Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


09:27 AM
Gadi Evron
Gadi Evron
Connect Directly

NSA Iraqi Computer Attacks And U.S. Defense

A National Journal Magazine article called "The Cyberwar Plan" has been making waves the last few days in our circles -- it's about how cell phone and computer attacks were supposedly used against Iraqi insurgents by the National Security Agency (NSA). Its significance is far more than just what's on the surface, however.

A National Journal Magazine article called "The Cyberwar Plan" has been making waves the last few days in our circles -- it's about how cell phone and computer attacks were supposedly used against Iraqi insurgents by the National Security Agency (NSA). Its significance is far more than just what's on the surface, however.The article describes several issues and that in my opinion confuses what matters: the supposed computerized attacks in Iraq, and the cyber offensive capabilities being admitted, their impact on the United States' cyber defense stance, international relations, and diplomacy.

By the description in the article, some of the techniques used in Iraq were blocked cell phone signals, users (terrorists) were located and possibly "dealt with," and disinformation was sent to them to disrupt enemy operations or lead them into ambushes.

"With this capability, the Americans could deceive their adversaries with false information, including messages to lead unwitting insurgents into the fire of waiting U.S. soldiers."

While these operations, if the claims are true, could certainly be achieved by computerized attacks, it seems like overkill. It makes much more sense that while computerized attacks were used, trusted older techniques took point -- SIGINT (Signals Intelligence) to locate and decipher communication sources and networks, EW (Electronic Warfare) to interfere with them, and Intelligence Warfare, or Information Operations, to seed disinformation.

In the U.S., information operations such as the latter are a part of information warfare doctrine, right along with computer attacks. Which means the terminology needs to be double-checked when looking at an American source. In this case, however, officials are clearly stating computer attacks were used.

The article also mentions a 1999 operation in Yugoslavia, which was a proof of concept and therefore not fully utilized:

"The U.S. conducted its first focused experiments with cyberattacks during the 1999 bombing of Yugoslavia, when it intervened to stop the slaughter of ethnic Albanians in Kosovo. An information operations cell was set up as part of the bombing campaign. The cell's mission was to penetrate the Serbian national air defense system, published accounts and knowledgeable officials said, and to make fake signals representing aircraft show up on Serbian screens. The false signals would have confused the Serbian response to the invasion and perhaps destroyed commanders' confidence in their own defenses."
Regardless of what the precise technology used in Iraq was, the U.S. admitting to the use of such capabilities during actual fighting is fascinating, which brings me to why this article is so interesting. If the reports mentioned are true, it is plausible the U.S. now employs two additional information warfare strategies:

1. Cyber warfare has been recognized as strategic power on par with WMD for at least two decades. However, recently the world at-large became aware of its potential, with cyberattacks being launched by who appears to be opponents and enemies of the US. Or with the potential impact to destabilize or destroy critical infrastructure, regardless of source.

Military power is often about perception, and thus past operations previously designated not for public consumption are being declassified. It seems that the U.S. is making a stand as to its abilities, and advertises them for the world to see as part of their party-line and PR strategy.

I would put money on the famous Jane's magazine adding a cyber offensive capabilities department within the year.

2. Deterrence has been a hot topic in U.S. defense circles ever since the Cold War, and in the past two years it has been suggested to be used in the cyber realm as well. That notion is ridiculous, due to reasons varying from plausible deniability of Internet attackers to lack of ability to attribute cyberattacks to a perpetrator to begin with.

Still, as it has been gaining ground, it is possible a deterrence doctrine has been pushed forward and is being used. For deterrence to work, information needs to be released as to why the U.S. is a scary country to attack due to possible retribution.

It is interesting to see information warfare being publicly admitted to, which means it is no longer just a tool used just by intelligence organizations for espionage reasons, but rather as a weapon of warfighting. And that at least some folks in the US, who were quoted in the article, take cyber defense seriously -- deterrence nonsense aside. People such as Bob Gourley, Air Force Lt. Gen. Harry Raduege, Matt Stern, a retired lieutenant colonel, and Col. Charles Williamson III (smart guy who unfortunately also helped start the cyber deterrence nonsense with his article on military botnets), along with many others in government and industry.

Oh yeah, and the attacks against the cellular network? That's cool, and even cooler that it's public.

Follow Gadi Evron on Twitter: http://twitter.com/gadievron

Gadi Evron is an independent security strategist based in Israel. Special to Dark Reading. Gadi is CEO and founder of Cymmetria, a cyber deception startup and chairman of the Israeli CERT. Previously, he was vice president of cybersecurity strategy for Kaspersky Lab and led PwC's Cyber Security Center of Excellence, located in Israel. He is widely recognized for ... View Full Bio


Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.