U.S. Military Computers Infected by Worm

December 3rd, 2008 | 1 Comment | Posted in Military, Security

The Defense Department’s geeks are spooked by a rapidly spreading worm crawling across their networks. So they’ve suspended the use of so-called thumb drives, CDs, flash media cards, and all other removable data storage devices from their nets, to try to keep the worm from multiplying any further.

military computerThe ban comes from the commander of U.S. Strategic Command, according to an internal Army e-mail. It applies to both the secret SIPR and unclassified NIPR nets. The suspension, which includes everything from external hard drives to “floppy disks,” is supposed to take effect “immediately.” Similar notices went out to the other military services.

In some organizations, the ban would be only a minor inconvenience. But the military relies heavily on such drives to store information. Bandwidth is often scarce out in the field. Networks are often considered unreliable. Takeaway storage is used constantly as a substitute.

The problem, according to a second Army e-mail, was prompted by a “virus called Agent.btz.” That’s a variation of the “SillyFDC” worm, which spreads by copying itself to thumb drives and the like. When that drive or disk is plugged into a second computer, the worm replicates itself again — this time on the PC. “From there, it automatically downloads code from another location. And that code could be pretty much anything,” says Ryan Olson, director of rapid response for the iDefense computer security firm. SillyFDC has been around, in various forms, since July 2005. Worms that use a similar method of infection go back even further — to the early ’90s. “But at that time they relied on infecting floppy disks rather than USB drives,” Olson adds.

Servicemembers are supposed to “cease usage of all USB storage media until the USB devices are properly scanned and determined to be free of malware,” one e-mail notes. Eventually, some government-approved drives will be allowed back under certain “mission-critical,” but unclassified, circumstances. “Personally owned or non-authorized devices” are “prohibited” from here on out.

To make sure troops and military civilians are observing the suspension, government security teams “will be conducting daily scans and running custom scripts on NIPRNET and SIPRNET to ensure the commercial malware has not been introduced,” an e-mail says. “Any discovery of malware will result in the opening of a security incident report and will be referred to the appropriate security officer for action.”

“The USB ban should be effective in stopping the worm,” Olson says. Asked if such a wide-spread measure was a bit of over-kill, Olson responded, “I don’t know.”

“I know this [is an] inconvenience,” e-mails one Michigan Army National Guardsman. “This has been briefed to the CoS [Chief of Staff] of the ARMY. This is not just a problem for Michigan, and is effecting operations around the world. This is a very serious threat and should be treated as such. Please understand that this is a form of attack, and we need to have patience in dealing with this issue.”
The military relies heavily on the use of removable storage devices to store information since bandwidth is often scarce out in the field and networks are often considered unreliable.

What’s causing the problem?

It is speculated that a virus named Agent.btz is the culprit. It’s a variation of the “SillyFDC” worm which spreads by copying itself to thumb drives. When the drive or disk is plugged into a second computer, the worm replicates itself again — on the PC. Once installed it automatically downloads malicious software code from the Internet. (Source: f-secure.com)

Eventually, some government-approved drives will be allowed back under certain “mission-critical,” but unclassified circumstances.

See: US Military Report on Computer Threat

Tags: , , , , , , , ,

IARPA Trolls Online Gaming

July 6th, 2008 | No Comments | Posted in Intelligence

iarpa logoThe Total Information Awareness (TIA) program has found a new, more accommodating home for its “mission” of “keeping America safe”–from the Constitution–at the Intelligence Advanced Research Projects Agency (IARPA).According to McClatchy investigative journalist Warren Strobel, IARPA … is the U.S. intelligence community’s counterpart to DARPA, the Defense Advanced Research Projects Agency, which has been in business for more than 35 years and is meant to be a small, flexible R&D agency that funds high-risk, but potentially high-payoff technologies. (”What’s IARPA?”, McClatchy Washington Bureau, June 30, 2008)

IARPA has been organized under the auspices of Office of Director of National Intelligence (ODNI) Mike McConnell, a former executive vice-president with spooky mega-contractor Booz Allen Hamilton. As Tim Shorrock reported in March,

As Booz Allen’s chief intelligence liaison to the Pentagon, McConnell was at the center of action, both before and after the September 11 attacks. During the first six years of the Bush administration, Booz Allen’s contracts with the U.S. government rose dramatically, from $626,000 in 2000 to $1.6 billion in 2006. McConnell and his staff at Booz Allen were deeply involved in some of the Bush administration’s most controversial counterterrorism programs. They included the Pentagon’s infamous Total Information Awareness data-mining scheme run by former Navy Admiral John Poindexter, which was an attempt to collect information on potential terrorists in America from phone records, credit card receipts and other databases. (Congress cancelled the program over civil liberties concerns, but much of the work was transferred to the NSA, where Booz Allen continued to receive the contracts.) (”Carlyle Group May Buy Major CIA Contractor: Booz Allen Hamilton, CorpWatch, March 8, 2008)

According to the agency’s website, IARPA’s brief is centered on three program areas:

Smart Collection, “The goal of the programs in this office is to dramatically improve the value of collected data from all sources.”

Incisive Analysis, “The goal of the programs in this office is to maximize insight from the information we collect, in a timely fashion.”

Safe & Secure Operations, “The goal of the programs in this office is to be able to counter new capabilities implemented by our adversaries that would threaten our ability to operate freely and effectively in a networked world.”

There’s no argument that preventing sociopaths–state-sponsored or otherwise–using malware to cause the meltdown of a nuclear power plant’s uranium core or the sudden release of methyl isocyanate into the atmosphere should be a priority of any sane government. Certainly such laudatory goals would be optimized by writing better programs rather than through intrusive data-mining ops carried out by the state’s outsourced and well-paid private “partners.”

Unfortunately, we aren’t dealing with a sane government here in the United States. According to Virtual Worlds News, one IARPA program seeks to “mine” information from virtual worlds and online gaming sites for its potential to “model” terrorist activity.

Reynard, a data-mining project from Intelligence Advanced Research Projects Activity (IARPA), is an exploratory effort to monitor activity in virtual worlds and online games and then model what terrorist activity in those worlds would look like. The Director of National Intelligence recently released a Congressionally mandated report on various data-mining projects of which Reynard is just one. While it’s just an early effort right now, “If it shows early promise, this small seedling effort may increase its scope to a full project.”

Data-mining is defined as “a program involving pattern-based queries, searches or other analyses of 1 or more electronic databases” in order to “discover or locate a predictive pattern of anomaly indicative of terrorist or criminal activity….” and will now be ongoing “in a public virtual world environment. The research will use publicly available data and begin with observational studies to establish baseline behaviors.”

No word on what world that will be in, but we already know that the CIA has a presence in Second Life and that IARPA has investigated Linden Lab’s world as well. (”U.S. Project Reynard Mines Data Looking for Virtual Spies,” Virtual Worlds News, February 25, 2008)

One can only wonder what IARPA will do once “baseline behaviors” are mapped! But apparently there’s no need to fret since “the government understands that ‘applications of results from these research projects may ultimately have implications for privacy and civil liberties,’ so ‘IARPA is also investing in projects that develop privacy protecting technologies,’” Secrecy News reports.

We bet they are! But as Strobel points out, “IARPA’s ancestry is a wee bit interesting”:

In the beginning, there was Total Information Awareness, a DARPA information-gathering program run by none other than former Iran-Contra figure and Reagan national security adviser John Poindexter. Critics saw the program as a major, post-9/11 intrusion on American’s privacy and civil liberties, and Congress killed funding for it in 2003. But there were persistent reports–confirmed by yours truly in conversations with former U.S. intelligence officials–that portions of the Total Information Awareness research had simply been shunted off to other agencies.

As readers undoubtedly recall, Total Information Awareness (TIA) was “terminated” by Congress when it learned that Poindexter was setting up a program that would sift through “public databases storing credit card purchases, rental agreements, medical histories, e-mails, airline reservations, and phone calls for electronic ‘footprints’ that might indicate a terrorist plot in the making,” according to Shorrock’s excellent read, Spies for Hire.

And to whom did DARPA turn to manage TIA? Why none other than Booz Allen Hamilton, of course! Joining SAIC (Science Applications International Corporation), Booz Allen “won” some $63 million in contracts to run Poindexter’s pet project. While the program–and contracts–were allegedly cancelled, portions of TIA had simply been spun-off to other agencies including the FBI and NSA.

Where else did TIA migrate? It turns out, many of its data-mining projects, including the Scalable Social Network Analysis (SSNA) operation, which seeks to model networks of connections like social interactions, financial transactions, telephone calls, and organizational memberships into a coherent analytical tool, were “assimilated” by the Advanced Research and Development Activity (ARDA), managed by NSA.

Strobel reports that “ARDA was later renamed, given the ominous-sounding name of the Disruptive Technology Office.” And now ARDA and DTO along with a “new and improved” TIA, have apparently been folded into IAPRA.

Which just goes to show, you can’t kill off that which the state decrees is necessary for “your protection.” As Wired’s Ryan Singel advises online gaming enthusiasts, you’d better “be careful who you frag”!

Tags: , , , , ,

Carpet Bombing in Cyberspace

June 16th, 2008 | 1 Comment | Posted in Uncategorized

Wired says the Pentagon’s DDoS scheme to be “the most lunatic idea to come out of the military since the gay bomb.” DDoS, or distributed denial-of-service, is an attack on a server, flooding it with so many requests it is for all purposes knocked out, unable to respond. Col. Charles W. Williamson, writing for the Armed Forces Journal, thinks this is a peachy keen idea. In an article entitled “Carpet bombing in cyberspace,” Williamson says the Pentagon’s DDoS would allow “a quick response by directly linking our counterattack to the system that detects an incoming attack,” in other words, he assures us, the scheme would be defensive.

Of course, for guys who carpet bomb in cyberspace and in real space, basically unconcerned with “collateral damage,” the idea the Pentagon would only use this weapon on bad guys who attack is ludicrous. It is, more accurately, an offensive weapon, designed to take down or render useless targeted computer networks, presumably in China or Russia or a cave in Afghanistan. No doubt China and Russia have their own counter measures, so “carpet bombing in cyberspace” becomes an academic exercise, a stalemate, an excuse for geeks on the Pentagon payroll to build zombie networks and unleash more botnets on a botnet infested internet.

As we know, however, the Pentagon’s target list is not confined to Russia and China. First and foremost, the Pentagon considers the civilian internet an “enemy weapons system,” as its Information Operations Roadmap makes obvious. “We Must Fight the Net. DoD [Department of Defense] is building an information-centric force. Networks are increasingly the operational center of gravity, and the Department must be prepared to ‘fight the net,’” the document declares. The PNAC neocons are fond of this idea — the idea that the entire internet is an enemy weapons system — and they wrote about it in their documents.

“Control of space and cyberspace. Much as control of the high seas — and the protection of international commerce — defined global powers in the past, so will control of the new ‘international commons’ be a key to world power in the future. An America incapable of protecting its interests or that of its allies in space or the ‘infosphere’ will find it difficult to exert global political leadership,” the PNAC neocons write in their defining document, Rebuilding America’s Defenses: Strategies, Forces, and Resources For a New Century (2000). The PNAC neocons demand “full-spectrum dominance” of the entire “battlespace,” including the internet.

Again, enemies of the Pentagon, who need to be dominated in full-spectrum fashion, are not necessarily in China or Russia, they are here in the United States, too. In 2005, we learned that the Pentagon was up to its old tricks, snooping and conducting domestic surveillance on peaceful antiwar protests and meetings. The Counterintelligence Field Activity, or CIFA — which receives zero congressional oversight — was established by the Pentagon in 2002 to “effectively and efficiently manage and oversee the Defense Department counterintelligence enterprise.” Counterintelligence does not strictly consist of monitoring enemies, but is also offensive in nature. Back in the day, when the national security state was first implemented, Allen W. Dulles, then CIA boss, declared counterintelligence is not merely defensive, but a “responsive activity” aimed at the “opposition.”

As Daniel Brandt documents, the military teamed up with the CIA, FBI, and local law enforcement in the 1960s and the 1970s not only to monitor the antiwar and so-called “liberation” movements, but actively subvert them. According to Brandt’s research, “the primary target of military intelligence was the nation’s university and college campuses,” where antiwar activity flourished in the late 60s.

Over the intervening decades, none of this has changed, as Col. Williamson admits. “Some people would fear the possibility of botnet attacks on innocent parties,” writes Williamson. “If the botnet is used in a strictly offensive manner, civilian computers may be attacked, but only if the enemy compels us. The U.S. will perform the same target preparation as for traditional targets and respect the law of armed conflict as Defense Department policy requires by analyzing necessity, proportionality and distinction among military, dual-use or civilian targets. But neither the law of armed conflict nor common sense would allow belligerents to hide behind the skirts of its civilians. If the enemy is using civilian computers in his country so as to cause us harm, then we may attack them.”

As should be obvious, the Pentagon considers those of us opposed to “full-spectrum dominance,” for instance invading small nations and killing millions of people, as an enemy hiding “behind the skirts” of civilians and “using civilian computers in his country so as to cause us harm,” that is to say engaging in activism to oppose and attempt to change destructive and murderous policies. In short, Williamson is telling us the Pentagon is unleashing attacks against American citizens and their computer networks and individual machines.

Finally, the military’s desire for botnet antics and DDoS attacks against adversaries may be considered part of an overriding plan to “ensure the graceful degradation of the network rather than its collapse,” thus ushering in Internet 2. Paul Jospeh Watson writes: “The development of ‘Internet 2′ is also designed to create an online caste system whereby the old Internet hubs would be allowed to break down and die, forcing people to use the new taxable, censored and regulated world wide web. If you’re struggling to comprehend exactly what the Internet will look like in five years unless we resist this, just look at China and their latest efforts to completely eliminate dissent and anonymity on the web.”

Only a highly controlled and corporatized network, DDoS attacks and offensive botnets will not be necessary because the opposition will be neutralized — in fact opposition will not be allowed to exist at all, same as it does not exist on the corporate and throughly compromised medium we call television.

Tags: , , ,

The DOD’s Quest For Electromagnetic Spectrum Control

December 25th, 2007 | No Comments | Posted in Military

In 2003, then Secretary of Defence Donald Rumsfeld signed a document called themobile microwave transceiver Information Operation Roadmap which outlined, among other things, the Pentagon’s desire to dominate the entire electromagnetic spectrum.

If you are unfamiliar with this document, more detail can be found in this article here.

Dominate

From the Information Operation Roadmap:

“We Must Improve Network and Electro-Magnetic Attack Capability. To prevail in an information-centric fight, it is increasingly important that our forces dominate the electromagnetic spectrum with attack capabilities.”

“Cover the full range of EW [Electronic Warfare] missions and capabilities, including navigation warfare, offensive counterspace, control of adversary radio frequency systems that provide location and identification of friend and foe, etc.”

“Provide a future EW capability sufficient to provide maximum control of the entire electromagnetic spectrum, denying, degrading, disrupting, or destroying the full spectrum of globally emerging communication systems, sensors, and weapons systems dependant on the electromagnetic spectrum.”

“DPG [Defense Planning Guidance] 04 tasked USD(AT&L) [Under Secretary of Defense for Acquisition, Technology and Logistics], in coordination with the CJCS [Chairman of the Joint Chiefs of Staff] and Services, to develop recommendations to transform and extend EW capabilities, … to detect, locate and attack the full spectrum of globally emerging telecommunications equipment, situation awareness sensors and weapons engagement technologies operating within the electromagnetic spectrum.”

Stealthy Platforms Above Your Home

“Develop a coherent and comprehensive EW [Electronic Warfare] investment strategy for the architecture that… Pay particular attention to:

- (U) Projecting electronic attack into denied areas by means of stealthy platforms… As a matter of priority, accelerates joint development of modular EW payloads for the Unmanned Combat Aerial Vehicle.”

It is interesting to see the mention of stealthy platforms like unmanned aerial vehicles (UAVs) because they are now patrolling both the Canadian and Mexican borders of the United States and will soon be patrolling the arctic. With funding supplied by Homeland Security, US police departments are also using UAVs to spy on the citizens below. A couple of examples are Sacramento, California and…

“one North Carolina county is using a UAV equipped with low-light and infrared cameras to keep watch on its citizens. The aircraft has been dispatched to monitor gatherings of motorcycle riders at the Gaston County fairgrounds from just a few hundred feet in the air–close enough to identify faces–and many more uses, such as the aerial detection of marijuana fields, are planned.”

The Electronic Battlespace

“The ACTD [Advanced Concept Technology Demonstration] should examine a range of technologies including a network of unmanned aerial vehicles and miniaturized, scatterable public address systems for satellite rebroadcast in denied areas. It should also consider various message delivery systems, to include satellite radio and television, cellular phones and other wireless devices and the Internet.” [emphasis mine] - 65

“Exploits other transformational EW initiatives, including use of the E-Space Analysis Center to correlate and fuse all available data that creates a real time electronic battlespace picture.” [emphasis mine] - 62

How exactly do you create a real time electronic battlespace picture? And where exactly is the battlespace? A very similar statement was made in the Project for a New American Century document Rebuilding America’s Defenses published in September of 2000 (more about this document here and here.)

“New classes of sensors - commercial and military; on land, on and under sea, in the air and in space - will be linked together in dense networks that can be rapidly configured and reconfigured to provide future commanders with an unprecedented understanding of the battlefield.” - pg 59

An article written by Mark Baard from Parallelnormal.com sheds some light on this subject.

“Philadelphia, San Francisco, Houston, and Providence, R.I. are among the cities partnering with private companies and the federal government to set up public broadband internet access. Providence used Homeland Security funds to construct a network for police, which may be made available to the public at a later date…”

“But even if the cities fail to complete their Wi-Fi projects, the military will be able to set up wireless networks within hours, perhaps even faster.”

“The DOD [Department of Defense], which is in the middle of joint urban war-games with Homeland Security and Canadian, Israeli and other international forces, is experimenting with Wi-Fi networks it can set up on the fly.”

“According to a recent DOD announcement for contractors, soldiers will be able to drop robots, called LANdroids… when they arrive in a city. The robots will then scurry off to position themselves, becoming nodes for a wireless communications network.

“The Wi-Fi antennae dotting the urban landscape will serve not only as communications relays, but as transponders that can pinpoint the exact positions of individual computers and mobile phones - a scenario described in the Boston Globe last year.”

“In other words, where GPS loses site of a device, Wi-Fi will pick up the trail.”

“The antennae will also relay orders to the brain-chipped masses, members of the British Ministry of Defense and the DOD believe.”

Tags: