- MENU
- HOME
- SEARCH
- WORLD
- MAIN
- AFRICA
- ASIA
- BALKANS
- EUROPE
- LATIN AMERICA
- MIDDLE EAST
- United Kingdom
- United States
- Argentina
- Australia
- Austria
- Benelux
- Brazil
- Canada
- China
- France
- Germany
- Greece
- Hungary
- India
- Indonesia
- Ireland
- Israel
- Italy
- Japan
- Korea
- Mexico
- New Zealand
- Pakistan
- Philippines
- Poland
- Russia
- South Africa
- Spain
- Taiwan
- Turkey
- USA
- BUSINESS
- WEALTH
- STOCKS
- TECH
- HEALTH
- LIFESTYLE
- ENTERTAINMENT
- SPORTS
- RSS
- iHaveNet.com
Alex Kingsbury and Anna Mulrine
More than two dozen professional hackers have set up operations in exurban Virginia beside a mock military headquarters made of plywood. Huddled over laptops, they are preparing to launch a vicious barrage of cyberattacks. Once they break into their targets' computer networks, the nefarious possibilities are myriad: shutting off phone lines, overloading citywide emergency response systems, or simply slinking around to pilfer passwords.
Not far away, the defenders prepare for the onslaught they know is coming during the two-day "Cyberdawn" exercise, one of the country's premier electronic war games. It is run with the help of volunteers by the private firm White Wolf Security, which also arranges closed war games for some federal agencies. The chance to test their cyberskills has attracted groups from private companies as well as the U.S. military. Ten teams, including those from West Point and the
The exercise pits teams from the U.S. military, the military's service academies, corporations, and even teenage computer savants against live hackers who look surprisingly innocuous. Most could easily be mistaken for middle-aged accountants, in neat khaki slacks and button-up shirts. Others are sporting Puma training jackets and baseball caps. The de facto leader of the group has donned a stylish black bowling shirt with a name patch that reads, simply, "Hacker." They have been instructed to use any means short of causing physical damage to exploit the vulnerabilities of their prey, placing them on the front line of what is an increasingly vital area of national security--the art and practice of offensive cyberwar.
Public debate about cyberspace revolves almost exclusively around questions of defense. Are retailers adequately protecting their customers' credit card information? How can home computers be immunized against nettlesome viruses? When will the Pentagon more effectively be able to stop hackers in Russia and China from stealing military secrets?
Offensive cyberwar itself can encompass espionage, intercepting communications, and disabling computers and other infrastructure. The United States has those capacities, but the scope of the arsenal receives far less ink than the status of the country's defense. The Obama administration issued a report on that aspect in May and announced the creation of a cybersecurity czar to organize defense. But the sections of the report that address the country's offense remain highly classified, according to officials familiar with its contents. That's frustrating to many people in the national security field. "The only way that deterrence works is if the other side knows that you have weapons and the willingness to use them," says Charles Dodd, an expert in cyberwar at the security firm Nicor Global, who advises the
The technical details behind these operations are very hush-hush, as disclosing them inevitably exposes the sources and methods of intelligence collection or military exploitation. The Pentagon, for instance, is keen to protect what hackers call "zero-day exploits," an industry term for vulnerabilities that enemies do not yet know exist. "There's a never-ending race for them," says Tim Rosenberg, who founded White Wolf Security. "You find it; now how long can you use it before the rest of the world finds out about it and you've got to move on to the next vulnerability? It's a never-ending game of leapfrog."
Despite the secrecy, brief glimpses of several cyberwar incursions have surfaced recently. The
In 2004, Thomas Reed, a retired senior national security official, revealed the extraordinary story of how the CIA tricked the Soviet Union into stealing doctored software that later destabilized the trans-Siberian gas pipeline. That fancy bit of hacking caused a massive explosion in a wilderness section of the pipeline in 1982 that was visible from space and equivalent in size to that of a 3-kiloton nuclear weapon, according to Reed, who at the time sat on the
Three former senior military officials involved in electronic warfare, speaking on the condition of anonymity for this article, say that the United States contemplated a cyberattack against the Iraqi financial system around the time of the 2003 invasion. The plan was abandoned after analysts predicted it could shatter confidence in the global banking system. "Seizing or freezing those funds during the war could cause havoc afterwards, even beyond the Middle East, if people felt that they couldn't trust the banks to protect their money," says one official.
Communications and computer networks are the most obvious targets for cyberwar. But as technology spreads into more areas of the human experience, the possibilities for hacking grow exponentially. One potential application could be hacking into an enemy dictator's digital pacemaker, for instance, and making it go haywire. It is technologically feasible and would be the geek equivalent of a well-placed marksman's bullet, hackers say. They call it "digital sniping." Or hackers could break into an enemy country's banking system and scramble or delete accounts to cause havoc in the streets and a collapse of confidence in the government. "Accessing networks or disabling physical infrastructure remotely is, frankly, cheaper and safer. People do not have to risk their lives stealing documents, and pilots don't have to take antiaircraft fire bombing power stations," says one former senior intelligence official familiar with aspects of offensive cyberwar.
White Wolf's Rosenberg foresees a new generation of hybrid warriors. A former soldier and cyberwarfare go-to guy for the defense industry, he imagines one day deploying U.S. military cyberforces who might work in conjunction with special-operations units to remotely shut down power to a building prior to a military strike or hack into a security camera and kill the video feed. "There are all kinds of ways you can conduct cyber-physical operations," says Rosenberg, who adds that the field should also be considered a career track, which would enable the military to rank skill levels.
However, launching cyberattacks is illegal, which makes it tricky to train what Rosenberg calls "cybersamurai."
Over time, specialists guarding the barricades begin to feel like Sisyphus, the mythical Greek condemned to an eternity of pushing a boulder up a hill only to have it roll back down again. And on a number of occasions, the only defense is isolation. In 2007, amid a larger political dispute, hackers apparently based in Russia mounted cyberattacks against Estonia, shutting down ATMs and newspaper and government websites. To halt the onslaught, the Estonian government cut international Internet connections, isolating the country from the rest of the cyberworld.
At Cyberdawn, the military's best-case scenario often involves sacrificing security in some realms in the hopes of defending others, says Col. Barry Hensley, director of the Army Global Network Operations and Security Center since
The predicament is also a costly one. A malicious worm attack in the Pentagon's computer networks this year has cost millions of dollars to mitigate. Last month, Deputy Defense Secretary William Lynn noted that though the Internet has shifted national defense paradigms, the technology itself is still young. "In terms of cybersecurity, we're still in the era of biplanes and dirigibles."
America's technological dependence and vulnerability to attacks explain why officials are reluctant to discuss the U.S. cyberarsenal. "Right now we have the brain capacity to launch attacks, but we have neither the technology nor the personnel to fight off a counterattack, nor the means to know exactly where an attack comes from," says James Lewis, a cybersecurity researcher at the
An attack launched from Russia against Washington, for example, could be routed through North Korea or the United Kingdom, making it difficult if not impossible to ascertain the culprit. "So we have a capacity to hit back, but how do you know who to hit? And how do you know that the target you are hitting was actually responsible?" says Fred Rica, a cybersecurity expert with
In other cases, the perpetrators are more obvious. The Chinese government, while publicly denying offensive cyberoperations, makes little effort to hide its activities, according to the U.S. intelligence community. Congressional leaders have been told for years that China is one of the most aggressive players in state-sponsored hacking. "The U.S. doesn't define what constitutes an act of cyberwar, so countries like China--while publicly denying it--are going full speed ahead to take advantage of us," says Nicor Global's Dodd. "It would be good to see the government putting some money behind offensive capabilities to fight back."
Back at Cyberdawn, the vulnerabilities are becoming apparent. Hacker Paul Asadoorian is deploying "agents" into his victims' operating systems and begins running a customized attack program. "Now I can do all sorts of fun things," he says as he pulls up the start menu of his opponent's computer. "I can jump into the system--here's a screen shot," he says, pointing at the monitor as he takes note of what's running on the network. This includes a screen shot of everything his victims are typing and reading. "And they have no idea I am here," he says.
There's no doubt the cyberwar learning curve is steep. An hour after the cyberattacks begin, the