Information Security News mailing list archives
The "Love Bug Virus Attacks," Asymmetric Warfare...
From: InfoSec News <isn () C4I ORG>
Date: Mon, 10 Jul 2000 17:02:36 -0500
Forwarded By: C. L. Staten <sysop () emergency com> From: ERRI DAILY INTELLIGENCE REPORT-ERRI Risk Assessment Services Monday, July 10, 2000 Vol. 6, No. 192 The "Love Bug Virus Attacks," Asymmetric Warfare; Future National Security Implications... by C. L. Staten, CEO and Sr. Analyst Emergency Response & Research Institute (ERRI) "Only civil virtue can bring peace to an empire; only martial virtue can quell disorder in the land. The expert in using the military has three basic strategies that he applies: the best strategy is to attack the enemies reliance on acuteness of mind; the second is to attack the enemies claim that he is waging a just war; and the the last is to attack the enemies battle positions." -- Sun-Tzu, The Art of Warfare (1) Has anyone noticed that the only thing that spread more rapidly than the so-called "Love Bug Virus" was the proliferation of commentary about it. In fact, the talk dominated many forums for several days after the virus was first discovered. Given this level of interest that was demonstrated and the estimated BILLIONS of dollars of damage that was been done by this virus...one has to wonder what the intelligence and defense community of the United States is doing about taking a pro-active stance to protect our vital infrastructures?? Although costly to corporate America, it would appear that we as a country, have again "dodged the bullet" of major damage to our military and intelligence C4I networks. That may be due to the fact that most of the known attacks so far have targeted commercial, business or other internet-related organizations. But, the attacks that have taken place so far beg a question that must be asked at this juncture: What is going to happen when a concerted effort is undertaken by experts to use denial of service attacks (2), in concert with viruses, root-cracking, and other computer-based infrastructure attacks to attack the defense/intelligence establishment of our country and her security alliances throughout the world?? We see each of these recent sets of attacks as a potential "test of effectiveness" trial. As previously discussed by this author and a number of our other esteemed colleagues (Wilson and Fuller, Denning, Forno, Schwartau, Toffler, etc.)(3)(4)(5)(6) one has to wonder when we are going to take these examples of 4th Generation/Asymmetric warfare seriously enough to make them a formal and more integral part of our future defense preparedness and planning. Each wave of these attacks continues to demonstrate a new and more evolved capability on the part of our adversaries. Given a natural evolution of these tactics and the stated intent of some our transnational enemies, We must suggest that serious consideration be given at the highest levels of the U.S. and allied governments to the possibility that these tactics may be COMBINED with the use of a series of conventional terrorist attacks -- or worse yet -- unconventional weapons (WMD's), to cause a vastly disproportionate effect on the both the economy of the USA and the overall psyche' of the world.(3) In light of these circumstances, it would appear that we may be quickly coming to a critical juncture in the way we respond to these threats and ultimately defend our country. Stock-market watchers might suggest that some of these electronic/unconventional tactics have already had a preliminary intended effect on our economy, shown by a recent decline in world stock markets. The insurgents are spreading mistrust/a lack of confidence in the technology sector...the very place where the U.S. economy has show the greatest increases in productivity and where a majority of our advantages in international business and military superiority have been shown in recent years. The economic capabilities of many nation-states, including the United States, are increasingly becoming a "center of gravity" that will be attacked by various kinds of insurgent forces. According to classic Clausewitzian theory, "a center of gravity is always found where the mass is concentrated most densely... Clausewitz argued that this is the place where the blows must be aimed and where the decision should be reached. He failed to develop the idea of generating many non-cooperative centers of gravity by striking at those vulnerable yet critical tendons, connections, and activities that permit a larger center of gravity to exist."(6) Strategist and military thinker, Col. John R. Boyd, contradicts Clausewitz by suggesting that the tactics of the future may: "Generate many non-cooperative centers of gravity, as well as disorient or disrupt those that the adversary depends upon, in order to magnify friction, shatter cohesion, produce paralysis, and bring about his collapse; or equivalently, uncover, create, and exploit many vulnerabilities and weaknesses, hence many opportunities, to pull adversary apart and isolate remnants for mop-up or absorption."(6) "Perpetrated by mercenaries, ideological or religious zealots-- it doesn't matter which -- corporations and business networks will undoubtedly become future targets of terrorism. More enlightened terrorists have discovered (maybe already in some countries), or will discover soon, that the path to the fear and chaos that they crave most may be more easily achieved by a wide-scale attack on infrastructure/economic targets, thus causing a general breakdown in society..."(7) Particularly in those fractionalized nation-states that are already less stable or suffering the pangs of religious and political separatist movements, the targeting of economic targets may prove extremely successful in orchestrating the eventual overthrow of the established government. The Current "Anti-Capitalist Movement" and Similarities to "Classic" Guerilla Warfare Activities Most informed observors have not, so far, drawn any linkage between recent civil disturbances in several countries, sporadic terrorist acts, and an increasing number of various kinds of attacks on computer systems...all of which may be associated with an increasing re-emergence of what this author calls the "old left." Yet, there are many parallels that can be drawn with regard to strategies and tactics being used in recent events and those described by Mao Tse-Tung in his classic work, "Mao Tse-Tung on Guerilla Warfare."(8) Griffith succinctly describes a number of Maoist tactics that may have been adapted and are being used by "anti-capitalist," Muslim extremist, FARC guerillas in Colombia, and any other number of separatists movments; "The [the guerillas] rely on imaginative leadership, distraction, surprise, and mobility to create a victorious situation before the battle is joined. The enemy is decieved and again decieved. Attacks are sudden, sharp, vicious, and of short duration. Many are harrassing in nature; others are designed to dislocate the enemy's plans and to agitate and and confuse his commanders. The mind of the enemy and the will of his leaders is a target of far more importance than the bodies of his troops."(9) In other words, according to Griffith, "The enemy's rear is the guerilla's front...they [the guerillas] themselves have no rear." With our increasing reliance on technology for our success, America's computer infrastructure must presently be considered one of the most essential parts of "our rear." Clearly socialist, communist, or even anarchist in viewpoint, much of the rhetoric contained within many recent hard-core "anti-capitalist" statements would seem to advocate the future use of violence if non-violent measures and actions do not accomplish their self-determined objectives. One must wonder how long it will be before the more radical of the "anti-capitalists" decide that the use of explosives or other weapons is the next logical step in their protest of international trade. China, Unrestricted Warfare, and Multi-Dimensional Conflict One of the more troubling documents that this author has had occasion to read in recent times is a book by two Chinese People's Liberation Army (PLA) colonels. The book is entitled "Unrestricted War." (10) In it, are plans to utilize various kinds of unconventional warfare methods to defeat superior enemy (the unnamed United States). Included would be the use of "conventional" terrorism, the use of chemical, biological, and nuclear weapons, and attacks on critical computer infrastructure targets. By combining these various unconventional tactics, "Unrestricted War" hypothesizes that the attcker can have a advantageous disproportionate effect, even on a militarily superior enemy. Admittedly, it is unlikely that attacks on America's computer infrastructure will cause the kind of massive numbers of dead and wounded citizens that we would normally attribute to either conventional terrorism or open warfare. While it is possible that the right kind of cyber-attack, undertaken in the right way, and attacking the right nodes of our critical systems could result in injuries or deathes, it is far more probable that these attacks will be used as a "force multiplyer" and undertaken in concert with the use of other types of more conventional weapons. In fact that is exactly what Liang and Xiangsui suggest in their work described above (11). Maybe as problematic as the fact that Chinese strategists appear to be exploring plans to defeat a superpower like the United States, is the fact that the concepts outlined by the two Chinese colonels could almost immediately be undertaken by any number of "rogue states," "non-state actors," or terrorist organizations. Conclusion "This revolution [in Information or Assymetric Warfare] also requires the political and military leadership to understand the purpose and consequences of war and the risks that attach to any military action. On recent evidence, none of these attributes are present to any degree, and across the world a risk-averse approach to warfare in all its forms has seeped into the corridors of power. That in turn will lead to an increasing dependence on IW (Information Warfare) as the perfect solution for fighting wars with no risk of casualties and at relatively low financial cost. But, that is to seek the very silver bullet that does not exist. As David proved to Goliath, strength can be beaten. America today looks uncomfortably like Goliath, arrogant in its power, armed to the teeth, and ignorant of its weakness." (12) References: (1) "Sun-tzu, The Art of War," Translated by Sawyer, R. D., Published by Barnes and Noble Books/Westview Press, 1994 (2) "Series of "Real-time" EmergencyNet News Reports Concerning Denial of Service Attacks on Leading Web Sites on the Internet - 08 Feb 2000 to 16 Feb 2000", Staten. C. L. et al, EmergencyNet News, 2000. Available on the internet at: http://www.emergency.com/2000/dos2000.htm (3)"Emerging, Devolving Threat of Terrorism," BY Fuller, F. and Wilson, GI, ENN Daily Report - 11/30/96 - Vol. 2, No. 335. Available on the Internet at: http://www.emergency.com/devlthrt.htm (4) "Information Warfare and Security," Denning, D., Addison-Wesley, 1999. Errata. Available for purchase on the internet at: http://cseng.awl.com/bookdetail.qry?ISBN=0-201-43303-6&ptype=0 (5) "Hidden Threats And Vulnerabilities To Information Systems At The Dawn Of A New Centruy, Forno, R., EmergencyNet News; 11/22/98 Available on the internet at: http://www.emergency.com/techthrt.htm (6) "War and Anti-War; Survival At the Dawn of the 21st Century," Toffler, A. and H., Published by Little Brown and Company, 1993, Pg. 141 (6) "Historical Pattern: Carl Von Clausewitz'On War'- 1832; Patterns of Conflict" Boyd, J.R., Available on the internet at: http://www.belisarius.com/default.htm (7) "Asymmetric Warfare, the Evolution and Devolution of Terrorism; The Coming Challenge For Emergency and National Security Forces," Staten, C. L., ERRI, 04/27/98. Available on the internet at: http://www.emergency.com/asymetrc.htm (8) "Mao Tse-Tung on Guerilla Warfare," Translated and Introduction by Brig. Gen. Samual B. Griffith, USMC, (Ret), Praeger Publishers, 1961 (9) ibid, "Mao Tse-Tung on Guerilla War," pg. 23 (10) "Unrestricted Warfare," Qiao Liang and Wang Xiangsui, Published by PLA Literature and Publishing House, 1999. (11) ibid (12) "The Next World War; Computers are the Weapons and the Front Line is Everywhere," Adams, J., Pg. 313, Published by Simon and Shuster, 1998 Emergency Response & Research Institute EmergencyNet News Service 6348 N. Milwaukee Ave. #312 Chicago, IL 60646, USA 773-631-3774 - Voice/Messages 773-631-4703 - Facsimile webmaster () emergency com - E-Mail http://www.emergency.com - Main Webpage - ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- The "Love Bug Virus Attacks," Asymmetric Warfare... InfoSec News (Jul 10)
- <Possible follow-ups>
- Re: The "Love Bug Virus Attacks," Asymmetric Warfare... InfoSec News (Jul 12)