Feral Jundi

Tuesday, May 31, 2011

Military News: Cyber Combat–Act Of War

To supplement my cyber lance post, this news, along with the attacks on L3 and Lockheed Martin or the Stuxnet attack on Iran’s nuclear facilities, all point to how important and dangerous this stuff really is. I will let the article speak for itself.

Also check out the Morgan Doctrine’s opinion about this story. The MD is a blog that promotes the concept of cyber privateers and tracks the world of cyber warfare and crime. –Matt

Cyber Combat: Act of War
MAY 31, 2011
Pentagon Sets Stage for U.S. to Respond to Computer Sabotage With Military Force
By SIOBHAN GORMAN And JULIAN E. BARNES
WASHINGTON—The Pentagon has concluded that computer sabotage coming from another country can constitute an act of war, a finding that for the first time opens the door for the U.S. to respond using traditional military force.
WSJ’s Siobhan Gorman has the exclusive story of the Pentagon classifying cyber attacks by foreign nations acts of war. – News Hub
The Pentagon’s first formal cyber strategy, unclassified portions of which are expected to become public next month, represents an early attempt to grapple with a changing world in which a hacker could pose as significant a threat to U.S. nuclear reactors, subways or pipelines as a hostile country’s military.
In part, the Pentagon intends its plan as a warning to potential adversaries of the consequences of attacking the U.S. in this way. “If you shut down our power grid, maybe we will put a missile down one of your smokestacks,” said a military official.

(more…)

Building Snowmobiles: The Cyber Lance

I want to thank Matt from Facebook for bringing up this quote from Starship Troopers. I found the movie clip of the quote and it clearly shows the weakness of cyber warfare. It shows why you must have a direct action/physical security component mixed with your cyber warfare/information operations unit.

The simple reason why is that all it takes for your enemies to ruin your ‘hacking’ ventures, is for them to kill your hacker and physically destroy his equipment. To ‘throw a knife into the hand of the guy that pushes the buttons’, to paraphrase the quote up top.

Or worse, that hacker could be tortured and key information could be extracted in order to conduct a larger attack. The value of what that hacker knows (a nation or company’s secrets), or what they know how to do (hacking a nation or company), makes them a high value target.

In other words, today’s freelance hacker or even government/military hacker, is a highly valuable asset to a nation or a company. That highly valuable asset must be defended, and have a highly evolved physical and cyber offensive capability in order to compete and survive in today’s world.

So in order to deal with this new reality I have developed and defined a new term that I wanted to share with the readership. Enter the ‘cyber lance’.

Basically, a cyber lance is a combined arms team within a privateer company or military unit. Or it could be an outsourced team. The lance part comes from the french term Lances fournies, or ‘lances fournished’. Here is the definition from wikipedia.

The Lances fournies (French: “lances furnished”) was a medieval army squad that would have surrounded a knight in battle, consisting of a four to ten man team built of squires, men-at-arms (usually mounted swordsmen), archers, attendants (pages) and the knight himself. These units formed companies under a captain either as mercenary bands or in the retinue of wealthy nobles and royalty.
A Lance was usually led and raised by a knight in the service of his liege, yet it is not uncommon in certain periods to have a less privileged man, such as a sergeants-at-arms, lead a lance. More powerful knights, also known as a knight bannerets, could field multiple lances.

And of course the cyber is used to refer to anything to do with the internet or computing. I particularly like this etymology of cyber from wikipedia:

By the 1970s, the Control Data Corporation (CDC) sold the “Cyber” range of supercomputers, establishing the word cyber- as synonymous with computing. Robert Trappl credits William Gibson and his novel Neuromancer with triggering a “cyber- prefix flood” in the 1980s.

What’s cool about a cyber lance, is that a company can actually define it’s size to a client. They can say ‘we have 20 cyber lances’ or ‘cyber lancers’ (whatever sounds better to the user)
The other reason why I like the cyber lance concept, is that it mixes physical security with cyber security. It also mixes physical offense, with the cyber offense.  You must have one with the other as the world of cyber warfare continues to evolve. The cyber lance defines that combined arms group of hackers and shooters. The way I envision it, it could be as simple as a protective detail assigned to a hacker, or as involved as a special forces type team that does both the protection of a hacker, and conducts offensive operations based upon the information gained by that hacker. It is a fusion of the cyber and the physical, and all the potential actions that can come out of that combination.
I also like the etymology of lance corporal.  If you have ever served in the Marines, you more than likely were a ‘Lance Corporal”. Although the lance part refers to lancepesade.

From the Italian lanzia spezzata, which literally means “broken lance” or “broken spear”, but which was used to denote a seasoned soldier (the broken spear being a metaphor for combat experience, where such an occurrence was likely).

Or if you have ever heard of the term ‘free-lance photographer’ or ‘free-lancer‘ (etymology- medieval mercenary warrior) , then now you know the origins of the term. I think it works pretty nicely for cyber lance. So to me, cyber lance makes perfect sense in the context of what I am talking about here.
The cyber lance is also flexible in it’s usage. They could be all military units, or a  private cyber lance contracted out to the government or companies. A cyber privateer or cyber pirate company would have several groups of cyber lances as an organizational idea. Each cyber lance is just a unit or term to describe this hardened ‘hacker team with teeth’. It also goes back to the idea of combined arms, or mutually supporting groups within a unit. This concept is very much a part of the building snowmobiles mindset.

Combined arms is an approach to warfare which seeks to integrate different branches of a military to achieve mutually complementary effects (for example, using infantry and armor in an urban environment, where one supports the other, or both support each other). Combined arms doctrine contrasts with segregated arms where each military unit is composed of only one type of soldier or weapon system. Segregated arms is the traditional method of unit/force organisation, employed to provide maximum unit cohesion and concentration of force in a given weapon or unit type.

A cyber lance also promotes the idea of ‘team’, as opposed to an individual.  I believe cells or teams are far more capable for the attack and defense, as opposed to just an individual. The security of a nation or company, or the prosecution of that nation or company’s best interest would best be placed into the hands of a team, as opposed to just one individual.  Primarily because teams would actually have the ‘teeth’ necessary to capture or kill ‘individuals’, or defend against an attacking force. A cyber lance could also be attacked by a cyber lance, or a group of cyber lances that would make up a cyber privateer company.

Another key component of the cyber lance is it’s ability to work within the borders of another country or navigate the complexities of the commons called cyber space. A small team can be surgical and have a light foot print.  It also falls in line with the concepts of netwar, and offense industry which was a past building snowmobiles post.
Finally, as hackers become more valuable and more capable, it will be of national interest to protect these assets. The cyber lance could very well be the next chapter or paragraph in the world of combined arms and cyber warfare. It will also take the combination of the hacker’s mind and the tactical and strategic thinking of a special operations team to think of all the ways a cyber lance could be used for the defense or offense. The end result could lead to the destruction of a nation’s key national security assets, or the preservation of a nation’s vital national security assets. That is what makes a cyber lance a very important and lethal building snowmobiles concept. –Matt

Wednesday, April 13, 2011

Libya: Rebels Hijack Gadhafi’s Phone Network, With The Protection Of Private Security

By March 21, most of the main pieces of equipment had arrived in the U.A.E. and Mr. Abushagur was ready to ship them to Benghazi with three Libyan telecom engineers, four Western engineers and a team of bodyguards.

So if these Arab countries that funded this ‘hijacking’ or ‘telecom coup’ of Ghadhafi’s phone network bought the equipment, it would be reasonable to assume that they also purchased the services of some competent PSC to protect this operation?  I mean the return on investment for an operation like this would be immense.
It is also important to note that the Wall Street Journal really didn’t focus on the security side of this operation. On Facebook I have been asking around as to what PSC or group of contractors that participated in this telecom coup? So if any of the readership has anything, let me know in the comments are contact me through emails and I will make the edits.
This also introduces a new chapter in the world of contracting.  Make no bones about it, what these guys did was very dangerous and it was private forces that accomplished this task.  They were also able to capitalize on the chaos of the opening days of this conflict, and they were also able to capitalize on a poorly protected network.
This is also a hijacking or telecom coup that required security and tactical prowess, as well as the services of hackers. I envision this as a ‘Geek Squad’ with guns, and certainly will be studied by cyber warfare specialists. It was also the effort of private forces, with government backing.
Very interesting and I wonder how much money the investors of this operation will make, once Libya settles down and Free Libiyana turns into a full blown telecom?  Because these types of ventures are extremely profitable. Not to mention the brand loyalty that folks will have from here on out.
As to the communications advantage, that is a no brainer. Of course the rebels can organize better for warfare.  They can also issue orders via text message, and give updates to their troops and the world audience with tools like Text to Tweet. Lots of ways to get networked, once you have the architecture to support that network. Definitely a game changer, but time will tell. It still takes really good leaders as well as organization, discipline, etc.  People win wars, not gadgets. –Matt
A Group of Expatriate Executives and Engineers Furtively Restore Telecommunications for the Libyan Opposition
APRIL 13, 2011
By MARGARET COKER and CHARLES LEVINSON
WSJ’s Margaret Coker reports on efforts by telecommunications executives to restore cell phone service to rebels in eastern Libya, allowing them to communicate without interference from government personnel loyal to Col. Moammar Gadhafi.
A team led by a Libyan-American telecom executive has helped rebels hijack Col. Moammar Gadhafi’s cellphone network and re-establish their own communications.
The new network, first plotted on an airplane napkin and assembled with the help of oil-rich Arab nations, is giving more than two million Libyans their first connections to each other and the outside world after Col. Gadhafi cut off their telephone and Internet service about a month ago. (more…)

Thursday, September 30, 2010

Technology: Cyber Assassination

In Italy, not too long ago, a mob boss was shot but survived the shooting. That night, while he was in the hospital, the assassins hacked into the hospital computer and changed his medication so that he would be given a lethal injection. He was a dead man a few hours later. They then changed the medication order back to its correct form, after it had been incorrectly administered, to cover their tracks so that the nurse would be blamed for the “accident.” 

*****

     This is an interesting thought.  Is cyber assassination possible and if so, is there an example of cyber assassination?  The article below is what grabbed my attention and I wanted to investigate.

     From what I can gather, I found these three sources for the mob boss killing, but I have yet to find a news source. If anyone can confirm or deny that this actually happened, complete with a source, I would be very interested to read it.  I will also make an edit.

     The other thing I wanted to do is present possible scenarios in which cyber assassination could be feasible.  Below I listed several news stories of medical device security and hospitals/industrial plants being hacked. I also think the latest cyber attack against Iran’s nuclear facilities is an example of this type of hacking. So the ability to get into these sensitive and supposedly secure places in the present day is feasible.

     Which leads me to my next point and that is if these things can be hacked into, then could the next step be actually causing death? A terrorist attack designed to kill many people, or an assassination of a specific individual? Food for thought. –Matt

—————————————————————–

Cyber terrorism hits Nigeria

Saturday, September 25, 2010

(a paragraph from the article)

In Italy, not too long ago, a mob boss was shot but survived the shooting. That night, while he was in the hospital, the assassins hacked into the hospital computer and changed his medication so that he would be given a lethal injection. He was a dead man a few hours later. They then changed the medication order back to its correct form, after it had been incorrectly administered, to cover their tracks so that the nurse would be blamed for the “accident.”Story here.

——————————————————————

From Could A Computer Kill You?

According to the sites below, a mob boss was shot but survived. That night while he was in the hospital, the assassins hacked into the hospital computer and changed his medication so that he would be given a lethal injection. He died a few hours later.

Examples of Cyber-terrorismfrom

Examples of Cyber-terrorismfrom 1998

CYBER TERRORISM

CYBER TERRORISM

IN THE CONTEXT OF GLOBALIZATION

Link to site here.

——————————————————————

Expert: Hackers penetrating industrial control systems

Digging out from infrastructure attacks could take months, Joseph Weiss says

By Grant Gross

March 19, 2009

IDG News Service – The networks powering industrial control systems have been breached more than 125 times in the past decade, with one resulting in U.S. deaths, a control systems expert said Thursday.

(more…)

Saturday, May 22, 2010

Building Snowmobiles: Cyber Privateers

     Ahhhh, time to fire up the old Building Snowmobiles category again, and thanks to James from Death Valley Magazine for giving me the heads up on this story below. Wired’s Danger Room wrote up an interesting article on the latest contract that Booz Allen Hamilton won with the Air Force in regards to cyber-security. This is interesting to me, because it is a government contracting a PMC to provide security in a commons called cyber space.  It reminds me of our original privateers in the US who were contracted by Congress via the Letter of Marque, to go after the British in that other ‘commons’ called the open sea. And with this latest contract, I would have to say that Booz Allen Hamilton gets the award for top cyber privateer. lol (that is not to say that Booz Hamilton will be getting bounties or seizing assets any time soon, but private industry is certainly answering the call for this one and making some serious money)

     I have lately been toying with the idea of how the Letter of Marque (LoM) could be applied to today’s current cyber security threats and to cyber warfare.  The scope of threats are so large and so complex, that there must be a strategy implemented that can keep up with these threats.  It is my belief that you should approach the problem with multiple solutions that all contribute to the overall strategy, and to create those solutions you need some analysis and you need synthesis.  And cyber privateers is some serious synthesis in my opinion, and I don’t think anyone has really delved into this before.  Issuing a LoM to individuals or companies might be one way to tap into the creativity and freedom of private industry, and still keep a leash on them based on the legal requirements of the letter.  It would be a way for congress to keep control over these kinds of contractors, yet still allow them to do their thing out there.  That kind of free market warfare coupled with very specific control mechanisms is crucial to this concept.

     The LoM can also allow the government to contract with one person or an entire company.  Companies like Booz Hamilton might not be able to attract the star players of cyber warfare.  So if the government wants to get these lone wolves on their side(both foreign and domestic), the LoM and an extremely lucrative bounty or prize law system would be one way to do that. The LoM could also give that lone wolf cyber warrior a license that is signed off and approved by the nations top law makers.  That to me has more appeal than being a subcontractor for some military branch of service, and hanging in limbo as to what laws and policies I need to follow or pay attention too.  Please note all the legal issues surrounding today’s usage of private military companies in the war.  The LoM could be the answer to mitigate those issues for today’s union between private industry and the government.

     Also, the way the LoM works is pretty flexible in my view.  It can be as complex or as simple as we want to make it.  After all, congress would be the ones forming the committee to issue the things, and they would be writing the thing up.  I am sure no one would want the LoM if it did not fully answer all and any legal issues, hence ‘my lawyer will talk with your lawyer’.  That is the way I would envision this.  Because if not, no one would want to do business with Congress and the US government if it did not have all the right protections in that document.

     As to what kind of activities the cyber privateers could do?  Hmmmm. Let your imagination run wild I guess.  Basically, if China wants to use hackers to go after the US for example, those Chinese hackers would be prime targets for cyber privateers.  Hell, cyber privateers could be tasked with going after entire countries that we consider threats. You could also use cyber privateers to go after organized crime, terrorists, etc., and set up bounties for all types of activities that a congress would want their cyber privateers to do. You might want to use cyber privateers for a very specific corner of the cyber warfare market, and the imagination is the only limit. Like Thomas Jefferson once said “Every possible encouragement should be given to privateering in time of war.” Using cyber privateers to conduct cyber warfare or defend the country, is one tool that the government could implement. For further study on the subject of LoM, I would suggest the reader check out this post and publication here, and use the search feature on this blog. –Matt

——————————————————————-

Booz Allen hiring 5,000 employees this year

Friday, May 14, 2010

Washington Business Journal – by Bryant Ruiz Switzky and Gayle S. Putrich

Consulting giant Booz Allen Hamilton Inc. is going on a major hiring binge.

The McLean-based government contractor is hiring 1,500 people over the next two months and expects to hire about 5,000 workers in 2010, some of which are rehires.

More than 60 percent of those jobs will be in the Washington area, said Leslie Esposito, director of recruiting.

Most of the positions are for consultants and include cost estimators, intelligence analysts, operations research analysts, program managers, acquisitions analysts, clinical health consultants, energy consultants, environmental consultants and human capital management and organizational efficiency experts. There is also a wide range of technology-related positions.

Story here.

——————————————————————-

Recent Air Force Contracts with Booz Allen & Hamilton

                Booz Allen & Hamilton, Inc., Herndon, Va., was awarded a $24,302,677 contract which will provide combat-ready forces to conduct secure cyber operations in and through the electromagnetic spectrum, with air and space operations.  At this time, $496,032 has been obligated.  55 CONS/LGCD, Offutt Air Force Base, Neb., is the contracting activity (SP0700-98-D-4002, Deliver Order 0414).

                Booz Allen & Hamilton, Inc., Herndon, Va., was awarded a $24,283,152 contract which will provide innovative recommendations on information assurance disciplines for Systems Center Atlantic to develop information assurance capabilities for the Federal Compliance Program.  At this time, $122,060 has been obligated.  55 CONS/LGCD, Offutt Air Force Base, Neb., is the contracting activity (SP0700-98-D-4002, Delivery Order 0407).

                Booz Allen & Hamilton, Inc., Herndon, Va., was awarded a $23,302,445 contract which will provide instrumented live, virtual and constructive joint exercise enabled via the Joint National Training Capability’s global grid to enhance information assurance/cyber activities under U.S. Space Command’s span of control.  At this time, $2,672,756 has been obligated.  55 CONS/LGCD, Offutt Air Force Base, Neb., is the contracting activity (SP0700-98-D-4002, Delivery Order 0417).

                Booz Allen & Hamilton, Inc., Herndon, Va., was awarded a $19,835,902 contract which will provide information integrity and integration of information assurance capabilities into existing operational command and control networks and systems.  At this time, $5,000 has been obligated.  55 CONS/LGCD, Offutt Air Force Base, Neb., is the contracting activity (SP0700-98-D-4002, Delivery Order 0415).

                Booz Allen & Hamilton, Inc., Herndon, Va., was awarded a $19,831,145 contract which will define information assurance scientific and technical analysis to be applied to future military satellite communication systems development and assess vulnerabilities of emerging satellite communication systems to provide secure end-to-end communications services to deployed warfighters.  At this time, $1,607,798 has been obligated.  55 CONS/LGCD, Offutt Air Force Base, Neb., is the contracting activity (SP0700-98-D-4002, Delivery Order 0411).

                Booz Allen & Hamilton, Inc., Herndon, Va., was awarded a $15,870.840 contract which will provide secure and highly reliable network operations and computer network defense components in order to carry out Air Combat Command’s mission.  At this time, $45,120 has been obligated.  55 CONS/LGCD, Offutt Air Force Base, Neb., is the contracting activity (SP0700-98-D-4002, Deliver Order 0408).

                Booz Allen & Hamilton, Inc., Herndon, Va., was awarded a $14,877,735 contract which will provide information assurance and information systems security improvements to U.S. military ground communication systems and onboard U.S. military airborne systems and platforms.  At this time, $2,692,270 has been obligated.  55 CONS/LGCD, Offutt Air Force Base, Neb., is the contracting activity (SP0700-98-D-4002, Delivery Order 0413).

                Booz Allen & Hamilton, Inc., Herndon, Va., was awarded a $14,880,375 contract which will provide state of the art information assurance capabilities in order to increase interoperability and availability of secure information to improve decision making.  At this time, $347,793 has been obligated.  55 CONS/LGCD, Offutt Air Force Base, Neb., is the contracting activity (SP0700-98-D-4002, Delivery Order 0409).

                Booz Allen & Hamilton, Inc., Herndon, Va., was awarded an $8,925,518 contract which will develop innovative cyber security capabilities and network defense for Air Force information systems.  At this time, $164,682 has been obligated.  55 CONS/LGCD, Offutt Air Force Base, Neb., is the contracting activity (SP0700-98-D-4002, Delivery Order 0410).

——————————————————————

Defense Firms Pursue Cyber-Security Work

MARCH 18, 2009

By AUGUST COLE and SIOBHAN GORMAN

WASHINGTON — The biggest U.S. military contractors are counting on winning billions of dollars in work to protect the federal government against electronic attacks.

U.S. agencies from the Pentagon to the Department of Homeland Security have experienced major cyber-break-ins in recent years, even into classified systems. Cyberspies also have siphoned off critical data from Pentagon contractors, including one breach that cost a major aerospace contractor $15 million.

Intelligence officials estimate annual U.S. losses from cyber breaches to be in the billions of dollars, and some worry that cyber attackers could take control of a nuclear power plant or subway line via the Internet — or wipe out the data of a major financial institution.

(more…)

Powered by WordPress