act that I knew as an act of trust,” said Flink.

An important key that opened up the opportunity to successfully partner with the ANA was laying that foundation of trust. The culture in Afghanistan requires that trust be firmly in place before a working relationship can flourish and move toward common goals.

“Their culture is not what I’m accustomed to in my country, where it is direct and to the point,” said Flink. “It’s not just about who you are. It’s more about who your family is, and what your history is. It takes time and patience,” said Flink, who previously served in the southern province of Uruzgan as part of the first Dutch Task Force.

Even with challenges that come along with a partnership, Roberts believes that their weeks of hard work alongside the 209th Corps Information Operation team are starting to pay dividends. More importantly, it has shifted towards a shouldering of responsibility by the Afghan team.

“Over the weeks and months, we were able to establish rapport with Lt. Col. Mustafa’s team,” said Roberts. “We have partnered with them on tasks such as planning, transition, training and current events that drove some of our activities. They are better prepared to establish an Info Ops community in the 209th ANA. The overall process has exceeded my expectations for success. We’ve progressed very far, made great strides, and met milestones.”

One of the milestones was coordinating and delivering the initial Information Operations course, which lasts 10 days. The comprehensive curriculum begins with three days that cover the military decision making progress. Another significant milestone was that Mustafa, for the first time, completed an Information Operations campaign plan in support of his ANA commander.

Flink is confident in the capabilities of the ANA and believes that Information Operations training is a key in sustaining a successful transition.

“I enjoy working with them,” stated Flink. “You can learn a lot from them because they know so much. As long as they keep up the training, we make sure to continue to mentor, and they can keep it going in the right direction, they will be ready for transition.”

Roberts also believes that the ANA is ready to take the next step and continue to prepare their capabilities.

“Initially we developed the concept of Information Operations to facilitate the training. The training needs to be on going in order for them to increase their skill set to become more effective,” said Roberts.

Even though the Information Operations branch of the 209th Corps is in its inaugural stage, he has faith that it will play a significant role in gaining the trust of the Afghan population, and more importantly, winning over their proverbial hearts and minds.

“We are starting to see the infancy of Info Ops with the ANA,” said Roberts. “They will be able to influence the local populace to foster support for their mission. They realize that the information environment affects people’s perceptions, and it can affect the will of the enemy to fight. That is the ultimate goal.”

Table of Contents

Omaha Cast Net That Caught Cyberthieves

By Matthew Hansen, Omaha World-Herald, 30 April 2012

Imagine for a moment that you are the chief financial officer of a small American business.

You are sitting at your desk sometime in 2009. You are doing your job. You are answering emails.

Here's one from the Internal Revenue Service with the subject line “Tax Statement” and a message about underreported income. Don't want to get crosswise with the IRS, you think, and click on a link.

The link leads to nothing. You try again. Still nothing.

Odd, you think. Then you immediately forget about it.

Several weeks or months later, you are sitting at your desk, doing your job, when the phone rings.

It's an agent from the Omaha office of the FBI.

He asks: Did you just authorize a withdrawal of $30,000 into a personal checking account?

No, you say, as your eyes widen and your pulse quickens. Why?

This is how you learn you've been robbed.

And not just robbed, but robbed repeatedly. Robbed so stealthily, so completely, that you didn't even realize the money was missing.

This, roughly, is how dozens of small businesses and nonprofits — even an Iowa Catholic diocese — learned from the Omaha office of the FBI in 2009 and 2010 about a group of Ukrainian hackers, malicious software named Zeus and a plan to steal $70 million seemingly ripped from the pages of a futuristic thriller.

Weysan Dun, the FBI's special agent in charge in Omaha, agreed to share his version of this very real case, dubbed Operation Trident Breach, during his last week in office. The 30-year FBI veteran officially retired from the bureau Friday.

He agreed to talk extensively about Operation Trident Breach for the first time in part because he and the FBI view it as a success.

The investigation began in Omaha and eventually involved 100 agents working out of the Omaha office. It ultimately led to 64 arrests in several countries, although computer security experts believe the cybercrime's masterminds are still free in Ukraine.

And Dun agreed to detail Operation Trident Breach because, quite simply, it frightens him.

Dozens of chief financial officers clicked on fake IRS emails and unwittingly helped a previously unknown group of cybercriminals unleash what is still the biggest heist of its kind in U.S. history.

And here's the truly scary part: Operation Trident Breach is a metaphorical drop in what seems to Dun and other law enforcement officials to be a bottomless bucket.

The computer systems of Nebraska and U.S. companies, both big and small, are attacked daily.

Crime syndicates and foreign governments, chiefly China and Russia, carted off nearly $1 trillion in money, intellectual property and other proprietary information last year, said Gen. Keith Alexander, head of the National Security Agency.

And far too often, Dun believes, we serve as the de facto guide for these thieves, practically escorting them into our bank accounts, giving them the combinations to our safes and politely looking the other way as they walk with the loot out the front door.

“The current state of affairs has to change,” Dun said. “Most people aren't at all aware of how vulnerable they are.”


The phone rang and Justin Kolenbrander, the FBI agent in charge of the Omaha Cyber Crime task force, picked it up.

An employee of a financial company — a man who had previously completed an FBI training program for private industry — was on the other end of the line.

He told Kolenbrander he had noticed a pattern of about four dozen suspicious withdrawals from several banks. Kolenbrander took the tip to Dun, his boss.

“Look into it,” Dun said.

That's how the investigation that came to be known as Operation Trident Breach began in 2009.

Within weeks, Kolenbrander and another Omaha-based FBI agent, James Craig, realized they had a gargantuan fish on the line. It quickly became clear that dozens of small businesses and nonprofits around the country were losing money in the same fashion.

The Omaha agents traced the movement of the money to various spots in the United States and ultimately to Ukraine, though at first it wasn't clear who was on the receiving end.

(A request to speak to Kolenbrander and Craig was denied because, Dun said, parts of the investigation still are open.)

The pattern the agents unraveled went as follows:

Someone in charge of finances at a small business or nonprofit would receive an email, usually purporting to be from the Internal Revenue Service, the Federal Deposit Insurance Corp. or the company's bank.

The criminals chose smaller companies on purpose. Fortune 500 companies tend to have robust defenses against cybercrime.

“They weren't trying to go after Microsoft for a reason,” Dun said.

Dun shared several examples of these fake emails — commonly known as “spear phishing” — and noted how realistic they looked.

Spear phishing can be far more advanced than the IRS scam, said Brian Krebs, a cybercrime expert who has written extensively about Operation Trident Breach.

In a more recent case, four employees at a company simultaneously received and opened emails, complete with an Adobe PDF file attachment, that looked as if they had come from one of the company's clients. The company lost more than $100,000 from the resulting cybertheft.

“These are really hard to defend against, because they aren't tech issues you can solve with software or hardware,” Krebs said. “The hackers learn about a relationship and use that trust. ... They found out where people expect to get emails from and they go in sideways.”

In the pattern that the Omaha FBI agents were following, if an employee clicked on the fake IRS email, a malicious software, or malware, would infect the computer. Within minutes, the victim's computer would be controlled by a variant of Zeus, a famed piece of malware first observed by experts in 2007.

Zeus essentially can take over a victim's computer, allowing the criminal to see everything, including banking passwords and other seemingly secure information.

Even worse, it allows the person controlling Zeus to emulate the victim online.

As the FBI watched, the Ukrainian criminals used Zeus to steal dozens of chief financial officers' online identities, withdraw money from their business accounts and place it in personal checking accounts scattered across the United States.

Often the companies learned they had been hacked — and in some cases lost hundreds of thousands of dollars — only when an Omaha FBI agent called and alerted them to the cybertheft.

How do you lose thousands of dollars without realizing it?

Sometimes companies don't balance their books on a daily basis, Krebs said. And sometimes the hackers actually make it appear that companies paid, say, their employees instead of placing money in the checking accounts of complete strangers.

“These guys are good,” he said.

FBI agents followed the money trail to a group of Eastern European young adults who previously had entered the United States, usually on forged student visas.

These so-called “money mules” would open checking accounts, wait until the Ukrainian ringleaders (using Zeus) transferred money from the businesses into those accounts and then walk into the banks to make what often appeared to be completely legitimate withdrawals.

They would then wire most of the stolen money to Ukraine or the United Kingdom, sometimes using Western Union, and keep maybe a 10 percent cut for themselves.

The mules often end up being the weak link of big cyberheists such as the one investigated during Operation Trident Breach, Krebs said.

They tend to be young and prone to bouts of stupidity, sometimes flaunting new cars or new clothes.

In one instance, a mule held up a pile of $100 bills, had a friend snap a photo and posted it on her Facebook profile, said Gary Warner, director of research in computer forensics for the University of Alabama-Birmingham, in an NBC report.

Warner was out of the country and unavailable for comment for this story.

The FBI and a number of outside experts, including Warner, tracked the use of the malware. They eventually proved that the hallmarks of this particular type of Zeus were linked to thousands of suspicious withdrawals and led back to one group of Ukrainian hackers.

As the bust neared, more than 100 FBI agents and computer specialists came to Omaha to work out of the office leading the investigation.

In late September 2010, Omaha agents flew to Ukraine, the Netherlands and London, helping to coordinate a massive international effort to arrest dozens of hackers, money launderers and mules in a one-day sweep.

On arrest day, Dun and several other agents helped direct the busts from a war room at Omaha FBI headquarters, located in a dark-windowed, three-story building in the southwest part of the city.

They nabbed 13 people in the United Kingdom, including several who helped to run the conspiracy.

They nabbed several dozen in the United States, mostly money mules; 27 have now been convicted in American courts.

In Ukraine, they nabbed five people — the big fish, detained with the help of an elite Ukrainian military unit.

It was the largest “automatic clearinghouse” bust in the history of the FBI, and it was started and led by the little-known Omaha office.

Since joining the FBI in 1982, Dun has put violent East Coast drug lords behind bars and investigated high-profile corruption cases in Illinois. But Operation Trident Breach was one of the most important investigations of his three-decade career.

“Seventy million dollars,” he said during a break between packing up boxes in his office recently. “It would be absolutely impossible for a (street) gang to get away with that much money.”

Only one glitch: Krebs said the five Ukrainian masterminds were released after a brief detention. Dun won't discuss the arrests themselves, saying they are part of an ongoing investigation.

“These guys are still operating,” Krebs said. “Still very active. Still very sophisticated. ... If they aren't out in the open, they are definitely unfettered.”


Sometimes when Brian Krebs is on a plane, flying on the way to a consulting job or speaking engagement, he finds himself seated next to a small-business owner.

By the end of the flight he has told the business owner to quit using Windows for financial transactions, because it's the operating system most affected by Zeus.

Or he has persuaded the small-business owner to close his business bank account. Just use a personal one if possible, because it affords consumer protections that a business account won't, if you are hacked.

Or maybe the small-business owner gets off the plane a little shaken and uncertain about ever banking online again.

If Krebs happens to talk to a CEO of a larger company, he suggests a serious daylong seminar on computer security. He also suggests what he calls “regular fire drills” for cyberattacks, where an outside company is brought in to customize a spear phishing or other hypothetical attack on the company.

If an employee clicks on a link that unleashes the hypothetical computer virus, there's more training to be done, Krebs said.

“What if part of an employee's bonus was tied to how they did on these security assessments? People would really care about this stuff then.”

When Dun thinks about Operation Trident Breach and the FBI, his thoughts drift from that success to the 200 or 300 other, similar investigations the agency has open at any given time.

And what of the unknown number of masterminds living somewhere in the world, maybe out of the FBI's grasp, who are inventing even better ways to steal money? Or shut down the power grid of a major American city? Or disrupt our water supply?

“Just because it hasn't happened yet doesn't mean it can't,” Dun said. “The potential threat for terrorists (to use Zeus or other malware) is very real.”

One solution, he thinks, is a segmentation of the Internet, where the equivalent of a gated community is created for the financial sector and other areas deemed to need more security.

But even before that, Dun thinks, we need to collectively have our eyes widen and our pulse quicken at the thought of the drumbeat of financial cybercrime.

On some level, he thinks, we are all the chief financial officer, accidentally allowing thieves into our bank accounts, and unaware that we can't even see that the money is gone.

So do we want to sacrifice security for the ease of online financial transactions? Do we want to accept the risk of cybercrime as the 21st century risk of doing business?

“The offense is so far ahead of the defense here,” Dun said. “We really need to collectively realize this as a society. We need to figure out how to make this work.”

Table of Contents

Army Wants To Monitor Your Computer Activity

By Joe Gould, Army Times, May 5, 2012

In the wake of the biggest dump of classified information in the history of the Army, the brass is searching for ways to watch what every soldier is doing on his or her Army computer.

The Army wants to look at keystrokes, downloads and Web searches on computers that soldiers use.

Maj. Gen. Steven Smith, chief of the Army Cyber Directorate, said the software was one of his chief priorities, joking that it would take the place of a lower-tech solution: “A guy with a large bat behind every user as they go to search the Internet.”

“Now we’ve been in the news — I don’t know if you’ve seen it — with a little insider threat issue,” Smith continued.

Smith did not mention Pfc. Bradley Manning by name. However, the effort comes in the wake of the former intelligence analyst’s alleged leak of hundreds of thousands of pages of classified documents to the anti-secrecy organization WikiLeaks in 2009 and 2010. Manning faces a military trial on 22 counts, including aiding the enemy.

According to Smith, the Army will soon shop for software pre-programmed to detect a user’s abnormal behavior and record it, catching malicious insiders in the act. Though it is unclear how broadly the Army plans to adopt the program, the Army has more than 900,000 users on its computers.

Smith explained how it might work.

“So I’m on the South American desk, doing intelligence work and all of a sudden I start going around to China, let’s say,” Smith said. “That might be an anomaly, it might be justified, but I would sure like to know that and let someone make a decision, almost at the speed of thought.”

The scenario echoes the allegations against Manning: As an intelligence analyst charged with researching the Shiite threat to Iraqi elections, Manning raided classified networks for State Department cables, Afghanistan and Iraq war logs and video from a helicopter attack, according to courtroom testimony.

Software of the type Smith describes is at various stages of development in the public and private sectors. Such software could spy on virtually any activity on a desktop depending on its programming, to detect when a soldier searches outside of his or her job description, downloads massive amounts of data from a shared hard drive or moves the data onto a removable drive.

The program could respond by recording the activity, alerting an administrator, shutting down the user’s access, or by feeding the person “dummy data” to watch what they do next, said Charles Beard, a cybersecurity executive with the defense firm SAIC’s intelligence, surveillance and reconnaissance group.

“It’s a giant game of cat and mouse with some of these actors,” Beard said.

What’s exciting, Smith said, is the possibility of detecting problems as they happen, on what cybersecurity experts call “zero day,” as opposed to after the fact.

“We don’t want to be forensics experts. We want to catch it at the perimeter,” Smith said. “We want to catch this before it has a chance to be exploited.”

Download 389 Kb.

Share with your friends:
  1   2

The database is protected by copyright © 2022
send message

    Main page