The Cyber Terrorists ... ------------------------ By Steve Macko, ENN Editor Tuesday, June 4, 1996 A fascinating story came out of London this past weekend that appears to have dire consequences. Several financial institutions, such as banks, brokerage firms and other large corporations, have paid extortion money to sophisticated international "cyber terrorists." Huge sums of money have reportedly been paid to these criminals who have threatened to destroy computer systems and ... have proven that they can do it. Companies in the United States have also fallen victim to these criminals. A London Sunday Times investigation has learned that British and American law enforcement agencies are looking into forty known "attacks" on financial institutions in London and in New York since 1993. Vast sums of money have been paid to the blackmailers who have proven their ability by using "information warfare" techniques that may have been learned in military or government service. The U.S. National Security Agency (NSA), which utilizes some of the most sophisticated computer systems in the world, has said that the criminals have penetrated computer systems by using what are called "logic bombs." These are coded devices that can be detonated remotely. They have also used electromagnetic pulses and "high emission radio frequency guns." These M.O.'s do have a distinct military bent to them. These blackmailers are anything but subtle in their methods. They have left encrypted threats at the highest security levels (root) of the computer systems that they have attacked and have left messages such as: "Now do you believe we can destroy your computers?" Authorities have been unable to stop the attacks. It is highly suspected that some of the criminals are in the United States. Banks and other financial institutions have also not been very forthcoming with law enforcement investigators. Many fail to even notify the police of the crime. One security director of a London bank said, "They have given in to blackmail rather than risk a collapse in confidence in their security systems." "We are aware of the extortion methods, but the banking community has ways of dealing with it and rarely reports to the police," said a senior police detective in London. Special investigative units have been set up in both the U.S. and in Europe. But the financial institutions have closed ranks and have hindered the investigations of the cyber criminals. In April, experts in the field of information warfare met in Brussels, Belgium. to discuss the threat. There has also been a closed meeting with the British intelligence community. And it is being reported that there was a secret seminar held in Washington, D.C. just this past weekend with the cyber terrorists as the main agenda topic. The international investigation firm, Kroll Associates, confirmed last week they have been called in to assist some financial firms through the blackmailing schemes. In New York City, a Kroll Associates spokesman said, "One of the problems we face is that the potential embarrasment from loss of face is very serious. The problem for law enforcement is that the crime is carried out globally, but law enforcement agencies stop at each frontier." On Saturday, a spokesman for the Bank of England confirmed that his bank has come under attack by the cyber terrorists. Scotland Yard has assigned a senior detective from its computer crime unit to take part in a European-wide operation that has been codenamed, "Lathe Gambit." In the United States, the Federal Bureau of Investigation (FBI) has three separate squads investigating computer extortion. The U.S. Secret Service is also involved in computer crime. The U.S. National Security Agency believes that there are four separate cyber terrorist gangs in operation. As has been reported in this publication previously, there is evidence that at least one of the gangs is based in Russia. These are four of the extortion cases that the NSA is reportedly taking a very hard look at: * -- 6 January 1993. A computer crash halted trading at a British brokerage house. A L10 million pound ransom was paid into a Zurich, Switzerland, bank account. * -- 14 January 1993. A British bank paid a ransom of L12.5 million pounds. * -- 29 January 1993. L10 million pounds was paid by a British brokerage house in ransom after threats were made. * -- 17 March 1995. A British defense firm paid a ransom of L10 million pounds. In each of the four above cases, the blackmailers threatened senior directors and demonstrated they could indeed crash the computer system. Each of the four companies caved-in to the extortion demands within hours and wired the money to foreign bank accounts, from which the blackmailers removed the money within minutes of its arrival. It is highly believed that the criminals gained their expertise in information warfare in the United States military. The U.S. military has been known to develop "weapons" that can disable or destroy computer hardware. This threat is very, very real and is very, very serious. So far, the criminals have been satisfied in only gaining wealth. All of this sounds like something out of a thriller novel. In Tom Clancy's last book -- "Debt Of Honor" -- cyber experts caused a major crash on the New York Stock Exchange. It sounds like these real cyber terrorists could do that if they really wanted to do so. Since it appears that at least some of these individuals may have been trained by military agencies, do they have the expertise that could compromise Defense Department computers? Again, it sounds like they do. For law enforcement agencies-- what would happen if the FBI's National Crime Information Center (NCIC) computer system were "hacked" or destroyed? Everything, today, is run by computers and these individuals appear to have the ability to get into whatever they want. In the past, ENN has offered reports on general terrorism, the threat of nuclear, chemical and biological terrorism --"cyber terrorism" would appear to be on the same threat scale. It's that serious. _________________________________________________________________ For a further analysis, we offer the following from Mr. Winn Schwartau of Interpact, Inc., who is an expert in information warfare and security. Mr. Schwartau is the author of the books entitled, "Information Warfare" and "Terminal Compromise." Class III Information Warfare: Has It Begun? The June 2, 1996 Sunday Times from London front page headline reads: "City Surrenders to L400 million Gangs" And HERF Guns, Electromagnetic Pulses and sophisticated logic bombs may be responsible. At InfoWarCon II, Montreal Canada, I made reference to investigations I was conducting regarding concerted and organized attacks on up to 43 financial institutions in Europe and the US; an example of Class III Information Warfare. This issue of London Sunday Times brings a glimpse of the story that will eventually be told. The first attack in my files dates to January 6, 1993. A trading house in London was blackmailed into paying L10million to unknown extortionists who demonstrated they could crash the company's computers at will. The next incident in the Times article is also in my files: January 14, 1993 where similar demonstrations and demands were made for this time L12.5Million. And so is the next, January 29, 1993 and another L10Million siphoned off by the bad guys. According to my figures and those in the Times article, hundreds of millions of pounds have been paid ransom in what is clearly an example of Class III Information Warfare. According to officials in Washington, Whitehall, London, City of London Police, the National Security Agency, Kroll Associates, Bank of England and others (in the article) the threats are credible. The attackers have the clear ability to bring trading and financial operations to a halt - exactly when they say they will. "Banks, brokerage firms and investment houses in America have also secretly paid ransom to prevent costly computer meltdowns and a collapse in the confidence among their customers," sources said in the article. The article discussed the advanced information warfare techniques used by the perpetrators. "According to the American National Security Agency (NSA), they have penetrated computer systems using 'logic bombs' (coded devices that can be remotely detonated), electromagnetic pulses and 'high emission radio frequency guns' which blow a devastating electronic 'wind' through the computer systems." [For a complete description of HERF Guns (coined by Schwartau in 1990), see "Information Warfare: Chaos on the Electronic Superhighway," Thunders Mouth Press, 1994] The perpetrators have also left encrypted messages, apparently bypassing the highest security levels of the systems, leaving messages such as "Now do you believe we can destroy your computers?" The NSA and other officials believe that four gangs are involved; probably one from the US and probably one from Russia. But, because the crimes are international, national borders still prevail, making investigation more difficult. Investigations and official inquiries have been in progress for some time according to the article. Now, for a few things you will not see in the article, but will hopefully [if I am lucky] come out in the near future. The number of attacks is way above 40. They have been known about for almost three years, but only recently have people been willing to come out of the closet and discuss this highly sensitive issue with the media. Long briefs and analyses of these events have been submitted to high level officials and select business persons for at least a year, but to no avail. [Security by obscurity reigns all too often.] Banking is not the only industry that has been attacked and the attacks have been spread around Europe as well as Australia. As an industry many of us have said that the only way something will really be done is if we experience a Computer Chernobyl [Peter Neumann Phrase as I recall] or as I first said in Congressional Testimony, "An Electronic Pearl Harbor." Are these events the harbinger of strong reaction by the computer community at large? As events unfold and more information is permitted to be disseminated over the next few days and weeks, we will see. We have essentially solved the issues of confidentiality and integrity. But, I have maintained that the real problem is going to be Denial of Service. These events are unfortunate, but clear examples of that reality. [End Mr. Schwartau's quoted comments] A Bank of England official reportedly told reporters, "it is not the biggest issue in the banking market." Hmmm...we're going to have to think about that. If our banking and defense systems are not secure...what is? (c) EmergencyNet News Service, 1996, All Rights Reserved.