Forwarded by Carlo Kopp carlo@cs.monash.edu.au
Feel Free To Distribute Widely:
And HERF Guns, Electromagnetic Pulses and sophisticated logic bombs may be responsible.
At InfoWarCon II, Montreal Canada, I made reference to investigations I was conducting regarding concerted and organized attacks on up to 43 financial institutions in Europe and the US; an example of Class III Information Warfare. This issue of London Sunday Times brings a glimpse of the story that will eventually be told.
The first attack in my files dates to January 6, 1993. A trading house in London was blackmailed into paying £10million to unknown extortionists who demonstrated they could crash the company's computers at will. The next incident in the Times article is also in my files: January 14, 1993 where similar demonstrations and demands were made for this time £12.5Million. And so is the next, January 29, 1993 and another £10Million siphoned off by the bad guys. According to my figures and those in the Times article, hundreds of millions of pounds have been paid ransom in what is clearly an example of Class III Information Warfare.
According to officials in Washington, Whitehall, London, City of London Police, the National Security Agency, Kroll Associates, Bank of England and others (in the article) the threats are credible. The attackers have the clear ability to bring trading and financial operations to a halt - exactly when they say they will. "Banks, brokerage firms and investment houses in America have also secretly paid ransom to prevent costly computer meltdowns and a collapse in the confidence among their customers," sources said in the article.
The article discussed the advanced information warfare techniques used by the perpetrators. "According to the American National Security Agency (NSA), they have penetrated computer systems using 'logic bombs' (coded devices that can be remotely detonated), electromagnetic pulses and 'high emission radio frequency guns' which blow a devastating electronic 'wind' through the computer systems." [For a complete description of HERF Guns (coined by Schwartau in 1990), see "Information Warfare: Chaos on the Electronic Superhighway," Thunders Mouth Press, 1994]
The perpetrators have also left encrypted messages, apparently bypassing the highest security levels of the systems, leaving messages such as "Now do you believe we can destroy your computers?" The NSA and other officials believe that four gangs are involved; probably one from the US and probably one from Russia. But, because the crimes are international, national borders still prevail, making investigation more difficult. Investigations and official inquiries have been in progress for some time according to the article.
Now, for a few things you will not see in the articlem, but will hopefully [if I am lucky] come out in the near future. The number of attacks is way above 40. They have been known about for almost three years, but only recently have people been willing to come out of the closet and discuss this highly sensitive issue with the media. Long briefs and analyses of these events have been submitted to high level officials and select business persons for at least a year, but to no avail. [Security by obscurity reigns all too often.] Banking is not the only industry that has been attacked and the attacks have been spread around Europe as well as Australia.
As an industry many of us have said that the only way something will really be done is if we experience a Computer Chernobyl [Peter Neumann Phrase as I recall] or as I first said in Congressional Testimony, An Electronic Pearl Harbor. Are these events the harbinger of strong reaction by the community at large? As events unfold and more information is permitted to be disseminated over the next few days and weeks, we will see.
We have essentially solved the issues of confidentiality and integrity. But, I have maintained that the real problem is going to be Denial of Service. These events are unfortunate, but clear examples of that reality.
A Bank of England official also said of the incidents, "it is not the biggest issue in the banking market." Hmmm. I have to think about that.
Peace Winn
Winn Schwartau - Interpact, Inc.
Information Warfare and InfoSec
V: 813.393.6600 / F: 813.393.6361
Winn@InfoWar.Com
Headline of June 9, 1996 Sunday Times in London reads:
"Secret Inquiry into Cyber Terror."
This is a follow-up of last Sundays story about alleged extortion attacks against British financial institutions using Trojan Horses and /or HERF Guns.
According to today's article, the British government is holding secret investigations into the "attacks" for more than two years involving the Dept. of Trade and Industry (DTI), government communications headquarters (GCHQ), the Brit's NSA, The Defence Research Agency (DRA), and the Bank of England.
On June 8, the DTI issued a public statement which included : "We are very interested in the allegations of extortion directed at City of London institutions which were brought to our attention in 1994. We responded then by involving many government organizations ... so far we have not been presented with any hard evidence from victims. We would urge those threatened to come forward."
DTI Director of Technical Affairs, David Hendon wrote a letter in May 1995 saying they took the extortion issue "Extremely seriously." The Times' reporter's say they have seen some of the evidence that was submitted to DTI and GCHQ which includes a chart on 46 of the attacks. According to the article DRA Senior Director, Professor David Parks, his agency is "especially interested in the "weaponry" deployed by the cyber terrorists."
The Times continued: "The agency (DRA) believes high intensity radio frequency "HIRF" guns may have been used to black out trading positions in City finance houses. The weapon disables a computer by firing elctromagnetic radiation at it and is a "Black Programme" at the Defence Ministry, one of the highest security classification levels."
In Dec. Of 1995, the DRA and Parks approached a company who specializes in information warfare and asked them to "arrange a demonstration of a portable HIRF weapon in Germany."
The article further states that details on the HIRF systems and their use in the City of London have been compiled by a British computer magazine and are being passed onto government officials.
*****
I have spoken to more than fifty media in the last week about this story: The comments range from "suspicious" of the British reports, "sounds psy -fi", "alarming", "scary" and the like. Even though I am on vacation (Ha!) I called a few of my expert friends for a sanity check and here is what we have to say.
* The alleged software attacks mentioned in last weeks article are more likely the weapon than HERF/HIRF attacks that todays' article focuses on.
* "Given the kind of systems they use and their connectivity, I can figure a hundred ways to do what the article say" one of my experts stated.
* As for the HERF/HIRF we have worked out a number of models for a number for the attacks scenarios mentioned, but we have a targeting problem. A free-space (air) based attacked would create a wide dispersion pattern and likely have effected other organizations not just those specifically under attack.
* A ground plane attack might cause the alleged results but requires more physical access to the facility.
A few thoughts of the potential motivations:
* Were the alleged attacks meant as a malicious Denial of Service (DNS) attack
or as a profit scheme?
* Were trading volumes and the stock prices of the alleged victims effected
during the times in question?
* Was internal profit taking an ulterior motive?
* I have to keep in mind if we give these stories credence, that over 50% of
computer crimes involve insiders.
According to my British friends, the Sunday Times is preparing even more on this story which will appear next Sunday.
Winn Schwartau - Interpact, Inc.
Information Warfare and InfoSec
V: 813.393.6600 / F: 813.393.6361
email:Winn@InfoWar.Com