return to ICG Spaces home    ICG Risk Blog    discussions    newsletters    login    

ICG Risk Blog - [ InfoT Public ]

Security product to strike back at hackers


I am old enough to have listened to Herman Kahn lecture on "megadeath" (a term he coined in attempting to quantize the effects of nuclear wargaming) and read his seminal work, "On Thermonuclear War," when it was first issued. Symbiot should read it now, especially the Nth order escalation scenarios and their ping pong effects -- notably when an N+1 state spoofs an attack that appears to come from another state. If the N+1 state can escape detection (or in the case of a stateless terrorist have no state to identify and attack), the other states pound one another silly, often operating from a "use it or loose it" mentality.

Were I a bad guy, I would spoof attacks (by prelaunching MyDoom style assaults to set up a controllable network of PCs) and then let Symbiot perform a DDOS counterstrike for me. The more Symbiot installs there are, the more N+1 escalation that occurs. And brush aside their comments that it is designed around the doctrine of "necessity and proportionality." We are talking about a user community that hasn't learned to change default passwords on their WiFi gear. Are we to assume that they are able to establish appropriate counterforce levels and optimize it as their threat envelope changes over time? For those answering yes, I've got some beachfront Arctic property for you, cheap. At least go see Errol Morris' film, "The Fog of War." Even the military struggles with this and they are trained for it.

Note that I am not against counterforce attacks but would very carefully launch them under defense/military control as a covert op rather than have civilians triggering them willy-nilly. (States can also execute ops that would violate statute were they launched by private enterprise.) I am also not averse to targeting the perps themselves. (Yes, I am aware of the extraterritoriality and preemption issues that are at stake here.) Another aspect of this code: I think that we will see hacker attacks using Symbiot-style code (perhaps even reverse engineering Symbiot itself). Another genie to escape the bottle. Your mileage may vary:

Security product to strike back at hackers
Munir Kotadia
March 10, 2004, 8:34 AM PT

Symbiot, a Texas-based security company, plans to release a corporate defense system that fights back against distributed denial-of-service and hacker attacks by launching counterstrikes.

Mike Erwin, Symbiot's president, and Paco Nathan, its chief scientist, are preparing for the release by posting a set of "rules of engagement for information warfare" on the company's Web site. They say such rules should be part of corporate security policy to help companies determine their exact response to an incoming attack.

"Until today, security solutions have been totally passive in nature. Merely erecting defensive walls around the perimeter of an enterprise network is not an adequate deterrent," said Erwin, who asserts that offensive tactics must be part of a complete defense.

Symbiot, located in Austin, said it bases its theory on the military doctrine of "necessity and proportionality," which means that the response to an attack is proportionate to the attack's ferocity. According to the company, a response could range from "profiling and blacklisting upstream providers" to launching a distributed denial-of-service (DDoS) "counterstrike."

Graham Titterington, principal analyst at Ovum, said "such a counterattack would not be regarded as self-defense and would therefore be an attack. It would be illegal in those jurisdictions where an antihacking law is in place."

He added that because many hacking and DDoS attacks are launched from hijacked computers, the system unlikely find its real target. "Attacks are often launched from a site that has been hijacked, making it an unwitting and innocent--although possibly slightly negligent---party," Titterington said.


Governments could soon be using hacker tools for law enforcement and the pursuit of justice, according to an expert on technology-related law. Joel Reidenberg, professor of law at New York-based Fordham University, said denial-of-service attacks and packet-blocking technology will likely be used by nation-states to enforce their laws. This could even include attacks on companies based in other countries, he said.

Gordon Housworth

InfoT Public  


  discuss this article

Conventional war and other mentalities overlooked the armored Humvee


The Humvee and the A-10 Warthog, among other platforms, share great similarities: both unloved, beneath the radar of those envisioning grand engagements, lacking what we call a "high science-fiction coefficient" of embedded technology, almost never manufactured, and both nearly dropped from production and AF inventory.

The A-10 came to be recognized as a highly survivable "life-support system" for a remarkable 30 MM gun in which every "ugly," non-supersonic element was designed to keep pilot and gun intact over the kill box. It's design critical path is superb.

The Humvee is, I think, becoming the "mobile foxhole" and CP (command post) for mechanized infantry, especially in an urban setting. Its capacity, speed, traverse and ground clearance are fine but it has been thrust into the role of an armored car without the armor. The vehicle can carry substantial ordnance but if the bad guy gets off the first shot, it is imperiled.

Cold-War Thinking Prevented Vital Vehicle From Reaching Iraq describes a planning world in which massed tank battles in the central German plains held sway (along with the service ego of having the best toys and the manufacturers desire to provide them) had no place for an armored Humvee whereas 'low level' guerilla conflicts demand it. Now we see on-the-spot ingenuity of the GIs ad hoc armoring their 'personal transports,' much like GIs did in earlier wars (e.g., the hedgerow penetrators that allows tanks to go through a hedgerow, keeping the muzzle on the Germans, rather than going over it and exposing the tanks soft underbelly, and the decapitation deflectors on the front of a jeep that cut wires strung trails before they reached the occupants).

At the time, attention was devoted to the Army's Future Combat System, "which officials say will replace the 70-ton battle tank and should be able to do everything from high-end combat to peacekeeping. The system, which the Army hopes to field starting around 2010, will depend on unmanned surveillance planes, robotic sensors and human scouts to determine the enemy's whereabouts. Computers linked by wireless modems will then disseminate the data to troops -- who will spread out over the battlefield and attack simultaneously from several directions before the enemy can even get off a shot. Instead of armor, these new units will rely on better intelligence, munitions and speed to survive."

The armored Humvee, by contrast, was insignificant, yet the current production armored versions are performing well against most Iraqi threats.

Gordon Housworth

InfoT Public  Terrorism Public  Weapons & Technology Public  


  discuss this article

"Nuclear attribution" or post-event forensics


"Nuclear attribution," or post-event forensics, described in Addressing the Unthinkable, U.S. Revives Study of Fallout is a new form of nuclear deterrence and is the term for strike option determination by quickly identifying where the fissile materials came from, possibly who designed, and who exploded the device. It is a revival of a nearly lost scientific art of the cold war: fallout analysis. Call it a precursor step to second strike.

"As the terrorist threat rose in the 1990's, the government began to consider the quandary that would arise if a nuclear weapon exploded on American soil. In 1999, Dr. Davis, then head of the Defense Threat Reduction Agency at the Pentagon, began an effort to address the identification problem by financing research at the nation's weapons laboratories, many of them run by the Energy Department."

In order for deterrence to be viable, potential actors must know that it exists and believe it accurate -- or at least the sovereign states that harbor the actor must know it exists and is credible. It is easy to see the step where we extend preemption to say that you are guilty if you harbor, aid and abet. You are a willing coconspirator and will be held accountable. That is certainly the process that the British used under the Raj and in Central Asia (and which the Pakistanis are using now to force handover of al Qaeda operatives).

My assumption is that we are already at the implicit point of holding a harboring state responsible, but post-even forensics allows us to reduce the window of guilt and thereby increase the risk calculus of a sovereign state or entity that might be harboring or abetting a perpetrator.

Detection likely depends upon the provenance of the device, i.e., is the device drawn from, or diverted from, someone's nuclear stockpiles (for which classified sampling libraries will be brought into play) or is it a 'homebrew' never before seen or tested device. And if theft is involved, how does one define the thief and ultimate perp. They made not be one and the same and you would want to step on the entire supply chain as a matter of suppression as well as making an example for others.

"In a drill this year, dozens of federal experts in fallout analysis met at the Sandia laboratories in Albuquerque to study a simulated terrorist nuclear blast. Mr. Worlton said they were broken into teams and given radiological data from two old American nuclear tests, whose identities remained hidden, and were instructed to try to name them. Some teams succeeded."

An unfortunate sign of the times. As I have said before, better to have the FEBA (Forward Edge of the Battle Line) as far out in front as possible, and as deep into the supply chain as possible.

Gordon Housworth

InfoT Public  Infrastructure Defense Public  Weapons & Technology Public  


  discuss this article

Europe's value after Atocha


In response to Atocha's impact I had been discussing the value of the European bloc with a colleague.

It is my opinion that Europe is now more valuable than ever. The Abu Hafs Al-Masri Brigade put them in play and they must now work out a means to engage (hopefully that over capitulation). It is most valuable to have the FEBA (Forward Edge of the Battle Line) on their soil instead of ours. (Ask any German in the pre-Soviet collapse period. They knew perfectly well that a NATO-led war with the Warsaw Pact would be fought on their soil.)

As the Europeans engage, their security services will pick up intel on a wide spectrum of mutual interests. As it taxes the most disciplined fighter to sustain two fronts, the terrorists are likely to get careless in their communication and emcon (emission control). That will offer US intel an opportunity to gather additional items so that we can interdict the terrorists' wider infrastructure, logistics, and command & control.

A certain amount of US antipathy towards the French could even drain away if the French intel services engage in earnest. (Remember that the French government has its own quite significant issues with its Muslim minorities.) Despite France's public comments about liberty and democracy, the French security forces and national police are ruthless beneath the surface. The French have never endured a Church Commission and its aftermath, and its security services never suffered the equivalent of the "Levy Guidelines" as did the FBI. Notable groups are:

  • General Directorate for External Security (DGSE) (France’s MI6)
  • Directorate of Territorial Security (DST) and its public interface, the Central Directorate Judicial Police (DCPJ)
  • National police under Ministry for the Interior, and the national gendarmerie (military police) under Ministry for Defense
  • Companies for Republican Security (CRS)

These folks do not miss around. Remember that the predecessor to the DGSE (the SDECE) attempted to hijack Nigeria and its oil supply from the UK and US in 1967 by arming the Biafran secession that was suppressed at the cost of a half-million dead. A DGSE/SDECE arm, the Action Service, is used for assassinations, sabotage, aggressive interrogation, terrorist group infiltration, and "neutralization" of nettlesome folks. The DGSE was responsible for blowing up the Greenpeace vessel, Rainbow Warrior, in New Zealand.

The DGSE/SDECE Action Service and the 10th Paratroop Division were responsible for the military suppression of the FLN in Algeria at the cost of a half-million to a million Algerian dead -- along with some French anti-war protesters. A member of the 10th remarked that, "We make the Gestapo and SS look like children." There is excellent reason to believe that the Algerian excursion was approved by Guy Mollett's socialist government, including the Justice Minister, and France's ruling police and judicial establishment. Just no one made public mention of it.

It has been said that no nation can become great until it masters the art of hypocrisy. By the token, the French are ready to go. Here is a personal example: I have a friend, an American national with legal Parisian residence, that was disappeared for some days for interrogation as to why the address book of a dead Palestinian operative had her name and address in it. This event was some fifteen years ago. Yes, she was a red diaper baby of socialist parents so was seen as a likely fellow-traveler, but her story started off like the French interrogations in Algeria. She told me that she assumed that she would be violated, then killed. Luckily, she was returned to the street and released.

It should also be remembered that only the French and the Russians ended the kidnapping and killing of their nationals in Lebanon. Each informed the pertinent authorities that they would decide who was guilty (note that I said 'decide' not 'adjudicate') and then kill the grandparents, children, and grandchildren before the perp went. A few instructive examples were carried out. For men who were willing to die themselves, this variation of the Columbian "Leave no seed" killing stopped matters cold.

As grisly as it is, I had said that it was only a matter of time before Europe got its 11 September, and that time is now. They, certainly the French, will pursue matters in ways that we might not.

FYI, Mollett's Justice Minister was Francois Mitterrand, a later French President. No wonder Mitterrand was critical of the intel services.

For more on the "war without a name" and the book, Special Services, Algeria: 1955-1957, see:

French general on trial over Algeria

The Battle of Algiers

Gordon Housworth

InfoT Public  Strategic Risk Public  Terrorism Public  


  discuss this article

European extortion masquerading as a peace plan


The Abu Hafs al-Masri Brigades has offered to halt further operations in Europe to see if Spain makes good on its withdrawal from Iraq. It implied that the cease-fire could become permanent. I have been tracking the major press on this side of the pond during the day (NYT, WP, WSJ, etc) yet none are reflecting it.

In light of traffic elsewhere that speaks of the Ball, the Bat, and the Glove (respectively Bin Laden, Pakistani and Iranian pressure, and US forces), this could be another inspired gambit to reduce pressure on al Qaeda and its allies, split the alliance, and further isolate the US. As I write this, the AP is reporting that Pakistani troops think that they bottled up al Qaeda's number two, Ayman al-Zawahri. Whether they get him is not at issue in this note, but as the effort has been underway for three weeks (along with US SoCom forces operating covertly inside Pakistan), it is reasonable to assume that the faithful would do what they could to distract or degrade our efforts.

This ploy is remarkably thoughtful as no one related to al Qaeda has ever asked for anything save for unilateral withdrawal from anything declared to be Muslim lands. Now they have placed an extortion plot on the table masquerading as a peace deal. It is quite extraordinary and goes to show what good asymmetrical thinking can do against superior forces and technology.

Not being able to make effective inroads on US soil or produce mass casualties among deployed US forces, they have gone down the list of soft targets: coalition states, civilian contractors, NGO staff, Iraqi police and administration, and Iraqi and Arab civilians. Now they have carried the game onto Western European soil.

The peace card will attract some Europeans that dislike US Iraqi policy and even lead them to advocate Spain’s follow-through. It is not out of the question as even the UK once buckled under less direct pressure under Neville Chamberlain.

I had sent out an earlier, limited version of this note in response to a colleague's sending me a general trading report that we class as one that makes you 'better educated but unable to act." The only value to the missive was a "Don't be there" location list, which included such guesses as the Euro 2004 soccer matches in Portugal and the Olympic Games in Greece. Not to be unkind but your admin could have guessed those choices -- but folks have to fill up their "ink hole" by whatever means.

I would be more interested in your board of directors meeting, supervisory board meeting, staff retreat, the marriage of the CEO's son or daughter, or annual customer convention, et al, as softer targets.

The threats from the Abu Hafs al-Masri Brigades are dire. In November 2003, they were promising "cars of death" to Europeans in news caught by Agence France-Press, New York Times, and AAP:

"The Abu Hafs al-Masri Brigade statement also drew up a list of demands of the US and its allies, and called on militants to join the anti-US resistance in Iraq. "This is a golden opportunity for them [the allies] to understand the message and withdraw from the coalition of the Crusades against Islam and Muslims," it said. "If they have not understood the language of words, that of the cars of death could explain it to them."'


"The statement also defended the November 8 suicide bombing, which the Saudis blamed on al-Qaeda, of a housing compound in Riyadh that killed 17 people, most of them Arabs."

'"We have warned Muslims more than once that they must not go near the places where the infidels are to be found, and we renew our warning."'

Now they would represent themselves as guarantors of European wellbeing. Yet there are suckers born every minute that would grasp 'peace in our time.'

Gordon Housworth

InfoT Public  Infrastructure Defense Public  Strategic Risk Public  Terrorism Public  


  discuss this article

Bioterrorism Drill TOPOFF 2 -- Failing to think like al Qaeda & relearning old lessons


A fictional terrorist group, GLODO, carries out a simultaneous attack again Chicago using pneumonic plague and Seattle using a radiological bomb. Such was the premise of a May 2003 public safety exercise known as TOPOFF 2 -- for "Top Officials 2" -- and designed to test and improve US domestic response to terrorist incidents including WMD.

DHS and State sponsored the 5-day, $16 million full-scale exercise and simulation event in an effort to improve upon the results of TOPOFF 2000 held in Denver and involved a fictitious germ warfare attack. While Chicago and Seattle volunteered for exercise, these cities were chosen for TOPOFF 2 due to their proximity to Canada as one of the goals of the simulation was to test coordination between the two countries.

Although no explosives or harmful substances were used, real first responders worked simulated crime scenes and treated volunteers pretending to be victims. Although both cities were expecting an "attack," many details remained secret so that first responders and government officials would be surprised. GLODO had clandestine bioweapons labs in each city.

Nineteen Federal Agencies, the American Red Cross, State and Local Emergency Responders from the states of Illinois and Washington, as well as Canada were involved. The exercise provided valuable lessons, including the realization that multiple control centers, numerous liaisons, and increasing numbers of response teams only complicated the emergency effort. (Programmers will recognize the "mythical man month" syndrome.)

DHS released its unclass summary of TOPOFF 2 in late 2003. Performance improvements were noted over TOPOFF 2000, but communications, local coordination, and timely information transfer remain a sharp problem. In each city of each event, we learn that the diseases are fearsome, hospitals and first responders are overwhelmed and interagency and intra-agency coordination is pummeled.

The difficulty with this exercise, and those who planned it, is that whoever GLODO is modeled on, it is not al Qaeda. Yes, disaster preparedness is valid; yes, the Chicago pneumonic plague simulation was fierce in terms of fatalities -- 70 % is common and it is more contagious than smallpox; and yes, the Seattle radiological device was more disruptive than fatal -- authorities had predictable difficulty in estimating the size and direction of the plume.

TOPOFF missed the lessons that al Qaeda learned between its two attacks of the World Trade Center, 1993 and 2001: Redundancy and Delivery. Despite the achievements of TOPOFF 2, there is still too much "feel good" security and too little asymmetrical thinking. TOPOFF 2 only succeeded in highlighting the FEMA mass dislocation problem and the strains that this placed on local authorities.

While such attacks can certainly occur, the risk that a TOPOFF 2 attack would be discovered is high. Al Qaeda is the most rational and fiscally conservative of terrorists. They would lean to using technologies that enables use of multiple attacks and wait until enough payload had been assembled for a unprecedented multiple WMD or conventional attack. Neither TOPOFF 2000 nor TOPOFF 2 has simulated these more logical scenarios.

Few politicians and disaster planners in either the US or Canada have much experience in sorting out the credible from fanciful risks. This is not to fault them as it requires much specialized training in the mindset of this particular enemy. In the absence of understanding the asymmetrical attack of al Qaeda -- or the IRA for that matter, these TOPOFF events smack of "feel good" security and a means to prove that officials are ‘proactive’ in domestic security in an otherwise expensive test whose advertised $16 M cost did not cover person-hours, cost to local jurisdictions, or economic disruptions.

While the two most deadly attacks on US soil were a fertilizer bomb in Oklahoma and low tech air piracy in NYC and DC, major dollars and attention has been lavished on the most high-tech scenarios. Events like TOPOFF 2 encourage a focus on the improbable with spending to match, while ignoring more probable threats and appropriate dedication of resources.

For example, a program dubbed BioWatch would install monitoring systems in major US cities to provide early warning for pathogen release. Such a system only succeeds if the released pathogen is on its ‘detection list,’ release is outdoors rather than indoors -- such as in a major building’s HVAC system, and the release is either near a detector or released in great quantity.

Where is the attention to the fact that both Chicago and Seattle have large urban hubs immediately adjacent to harbors where boats can anchor -- not to mention smaller adjacent airports? One does not need the complexity of GLODO having created full scale bioweapons labs in each city. Simple high explosives and modestly refined anthrax would have done just fine.

I found it interesting that although DHS released its event summary in late 2003, a succinct version much more to the point was published months earlier in ‘Police and Security News’ titled, "Communicating at TOPOFF 2: A Keystone in Terrorism Response."

If you are interested in the lessons learned from TOPOFF 2, Go to Police and Security News. Look in the archives for the JULY / AUGUST 2003 issue and you will find "Communicating at TOPOFF 2: A Keystone in Terrorism Response."

Gordon Housworth

InfoT Public  Infrastructure Defense Public  Terrorism Public  


  discuss this article

Preemption and the Treaty of Westphalia


I submit that the 17th century principal of nonintervention in the domestic affairs of other states enshrined in the Treaty of Westphalia has been more respected in the 20th century than in earlier generations. The treaty was, after all, borne in part by the accumulated fatigue of the ghastly casualties of earlier wars.

In the late 20th century, preemption has been something ascribed to the Japanese or the Israelis. In what I call "Geopolitik with a grudge," I am not alone in seeing the growth of preemptive strikes as an accepted national instrument of force projection. (Publicly formalizing it is another matter.) It is a two-edged sword if a "Use it or lose it" mindset takes over strategy in the minds of usually defensive nations, much less the normally belligerent ones. Any state could then move to the position of aggressor such that the international scene comes to resemble Dodge City with guns blazing.

I make this reservation even though I regrettably feel that action was needed with respect to Iraq. As I have noted in other venues, Saddam Hussein was the product of a culture in which respect is synonymous with fear, in which revenge is a social mechanism by which an extended clan maintains its position and power -- and the failure to exact revenge is a sign of weakness and therefore loss of respect. I feel that he had been humbled by the US, and was seeking a means to extract his revenge under the cover of plausible denial.

Whatever verdict will be delivered on the Iraqi incursion and the reshaping of US foreign policy, the precedent implicit in its use is not a comforting one.

Gordon Housworth

InfoT Public  Strategic Risk Public  


  discuss this article

Terrorist attempts to win a nuclear weapon -- and what is that weapon anyway?


The diversion of nuclear materials and the definition of what constitutes a "dirty bomb" in terrorist terms require two important definitions:

Under the US-USSR nuclear weapons preparation and operations scenarios, a "dirty bomb" was a fissile package (nuclear weapon) having an extra layer of Cobalt-60 isotope whose half-life was extraordinarily long. Sometimes that was buttressed with an additional Iodine isotope that had a short but intense half-life so that the near term and long term survival rates of the target region -- and it is the entire footprint of the downwind plume -- was compromised. (Of course, a surface or sub-surface burst of any fissile package has far more radioactive, 'dirty' output than an airburst due to the increased rate of contaminated soil drawn into the cloud.)

Under the modern terrorist scenario, a "dirty bomb" can be as simple as conventional explosives packed inside or adjacent to nuclear materials, i.e., there is no fissile package here, merely a ‘tainted’ conventional explosive. The primary value of this device is twofold: long term contamination via the included nuclear materials and simplicity in design, i.e., the learning curve to produce a device is vastly eased and shortened.

Under the terrorist scenario, a dirty bomb can be produced by delivering conventional explosives onto or into a reactor complex or its usually less well guarded spent fuels storage facility -- or even a research or hospital facility containing radioisotopes. For example, a conventional explosives attack against the spent fuels stored at the Hanford, Washington or Oak Ridge, Tennessee complexes would unleash much of the accumulated spent nuclear materials from fifty years of US weapons production.

The International Atomic Energy Agency (IAEA) Vienna added a fifth day Special Session on Combating Nuclear Terrorism (2 Nov 2001) to their Nuclear Safeguards symposium. Some comments from attendees and speakers:

A retired CIA psychologist with expertise in terrorism offered profiles based on interviews with numerous terrorists, "They have no ‘redline’ when it comes to casualties. The more the better, and suicide and death is an honor."

Another speaker picked up on this comment, noting that, "Most nuclear [reactor] safety is based on danger to the perpetrator. If they don't care about dying, it does not work. Truck bombs are much easier than planes, and they have a good record with truck bombs."

Speaking at IAEA Vienna on 29 October, 2001, Charles B. Curtis, President and COO of the Nuclear Threat Initiative noted:

"The worldwide system of security for nuclear materials is no stronger than the system of security at the weakest, worst-defended site, which in many cases amounts to no more than a poorly-paid, unarmed guard sitting inside a chain link fence. The theft of nuclear materials anywhere is a threat to everyone everywhere. This has been a difficult point to get across. One of the most important efforts we made when I was in the Department of Energy was convincing Members of our Congress that funds spent securing nuclear materials in Russia was not solely for the security of Russia; it was for our own national security as well. If terrorists want nuclear materials, and they do, they are going to go where it’s easiest to get them.

As the people in this room know, the theft of potential bomb material is not just a hypothetical worry, but an ongoing reality. This includes the attempted theft -- by a conspiracy of insiders -- of 18.5 kg of HEU from a weapons facility in the Urals. It includes nearly a kilogram of HEU in the form of fast reactor fuel pellets seized last year in the Republic of Georgia. It includes 600 grams of HEU found by police in Colombia in April. Authorities still do not know the source, but no Latin American nation has a facility that uses or is capable of producing such material. The IAEA illicit trafficking database has recorded more than 550 reported incidents of trafficking since 1993. The great majority do not involve weapons-usable material, but 16 cases have involved plutonium or enriched uranium. Sixteen cases is a disturbing number, but it also may not tell us what we really need to know: what percentage of the actual thefts do we uncover? Is it close to one hundred percent -- or closer to five or ten percent? We simply do not know. Nor can we ever know with absolute certainty. But we can considerably narrow the window of vulnerability by strengthening physical protection as we strengthen diversion safeguards."

Gordon Housworth

InfoT Public  Infrastructure Defense Public  Strategic Risk Public  Terrorism Public  


  discuss this article

Apache back to Iraq with new tactics


It is interesting to see the Apache returning to Iraq with the lessons of Vietnam relearned, i.e., the use of rapid maneuver and firing on the move over a battlespace that has hostile, massed ground fire. Just as armor works with mech infantry on the ground, the Apache will work with ground forces as well as with a Kiowa in a hunter-killer team. The Kiowa is a much slower helicopter so one can expect the Iraqis to exploit that differential in sorties outside of urban areas. Still, the duo will be able to operate in a much more autonomous manner than heretofore permitted. Also of note, the lessons learned by Apache helped cancel the Comanche program as it was realized that the newer craft would demand substantial overhaul in order to survive in such an environment. If we learned all those lessons from the Apache in Iraq and Kosovo, it was cheap at the price:

Heading Back to Iraq for Round 2
March 1, 2004
New York Times

FOOT HOOD, Tex. — During the American military's push to Baghdad last spring, attack helicopters from the 1-227 Aviation Battalion had one of the war's roughest missions. The unit's AH-64D Apache helicopters were sent deep into Iraqi territory searching for enemy armor only to run into a wall of small-arms and antiaircraft fire.

Of the 30 helicopters that took off on that mission March 23, 2003, largely without benefit of reconnaissance or support from warplanes, virtually all suffered some battle damage and one was shot down, its two pilots captured. That mission proved to be a shock to Army leaders, and the service has been rethinking its helicopter tactics ever since.


War is a process of constant adaptation… And the Americans have been adjusting. The First Cavalry's commander, Maj. Gen. Peter W. Chiarelli, has studied British experience in counterinsurgency operations and taken American officers to Austin, Tex., to get a sense of what it is like to try to manage a large city, a skill set that the American troops who captured Baghdad had to learn on the fly.

The 1-227, however, has some unique experience to draw on — its own. While turnover is a fact of life in the military, more than 70 percent of the battalion have participated in the war in Iraq. The unit has also studied recent downings of American helicopters there to develop new tactics that it has practiced on training ranges in the United States.

Gordon Housworth

InfoT Public  Terrorism Public  Weapons & Technology Public  


  discuss this article

Social-engineering attacks bypass more than your virus checker


The following is good tradecraft and good countermeasures. Nothing new per se, but something that needs constant training and vigilance. (3M, for example, long ago got on the band wagon and has been hard to penetrate in this manner.) Just as with virus attacks which depend upon Homo Boobus being lured to open the attachment, this penetration attack bypasses the network by working the people manning it.

Understand that it is human nature to want to help others (and you often train for this very behavior) but that this instinct can sidestep your security practices. As a security consultant wisely observed, there is "No common sense without common knowledge." Until your employees, contractors, and even suppliers, are aware of the dangers in leaking seemingly trivial corporate information, outsiders will be able to wangle through to areas you thought them barred.

FYI, the 'janitor' link takes you to the Winter 94-95 issue of 2600-The Hacker Quarterly. The article is "Janitor Privileges." We are not dealing with new things here.

Insure that your security policy includes social-engineering attack prevention. And if you put in place a corporate alert system using a simple e-mail address (#10 below), please be sure to have someone actively monitoring it for response. You would not believe how many of those lines never answer or draw a response:

Why firewalls aren't always enough
By Robert Vamosi: Senior Associate Editor, Reviews
Friday, March 12, 2004

Like con men and grifters, criminal hackers (a.k.a. crackers) are talented people. The infamous Kevin Mitnick, for example, conducted most of his corporate intrusions by using the telephone, relying on the gullibility and friendly helpfulness of real people to gain access to corporate networks.

Such "social-engineering attacks"--often precursors to computer-network attacks--are still real threats, which is why they were a hot topic at this year's RSA Conference in San Francisco. That's why I thought it would be good to further explain what social-engineering attacks are and offer some pointers on how to protect yourself from them.


ASIDE FROM using the telephone, Winkler cited other ways crackers score information. Among them: good old dumpster diving, shoulder surfing (literally reading typed passwords over someone's shoulder, say, on the train), outright theft (stealing a backup tape, a notebook, a PDA, or a prototype model), and finally, getting hired into a low-level job at the company. It's common, said Winkler, for criminal hackers to apply for jobs as janitors or mailroom assistants within a targeted company.


(1) Activate caller ID at work. Calls within my company, for example, display the name of the person calling.

(2) Set your company's outbound caller ID to display only the front desk's phone number, not individual phone extensions.

(3) Implement a company call-back policy. If someone calls asking for information about the company, say you'll call them back, then dial the number from within your corporate directory or go through their company's switchboard operator.

(4) Be mindful of information posted in out-of-the-office messages. For example, don't leave the full name of your supervisor. A skilled cracker could now call another department and say that your supervisor is on his back because you're out on vacation and the cracker really, really needs access to this one particular account. In this case, a little knowledge can go a long way.

(5) Never allow anyone you don't know to piggyback physical access into a room on your security ID card.

(6) Confront strangers. Ask if you can take them to someone's office or help escort them outside.

(7) Get to know your IT support staff. That way, if someone else calls saying they're from IT and needs your network password, which you should never give out anyway, you can say no and hang up with confidence.

(8) Never write down your network password on a Post-it Note or tape it to the bottom of your keyboard; crackers, if inside the building, know where to look.

(9) Periodically perform a Google search on your company and scrutinize whether sensitive company information is available outside your corporate firewall.

(10) Institute a companywide security alert system. Have anyone who receives a suspicious phone call report it to a simple e-mail address, something like securityalert@company.

Gordon Housworth

Cybersecurity Public  InfoT Public  


  discuss this article

Prev 51  52  53  54  55  56  57  58  59  60  61  62  63  64  65  66  [67]  68  Next

You are on page 67
A total of 68 pages are available.

Items 661-670 of 673.

Pages: [1 - 25] [26 - 50] [51 - 68]

<<  |  January 2020  |  >>
view our rss feed