Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
United States

US Admits CyberWarfare against Yugoslavia 123

Anonymous Coward sent us a piece of cyberwarefare news. The US Military has said that during the conflict in Yugoslavia "cyber" war was used - although refused to get any more details. In related news, the the United States Space Command has been given the responsibilty to better guard the military computer systems against infiltration.
This discussion has been archived. No new comments can be posted.

US Admits CyberWarfare against Yugoslavia

Comments Filter:
  • Not all hacking/cracking (no flames, please) is done through the Internet. Dial-in access modems are very common for utility equipment like phone/electricity (I wouldn't know about water and other infrastructure). These are susceptible. There are other ways into other networks as well, especially if you've compromised the telecom infrastructure in general. Example: They're using a leased line? Fine, the attackers "own" the switch and deal with it from another angle.
  • Nobel invented Dynamite (sawdust soaked in nytroglycerin) not TNT (tri-nitro-toluene).
  • I don't know the current US IW policy towards China but here is China's view on IW provided by Major General Wang Pufeng in his paper THE CHALLENGE OF INFORMATION WARFARE excerpted from China Military Science (Spring 1995).

    "In wars of the future, China will face the enemy's more complete information technology with incomplete information technology. Because sometimes superior tactics can make up for inferior technology, China will still carry out its traditional warfare method of "you fight your way, I'll fight my way," and use its strengths to attack the enemy's weaknesses and adhere to an active role in warfare. To do this, it appears that we must pay even more attention to:

    • Fully utilizing the advantages of national territory and front information facilities to carry out reconnaissance on the enemy's situation and protect ourselves and attack the enemy
    • Developing, improving, and utilizing China's information weapons in a concentrated way to carry out raids on enemy operation platforms and bases and damage and foil the enemy's offensive
    • Emphasizing mobile war in the context of information warfare
    • Conscientiously organizing sabotage operations by the Army, Navy, and Air Force, grasp exploitable opportunities, and make continuous raids to exhaust and wear down the enemy
    • Organizing specialized combined special warfare troops and equip these with information technology weapons to carry out powerful special warfare.
    In summary, our warfare methods must adapt to the needs of information warfare. We must use all types, forms, and methods of force, and especially make more use of nonlinear warfare and many types of information warfare methods which combine native and Western elements to use our strengths in order to attack the enemy's weaknesses, avoid being reactive, and strive for being active. In this way, it will be entirely possible for China to achieve comprehensive victory over the enemy even under the conditions of inferiority in information technology."

  • You know, I've seen several posts now that assume that this was some kind of attack through the internet. I read the article and didn't get that impression. Hell, I read it and it was vague enough that you could substitute almost any type of attack for cyber and it still makes sense (well ... doesn't make any _less_ sense, anyway)

    I wouldn't assume that this was a DoS attack against Slobodan's Military C&C NT server at www.babykillers.com or some such nonsense. As was pointed out, what real damage could you do? What critical assets are going to be accessible over the public network?

    When I read it I got more the impression that it was some sort of attack against closed networks that might have involved a more direct form of sabotage (HERF, jammers, seal teams, etc). Ah dunno, it was pretty sketchy on details so its anybody's guess.

  • For the life of me, I can't find the link to it, but Yesterday's Seattle Times newspaper ran a front page story on "Foriegn Hackers attack Pentagon and military targets". The reporter cited a senate subcommitte's report on a code name project that was just made public by the Pentagon. I guess there is an extensive investigation going on where they (Pentagon) has traced back intrusions from Russian computers.

    They claim "vast" amounts of information, most unclassified, was stolen from various departments. NASA is included in one of the attacks. This was done over a long period of time with out detection. It claimed they have no idea who is behind the attacks and don't know of any identities of attackers.

    If you know anything about this, I'd love to hear more. I can't find any links out there that refer to this. All I have is a newspaper (which I'm not going to retype, sorry). Not even the Seattle Times [seattletimes.com] website has a reference to it, even though it was their story.(?).

    Anyway, thought this was relavant to the story above, except in reverse.

    -colin.s-

  • But when all the ATMs are down, no phones, no automobiles start, no TV, no computerized gunsights, no JSTARS, no AWACS, we'll still pick up the nearest handy object and start clubbing.

    "The number of suckers born each minute doubles every 18 months."
  • by jafac ( 1449 )
    Documented proof:
    Some show on the discovery channel like a few months back, some guy with a pickup-truck mounted microwave transmitter totally zapped a car so the engine stalled, and wouldn't start. They had to enclose the TV camera in a faraday cage to protect it.

    "The number of suckers born each minute doubles every 18 months."
  • Wonder what the "cyber mulitary hacker punk" type looks like? camo ties and helmets with computers spray painted on there.
  • by Anonymous Coward
    Electromagnetic Pulses can't just be transmitted. It's a burst of charged particles that can only generated by man using nuclear explosions (i.e. they aren't photons; they're alpha particles). Yes alpha particles can be created by means other than nuclear bombs (e.g. particle accelerators), but not sufficient enough to disrupt power stations, etc. Alpha particles are better know for screwing up satellite transmissions and creating Aurora Borealis after a sun spot erupts. I suppose scientists may have found a way to generate them without resulting to nuclear fission, but it would, of course, be very top secret and without public documentation, meaning that stories of such things are purely sci-fi unless they can be proven.
  • I'm reading into that perhaps too much, but if countries go to war, communication should increase, not decrease. If a government attempts to disable a communication medium dominated by citizens, that is bad. Disabling radar sites could be considered a viable strategy, and I have reservations about knocking out television sites, but the internet or ham radio operators? It just proves war is ugly and full of destruction in every way.
  • by Anonymous Coward
    First of all, spelling: Sarajevo. Also, Sarajevo is in Bosnia and Herzegovina, not in Serbia, and US didn't bomb Bosnia.
  • No, disabling a commmunication medium dominated by citizens is, in fact, a wonderful thing to do in a war. It creates discontent within a country, which, in turn, decreases popular support for the government, making it harder to fight a war.

    The wonderful thing is, it does this without killing anyone. Disabling a state's communications grid is not a big deal at all, compared to getting blown to pieces. Personally, if war is ever fought on U.S. soil, I'd much rather have my power and phone shut off than have my house destroyed.

  • Yeah, okay. So, it's kind of long, but I was in the mood to write a dumb story about 'cyberwarfare'. :)

    I guess the next wave of mil-sci-fi books ("Honor Harrington", "Miles Vorkosigan" and the like) will be about this type of hacker to hacker warfare. Somewhere between "Ender's Game" and "Crimson Tide".

    io'b The Submarine paradigm would probably suit this sort of warfare. You sit in a steel box and work completely by instruments. I wonder is it a coincidence that the US Navy seem to really have a handle on some of this type of making extrapolations from signals seen on the Internet.

  • Why, exactly, would this be a joke? Is the idea of a US organization tasked with maintaining US military assets in space completely incomprehensible to you?
  • So what would actually constitute a conflict in cyberspace? Realistically I don't think that it could be done by human beings. It would have to be programs, reacting at millisecond scale times.

    but apart from preprogramming them with some standard attacks, how could you ensure they would win? you would have to get into online war gaming to be sure your 'bot had the best strategies ... maybe using learning strategies or Genetic Algorithms to grow or modify from some basic strategies.

    now that does sound like an appropriate use for beowulf clusters. spread the clusters widely across the internet so as to use the actual infrastructure as part of the physics model. whoever captures the most flags by reducing the functionality or compromising the integrity of your opponent's wins.

    sounds a little like the current cracker environment on the 'Net to me ...

  • There's such a mind-boggling load of misinformation there that it's hard to know where to begin.

    No, EMP does not consist of alpha particles. Alpha particles are simply helium atoms stripped of their electrons. They have a range of a couple inches in air before they strike another atom or molecule and lose their energy, becoming plain old helium.

    EMP is just high intensity broadband electromagnetic radiation, like the static you hear on the radio when lightning strikes-- only much stronger.

    They're produced by a _high altitude_ nuclear burst, wherein the gammas produced by the device as it detonates cause the creation of a large amount of electrons in the upper atmosphere as they collide with air molecules. Lower level bursts result in a far more localized, but similar, effect.

    God forbid you should want to try to inform yourself, but you could just go to google (www.google.com, duh) and search for 'electromagnetic pulse'.

    By the way, yes, you can produce EMP without a nuclear weapon. Check www.airpower.maxwell.af.mil/airchronicles/kopp/apj emp.html. And, by gosh, it's not even classified.
  • While I agree with you that people seem to have this need to relate everything to the Internet in some way but, in reading the article about the use of information warfare tactics in Yugoslavia the Internet was never mentioned.

    When reading this type of article most of us picture top secret NSA types sitting in front of their monitors and cracking systems. This assumption is incorrect in that it provides unreliable results especially considering during the bombing campaign the the cities where blacked out and there is a good chance that F16 or other aircraft are bombing communication centers (you can't crack a site if you can't connect to it).

    It is more likely and i've heard rumors about this from several military contacts that conventional electromagnetic pulse bombs where used. These weopons are generally based on the Northrop GAM Mk.84 bomb kits and can be fitted to a wide variety of aircraft. The use of such a weapon reduces the cost in human lives because it is specificly designed to fry electronic equipment.

    Just because it's information warfare doesn't mean the Internet is involved.

    FooGoo

  • This, I think, is an excellent idea. Imagine the possibilities... Greatly reduced casualties. Reduced defense costs (a $10,000 computer rather than a million-dollar airplane...). Viruses rather than nukes. And I bet recruitment would be easier, too... Who wouldn't want to get paid for hacking?
    I hope the US continues to use this well into the future.
  • Sorry, that is right. My rant got away from me.
  • Several years back I remember hearing that the FBI was taking some heat over the fact that their conviction rate for computer crimes was practically zero, despite numerous (well, numerous for the time) arrests. You do the math.

    It's probably less prevalent now, since the average perp they catch is likely a 12 year old with BO2K and a bag of scripts. Not exactly spook material.
  • Nope, the US Space Command has a variety of duties one of the most interesting is to track all the junk orbiting the planet left over from previous space missions.


  • Command is staffed by officers who are trained to handle that risk. The average hacker, on the other hand, is not.
  • I would guess that in addition to the bank "diddling" that Clinton had authorized, the primary "cyberwarfare" that was involved consisted of carbon fiber warheads to kill electrical substations and more conventional things like that rather than some 31337 d00d trying to own some box.
  • by Anonymous Coward
    (Apologies for the length of this message)

    I have serious doubts that any of the info released/implied so far, on the subject of Cyber-war against Yugoslavia shoud be taken seriously.

    I am Bosnian Serb and as such have lots of friends and family in Yugoslavia. I have lived there until 7 years ago and I've stayed in touch with most of my 'nerdy' friends there, so I believe that I have decent picture of technology and electronic infrastructure there. I have been 'on-line' during the war, constantly exchanging news and 'I am still OK' messages.

    There simply isn't anything worth trashing in Yugoslavia that is accessible via Internet except news sites. And that would be way too easy, and as far as I know it didn't happen (not to mention that that would be media war and not cyber war per se).

    There were though, warnings on www.beograd.com (Beograd=Belgrade) and other sites of imminent danger that those sites will be 'switched off'. I think this is also more to do with the fact that most Yugoslavian information/news sites are hosted in US, Canada and W Europe. They just couldn't afford bills when their traffic shot trough the roof during the war (they were probably paying for up to xxxxx hits per day).

    As far as non-Internet networks and information systems are concerned, I think that customs and tax office has the best network there of all state owned companies/government agencies. And it's not much cop either... Telco (yes, one) is owned by Italians and is being rebuilt but is still 'shot'.

    Jane's Defence analysts were forever telling us on Sky News that YU Air-Force had very good fully integrated radar system (unlike Iraq for example). By integrated they meant, optic fiber between sites, all owned and made for Air Force (believe me in 'Old' Yugoslavia we could afford to dig up half of the country side and lay cable for army/air force, and Belgrade only got it's subway 2 years ago). There is/was great number of mobile (Czech and Russian made) radars in YU AF. These are pig to hack into due to their 'sophisticated' design. Anyway, it is irrelevant now - it is well known fact that YU air force kept them switched off for the most of the time to avoid detection by USAF airplanes with radar seeking missiles. Yes this was done at the great danger to human life - sirens were very erratic throughout the war. But Slobodan's (can I call him The Pig on /.?) tactic was always to 'survive' and hope that NATO governments loose the stomach/nerve for the war and for him to keep the war machine intact.

    Only coordinated efforts by Yugoslavians on the Net were two-fold: 1) sites like www.belgrade.com were posting info on Air raids as quickly as they could. But this was too open and so difficult to verify, sometimes obviously exaggerated that no one could take it seriously. ICQ was used to the same effect (dissemination of info/propaganda) and 2) YU, Russian and other hackers sympathetic to YU coordinated some half-decent attacks on western media's and some military web sites, mail flooding of the same and thorough trashing of some unofficial Albanian sites. There is little evidence that US agencies or hackers took these guys on in an organized effort. It is interesting that at the time Sky News, CNN et al reported on 'Captain Dragan' (allegedly ex-Foreign Legion and veteran of war in Croatia '91-'92) and his 'crackers' saturating western media and NATO sites with ping/mail attacks. They had interviewed them on TV and all. Some clandestine operation...

    I should also mention that I was in Bosnia just after the war in Yugoslavia, to see some friends and family (some who ran away from Belgrade) and heard horror stories about ISP's there. I had to get something of the Web and asked friend if I could use his account. He told me I could use anyone's account in Bosnia... His kid brother and his mates were cracking main ISP and using other people's ID's and passwords to avoid paying online charges, including ID belonging to one government minister. Two words: Windows NT. Get it?

    I think that due to the issues of availability of technology and inflexibility of YU/Russian/etc. defense forces (but probably not intelligence services), US & NATO cyber war efforts will be focusing on defending and prevention of attack from rogue individuals and foreign intelligence service sponsored crackers rather then attacking 'installations' as such. Or taking broader definition of cyber war into account intelligence missions could be/have been conducted in cyberspace in the recent conflicts. I simply don't accept putting up agit-prop web site as a cyber warfare, that would be simplistic view of Sky News and co.

    I think that recent 'slips' on the subject of cyber warfare are more to do with counter-acting stories of Russian intelligence and crackers getting into US Defense computers then some serious cyber battles in the very recent time.

    *I should probably mention now that I am both strongly anti-war AND anti-Milosevic so I consider my opinions posted on this subject fairly un-biased. I hope that you understand why I am posting this as Anon. Coward ('caus I am a coward ;)).

    (Apologies for the length of this message)
  • Seargant: "Command?"

    S: "Command?"

    S: "Command?"

    Private: "Sir, they're coming. What should we do? Where's the rendevous? Is the airstrike coming? When?"

    S: "Lock and load, son, we stand here."

    (multiply by X units in the field)

    Information is power, we know that. Controlling it and limiting it for the enemy will be a key to W.A.R. (We Are Right) in the 21st, and any other, century. Not that the above post wasn't funny, it was, but this looked like a good place for my $.02. (BTW: if CmdrTaco had .02 for every post..oh wait)
    (~Singing)"Back to life, back to re-al-it-y(/~S)
  • It is somewhat amusing to think of the US engaging in 'cyber warfare'. But the serious part is not so funny. By disrupting the communication channels of the enemy, you leave them more vulnerable to conventional weapons. It might be better to screw up their phone system (for example) than to nuke them. But what if screwing up their phone system prevented a town from telling the rest of the world they were under attack and needed reinforcements?

    It's very similar to the situation with non-lethal military weapons. Things like that sticky gunk they spray on people. It is very funny to watch, but if you think about it you start to wonder what happens to the people that get stuck. How hard it is to shoot someone who can't move?

    Disrupting electricity is another example. You could argue that disrupting their electricity is better than lethal force. But if you need electricity to detect and defend against attacks, it suddenly becomes a more important issue. Disrupting their electricity could cause as many fatalities as traditional weapons.

    Non-lethal weapons can be every bit as scary as guns and nukes.

  • Often with stories like this, where they don't have details, you'll find that there are wildly carying ideas of chat "cyberwarefare" is.

    Army guy#1 "Huh, huh... I, like, ping-of-death'ed him."

    Army guy#2 "Dammit! L0phtcrack won't download their pa55w0rdz!!!111!1!1"
  • I certainly hope that our world will progress to the point that cyber-enabled warfare is a possibility. It may end war as we know it.

    But then the spacemen will come and destroy our euthanasia machines to re-aquaint us with the horrors of war that we had long forgotten, having played the war simulation game for generations.

  • The fact that cyberwarfare is going on, and the fact that almost everything is connected these days will make you scared how far it can reach.

    I work for a company that produces electrical utility relays. For those who don't know a relay in this instance isn't just a little box that you apply power too and it flips a switch that allows greater amounts of power to flow through another circuit. Power relays are complicated microprocessor systems that monitor power lines for trouble, they then trip large breakers that will cut power.

    Anyways back to the topic. The power industry is currently moving towards a standardized protocol called UCA. UCA is an application layer protocol that sits ontop of either TCP or a seven layer OSI stack. Within the protocol are things called GOMSFEE objects.

    GOMSFEE objects are a standardized way of naming values the relays can report back to whoever has a UCA master station, they also have a standardized way of naming the controls that a relay can accept. Such as 'Trip breaker on feeder to Iraqi command post'. No there isn't a command that is called this exactly that's just an example.

    With a standardized way of naming controls, and information, it makes it easier for utilities to control their equipment. And it makes it easier for utilities to figure out what a device is telling them without having to look up a points list. But this also makes it easier for everyone else to as well.

    UCA runs over TCP, which means it can run over ethernet and over the internet. If a cyberwarrior knew where a UCA enabled relay was in the world, he could hack his way through the network and then tell it to turn off power to whatever site, and in some cases in such a way that the large UPSes won't kick in. The smaller APC UPSes will always kick in. But if the relay that cuts off main power to a system, also controls the bus transfer to the site UPS, the cyberwarrior can completely shut down a site.

    I don't know the UCA protocol as much as I should, but I don't think there are securities built into it like encrypted master/slave authentication. And I really don't think this would matter if it did. I'm pretty sure that a large national defense department will have the legal leverage to foce the equipment manufactures to hand over the keys to let them into the control equipment.

    This is only one case of how our connected world makes it easier for the armies/terrorists of the world to do some truely dangerous things. It may be hard to kill a person accross the internet. But if you shut down the bus transfer relays in a hospital that the person is on life support in....

    BTW these are my view alone, not my employers. I only deal with UCA from the outskirts at most, so I may be wrong with how it works. But I'm pretty sure I have the basic points of it.
  • FidoNet? Are you serious?

    My memories of FidoNet link back to one vulnerability - just call the sysop's mom and tell her to make her son use the computer for homework instead of those silly BBSes.


    - Darchmare
    - Axis Mutatis, http://www.axismutatis.net
  • I see. Thank you for the clue-in.
  • I coded for the US Air Force as an enlisted
    member for 4 years(ending last week, thank god).
    I guarantee you that it was all done by a couple
    of otherwise ignorant Airmen and 1LTs who just
    downloaded all the new scripts from whatever
    site it is you get scripts from nowadays.
    While there I was being considered for just this
    job, but couldn't get the security clearance due
    to my checkered past as a juvenile deliquent.
    Had the Yugoslavian gov't been smart enough to apply security patches(maybe ZDNet does their security auditing), the US wouldn't have succeeded.
  • by FooGoo ( 98336 )
    I submitted the US Space Command to head up CyberWar story and it was rejected :(

    Either way glad the story made it.

  • Yay, the whole /. will be enlisted during the next war!! CyberViet!!!


    The word "woman" is no longer politically correct.
  • by MaximumBob ( 97339 ) on Friday October 08, 1999 @11:05AM (#1628410)
    Oh, surprise, we used cyberwarfare. Big deal. In fact, I'm all for it -- it's a lot easier to accidentally kill some innocent civilians with a bomb than over a network. Furthermore, any way to attack the enemy without putting American lives at risk is fine by me. This seems to be the least savage piece of warfare I've ever seen, really. I kind of wish they'd tell us exactly what they did, though. Maybe in 50 years.
  • It makes sense. In fact, wouldn't you be worried if they didn't?
  • by Hermetic ( 85784 ) on Friday October 08, 1999 @11:15AM (#1628414)
    Think real hard! Which scares you more? The NSA hacking into you computer systems? Or maybe the USAF dropping a few dozen 1000 pound bombs near and around your house?
    Sure they used "cyber-warfare." Hacking doesn't blow shit up!

    This actually has a lot more to do with the Jane's article then is first apparent. Consensus on /. was that the article glossed over the important bits of cyber-terrorism. Well, I think that the US military is a lot better at making things explode in third world countries than they are at shutting down the Subway system in downtown Sarejvo.

    I certainly hope that our world will progress to the point that cyber-enabled warfare is a possibility. It may end war as we know it.

    But I think we should also remeber that Gatling (of the large spinning machine gun fame) and Nobel (father of blowing things up and inventor of TNT) both thought the same thing of their inventions.
  • by dattaway ( 3088 ) on Friday October 08, 1999 @11:15AM (#1628415) Homepage Journal
    Back when I was in college, the internet was just a very useful medium in which to exchange ideas. Sure, there were problems that errupted from flamewars, a few compromised accounts, denial of service attacks, etc.

    If the net was down for a day due to a dumptruck backing into the air conditioner system letting the computers overheat, satellite was down, someone cut the cable, or whatever, life went on. It was never made into a federal case. Someone may have got a talking to or wrists got slapped. The worst case when the VAX was rooted. The person in charge was fired over the incident and the student was later in school.

    Now, it seems people are taking the internet more seriously by putting all their eggs in this basket, but understanding less about what happens to that traffic. The net these days seems to have connotations of Al Gore, Microsoft, AOL, the FBI, and child molesters, and terrorism.

    Few people think about the community of people that make this information network happen. Its about people hooking up hardware and writing the software to make it all happen. Money seems to distort the fun nature of all this into corruption.

    Al Gore created the internet? Bullshit. Microsoft innovate the internet and the road ahead? Big Lie. FBI and the NSA need to watch it? Keep their Goddamn hands out of it! AOL the internet? They provide many people now, but started off badly.
  • Is it just because its now a 'past' issue that they announce this?
    I haven't seen any mention of this type of warfare against Iraq but perhaps that is because the US govt. is still in a 'conflict' state with them, even if it doesn't make a lot of headlines these days.
    I don't see any comments about the US's 'cyberstance' against China, either. I would imagine they are just in a monitoring state with China(see Echelon), I can't imagine them releasing Computer virii or doing full scale computer cracks on Chinese networks.
  • You'll also get enlisted, but will fight against us (or maybe with us - who knows which countries will fight together in WW3 :)


    The word "woman" is no longer politically correct.
  • Space Command? Is this a joke?


    AdamL.
    http://sprawl.net
  • With the supposed vulnerability of the US military computer networks, you'd think that they would try to avoid retaliation a little more.

    Maybe the vulnerability is a ruse. Some old server that the pentagon lets people trash so the real stuff is left alone.

    Sneaky bastards.
  • So, how exactly does the government gather their personnel for this?
    Are there secret cracker training grounds near Langley, VA?

    Or perhaps they get them the "Stainless Steel Rat" way, by asking the crackers that they catch if they'd like to join up and actually get paid to do the things that they do so well?

    -Vel
  • I sort of doubt that any Yugoslavian air defense computers were online and connected to the internet. You can't just knock down their systems while sitting behind a computer back in the USA.

    So what did the US do? EMP? HERF? Trained rats that chew through the wires?

    I can just imagine commando teams of SEALS and Rangers secretly digging thru dumpsters in Belgrade, looking for l337 inph0z. *g*
  • Exactly how do you translate "l am 3l337 hax0r d00d" into Serbian?

    George
  • Hmmm, I wonder if you have to know the difference between Imperial and Metric 100baseT cabling lengths...

    This might be my opportunity to send Mir crashing down onto the AntiOnline servers...

    Seriously though, I rather like the fact that these two are now related fields. :)
  • .. at least that's what the poll [slashdot.org] said.

    I like /.'s international flavor, I also try to specify, where applicable, my own cultural biases.
  • ...against the Iraqis during the Gulf conflict, hoping to disrupt their communications so radar sites couldn't be used in a coordinated manner. I don't think it succeeded, but it was a good first shot at offensive information-warfare operations.

  • What makes a computer cracker a better target than say a code cracker, intelligence inpreter ( ala CIA ) or any other noncombat roles that aid in the effort to disrupt enemy operations. People are aware of the risks when they sign up for the military. If they don't like it, tough, they signed their names on the dotted lines. War sucks, eh?
  • by blazer1024 ( 72405 ) on Friday October 08, 1999 @11:47AM (#1628430)
    ...[Scenes from the front, WWIII news coverag]

    "Sir, we've got incoming!"
    "Lieutenant, keep that firewall up, damnit!"
    "Ach! ICMP everywhere! I canna take it anymore!"
    "Get me a line to the Pentagon."
    "PTPP link established. Using 1024-bit encryption. Go ahead, sir."
    [Typed: Colonel Johnson requesting permission to use the secret weapon.]
    ...
    "Crap! They're e-mailing us porn!"
    "Damnit! Shut down the routers!"
    "Sir, we've got Back Orifice, trying to get in through that last NT server."
    "Ahh! Why didn't that get switched to BSD?!?"
    "Too much red tape, sir."
    "Unplug it. We won't need to worry about rebooting anyway."
    "Aye, sir."
    "Status on the Linux boxes?"
    "They're under a lot of stress, but they are taking it well."
    "Good."
    "Sir, you know that inefficent router we have? Well, I just found out it's M$ based. We can't shut it off. We're going to have to wait for the porn to finish."
    "Damn. I hope HQ gets back to us soon."
    ...[Incoming message from the Pentagon: Permission granted. Give 'em hell, Colonel.]
    "Yes! We have permission! Get ready to launch the secret weapon."
    "SMTP online, preparing to send."
    "Set it up for HTML plus plain text. I want both mime and UUEncoding. Let's get ready. Images will be 32 bit RGBA. Text is to be as follows: 'Buy! Buy! Buy! *LOW* prices on your favorite collectable items! ...'"
    ...
    [Bad Text to Speech Synthesis] "S.P.A.M. launcher ready. Please enter authorization code."
    ...
    "FIRE!"
    ...
    "150 billion spam messages sent. They're falling back! They have offered to surrender!"

    Yeah, okay. So, it's kind of long, but I was in the mood to write a dumb story about 'cyberwarfare'. :)
  • I have to agree. WHile it sucks that the 'net gets bogged down, and it's highly unfair to slow data transfer between countries that are not at war, this is a way to accomplish a goal (c'mon people...wars are reality) without actually killing people. Hip hip.

  • And then... when nobody even remembers what real war was like... we'll blow the living tar out of em!
  • With the supposed vulnerability of the US military computer networks, you'd think that they would try to avoid retaliation a little more.
    Why? They THINK their networks are secure...at least for the most part.

  • Even assuming dial-in access may be too much, and taking control of a crossbar phone switch is kind of a funny idea. Ever heard of an "alarm pair"? It's a copper circuit with DC continuity. No way to hack it without getting into it physically, and very useful for simple control stuff. And this is what the USA had 30 years ago; I doubt that most of Yugoslavia is even up to those standards.

    On the other hand when Milosevic tries to use the Internet to push his propaganda, he's out in the cracker's home territory and they can keep him from getting his message out. That's where I would expect the cyberwarfare to have its impact, not on the ground in a relatively backward country. Turning off the lights takes an airplane dropping a carbon-fiber mesh net, not a guy sitting at a keyboard.

    Well, that's warfare for you. No matter how fancy the weapons get, sooner or later someone has to put their ass on the line and do some real work.
    --
    Deja Moo: The feeling that

  • I agree. Most of Interent users here are students and generaly speaking educated people, and I can garantee that 90% of them (us) are against Milosevic.

    Not to mention the Serbian Orthodox Church [spc.org.yu] which seems to be pretty heavily wired. They've been vociferously anti-Milosevic.

  • I may have jumped to a conclusion. One of the Internet Mapping sites that got /.ed a few weeks ago had a series of maps showing the changes in the .yu domain over the course of the bombing. It immediately occurred to me that some of the outages may have been connected to this cyberwarfare effort and not due directly to the bombs.

    The article didn't actually say that, but the official sources weren't saying an awful lot. There's plenty of room for speculation.

  • You're romanticizing the military's hiring of computer-geeks too much. The services don't go out courting geeks and hackers. Engineers don't get a bad deal, but that's still mainly mediocre pay and free graduate school.

    I assure you - no one can tell the difference between the guys working in personnel who shuffle papers all day, the guys working in Aircraft maintenance who constantly bitch about funds because they've got 4+ F-16s that just sit in a hanger all day and get scavenged for parts, and the hackers, who sit in front of the computer all day. The hackers hired by the military are normal personnel, from the outside perspective. Do you really think that the military will get so desperate for hackers that they will allow someone to not go to boot camp, not get their hair chopped, and not wear a standard uniform to work every day?

    Military hackers are just people, doing their job. The vast majority of these folks are just kids - doing their stint in the service, and just waiting to get out, because - you said it, and so did I - the pay sucks. There are enlisted personnel on base with wives and kids who are forced to live off food stamps, because the military cannot pay them enough to support their families. It's ridiculous, when you stop to think about it. Military service used to be an badge of honor, worn proudly. Nowadays, it seems as if it's a last resort. Kids without too many other options resort to it. Can't get a job that pays well out of high school? Go into the military! They'll take care of you. That's where these military hackers come from. They're kids who don't have any other options.

    Do you rememeber that article [slashdot.org] in Rolling Stone by Katz? Those two kids, Jesse and Eric were geeks, but they were stuck in dead-end jobs in a dead-end town. Those are your military hackers. And do you know the worst thing? The military's not a career, not for those types - the private sector is too inviting. The best talent goes to the private sector, leaving our country's information in the hands of the next set of kids that are just using the service as a means to an end.

  • As far as Russian stuff goes, their equipment is very fault tolerant (even if a bit 'primitive'). They used vacuum tubes in their radar for a long time, both because they were immune to EMP, but also because they could handle higher power rates. The ELBRUS 2 (I think) was incredibly unreliable, it crashed every ten minutes. Of course, it rebooted the affected part, with little or no problem to the operating software.
    Military wise, it probably would not have been difficult for NATO forces to invade Kosovo. A diversionary strike against Vojvodina probably wouldn't be very costly, either. In Vojvodina, the plains are perfect for tank warfare, and since the plains spread into Hungary, there would be few natural obstacles. A tank battle between NATO M1A2 and Leopard tanks against Russian T-80's would probably be in favor of NATO. In Kosovo, troops on the ground would increase the hit rate exponentially. One other thing that isn't mentioned in the news very often, is that the majority of successful hits on Yugoslav forces were called in by the KLA (indirectly). Air attacks against mobile ground targets is not very effective unless you have a spotter on the ground to call in close air support. Ground forces also decrease the worry of AA, since the ground that is controlled by ground forces is (supposedly) free of enemy AA.
    Yugoslav comapnies selling weapons probably isn't a great idea to get an idea of the capabilities of the JNA, since many weapons were supplied by Russia (of course, Yugoslav companies could be offering surplus Russian weaponry, too). But yeah, the JNA was in better shape than the Iraqi army, and in a better defensive position. Of course, it things got too dirty, we could of just given the Ko
    sovars heavy weapons and let them do the dirty work.
    Cyberwar in Serbia took the form of killing TV stations, radio stations, power subsystems, etc. The primary weapon for taking out power stations was a carbon-fiber bomb. The carbon fiber would drift in the equipment, causing shorts everywhere. Non-destructive, but it takes time to correct. It disables it for the enemy, causing discomfort to the civilian population, but is easy to repair when reconstructing the country. Other uses would be extensions of old tactics like disinformation and propaganda.
    Overall, perhaps not as effective as hoped, but Milosevic did effectively lose Kosovo, and Serbia's infrastructure isn't exactly in great shape.
  • This will probably never get read now, but so what. The Geneva convention isn't perfect. Furthermore, I don't think the U.S. is actually a signatory. Finally, Milosevic doesn't really seem to have any problems doing it himself.

    Besides, how is it different from bombing a bridge? It may be chiefly used by citizens, but if the military needs it, too, then I don't see a problem with keeping them from using it.

  • I see that you are talking about cyberwar against Yugoslavia during air strikes. But you have totally wrong idea about what cyber war means. Nobody attacked some .mil comps or things like that. Most people from Yugoslavia (including myself) tried to send TRUE about what is happening here. You think that CNN and other media reported true from here ? No way. USA and NATO didn't had real human reasons to do this, except theirs own interest. So they lied about what is happening here. And all of us tried to distribute true to media, people and governments outside the country. And I think succsessfuly. Cyberwar was in distributing true, not anything else.

    Best regards from Belgrade...
  • by Anonymous Coward
    So it was the U.S. government that sent the spam promising me the "hottest sex," when the site turned out to have just a picture of a naked slobodon trampling over a city. I still shudder at the thought of that picture.

    Them boys in Washington sure are clever.
  • no no. You've got to spell it correcty or babelfish won't recognize the words: 1 4m 31337 h4x0r du0d.
  • I can see it now

    *KLAXONS, RED FLASHING LIGHTS*

    "What is it, lieutenant? Inbound ICBM?"

    "No sir. Inbound pingflood from some 3l33t high school jerk."

    "Ah, OK. Standard response. But use the 350 Kiloton yield for being stupid enough not to change the source IP."

    "Yes sir!"

    Do we really want an office where it's your JOB to overreact to be in charge of electronic security?

    Just a thought... :-)
  • Does this make sense as a srategy? Demand that the Serbs throw out Milosevic, then proceed to cripple the primary infrastructure used by the anti-Milosevic factions. I'd wonder about it if I already weren't so damn certain.
  • by Apuleius ( 6901 ) on Friday October 08, 1999 @11:26AM (#1628455) Journal
    So, say you're a hacker and you're hired by the US government to work securing .mil networks, and make good money, and later on you are offered a position on a black hat squad for things like messing with an enemy country's phone system, et cetera.

    Military pay sucks, and your skills are in demand, so you blow off suggestions that you go through boot camp (who needs that, right?). In another world, the army would respond by offering you huge pay if only you agree to go to boot camp and an officer training course. But there's hardly enough budget to get you even to look at the armed forces, and they need you.

    And then a war starts. From the comfort of your office in a military base you set out to root machines on the other side of the front, you're having the time of your life. But, guess what:
    you're a fair target for the enemy now. Look sharp, soldier! On the bounce! Forget about going to your favorite net cafe until the end of the war. Don't show your face in public. You don't know who might be waiting to shoot you in the back of the head.

    Think about. If you're engaging in efforts to disrupt an enemy's infrastructure, why should he not try to find you and shoot you? Why should you be regarded as a civilian?

    So, I don't know uder what terms the military hired its current crop of crackers, but I do have to wonder..
  • If William Cohen had not been in on the discussion, I would have guessed our good General Shelton was not long for his rank. I am glad that our military finally admits to their deeds. Unfortunatly, I also think their lack of meaningful detail makes them look like a pair of script kiddies caught 'getadmin'ing a NT box in the school computer lab, uncomfortable and totally unfamiliar with what they have done.

    A note to all foreign governments and companies: Grab a copy of *BSD or Linux, and secure it. Not only do you have to fear the local SK's; the US has formally entered the hack business. No longer can you count on the hacked box as some kind of sport; it may be Uncle Sam, stealing your production figures for dissemination to US companies or snagging important defense information.

    On the lighter side of things, I'm going to give a call over to the USSC tomorrow and see if I can drum up a job. I've spent too much time hacking my own boxen and not getting paid.
  • ... except that the water and power systems of the ex-Communist Bloc nations are probably not connected to the Internet; how would you hack them? You gotta be able to route there from here.
    --
    Deja Moo: The feeling that
  • Distraction, as a military tactic, is ancient. Sun-Tzu wrote about it in "The Art of War".

    It's no coincidence that Pentagon and other "break-ins" happen in such close proximity to budget cycles. Go back and look through your Congressional record - you can practically set your clock by it, it's so regular.

    Recipe for inflating your budget: put some moderately secured machines on the Internet, allow them to be compromised, express some outrage, wait for a while (but not so long that people forget), and then - presto! [govexec.com] - money falls from the sky!

    The military/industrial complex does this all of the time. In theory, a perfect example of this is Area 51 - if I'm the U.S. Government and I have alien technology, I've got plenty of incentive to fake the establishment of a military base for studying that technology, do a half-assed job of covering it up, and then leak it's existence to the press. That way, no one looks for the place I'm stashing the *real* alien hardware. :)
  • by g.liche ( 99325 )
    Does anyone have documented proof for use of a EMP weapon by the United States (or anyone else, for that matter)? I know that there was/is extensive research into the subject, but I was curious if this ever has gotten beyond the *wow, wouldn't it be cool if...* department. The USAF, since it appears that they will be handling all the "cyberwarfare" through their Space Command, probably has it's work cut out for itself, given the state of security (both physical and internet) that it's going to face. ;-) "Hey, Captain! I tried "password" and it worked!!"
  • I agree that it's best to remain quiet and not reveal critical secrets. However, admitting to electronic warfare in a vague, nonspecific way can generate a certain amount of intimidation (and ph33r?).

    A lot of the power in having lots of nuclear weapons is the sheer intimidation factor. The actual details of the weapons were closely guarded secrets. All the public knew was that they might be vaporised from 12,000 miles away, with only 20 minutes warning if you're lucky enough to detect the launch. Both the US and CCCP openly admitted having weapons. They even bragged about how _many_ they had.

    Bragging about 'cyber-war' without divulging any facts seems like a simliar tactic.

    The problem in this case is that unlike the cold war, the US does not have a monopoly on the weapon.
  • Do hackers walk out of Hacker Command deep in
    the recesses of [redacted] wearing a T-shirt that
    says "I took out the Serbian Power Grid today!"?
    No. Nor would you expect them to log into foreign
    systems with their real name and social security
    number. If the Enemy is already in your hometown
    and shooting people, then it seems to me that
    on a military base, surrounded by marines with
    really nifty weapons, is a pretty good place
    to be; you've got worse problems to worry about.
  • Very likely the NSA handles recruiting for military as well as domestic purposes.

    AFAIK the NSA will put you through college, set you up with equipment and give you a job when you graduate -- maybe sooner.

  • Thats exactly how it works....the NSA sponsers scolarships and intern programs for high school students in math and science.
  • Check the employment pages on www.saic.com and www.csc.com

    All located in the friendly town of Tysons Corner, VA

  • Space Command Military Intelligence Yet another Oxymoron to add to the list
  • does that mean I'll get vets' benefits for my CTS?

    "The number of suckers born each minute doubles every 18 months."
  • Hmmm. I don't believe it said anything about crippling, but this not an administration known for coherent policy...

    I do seem to remember an official using the phrase "diddle with Milosevic's bank accounts" or something like that. {shrug}

    Of course, it could be disinformation.

    * It _may_ get some reporters off your back -- those who'd be saying "No? Then why not?" if the DOD denied trying it.

    * It might concern the Belgrade regime, who are left to wonder if they really *can* trust their systems.
  • My guess is that the 'cyberwarfare' involved providing disinformation of one sort or another to the Yugoslavian military and leadership thru their computer systems. Or maybe they just spammed Milosevic's email address with offers of cheap porn and MLM schemes until he was too pee'd off to think clearly.
  • I my previous job, I worked on a (non-classified) proposal for the US military to help develop a decision making system to determine how best to neutralize a given target. The big thing I remember is that they were willing to use any means necessary -- just whatever would effectively eliminate opposition. By "everything" I man the whole range from propaganda and information warfare (a/k/a cyberwarfare) to actually putting explosive down onn target.

    The moral: use the approach that works best for the situation. In this case, the military decision was to disrupt communications and services. Not a real surprise, since the primary objective was political, not military.


    --

  • Will you be exposing "national security" secrets by telling people in other countries about bugs in the software and how to fix them? Will helping someone improve security in their system be treason?

    Next thing you know, open source will be considered munitions.
    ---
  • That makes little sense. Those people are in about as much dnager as those who crack codes. Is there danger there? Sure, I guess. But reading that post, you'd expect Mel Gibson's next movie to be about a military cracker on the run from the evil enemies hit men. I just don't think there's that much cause for alarm. If they wanted to hit someone, don't you think they'd go for command?

I program, therefore I am.

Working...