Sunday, June 24, 2007

ELECTRONIC PEARL HARBOR FOR A DAY: Idiot grinches still around but mostly ignored. A good thing, too.

One of the most satisfying accomplishments from your friendly neighborhood GlobalSecurity.Org Senior Fellow's early career in cyberspace was contributing to the death of belief in "electronic Pearl Harbor."

Many years ago "electronic Pearl Harbor" news stories were commonplace. They were always the same. A variety of mountebanks encompassing computer security software and hardware vendors, government officials and think-tanks "experts" would be lined up to contribute to a mythology that alleged United States was about to be struck down by cyber-attack. Reporters would go into action as stenographers.

Such a cyberwar would deprive us of everything. Lights! Food distribution! Oil refineries would blow up! It would be worse than an earthquake!

Are your eyes rolling?

You don't see the "electronic Pearl Harbor" types much anymore. While they still lurk in the weeds as common vermin, for the most part they've been run off the pages of newspapers.

However, occasionally they still manage to get it up for a few minutes.

Today was such a day, courtesy of the Weekend in Review section of the Sunday New York Times. The article appears to have been spurred by an alleged cyberwar that crushed Estonia, a war seen mostly only by a couple journalists and computer security men.

"When Computers Attack" was the title of the piece.

"Anyone who follows technology or military affairs has heard the predictions for more than a decade," writes John Schwartz.

"Cyberwar is coming. Although the long-announced, long-awaited computer-based conflict has yet to occur, the forecast grows more ominous with every telling: an onslaught is brought by a warring nation, backed by brains and its computer resources; banks and other businesses in the enemy states are destroyed; governments grind to a halt; telephones disconnect..."

Schwartz describes the mythology accurately. The forecasts always grew more ominous because there were many of them. To be heard above the din of competing "electronic Pearl Harbor" scenarios, it helped if your made-up story was thought the most catastrophic and exciting.

Richard Clarke was one such man, always armed with the very best predictions of electronic disaster. He kept at it with great diligence until realizing one could get much more money for a book about how George W. Bush had not taken his advice on the war on terror.

Earlier this year, Clarke returned to "electronic Pearl Harbor" in his techno-thriller, Breakpoint. It has flopped.

If you look over to the side of this blog and surf out to I -- Vermin from Under Rock, you can read more about Clarke's take on the subject and its place in the national story.

DD was there for the beginning. I covered the subject better than anyone else, writing the first major scholarly article debunking "electronic Pearl Harbor," called -- unsurprisingly, "Electronic Pearl Harbor -- Not Likely."

It was paired with a proponent of "electronic Pearl Harbor" in the National Academy of Science's Issues in Science and Technology magazine. The "electronic Pearl Harbor is coming" proponent was some guy from within the thicket of national labs.

Electronic attack on the United States, he claimed, would be more destructive than the Northridge earthquake, which DD had just been through, living in Pasadena. The man was an unintentional laugh riot, not to be taken seriously at any speed. I cannot recall his name.

What would computer war look like, Schwartz mused in today's newspaper. How would it compare to the "blood-and-guts" kind of war?

"And is there really a chance it would happen at all?"

That the question is even asked shows how badly the "electronic Pearl Harbor" meme has worn. A decade ago no one even thought to put such a query into mainstream news articles on the subject.

Still, while the electronic Pearl Harbor lobby has been pushed out of the pages of the mainstream news, others parts of their grand mythology haven't changed.

Ten years ago, five years ago, China was always said to be plotting a cyberattack.

This became such a common claim, my old colleague -- Rob Rosenberger at Vmyths.com and a member of the US Air Force's first dedicated information warfare squadron, the 609th at Shaw AFB in South Caroline, made a joke of it. When writing, we started using variations on "the Chinee are coming!" or "the Chinee did it!" to explain networked computer glitches.

One might expect this idiotic script deserves reviving just for old time's sake. And so it is for the New York Times. You'll read much further down how it was a good story in the national newsmedia in 1999 -- that's eight years ago.

"China, security experts believe, has long probed United States networks," writes Schwartz for the Times.

"According to a 2007 Defense Department annual report to Congress, China's military has invested heavily in electronic countermeasures and defense against attack, and concepts like 'computer network attack,' computer network defense and computer network exploitation."

"According to the report, the Chinese Army sees computer network operations as 'critical to achieving 'electromagnetic dominance' -- whatever that is, early in a conflict."

"An all-out cyberconflict could have huge impacts ... " blabs some computer security vendor to the newspaper, joining the ten thousand other or so of his ilk who've done the same for the meme for over a decade.

Because they've been roughly shoved around by the cold shower of real war in Iraq in the news, the salesmen of "electronic Pearl Harbor" have changed their tune somewhat.

"I think cyberwarfare will be more subtle," admits the salesman for the Times.

The original archive of "electronic Pearl Harbor" contained dillies, too many genuinely ridiculous claims, astonishing in their collective unquestioned publication by respected news agencies. They were compiled by me for the e-publication, Crypt Newsletter. Crypt News lost its homepage/retirement home earlier this year when the prof who maintained the site for over a decade went into semi-retirement.

However, it remained comfortable and well in the Wayback Machine. So DD retrieved the collection and is furnishing an abridged version here.

Readers of this blog may drily note that while the "electronic Pearl Harbor" and cyberterror lobby has been eliminated from its place in the newsmedia, a worse nuclear-chem-bio-terror-is-easy cadre of expert pontificators replaced them.



electronic Pearl Harbor (or "EPH"): a bromide popularized by Alvin Toffler-types, ex-Cold War generals, assorted corporate windbags and hack journalists, to name a few. EPH is meant to signify a nebulous electronic doom always looming over U.S. computer networks. In the real world, it's a cue for the phrase "Watch your wallet!" since those wielding it are usually doing so in an attempt to convince taxpayers or consumers to fund ill-defined and/or top secret projects said to be aimed at protecting us from it. It has been seen thousands of times since its first sighting in 1993.

--from the Crypt Newsletter "Joseph K"
Guide to Tech Terminology


"Electronic Pearl Harbor" and variations on it, Crypt Newsletter has noticed, are now some of the most overused buzz-phrases in the topic of computer security and information warfare. Using Internet search engines, it is possible to quickly find over 500 citations for the phrase in on-line news archives, military research papers and press releases.

Paradoxically, overuse of the phrase has had quite the opposite effect desired by those who unwittingly wield it.

One can easily imagine p.r. handlers coaching our leaders, generals and corporate salesmen to not forget to say "electronic Pearl Harbor" at least one time just before giving a speech or interview. Since it is a gold-plated cliche, anyone with more sense than it takes to pour piss from a boot can use it as an infallible detector of Chicken Little-like cyber-bull.

Paraphrased: Anyone still caught uttering "electronic Pearl Harbor" in 1999 is either an ex-Cold Warrior trying to drum up anti-terrorism funding through the clever use of propaganda, completely out of it, or a used-car salesman/white-collar crook of some type.

Here then, Crypt News presents for your amusement, a selection of the unclothed emperors speaking of "electronic Pearl Harbor."

Note: To underline how rich in history the cliche has become, Crypt Newsletter recently began updating this list after skipping much of 1998. Congressmen, Pentagon officials and hack journalists are those most prone to deploying "electronic Pearl Harbor" ad nauseum. And at this juncture, Crypt Newsletter receives about 2-3 articles a week from the big mainstream press featuring cites on the potential for "electronic Pearl Harbor." Other common players, many of which are listed in this archive, constitute an assortment of aggressive shills pimping consulting services or spot hardware and software solutions aimed at avoiding "electronic Pearl Harbor."

These articles, all of which, obviously, are not included in this page, are distinguished by their mind-numbing repetition and similarity in tone.

The same names tend to appear over and over, always uttering the same menacing declarations.

And -- again and again -- the same clueless media organizations recycle the same clutch of quotes and cliches, uncomprehending or willfully indifferent to the fact that they aren't actually producing anything that is real news.

Other characteristics of "electronic Pearl Harbor" stories are:

1. Obsession with hypotheses upon what might happen -- not what has happened.

2. Rafts of generally insignificant computer security incidents accumulated as anecdotal evidence and delivered in out-of-context or exaggerated manner pointing to the insinuation that something awful is about to happen -- today, tomorrow, a year from now, two years from now . . . always in the not easily glimpsed future.

3. Abuse of anonymous sourcing and slavish devotion to secrecy. All EPH stories usually contain a number of "anonymoids" -- from the Pentagon, the White House, Congressional staff, computer security firms, intelligence agencies, think tanks or unspecified consulting firms. Frequently the anonymoid will allude to even more secret and terrible things which cannot be mentioned in print or the Republic will crumble.

4. Paranoid gossip -- the equivalent of which is offered up as still further proof the nation is in electronic danger. Russia, China, France, India, Israel . . . almost any country not-USA can be portrayed as taking electronic aim at the American way of life. Programmers of foreign decent or mixed American-foreign decent are tarred as potential cybersaboteurs in a kind of modern techno-McCarthyism. Teenagers are transformed into electronic bogeymen with more power at their fingertips than the Strategic Command. The allegations tend to be delivered by anonymous sources or "experts" not required to provide substantive examples backing up the gossip for the print journalists acting as their stenographers.

5. The standard of proof becomes plastic. If your definition of evidentiary proof is restricted to that which is demonstrated by a reproducible public testing process, EPH stories become very confusing. In EPH news, the standard of "proof" is radically different, equivalent to a fantastic but undemonstrated (or when 'demonstrated,' always secret) claim, often passed along by "hackers" looking for publicity, employees of the Pentagon, the National Security Council or related institutions.

This phenomenon has unfolded over six years since the initial prediction of "electronic Pearl Harbor" and national death by keyboard first reared its head.

Perhaps not unexpectedly, as the nation approaches the New Year 2000, the production of stories about a variety of "electronic Pearl Harbor" catastrophes -- hackers attacking under cover of Y2K problems; computer viruses timed to activate on, near or after the rollover; secret cyberwars with names like "Moonlight Maze" and "Eligible Receiver" and; fifth column saboteur programmers working in league with foreign powers -- has also accelerated.




New Year's Day: Reuters continued to insist on deluding itself and readers in spite of all quiet on the cyberfront on January 1, reporting, "While a general Y2K crisis appears to have been averted, concerns remain that malicious hackers have planted viruses that will hit in the days ahead when computer users boot up their machines . . ."

The news agency then produced an anti-virus shill from Computer Associates who warned balefully, "All computer users must take extra precautions during this virus onslaught . . . We can't stress enough the importance of powerful and reliable antivirus software . . ."



January 1, 2000

In the "famous last words" department, this quote -- supplied by a well-known "electronic Pearl Harbor" booster -- is the best thing Crypt News could find to certify the Y2K rollover:

". . . Y2K will illustrate what a attack could do . . . Anybody who says after January 1, 2000 that this [threat of cyber attack] is all just made up I think is an idiot."

--- James Adams, author of "The Next World War" and head of iDefense, a company that provides intelligence on cyberterror, appearing in USC's Networker magazine, 1998-99.
(Editor's note: In the early part of the decade Adams founded a computer security firm known as iDefense. It went bankrupt.)

Or how about this one from November 4, 1999:

``We expect that (terrorists) will attempt to use Y2K as a cover for putting some kind of attack into a vulnerable place . . . That is, when a Y2K solution goes in, they will fly underneath that with an attack of their own that will shut the system down . . . " said Utah Republican Senator Bob Bennett at a National Press Club event.

Or this from an issue of Federal Computer Week:

"Hackers will take advantage of Y2K," Assistant Secretary of Defense John Hamre [said] for a Congressional panel.




December 27, 1999: "Hackers loom over Y2K" was the title of this piece in the Chicago Sun Times.

"Hackers might use Y2K-related chaos as a cover to slip into computer systems, and computer viruses triggered by the new year may already be in place, some law enforcement officials are warning," read the piece.

A computer security salesman shows up: "[Hackers] probably won't be out partying," said a vice president of Telenisus, a local firm.

The bogeyman of foreign programmers working to install trapdoors under cover of Y2K is produced: "A top FBI official has warned that some technicians hired by companies to make Y2K repairs may have used the opportunity to plant a virus . . ."

"Jan. 1 has been described as the Super Bowl for virus writers," was another quote.

No evidence to back any of these claims up was produced.


December 20, 1999: In this transcript from ABC World News Tonight entitled "Computer Hackers Could Target Military," news reader Connie Chung stated:

"Computer experts have been worried for some time about a flood of viruses designed to disrupt the nation's computer systems over the new year. The systems may be at far greater risk than most people believe."

Chung continued: "ABC's Kevin Newman has been granted access to a group of elite hackers who usually operate in secret."

Yes, so secret, the well-known group -- The L0pht -- has a website, has appeared in the New York Times Magazine, has appeared before Congress, has appeared . . . well, you get the idea. For a secret group, they sure appear in the media a lot.

The purpose of the interview seemed to be aimed at convincing the viewing audience that "the L0pht" were the masters of the world.

Senator Fred Thompson appeared in the videotape, inadvertently acting as "the L0pht's" unpaid press agent: "I'm informed that you think that within thirty minutes the seven of you could make the Internet unusable for the entire nation. Is that correct?"

UNIDENTIFIED [L0pht] HACKER #1: "That's correct. It would definitely take a few days for people to figure out what was going on."

[Sound of Crypt Newsletter's channel-changer switching to WWF pro wrestling, where the phonus-balonus and bluster are more entertaining.]

-------------

December 19, 1999: "US Monitors Millennium Trouble Spots Around the World" was the title of a Tim Weiner penned piece in the New York Times.

In keeping with the overkill mania that characterizes New Year's Eve-as-doomsday reporting, this story ran with the predictable theme that terrorists everywhere are taking aim at the US as part of their Year 2000 party itinerary.

"From now until after the New Year's holiday, hundreds of FBI agents will be monitoring cyberspace for warnings, like ancients searching the skies for a sign, looking out for electronic assaults by hackers and tracking political extremists by computer.

"Civilian and military officials across the country, worried about an organized attempt to take down government computers, are watching everything from reservoirs to the Federal Reserve.

Like old Jacob Marley, Richard Clarke -- the broken record of the National Security Council -- is produced to rattle his electronic chains and howl menacingly for the rubes.

" . . . Richard A. Clarke of the National Security Council, repeatedly warns them that 'cyberterrorists' could launch computer attacks 'shutting down a city's electricity, shutting down 911 systems, shutting down telephone networks and transportation systems,' as he said in a recent interview."

More accurately, Clarke has been stupefyingly repetitive on the subject through 1999, beginning with another Weiner-penned article on February 1 (see further entries, below).





December 16, 1999: "Y2K -- Experts Say 1000 Computer Viruses Released by 2000" was the title of a Beijing China Radio International report broadcast in English to North America recently.

"Experts in the field are warning computer users of new viruses that are designed to break out with the coming of the new millenium."

" . . . But in the past year or two, the Y2K bug has been the main focus of attention, and computer viruses have been neglected somewhat," read the Chinese radio reporter over the air.


" . . . However, experts warn that in the less than 20 days before the coming of the new century, a minimum of 1,000 viruses will be released to celebrate, in a very selfish way, the new millenium. They suggest that you back everything up before the fateful day, invest in the latest anti-virus software, and keep your fingers crossed."




December 15, 1999: "Future War in Cyberspace" was the title of a special broadcast on the Voice of America US government radio station. Disclosure: Crypt News made an appearance in it.

"At least twice this year, [the Pentagon's] Dr. John Hamre has said the United States was in the middle of a cyber war -- and the pace of attacks on US Military computers has increased since then," read the announcer

John Hamre said: "We are in a day to day, virtual cold war. In that sense that we have people trying to disrupt the Department of Defense's computers on a daily basis. So far, we are staying ahead of the problem. But just barely."

Frank Cilluffo, of the Center for Strategic and International Studies think tank said the danger of cyberterror "is real and constant."

"The myth persists that the United States hasn't been invaded since 1812. I'd like to inform you otherwise. And that is the fact that invasion through cyberspace is now a daily occurrence," Cilluffo said for Voice of America.

" . . . George Smith is skeptical that offensive military operations will work very well in cyberspace."

"For years, Mr. Smith has been writing a newsletter on computer break-ins . . . He says Pentagon officials are overstating the danger from computer hackers and intruders."

"Nevertheless, [Smith] expects the United States and many other nations to try to create 'cyber-attack' forces: 'I think it is likely that people will try, I think it is unlikely they will have any impact.'"

"Mr. Smith says armies in Bosnia and the Gulf War faced computer problems, including viruses. He says they coped with them in much the same way they coped with flat tires on vehicles, or worn out parts on aircraft.

"[Smith] said] the idea that small groups of people, armed only with keyboards, could seriously hurt a powerful military force belongs in Hollywood -- not the battlefield."




"U.S. torpedoed on information warfare: Experts say the country isn't prepared to fight a war in cyberspace," was the title of piece from the December 9, 1999, issue of the Pittsburgh Post-Gazette.

The inevitable deluge of experts warned of more electronic doomsdays at a short info-war conference held at the Matthew B. Ridgway Center for International Security Studies at the University of Pittsburgh.

" . . . terrorists are getting wise to the potential for disruption hacking can cause, said Professor Stephen Sloan of the University of Oklahoma."

And cribbing from Washington Times articles on November 17 and 18 that the nefarious Chinese were planning to make a move in the field of cyberwar: "The Chinese are thinking of establishing a fourth branch of their military -- in addition to the army, navy and air force -- devoted exclusively to information war, said Lt. Col. Michael Warsocki," an Army officer.

"They think they're in a war now," Warsocki said for the Gazette. "Just the reconnaissance phase, but to them, it's war."

Buckle down, Warsocki! Buckle down!




Still more "Experts warn of hacker threat" was the title of a December 7, 1999, San Francisco Examiner piece.

It was another "electronic Pearl Harbor"-day piece on . . . Pearl Harbor Day!

"Despite numerous well-publicized computer break-ins and crimes, U.S. society remains dangerously vulnerable to hacker attacks on computer and communications networks, experts warn," was cliche number one.

Then a magic number and an unspecified but very bad hypothetical doomsday scenario appear: "Computer crime costs companies more than $100 million a year, but a far worse loss - perhaps in an international catastrophe triggered by a lone hacker . . . is possible, computer security experts said at a Stanford University gathering Monday . . ."

Then a National Infrastructure Protection Center analyst was deployed to furnish another hypothetical -- emphasis on "hype" -- scenario for which no evidence is provided: Osama bin Laden could instigate a computerized equivalent of the World Trade Center bombing. (Editor's note: This was PRIOR to the destruction of the WTC towers on 9/11.)

"Alan B. Carroll, an FBI agent . . . urged those at the conference to imagine a computer or communications version of the World Trade Center bombing - a disaster that brings down, say, computer or telephone networks on which society depends . . . 'Referring to the alleged terrorist Osama bin Laden . . . Carroll said that 'given the resources of this man, you can imagine the kind of damage he could do.'"




Life is full of delicious irony. On December 7, Pearl Harbor Day, the Athens Ta Nea published a story entitled "Greek Defense Ministry Establishes Cyber-Warfare Office."

It was . . . about electronic Pearl Harbor!

Much of the piece, furnished by the CIA's Foreign Broadcast Information Service, was devoted to the usual stack of repetitive and patently ridiculous claims about i-war cobbled together from assorted American stories on Pentagon info-warriors and the ubiquitous uber-wargame, Eligible Receiver.

Sub-slugged "Cyber-Soldiers in the Front Line," the Athens Ta Nea report breathlessly proclaimed:

"The Air Force base in Miami, Florida, is on 'red alert.' The operation -- an exercise -- involves the dispatch of heavily armed aircraft to bomb targets in North Korea during a supposed international crisis. The bomber pilots are waiting, engines ready, for the air-to-ground missiles to be loaded but an unforeseen event interrupts the exercise: at the last minute, crew members suddenly notice that, instead of missiles, all the storage depots are stocked with electric lighters!"

Crypt Newsletter almost fell out of the chair laughing.

"Pyle!!!!" screamed the always enraged Sgt. Carter. "Why are all these crates from Ronson stacked up at the front gate???"

"Well, Golll-eeee, Sarge, when I was shopping for a pack of ten lighters on Amazon the gol-durned '0' key kept sticking."

But back to the Athens Ta Nea story on "e-Pearl Harbor."

" . . . Only a few minutes before . . . gigantic transport planes take off, the crew notices that there is no fuel available!"

Those pesky hackers had drained the aviation gas from our birds on the runway! The nerve of them!

"The incident is not pure speculation," wrote the Ta Nea.

"Kept secret at all costs, the complete collapse of the US Pentagon's supply system occurred recently and was ingeniously characterized as 'the electronic Pearl Harbor'. Its perpetrators were a group of hackers secretly hired by the US Government to locate possible 'holes' in the government's information networks and close them. The tools available to the Red Team (as the group was named) during the 'cyber-attack' were only techniques and information accessible on the Web, with no further internal assistance. In record time, the hackers had incapacitated, apart from the supply system of the Armed Forces, the air traffic system and the energy networks.

"The story might sound like Hollywood, but it is no longer a movie fantasy . . . As far as Greece is concerned, the issue has also gone beyond the movie theaters: at the behest of Akis Tsokhatzopoulos, after recommendations by his colleagues, the Ministry of Defense will establish, as of next week, an Information Warfare Office within the YEETHA [National Defense General Staff].

"Dr. Alexandros Polimenopoulos, a special consultant to the Ministry of Defense, states that these soldiers will also be 'experts in the use of computer viruses, logic bombs, worm programs and other tools, which, used at the critical moment, could completely destroy the enemy's information infrastructure.'"

A diligent Crypt News reader in the US Air Force drily comments:

"Inform Athens Ta Nea we no longer have a base -- per se -- in Miami. A hurricane destroyed it. NONE of the hurricane-proof hangars survived. Repair teams resurrected 12-15 buildings for emergency services, but the rest of the base disappeared in the hurricane or fell to a wrecking ball. 'Homestead AFB' was renamed 'Homestead ARB': a tiny little component of the Air Force Reserve."



December 1, 1999: "Pentagon Planners Gird For Cyber Assault" was the title of a Philadelphia Inquirer generated "electronic Pearl Harbor" story.

It contained the standard EPH elements and claims.

"In a large windowless room of a nondescript office building a few miles from the Pentagon, the war of the future is being waged," read the Inquirer.

". . . If fears of a concerted cyber attack on the U.S. military are realized - what Deputy Defense Secretary John Hamre has called an 'electronic Pearl Harbor' - this room, the Global Network Operations and Security Center, is where the battle will be won."

The Inquirer story warns, "the rapidly approaching Y2K rollover has military officials wondering if they will be able to distinguish between a network intrusion and the millennium computer glitch."

"Capt. Bob West, deputy commander of the Joint Task Force on Computer Network Defense, said there was real potential for a 'crippling' attack at any time because of 'substantial' vulnerability . . ."

The malicious code planted under the cover of Y2K threat scenario is described: " . . . there is some worry that intruders have planted code disguised as Y2K protection but set to go off Jan. 1, like a time bomb."

The now always secret, but seemingly unproductive, cyberwar against Serbia is cited. And new Pentagon jargon for "info-war" is invented: "non-kinetic warfare."

"Some of this 'non-kinetic' warfare occurred during the bombing campaign against Serb forces in Kosovo," reads the Inquirer.

Then the Eligible Receiver script appears.

"A 1997 war-game exercise known as Eligible Receiver showed that sophisticated hackers (in this case from the National Security Agency) could cause power outages and 911 emergency phone system overloads . . . "

Moonlight Maze is referenced: "A real attack occurred from January through March, described by officials as a 'sustained, well-resourced intrusion'. . . No one is commenting, even off the record."




November 18, 1999: "Internet Warfare Concerns Admiral" was the title of another piece by Bill Gertz of the Washington Times.

It continued the story line of China cast as a Net menace started by Gertz in an article the previous day.


"The Pentagon's top intelligence official said yesterday that China's announced plans to conduct 'Internet warfare' poses a future threat to U.S. military dominance on the battlefield."


"We are clearly interested and concerned about this whole idea of information attack," said Vice Adm. Thomas Wilson, director of the Defense Intelligence Agency (DIA), to Gertz for the Times.

Richard Allen, national security advisor during the Reagan administration, is suddenly produced as an expert on cyberspace and information warfare.

"Richard Allen . . . said the Chinese could inflict strategic damage from military-backed information warfare attacks."

"Mr. Allen said the recent computer attacks on the Pentagon by an Israeli hacker and two teen-agers in California would pale in comparison to a Chinese military computer strike."

"This is something about which we ought to be mightily alarmed," said Allen to the Washington Times.




November 17, 1999: "China Plots Winning Role in Cyberspace" was the title of a Bill Gertz front page story in the Washington Times.

The Washington Times is what Congressmen, particularly Republicans, read regularly before work. As such, material in it is influential in decision-making.

This particular piece continues the current Zeitgeist thread in which mainland China is painted as a threat.

"It is essential to have an all-conquering offensive technology and to develop software and technology for Net offensives so as to be able to launch attacks and countermeasures on the Net, including information-paralyzing software, information-blocking software, and information-deception software," Gertz quoted a Chinese military publication as stating. He neglects to mention that US Department of Defense print similar tripe fairly regularly -- and have done so for most of the decade.

Pentagon "anonymoids" show up on schedule: "A senior Pentagon official said he was notified about the article, which has raised concerns among defense officials who see China's information warfare capabilities as a potential threat to U.S. civilian infrastructures . . ."

An "expert," "William Triplett, co-author of a new book on the PLA," said: "All of this offensive-warfare talk, when China is not threatened by anyone, shows that the dragon is at the point where it doesn't have to hide its claws."

Then the scary hypothetical scenario of catastrophe is produced.

According to Triplett, by way of the Washington Times, "China could launch a devastating computer-run sabotage operation by attacking U.S. oil refineries, many of which are grouped closely together in areas of Texas, New Jersey and California."

"A [Chinese] computer attacker could penetrate the electronic 'gate' that controls refinery operations and cause fires or toxic chemical spills . . . "

-------------

In England, Independent Television News On-line published a story in November entitled, "Fears as anarchists organise on the Net."

"President Clinton has pledged $2 billion this year to protect the United States from what has been called 'an electronic Pearl Harbor,'" read the piece.

"In Britain the Government is also waking up to the threat."

"The threat is escalating on pretty much a weekly basis. New tools and technologies are evolving all the time," was one quote from D K Matai, the head of a small UK company that sells solutions for Internet troubles that usually only his company can see.

"The Internet is a military experiment that has escaped [from the US military's] control. It's a whole new way of organising," he said for ITN.

"In the City of London, if you were to hit two or three places - nor more than that -they would be able to turn the city off and that would stop the banking system and it would stop the share-trading system . . . Identifying the crazed, skilled cyber attacker is perhaps the single most difficult task that the cyber spooks face at the moment," said Peter Sommer from the London School of Economics for ITN.

The turn-off-the-power story, it seems, is also popular in the UK media.




"US Corporations Warned of Cyber-Terrorism" was the headline of piece that appeared on November 4, 1999, in the "The Washington File" -- a product of the Office of International Information Programs, U.S. Department of State.

"With the increasing use of the Internet in business operations, it will not be long before, 'more damage can be done with a keyboard than with a car bomb,' according to Nickolas Proctor, Executive Director of the Overseas Security Advisory Council (OSAC). OSAC is an office within the State Department devoted to fostering the exchange of information on security issues between government, businesses and other organizations operating internationally."

"Assistant Secretary of State for Diplomatic Security David Carpenter told [an] audience of business security specialists that they must educate themselves about the mounting threats of cyber-crime. He said terrorists are constantly devising new ways 'to cripple business, government, and infrastructure,' and inventing new methods of 'creative destruction.'"

In what can only be described as a continuing propaganda exercise aimed at the press, the Pentagon grail, Eligible Receiver -- or possibly the new edition of Eligible Receiver -- Zenith Star -- was cited.

"Michael Peters, the technical director for operations, readiness and assessments at the National Security Agency, described his successful efforts to expose weaknesses in the security of U.S. government information systems. In an exercise to test the vulnerability of systems within the Department of Defense (DOD), Peters said a team of 20 government information experts posed as adversaries attempting to break through DOD computer security . . . 'The bad guys won,' Peters said. 'We were able to cause serious problems for DOD.'"



On November 4, 1999, national counter-terror guru appeared yet again in a story entitled "US Said Vulnerable to Cyber Attacks" distributed by the Associated Press.

Sounding like a broken record, or a talking parrot, depending upon your point of view, Clarke declaimed:

``We could wake one morning and find a city, or a sector of the country, or the whole country have an electric power problem, a transportation problem or a telecommunication problem because there was a surprise attack using information warfare.''

"Clarke compared the reliance [on computer networks] to former drug addicts enrolled in a recovery program," read the AP article.

``We need to take a lesson from that -- at least they know they have a dependency problem. Many of you are still in denial.''

"[Clarke] said [programmers] hired to make a company's computer system Y2K compliant could easily slip `a little Trojan horse or malicious code' into the system instead."

``We expect that (terrorists) will attempt to use Y2K as a cover for putting some kind of attack into a vulnerable place . . . That is, when a Y2K solution goes in, they will fly underneath that with an attack of their own that will shut the system down . . . " said Utah Republican Senator Bob Bennett at a National Press Club event.




The Los Angeles Times continued the proud tradition of unsophisticated, shallow reporting on "electronic Pearl Harbor" with an October 31, 1999 -- Trick or Treat day in LA county -- article, entitled: "US Scurries to Erect Cyber-Defenses."

The article, written by Bob Drogin, is unspectacular in that it merely mimics similar reporting done by competing newspapers weeks -- well, actually sometimes even years and months -- before the LA Times joined the business of recycling the same cliches.

In the Times piece, it's "round up the usual suspects:" "The stakes could not be higher," writes Drogin. " . . . how can America best protect itself from hostile nations, foreign spies, terrorists or anyone else armed with a computer, an e-mail virus and the Internet?"

George Tenet, CIA director is quoted: "Potential targets are not only government computers but the lifelines we all take for granted -- our power grids and our water and transportation systems."

Another Pentagon wargame scenario, this time called Zenith Star, is invoked. The standard pro forma claims are issued: "enemy hackers supposedly had triggered blackouts . . . They paralyzed 911 systems . . . They started disrupting crucial Pentagon computer networks."

Repetition is a component of the Times piece.

Just a couple paragraphs from the mention of Zenith Star, the Pentagon's 1997 grail, Eligible Receiver, is repeated. The same claims are made: " . . . a team of NSA hackers proved that they could easily disable power, telephones and oil pipelines across the country as well as Pentagon warfighting capabilities."

The reader should ask himself this general question: If such claims are so demonstrably obvious -- which is a characteristic of the general direction of reporting on "cyberwar" -- why is it necessary to repeat them so frequently?

"We see more and more terrorist organizations . . . are recruiting computer-smart people and even providing the training for them," said John Campbell of the Pentagon's Joint Task Force for Computer Network Defense.

And those terrorist organizations would be? No one can say.

An anonymous "senior" official makes an appearance: "[we are] under constant attack, more than one a day from outside the country."

The usual ripping up of Webpages from NASA-JPL, NDU.EDU., the Naval Coastal Systems Center and others are offered as proof of cyberattack.

And Moonlight Maze was an operation in which "vast amounts of technical defense research were illegally downloaded and transferred to Russia."

And those materials would be? No one can say.

From the LA Times, attributed to CIA director George Tenet:

"Potential targets are not only government computers but the lifelines we all take for granted -- our power grids and our water and transportation systems."

From the LA Times, attribution by way of the Pentagon's John Campbell of the Zenith Star "operation" -- "enemy hackers supposedly had triggered blackouts . . ."

From Richard Clarke, National Security Council counter-terrorism expert, in the August issue of Signal magazine:

"Envision all of these things happening simultaneously - electricity going out in several major cities; telephones failing . . ."

Again, from Richard Clarke, this time in the February 1, 1999, issue of the New York Times:

"I'm talking about people shutting down a city's electricity . . . shutting down 911 systems, shutting down telephone networks and transportation systems. You black out a city, people die. Black out lots of cities, lots of people die."




The Economist published a "cyberwar" editorial on October 30 entitled "Asia's lethal computers: Nerd world war." As far as "electronic Pearl Harbor"-related pieces went, it displayed the "Yellow Peril" and the let's-write-about-what-might-have-happened- not-what-did fetishes.

"Hacking, spamming and spreading viruses. Each is a means to disrupt an enemy's computer systems, and each has been employed by whizz-kids, maybe [CN emphasis added] even by governments, in recent international disputes . . . " read The Economist.

"Especially in Asia, computer nerds have nudged their way to the front line this year, arguing that the Internet is a potent weapon."

The editorial outlined a few "cyberwars" that were said to have happened -- but which seem to accomplish nothing -- if they are even noticed at all outside of the media. "Jose Ramos Horta, a Timorese leader, vowed that specialists would infect computers of the Indonesian banking system with viruses," read the article.

"One report suggests that 72,000 'cyberspace attacks' [have been] launched from China against Taiwan in August alone."

"The toll can be severe," wrote The Economist. "The Pentagon reckons that last year the Taiwanese spread two viruses, known as the Bloody 6/4 and Michelangelo . . . They damaged some 360,000 computers in China, at a cost of $120 million."

"Hackers at NATO may [CN emphasis added] have meddled with Yugoslavia's communications system . . . "

"Cyber attacks have become a favourite topic of military strategists," read The Economist.

No argument there.




The truly wonderful thing about "electronic Pearl Harbor" and "cyberwar" is that you can declare both without providing any evidence to substantiate either.

"U.S. Opened Cyber-War During Kosovo Fight" was the title of a Scripps Howard News Service piece published in the Washington Times on October 24, 1999.

Even by the stretchy standards of "electronic Pearl Harbor" story-telling, the missive was notable for its megalomaniacal and grandiose tone.

"With utmost secrecy during the war in Kosovo, the United States triggered a superweapon that catapulted the country into a military era that could forever alter the ways of war and the march of history . . . Silently, American forces launched offensive cyber-combat, a development of breathtaking promise and peril that some experts say matches in significance the first use of bombs dropped from warplanes during World War I and the nuclear decimation of Hiroshima in 1945," claimed the piece.

This is a rather interesting claim . . . in the sense that the observation of delusional and psychotic behaviors are interesting.

Essentially, it compares an alleged cyberwar in Kosovo -- of which it has been remarkably hard to glimpse even the slightest manifestation -- with the incineration of tens of thousands of Japanese civilians by atomic bomb in World War II.

Which Crypt Newsletter thinks its readers will agree . . . was hard to miss.

The Scripps Howard article was filled to the gunwhales with theories, hypotheses, sci-fi scenarios and a standard number of anonymous national security sources peddling the same.

To wit, "a cruise missile [could be reprogrammed] to turn around and plow into the ship or plane that fired it."

"Details are still classified, but top U.S. military officials only now confirm that during NATO's air war last spring, the United States launched a computer attack on Yugoslav systems . . . " went the piece.

Details about U.S. "cyberwars" are always secret -- classified. Ssshhhh! It burnishes their cachet. However, the Scripps piece was wrong about the confirmation of cyberwar vs. Serbia.

Unnoticed by many in the big mainstream media, the magazine Inside the Army published an article during the Kosovo conflict on April 20 of this year. In it, readers find: "[Asst. Secretary of Defense John Hamre stated] U.S. forces are conducting their own cyber attacks on Serb computers describing a campaign [waged by the Air Combat Command] as 'very heavy electronic warfare against a capable opponent'."

Claims made by the Scripps piece include anonymous sources claiming such non-provables as disruption of the Serbian command network and "keyboard warriors" planting fake electronic mail.

US info-warriors, claimed the article, "can plant computer viruses, erase computer memory, turn an electrical grid on or off and redirect the flow of money in, for instance, a leader's bank account."

Which fails to explain why the Air Force relied so heavily upon high explosive bombs and fancy chaff dispensers -- things you can see as opposed to things you can't -- to attack the power plants around Belgrade.

"Also vulnerable to U.S. cyber-attacks are such critical pillars of foreign civilian infrastructure as public telephone networks; electric or gas production and distribution; water supply; emergency services; financial systems; mass transit, railways and airports," reads the article.

It's no surprise that Crypt Newsletter maintains most of the debate about information warfare coming from the Pentagon is the equivalent of a propaganda war meant to impress Congress, other military men sanguine about its efficacy and passers-by rather easily gulled by Tom Clancy-like stories at home and abroad.

There are, to be sure, literally many easily understood reasons for this: massaging of budget requests, pseudo-public justification for projects of uncertain quality (CN calls this the "My-boss-thinks this-is-a-waste-of-time-so-plant-something-to-the-contrary-in-the- local-paper-that-he'll-read-at-breakfast" ploy), simple ego, salesmanship gone mad, different agencies all jockeying for command roles in the alleged endeavor, et cetera.

While our information warriors are said to be the mightiest in the world, the Scripps Howard piece also reads: "A nation that would have no chance challenging America's conventional or nuclear forces might well prevail in a computer attack."

Then the standard "electronic Pearl Harbor" cast of enemies to the American way are invoked as potential threats: "Among the most sophisticated are India, Syria and Iran [anonymous] experts say."

And the Chinese -- outraged over the bombing of their embassy in Serbia -- "revealed an astonishing 3,000 to 4,000 'back doors' into U.S. computer systems" -- constituting another unverifiable and, on the face of it -- rather ludicrous, claim supplied by "Jay Valentine, head of Infoglide Corp., an Austin, Texas, company that investigates computer security breaches for the U.S. government."

The article goes on to state that this is only "about 5 percent" of the trapdoors the always-to-be-watched Chinese have been able to install in American computer systems.

In the spirit of the times, where the Yellow Peril is now said to be responsible for many plots often seemingly derived from the spirit of Sax Rohmer and his sinister Dr. Fu Manchu -- the theft of nuclear secrets, the planting of software boobytraps under the cover of Y2K remediation, the running of intelligence operations in America under the cover of Chinese-American businesses -- the commie Chinese are also said to be possibly planning to strike America with computer viruses.

If so, they will have to achieve something really spectacular, Crypt News notes, or the accomplishment will likely go unnoticed among the 40,000 computer viruses already tabulated in anti-virus industry labs.

The remainder of the article is devoted to stereotypical and often mutually contradictory Strangelovian theorizing by assorted Pentagon and intelligence agency windbags over the alleged capability of information warriors -- the same talk that has been circulating since 1993.

1. " . . . But a cyberattack on a country's power grid, while militarily defensible, can cause more calamities than a missile and far more 'collateral damage' to innocents than it causes harm to an enemy's forces or ability to fight."

2. Less civilian casualties -- because it's only cyberwar, not blow-'em-up-type war.

3. More civilian casualties -- because cyberwar is more dangerous than blow-'em-up-type war. "It is not benign. It can potentially be very, very deadly," according to "Michael Swetnam, a CIA veteran and consultant to the White House and Senate."

4. Cyberwar could escalate to nuclear war: "Russia, for instance, already has vowed that it will react to a computer attack 'by any means' - including with nuclear weapons."

This is what the info-war hawks at the Pentagon love to talk about.

A great deal of the flavor of bloviation in this article can be seen as the result of simple mirroring. American journalists covering these stories tend to be uncognizant of the impact on people overseas of the periodic, albeit often weird, declarations of the U.S. Department of Defense and ancillary national security mandarins.

Quite frequently those on the receiving end go on to imitate the same, so as not to appear laggard before their national leaders.

For example, National Security Council-member Richard Clarke stated for the press in March of this year that, "An attack on American cyberspace is an attack on the United States, just as much as a landing on New Jersey . . . The notion that we could respond with military force against a cyberattack has to be accepted."

And the US Army rather publicly announced at the beginning of the decade that it was interested in getting into the business of developing computer viruses as weapons to be thrown at an enemy.

The December 1991 issue of the Bulletin of Atomic Scientists, for instance, featured an un-bylined article entitled "Attention hackers: Uncle Sam wants you," which read: "The US Army has caught the computer virus bug and is now expanding its interest in germ warfare to include electronic germs."

The US Army, said the article, was "soliciting proposals for the development of a 'weaponized virus' or a piece of 'malicious software' that could destroy enemy computers or software."

"This is the Army, we're in the weapons business," said one of the Army's project engineers.

It comes as no surprise, then, when other countries issue similar proclamations . . . sometimes years after the US military professed a desire for involvement in the same types of projects.

In fact, a good intelligence analyst would tell you this is to be expected.


October 22, 1999: A Defense Information and Electronics Report story entitled "DOD Official Says Hackers Are More Sophisticated Since Solar Sunrise" reveals a Pentagon official, Arthur Money, and a National Security Council official, turning up the volume once again on the issue of cyberterror.

It's worse than "electronic Pearl Harbor," claims an official, adhering steadfastly to the pro forma requirements of a good "electronic Pearl Harbor" story:" absence of smoking guns, allegations that unnamed "state actors" are involved and reliance on impressive-sounding but devoid-of-content policy wonk jargon like "assymetric attack" and "existential terrorism."

"Moonlight Maze brings a whole different, much more sophisticated approach . . . But it also brings another dimension -- no longer with hackers, but with the problem of a state-sponsored attack," said Money for the publication.

Ironically, alert readers will recall that Arthur Money has not been averse to contributing to the mythos of the hacker as national security menace with his old story of hospital blood-type information tampering. (See September 8, 1999 entry, below.)

The publication explains that Moonlight Maze was more serious than a previous cyberwar the Pentagon blew the whistle on -- Solar Sunrise -- "because of reports the hacking originated from the Russian Academy of Sciences . . . Reports indicate the hackers accessed sensitive DOD science and technology information."

"Moonlight Maze points a much stronger feasibility of an asymmetrical attack sponsored by a nation state," writes the publication.

The DI&ER article went on to mention that critics of the Pentagon maintain DoD uses EPH to scare financing from Congress.

Money said for the magazine that the danger of EPH was "not exaggerated."

Jeffrey Hunker, a colleague of Clinton administration counter-terror guru Richard Clarke (also well known to readers of this archive), claimed that "electronic Pearl Harbor" is not scary enough to accurately describe the nefarious Internet threats aimed at the Department of Defense.

"[The term Electronic Peal Harbor] connotes this 'lights-out' idea," Hunker said for Defense Information. "It tends to oversimplify the threat, which ranges from existential terrorism to overt acts to overthrow the military. . . . It trivializes the real [danger], which I think is much more than what's been understood."




October 9, 1999: "In Theory, Reality, US Open to Cyber-Attack -- An NSA test exposed vulnerability of critical computer systems to hackers; Outside assault proved it," was the sensational headline from the Los Angeles Times.

The piece continued the trend of inexplicably poor reporting on Moonlight Maze by the Times.

LA Times reporter Bob Drogin's pieces on Moonlight Maze in the second week of October have been notable for their great reliance on anonymous sources and a number of notable factual gaffes.

In paragraph seventeen, buried near the end of the piece, Drogin writes: "Indeed, the evidence suggests a certain amount of hype and hysteria have overshadowed the reality of cyberspace."

It was an inadvertently telling choice of words, for in the story's second paragraph -- one of the piece's impact points -- Drogin falls prey to the same phenomenon.

Drogin invokes the Pentagon ghost story of Eligible Receiver -- the secret DoD wargame conducted two years ago which proponents of "electronic Pearl Harbor" insist demonstrated the nation could be flattened by cyberattack.

Drogin writes: "The [Eligible Receiver] hackers broke into networks that direct 911 emergency systems."

It is a clear and rather extravagant error.

Appearing in June of 1998 to testify before Congress, Ellie Padgett, deputy chief of the National Security Agency's office of defensive information warfare spoke of how Eligible Receiver addressed the alleged vulnerability of the 911 phone system.

In a simulated exercise, Padgett said, "we scripted (an) Internet message (that) would be sent out to everybody saying there was a problem with the 911 system, understanding that human nature would result in people calling the 911 system to see if there was a problem."

The working idea in this part of Eligible Receiver revolved around the hypothesis that many people viewing the message on the Internet in a newsgroup might panic and phone their local 911 trunk, causing a jam-up on the line.

"It can probably be done, this sort of an attack, by a handful of folks working together . . ." Padgett said.

This is an extremely far cry from Drogin's assertion that the 911 system was broken into by alleged Eligible Receiver hackers. In fact, it has nothing at all to do with breaking into a 911 computer system, whatever that might be.

However, it is consistent, thematically, with the flavor of of the mythology propagated on Eligible Receiver.

In fact, during an interview with Crypt Newsletter in the summer of 1998 concerning Eligible Receiver, a Pentagon spokeswoman for the affair asserted "no actual switching systems" were broken into at any time during Eligible Receiver. She went on to say that Eligible Receiver had only simulated these attacks on NSA computer networks set up to emulate potential domestic national systems.

Nevertheless, Drogin also writes in paragraph two of the Times piece: "In less than three months, the [Eligible Receiver hackers] secretly penetrated computers that control electrical grids in Los Angeles, Washington, and other major cities."

The lead claims in the Los Angeles Times article are the framing points for a larger discussion on how Moonlight Maze has publicly proved what the Eligible Receiver exercise secretly demonstrated two years ago, which constitutes another rather extensive leap in linking the facts that are known about both.

Drogin quotes from counter-terrorist "czar" Richard Clarke:

"An enemy could systematically disrupt banking, transportation, utilities, finance, government functions and defense."

The Clarke quotes are functionally identical to the same assertions made for Signal magazine (see below) in August of this year when it was suggested that the Freedom of Information Act could be "modified" as part of a plan to help protect us from cyberattack. They add nothing to the actual body of knowledge on Moonlight Maze.

"It's cheaper and easier than building a nuclear weapon," said Clarke for the LA Times.

Buried in Drogin's piece is comment by John Gilligan who "directs information technology and information systems at the [Department of Energy.]"

Gilligan, while talking about hacker attacks, "[also argued] that the danger is usually overstated," according to the Times.

"To get access to the electricity grid computers, to start to shut some of the grid, you have to really work at it . . . To do a Pearl Harbor, you need a lot of inside information."

Which is precisely the point Crypt Newsletter made in a more lengthy article late last year.

Or read this media analysis condensing what is known about Moonlight Maze over the past nine months.




On National Public Radio's "All Things Considered," Representative Curt Weldon declaimed on topics related to Moonlight Maze.

"[Curt] Weldon says a successful hacker could disrupt civilian life, striking hospitals or train systems," said the NPR interviewer.

WELDON: "It's not a matter of if America has an electronic Pearl Harbor, but when."

This favorite Weldon mantra has appeared a number of times in the past year.




October 1, 1999: Electronic Pearl Harbor between 1:30 and 3:30 quoth the teenage hacker.

"Hacker Threatens To Leave Country In The Dark" was the headline of an un-bylined story issued by Reuters on Wednesday, Sept. 29.

"A computer hacker has threatened to break into the computers of Belgian electricity generator Electrabel Wednesday afternoon and halt the power supply to the entire country," proclaimed the news service in 500-word squib.

``Tomorrow I will leave Belgium without power, and that is not so difficult,'' an anonymous hacker crowed to a Belgian newspaper.

``Wednesday I will get into Electrabel's computers between 1:30 and 3:30 in the afternoon and shut down all the electricity.''

The Belgian electric company, Electrabel, "said it was taking the threat seriously but felt that the hacker had little chance of succeeding."

``There is very little chance that Belgium could be without power,'' said a corporate spokersperson.

No national blackout was subsequently reported.

Reuters reporters have established a reputation as easy targets for "hacker" pranks. Earlier this year, the news agency ran a story in which a hacker group claimed to have hijacked a British military satellite. This, too, was revealed to be without substance. (See below or Crypt News 51 for extended comment).

This new addition to the Crypt Newsletter Joseph K Guide to Tech Terminology results:

cyberwar: a condition in which electronic conflicts, threats and absurd claims are reported by the media but not experienced by anyone else. Anonymous teenagers or employees of the Pentagon tend to be central players.

Usage: After being forbidden to attend a rave in Antwerp by his mother, the teenage "hacker" went grumpily to his room and declared a cyberwar on Belgium by sending a menacing electronic mail to a local reporter.






The August '99 issue of Signal magazine ran a long interview with counter-terror national security advisor Richard Clarke.

Entitled "Hidden Hazards Menace U.S. Information Infrastructure," it contained all of the cliches, bromides and unbacked-up theories and allegations about information warfare that Crypt Newsletter readers have come to know and love over the past five years.

"The greatest threat to U.S. security may come from internal software or hardware trapdoors lying dormant in the nation's critical infrastructure. The digital equivalent of Cold War moles, these hidden threats would serve as access points for criminals, terrorists or hostile governments to extort money, impel foreign policy appeasement or ultimately launch crippling information attacks on the United States," states Signal.

There is "a very real possibility of an electronic Pearl Harbor," said Clarke for Signal.

"Without computer-controlled networks, there is no water coming out of your tap; there is no electricity lighting your room; there is no food being transported to your grocery store; there is no money coming out of your bank; there is no 911 system responding to emergencies; and there is no Army, Navy and Air Force defending the country . . . All of these functions, and many more, now can only happen if networks are secure and functional.

"A systematic [attack] could come from a terrorist group, a criminal cartel or a foreign nation . . . and we do know of foreign nations that are interested in our information infrastructure and are developing offensive capabilities that would allow them to take down sectors of our information infrastructure."

For Signal, Clarke claimed "trapdoors" unspecified and theoretical, "some of which may already be in place, as the greatest potential threat to the information infrastructure. Residing in the operating systems of key networks that support the U.S. critical infrastructure, these trapdoors would provide windows of opportunity for any ill-intentioned adversary to wreak considerable havoc. 'It is at least theoretically possible that a nation could insert such trapdoors, and then make demands of the United States under threat to our infrastructure.'"

And then the standard cyber-terror scenario that any fifteen year-old could dream up was deployed.

"One possible scenario would feature a demand leveled by a foreign government or terrorist group. When the U.S. government refuses to comply, this adversary demonstrates its capabilities by reducing a region of the United States to chaos. 'I think the capability to do that probably exists in the hands of several nations,' Clarke states. 'I think it could exist in the near future in the hands of criminal and terrorist organizations.'"

Clarke then repeats the mantra of "Eligible Receiver": "Envision all of these things happening simultaneously -electricity going out in several major cities; telephones failing in some regions; 911 service being down in several metropolitan areas. If all of that were to happen simultaneously, it could create a great deal of disruption, hurt the economy . . . "

The updating and patching of software is detailed as a grave threat to national security.

"Malicious individuals and organizations regularly peruse [software patch] lists, and they probe systems to find someone who has not applied the patch," said Clarke.

Clarke alleges, theoretically -- of course, that foreign governments inimical to the United States, could be, were or are inserting malicious trapdoors in the computer and networking industry by having their agents pose as programmers who are subsequently hired to do contract work on the inside. So anyone who employs foreign nationals, or Chinese-Americans, or . . . or . . . is vulnerable. " . . . a few could act as enemy saboteurs, either sympathetically or through blackmail or bribery."

"Malicious, self-propagating viruses strike computer systems worldwide," states Signal, rather obviously. Therefore viruses, too, will be the harbinger of "electronic Pearl Harbor." "It doesn't merely have to be the use of a trapdoor to enter a system, seize control and destroy the system . . . Any combination of malicious virus, denial of service and trapdoor disruptions can create chaos," states Clarke.

Clarke democratically opines for Signal that the US government is willing to work with corporate America to change laws that could be "impediments to information assurance and security."

And these impediment laws might be?

Why, only ". . . the Freedom of Information Act, antitrust legislation and liability laws," reads the Signal piece.




From the London Sunday Times, July 25, 1999:

"Russian Hackers Steal US Weapons Secrets" was the title of this breathless article.

"American experts have long warned of a 'digital Pearl Harbor' in which an enemy exploits America's reliance on computer technology to steal secrets or spread chaos as effectively as any attack using missiles and bombs." wrote the Times.

In this piece, the ubiquitous Assistant Secretary of Defense, John Hamre, appeared claiming: "We are in the middle of a cyberwar."

This particular "cyberwar," which you may not have heard of, has been dubbed Moonlight Maze.

The Hamre quote is not new, dating from the first quarter of the year. [See subsequent entries.]

The Times wrote this secret cyberwar could be with Russia or China and speculated: " . . . Russia's relations with America have reached their lowest ebb since the Cold War because of NATO's intervention in Yugoslavia. Relations with China have also suffered. An offensive in cyberspace may be their one way of retaliating without getting into a shooting war."




On June 26, 1999, the Christian Science Monitor featured a story entitled: "The hidden dangers of information warfare."

The Monitor's reporter cited the Pentagon's secret exercise, Eligible Receiver, as an opportunity to invoke the cliche.

". . . Operation Eligible Receiver demonstrated the potential vulnerability of the U.S. government's information systems. The National Security Agency hired 35 hackers to launch simulated attacks on the national information structure. The hackers obtained 'root access' - the highest level of control - in 36 of the government's 40,000 networks.

"If the exercise had been real, the attackers would have been able to create power outages across Los Angeles, Chicago, Washington, and New York. They could have disrupted the Department of Defense's communication systems (taking out most of the Pacific Command) and gained access to computer systems aboard U.S. Navy vessels.

"It was a disturbing exercise. So much so, that several top White House officials have spoken of the possibility of an 'electronic Pearl Harbor' attack on the U.S. mainland. Added to these vulnerabilities is the fact that most Americans have no sense of how information warfare will affect them."

Further along, the Monitor called upon James Adams to provide the pro forma warnings.

"It is a very serious problem," said Adams for the Monitor. "And it's getting more serious day by day. The structures that we have held constant for many years are disappearing and we need to look at things with new eyes. After all, your defenses are only as good as the single event that takes you down."

Adams is well-know to Crypt Newsletter readers as author of "The Next World War," a book on the threat of information warfare. It contained a number of laughable hoaxes, among them the infamous Gulf War virus myth, which Adams accepted as fact.

Adams is also the director of iDefense, a northern-Virginia based firm that offers consulting services aimed at the avoidance of the type of "electronic Pearl Harbor" scenarios he predicts.

An iDefense press release distributed on June 3, 1999, states, in the grand hyperbole that is rather standard for missives distributed via PR Newswire:

.
"Infrastructure Defense, Inc. (iDEFENSE), an innovative market leader in protecting industry from cyber- attacks, announced today the launch of the only service available to the private sector that provides daily, comprehensive critical infrastructure threat and vulnerability alerts. Available next Monday (6/7/99), the unique service provides iDEFENSE clients daily notification and tailored analysis of a wide range of threats, vulnerabilities and incidents that could adversely impact their critical business operating systems.

"The ongoing cyber-war between the government and various hacker groups highlights the urgency for the public and private sectors to develop a comprehensive approach to protecting the 'critical infrastructure.' While the hackers are currently focused on federal computer systems, the skirmish could quickly spill over into the private sector . . . 'One need only look at today's headlines to recognize industry's need for iDEFENSE -- the trusted source for knowledge it can use to protect the critical networks and systems upon which it are so dependent," said James Adams, CEO of iDEFENSE. "iDEFENSE draws upon an unparalleled understanding of the critical infrastructure and a keen awareness of the growing threats and vulnerabilities confronting industry to provide its clients a timely and truly unique service."

[iDefense went bankrupt and ceased operation a few years ago. Its CEO's bizarre proclamations, however, deserve preservation.]

James Adams was highly quotable on what would happen in cyberwar. No one in the mainstream press cast even the slightest fishy eye at his claims, most of which were laughably absurd.

Here then, is a small sampling of James Adams:

Pentagon hackers employed in Eligible Receiver "did more than the massed might of Saddam Hussein's armies, than the Nazis in the Second World War." From Techweek, 1999.

"iDefense is way ahead of the competition." From Washington Technology, "the business newspaper for government systems integrators," November 1999.

"Which brings us to the final rung on the escalatory ladder: the virtual equivalent of nuclear deployment. I offer as illustration Eligible Receiver." From a speech, "The Future of War, Wright-Patterson Air Force Base, June 2000.

"Consider the recent LoveLetter virus... The effect? The equivalent of a modest war... No terrorist organization in history has ever achieved such damage with a single attack. Few small wars cost so much... The LoveLetter attack was indeed the first real taste of terrible things to come." Also from "The Future of War."

"Adams stated: 'iDefense is now beginning a period of very rapid growth.'" From a press release naming Brian Kelly as CEO and Adams as "visionary," January 2001.

On National Public Radio's "Talk of the Nation," April 2001, a listener to a show on information warfare, featuring James Adams as a panelist, called in with this statement: "...I also have a question for Mr. Adams, I'm concerned about the scare tactics used by a lot of these security companies out there, including iDefense, which sells reports and services." Adams replied: "I think that's an interesting point. And clearly business is business. But I think there is a balance to be made between making aware what is going on and being responsible. And I am aware-- I am very aware of everything that is going on in the classified arena."

"Estimates of the cost of [the LoveLetter virus] to the United States range from $4 billion to $15 billion -- or the equivalent, in conventional war terms, of the carpet-bombing of a small American city." From Foreign Affairs, May-June 2001.




U.S. Deputy Defense Secretary John Hamre warned Congress of an "electronic Pearl Harbor" by cyber-terrorists on March 9, 1999, and said the target is more likely to be commercial than military. "And this Pearl Harbor's going to be different," Hamre said scarily. "It's not going to be against Navy ships sitting in a Navy shipyard. It's going to be against commercial infrastructure . . . "




"It's not a matter of if America has an electronic Pearl Harbor -- it's a matter of when," said Rep. Curtis Weldon, R-Penn, to reporters John Miklazewski and Robert Windrem, for MSNBC on March 5.

In the same article and for the New York Times, Richard Clarke, a Clinton advisor on terrorism, said "An attack on American cyberspace is an attack on the United States, just as much as a landing on New Jersey . . . The notion that we could respond with military force against a cyberattack has to be accepted."

Acting on the advice of Clarke, President Clinton recently proposed spending $1.5 billion for cyberdefense.




On February 1, 1999, The New York Times' Tim Weiner profiled Richard Clarke: "The Man Who Protects America From Terrorism."

"[Richard Clarke's] stock in trade is the stuff of techno-thrillers -- biological bombs in the Wall Street subway, chemical clouds of death in the Pentagon parking lot, cyberwar attacks . . . "

"The mission of protecting Americans from attack, whether by states or rogue groups," wrote the Times, "is 'almost the primary responsibility of the government.' [Clarke] is trying to raise the fear of terrorism in the United States to the right level -- higher, not too high -- as he girds the nation against the possibility of an assault from nerve gas, bacteria and viruses, and from what he calls 'an electronic Pearl Harbor.'"

"In his office, where a small sign reads 'Think Globally/Act Globally,' he spoke passionately about the threat of cyberwar, invisible attacks on the nation's computers, a terror so insidious, so arcane he has trouble convincing corporate chieftains and political commissars it is real. But it is out there, somewhere, he says, even if he can't prove it," wrote the Times reporter.

"There is a problem convincing people that there is a threat . . . There is disbelief and resistance. Most people don't understand. CEOs of big corporations don't even know what I'm talking about. They think I'm talking about a 14-year-old hacking into their Web sites."

Clarke rambles on, referencing the Pentagon's secret wargame "Eligible Receiver," but not mentioning it directly: "I'm talking about people shutting down a city's electricity . . . shutting down 911 systems, shutting down telephone networks and transportation systems. You black out a city, people die. Black out lots of cities, lots of people die. It's as bad as being attacked by bombs."

"An attack on American cyberspace is an attack on the United States, just as much as a landing on New Jersey . . . The notion that we could respond with military force against a cyber-attack has to be accepted."

"Imagine a few years from now: A president goes forth and orders troops to move. The lights go out, the phones don't ring, the trains don't move. That's what we mean by an electronic Pearl Harbor."

"Clarke's profile first surfaced in 1986," Weiner writes. "He was an intellectual author of a plan to use psychological warfare against the Libyan leader, Moammar Gadhafi. Under his plan, flights of SR-71 spy planes set off 'sonic booms over [Gadhafi'] head, to tell him his air defenses couldn't stop us,' and mysterious American rafts floated up on the shores of Tripoli, Clarke said. The operation backfired when the Reagan White House was caught planting a false report in The Wall Street Journal about Libya's support of terrorism."




On May 25, 1998, Brigadier General Robert F. Behler of the Strategic Command stepped up to the plate in the pages of Federal Computer Week to opine on "electronic Pearl Harbor" in a piece entitled "Fighting the virtual Cold War: There's no peace in cyberspace." Excerpts are included for your reference.

"Less than a decade after the Berlin Wall came tumbling down, we are in the midst of a new Cold War," stated Behler on the secret cyberwars of the Internet.

"A digital enemy can bypass the military and take down critical infrastructure -- automated power plants, stock markets and transportation systems -- and disable this nation without firing a shot . . . Call it a virtual Cold War . . ."

"As the point man for computer security at the U.S. Strategic Command, which directs all U.S. strategic nuclear forces, I'm keenly aware of the stakes of warfare in the cyberworld. Each day, I see evidence that the United States is in a digital war with cyberbandits and terrorists who are intent on destroying our nation's computer systems. We are faced with individuals who may attack our computer systems, and more than 30 nations have sponsored programs to disrupt information systems worldwide. Experience has taught me that there is no peace in the cyberworld."

"Keeping ahead of cyberenemies must become a national priority . . . I suggest the United States commit to a 'Year of Cyberspace Security.' Such an initiative would range from teaching schoolchildren the consequences of giving out their Internet addresses to developing better means of safeguarding sensitive information.

". . . Are we losing this war in cyberspace? Maybe; at this time I'm not certain. But I am certain that if we maintain the current level of complacency about computer security, 21st century cyberwarlords will 'eat our lunch.'

". . . The Year of Cyberspace Security is an idea whose time has arrived. We must step up to this challenge now or face an electronic Pearl Harbor . . ."




Twice in the May 1997 issue of WIRED magazine, both in John Carlin's "Farewell to Arms."

1. "We will have a cyber equivalent of Pearl Harbor at some point, and we do not want to wait for that wake-up call," attributed to former U.S. Deputy Atty. General Jamie Gorelick.

2. "I-war can be the kind of neat, conceptually contained electronic Pearl Harbor scenario that Washington scenarists like -- collapsing power grids, a stock market software bomb, an electromagnetic pulse that takes the phone system out."




Twice in Robert Minehart's tutorial on Information Warfare, a course currently presented by the U.S. Army's training school in Carlisle, PA. Minehart's bio refers to him as an NSA/CIA/DIA employee and Visiting Professor of Information Warfare at Carlisle. Minehart prefers "Information Pearl Harbor" to "electronic Pearl Harbor" but as far as Crypt Newsletter is concerned, they're the same thing.

1. "So what would an effective Information Pearl Harbor look like?"

2. "The U.S. may find it difficult to use military force in response to an Information Pearl Harbor-type attack."




Once by John Woodward, a mouthpiece for MITRE Corporation in McLean, VA, in a long-winded 1997 company Website sales pitch for hiring MITRE expertise in avoiding "electronic Pearl Harbor":

"It's MITRE's job to keep the information warfare equivalent of [electronic] Pearl Harbor solely and exclusively in the realm of simulation."

Also attributed to Woodward, "MITRE is the best source on information warfare in the world."




"Electronic Pearl Harbor" was invoked three times by strategist Martin Libicki, in "Defending Cyberspace and other Metaphors," a paper on info-war published by the Pentagon-administered National Defense University in Washington, D.C. The paper appeared earlier this year and Libicki uses the term "digital" in place of "electronic."

1."A strategic motive for a digital Pearl Harbor could be to dissuade the United States from military operations (perhaps against the attacking country) or to hinder their execution by disrupting mobilization, deployment, or command and control.

2. "How much damage could a digital Pearl Harbor cause?"

3. "A more pertinent question than how much damage a digital Pearl Harbor might cause is how well hackers attacks can delay, deny, destroy, or disrupt military operations."




In the January 6, 1997 edition of the Wall Street Journal, reporter Tom Ricks attributes Duane Andrews of Science Applications International Corporation and the Pentagon's Defense Science Board with:

"Warning of a possible 'electronic Pearl Harbor,' the task force appointed by the Defense Science Board also said the Pentagon should seek the legal authority to launch counterattacks against hackers."




"We could be on the brink of an 'electronic Pearl Harbor' or an 'information Chernobyl' and not even know it."

This one was uttered by Frank Morgan, an Air Force Intelligence Agency/Air Force Information Warfare Center officer out of Kelly AFB, Texas, in an article for the September 1996 issue of Airman magazine entitled "Info Warriors!"




In Cybernautics Digest, Vol. 3, No. 7 (1996), "All's Not Quiet on the Information Front":

"Pentagon officials fear an electronic Pearl Harbor: an attack which could go undetected until it is too late."




"[John] Deutch favors center to avoid `electronic Pearl Harbor' and [it] would not require hiring new personnel," showed up in a July 1, 1996 story on Congressional testimony on the subject of hackers and info-war. It appeared in Federal Computer Week.

If you've been following newspapers, sometimes it seemed as if CIA-director Deutch spent most of 1996 talking about "electronic Pearl Harbor," a remarkable feat from someone who could not distinguish the PenPal Greetings Net virus hoax from reality.

And in the same story, a couple paragraphs on:

"I don't know whether we will face an electronic Pearl Harbor, but we will have, I'm sure, some very unpleasant circumstances in this area," said John Deutch.

"Senator Sam Nunn (D-Ga.), who chaired the hearing, raised the issue of 'an electronic Pearl Harbor' against the 'national information infrastructure,' and asked 'are we fully alerted to this danger now?"

The above quote came from an article written by John Elliston for something called "Dossier." It, of course, also repeats the Deutch "electronic Pearl Harbor" quote -- published by hundreds around the country -- taken from the same July 1996 Congressional hearings.




"We're facing an electronic Pearl Harbor," said Ronald Gove, a vice president of Science Applications International Corporation, at a 1995 National Computer Security Association Info-war conference, as reported by a September '95 issue of the Arizona Star.




"The Pentagon's New Nightmare: An Electronic Pearl Harbor" was the title of a Neil Munro-penned editorial in the July 16, 1995 edition of The Washington Post.




And in Alvin and Heidi Toffler's 1993 book entitled "War and Anti-War," "electronic Pearl Harbor" is said to be just waiting to happen. (Page 149 in a section entitled "Info-terror.")

Duane Andrews of Science Applications International Corporation also makes an appearance in the Toffler book, and similar to what he said in 1997, he says in "War and Anti-War:" "Our information security is atrocious, our operation [secrecy] is atrocious, our communications secrecy is atrocious."



The old homepage of the Crypt Newsletter. From the Wayback Machine.

1 Comments:

Blogger ericswan said...

Comment moderation has been enabled. All comments must be approved by the blog author.

I guess you've been spooked huh?

9:09 PM  

Post a Comment

<< Home