[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Class III InfoWar
Feel Free To Distribute Widely:
Class III Information Warfare: Has It Begun?
The June 2, 1996 Sunday Times from London front page headline reads:
"City Surrenders to L400 million Gangs"
And HERF Guns, Electromagnetic Pulses and sophisticated logic bombs may be
responsible.
At InfoWarCon II, Montreal Canada, I made reference to investigations I was
conducting regarding concerted and organized attacks on up to 43 financial
institutions in Europe and the US; an example of Class III Information Warfare.
This issue of London Sunday Times brings a glimpse of the story that will
eventually be told.
The first attack in my files dates to January 6, 1993. A trading house in London
was blackmailed into paying L10million to unknown extortionists who demonstrated
they could crash the company's computers at will. The next incident in the Times
article is also in my files: January 14, 1993 where similar demonstrations and
demands were made for this time L12.5Million. And so is the next, January 29,
1993 and another L10Million siphoned off by the bad guys. According to my
figures and those in the Times article, hundreds of millions of pounds have been
paid ransom in what is clearly an example of Class III Information Warfare.
According to officials in Washington, Whitehall, London, City of London Police,
the National Security Agency, Kroll Associates, Bank of England and others (in
the article) the threats are credible. The attackers have the clear ability to
bring trading and financial operations to a halt - exactly when they say they
will. "Banks, brokerage firms and investment houses in America have also
secretly paid ransom to prevent costly computer meltdowns and a collapse in the
confidence among their customers," sources said in the article.
The article discussed the advanced information warfare techniques used by the
perpetrators. "According to the American National Security Agency (NSA), they
have penetrated computer systems using 'logic bombs' (coded devices that can be
remotely detonated), electromagnetic pulses and 'high emission radio frequency
guns' which blow a devastating electronic 'wind' through the computer systems."
[For a complete description of HERF Guns (coined by Schwartau in 1990), see
"Information Warfare: Chaos on the Electronic Superhighway," Thunders Mouth
Press, 1994]
The perpetrators have also left encrypted messages, apparently bypassing the
highest security levels of the systems, leaving messages such as "Now do you
believe we can destroy your computers?" The NSA and other officials believe that
four gangs are involved; probably one from the US and probably one from Russia.
But, because the crimes are international, national borders still prevail,
making investigation more difficult. Investigations and official inquiries have
been in progress for some time according to the article.
Now, for a few things you will not see in the articlem, but will hopefully [if I
am lucky] come out in the near future. The number of attacks is way above 40.
They have been known about for almost three years, but only recently have people
been willing to come out of the closet and discuss this highly sensitive issue
with the media. Long briefs and analyses of these events have been submitted to
high level officials and select business persons for at least a year, but to no
avail. [Security by obscurity reigns all too often.] Banking is not the only
industry that has been attacked and the attacks have been spread around Europe
as well as Australia.
As an industry many of us have said that the only way something will really be
done is if we experience a Computer Chernobyl [Peter Neumann Phrase as I recall]
or as I first said in Congressional Testimony, An Electronic Pearl Harbor. Are
these events the harbinger of strong reaction by the community at large? As
events unfold and more information is permitted to be disseminated over the next
few days and weeks, we will see.
We have essentially solved the issues of confidentiality and integrity. But, I
have maintained that the real problem is going to be Denial of Service. These
events are unfortunate, but clear examples of that reality.
A Bank of England official also said of the incidents, "it is not the biggest
issue in the banking market." Hmmm. I have to think about that.
Peace
Winn
Winn Schwartau - Interpact, Inc.
Information Warfare and InfoSec
V: 813.393.6600 / F: 813.393.6361
[email protected]