BATTLE OF BITS
Some who endorse conventional and biological warfare think network sabotage is too dangerous
The U.S. Department of Defense (DOD) is divided over whether to continue pursuing offensive strategies to attack enemies via cyberspace with what is known as information warfare (IW). Some people are concerned, according to news reports in January, that developing IW might invite future coordinated and sophisticated attacks by other countries against the United States.
“There are some in the Pentagon and elsewhere who believe that it will not be to the net advantage of the United States to see [the use of strategic IW] become widespread,” says Roger C. Molander, a senior research analyst with the Rand Corp. He is one of the authors of Strategic Information Warfare Rising, a study commissioned by the DOD to develop a strategy and policy framework to address strategic IW issues. Many military people do not favor attacking infrastructures through cyberspace as a new staple of warfare. The report has been circulating within the DOD since the middle of last year.
Furthermore, Russia is seeking approval from the United Nations General Assembly on a proposal that calls for the U.N. to study the global security threat posed by the development of offensive strategic IW capabilities. The U.N. is scheduled to debate the issue in the fall.
The Rand Corp. report gives four “plausible and potentially desirable” scenarios facing the United States and the world when it comes to strategic IW:
1. The United States obtains supremacy in offensive and defensive strategic IW. (Considering how easy it is to write a virus, I find this statement implausible.)
2. A strategic IW cabal forms and establishes a “no first use” policy for strategic IW capabilities. (This is much like the “nuclear club” concept, which failed last year when Pakistan detonated its atomic bomb.)
3. Global “defensive dominance” in strategic IW develops whereby the U.N. establishes a regime to control the spread of strategic IW, similar to the check on biological and chemical weapons. (To get an idea of how well U.N. action works in practice, consider the Iraq situation.)
4. Market-based diversity evolves such that the damage or disruption achievable through a strategic IW attack is modest and recovery is fast. (Frankly, this is the only workable method I see on the list. And it is not very comforting to the guy who just suffered a “modest attack” that put his network out of commission.)
Also in the news, this time on the front page of Computerworld on January 4, 1999, was Sharon Machlis’s story “NT Virus Threat Targets Networks” about a new family of sophisticated viruses called remote explorers. These viruses enter the system and “steal” the NT domain administrator’s privileges. When they have those privileges, they can go to town.
A remote explorer copies itself into the NT driver directory as a file named IE403R.SYS and also resides in memory. That means you have to reboot to clear it from main storage, but it can still come back later. When active, it encrypts files at random, rendering them useless. Diabolically, remote explorers activate themselves on weekends and evenings when system administrators are less likely to be on duty.
Commercial virus-protection software companies are working on solutions now. For example, you can download a decryption algorithm from Network Associates Inc.’s Web site (www.nai.com) that will help you recover from an attack.
The good news is that this virus attacks only NT systems; however, a Unix system can pass the virus to an NT system via a network. But, because NT is not scalable or reliable, the virus attacks are limited to systems that you did not mind rebooting or rebuilding every few days anyway.
I haven’t figured out why the virus would just encrypt the files, however. Why not just scramble them completely and trash the data? At another level of attack, if I were engaged in this sort of warfare, I would compress the enemy’s files and email the compressed versions to my headquarters. As soon as I had the files, I would look for secret information. There would be no obvious damage to the system, and when I knew where they kept “the good stuff,” I would tell my spy program to keep me posted on everything that happened.
If I can come up with such sinister IW ideas, this stuff really is dangerous.
Joe Celko is an Atlanta-based independent consultant and author of three books on SQL, including Instant SQL Programming (Wrox Press, 1997). You can contact him via email from www.celko.com or at
71062.1056@compuserve.com
