Information OperationsNewsletter

Compiled by: Mr. Jeff HarleyUS Army Space and Missile Defense Command

Army Forces Strategic CommandG39, Information Operations Division

Table of Contents

ARSTRAT IO Newsletter on OSS.net

ARSTRAT IO Newsletter at Joint Training Integration Group for Information Operations (JTIG-IO) - Information Operations (IO) Training Portal

Page 1

The articles and information appearing herein are intended for educational and non-commercial purposes to promote discussion of research in the public interest. The views, opinions, and/or findings and recommendations contained in this summary are those of the original authors and should not be construed as an official position, policy, or decision of the United States Government, U.S. Department of the Army, or U.S. Army Strategic Command.

Table of ContentsVol. 11, no. 07 (23 May – 13 June 2011)

1. Chinese Responses to the International Strategy for Cyberspace

2. Russia, Belarus to Conduct Joint Electronic Warfare

3. The Syrian War Is Raging on Facebook

4. Information Operations

5. Searching For Ways to Trace Cyber Attackers

6. White House Rejects Terrorism-Related Cyberwar Provisions In House Bill

7. Cyber Combat: Act of War

8. EW 2011: Call Goes Out For Unified EW Command

9. EW 2011: UAVs to Enter the EW Business

10. Stuxnet Attack Forced Britain to Rethink the Cyber War

11. List of Cyber-Weapons Developed By Pentagon to Streamline Computer Warfare

12. China Bans Its Troops from Making Friends Online

13. The Pentagon Is Confused About How to Fight a Cyber War

14. Mideast Uses Western Tools to Battle the Skype Rebellion

15. British Intelligence Used Cupcake Recipes to Ruin Al-Qaida Website

16. Russia Ratifies Electronic Warfare Agreement with Belarus

17. NATO Plans Force To Respond To Cyber Attacks

18. Al Qaeda's New Video: A Message of Defeat

19. China and the US: Sizing up for cyber war?

Page 2

Chinese Responses to the International Strategy for CyberspaceBy Adam Segal, Council of Foreign Relations (blog), May 23, 2011A week after the United States released its International Strategy for Cyberspace, it is possible to gauge some Chinese responses. Not surprisingly, there was a relatively high degree of skepticism about U.S. intentions. Chinese concerns revolved around three issues:The strategy is really about military capabilities and deterrence. Perhaps following the lead of some U.S. news reports, Chinese press reports focused on the statement that Washington reserved the right “to use all necessary means—diplomatic, informational, military, and economic—as appropriate and consistent with applicable international law,” to defend itself and its allies. This must be frustrating to the State Department since it was trying to de-emphasize cyberspace as a warfighting “domain” and stress its importance as a public forum, market, and source of innovation. They wanted less talk about Cyber Command and more about international engagement. Certainly it couldn’t have been an accident that Deputy Secretary of Defense William Lynn spoke after Homeland Security Advisor John Brennan, Secretary of State Hillary Clinton, Attorney General Eric Holder, Secretary of Commerce Gary Locke, and Secretary of Homeland Security Janet Napolitano.Despite the calls for cooperation, the U.S. is trying to maintain its technological lead. In the view of some Chinese analysts, the call for interoperability and global standards mask an effort to lock others into technologies owned by U.S. companies. Global Times quoted one analyst as saying: “The U.S. masters a number of core technologies for cyberspace usage, and it aims to continuously consolidate its advantages.” Similarly, in the area of Internet governance, no matter how often U.S. government officials refer to international cooperation, they still want the United States “to maintain its lead role. At a press conference on the same day, Hillary Clinton made this point very clear.”The push for Internet freedom will lead to more conflict. While U.S. calls for the free flow of information and criticism of censorship usually create most of the fireworks in discussions with Beijing, most of the Chinese reports seem fairly uninterested that the strategy is grounded in the “principles of fundamental freedoms, privacy, and the free flow of information.” Maybe they’ve heard it all before and are tired of making all the counter arguments; maybe they wanted to focus on what seemed new in the strategy. Still, almost all the responses still managed to slip in the idea that the Internet freedom agenda would be used to pressure other countries and cause more conflict.Of course, it is difficult to draw a straight line from Chinese press reports to official positions. Maybe Chinese policymakers have been more flexible and expansive in the S&ED or at the ongoing track II dialogue on cyber issues. But it suggests that Chris Painter, the State Department’s Cyber Coordinator, has his work cut out for him.Table of Contents

Russia, Belarus to Conduct Joint Electronic WarfareFrom Military & Aerospace Electronics Russia & CIS General Newswire, May 22, 2011The State Duma has ratified a Russian-Belarusian agreement on cooperation in electronic warfare (EW).The agreement was signed in Moscow on December 10, 2009. The document establishes a legal framework for the Russian-Belarusian cooperation in electronic warfare for the purpose of providing military security in the region.The two countries plan to cooperate in creating, and ensuring the functioning of, a unified electronic warfare system of the regional grouping of Russian and Belarusian troops.The agreement involves cooperation in training military command bodies, military units and EW subdivisions of both countries' armed forces for joint operations as part of the regional grouping of troops.Another area of cooperation will be the coordinated use of the radio spectrum by EW for defense purposes and providing electromagnetic compatibility of military EW systems.The agreement also involves joint EW research, creating a new and upgrading of the existing special EW equipment for the regional grouping of troopsThe two countries will hold consultations and exchange information on EW organization to support the operations of the regional grouping of troops.The parties are planning to use the unified EW system. To maintain the necessary level of combat readiness they will hold joint operational and tactical training of military command bodies, military units and EW subdivisions.Table of Contents

Page 3

The Syrian War Is Raging on Facebook Posted by Eliza Strickland, IEEE Spectrum, Wed, May 18, 2011The Syrian government has brutally cracked down on protesters demanding regime change and social freedoms over the past two weeks: Government forces have detained 10 000 protesters in mass arrests, activists say, while Syrian tanks have shelled residential neighborhoods in contested cities. And in this day and age, every war comes with a cyberwar.In Syria, the crackdown on the streets has been mirrored by tumult on Facebook. Pages supporting the protesters have been hacked, and a shadowy group calling itself the Syrian Electronic Army has used Facebook to coordinate its attacks.Helmi Noman, a researcher with the OpenNet Initiative, has been monitoring the Syrian Electronic Army. He told IEEE Spectrum that he first noticed the group on Facebook a few weeks ago (its profile image is pictured), and he has been watching since then as the group stages attacks and opens new channels of communication. The group recently started a website, a Twitter feed, and a YouTube channel.Noman says the Syrian Electronic Army claims to be a volunteer, civilian effort. "The group says on its Web site that it is not an 'official entity' but rather a group of young people who love Syria and want to serve the country by 'attacking back those who have attacked Syria,'" says Noman. Hacking the RevolutionOn Facebook, the group has played a cat-and-mouse game with site administrators. According to Noman, the group has created 11 pages thus far, opening a new page each time Facebook shuts one down. (As of this writing, version 11 is up and running.) Noman says the earliest versions of the group's page directed followers to file-sharing websites where they could download DDOS and hacking software applications, and encouraged them to hack oppositional Facebook pages and websites.Presumably, Facebook has been shutting down the Syrian Electronic Army's pages because the group violates terms of service--it used the pages to engage in unlawful and malicious behavior, namely hacking. We asked Facebook to comment on this situation, but got no reply to our inquiries.One Facebook page that was hacked in the last few weeks, Noman says, is titled Syrian Revolution 2011 (its profile pic is at right). It's not clear whether the Syrian Electronic Army had a role in that hack, but the attack did get a lot of attention. In a blog post for OpenNet Initiative, Noman writes about an editorial in a Syrian government newspaper that complained about Facebook's disparate treatment of the Electronic Army's page and the dissident page:The editorial also accused [Facebook] of having double standards because it allegedly shut down pages belonging to the Syrian Electronic Army without any justification or prior notice. The paper added that Facebook has restored a page for the “so called Syrian revolution after it was hacked and deleted by a Syrian University engineering student.”Speaking to Oprah FansThe Syrian Electronic Army also encourages its followers to spread the governmental love via Facebook. As Noman told IEEE Spectrum: "The group calls its members to collectively write pro-Syrian regime comments on popular Facebook pages such as that of Oprah Winfrey 'as a way to reach out to, and influence the American public opinion.'"Yep, you read that right. Even the Syrian Electronic Army wants to get on Oprah. Judging from the current state of Oprah's page, that mission may have come to a close, but here's a screenshot of a typical comment on her wall from a few weeks back:

Last week the army appears to have moved on to the European Parliament's Facebook page. The page's administrators declared that they had been hit by a massive spam attack, which further annoyed the army's followers:

Page 4

Messing With Random British Towns As if all that activity wasn't enough, the Syrian Electronic Army has reportedly moved its mischief beyond Facebook and into the wider Web.The YouTube video, which Noman says was made by the Syrian Electronic Army, documents the hacking and defacement of several British towns' websites. How and why the hackers targeted the Royal Leamington Spa Town Council and the Bournemouth & Poole Borough Council may remain one of the mysteries of our age.As of this writing, the Royal Leamington Spa's page is back up. Weirdly, the Bournemouth & Poole page now appears to have been taken over by Spanish-language hackers.Monitoring FacebookThe Syrian Electronic Army may not be the only pro-government faction meddling with Facebook's operations in Syria. In early May, mysterious forces staged a man-in-the-middle attack, where Facebook users who attempted to log in to their accounts were redirected to a fake Facebook login page. This allowed the attackers to harvest logins and passwords, giving them the ability to monitor and control those accounts. The attack targeted Facebook's encrypted HTTPS version, and made use of forged security certificates.The Facebook users who first publicized this attack believed that it was carried out by the Syrian Telecom Ministry, but there has been no confirmation of that. Peter Eckersley of the Electronic Frontier Foundation noted in a blog post that the attack was easy to spot, and seemed like an amateur attempt.The attack is not extremely sophisticated: the certificate is invalid in user's browsers, and raises a security warning. Unfortunately, because users see these warnings for many operational reasons that are not actual man-in-the-middle attacks, they have often learned to click through them reflexively. In this instance, doing so would allow the attackers access to and control of their Facebook account.Table of Contents

Information Operations From EUFOR Forum Latest Edition As Civil-Military Co-operation (CIMIC) is often seen as the Santa Claus of the Armed Forces i.e. the bringer of presents, we as members of Information Operations (IO) sometimes have the feeling that colleagues from EUFOR see us as the fun time event organisation branch. For that reason and because there is much more behind the IO work, I would like to take this opportunity to inform you a bit more about our work.Yes, we do organise an annual soccer and art competition for children from all over BiH, in fact they are the biggest national school’s competitions in BiH! Yes, we do hand out promotional items. But no, we do not do that just for fun, there is a much wider perspective behind our activities.IO has the general role of influencing the perceptions, attitudes and the behavior of our target audience. This must be carried out in line with EU political and military objectives. There are a number of more specialist fields that are controlled by IO branch and these include Psyops, CIMIC, Computer Networks, key Leader engagement and, especially for the soldiers on the ground, PPP (Presence, Posture and Profile). So, what does it actually mean? I will try to explain that in the perspective of the mission we are in, EUFOR.EUFOR is in BiH to contribute to a safe and secure environment for people to live in. In a solely strategic way armed forces can do that by deploying a strong military force, however, it is always difficult to maintain a large military force indefinitely within areas of conflict. It is though, possible to try and tackle the problem where it started, in the minds of the people. If you can get people to believe in a better future for their country, reconciliation and the importance of peacefully living together and see positive results then, potentially, you have a stronger weapon than military force itself!One of IO’s main tasks is to show the citizens of BiH that they too can become part of the EU, and that multi ethnicity is necessary to reach this goal. Since young people are the future of any country, IO, along with the EU organizations in BiH, see them as a major target audience. The youth are the future politicians, the future teachers, the future members of the armed forces and if they can work together for a safe and secure BiH then in due course when the political and security situation is appropriate there will no longer be a need for EUFOR’s presence in BiH.To reach the youth of BiH with this message we need to use all possible ways of communicating with them directly and indirectly. Our TEME magazine, our FACEBOOK profile and YOU TUBE are direct ways of communicating with the youth. The events we organise, like the EUFOR Cup (soccer competition) and the EUFOR School’s Competition, are indirect ways of communication. With these events we attract the attention of the youth and we get children from different backgrounds to come together in fun and competition. Through our FACEBOOK profiles we can see that even after the competitions the children often stay in contact with each other. In order to promote EUFOR and our events we produce promotional items, posters, calendars, leaflets etc. EUFORs major success is its ability to attract major support from the international community and

Page 5

organisations – the English Premier League being one such supporter. This success is down to a lot of individual work by COM EUFOR and the IO team.In order to reach as many people as possible with our messages we cover all events that we organize with our own camera, editing and print team. Through hard work and excellent personal contacts in the BiH media we get a lot of donated broadcast time for our events on national media.What I have just described is the ‘tip of the iceberg’ and barely touches all of the activities that we are involved in. There is, of course, much more work that we conduct such as covering COM EUFOR’s activities, conducting surveys and assisting other EU organisations. Not forgetting our major campaigns that are run 3 or 4 times each year. These involve TV coverage and many of you will have seen EUFOR advertising on billboards around BiH.Normally such an amount of work would be done by event managers, script writers, producers, camera men, audio specialists, video editors, archivist, graphic designers, photographers, print specialist, journalist, editors, technical specialists, web editors, survey organisations, target audience analysts, communication specialists, Public Relations managers, etc , etc . Within IO all this work is carried out by our Chief, 2 military and 6 Locally Hired Civilians. Each and every one is a specialist in his or her own field and contributes to form an outstanding team. All we achieve is only made possible by the continued hard work, dedication and commitment, regularly outside of normal hours, of the highly experienced local members of the team.As you can see it is not always about size and in this case a small branch carries a lot of fire power!Table of Contents

Searching For Ways to Trace Cyber AttackersBy David A. Fulghum, Aviation Week, 23 May 2011The threats to and vulnerabilities of U.S. cyberoperations are rolling over military planning like a tidal wave. Fundamental weaknesses in the technology indicate massive damage can be inflicted on the U.S. through the cybersphere—and there is no way to stop it.The best way to prevent a cyber¬attack, if cyberspecialists discover that one is being prepared, is to launch a preemptive strike. But there are operational and legal obstacles to doing so. U.S. laws do not allow preemptive or even retaliatory cyberattacks. Additionally, identifying precisely who to attack remains a massive challenge. It’s also impossible to protect all the nation’s critical networks all the time. It is simply too great a task.But evidence is emerging that methods for working around those major cyber¬problems are under development—some obvious, some clandestine. They will help provide operational flexibility and agility that allied cyberoperations are now missing.The Stuxnet worm that damaged and slowed the Iranian uranium enrichment program is an example of the clandestine method applied by an international team. In the open forum, U.S. Air Force officials are discussing how to adapt the tenets of air warfare to the cybersphere.Stuxnet is perhaps the most sophisticated example of cyberwarfare that has emerged. Analysis of the attack is indicating how governments can work together on a classified basis to create the freedom of action that only stateless cybersamurai (such as the Hong Kong Blondes), organized criminal groups (cybertheft) and shadowy ad-hoc organizations (cybermilitias) within China and Russia have so far been able to demonstrate.Israel, the U.S. and the U.K. worked together on the Stuxnet cyberworm, say U.S. analysts interviewed recently in Washington. The U.S. and U.K. provided technology, assets and funding while the Israelis provided the program management, continuity of effort, test facilities, training and the legal latitude to launch the attack, they contend. A European cybersecurity expert points out that a close examination of the code shows the worm was written by a large team with varying levels of expertise. For instance, the team drew on the knowledge of people familiar with cyberware techniques as well as those with extensive insight into the functioning of centrifuges.“Israel can pull talent together from across its industry and military to create a team that can focus on a problem until it is solved,” says a U.S. defense specialist with longtime, black-world program and operational experience. “They have the discipline to study a problem, establish training facilities, work the possible solutions until they find all the seams and then rehearse an attack until they get it right.”A mockup of the Iranian centrifuge operations was set up at Israel’s Dimona nuclear facility, where it was operated and attacked with variants of the Stuxnet worm, according to Israeli reports. One official notes that Israel also may have had front companies providing the Siemens industrial control system that underpinned the Iranian facility. Others contend that Siemens supplied help to Idaho National Laboratory to analyze how best to attack its automatic control system. Such cyberattack capabilities have been possible for years and are known to specialists. The fact that Iran was affected so badly suggests a lack of sophistication in preparing its

Page 6

cyberdefenses and a great deal of precision by the cyberworm’s designer in tailoring it for specific targets, say U.S. cyberspecialists.However, the Stuxnet attack was not perfect. The code, while sophisticated in some areas, was “sloppy” in others, says the European cybersecurity specialist. What’s more, he points out that the intent was for the cyberattack to go unnoticed. In that respect, the detection of Stuxnet is an operational failure.“In cyberspace, it’s not the size of the country as much as it is the [skills of the people] creating the software,” U.S. Army Gen. Keith Alexander, the chief of U.S. Cyber Command, told Congress. “Attribution—saying specifically if the problem was caused by one national state or another—is difficult.”An example of cyberfratricide occurred in Siberia in 2009. The event mimics what U.S. planners fear—physical or kinetic destruction from cyberoperations.An employee of the Shushenskaya hydroelectric power station used a cybernetwork to remotely, and accidentally, activate an unused turbine with a few errant keystrokes. The offline turbine created a “water hammer” that flooded and then destroyed the plant and killed dozens of workers, says Edward Timperlake, a defense analyst and former Pentagon director of technology assessment and international technology security.The ability to turn that kind of mistake into a cyberweapon that can create catastrophic effects is a fear of U.S. cyberspecialists. At risk are power grids, oil distribution networks and transportation systems.“Cybersuicide” was the goal of the Aurora Tests conducted by the Idaho National Laboratory in 2007. A 21-line packet of software code sent from 100 mi. away caused a $1 million commercial electrical generator to rapidly recycle its circuit breakers until it self-destructed in a cloud of smoke. Also in 2007, a combination of cyberattack, electronic warfare and bombing shut down Syria’s integrated air defenses long enough to destroy a new, North Korean-designed nuclear facility.Adapting airpower strategy to protect cyberspace is being discussed more openly. The basic formula is that attacks have to be anticipated and resources assembled in the right numbers at the right place to repel intrusions.Right now, the U.S. would probably not spot an attack until the effects were occurring, says Alexander, adding that there is no way to stop an attack, no cyberbackup and no sure way to determine who launched it. This means that even if starting a war were justified, there is no authority for the U.S. to launch either preemptive or retaliatory attacks, he declares.However, the Air Force is at least defining the problem and likely solutions.“The 24th Air Force [responsible for conducting cyberoperations] is really perfecting the mission-assurance objective,” says Lt. Gen. Michael Basla, vice commander of Air Force Space Command. For example, “we can’t defend the whole network just like we can’t defend all the air domain. Instead, we defend the portion we need to operate in. We’ve done it [already] to assure we have cybercapabilities to support Predator [in Afghanistan and Iraq] and space launch operations.”Another element that could make U.S. military cyberspace more secure would involve reducing the number of targets that have to be protected.“One Air Force, one network is our cyberfocus,” Basla declares. Last year, Air Force Space Command and the 24th Air Force “simultaneously inherited multiple Air Force networks with holes that needed to be plugged quickly to defend against information loss,” he says. “We have to think about defenses more holistically and strategically [as well as] how to apply active defenses and protect information flow.“A myriad of architectures and configurations complicate the commander’s ability to control information flow, including how to prioritize and deliver the best information to the joint fight,” he notes. “So we must reduce complexity and improve processes by collapsing and homogenizing these networks. In 2010, 17 bases migrated into the single [Air Force Network], and we’re pushing to increase the speed of our transition.”Table of Contents

White House Rejects Terrorism-Related Cyberwar Provisions In House Bill

By Aliya Sternstein, NextGov, 05/25/2011The Obama administration objects to a House proposal that specifies the term cyberwar includes clandestine actions against terrorists online. The language, which House members folded into the 2012 Defense Department authorization bill, asserts that the Pentagon has the power to conduct military activities in cyberspace, including covert operations to support conflicts covered by a post-Sept. 11 authorization to use "all necessary and appropriate force" against foreign-based terrorists. Defense also would be allowed to employ cyber tactics to deflect cyberattacks on its assets.

Page 7

White House officials agree that certain military operations in cyberspace are vital to national security, according to a position statement the Obama administration released Tuesday afternoon. But officials want to resolve certain concerns with Congress so that any law "adds clarity and value to our efforts in cyberspace."The full House began considering the bill, H.R. 1540, Tuesday night and is scheduled to continue debate on Wednesday.White House spokesman Nick Shapiro said the administration welcomes congressional ideas for strengthening cybersecurity but wants clarification from lawmakers on the intent of the wording. "We plan to review the language and further discuss it with Congress to ensure we have a thorough understanding of the legal and policy implications of the provision," he said on Wednesday. "We'll continue to take a careful and deliberate approach to ensure any legislative changes improve security."An accompanying report by the House Armed Services Committee noted that al Qaeda and the Taliban increasingly are relying on the Internet for command and control, as well as for disseminating technical information to aid attacks on U.S. and coalition forces. Terrorists use the Web, lawmakers stated, because their affiliates are scattered across the world. But U.S. troops have no legal guidance on how to deal with online threats. "The committee recognizes that because of the evolving nature of cyberwarfare, there is a lack of historical precedent for what constitutes traditional military activities in cyberspace," the report stated. Some House Democrats, including Rep. James R. Langevin, D-R.I., a committee member who chairs the Congressional Cybersecurity Caucus, support the measure. A Langevin staffer said the lawmaker hopes to work with the administration and come to an agreement on all cyber issues.The committee report added that the section is not meant to spell out all possible military activities in cyberspace or limit the definition of cyberwar."Military activities may not be confined to a physical battlefield," the lawmakers wrote. "In certain instances, the most effective way to neutralize threats and protect U.S. and coalition forces is to undertake military cyber activities in a clandestine manner."The legislation is intended to clarify that the Defense secretary's authority includes conducting "clandestine military activities in cyberspace in support of military operations pursuant to an armed conflict for which Congress has authorized the use of all necessary and appropriate force," the report stated. The Pentagon would have to brief Congress quarterly on all cyber operations covered under the provision.Table of Contents

Cyber Combat: Act of WarWall Street Journal May 31, 2011 WASHINGTON—The Pentagon has concluded that computer sabotage coming from another country can constitute an act of war, a finding that for the first time opens the door for the U.S. to respond using traditional military force.The Pentagon's first formal cyber strategy, unclassified portions of which are expected to become public next month, represents an early attempt to grapple with a changing world in which a hacker could pose as significant a threat to U.S. nuclear reactors, subways or pipelines as a hostile country's military.In part, the Pentagon intends its plan as a warning to potential adversaries of the consequences of attacking the U.S. in this way. "If you shut down our power grid, maybe we will put a missile down one of your smokestacks," said a military official.Recent attacks on the Pentagon's own systems—as well as the sabotaging of Iran's nuclear program via the Stuxnet computer worm—have given new urgency to U.S. efforts to develop a more formalized approach to cyber attacks. A key moment occurred in 2008, when at least one U.S. military computer system was penetrated. This weekend Lockheed Martin, a major military contractor, acknowledged that it had been the victim of an infiltration, while playing down its impact.The report will also spark a debate over a range of sensitive issues the Pentagon left unaddressed, including whether the U.S. can ever be certain about an attack's origin, and how to define when computer sabotage is serious enough to constitute an act of war. These questions have already been a topic of dispute within the military.One idea gaining momentum at the Pentagon is the notion of "equivalence." If a cyber attack produces the death, damage, destruction or high-level disruption that a traditional military attack would cause, then it would be a candidate for a "use of force" consideration, which could merit retaliation.The Pentagon's document runs about 30 pages in its classified version and 12 pages in the unclassified one. It concludes that the Laws of Armed Conflict—derived from various treaties and customs that, over the years, have come to guide the conduct of war and proportionality of response—apply in cyberspace as in traditional

Page 8

warfare, according to three defense officials who have read the document. The document goes on to describe the Defense Department's dependence on information technology and why it must forge partnerships with other nations and private industry to protect infrastructure.The strategy will also state the importance of synchronizing U.S. cyber-war doctrine with that of its allies, and will set out principles for new security policies. The North Atlantic Treaty Organization took an initial step last year when it decided that, in the event of a cyber attack on an ally, it would convene a group to "consult together" on the attacks, but they wouldn't be required to help each other respond. The group hasn't yet met to confer on a cyber incident.Pentagon officials believe the most-sophisticated computer attacks require the resources of a government. For instance, the weapons used in a major technological assault, such as taking down a power grid, would likely have been developed with state support, Pentagon officials say.The move to formalize the Pentagon's thinking was borne of the military's realization the U.S. has been slow to build up defenses against these kinds of attacks, even as civilian and military infrastructure has grown more dependent on the Internet. The military established a new command last year, headed by the director of the National Security Agency, to consolidate military network security and attack efforts.The Pentagon itself was rattled by the 2008 attack, a breach significant enough that the Chairman of the Joint Chiefs briefed then-President George W. Bush. At the time, Pentagon officials said they believed the attack originated in Russia, although didn't say whether they believed the attacks were connected to the government. Russia has denied involvement.The Rules of Armed Conflict that guide traditional wars are derived from a series of international treaties, such as the Geneva Conventions, as well as practices that the U.S. and other nations consider customary international law. But cyber warfare isn't covered by existing treaties. So military officials say they want to seek a consensus among allies about how to proceed."Act of war" is a political phrase, not a legal term, said Charles Dunlap, a retired Air Force Major General and professor at Duke University law school. Gen. Dunlap argues cyber attacks that have a violent effect are the legal equivalent of armed attacks, or what the military calls a "use of force.""A cyber attack is governed by basically the same rules as any other kind of attack if the effects of it are essentially the same," Gen. Dunlap said Monday. The U.S. would need to show that the cyber weapon used had an effect that was the equivalent of a conventional attack.James Lewis, a computer-security specialist at the Center for Strategic and International Studies who has advised the Obama administration, said Pentagon officials are currently figuring out what kind of cyber attack would constitute a use of force. Many military planners believe the trigger for retaliation should be the amount of damage—actual or attempted—caused by the attack.For instance, if computer sabotage shut down as much commerce as would a naval blockade, it could be considered an act of war that justifies retaliation, Mr. Lewis said. Gauges would include "death, damage, destruction or a high level of disruption" he said.Culpability, military planners argue in internal Pentagon debates, depends on the degree to which the attack, or the weapons themselves, can be linked to a foreign government. That's a tricky prospect at the best of times.The brief 2008 war between Russia and Georgia included a cyber attack that disrupted the websites of Georgian government agencies and financial institutions. The damage wasn't permanent but did disrupt communication early in the war.A subsequent NATO study said it was too hard to apply the laws of armed conflict to that cyber attack because both the perpetrator and impact were unclear. At the time, Georgia blamed its neighbor, Russia, which denied any involvement.Much also remains unknown about one of the best-known cyber weapons, the Stuxnet computer virus that sabotaged some of Iran's nuclear centrifuges. While some experts suspect it was an Israeli attack, because of coding characteristics, possibly with American assistance, that hasn't been proven. Iran was the location of only 60% of the infections, according to a study by the computer security firm Symantec. Other locations included Indonesia, India, Pakistan and the U.S.Officials from Israel and the U.S. have declined to comment on the allegations.Defense officials refuse to discuss potential cyber adversaries, although military and intelligence officials say they have identified previous attacks originating in Russia and China. A 2009 government-sponsored report from the U.S.-China Economic and Security Review Commission said that China's People's Liberation Army has its own computer warriors, the equivalent of the American National Security Agency.That's why military planners believe the best way to deter major attacks is to hold countries that build cyber weapons responsible for their use. A parallel, outside experts say, is the George W. Bush administration's

Page 9

policy of holding foreign governments accountable for harboring terrorist organizations, a policy that led to the U.S. military campaign to oust the Taliban from power in Afghanistan.Table of Contents

EW 2011: Call Goes Out For Unified EW CommandTony Skinner, Shephard Group, May 27, 2011 The US has been urged to set up a unified EW command and to redefine the electromagnetic spectrum as a domain that needs to be preserved, if it is to avoid an ‘electromagnetic Pearl Harbour’.Speaking at the Electronic Warfare 2011 conference, Laurie Buckhout, president-elect of the Association of Old Crows, said EW assets across the Department of Defense needed to be brought under an umbrella command, in much the same way as US Cyber Command that was established in 2009.‘I just left four years in the Pentagon and what it comes down to in terms of building warfighting capabilities is money and you don’t get money unless you have a clear advocate – one person to stand up for your capability,’ Buckhout told the conference in Berlin on 26 May.Buckhout pointed out that in terms of EW developments, US forces had made some significant progress in recent years.In the last three years the US Army has established 3,700 officer, warrant officer and enlisted billets devoted to EW and in many areas the major services had collaborated for the first time on EW efforts. The USMC, meanwhile, is moving ahead with its Collaborative Online Reconnaissance Provider/Operationally Responsive Attack Link (CORPORAL) project, a network-enabled, UAS-based, electronic attack capability.However, the standing up of Cyber Command, which falls under the remit of US Strategic Command, had ‘blurred’ the distinction between EW and cyber threats and responses.‘I am a cyber-geek myself, I have a clear appreciation and understanding of cyber warfare and cyber operations but is it or is it not electronic warfare? You need to look at what is the genesis of what. And you need to look at the clarity that is currently in electronic warfare – because blurred responsibilities and blurred requirements will not lead to dollars.’She said proponents of a joint cyber command had used knowledge of the threat to have cyberspace declared as a domain that had to be contested, which carried with it some inherent leadership and organisation ramifications.‘When EMS is treated like a separate domain then we will really be part of the joint battlespace, or the joint coalition. But we really aren’t at this time. For example one of the big problems we still have in counter IED operations is deconflicting them – and it is very difficult to deconflict everything in the electromagnetic spectrum. It needs to be someone’s fulltime job.’Another consideration was providing commanders some awareness of how effective the EW assets under their command had been during an operation.Buckhout said it was very hard to prove a negative; for example, was a jammer effective or was the enemy just not there?‘It is very hard to prove a negative. And a lot of this stuff is in a security realm where you can’t talk about it, you can’t trumpet your success when you do find out about it. Telling our success stories is very important to do - we tend to be the unsung heroes but when we can document it, it is very important to do.’She said regretfully it might take an ‘electromagnetic spectrum Pearl Harbour’ for a champion of a unified EW command to push for the concept within the DoD.Table of Contents

EW 2011: UAVs to Enter the EW BusinessBy Tony Skinner, Shephard Group, May 27, 2011 NATO is making moves to adapt coalition UAVs for electronic warfare (EW) roles in Afghanistan, taking advantage of the heavy use of unmanned assets in the theatre.Speaking at the Electronic Warfare 2011 conference in Berlin, Lt Gen Friedrich Ploeger, deputy commander of HQ Allied Air Command, said unmanned airborne assets were currently employed primarily for ISR purposes but should be adapted for the counter-IED role as well.‘The exploitation of new technologies, such as unmanned aerial vehicles, offers us opportunities to enhance the capability and contribution of electronic warfare systems,’ Ploeger said.‘From the air side, we provide the critical ISR, that is the main focus of our role and provides that to the people on the ground so they know when the probability of an IED is very high and can take proper countermeasures.

Page 10

‘But the use of airborne systems against IEDs is relatively modest. Our main airborne electronic warfare systems are employed to deny use of communications systems by the other side.’Ploeger told Shephard that with UAVs in heavy use in Afghanistan, EW proponents could take advantage of the persistent, loitering nature of such systems to employ EW systems to detonate IEDs at a time of their choosing.He said as well as the integration of EW equipment with UAV systems, this would require the inclusion of EW specialists in the UAV’s mission control room.One counter-point that was raised separately during the conference was that as the technology behind small, potentially swarming, UAVs become more prevalent, NATO chiefs are considering the EW capabilities that will be needed to counter such threats.With no opposing air force in Afghanistan and against a relatively low-tech opponent, coalition EW assets have been principally employed for electronic attack, communications herding, information operations broadcast and pre-detonation of IED by ground-based systems.‘However, this is a counter insurgency operation and we need to remain cautious about the use of the electromagnetic spectrum in order not to disturb the civilian life and our own operations,’ Ploeger said.He said the ISAF mission had highlighted the perennial problem that there were never enough EW assets to satisfy the demand and there was still a major reliance on US capabilities.Table of Contents

Stuxnet Attack Forced Britain to Rethink the Cyber WarBy Nick Hopkins, Guardian, 30 May 2011The pieces of the puzzle began to take shape, and then fall into place, on 17 June last year, when Sergey Ulasen was emailed by a dealer in Tehran about an irritating problem some of his clients were having with their computers.Ulasen works in the research and development department of a small company called VirusBlokAda in Minsk, the capital of Belarus, which has been giving advice about computer security since 1997."These computers were constantly turning off and restarting," Ulasen told the Guardian. "It was very strange. At first we thought maybe it was just a problem with the hardware. But when they said that several computers were affected, not just one, we understood that it was a problem with the software the computers were running."Ulasen was given remote access to one of the malfunctioning machines, but he soon realised he needed help. He roped in a colleague, Oleg Kupreyev, the firm's senior analyst, and they spent a week unravelling samples of the computer virus they had "captured" which was affecting the Iranian machines.The longer they looked, the more they realised they had uncovered an extraordinary piece of engineering, unlike anything either of them had come across before. Ulasen published his findings on a few online message boards and gave the virus a name, TmpHider.Months later, a clearer picture emerged.Ulasen, 28, was unaware that the computers that had gone on the blink were among those being used by Iranian scientists involved in efforts to enrich uranium as part of the country's nuclear programme. The malware that had disrupted their work turned out to be so fiendishly clever that Iran accused the US and Israel of developing it. And the virus itself had been given a new name: Stuxnet, which may go down in history as the cyber-weapon that changed the face of modern warfare.The story of Stuxnet is complicated, not least because the false trails laid by those trying to conceal conventional espionage become nearly impossible to follow when they are in the virtual world of computer codes and software design.But specialists from GCHQ, the Ministry of Defence, and independent analysts agree on this: Stuxnet was ingeniously complex, probably took several people many years to develop, and has opened the eyes of every government to the destructive possibilities of a new type of covert attack.Though there is no conclusive proof, and there may never be, the circumstantial evidence about its origins suggests that Iran was probably right. Very few countries had the motive, the money or the capability to create Stuxnet.This virus was not a blunt instrument. It was designed to disable specific control systems running 9,000 Iranian centrifuges, which are used to enrich uranium, causing some of them to spin out of control. It also covered its tracks by fooling operators into believing that the equipment was working as usual.

Page 11

Infecting these computers was a work of mind-boggling enterprise. According to Symantec, one of the world's leading security firms, the operation to introduce the virus into the Iranian network would have involved old-school theft and an unwitting insider at the Iranian facility, as well as daring and skill.To start with, its creators needed to know exactly the sort of computer configuration that the Iranians were using to run the centrifuges at their underground uranium-enrichment plant at Natanz. They found this out by stealing the blueprints they needed, using, of course, a virus. Traces of an early version of Stuxnet have been found that show the virus went on a reconnaissance mission in mid-2009, infiltrating the network, scanning the systems and recording what it found.This would have given the developers the layout they needed; it showed Iran was using certain types of program logic controllers to run the centrifuges – PLCs are used in all sorts of businesses and industries to help machines run automatically.To test the updated virus that would cause the sabotage, its creators must have built a mirror image of the Iranian facility, computers and all, allowing them to practise and refine their targeting. Because PLCs are so common, they programmed Stuxnet to ignore any PLC that was running a machine at slow speed; it needed to hunt down the PLCs that were running motors at high speed, because they were more likely to be controlling the centrifuges. The New York Times reported earlier this year that this testing phase might have taken place at Israel's Dimona complex, in the Negev desert.Wherever it happened, this task alone would have taken 10 developers at least six months, Symantec estimates. But even then, the job was barely half done.The new Stuxnet still had to be introduced back into the Iranian network without raising alarm. So they hid the virus in a driver file built into a standard Microsoft Windows program being used by the Iranians. In normal circumstances, the Windows software would automatically raise the alarm that a new, potentially unauthorised file had been installed as soon as a computer was switched on. But Stuxnet's authors got round this. They stole two genuine digital certificates from companies in Taiwan, and used the details on them to fool the Windows program into thinking the new files had been properly authorised.Even then, Stuxnet had to be downloaded at Natanz, a massive and well-protected nuclear site in the middle of the desert near Kashan in central Iran. In all likelihood, a contractor working at the site, probably using a laptop on which the Windows program was installed, plugged into the system to conduct routine work. Who that was and exactly when it happened, nobody knows.Unknown flawsOnce connected, Stuxnet was designed to proliferate aggressively. And it went unnoticed for so long because it was able to exploit four previously unknown flaws in the Windows program.To find one flaw – or "zero-day" vulnerability – in a programme is regarded as rare. To find four would have required a monumental research effort. Over several months, Stuxnet surreptitiously tracked down the right PLCs and started to vary the speeds of the motors spinning the centrifuges, making some of them go wildly out of control.Analysts who unravelled Stuxnet noted that the virus bookmarked what it was doing, using the figure 19790509. That could be a random number. Or it could be a nod to 9 May 1979 – the date a Jewish-Iranian businessman called Habib Elghanian was executed in Iran. He was accused of spying for Israel.A 67-page Symantec report concludes: "The real world implications of Stuxnet are beyond any threat we have seen in the past. Stuxnet is the type of threat we hope to never see again."There are conflicting reports about how many centrifuges were affected, and how much damage was done, and the Iranians have understandably tried to play down its impact. Don't be fooled, warns Ilias Chantzos, a Symantec director. He believes that Stuxnet is forcing governments to re-evaluate "the way we understand threats to critical infrastructure and national security"."It is the first virus that was designed to achieve a kinetic effect. It was not designed to steal data or to deny access. It was designed to manipulate an industrial control system to operate outside its intended instructions. Someone had the intent to weaponise a virus. Before Stuxnet the possibility to attack [a control system] using cyber was explored theoretically but was more seen as in the realm of cinema and creative science-fiction-thriller writing. Now it is a real-life scenario."Claire Yorke, an expert in cyber-security at the thinktank Chatham House, says: "Although the origin of the virus is still unknown, its sophistication and complexity suggests it would have required significant time and resources beyond the capability of non-state actors. The virus used several secretive 'back doors' into the Iranian computer networks and would likely have taken months to have been developed and tested to a level at which it could achieve the intended results."She adds: "While viruses such as Stuxnet are a rare occurrence and sit at the leading edge of the technical spectrum, they could be seen as evidence of future modes of attack."

Page 12

The UK's response to such threats, and to the broader and much more prosaic issues of security online, was set out in last year's strategic defence and security review, which gave £650m to beef up the country's cyber-defences. The coalition made cyber-security a tier one priority – the highest – and a new infrastructure across government is being created to tackle a problem that has been growing, and mutating, for more than 20 years.The Cabinet Office has traditionally taken the lead on this, with Neil Thompson, one of the country's leading intelligence specialists, now heading the over-arching Office of Cyber Security and Information Assurance. This includes the Cyber Security Operations Centre, based at GCHQ, which already has about 30 staff, drawn from different government departments.One measure of the importance now attached to this work is that Thompson's colleagues say he is in almost daily contact with Howard Schmidt, the US's cyber-security co-ordinator, who was appointed by Barack Obama after the president declared that cyber was a strategic priority for the White House.The difficulty for GCHQ, and for all the other agencies with an interest in the subject, is that the spectrum of potential threats is very broad, and state-on-state attacks – while potentially devastating – probably account for only a fraction of it. Cyber-security includes the activities of fraudsters, other criminals and, to a far lesser extent, terrorists, who all all operate online and attempt to use cyber-tools to steal information or disrupt everyday services.Most of what GCHQ sees involves systematic efforts to break through or sneak round the firewalls put around the computer systems run by government departments, banks and big business.Iain Lobban, the director of GCHQ, said that more than 20,000 malicious emails were found on government networks each month, and 1,000 of them were specifically targeted. In a rare public speech last autumn, Lobban also conceded that some computer worms have successfully burrowed their way in and caused "significant disruption"."Cyberspace is contested every day, every hour, every minute, every second," he said. "I can vouch for that from the displays in our own operations centre of minute-by-minute cyber-attempts to penetrate systems around the world."GCHQ estimates that 80% of these kinds of attacks can be dealt with by better computer "hygiene": more care being taken with passwords, for instance. Five hundred people in the organisation's Cheltenham HQ are involved in giving advice to Whitehall and industry about the threats and how best to counter them.ObsessionAnxiety about valuable data being stolen without anyone noticing is shared across all sectors. It is an obsession for banks and corporate giants in the City of London, who would argue that the theft of intellectual property is a much more pressing concern for the UK economy than a Stuxnet-style raid on one of Britain's nuclear plants. The Cabinet Office agrees, which is why Lobban has been trying to encourage a more holistic approach to cyber-security, encouraging firms to share information about the threats they have identified.Once-niche security firms that struggled to make ends meet in the 1990s now find themselves feted and providing advice to the UK's top companies. They also have hundreds more analysts than the government, and databases at least as rich as any owned by the state. Symantec, for instance, can monitor one-third of the world's entire email traffic every minute of the day from hubs it has set up around the globe.But while the cyber-security industry in the UK blossoms, GCHQ's real value is in looking at the 20% of threats that cannot be dealt with by ordinary means – seeking out those that might threaten the national infrastructure by, say, crippling energy companies, or the communications systems run by the emergency services.Some Whitehall officials have drawn solace from Stuxnet, saying that the analysis of the virus "has shown how difficult it is to do this stuff". But they also recognise that the cyber-domain is particularly attractive to some states because of the low bar for entry. State-sponsored cyber-activity is growing, and will continue to do so, said one official, because it is still a comparatively cheap means of warfare compared with buying warships and fighter jets. "You don't need much money, and you don't need many people," said the official. "You could put two students in a room, give them computers and let them have a go."At the very top end of such capability are targeted weapons such as Stuxnet. But there are other, cruder methods for causing mass disruption.So called "denial of service" attacks have become quite common, though not on the scale that crippled parts of Estonia in 2007 at the height of a diplomatic row with Russia. During that episode, the country's main computer systems were bombarded with requests for information by other computers which had been ordered to do so after being infected with malicious software – malware. The network of "bad" computers ("botnet") that launched the attack came from all over the world, including the US, Brazil and Canada.The attack crippled Estonia's parliament, banks and main businesses for up to a fortnight. Russia was assumed to have been behind it.

Page 13

National SecurityExperts have long thought that the UK would be, and probably should be, working up its own range of cyber-weapons, and last year the government hinted this was now a priority. The strategic defence and security review said: "Over the last decade the threat to national security and prosperity from cyber attacks has increased exponentially … We will also work to develop, test and validate the use of cyber capabilities as a potentially more effective and affordable way of achieving our national security objectives."Now ministers have openly acknowledged the need to develop new offensive weapons, new questions need to be answered - and not just those about the protocols and legal basis for using them.One senior defence official noted that traditional arms manufacturers had "smelt the money" and were now diversifying to include cyber-capabilities, recasting the military-industrial complex. Three years ago, Britain's biggest arms manufacturer, BAE Systems, bought Detica, an established and well-respected technology firm. Earlier this year, the firm worked with the Cabinet Office to publish a cost of cybercrime report – but some independent experts, such as Professor Peter Sommer, who lectures at the LSE, regarded Detica's involvement in an independent report as a mistake.He said the Cabinet Office had to show it had "the independence to repel the lobbyists" if it was to retain its credibility. There was another key issue. "One of the things the major software companies don't want us to discuss is the huge number of flaws in their software. The flaws provide countless opportunities for criminals and other attackers and they exist because the software houses are more interested in revenue from selling us new gimmicks in their products than testing them so that they are solidly safe to use."Much better to spend much more money on "the basics of looking after your computer, the way you use it and how sensibly to assess cyber-related risks," Sommer said."That's why I want to see significant government funding going to organisations such as GetSafeOnline rather than on exotic experimental kit from the big international armaments companies."In truth, officials acknowledge that the UK will need to both spend at the low end, and at the high end, to keep ahead on cyber-security."Cyber is not for geeks anymore," said one official. "It's for everyone. The threats are here and now."Table of Contents

List of Cyber-Weapons Developed By Pentagon to Streamline Computer Warfare

By Ellen Nakashima, Washington Post, May 31, 2011The Pentagon has developed a list of cyber-weapons and -tools, including viruses that can sabotage an adversary’s critical networks, to streamline how the United States engages in computer warfare.The classified list of capabilities has been in use for several months and has been approved by other agencies, including the CIA, said military officials who spoke on the condition of anonymity to describe a sensitive program. The list forms part of the Pentagon’s set of approved weapons or “fires” that can be employed against an enemy. “So whether it’s a tank, an M-16 or a computer virus, it’s going to follow the same rules so that we can understand how to employ it, when you can use it, when you can’t, what you can and can’t use,” a senior military official said. The integration of cyber-technologies into a formal structure of approved capabilities is perhaps the most significant operational development in military cyber-doctrine in years, the senior military official said. The framework clarifies, for instance, that the military needs presidential authorization to penetrate a foreign computer network and leave a cyber-virus that can be activated later. The military does not need such approval, however, to penetrate foreign networks for a variety of other activities. These include studying the cyber-capabilities of adversaries or examining how power plants or other networks operate. Military cyber-warriors can also, without presidential authorization, leave beacons to mark spots for later targeting by viruses, the official said. One example of a cyber-weapon is the Stuxnet worm that disrupted operations at an Iranian nuclear facility last year. U.S. officials have not acknowledged creating the computer worm, but many experts say they believe they had a role.Under the new framework, the use of a weapon such as Stuxnet could occur only if the president granted approval, even if it were used during a state of hostilities, military officials said. The use of any cyber-weapon would have to be proportional to the threat, not inflict undue collateral damage and avoid civilian casualties.

Page 14

The new framework comes as the Pentagon prepares to release a cyber-strategy that focuses largely on defense, the official said. It does not make a declaratory statement about what constitutes an act of war or use of force in cyberspace. Instead, it seeks to clarify, among other things, that the United States need not respond to a cyber-attack in kind but may use traditional force instead as long as it is proportional.Nonetheless, another U.S. official acknowledged that “the United States is actively developing and implementing” cyber-capabilities “to deter or deny a potential adversary the ability to use its computer systems” to attack the United States.In general, under the framework, the use of any cyber-weapon outside an area of hostility or when the United States is not at war is called “direct action” and requires presidential approval, the senior military official said. But in a war zone, where quick capabilities are needed, sometimes presidential approval can be granted in advance so that the commander has permission to select from a set of tools on demand, the officials said.The framework breaks use of weapons into three tiers: global, regional and area of hostility. The threshold for action is highest in the global arena, where the collateral effects are the least predictable.It was drafted in part out of concerns that deciding when to fire in cyberspace can be more complicated than it is on traditional battlefields. Conditions constantly shift in cyberspace, and the targets can include computer servers in different countries, including friendly ones.Last year, for instance, U.S. intelligence officials learned of plans by an al-Qaeda affiliate to publish an online jihadist magazine in English called Inspire, according to numerous current and senior U.S. officials. And to some of those skilled in the emerging new world of cyber-warfare, Inspire seemed a natural target. The head of the newly formed U.S. Cyber Command, Gen. Keith Alexander, argued that blocking the magazine was a legitimate counterterrorism target and would help protect U.S. troops overseas. But the CIA pushed back, arguing that it would expose sources and methods and disrupt an important source of intelligence. The proposal also rekindled a long-standing interagency struggle over whether disrupting a terrorist Web site overseas was a traditional military activity or a covert activity — and hence the prerogative of the CIA.The CIA won out, and the proposal was rejected. But as the debate was underway within the U.S. government, British government cyber-warriors were moving forward with a plan. When Inspire launched on June 30, the magazine’s cover may have promised an “exclusive interview” with Sheik Abu Basir al-Wahishi, a former aide to Osama bin Laden, and instructions on how to “Make a Bomb in the Kitchen of Your Mom.” But pages 4 through 67 of the otherwise slick magazine, including the bomb-making instructions, were garbled as a result of the British cyber-attack.It took almost two weeks for al-Qaeda in the Arabian Peninsula to post a corrected version, said Evan Kohlmann, senior partner at Flashpoint Global Partners, which tracks jihadi Web sites. The episode reflected how offensive cyber-operations are marked by persistent disagreement over who should take action and under what conditions. The new list of approved cyber-weapons will not settle those disputes but should make the debate easier to conduct, the senior military official said.Some lawmakers also are proposing statutory language that would affirm that the defense secretary has the authority “to carry out a clandestine operation in cyberspace” under certain conditions. The operation must be in support of a military operation pursuant to Congress’s 2001 authorization to the president to use all necessary and appropriate force against those who committed the Sept. 11, 2001, terrorist attacks.House Armed Services Committee Vice Chairman Mac Thornberry (R-Tex.), who drafted the language as part of the House-adopted 2012 defense authorization bill, said he was motivated by hearing from commanders in Iraq and Afghanistan frustrated by an inability to protect their forces against attacks they thought were enabled by adversaries spreading information online.“I have had colonels come back to me and talk about how they thought they could do a better job of protecting their troops if they could deal with a particular Web site,” he said. “Yet because it was cyber, it was all new unexplored territory that got into lots of lawyers from lots of agencies being involved.”Thornberry’s provision would establish that computer attacks to deny terrorists the use of the Internet to communicate and plan attacks from throughout the world are a “clandestine” and “traditional military” activity, according to text accompanying the proposed statute. But the White House issued a policy statement last week that it had concerns with the cyber-provision. It declined to elaborate.Thornberry said some Pentagon lawyers thought the proposed statutory language could go further. “But my view on cyber is we need to take it a step at a time,” he said.Table of Contents

Page 15

China Bans Its Troops from Making Friends OnlineBy K J M Varma, Rediff News, June 01, 2011 China has banned its two-million strong military from using social networking and matchmaking websites "to prevent the leak of sensitive information". Chinese soldiers have also been barred from using the internet outside the army without permission. The soldiers have been banned from using the internet to make friends, as authorities seek to prevent sensitive information being revealed, the People's Liberation Army Daily reported. The new rules also ban them from watching or listening to political programmes from overseas media. A joint notice issued by the General Staff Headquarters and the General Political Department of the PLA said that the entire army and the People's Armed Police should tighten administration over the practice of soldiers making friends online.The measures are aimed at preventing violations of law and to protect military information from being leaked, it said. According to it, four types of websites have become popular among soldiers which included social networking, matchmaking, blogs and WAP websites for mobile phones in recent years. Since social networking and matchmaking websites usually require users to submit personal information such as occupation, address and contact details, soldiers risk revealing the locations of military camps and their contacts when logging in and communicating with people online, it said.There have also been cases of soldiers who have revealed military secrets by uploading personal photos online either in uniform or during military training, which could be used by "enemy agents" to gain military intelligence, the newspaper said. For soldiers who are about to retire from the army, posting resumes online for job-hunting purposes is also dangerous as they may contain military intelligence, it said. According to the Regulations on Routine Service of the PLA, soldiers are not allowed to use mass media for matchmaking or making friends. Though China banned overseas online social networking sites like, Facebook and Twitter, the country's over 470 million internet users have developed the Chinese versions of such networks like qq.com which have tens and millions of subscribers."It's a prevalently accepted regulation around the world to limit the use of the internet by soldiers as the internet security situation worsens," He Tongqing, a lawyer in Beijing [ Images ], told the paper. "Once you expose your military identity, online spies will make you a target for obtaining military information through various and advanced technology," He said. The joint instruction called for soldiers to improve their consciousness of defence and self-discipline, and said stern action would be taken to punish those who have revealed military secrets through the internet, it said.Table of Contents

The Pentagon Is Confused About How to Fight a Cyber WarBy John Hudson, Atlantic Wire, Jun 01, 2011 Yesterday, the Wall Street Journal broke news that the Pentagon decided that cyber attacks against the United States constitute an act of war and may be returned with the full force of the U.S. military. Today, we find out that responding to such attacks is really tricky, and the Pentagon's confused about how to play this 21st-century war game. Here are the stumbling blocks to having a coherent cyber security defense plan:There are too many attacks to respond to “Every year, hackers steal enough data from U.S. government agencies, businesses and universities to fill the U.S. Library of Congress many times over," U.S. officials tell Reuters. The Department of Defense estimates that more than 100 foreign intelligence organizations have attempted to hack into U.S. networks. Surely the U.S. military is not going to respond militarily to each cyber attack. So the Pentagon's threat runs the risk of appearing empty.It's difficult to know where the attack came from The Pentagon's 30-page document outlined in the the Journal yesterday will be made public soon, largely to serve as a deterrent to others entertaining the idea of striking the U.S. with a cyber attack. But that deterrent strategy might not work given the difficulty of knowing where the attacks originated, notes The New York Times. "During the cold war, deterrence worked because there was little doubt the Pentagon could quickly determine where an attack was coming from--and could counterattack a specific missile site or city," writes the paper. "In the case of a cyberattack, the origin of the attack is almost always unclear, as it was in 2010 when a sophisticated attack was made on Google and its computer servers. Eventually Google concluded that the attack came from China. But American officials never

Page 16

publicly identified the country where it originated, much less whether it was state sanctioned or the action of a group of hackers." A former Pentagon official tells the Times "One of the questions we have to ask is, How do we know we're at war? How do we know when it's a hacker and when it's the People's Liberation Army?”What if other countries adopt our strategy? If regimes opposed to the U.S. also declare cyber attacks an act of war, it could put the U.S. in an uncomfortable situation, notes Foreign Policy's David Hoffman. "For argument's sake, let's take the new U.S. strategy that reserves the right to carry out military attacks on anyone who fools with our power grid or nuclear power plants. Let's assume that Iran adopts exactly the same strategy. What would we think if Iran decided to attack the United States--with a missile down a smokestack--in retaliation for Stuxnet?"It's not clear if the CIA or the Department of Defense is in control Cyber-operations are marked by persistent disagreement over who should take action and under what conditions," reports The Washington Post. The paper details an interesting example surrounding the discovery of Al Qaeda's English-language magazine, Inspire, by the Department of Defense. "The head of the newly formed U.S. Cyber Command, Gen. Keith Alexander, argued that blocking the magazine was a legitimate counterterrorism target and would help protect U.S. troops overseas," reports the Post. "But the CIA pushed back, arguing that it would expose sources and methods and disrupt an important source of intelligence. The proposal also rekindled a long-standing interagency struggle over whether disrupting a terrorist Web site overseas was a traditional military activity or a covert activity--and hence the prerogative of the CIA."The attacks can come from state and non-state actors Hoffman adds that "In the nuclear arms race, we knew a lot about our adversaries, if not everything. We set up early warning systems that could track a missile trajectory. We knew where the enemy silos were located. We established 'counterforce' targets that could hit those silos with great precision... The offensive cyber battlefield promises to be far more chaotic than in the nuclear arms race, with many smaller players and non-state actors." The New York Times quotes a source close to the administration who says "Almost everything we learned about deterrence during the nuclear standoffs with the Soviets in the '60s, '70s and '80s doesn't apply."Table of Contents

Mideast Uses Western Tools to Battle the Skype Rebellion By Steve Stecklow, Paul Sonne and Matt Bradley, Wall Street Journal, 1 June 2011 When young dissidents in Egypt were organizing an election-monitoring project last fall, they discussed their plans over Skype, the popular Internet phone service, believing it to be secure.But someone else was listening in—Egypt's security service.An internal memo from the "Electronic Penetration Department" even boasted it had intercepted one conversation in which an activist stressed the importance of using Skype "because it cannot be penetrated online by any security device."Skype, which Microsoft Corp. is acquiring for $8.5 billion, is best known as a cheap way to make international phone calls. But the Luxembourg-based service also is the communications tool of choice for dissidents around the world because its powerful encryption technology evades traditional wiretaps.Throughout the recent Middle East uprisings, protesters have used Skype for confidential video conferences, phone calls, instant messages and file exchanges. In Iran, opposition leaders and dissidents used Skype to plot strategy and organize a February protest. Skype also is a favorite among activists in Saudi Arabia and Vietnam, according to State Department cables released by WikiLeaks.In March, following the Egyptian revolution that toppled President Hosni Mubarak, some activists raided the headquarters of Amn Al Dowla, the state security agency, uncovering the secret memo about intercepting Skype calls. In addition, 26-year-old activist Basem Fathi says he found files describing his love life and trips to the beach, apparently gleaned from intercepted emails and phone calls."I believe that they were collecting every little detail they were hearing from our mouths and putting them in a file," he says.A cottage industry of U.S. and other companies is now designing and selling tools that can be used to block or eavesdrop on Skype conversations. One technique: Using special "spyware," or software that intercepts an audio stream from a computer—thereby hearing what's being said and effectively bypassing Skype's encryption. Egypt's spy service last year tested one product, FinSpy, made by Britain's Gamma International UK Ltd., according to Egyptian government documents and Gamma's local reseller.Peter Lloyd, a lawyer for Gamma, declined to discuss the testing but said the company didn't sell the product to the Egyptian government. "Gamma International UK Ltd. cannot otherwise comment upon its confidential business transactions or the nature of the products it offers," he said.

Page 17

Adrian Asher, Skype's chief information security officer, says his company can't prevent these technologies from compromising its service: "Can we control [spyware] taking an audio stream off the speakers or the microphone? No, there is nothing we can do."

He describes Skype's emergence as a tool for dissent as an accident. "I don't actively create a product that is useful for the dissidents of the world," he says. "While I guess it's a happy by-product, I can't give them any assurances."Dissidents are discovering other potential vulnerabilities in using Skype. This month, rebels in Libya found what appeared to be spyware they say was being distributed via their Skype contact lists. The Wall Street Journal asked security company Symantec Corp. to analyze the file, which turned out to be a "remote access tool" that could let an outsider remotely eavesdrop on audio and capture keystrokes.Symantec said the file is being distributed on a website named after the date the Libyan protests began. Still, the file's origins aren't clear. "The actual attacker could be anywhere in the world," says Symantec's Kevin Hogan.In China, Skype users are subject to censorship. To enter the Chinese market in 2004, Skype agreed to a unique arrangement in which a special version of its software there filters users' text chats and blocks politically sensitive keywords. Skype operates in China through a partnership with TOM Online, a unit of Hong Kong-based TOM Group Ltd., which provides the filtering technology, according to Skype."TOM Online, like every service provider, has an obligation to be compliant with applicable laws and regulations," Skype said in a statement. "It is possible that chat messages sent to or from a TOM-Skype user in China may be subject to archiving and monitoring."A 2008 study by the Citizen Lab, a research center at the University of Toronto, found serious security and privacy breaches in the Chinese Skype service that it said suggested it was being used for "widespread and systematic surveillance" of "dissidents and ordinary citizens." Researchers found that TOM Online had captured millions of records of text chats and voice calls, including users' personal information, and kept them on publicly accessible servers.Skype said afterward that the security breach had been fixed. Li Xiuli, TOM Online's marketing director, now says the company doesn't monitor or record any of its users' communications or personal information.However, in a recent filing with the U.S. Securities and Exchange Commission, Skype said TOM Online's filtering technology "allows instant messages to be filtered and stored along with related data based on content." Skype added that it understands its joint venture "is obligated by the government to provide this filtering and storage."In some countries, including Oman, Egypt, Iran and the United Arab Emirates, Skype is blocked or partially blocked, although such efforts often aren't effective. Several western companies, including Boeing Co.'s Narus Inc. and Bitek International Inc., both in California, and the German firm Ipoque GmbH, sell sophisticated

Page 18

products that can detect Skype traffic and allow networks to block it. The companies all declined to discuss their foreign customers."If requested to do so, we can completely stop it from working on a country-wide level," says Graham Butler, Bitek's chief executive. He says Bitek also can capture Skype traffic and turn it over to governments for analysis.Countries sometimes say they block Skype because its free or low-cost calls cut into the revenue of local phone companies. But a secret 2009 State Department cable from the American embassy in Oman—where Skype isn't authorized—notes that "the unstated and likely more significant rationale…may be that such services are out of reach of the listening ear of the government." The cable was made available to certain media outlets by WikiLeaks and reviewed by The Wall Street Journal.Oman's Telecommunications Regulatory Authority confirmed that Skype isn't authorized in part because it "does not meet the requirements of legal interception in Oman."The emergence of Skype as a tool for dissidents marks another odd twist in the service's short, colorful history. Skype, which now has more than 663 million registered users world-wide, traces its roots to a file-sharing program, Kazaa, that grew popular for exchanging pirated music soon after its launch in 2001. Kazaa's founders, Niklas Zennström of Sweden and Janus Friis of Denmark, hired a group of Estonian programming whizzes to build the software. It used what is known as a "peer-to-peer" design. Users could share files (in this case, music) directly with each other as peers, not relying on a middleman in the form of a centralized server.Kazaa attracted millions of users but soon faced legal challenges from the music industry. So Messrs. Zennström and Friis focused on a new project: building a highly encrypted, peer-to-peer Internet phone service. Again, they tapped the Estonian programmers. In 2003, Skype went live.Tom Berson, a California cryptographer hired by Skype in 2005 to evaluate its security, says he met the programmers, who told him they grew up when Estonia was part of the Soviet Union and had the perils of "wiretapping in mind" when creating Skype."In many products, security is an afterthought, it's kind of bolted on afterwards," Mr. Berson says. "Skype is different in that it was designed in from Day 1."The main reason Skype included high-level encryption wasn't a fear of wiretapping, says a spokesman for the Estonian programmers. Skype sometimes routes multiple calls through one user's computer and the engineers wanted to make sure that user couldn't eavesdrop, the spokesman says.Skype is tough to intercept not only because of its design, but also due to its legal status. In the U.S., Europe, and elsewhere, laws require telecommunications providers to install interception capabilities, so police can eavesdrop on criminals if necessary. But Skype doesn't see itself as falling under those laws. Besides, Skype says it can't intercept calls between Skype users even if it wanted to. That's partly because conversations don't pass through Skype's own computers. In addition, the encryption key for each call is known only to the computers participating in the call, not to Skype itself.That's a headache for police and spy agencies. In Egypt, the Mubarak regime's secret police fretted about the service in a 2009 internal memo, calling it "a safe and encrypted Internet communication system, to which most extremist groups have resorted to communicate with each other."The same year, Italian authorities told the European Union that criminals involved in prostitution rings, arms sales and drug trafficking were turning to Skype and similar Internet phone services to evade police. The customs and tax police in Milan reported overhearing a cocaine runner telling an accomplice to use Skype to receive the details of a two-kilogram delivery."It's a great tool for the bad guys," says Mr. Butler, the Bitek chief executive. But, he says, "It's not as secure as people think."In recent years, a handful of small European companies—including Gamma of Britain as well as Germany's DigiTask GmbH, Italy's HackingTeam SRL and Switzerland's ERA IT Solutions AG—have developed tools to eavesdrop on Skype. HackingTeam and Gamma have been marketing their software to governments outside of Europe, including in the Middle East. Most of the tools are programs that must be installed on a person's computer. Often they are distributed via infected email attachments or disguised as fake software-update alerts to trick people into installing them. The software doesn't decode Skype's encryption, but instead captures audio streams, keystrokes typed into the keyboard and possibly anything else happening on the computer."Skype is a nightmare for law-enforcement agencies" because of its encryption, says David Vincenzetti, chief executive of Milan-based HackingTeam, which sells a program called Remote Control System that works on

Page 19

computers, smartphones and Blackberries. "Using our technology, Skype is not a problem anymore." He says the software can bypass Skype's encryption and "read" the audio stream directly from a computer's memory.He says his company sells only to police and security agencies and has about two dozen customers, including in the Middle East, North Africa and the Far East. He declined to name them, although he said they don't include Egypt, Libya or Tunisia."You can infect anybody on the Internet," he says. "When the infection has taken place, you get full control" of their device, "and that means you can extract any information from that device."A "Top Secret" memo from Egypt's Interior Ministry, dated Jan. 1, 2011, describes how the agency recently had conducted a five-month trial of a "high-level hacking security system" made by Gamma, a HackingTeam rival. The results, the memo said, included "success in hacking personal accounts on Skype" and "recording voice and video conversations over the Internet." The system's capabilities also included breaking into Hotmail, Gmail and Yahoo accounts, tracking the location of a targeted computer and copying all of its contents, the memo stated.The memo noted that the system was being offered for €388,604 ($559,279), including training four officers to use it, by Gamma's Egyptian reseller, Modern Communication Systems. Adel Kadry, the reseller's managing director, confirmed the documents were authentic. He said his company's role was minor, fulfilling a legal requirement that a local partner be involved. The Egyptian government didn't respond to a request for comment on the documents.According to its website, Gamma sells "Remote Monitoring and Infection Solutions" to governments under the brand name FinFisher. At a wiretapping trade show in Dubai in February, the company gave presentations on "Monitoring Encrypted Data on Computers and Mobile Phones" and "Applied Hacking Techniques used by Government Agencies." Gamma officials there declined to be interviewed.Egyptian government records indicate the Gamma product trial took place last year between August and December. That partly coincides with a U.S.-funded project in Egypt to monitor parliamentary elections in November.The project was spearheaded by Freedom House, a Washington-based, pro-democracy nonprofit that partnered with local activists and bloggers.Sherif Mansour, Freedom House's regional senior program manager, says he recommended that the local activists use Skype because he believed it was more secure than email. "We knew that the government was following us and they were harassing the people working on the project," he says. So the team came up with "some basic security protocols, and one of them was using Skype as much as possible." In the March raid on Egypt's state security agency, Israa Abdel Fattah, a 32-year-old pro-democracy activist who had been jailed twice in the past three years, was shocked to discover in the agency's files copies of her emails, transcripts of phone calls and text messages, and a list of companies where she had applied for jobs.She calls it a grave violation of her personal life. "Everyone can see and know what I talk about," she says.One memo the activists found showed that the secret police had monitored their Skype communications. The memo described "the successful penetration of their online organizational meetings…via encrypted Skype."Mr. Mansour says that surprised him. "When they were arresting bloggers, they were torturing them to get their passwords out of them. So we were under the impression that they didn't have this capacity." Adds Mr. Fathi, the activist whose love life was detailed in the files he found: "We were using Skype for a long time thinking that it was protected and secure."The documents state the Interior Ministry had approved the purchase of the Gamma system in December. But Mr. Kadry, Gamma's reseller, said the deal never went through. Egypt's revolution derailed it, he says.Table of Contents

British Intelligence Used Cupcake Recipes to Ruin Al-Qaida WebsiteBy Richard Norton-Taylor, The Guardian, 2 June 2011 Cup cake recipes were inserted into the online jihadist magazine to garble the contents including 'Make a Bomb in the Kitchen of Your Mom'. Photograph: GettyWhitehall sources have revealed that British intelligence officers successfully sabotaged the launch of the first English language website set up by an al-Qaida affiliate.The officers, understood to be based at Government Communications Headquarters (GCHQ) in Cheltenham, attacked an online jihadist magazine in English called Inspire, devised by supporters of al-Qaida in the Arabian Peninsula.

Page 20

A pdf file containing fairy cake recipes was inserted into Inspire to garble most of the 67 pages of the online magazine, including instructions on how to "Make a Bomb in the Kitchen of Your Mom".Though the authenticity of claims made about Inspire have been questioned, British security and intelligence sources say they believe the magazine, and the bomb-making instructions, were genuine.The sabotage took place a year ago, following a dispute between agencies in the US about who should take on the role of attacking the Inspire website.Publicising the achievement amounted to little more than a propaganda exercise – "just to let them know", as one British official put it on Thursday.The head of the US Cyber Command, General Keith Alexander, said blocking the magazine was a legitimate counter-terrorism target and would help protect American troops overseas, according to the Washington Post.The CIA argued that such an attack would expose sources and intelligence methods and that it amounted to covert action rather than a traditional military one and was therefore its responsibility.The CIA won the argument and declined to go ahead with the attack on Inspire, the newspaper said.British security and intelligence agencies, including MI5 (which was not responsible for the attack on Inspire), have made it clear they are deeply concerned about the influence of extreme Islamist and jihadist websites.But such "website wars" are just the surface of a much bigger threat, British officials say. A much more serious worry surrounds cyber-attacks on government agencies and officials in sensitive jobs.As US government agencies argue about who should take command – and the Pentagon is fighting back against the CIA – British officials say the UK government is grappling with how to cope with the growing threat.GCHQ, staffed by encoders and eavesdroppers, has the expertise to defend British agencies and attack hostile ones.The Ministry of Defence, supported by a new Cyber Operations Group, has a clear interest. So does the Department for Business, Innovation and Skills because private industry must be intimately involved in the battle against cyber-attacks despite potential disputes about competition and intellectual property rights, officials say.British officials said different government agencies and departments would conduct their cyber operations separately and would be co-ordinated by the Office of Cyber Security and Information Assurance in the Cabinet Office in the heart of Whitehall.Lieutenant General Rhett Hernandez, head of the US army's cyber command, told a land warfare conference in London on Thursday, organised by the Royal United Services Institute, that a "world-class cyber warrior force" was being built up.US state department co-ordinator for cyber issues, Christopher Painter, said on Wednesday that America faced potential threats in cyberspace from freelance hackers, militants and potentially rival states.Diplomacy and policy were only just beginning to catch up with technology, he said. "Cyber-security is now a policy imperative," he told Reuters news agency.Earlier this week, his employer, the US department of defence, announced it was rewriting its military rule book to make cyber-attacks a possible act of war.A US official was quoted as saying: "If you shut down our power grid, maybe we will put a missile down one of your smokestacks."British and US defence and security officials made plain on Thursday that the central problem was how to identify cyber-attackers.Table of Contents

Russia Ratifies Electronic Warfare Agreement with Belarus From The National Center of Legal Information of the Republic of Belarus, 8 Jun 2011 MOSCOW, 8 June (BelTA) – Russia ratified an agreement on cooperation in electronic warfare with Belarus. The corresponding decree approved by the two chambers of the parliament was signed by Russian President Dmitry Medvedev, BelTA learnt from the Kremlin press service. The agreement was signed in Moscow on 10 December 2009. The document establishes legal framework for coordinating cooperation between Belarus and Russia in electronic warfare for military security in the region. The document envisages establishment and functioning of the joint electronic warfare system of the regional force group of Belarus and Russia. The sides are obliged to train bodies of military administration, electronic warfare military units and subdivisions for joint operations as regional forces, interactively use the radio-

Page 21

frequency spectrum of electronic means used for defense, and secure electromagnetic compatibility of military radio electronic means. The parties to the agreement will conduct joint research in electronic warfare, develop new electronic warfare equipment, and share information on electronic warfare organization. The sides will apply the joint electronic warfare system in line with the agreement. The document also envisages joint exercise for bodies of military administration, electronic warfare military units and subdivisions acting as part of the regional force group. The defense ministries of Belarus and Russia are authorized to implement the document. The events envisaged in the agreement are funded by the sides independently.Table of Contents

NATO Plans Force To Respond To Cyber AttacksFrom Physorg, 8 June 2011NATO Defence ministers during a summit at the NATO headquarters in Brussels. NATO wants to beef up its cyber defence capabilities with the creation of a special task force to detect and respond to Internet attacks, an alliance expert said Wednesday at a conference on cyber security."NATO is planning to establish the Cyber Red Team (...) that would provide a significant contribution to the improvement of NATO's cyber defence capability," Luc Dandurand and expert with NATO's C3 Agency told delegates to the alliance's third annual cyber defence conference.The new NATO cyber force could be involved in simulating threats and controlling readiness to response, gathering and using public information from open sources, scanning and probing networks as well as conducting denial-of-service attacks against specific services or networks, according to Dandurand.The Symantec cyber security firm recently reported that web-based attacks in 2010 were up 93 percent from 2009."The need for such a team is obvious," Dandurand said, adding it would primarily be tasked with detecting, responding to and assessing the "damage cyber attacks can cause in a military sense."Dandurand also highlighted legal and privacy issues that must be addressed before NATO's cyber force can take shape."The two main issues identified at this point are the need to legitimize the Cyber Red Team activities that could otherwise be construed as the malicious or unauthorized use of computer systems, and the potential for invasion of privacy resulting from cyber red team activities," he told experts gathered at NATO's Tallinn-based Cyber Defence Centre."Cyber-attacks against Estonia in the Spring of 2007, during Russia's operation in Georgia in 2008, and the many more cyber attacks we have seen worldwide since then have shown us there is a new kind of war that can cause a lot of damage," Major General Jonathan Shaw, a British defence ministry official told delegates."We need a response system and we need to learn to respond fast. In the cyber world you have to do lot of homework before the attack in order to be effective," he added.The three-day conference, which kicked off Tuesday and is attended by 300 international cyber experts, focuses on the legal and political aspects of national and global Internet security.Table of Contents

Al Qaeda's New Video: A Message of DefeatBy Scott Stewart, STRATFOR, June 9, 2011A new video from al Qaeda’s media arm, As-Sahab, became available on the Internet on June 2. The video was 100 minutes long, distributed in two parts and titled “Responsible Only for Yourself.” As the name suggests, this video was the al Qaeda core’s latest attempt to encourage grassroots jihadists to undertake lone-wolf operations in the West, a recurrent theme in jihadist messages since late 2009. The video, which was well-produced and contained a number of graphics and special effects, features historical footage of a number of militant Islamist personalities, including Osama bin Laden, Ayman al-Zawahiri, Abdullah Azzam and Abu Yahya al-Libi. In addition to al-Libi, who is considered a prominent al Qaeda ideological authority, the video also features an extensive discourse from another Libyan theologian, Sheikh Jamal Ibrahim Shtaiwi al-Misrati. Al-Misrati (who is from Misurata, as one can surmise from his name) was also featured in a March 25 As-Sahab message encouraging jihadists in Libya to assume control of the country and place it under Shariah once the Gadhafi regime is overthrown. The still photo used over the March message featuring al-Misrati was taken from the

Page 22

video used in the June 2 message, indicating that the recently released video of al-Misrati was shot prior to March 25. The video also contains a short excerpt of a previously released Arabic language Al-Malahim media video by Anwar al-Awlaki and an English-language statement by Adam Gadahn that is broken up into small segments and appears periodically throughout the video. Despite the fact that many of the video segments used to produce this product are quite dated, there is a reference to bin Laden as a shaheed, or martyr, so this video was obviously produced after his death. Unlike the As-Sahab message on the same topic featuring Adam Gadahn released in March 2010 and the English-language efforts of al Qaeda in the Arabian Peninsula’s “Inspire” magazine, this video is primarily in Arabic, indicating that it is intended to influence an Arabic-speaking audience. To date, much of the media coverage pertaining to the release of this video has focused on one short English-language segment in which Adam Gadahn encourages Muslims in the United States to go to gun shows and obtain automatic weapons to use in shooting attacks. This focus is understandable given the contentiousness of the gun-control issue in the United States, but a careful examination of the video reveals far more than just fodder for the U.S. gun-control debate. Contents of the VideoThe first 36 minutes of the video essentially comprise a history lesson of militants who heard the call to jihad and then acted on it. Among the examples are individuals such as ElSayyid Nosair, the assassin of Jewish Defense League founder Meir Kahane; Abdel Basit (also known as Ramzi Yousef), the operational planner of the 1993 World Trade Center attack and the thwarted Bojinka plot; Mohammed Bouyeri, the assassin of Dutch filmmaker Theo Van Gogh; and Fort Hood shooter Nidal Malik Hasan. Others include the leader of the team of assassins who killed Egyptian President Anwar Sadat and the militants behind the Mumbai attacks. Then, after listing those examples, the video emphasizes the point that if one is to live in the “real Islamic way,” one must also follow the examples of the men profiled. Furthermore, since the “enemies of Islam” have expanded their “attacks against Islam” in many different places, the video asserts that it is not only in the land of the Muslims that the enemies of Islam must be attacked, but also in their homelands (i.e., the West). In fact, the video asserts that it is easy to strike the enemies of Islam in their home countries and doing so creates the biggest impact. And this is the context in which Gadahn made his widely publicized comment about Muslims buying guns and conducting armed assaults. Now, it is important to briefly address this comment by Gadahn: While it is indeed quite easy for U.S. citizens to legally purchase a wide variety of firearms, it is illegal for them to purchase fully automatic weapons without first obtaining the proper firearms license. This fixation with obtaining fully automatic rifles instead of purchasing readily available and legal semi-automatic weapons has led to the downfall of a number of jihadist plots inside the United States, including one just last month in New York. Therefore, aspiring jihadists who would seek to follow Gadahn’s recommendations to the letter would almost certainly find themselves quickly brought to the attention of the authorities. When we look at the rest of Gadahn’s comments in this video, it is clear the group is trying to convey a number of other interesting points. First, Gadahn notes that jihadists wanting to undertake lone-wolf activities must take all possible measures to keep their plotting secret, and the first thing they should do is avail themselves of all the electronic manuals available on the Internet pertaining to security. A few minutes later in the video, Gadahn remarks on a point made in a segment from a U.S. news program that the Hollywood perception of the capabilities of the National Security Agency (NSA) is nowhere near what those capabilities are in real life and that, while the NSA and other Western intelligence agencies collect massive amounts of data, it is hard for them to link the pieces together to gain intelligence on a pending attack plan. This is true, and the difficulty of putting together disparate intelligence to complete the big picture is something STRATFOR has long discussed. Gadahn notes that the downfall of most grassroots operations is loose lips and not the excellence of Western intelligence and urges aspiring grassroots jihadists to trust no one and to reveal their plans to no one, not even friends and family members. This claim is also true. Most thwarted grassroots plots have been uncovered due to poor operational security and sloppy tradecraft. The video also contains lengthy theological discussions justifying the jihadist position that jihad is a compulsory, individual obligation for every able-bodied Muslim. As the video turns to the necessity of attacking the enemies of Islam in their homelands, Gadahn notes that Americans are people who crave comfort and security and that terrorist attacks scare them and take away their will to fight Muslims. According to Gadahn, terrorist attacks also cause the people to object to leaders who want to attack Islam, and the people will not vote for those leaders. Throughout the video, the American Israel Public Affairs Committee is depicted several times, and it is asserted that the United States and the West are controlled by Jewish interests. Gadahn says that influential figures in the Zionist-controlled Western governments, industries and media should be attacked, and that such attacks will weaken the will of the masses to fight against Islam. He also says that attacks against such targets are not

Page 23

hard and that, from recent examples of people who have assaulted the pope and Italian Prime Minister Silvio Berlusconi, it is evident that if jihadists trust their efforts to Allah and choose the right place, time and method, they can succeed in their attacks.But armed assaults are not the only type of attacks being advocated in the video. The message also contains several minutes of material dedicated to encouraging cyber-jihadists to conduct electronic attacks against the United States. This concept was supported by several excerpts from a segment of the U.S. television program 60 Minutes pertaining to the cyber threat and featuring U.S. experts discussing their fears that terrorists would attack such targets as the electrical grid. Again, this is an old threat, and acquiring the skills to become a world-class hacker takes time, talent and practice. This means that, in practical terms, the threat posed by such attacks is no greater than it was prior to the release of this video.Tactical ImplicationsFirst, it needs to be recognized that this video does not present any sort of new threat. As far as Gadahn’s pleas for American Muslims to buy firearms and conduct armed assaults, we wrote an analysis in May 2010 discussing many failed jihadist bomb plots and forecasting that the jihadists would shift to armed assaults instead. Furthermore, jihadist websites have long been urging their followers to become cyber-jihadists and to create viruses that would cripple the economies of the United States and the West, which are so dependent on computerized systems. Even the calls to target industrial and media leaders are not new. Jihadist publications such as the now-defunct online magazine of al Qaeda in Saudi Arabia, Maaskar al-Battaar, encouraged attacks against such targets as far back as 2004. This means that this latest As-Sahab message merely echoes threats that have already existed for some time now, such as threats emanating from grassroots jihadists. The grassroots threat is real and must be guarded against, but it is not nearly as acute as the threat posed by other, more skillful terrorist actors. Grassroots operatives do not often possess good terrorist tradecraft, and their attacks tend to be poorly planned and executed and susceptible to discovery and disruption.However, killing people is not difficult, and even amateurs can be deadly. As we examine these repeated pleas by al Qaeda for grassroots jihadists to conduct attacks in the West, and then consider the ease with which such attacks can be conducted — evidenced by Hasan’s actions at Fort Hood — it raises an interesting question: Why haven’t we seen more of these attacks? Certainly we’ve seen some thwarted attempts like the previously mentioned plot in New York in May 2011 and a successful attack in March on U.S. Air Force personnel in Frankfurt, Germany, but overall, the jihadist message urging Muslims to take up arms and conduct attacks simply does not appear to be gaining much traction among Muslims in the West — and the United States in particular. We have simply not seen the groundswell of grassroots attacks that was initially anticipated. The pleas of Gadahn and his companions appear to be falling upon deaf ears and do not seem to resonate with Muslims in the West in the same way that the cries of the pro-democracy movements in the Middle East have in recent months. In theory, these grassroots efforts are supposed to supplement the efforts of al Qaeda to attack the West. But in practice, al Qaeda and its franchise groups have been rendered transnationally impotent in large part by the counterterrorism efforts of the United States and its allies since 9/11. Jihadist groups been able to conduct attacks in the regions where they are based, but grassroots operatives have been forced to shoulder the bulk of the effort to attack the West. In fact, the only successful attacks conducted inside the United States since 9/11 have been conducted by grassroots operatives, and in any case, grassroots plots and attacks have been quite infrequent. Despite the ease of conducting such attacks, they have been nowhere near as common as jihadist leaders hoped — and American security officials feared.One reason for this paucity of attacks may be the jihadist message being sent. In earlier days, the message of Islamist militants like Abdullah Azzam was “Come, join the caravan.” This message suggested that militants who answered the call would be trained, equipped and put into the field of battle under competent commanders. It was a message of strength and confidence — and a message that stands in stark contrast to As-Sahab’s current message of “Don’t come and join us, it is too dangerous — conduct attacks on your own instead.” The very call to leaderless resistance is an admission of defeat and an indication that the jihadists might not be receiving the divine blessing they claim.“Al Qaeda's New Video: A Message of Defeat is republished with permission of STRATFOR."Table of Contents

Page 24

China and the US: Sizing up for cyber war? By Chris Arsenault, Al Jazeera, 09 Jun 2011As senior US officials warn that cyber attacks on vital systems would be considered "acts of war" eliciting a real world military response, one professor at the National Defence University surmises that battles of the future might be fought by guys hunched over keyboards in dark basements, rather than strapping lads toting M-16s.In light of recent cyber attacks on Google apparently launched from China, online tensions - the possible precursors to outright conflict - have been spreading from chat rooms, to Gmail accounts and into the meeting rooms of military decision makers in recent weeks."We operate in five domains: air, land, sea, outer space and cyberspace," says Dan Kuehl, a professor of information operations at the National Defence University in Washington. "An ever increasing amount of what we do has dependencies on cyberspace; a guy typing on a computer is one of the new faces of war," Kuehl told Al Jazeera, stressing that he is not speaking for the US government or his elite military university."A response to a cyber-incident or attack on the US would not necessarily be a cyber-response. All appropriate options would be on the table," Pentagon spokesman Colonel Dave Lapan said recently.Tough talk and phishing tripsOne US defence official told The Wall Street Journal newspaper: "If you shut down our power grid, maybe we will put a missile down one of your smokestacks," in rhetoric likely aimed at China. For its part, the Chinese government categorically denied any involvement in the cyber attacks, which Google reported to the US state department and media outlets last week.The reason for this sort of digital tough-talk is related to basic military strategy. "There is value in ambiguity," Kuehl said. "You don't want your adversary to think 'I can go up to that red line but I can't cross it'. You want them to think 'I won't do anything in the first place'," for fear of old fashioned physical reprisal.Phishing attacks recently launched against Google's mail service targeted the personal e-mail accounts of some senior US officials, along with Chinese journalists, human rights activists and South Korea's government.These attacks are similar in form to the scam e-mails most people receive from, say, the widow of a Nigerian millionaire who asks the user to open a message so they can claim their $14m reward for being a nice person. Once the message is opened, the victim's computer is compromised."This was a pretty straight forward phishing attack, other than the more sophisticated social engineering where the e-mail seems to come from someone who you know,” says Richard Stiennon, the chief research analyst at IT-Harvest and author of Surviving Cyberwar, referring to recent actions against Gmail."The Chinese have the early advantage in executing cyber warfare. If you have a large information gathering operation, knowing even the personal data of officials can be valuable," he told Al Jazeera. If data is stolen from personal accounts it is likely dumped into massive data banks for processing, crossing referencing and analysis.WikiLeaks documents indicate that US diplomats are concerned about China's government recruiting top hackers to launch cyber war campaigns."There is a strong possibility the PRC [People's Republic of China] is harvesting the talents of its private sector in order to bolster offensive and defensive computer network operations capabilities," said a secret state department cable from June 2009.Tampering with logisticsSince 2002, cyber intruders, apparently from China, have exploited vulnerabilities in the Window's operating system to steal login credentials in order to gain access to hundreds of US government and defence contractor systems, according to a 2008 cable. China, for its part, says it is ready for online conflict should it arise. "Of late, an internet tornado has swept across the world... massively impacting and shocking the globe. Behind all this lies the shadow of America," said a recent article published in the Communist-Party controlled China Youth Daily newspaper, signed by Ye Zheng and Zhao Baoxian, who are scholars with the Academy of Military Sciences, a government linked think-tank."Faced with this warm-up for an internet war, every nation and military can't be passive but is making preparations to fight the internet war," the article said.That attacks apparently came from China does not, onto itself, implicate the Chinese government. Internet or IP addresses which delineate where a computer is physically located can be compromised, allowing users in one country to take over a computer somewhere else to launch attacks."How do you know where to strike back? You don't," says Bruce Schneier, a technology expert and author of several books who The Economist magazine describes as a "security guru".

Page 25

"You don't have nationality for cyber attacks, making retaliation hard," he told Al Jazeera.But the nature of the Chinese state, where information is closely controlled, most corporations are linked to the Communist Party apparatus and dissidents are crushed, means the government likely had some knowledge of what was happening, Stiennon says.And, even if the Google attack was carried out by rogue hackers, American defence planners haven't been taking any chances. One possible scenario involves a Chinese move to re-take Taiwan - an island which China views as a renegade - despite the US and UN considering it a sovereign country."The Chinese have looked at their biggest potential military adversary, the US, and decided that their biggest weaknesses are that they are far away and dependent on computers," says Kuehl from the defence university. He thinks likely Chinese strategies are twofold: The obvious "degrading enemy military apparatuses in the theatre of war" and "preventing the enemy from getting there". Cyber attacks, targeting battle ship deployments and logistics, would play decisively in the latter."The threat, from a military perspective, isn't data denial, it is data manipulation," Kuehl says. "What do you do when the data on your screen is wrong and air traffic controls, money, deployment orders and personnel have all been tampered with?"Misdirection and censorshipRegardless of China's broader aims or involvement from the Chinese government in recent cyber mischief against Google, there is nothing new or impressive about recent cyber attacks, even though the international media has focused on them, Schneier says. "Millions of these kinds of attacks happen all the time," he says. To him, recent phishing operations against Google are not even worthy of a blog post, as such events happen so frequently.Chris Palmer, the technology director with the Electronic Frontier Foundation advocacy group, thinks recent rhetoric about cyber war is a "smokescreen to limit freedom of speech on the internet"."If I was being cynical, this campaign [about cyber security] is being launched by defence contractors to drum up a threat and get money from it," Palmer told Al Jazeera.The US state department's tough talk about physical reprisals is not the way to defend American infrastructure from attacks, he says. The solution is much simpler: Taking sensitive data off the internet entirely.Gaining access to military documents or networks controlling physical infrastructure like water treatment plants and nuclear facilities "should be like Mission Impossible, requiring a physical presence". In the film, Tom Cruise has to sneak into a heavily guarded room to physically access a computer with secret information.In the 1980s and early 1990s, power plants, for example, ran on private networks where the censors would talk to the controllers, Palmer says. "Now things that are supposed to be private have become virtually private, going over the same lines as internet traffic." As getting online became cheaper, and operating private networks became more costly and cumbersome compared to using the standard internet, companies began using the regular net."Not being on the internet costs more for dollars and opportunity cost," he says. "The design and the reality don't match anymore, but the design was supposed to be private." And this semi-public link to the broader net leaves vital systems potentially open to attack. While military contractors propose new products to defend against online threats, commercial cyber crime - where companies seek data on competitors and rivals try to steal industrial secrets - may be a bigger issue than fears of nation to nation conflicts spilling onto the internet."The [US] defence department, just like everyone else, is struggling with the rapid rise of cyber threats," says Richard Stiennon, the security analyst. "It is all new. They don't have a basis in international law or jurisdictional avenues from which to build a cyber response."And, the need for better international norms for governing cyber conflict is one of the few points of agreement between analysts. "The big thing here is that there is nothing magic about cyberspace," Schneier says. "Everything that is true is still true when you put the word 'cyber' in front of it."Some may say that international laws are often worth little more than the paper on which they are printed. And, sadly, the ability to exert force still determines the international pecking order. But, it may still be better to have an unenforceable framework for online conflict than none at all.As Bruce Schneier puts it, "I think a UN conference on cyber war would be a great thing to do".Table of Contents

Page 26