return to ICG Spaces home    ICG Risk Blog    discussions    newsletters    login    

ICG Risk Blog - [ InfoT Public ]

Timely revisiting of Jeffrey Record's Bounding the Global War on Terrorism

  #

On the eve of Condi Rice's sworn testimony before the 9/11 Commission and in the aftermath of the Falluja mosque strike, it is valuable to look again at Jeffrey Record's essay "Bounding the Global War on Terrorism" published in the Army War College's Strategic Studies Institute (SSI) in December 2003. While the article carries the standard disclaimer as to "the views expressed" the SSI director recommended it and the commandant of the Army War College approved it.

Record examined three features of the current war on terrorism:

  • Administration’s postulation of the terrorist threat
  • Scope and feasibility of U.S. war aims
  • War’s political, fiscal, and military sustainability

Record's central criticism is that the administration has overreached itself and has not kept its "enemies to a manageable number." Lest anyone dismiss Record as they have Clarke, Record's writings were quite critical of the Clinton administration while he was on staff at the Air War College.

I submit that it is worthwhile reading, done far away from a media spotlight, and could help us select the best path out of our current condition on the ground.

Summarizing his conclusions (Note that 'GWOT' stands for the Global War on Terrorism):

  • Deconflate the threat. (Treat rogue states separately from terrorist organizations, and separate terrorist organizations at war with the US from those that aren't.)
  • Substitute credible deterrence for preventive war as the primary policy for dealing with rogue states seeking to acquire WMD. (Shift US focus from rogue state WMD acquisition to rogue state use of WMD.)
  • Refocus the GWOT first and foremost on al-Qaeda, its allies, and homeland security.
  • Seek rogue-state regime change via measures short of war.
  • Be prepared to settle for stability rather than democracy in Iraq, and international rather than U.S. responsibility for Iraq.
  • Reassess U.S. force levels, especially ground force levels.

Record closes with Frederick Kagan's argument that the reason why

"the United States [has] been so successful in recent wars [but] encountered so much difficulty in securing its political aims after the shooting stopped" lies partly in "a vision of war" that "see[s] the enemy as a target set and believe[s] that when all or most of the targets have been hit, he will inevitably surrender and American goals will be achieved."

"If the most difficult task facing a state that desires to change the regime in another state is securing the support of the defeated populace for the new government, then the armed forces of that state must do more than break things and kill people. They must secure critical population centers and state infrastructure. They have to maintain order and prevent the development of humanitarian catastrophes likely to undermine American efforts to establish a stable new regime."

Gordon Housworth



InfoT Public  Infrastructure Defense Public  Strategic Risk Public  Terrorism Public  

discussion

  discuss this article

Building parasitic infections atop MyDoom

  #

As predicted, Doomjuice and Deadhat, two attacks against PCs already compromised by MyDoom, were soon released, i.e., if you contract either of these, your machine has MyDoom and you just don't know it. Three weeks after the MyDoom attack, which initially infected some 2,000,000 PCs, about 50,000 or 75,000 PCs remain infected. Doomjuice and Deadhat use that base as a launching point, but fortunately they are not particularly imaginative in their exploit targets at they continue the attack on Microsoft and SCO.

Let me lay out the scenario that I might use. (You can read the excellent article, "The Virus Underground" in the 8 February, 2004 New York Times to see where I would go to get some of my tools.) While the article has scrolled off into the archives, I have found it in PDF and text elsewhere.

As an average terrorist, I am less skilled that the average script kiddy that launches so many of the attacks. I need a source for skilled tools so I visit sites maintained by brilliant, often young thinkers that write them as an academic effort and post them to their websites -- which is where most of the script kiddies get them, along with a series of message boards that traffic in these things.

I read up on the writings of the good anti-virus and security writers, track the Black Hat conference proceedings (but don't attend as the feds monitor who shows up and tech firms try to recruit) and other sources, locate some of the many sources for thoughtful malware and autogenerators. Then I plan the architecture of the attack down to the social engineering aspects most attractive to my attack (if I am using a virus) as a worm runs by itself.

I study the infection paths and timing of other great releases. I look for the bugs that limited their spread (such as in MyDoom.b which greatly limited the DDOS attack on MS).

I would investigate the record of any target site in dealing with prior attacks and what level of sysadmin skills they have in dealing with computer threats. I may or may not probe a target site myself as I do not want to show my hand as, if the sysadmin is really good, they will watch me and see what I am up too while they try to identify me.

Then I sort out a primary and secondary, and with a little foresight, a third wave of infection. (After all, al Qaeda loves redundancy.) I download what I need from various sites, make minor modifications and I am ready. I may have even tested my attacks against a local net that is isolated by various hardware and software firewalls so that I can prevent infection to the outside world that would give away the element of surprise.

Of course, I will launch my secondary and tertiary attacks while the infection is still high on the first and so offers a larger launching platforms. My second attack could be against the anti-virus firms themselves (variation of the 'shoot the fireman' attack.)

Now the bad guys -- and you -- are off to the races. And another bite is taken out of infrastructure protection.

New viruses feed on MyDoom infections
By Robert Lemos
CNET News.com
February 9, 2004, 4:45 PM PT

Gordon Housworth



Cybersecurity Public  InfoT Public  

discussion

  discuss this article

Building a COTS (Commercial Off the Shelf Technology) cruise missile Part II

  #

See Part I for Background and my Ground rules for acquisition.

Results were very successful. Some highlights:

Ability to assemble an R/C craft that could launch conventionally, switch over to GPS autopilot, fly a course either to a target or a race track round trip and allow it to again be taken over by another user for terminal homing or landing. Some small autopilots and telemetry systems will squeeze into a .20 or .40 size sport plane, but anything goes once you reach a .40 or .60 sized trainer, medium sized sailplane, jet, and certainly any 1/4 to 1/3 scale models on up.

Many PC simulators for a variety of fixed wing and rotary wing R/C models.

Nose video cameras that could superimpose imagery over a heads-up cockpit display based on telemetry sent back from the bird. If the ground pilot was properly trained, it was possible to fly something onto the target just like the big boys.

Moderate to large piston engine-aircraft capable of moving substantive payload. In case a reader is thinking of tiny balsa wood items, I found piston engine craft at the larger end of the R/C spectrum at 13 foot wingspan and 70 pounds. On the lighter end, I could find electric helicopters, some of whom could out fly their gas powered competitors. All could, of course, mount video cameras.

Model jet engines producing 30 pounds of thrust from a 6 pound unit.  While there are jet kits, there are also excellent sites such as the United States Radio Controlled Jet Command (USRCJC) whose "sole interest is in flying Radio Controlled models of jet aircraft including those that are turbine-powered, piston engine, and electric ducted fans."

TX-RX (transmit-receive) units for R/C control that used synth (synthesizer) frequency generation so that users can select any frequency on-the-fly within the R/C band - beneficial in an RF confused area such as an urban or industrial area.

Availability of both analog and digital control channels that could respond to voltage, amplitude, pulse variations in order to control and monitor payload release and aircraft performance.

Smoke systems intended for demonstration flying are intriguing as a dispersal mechanism for other agents. Certain smoke pumps use one TX-RX channel to toggle on/off. More investigation is needed but the sprayer function is strong.

Conversations with one producer of high-end CNC machined landing gear systems (all machined from solid stock so as to dispense with weldments and seamed tubing in order to approximate the strength of the forgings of their big brothers), included a story that a military UAV producer had hard-landed a prototype using their gear set and had merely bent the strut back instead of breaking it off. That was one of many examples of superb R/C components that are already being harvested by mainline defense contractors. Dual use indeed.

Summary:

One of the things one learns from cruise missile defense is that merely disabling the warhead or the bird is not enough as the kinetic impact and secondary ignition of remaining fuel is often enough to substantially harm the target. Depending upon the intended use, it might not be necessary to create a conventional warhead for an R/C attack vehicle.

If the intent is to surveil or deliver/spray a payload, then an R/C aircraft can be launched, perform its mission, and subsequently be recovered -- if for no other reason than to forestall discovery of the means of an attack or that an attack had occurred. The cost of the systems is low enough and simple enough that it could be produced in a quantity that would satisfy the redundancy needs of groups like al Qaeda.

Initial results of my one-day field trip and a bit of follow-up research showed that it is feasible for a diligent and reasonably agile individual or small group to create a COTS hunter-killer and surveillance R/C model fleet, a poor man's Predator.

Did I mention R/C boats and submarines?

Follow-on Part III

Gordon Housworth



InfoT Public  Terrorism Public  Weapons & Technology Public  

discussion

  discuss this article

Building a COTS (Commercial Off the Shelf Technology) cruise missile Part I

  #

A field trip to the 50th Annual Toledo Radio Control Exposition on 2 April with the goal of assembling a COTS fleet of attack and surveillance UAVs (Unmanned Aerial Vehicles) was a glowing success.

I am not an R/C pilot so I could start clean as would any other reasonably technically inclined individual. My ground rules were:

  • Could pay cash for everything
  • Could buy everything in-country and so not have to bring items across a border
  • Could buy all items in a population-dense environment not immediately likely to be surveilled
  • Could obtain PC-based simulators in order to covertly learn how to pilot either fixed wing or rotary wing aircraft, i.e., before I tried to fly a physical device
  • All essential components were either genuinely plug and play or already available in kitted form
  • Could obtain functional schematics and instructions for all installs/add-ons
  • Ability to install GPS autopilots with ground pilot override
  • Ability to install real-time video cameras and their RF links
  • Ability to install digital camera triggering
  • Ability to carry payloads (and either release, spray, or otherwise distribute the payload)
  • Option for stealth/noise abatement
  • Ability to do it at modest cost in comparison to anything a military unit would field and, labor costs aside, be within al Qaeda's frugal pocket book

Background:

I follow both the UAV and the micro-UAV (MAV or MUAV) segments and have been watching the deployment of what are called "back-able" as in backpack-able small UAVs for the marines and army. I was aware of Yamaha's superb RMAX commercial UAV helicopter, the latest in a series of fine AVs (Autonomous Vehicles) and am familiar with the collaborative work between R&D and computational science groups at NASA Ames Research Center. I was also aware of the PRC's effort to build its own version of the RMAX, called the "air robot."

If any reader is a follower of Japanese technology development, about the best we have is David Kahaner, now at ATIP (Asian Technology Information Program). Kahaner was writing on the control logic for the Yamaha R-50 (predecessor to the RMAX) back in the mid-90s, concluding that it was "An excellent case for "dual usage" technology."

I felt that it was time to see what a COTS assembly would produce as my assumption was that US homeland security might not be thinking asymmetrically as to what aerial threat profiles a perp could produce inside CONUS. (Remember that al Qaeda has had a focus on 'controlling the flight deck' and delivering a payload. The first attempt was converting twin engine passenger craft into 'crop dusters.' Only when that failed did al Qaeda shift to taking control of airliners.)

Results in Part II

Gordon Housworth



InfoT Public  Terrorism Public  Weapons & Technology Public  

discussion

  discuss this article

Impact of 8 to 16 million MSBlast infections

  #

MSBlast infected 8 million PCs and possibly upwards of 16 million according to MS data derived from users connecting to Microsoft's Windows Update service . If this is even dimensionally correct it blows the top off previous estimates of those attacks. Look back at my 4 April note, Revisiting Clarke's six bleak IT trends from October 2003, and the costs go off the scale.

How much distraction and lost productivity is that? Could that not be construed as an attack against US interests, or, by some, as an effort to affect the US economic landscape and so the political landscape? Before you answer, remember that my favorite line from Aristotle is, "Though the boys throw rocks at the frogs in jest, the frogs die not in jest but in earnest." Frogs are dying here, regardless of the intent of the perps.

I would also take this time to say that I had forgotten the most important part of Clarke's cost impacts listed in his six trends, and that is, Who actually pays? As of now, it is still the consumer, commercial and individual, as software vendors have heretofore escaped liability suits.

When I read in this article about the redirection of MS staff to develop patches and interim releases, and then couple that with announced delays of something as important as the Longhorn beta in order to improve Windows XP security (and the eventual Longhorn beta will have certain planned features pruned, apparently for security concerns), I think that I see MS institutionalize a threat to itself. Either users will finally revolt and suits will rise to recover the costs of these attacks or users will vote with their feet to other platforms, perhaps both. Were I the federal government, I would be asking MS for a major step in this direction on national security grounds.

If a rank outsider as myself can see this coming, why should not MS given the wealth of data that it has in its hands?

P.S. I think that if MS can produce a genuinely "trustworthy" release or even be perceived as making a very substantial move in the direction of "trustworthy computing" that they can buy time and use that as a selling point to retain clients. As of now, I want a few features (notably in groupware and interoperability) but I very much want a secure environment for my firm and every other member of my critical path and our supply chain to our end-users.

MSBlast epidemic far larger than believed
By
Robert Lemos
CNET News.com
April 2, 2004, 5:02 PM PT

Gordon Housworth



Cybersecurity Public  InfoT Public  

discussion

  discuss this article

Lesson learned from Pentagon's accidental posting of budget numbers

  #

The inadvertent posting of Pentagon budget numbers is yet another good example of the value of keeping key websites under continuous surveillance, i.e., tracking to flag any changes. DoD sites are notorious for unintentionally popping things on and then scrambling to get them off. (DARPA's aborted futures market, Policy Analysis Market (PAM) was launched and pulled in the same day -- all gone by early afternoon.)

"The Pentagon accidentally posted hundreds of pages worth of details from its forthcoming 2005 budget on its web site. The Defense Department had previously said that Bush would request $401.7 billion, 7 percent over this year. Among the proposals it revealed -- and quickly removed from its site -- was data on weapons procurement, research and development, military construction, and operations and maintenance."

Were I a foreign power, I would have servers dedicated to catching and flagging such additions and removals.

Were I a commercial firm, I would so surveil my competitors' sites (to include scanning them for materials not yet linked -- new product releases or news releases often get put on the site but are not linked until a specific time in the future):

Full text of the original AP message is contained in:

Soaring Bush Budget Angers GOP
WASHINGTON, Jan. 30, 2004

Original:

Pentagon Budget Numbers Posted by Mistake
By THE ASSOCIATED PRESS
Published: January 30, 2004
Filed at 3:21 p.m. ET

Gordon Housworth



InfoT Public  Infrastructure Defense Public  

discussion

  discuss this article

SoCom and Special Forces formally assume spy and intel collection duties

  #

The assumption of spying and intel collection duties by SoCom and Special Forces has, of course, already started and has interesting effects that have been discussed in sidebar conversations:

(1) As SoCom ops go deeper, both in terms of geography and clandestine relations, their dress will look (already looks) increasingly like irregular soldiers of, say, the Taliban or the Chechens. (The SF soldier in the photo that accompanied this article wore a pawkul, the flat, brown felt cap with a narrow circular brim common to most Afghans, atop more traditional military attire. Look at the Delta folks protecting Paul Bremer. Etc.) When do these US forces lose their military distinction and pass into enemy combatant status?

(2) Use of SoCom/military forces overcomes the reticence of DO civilians to 'get dirty' and live a life of privation. (Rightly or wrongly, Langley and Meade both regarded the various service intelligence arms as 'cheap hired help' during my tenure.) We will get farther "in country," stay longer, and build more realistic relationships. (Fewer glib and erroneous Chalabi-like creations are possible.)

(3) Humint collection goes up. While it is difficult to penetrate terrorist cells, one of the best alternatives is to be close to those that can or that know were they pass or congregate as that makes it easier to interdict or eavesdrop.

(4) We may regain a counterbalance to our overwhelming reliance on "national technical means of collection" that the Church Committee and the subsequent Levi guidelines dismantled. Useful early warning goes up.

(5) Your mileage may vary on the merit of this, but a US administration will not have to submit a "finding" or notification to Congress as is would if it uses DO staffers.

(6) And we will be able to have a lot more folks covertly in-country here and there. Your mileage may again vary, but I would prefer that to large, targetable (both from hostile fire and congress) US troop deployments.

Green Berets take on spy duties
By Rowan Scarborough
THE WASHINGTON TIMES
Published February 19, 2004

Gordon Housworth



InfoT Public  Strategic Risk Public  Terrorism Public  

discussion

  discuss this article

Revisiting Clarke's six bleak IT trends from October 2003

  #

While Clarke was often dismissed as a Cassandra, and a gloomy one at that, while cybersecurity czar, I would agree with his assertion that the cost of the So big attack justified taking his warnings more seriously. I absolutely feel that subsequent attacks have justified his assertions.

Clarke outlined six trends when he addressed the Gartner Symposium/Typo 2003 in October 2003:

  1. Rising vulnerabilities: Announced vulnerabilities doubled every year for the last three years (Wonder if Moore's Law will have an analog in Clarke's Law?)
  2. Rising patches: Patches for those vulnerabilities has doubled every year for the past three years. (Patch management is a sinkhole for both individuals and companies)
  3. Falling "time to exploit": "Time to exploit" has dropped from months to six hours (in late 2003). (This is the time for an exploit to reach hacker blogs and IRC rooms. "Time to the wild" -- that's us -- follows shortly thereafter)
  4. Rising rate of propagation: Attacks now quickly infect 300,000 to 400,000 machines
  5. Rising cost of cleanup: Worldwide cleanup cost for 2002 was $48 billion, rising to an estimated $119 billion to $145 billion for 2003)
  6. Rising identity theft: $99 billion cost in 2002 (and 2002 incidents were 1/3 of the last five years' total)

Status? We have done nothing as of today to ameliorate any of the six. As I mentioned in an earlier note, the bad guys are operating inside our decision loop:

Ex-cyber security czar Clarke issues gloomy report card
By David Berlind, Tech Update
October 22, 2003

Gordon Housworth



Cybersecurity Public  InfoT Public  Infrastructure Defense Public  

discussion

  discuss this article

Increasing the pressure on Spain: new device under track is similar explosive

  #

Saying that the 12 kilo device was "made of the same type of [Goma 2 Eco] explosives used in last month's Madrid terror bombings" is not the same thing as a marker analysis, so 'same' could instead be 'similar.' Once marker analysis is completed, they will know if it is from the same lot that was stolen by the unemployed miner and sold to the Moroccan "miners."

Saying that "No train was near the site when the bomb was discovered" may be correct but is not meaningful as the device "failed to detonate because it wasn't properly connected." That could indicate that detonation was attempted during a previous train's passage over the device. The fact that it was put under a track often used by high-speed trains strikes at national pride, hits home at all those able to use it, and would presumably cause even greater casualties by virtue of a high speed derailment. (Think of an Atocha-scale blast at high speed. The secondary casualty figures would be substantial.)

The fact that this device was triggered by a 450-foot-long cable and not a cellular phone means that the bad guys were up close to this attempt. As it appears to be a recent placement, it also indicates that more perpetrators are still at large to operate. (Placement was recent due to differential wetness of device and ground.) 

Whoever is actually doing this is intelligently pressuring the Spaniards, already an 'underbelly target' with promises of more attacks against their diplomatic missions in North Africa and the Mediterranean, many of which would be soft targets as well.

Spain Confirms Matchup of Bomb Materials
By THE ASSOCIATED PRESS
April 3, 2004
Filed at 7:44 a.m. ET

Gordon Housworth



InfoT Public  Strategic Risk Public  Terrorism Public  

discussion

  discuss this article

Improving the Suspicious Activity Report (SAR)

  #

BENS tasked its members with a "Follow the Money" project in an effort to improve the government’s ability to identify, follow and disrupt financial activity related to terrorism. The Suspicious Activity Report (SAR) is the primary method for financial services firms to report activity that may be related to terrorism.

"The Suspicious Activity Report (SAR) system was created in 1996 to replace six overlapping methods of financial information reporting with a single, more uniform process. The SAR was designed to reduce paperwork for the banking community and to increase the amount of useful information available to investigators. SARs have been called "haystacks of needles", therefore it is crucial the information in these reports is systematically collected and analyzed carefully. Since the Patriot Act in 2001, the SAR process has expanded from money laundering detection to intelligence gathering for identifying financial transactions that may be related to terrorism. Moreover, the Patriot Act requires that many more financial institutions submit SARs resulting in a corresponding increase in the number of reports."

US government has expanded recommendations to recognize traditional money-laundering activity to include possible terrorist activity. These recommendations include:

  • Financial activity to and from countries identified as state sponsors of terrorism
  • Financial activity inconsistent with the stated purpose of the business
  • Financial activity not commensurate with stated occupation
  • Use of multiple accounts at a single bank for no apparent purpose
  • Importation of high dollar currency/traveler’s checks not commensurate with stated occupation
  • Structuring of deposits at multiple bank branches to avoid BSA requirements
  • Abrupt changes in account activity
  • Use of multiple personal and business accounts to collect and then funnel funds to a small number of foreign beneficiaries.

Financial institutions express a common concern that the SAR process lacks feedback to filers, i.e., their reports go to a "black hole" despite the publishing the SAR Activity Review Report, information about, and examples of, how SAR’s are being utilized.

Opinions differ as to source of the problem -- better process or systems -- but it is likely both.

I would tend to use this as a guide to how SAR does and doesn’t work in practice. Yes, "more frequent, more concise communication" would be better, and that may work with white collar crime, or organized crime.

It does not affect the off books method of money transfers of the hawala informal financial system in which merchants around the world act as intermediaries for money transfers and is so favored by terrorist groups.

Improving the Suspicious Activity Report (SAR)
Recommendations for Improving the Suspicious Activity Report (SAR)
Business Executives for National Security (BENS)
11 April 2003

Gordon Housworth



InfoT Public  Infrastructure Defense Public  

discussion

  discuss this article

Prev 51  52  53  54  55  56  57  58  59  60  61  62  [63]  64  65  66  67  68  Next

You are on page 63
A total of 68 pages are available.

Items 621-630 of 673.

Pages: [1 - 25] [26 - 50] [51 - 68]


<<  |  August 2019  |  >>
SunMonTueWedThuFriSat
28293031123
45678910
11121314151617
18192021222324
25262728293031
1234567
view our rss feed