[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] Cyberwar in Ostasien
Infowar.de, http://userpage.fu-berlin.de/~bendrath/liste.html
-------------------------------------------------------------
Und noch ein älterer aus der FEER, den ich gerade erst bekommen habe. RB
Far Eastern Economic Review, 16.8.2001
http://www.feer.com/2001/0108_16/p030innov.html
CYBERWAR
Combat on The Web
Bloodless, but deadly. That's the new look of war.
Asia's armies can't compete with the West's military
might. Instead they are preparing to fight wars via
the Web, training crack teams of code-breakers
with the skills to cripple nations
By Charles Bickers/TOKYO
Issue cover-dated August 16, 2001
IMAGINE THE CHAOS: A highly skilled team of
hackers and programmers breaches a national
electricity provider's computers, shutting down the
power supply. The team then spoofs emergency
services to send vehicles to the wrong addresses. Next,
a mass e-mail to the nation's mobile-phone users
informs them that their government has ordered them to
remain at home until further notice.
Such threats won't emanate from young computer
wizards honing their hacking skills. Instead, the
region's
governments are funding their militaries to develop
elite
teams specializing in gathering the necessary
intelligence
to make such scenarios a reality. Silently, they are
seeking ways to cripple adversary nations by
infiltrating
their computer networks--and to defend themselves
from the same threat. Cyberwarriors are on the new
front line. And Asia is emerging as their early proving
ground, because you don't have to be rich or
well-armed to be a superpower in cyberspace.
China is the region's leading threat. It lacks the
funds to
match the military might of the West, but is rapidly
developing its cyberwarfare capabilities. Taiwan and
North and South Korea are also increasing their
capabilities. "Cyberwarfare is very buoyant in Asia
right
now, much more than other parts of the world, perhaps
because of the generally high levels of defence
activity,"
says Desmond Ball, a specialist in electronic warfare
and intelligence and head of the Strategic and Defence
Studies Centre, at the Australian National University
in
Canberra.
"Intelligence budgets around the region have more than
doubled in the last few years, and much of that is
electronic activity," adds Ball. But don't expect the
true
cyberwarriors to be showing the strength of their hand
just yet. "If you're serious about cyberwarfare, you're
not spending time putting out worms and viruses," says
Ball. "No one that's serious in this business will be
doing
anything in peacetime other than gathering intelligence
and practising on their own internal systems, so that
when they do press the button, it works."
The cyberwar strategy relies on hacking, virus writing,
electronic snooping and plenty of good old-fashioned
human spying. Much disruption can be unleashed over
the Internet, but attackers first need to pry open
electronic gates to private and secure networks with
well-placed insiders, or at least inside knowledge,
before they can be effective.
Cyberwar is taxing many military minds. "Cyber attacks
will provide both state and nonstate adversaries with
new options against countries beyond mere words but
short of actual physical attack," said Adm. Chris
Barrie,
Australia's chief of defence forces at an international
security conference in Sydney in July. Barrie said
policymakers and soldiers needed to start taking
government-backed information warfare as seriously as
a missile threat. "It's a very cheap and effective way
to
attack successfully valuable defence and nondefence
assets," he said.
Ironically, the most technologically advanced nations
are the most vulnerable to the threat of cyberwar.
Where there are connections to the Internet, there is
potential for disruption. That's worrying: Governments,
private companies, critical utilities and other
services
are increasingly relying on public data-communications
networks and the Internet to run their operations.
Recent events in Malaysia highlight the risks as
society
becomes more computerized. In July a known and
preventable virus called w32sircam infected large
numbers of Malaysian government computers, releasing
sensitive files onto the Web through e-mail.
DEVELOPED WORLD UNDER THREAT
The United States has taken the threat most seriously.
The issue has figured highly in its policy since 1997,
and
the country has inaugurated a National Infrastructure
Protection Centre under the Federal Bureau of
Investigation.
The U.S. military also has dedicated
information-warfare units in each of its forces and
cyberwarfare is seen as a clear threat to developed
nations: Smaller, less powerful nations can leverage a
stronger country's reliance on data networks and the
Internet to cause large-scale economic and social
damage. "If you want to do something harmful to your
neighbours, and you don't want anyone to interfere with
you, then obviously what you would look for is
something other than competing with armies, navies and
air forces," said Donald Rumsfeld, U.S. secretary of
defence, at the security conference in Sydney in July.
"We can live with it, but we just need to know what
kind of threats there are."
The U.S. got a chilling illustration of the possible
vulnerability of its national infrastructure in
February this
year. California was going through a difficult power
crisis with rolling blackouts because of botched market
reforms. For 11 days, a computer server under
development at the California Independent System
Operator electricity exchange was left connected to the
Internet and was being quietly hacked. The hacker
clearly tried to see how far into the system he or she
could get. Luckily for an already embattled California
power grid, the hacker failed to get close to any
operations. Cal-ISO shrugged off the incident, but the
attack was deemed serious enough to warrant an FBI
investigation.
Some U.S. observers believe states like China, Russia
and North Korea are quietly and systematically probing
the country to find weaknesses similar to the Cal-ISO
breach that can be exploited later.
And here in Asia, the increasing penetration of digital
life leaves us vulnerable to cyber threats. Japan's NTT
DoCoMo is struggling to protect over 25 million users
of Internet-enabled phones from constant
bombardment with unwanted and often offensive
e-mail. The latest phone models are also equipped to
run downloadable programs that industry experts fear
will be ripe for hackers' attacks and viruses once they
are established.
So how does a nation defend itself? The U.S. is
monitoring its military networks in Asia. Maj. Sean
Gibson, spokesman for Pacific Command, Honolulu,
Hawaii, acknowledges "evidence of increased cyber
activity," but he declines to comment on the source of
these probes. "We're countering it quite well right
now,"
he says.
The Department of Defence's strategy is vigilance and
good housekeeping: watching its computers for
suspicious activity, restricting access to its most
sensitive networks and training its people not to be
lax
with passwords and procedures.
For example, to counter the threat of the Internet's
most
recent viral menace, the Code Red computer worm, the
Pentagon shut down public access to a number of U.S.
military networks. U.S. Pacific Command Web sites
and e-mail were unavailable to the public on August 2.
If Asia is the cyberwarrior's proving ground, then the
key battleground is the Taiwan Strait. Observers say
the struggle between China and Taiwan over Taiwanese
sovereignty is the source of large-scale growth in
cyberwar activities.
Exercises by China's People's Liberation Army in July,
simulating war on Taiwan, included cyberwar tactics,
according to official Chinese media reports. "China's
really at the forefront in the region, and Taiwan would
be second," says Herman Finley, information-warfare
specialist and associate professor at the U.S.
military's
Asia Pacific Centre for Security Studies in Honolulu.
"It's not easy to get detail on China. However, they
have created a number of schools including four
universities within the PLA" specializing in
information
warfare.
So what are China's cyberwarfare intentions? It could
be shifting its sights beyond the Taiwan Strait.
According to U.S. reports, in 1999 two PLA colonels,
Qiao Liang and Wang Xiangsui published a book called
Unrestricted Warfare which advocated the tactic of
"not fighting," and of manipulating the fact that the
U.S.
was "enslaved to technology."
"They spelled out very clearly why China could never
win a conventional war against the U.S.," says James
Adams, an adviser to the U.S. National Security
Agency and chairman of iDefense, a U.S.
computer-security consultancy. "They pointed to the
arms race between the U.S. and Russia, which Russia
lost, and the Gulf War where mass forces lost to
hi-tech. As China has always relied on mass forces,
this
was a salutary lesson."
Now says Adams, every branch of the PLA has a
rapidly developing information-warfare capability, and
the politburo has established a special
information-warfare unit that reports directly to the
leadership.
VULNERABLE NETWORKS
It's not just the military. "The Chinese put a lot of
emphasis on people's information warfare," says Finley.
That is, encouraging individuals who use their own
technology to annoy and attack others--a dangerous
tactic if those individuals were to turn against their
own
state.
In Taiwan, cyberwar has a very public face. On July 1,
Taiwan's Ministry of National Defence inaugurated its
first dedicated cyberforce, the Group Tiger Information
Warfare unit, according to the country's Liberty Times
newspaper. Taiwan, says Ball, is the best-equipped
nation in the region to defend itself. Ball visited a
Taiwanese air force information-warfare unit earlier
this
year and says he was impressed. "It may be the most
advanced defensive capability in the region," says
Ball.
Singapore's Defence Ministry acknowledges the
strategic value of cyberwar with its publication last
year
of DS21, a book outlining policy for the next decade.
The book underlines a policy of "Total Defence" in
which the increasingly wired city is protected by
improved security between ministries and agencies.
If connectedness breeds vulnerability, South Korea is
looking shaky. The country has the highest penetration
of high-speed broadband Internet connections in the
world. South Korea's Information Security Agency has
quickly awoken to the new threat emanating from its
neighbour to the north. Pyongyang's fighting technology
may be outdated, but U.S. military reports suggest it
has quickly grasped the value of cyberwar. So far
damage has been limited but is increasing fast, says
the
agency, noting 200 major hacker attacks--some
presumed to come from Pyongyang or its
sympathisers--against companies and government
facilities last year.
Japan is also a laggard in acknowledging the threat.
Hiroo Hieda, defence specialist and director of the
government and private-sector-funded think-tank, the
Institute for Future Technology in Tokyo, feels the
government is blind to the risks of a
computer-dependent economy. "Infrastructure in Japan
is in a dangerously vulnerable condition," says Hieda.
The government has set up an integrated cabinet-level
authority to deal with potential threats to its
infrastructure. Recent defence-agency budget requests
and force restructuring also acknowledge the
information-war threat. "But it's certainly not a
priority,"
says Hieda. So far, the good health of Japan's
economic and industrial computer networks has been
ensured only by a lack of concerted attacks, and by
private-sector vigilance.
Indeed, much of the world has good corporate citizens
to thank for keeping the shields up and defending the
Internet. The Code Red worm, for example, worked
by scanning for computers that had specific
weaknesses. Having replicated onto each vulnerable
computer, the worm was then designed to amass the
combined power of the compromised computers to
simultaneously attack a single point--initially the
White
House Web site.
Fortunately, most companies had fixed Code
Red-vulnerable or infected software, averting a
potentially crippling amount of data from being
launched
onto the Internet and clogging it.
Eva Chen, U.S.-based chief technology officer at
Taiwan's Trend Micro, one of the world's major
information-technology security and anti-virus
companies, says Code Red highlights growing risks for
Internet-based economies.
"We're tending to see more organized attacks," says
Chen. "The Code Red worm is much more complex
than earlier viruses. It mixes virus writers and
hackers.
They never used to work together, but now they are."
Certainly more organized information-warfare units
would be able to spring highly coordinated attacks,
using virus writers, hackers, and perhaps most
importantly, human insiders. The ability to compromise
computer systems from the inside still accounts for the
vast majority of computer-security breaches around the
world today, be it a dedicated agent inside, or
lackadaisical security practices by employees.
"If you have someone on the inside to open the gates or
plant software that allows outsiders access, then you
have real power," says Chen. How important could this
be? Finley cites reports in Taiwan that senior retirees
from Taiwan's military have been taking up residence
on the mainland, with obvious security implications for
all of the island's defence networks.
Taiwan's vulnerabilities are an immediate problem. The
rest of the world must prepare its defences now for the
long-term threat posed by an increasing reliance on
digital infrastructure. "For the first time, a truly
advanced weapon--the laptop computer--is
simultaneously available all over the world," says
iDefense's Adams.
The scale of disruption that can be caused by a
well-aimed information strike is growing with every new
Internet connection. "We need to do more than just
keep an eye on this," says Finley. "This will become a
major area of competition between nations and
non-nations over the next decade and beyond."
---------------------------------------------------------------
Liste verlassen:
Mail an infowar -
de-request -!
- infopeace -
de mit "unsubscribe" im Text.