School of Media and Communication

Phil Taylor's papers

BACK TO : INFORMATION WARFARE (IW) & INFORMATION OPERATIONS (IO) - see also PSYOPS

The enemy is the net from ABC Radio


http://www.abc.net.au/rn/backgroundbriefing/stories/2009/2574574.htm


Stan Correy: The enemy is out there, in cyberspace, loading up and aiming the Trojan-laden botnet bullets. But who exactly is the enemy? Are they the Chinese, the Russians, or roving gangs of freelance hackers, who work for whoever has the most cash?


This uncertainty worries people like Lieutenant General Keith Alexander, who put a quote from the People's Liberation Daily up on his PowerPoint at a recent security conference. Here's a reading..


Reader: An adversary wishing to destroy the United States only has to mess up the computer systems of its banks by high tech means. This would disrupt and destroy the US economy.


Stan Correy: The man who put up that quote, General Alexander, is in charge of America's most secretive intelligence agency, the NSA, or National Security Agency, and is also now head of the Pentagon's new Cyber Command.


Keith Alexander: Now I know what you're thinking: they did it, the economic crisis ... no, no, this is different; the economic crisis was different. But other countries see industry and government of the United States is intertwined, and it is, that's why the government is here. And perhaps from my perspective, more importantly, NSA is here for the country. It's not here for NSA, it's to protect the country, and out networks from our adversaries.


Stan Correy: General Alexander is being a bit defensive. He knows the NSA has been accused of spying on American citizens using the internet. But he says there is a greater danger. All American computer networks are vulnerable to attack from enemy governments, but there's an important qualification: who is really doing the attacking?


Keith Alexander: when you look on that network, look what's operating on that network. Everybody. and when you think about the actors on that network, how do we differentiate the good from the bad? That's really hard. How are we going to do that in the future?


Stan Correy: Hello, I'm Stan Correy and this is Background Briefing on ABC Radio National.


When you're investigating the wild badlands of cyberspace, the story is never simple.


Today is no different. It's a story about the story, about a story about the increasing fear that electronic networks will be brought down by foreign invaders. The fear has been raised to new heights in the past year, around the world. Even commercial TV programs begin this way.


Cyber promo: We are being attacked every minute of every day but our worst enemies have no guns, no bombs, their weapons are computers.


Stan Correy: And this report from Fox News last year:


Newsreader: There are so many questions that are being raised today about a series of cyber attacks on White House computers! This is not what you want to hear, but top secret classified networks weren't cracked this time; how sensitive though was the information that was obtained from our government, and was another government responsible? Robert ( inaudible) is a former supervisory special agent for the FBI's Counter-terrorism Division. It's great to have you with us, Robert, thanks for being here. Let's talk about this first of all. They say that it was a very targeted attack. What information were they after and who was responsible?


Robert: ..: Basically what we see here, as long as governments are going to be using the internet for communication purposes, they're also going to be vulnerable to intrusions, and this computer intrusion was - they don't know whether it was done at the behest of the Chinese government, it's hard to prove.


Stan Correy: In recent months, one of the scariest examples of cyber hacking has been the unmasking of the Ghostnet system. The Ghostnet was a network of computers, based in China, that infected and took over computers all over the world, from the Dalai Lama's office in India, and also foreign embassies in Canberra.


The Ghostnet system was cracked with some luck by a group of digital activists based at the Munk Centre for the International Studies at the University of Toronto.


Their bombshell report was released in late March. It showed conclusively that deliberately targeted hacking had occurred but questions remained unanswered.


One of the investigators in Toronto, Professor Ron Deibert.


Ron Deibert: What worries me is there is an escalating language around this, an escalating discourse that is securitising a lot of things that probably should be simply criminalised. For example, the Ghostnet investigation revealed something that was clearly criminal in nature, it may have been espionage, but characterising it as an act of war is very provocative. Similarly if someone defaces a website, that certainly can be considered a criminal act, but whether it's an act of war, to me this is feeding into right now, a frenzy that's occurring, particularly down in D.C.; there is a review of cyber security policy being undertaken by the Obama Administration.


Stan Correy: That cyber security review is expected any day, but Deibert says it's adding to the hype and fears about internet security.


That's why the Ghostnet report got Washington government agencies excited, as they themselves jostle for the job of overseeing cyber security, or hunting out enemies on the net.


Professor Ron Deibert.


Ron Deibert: There have been several major reports, all of the different agencies are scrambling to position themselves and capitalise on all the funding that is going to come this way, but in doing so they are using very dramatic war fighting language, that is I think increasingly militarising this domain which after all is simply a global commons of information. And for citizens around the world, I think we have to wake up and look at what's going on here, when we have organisations like the NSA talking about securing critical infrastructures. What do they mean, exactly, when most of those networks are in private sector hands? When they're talking about 'offensive cyber warfare capabilities' what does it mean for freedom of speech and access to information?


Stan Correy: And the media reports keep coming, this time about the latest power grid scare last month.


Reporter: The Wall Street Journal reporting evidence that Chinese and Russian operatives have mapped out the US power grid and planted little electronic time bombs along it. Exactly who is doing this and why, we turn to ABC News consultant and former Presidential Cyber security expert, Richard Clarke. Thanks, Dick, for being with us this morning.


Richard Clarke: Good morning.


Reporter: What does this say to you? Who is this? Is this serious?


Richard Clarke: It's very serious. I think the government has known for several years that China and Russia and other countries have created offensive cyber war units and have penetrated American networks, including the electric power grid, which is pretty easy to penetrate, and that allows them in a time of war or in a time of crisis, to go in and shut off the electric power, and to actually destroy generators ....


Stan Correy: The Wall Street Journal reports last month about hacking US power grids got a lot of mileage around the world. But at the US think-tank, the Baker Institute in Texas, Chris Bronk and his colleagues knew they were simply recycling old rumours.


Chris Bronk: We read this article that basically said that the energy grid had been somehow compromised and it was alluded that the usual set of suspects had been up to no good: China, Russia, others, and that essentially someone could turn out the lights.


Stan Correy: Chris Bronk says in The Wall Street Journal article, an incident mentioned was the case of the Australian, Vitek Boden, who hacked into the sewage system in Maroochydore, Queensland in 2000. The result of that incident was that raw sewage polluted parts of the locality.


Chris Bronk: Boden, who was arrested, and went through the judicial process had very strong inside knowledge, he had all the classic reasons to do what he did, he was a disgruntled insider. So I was really alarmed that this was supposed to be big news when it ran in the Wall Street journal, because it's pretty much yesterday's news, this happened a long time ago now. It's a fairly clear case where the guy - someone's working for the firm that wrote the software that makes the system work. Yes, that person may be somewhat dangerous, but it's not the same thing as saying hackers from a different country half a planet away just broke into this thing, and so anyone can do it.


Stan Correy: Chris Bronk, from the Baker Institute in Texas. In the media, stories of cyber-attacks from unnamed sources are often repeated as absolute fact. The man who monitors the cyber security blog (which is called the Threat Level) for Wired Magazine, Kevin Poulsen, says the recent Wall Street Journal report is a good example of what he calls 'Cybermaggedon.'


Kevin Poulsen is well qualified to comment on anything to do with cyber security. As a reformed hacker with an impressive record, he has special insights into the murky world of cyber warfare.


And he says one of the reasons for all the stories is the battle within the US government over who should control cyber security.


Kevin Poulsen: You know about a year ago, the then intelligence chief here in the US, started talking about putting the National Security Agency in charge of cyber security, putting them right on the internet, in order to monitor the intranet and look for these so-called cyberthreats. This is a controversial proposal because here and elsewhere, the NSA is best known for its recent warrantless surveillance of the internet, so at the same time that this talk started, we saw a story emerge from unnamed sources inside the US Intelligence community, claiming that Chinese government computer hackers were responsible for the great North Eastern US blackout in 2003. This was 50-million homes were plunged into darkness, and the story was complete nonsense. The blackout has been well studied, and the cause was trees growing up into high tension power lines and causing them to trip.


Stan Correy: But a good cyber threat story never completely dies.


Kevin Poulsen: That story came up in May of 2008, and then it kind of went away, and then we saw a very similar story reported in The Wall Street Journal last month, at the same time that the - once again - the National Security Agency was lobbying in Washington to get control of the cyber security mission. So it seems like whenever these stories pop up, it's always at a very opportune time for advocates of the intelligence agencies getting control of cyber security.


Stan Correy: In this story, you'll hear a lot of jargon. You have cyber security: that's working out ways to protect your computer, and the networks it uses to connect to the world. Cyber warfare should seem simple enough, using those computer networks to fight a war. But as we'll discover, defining what cyber war is all about is a bit tricky. And finally, we have cyber espionage.


Australian military security expert, Ian Dudgeon.


Ian Dudgeon: Those techniques can include intercept operations for example, tapping into or intercepting telephones, intercepting email, other forms of communication systems that may exist, in other words stand-alone systems that may not be connected to the internet, or public telephone systems, or cryptology of course, to break various codes. It can include hacking and it can include the use of malicious software that can be put in and will extract information from time to time, as it's coded.


Stan Correy: Ian Dudgeon, a former consultant to the Australian Defence Signals Directorate, or DSD, which has its own cyber operations intelligence unit.


Stan Correy: No-one likes to be spied upon, to have their personal information stolen, or their computers hijacked to become part of what's called a botnet. Botnets are networks of computers that have been infected by viruses called malware. It could happen to you. These hijacked computers are being secretly used without the owner's permission, for criminal and espionage purposes.


Botnets are one of the biggest problems in computer security today.
One of the scariest examples of computer hacking, as we mentioned, is what's called the Ghostnet system, the hijacking of computer networks in the offices of the Dalai Lama, and thousands of other computers around the world.


On the phone from his office, researcher Greg Walton tells how Trojan computer viruses took over the Dalai Lama's computers.


Greg Walton: A Trojan is a form of computer virus, if you like, which is used to remotely control a computer and extract information from it. We found that these Trojans were reporting back to control servers in China.


Stan Correy: What is a control server?


Greg Walton: A control server is a computer which is remotely controlling your computer, or the computer which is being compromised, basically, and we actually found the control server extracting sensitive documents in real time from the office of the Dalai Lama.


Stan Correy: So while you were watching on the computer?


Greg Walton: Yes, quite literally.


Stan Correy: It must have been quite an amazing sight to see.


Greg Walton: Yes, it was quite a discovery.


Stan Correy: The team who uncovered Ghostnet is not made up of the usual cyber warfare specialist from the Military Intelligence sector. They're Canadian-based digital activists, who started out trying to keep the internet free and open and neutral.


MUSIC


Stan Correy: The Intelligence community itself is the source of many of the cyber espionage stories in recent times. Cyber espionage is really just a web version of what used to happen when real people were planted inside government offices to steal documents, or place wrong information.


In the modern world, it can be done using the net.


THE WORLD TODAY THEME


Stan Correy: Here's a recent example from last month as reported on ABC Radio's World Today.


Presenter: News Limited is reporting intelligence sources as saying Mr Rudd and his staffers were under cyber-attack during their visit last year to the Olympic Games, as Chinese authorities tried to access the Australians' computers and mobile phones.


The Prime Minister says he doesn't know about the allegations. From Canberra, Alexandra Kirk reports.


Alexandra Kirk: The Prime Minister says he hasn't been told that Chinese spies tried to hack into government computers and his mobile phone calls when he went to the Beijing Olympics last year.


Kevin Rudd: No security concerns that I'm aware of have been raised with me or my office, in relation to that particular trip to the Beijing Olympics.


Stan Correy: National Security, cyber security, and the geopolitics of what the strategic analysts call China's rise to power, are all mixed together. Throw in the Russians and the cyber crime gangs and you'll never want to turn your computer n again.


A lot of the stories have catchy titles like 'snooping dragons', 'when dragons attack', or 'Hackers, the China Syndrome'.


In the new Cold War in cyberspace, nothing frightens some people more than millions of young Chinese cyber warriors, just waiting for the call to arms in cyberspace. These may not be members of any organised army, but are the so-called 'Patriotic Hackers', fired up by nationalism, working on their own and under contract to whoever pays them.


CNN Reporter: Just south of Shanghai, here on the second floor of this residential building, they operate a hackers' website, three young men, all in their early 20s who insist on not using their real names. No-one wants to be identified. The apartment has cement floors and is sparsely furnished.


Stan Correy: In 2008 the international media went in search of the Chinese hackers and they weren't difficult to find.


CNN Report: Shou Jen, his online name, tells me (CHINESE LANGUAGE) no website is 100 percent safe. There are websites with high level of security but there is always some weakness. They say their website has been operating for more than three years; they claim 10,000 registered users with 50,000 hits a day. Independent checks of the website by US-based computer experts, confirm it offers useful advice and free software downloads for breaking into computer systems. (CHINESE LANGUAGE) First you must know the website you want to attack, he says, you must know what program it's written with, you have to learn programming first. There is a saying, 'Know about both yourself and your enemy and you'll be invincible.'


John Laws, CNN, China.


Stan Correy: These young people can be small groups or larger organisations like the Red Hacker Alliance, or the Honker Union.


And they are not completely alone. There is no doubt that over the past 20 years the Chinese have put significant investment into information technology for military purposes. What's frightened the Americans the most is how the Chinese have written in public documents about how they're going to use the technology in wartime. Here's an example from a military text in 2005.


Reader: It is necessary to be proficient at utilising the information superhighway, creating misleading information, spreading the fog of war, and jamming and destroying the enemy's strategic awareness, thereby using strategy to control the adversary.


Stan Correy: In recent reports of cyber attacks on the West, these kinds of ideas are used by Western cyber warfare experts as proof that the Chinese are already at war with the West. You have to be very careful when deciphering Chinese texts on information war, says Gary Rawnsley from Leeds University.


Gary Rawnsley: The Chinese have always talked about a different style of warfare to everybody else. It comes from the kind of Maoist revolutionary struggle of the 1930s, 1940s. The idea of people's war, when everybody could be mobilised. You've got a population of 1.3-billion people who in Maoist terms, could be mobilised to help defend the Motherland. And in many ways information warfare is an extension of that, because what you've got now is one of the most computer literate and connected societies in Asia, where anybody could again, be mobilised to defend the Motherland in cyberspace.


Stan Correy: There are now 300-million internet users in China, more than in America. So it's no wonder the Chinese are fast developing an information warfare strategy. But we still have to be careful not to get too worked up over the rhetoric. Gary Rawnsley.


Gary Rawnsley: We have to be very careful when we look at these documents that are written by policymakers, and ask ourselves, How did they get into the public domain, and why are they in the public domain? Are they trustworthy sources to use? As I've argued many times, the question of rhetoric and reality, that inflating one's capacity for information warfare can be as much a propaganda tool as it is a statement of fact. the idea that we are developing this kind of not obvious, ethereal military offensive capability that you can't identify, you can't see, you can't trace, and it's there if we need to use it. And it's going to cause not just maximum military disruption but maximum social disruption as well. So I think these documents are very useful, these writings by Chinese experts are very useful, but they do have to be taken very, very carefully.


Stan Correy: Gary Rawnsley reminds us everyone is playing the same game.


Gary Rawnsley: The American responses, all the Department of Defence documents that are written in response to these Chinese documents, also have to be taken very carefully, because of course the American military has its own agenda, and the literature is still debating the level of the China Threat that America perceives today.


Stan Correy: In Washington today, there's quite heated debate about what the Chinese are saying and what they're actually doing in cyber warfare. Is the jacking into US networks the work of information war units of the PLA, the People's Liberation Army, or the work of Chinese hacker groups, civilian cyber warriors under contract to the PLA?


No-one really knows.


Linguist and Defense Intelligence contractor who specialises in Chinese information warfare, James Mulvenon.


James Mulvenon: Well I mean the number one problem is what's known in the trade as the Attribution Problem, in other words, who is actually attacking me? And unfortunately the nature of the internet and the nature of computer networks makes it fairly easy to obfuscate who is actually attacking you. I call it the Tarzana California problem. I mean, am I actually being attacked by someone in China, or am I actually being hacked by some kid in Tarzana California who is spoofing off some insecure server in China and hacking back into the United States. Without really exquisite information, it's very difficult to tell.


Stan Correy: And when talking about Chinese information war, the attribution issue is muddied even further by groups like the Patriotic hackers.


James Mulvenon: Now I am of the belief that they should not be treated as strictly government agents, in other words people acting on behalf of the Chinese government. I understand that what they are officially advocating breaks Chinese law, but most of what these groups on their websites will have little constitutional statements that say, 'We will not attack domestic Chinese IP addresses. And that scratches the internal security itch for the Chinese government, and allows them to operate, in my view, as somewhat as useful idiots for the regime. But at the same time these groups, which were involved in these very low level and frankly, fairly insignificant web page defacements and other things in the '90s, also do present a bit of a command and control problem for the Chinese, that they worry about and they write about.


Stan Correy: In other words, the Chinese government is itself worried. If these hackers can get into computers everywhere in the world, they can also get into Chinese government computers. And for that matter, so could American or British, or Australian hackers.


The world of hacking is getting increasingly sophisticated, and at the same time, murky. James Mulvenon.


James Mulvenon: Over time however, these groups have matured. They've become older, they've wanted wives and girlfriends and day jobs, and everything else. And so they've moved from what we call 'black hat', which are just pure hackers, to grey or white hat hackers, who are people actually trying to become information security professionals. But like in China, all the information security professionals have to be certified by the government and so it's driven them closer to the government and we see a lot more semi-official interaction between these groups and the military and other things, thus providing a conduit for that expertise to get actually to be at the hands of the Chinese government.


Stan Correy: So in a sense, they're kind of private contractors, aren't they really?


James Mulvenon: Right. And as a classified defence contractor here in the Untied States, I understand the blurring of those lines.


Stan Correy: It's a very grey area. Think of the still simmering debates about the legal status of private military contractors in Iraq and elsewhere. According to James Mulvenon, the Chinese and the Russians are pioneering the use of cyber contractors or proxies to carry out the cyber attacks.


James Mulvenon: Both in the Chinese and the Russian case, they seem very comfortable with the idea of using proxies to carry out these kinds of attacks, because these proxies provide a level of plausible deniability, whereas in the United States system and in the Commonwealth, I think that these kinds of cyber warfare capabilities are still heavily, heavily classified, very compartmented, very carefully controlled, require very high level authorisation. The Chinese and the Russians are simply a different model, they seem to be much more comfortable with the ambiguity of allowing non-governmental personnel to carry out these attacks, which h makes it extremely difficult for us to develop a deterrence posture or any sort of response options.


Stan Correy: James Mulvenon from the Center for Intelligence Research and Analysis in Washington, D.C.


PM THEME


Stan Correy: We're returning now to the story of the hacking of the Dalai Lama's computers in early April, as reported on PM.


Mark Colvin: Aside from rhetoric about China's use of soft power, there's some evidence emerging of China using very hard power indeed, in cyberspace.


Highly-credentialled researchers from Canada and Britain say that a China-based computer spy network has been hac king into government and business computers in more than 100 countries.


In a 10-month investigation, the University of Toronto team found almost 1,300 compromised machines. They included those belonging to Tibet's spiritual leader, the Dalai Lama, and computers in two foreign embassies in Canberra.


Stan Correy: One of the Ghostnet investigators, Greg Walton, visited Dharamsala, India, in mind-2008 to meet Tibetan NGOs and do security audits on their computers. He was hunting for malware, malicious software specifically written, to infiltrate other computers and take them over.


Greg Walton: I was calling malware samples from NGOs and other targets out there, when I was approached by the Dalai Lama's representative in Geneva, who said that the offices of the Dalai Lama had been having some problems with their communications, which had led them to consider that they might have been targeted, or they might have been compromised, in fact. So he asked me to perform a security audit of their systems. And I spent about a week in their offices with a colleague from the University of Cambridge.


Stan Correy: At the Dalai Lama's office, they found his computer network had been compromised and then they found a number of Trojans.


Greg Walton.


Greg Walton: A Trojan is a form of computer virus, if you like, which is used to remotely control a computer and extract information from it. And we actually found the control server extracting sensitive documents in real time from the office of the Dalai Lama.


Stan Correy: So while you were watching on the computer?


Greg Walton: Yes, quite literally. We were running a traffic protocol analyser called Wireshark, which allows us to see all the traffic coming in and out of the computer that allows us to detect any anomalous connections that the computer is making, connections they shouldn't be making. And we watched in real time as the attacker removed sensitive documents, some of them pertaining to the Dalai Lama's negotiating position vis-à-vis the Chinese government, others' email contact lists, lists of dignitaries and that sort of thing. So se saw that in real time.


Stan Correy: The Ghostnet investigators also found that Chinese military intelligence got hold of this stolen information from Tibetan NGOs, and used the material against Tibetan activists under interrogation.


Greg Walton: One of their employees had returned to Tibet recently, and had been arrested at the border between Nepal and Tibet and taken to a detention facility where she was held for about two months. Then after that time, the Chinese Intelligence interviewed her, and said to her, 'What have you been doing in Dharamsala?' and she said, 'Nothing, you know, I've just been studying, nothing political', and they got out her dossier and showed her the transcripts of all the chats that she had been making over the past two years. Now that suggests that somehow the Chinese State Intelligence apparatus had intercepted her communications. It's possible that this came from the malware from the Trojan which is on her system, and it's possible that it came from other sources.


Stan Correy: Yes, the fact is they managed to get the information somehow, so it suggests some kind of routing of information to other sources.


Greg Walton: That's correct. It's more circumstantial evidence that adds to the case that the Tibetan movement as a whole, is thoroughly compromised by electronic espionage.


Stan Correy: Greg Walton, Editor of the Infowar Monitor, which tracks the use and abuse of cyber power. There's a link to Infowar Monitor on Background Briefing's website.


Professor Ron Deibert runs the Citizen Lab at the University of Toronto and he says there are several ways to interpret the results of the Ghostnet report. Some analysts have used it to ramp up the tension in the frenzy of the new Cold War in cyberspace.


Deibert has a different view; he wants to start a debate about cyber arms control. But he says there's a problem about who gets invited to be part of this debate, and the decision-making. There's big money, and of course, power, in the outcome. People like Diebert say the public should not be locked out. It's not only that we can be watched, but we can be denied access to what's going on.


Ron Deibert: It really creates a very vexing problem for controlling not only surveillance but distributed denial of service attacks, because you never know from where they're coming. Attribution, determining who's behind these things, is always very difficult and it creates an incentive structure for actors, states included, to outsource or contract out the type of attacks that we've seen, because that gives them plausible deniability. For example, by putting instructions on forums or in discussion groups, and capitalise on attacks by that are carried out by patriotic hackers. So when it comes to the question that I'm very interested in, which is how do we control all of this, how do we think about application of arms control methods to cyberspace? It really creates some conundrums, because how do you fix something without breaking it entirely? How do you control this problem without altering the character of the internet altogether?


Stan Correy: One of Ron Deibert's colleagues in the Ghostnet investigation is computer security expert, Nart Villeneuve. It was Villeneuve who actually discovered, or hacked into, the command and control servers, based in China, that were stealing the information from the Tibetan computers. The software the hackers were using, wasn't top secret Chinese cyber weapons, but something anyone could download form the internet, a piece of software called Ghostrat. The RAT stands for Remote Access Tool.


Nart Villeneuve: Ghostrat is an open and available tool that anyone can download off the internet, and you can infect computers with it and basically take over real time control. You can transfer files, you can run programs, you can turn on peripheral devices, audio, capture and so on, all from a nice interface.


Stan Correy: And this is publicly available?


Nart Villeneuve: Yes.


Stan Correy: And who invented or designed this? Was this a hacker or someone that we know of?


Nart Villeneuve: Yes, they have a website, it's sort of Chinese hacker/security group, similar to the type of groups that exist all over the world that write these programs, sort of these bridge groups that are sort of hacker/security that write different type of tools.


Stan Correy: Nart Villeneuve.


The Ghostnet system is a type of botnet, and that's a word you'll hear a lot about in upcoming debates about cyber security. At last week's Internet Security Conference on the Gold Coast, there were several sessions dealing with the very dangerous world of the botnet. The big talking point at the moment, is the conficker botnet. The conficker is a worm, another malicious piece of software that has infected millions of computers worldwide.


Tracking criminal botnets is the Shadowserver Foundation, a non-profit group of computer security professionals. One of the Directors of the Foundation is Richard Perlotto.


Richard Perlotto: I have several kind of messages I actually give out, and one of the messages is 'It's dire, it's not going to go away, and it's not going to be easy. But on the other hand, it's our passion and our profession to not give up.' And that's one thing that we have to focus on. The other part is we have to change how we look at, and how the infections are occurring, and we have to find new ways of dealing with these issues. There are a variety of technology techniques out there that could be utilised, and they may not be utilised very unilaterally, and what we're seeing is - think of it as a very good kind of microcosm to look, I mean it's not really a microcosm, because there's 4-million machines infected. But we can look at it in a variety of different countries and say 'Well what countries have been successful, which countries have not been successful'? Are certain ISPs doing better than other ISPs. As a methodology for are we doing it the right way, are we doing the right thing? And it's a very difficult thing, and we need thinking about the pandemic-type concept for this, because the infections aren't going away. The conficker working group, has been working on this since the beginning of the year, and there's not a clear ending. How do we eliminate these 4-milllion affected machines?


Stan Correy: Botnets are multi-talented. They can deliver spam emails to millions of machines; they can DDoS your networks, in other words, Denial of Service', a saturation of a network that completely disrupts it. And Ghostnet, where the malicious software targets individual computers, takes them over and steals the information on the machine.


Evgeny Morozov, from Foreign Policy Magazine in the US, thinks something is happening with botnets, the system of capturing innocent computers around the world, that is really interesting. There's a market for botnets where you have a lot of cyber extortion gangs. What could be happening is that the botnet owners may be putting their systems out for hire.


Evgeny Morozov: The market already exists, theirs is a lot of supply of these botnets and more and more we see demand for those botnets. Whether it comes from the governments, to which we don't really have much proof yet, or whether it comes from individuals, or whether it comes from particular hate groups who don't want to see one blogger continue blogging for example. So all they have to do now is basically to pay up to the owner of a botnet, direct their attacks to this particular website, and the website will surely be down for five days or seven days or two weeks, and then it will cost a lot to actually repair and bring it back. So it is a very disturbing trend, and it's very hard to regulate. It's going to pose a major threat not just to government data and intelligence data, it's also going to pose a major threat to freedom of expression online, because if I can buy a botnet, or hire a botnet for a few hundred bucks, to attack someone that I don't like, it leads to very devastating implications for freedom of expression.


Stan Correy: Trying to tame Cyberspace, and all the goodies and the baddies that exist there, is probably Mission Impossible.


In fact, at a computer security conference in the US last month, this was the theme as they performed something of a spoof for Melissa Hathaway, who had just been chosen by President Obama to conduct an investigation into cyber security.


Man: Good afternoon, Melissa Hathaway. The digital infrastructure shown here supports critical public services and is vital to the global economy. It is jointly operated by public sector and private companies and relied upon by the global community. Criminals, terrorists and foreign adversaries have devised plans to use flaws in the infrastructure to hold the economy hostage, disrupt our government and threaten public safety. Your mission, Melissa, should you decide to accept it, is to assemble a team of experts, engage every possible stakeholder group and devise a strategy to work together for the common good. Our future depends on building a secure and reliable digital infrastructure; to pull this off you'll need to engage all of your allies across the private sector, government and in foreign governments. Please begin immediately. This Blackberry will self-destruct in 60 days. Good luck, Melissa.


APPLAUSE


Melissa Hathaway will need a lot of luck because the whole of cyber security has become entangled in a classic Washington turf battle over who should control policy.


From the Baker Institute in Texas, Chris Bronk.


Chris Bronk: There is a bureaucratic struggle going on in Washington, D.C., on who will be the lead agency for cyber security, and this really started almost three years ago when the US Air Force, which has had its fortunes decline in the current strategic environment, the Air Force is having some major programs cut now under the Obama Administration it's had some major failures and acquisitions of aircraft. But the Air Force under Michael Winn when he was the then Secretary of the Air Force, essentially staked out this piece of terrain in the bureaucratic turf wars of the Pentagon and said, 'When it comes to cyber security the Air force is in charge; we're the led agency; we want to be that service, it's our job, we do space, so why don't we do cyberspace too.' So space like communication satellites and ballistic missiles, and they saw it as a natural ancillary role that cyberspace would be wrapped into that, and the Air Force would manage the offensive and defensive military cyber operations for the United States. And the rest of the services didn't really like that.


Stan Correy: If the US Air force for instance, gets control of offensive cyber operations, one strategy could be carpet bombing cyberspace with botnets. This was the suggestion of a US Air Force Colonel, Charles Williamson, in an interview with the BBC last month. His idea was that the US should use their own botnets to attack computers that were hitting US networks.


From the BBC Report program, Colonel Charles Williamson.


Charles Williamson: On balance, it may in the right circumstance, be worthwhile and even fair for the United States to hit a computer that is hitting us and stop it from harming us for an hour or days, when that computer owner failed to take basic steps that would protect us.


BBC Reporter: So you're saying than an unpatched, un-virus protected machine that had been taken over by a botnet, even if the owner of that machine didn't know that that happened, would be a legitimate military target?


Charles Williamson: Well this is a completely new area of the law. However I'm not the only person to write an opinion that says that unpatched computers that the owners bear some responsibility for allowing harm to come from their computers.


Stan Correy: That means you and I and our children will have their nation's security as our responsibility, making sure our private computers don't become a tool in the hands of criminals or the national enemy.


It was a silly idea first floated last year, says Senior Editor of Wired Magazine, Kevin Poulsen.


Kevin Poulsen: So it would be actual Air Force machines deliberately infected with software that would allow US military to have it deluge some website somewhere with a lot of traffic, and there's no logical reason for it whatsoever, it's really just a matter of military people taking this military thinking and applying it where it really just doesn't apply. There's no advantage that I could see in the Air force wanting to take down portions of another country's internet briefly, with a sort of vandalistic attack like that.


Stan Correy: If you want to defeat the evil hackers, acting on their own or working for a government, then you have to think smart, and not use a sledgehammer tactic like using a botnet. Kevin Poulsen.


Kevin Poulsen: A botnet is still not the right way to go about that. You really want to develop a sophisticated hacking capability that allows you to break into the machines that you're targeting and do something to them from the inside. A botnet isn't that, a botnet is basically an admission you can't break into your target's computer, they're not very sophisticated, and so you're just going to flood it with garbage traffic until they're able to shut you off.


New York Times Reporter: At the Annual Cyber Defence exercise last month, competition among seven military ...


Stan Correy: The US Army is currently training its own band of cyber warriors. Early this month The New York Times did a cover story on some of their training methods. And on their website they have a video.


Video: .... We have a semester-long class where we learn all the techniques of I'd say a hacker would do and we try to learn how to beat a hacker. So for this four day long exercise we have each people set up a certain cyber warfare, we have to set up a network and we have to defend it against bad guys coming in, which is the NSA red cell. So to set up this network we had to have teams go in and build the network, and then we had people building services so that it works just like a regular network would, a regular internet would.


New York Times Reporter: These cadets most of whom will soon be sent to Afghanistan to carry out this type of war, competed here to keep their computer network operating as the NSA hackers invaded.


Stan Correy: That's an extract from a New York Times video from mid-May on US Army cadets training for cyber warfare.


Now here's a somewhat cynical commentary on that video done for Popular Science Magazine by Stuart Fox.


Here's a reading.


Reader: The video accompanying the article has the answer to why The Times, and every other news outlet, is running so many cyber war articles these days.


The video's narrator refers to 'these cadets, who will soon be sent to Afghanistan' to combat cyber-terrorism. Really? The Taliban, a rural insurgency composed pr9imarily of semi-literate tribesmen, is a hacking threat? Not really, but by linking cyber security, which has in the past focused primarily on Russia, China, and criminal gang, with the current war in Afghanistan, the Army is laying claim to a piece of the budget pie.


Stan Correy: The hype about cyber war doesn't necessarily help those people whose job it is to take on the hackers who do attack computer networks. James Mulvenon would like the US to be more aggressive in dealing with hackers wherever they are.


But even he has a concern about how to advise the President, when the White House computers are being attacked.


James Mulvenon.


James Mulvenon: I can't sit in the Oval Office and tell the President, 'We know the last hop of this attack was in Shandung Province in China, at an IP address. We have very little confidence in our ability to say that the attack actually originated there, and we have almost no confidence whatsoever in our ability to attribute that attack to China or even the Chinese government. No-one in that circumstance is going to authorise conventional military operations against a nuclear power.


Stan Correy: And in a strange twist, Mulvenon is even worried that publicity about the Chinese cyber threat is complicating things.


James Mulvenon: I would not be surprised if every other State and non-State actor in the world is now routing their computer network exploit and intelligence gathering activities through servers in China in order to further pin it on the Chinese, which just again further complicates and obfuscates the attribution problem.


Stan Correy: the latest gossip in Washington is that a billion dollar bureaucracy will be created to oversee cyber security. Whether that bureaucracy can really help the President decide whether to take out a computer network attacking America's infrastructure is still unknown.


As we've heard today, the enemy computer could be in Shanghai, Melbourne or even in the White House itself.


The shape of future warfare is still very vague. From the University of Leeds, Gary Rawnsley.


Gary Rawnsley: You know, you only have to look around the world and see the kind of conflicts that we're all engaged in, and see that it's not being waged in cyberspace, it's being won and fought and lost on the battlefield and in the streets of places like Basra and Kabul. It's very easy I think, given the technology, to believe that this is the way of the future. Well you know, I remember watching a program called Space 1999 when I thought we were all going to be living on the moon by now. You know, it's all future-oriented in many respects, and this reminds me of what I was reading these military reports from the United States, full of the acronyms that the military love so much, full of all these nightmare scenarios about technology, and while I reading this, I was listening to a report on the radio about a suicide bomber who walked into a marketplace in Jerusalem and blew herself up along with many other people. And there just seemed to be a contradiction there between what I was reading about computers and the internet and everything else, and still this propensity of people to engage in traditional forms of warfare.


Stan Correy: Background Briefing's Co-ordinating Producer is Linda McGinniss. Research by Anna Whitfeld. Technical Producer, Timothy Nicastri. The Executive Producer is Kirsten Garrett. I'm Stan Correy. You're listening to ABC Radio National



© Copyright Leeds 2014