electronic Pearl Harbor (or "EPH"): a bromide popularized
by Alvin Toffler-types, ex-Cold War generals, assorted corporate
windbags and hack journalists, to name a few. EPH is
meant to signify a nebulous electronic doom always looming over U.S.
computer networks. In the real world, it's a cue for the phrase
"Watch your wallet!" since those wielding it are usually doing
so in an attempt to convince taxpayers or consumers to fund
ill-defined and/or top secret projects said to be aimed at
protecting us from it. It has been seen thousands of times
since its first sighting in 1993.
--from the Crypt Newsletter "Joseph K"
Guide to Tech Terminology
"Electronic Pearl Harbor" and variations on it, Crypt Newsletter has noticed, are now some of the most overused buzz-phrases in the topic of computer security and information warfare. Using Internet search engines, it is possible to quickly find over 500 citations for the phrase in on-line news archives, military research papers and press releases.
Paradoxically, overuse of the phrase has had quite the opposite effect desired by those who unwittingly wield it.
One can easily imagine p.r. handlers coaching our leaders, generals and corporate salesmen to not forget to say "electronic Pearl Harbor" at least one time just before giving a speech or interview. Since it is a gold-plated cliche, anyone with more sense than it takes to pour piss from a boot can use it as an infallible detector of Chicken Little-like cyber-bull.
Paraphrased: Anyone still caught uttering "electronic Pearl Harbor" in 1999 is either an ex-Cold Warrior trying to drum up anti-terrorism funding through the clever use of propaganda, completely out of it, or a used-car salesman/white-collar crook of some type.
Here then, Crypt News presents for your amusement, a selection of the unclothed emperors speaking of "electronic Pearl Harbor."
Note: To underline how rich in history the cliche has become, Crypt Newsletter recently began updating this list after skipping much of 1998. Congressmen, Pentagon officials and hack journalists are those most prone to deploying "electronic Pearl Harbor" ad nauseum. And at this juncture, Crypt Newsletter receives about 2-3 articles a week from the big mainstream press featuring cites on the potential for "electronic Pearl Harbor." Other common players, many of which are listed in this archive, constitute an assortment of aggressive shills pimping consulting services or spot hardware and software solutions aimed at avoiding "electronic Pearl Harbor."
These articles, all of which, obviously, are not included in this page, are distinguished by their mind-numbing repetition and similarity in tone.
The same names tend to appear over and over, always uttering exactly the same menacing declarations.
And -- again and again -- the same clueless media organizations recycle the same clutch of quotes and cliches, uncomprehending or indifferent to the fact that they aren't actually producing anything that is real news.
Other characteristics of "electronic Pearl Harbor" stories are:
1. Obsession with hypotheses upon what might happen -- not what has happened.
2. Rafts of generally insignificant computer security incidents accumulated as anecdotal evidence and delivered in out-of-context or exaggerated manner pointing to the insinuation that something awful is about to happen -- today, tomorrow, a year from now, two years from now . . . always in the not easily glimpsed future.
3. Abuse of anonymous sourcing and slavish devotion to secrecy. All EPH stories usually contain a number of "anonymoids" -- from the Pentagon, the White House, Congressional staff, computer security firms, intelligence agencies, think tanks or unspecified consulting firms. Frequently the anonymoid will allude to even more secret and terrible things which cannot be mentioned in print or the Republic will crumble.
4. Paranoid gossip -- the equivalent of which is offered up as still further proof the nation is in electronic danger. Russia, China, France, India, Israel . . . almost any country not-USA can be portrayed as taking electronic aim at the American way of life. Programmers of foreign decent or mixed American-foreign decent are tarred as potential cybersaboteurs in a kind of modern techno-McCarthyism. Teenagers are transformed into electronic bogeymen with more power at their fingertips than the Strategic Command. The allegations tend to be delivered by anonymous sources or "experts" not required to provide substantive examples backing up the gossip for the print journalists acting as their stenographers.
5. The standard of proof becomes plastic. If your definition of evidentiary proof is restricted to that which is demonstrated by a reproducible public testing process, EPH stories become very confusing. In EPH news, the standard of "proof" is radically different, equivalent to a fantastic but undemonstrated (or when 'demonstrated,' always secret) claim, often passed along by "hackers" looking for publicity, employees of the Pentagon, the National Security Council or related institutions.
This phenomenon has unfolded over six years since the initial prediction of "electronic Pearl Harbor" and national death by keyboard first reared its head.
Perhaps not unexpectedly, as the nation approaches the New Year 2000, the production of stories about a variety of "electronic Pearl Harbor" catastrophes -- hackers attacking under cover of Y2K problems; computer viruses timed to activate on, near or after the rollover; secret cyberwars with names like "Moonlight Maze" and "Eligible Receiver" and; fifth column saboteur programmers working in league with foreign powers -- has also accelerated.
-------------
January 4, 2000: The following is excerpted from a Pentagon press briefing given by Deputy Secretary of Defense John Hamre. It is signal because Hamre is a frequent visitor to our "Pearl Harbor" file and has been one of the loudest voices over the past two years when it came to forcasting disaster via cyberterrorist.
John Hamre: "I think, for example, we experienced surprisingly little cyber activity during this period. That was a surprise to me. I had thought we would have encountered more than we did. There were some efforts by hackers in cyberspace to break into some of our systems, less than we normally experience on a weekend. Evidently, the lonely hearts out there in cyberland had something else to do and weren't just banging on us all night! We did disconnect a number of potential penetration efforts before they could do any further damage to us; we simply unplugged them. So we didn't have the problems that we had anticipated we may have in cyberspace."
Which is something of an understatement, considering Hamre's past rhetoric in the area.
A journalist then asked, "When you say there were fewer incidents than in a normal weekend, can you help us with the numbers? On a normal weekend you have a hundred, a thousand, ten thousand?"
John Hamre: "You know, I'll be happy to answer the question, but I honestly don't have the data. I know we had four instances where we pulled the plug on some hackers that were trying to break in. You know, this is a problem that's been growing . . ."
Another question: "What areas did they want to break into?"
John Hamre: "I don't really know."
" . . . don't have the data . . . some hackers . . . I don't really know . . . " The very picture of a cyberterror conspiracy.
-------------
New Year's Day: Reuters continued to insist on deluding itself and readers in spite of all quiet on the cyberfront on January 1, reporting, "While a general Y2K crisis appears to have been averted, concerns remain that malicious hackers have planted viruses that will hit in the days ahead when computer users boot up their machines . . ."
The news agency then produced an anti-virus shill from Computer Associates who warned balefully, "All computer users must take extra precautions during this virus onslaught . . . We can't stress enough the importance of powerful and reliable antivirus software . . ."
More on the "virus onslaught" . . . that never showed up.
January 1, 2000
In the "famous last words" department, this quote -- supplied by a well-known "electronic Pearl Harbor" booster -- is the best thing Crypt News could find to certify the Y2K rollover:
". . . Y2K will illustrate what a attack could do . . . Anybody who says after January 1, 2000 that this [threat of cyber attack] is all just made up I think is an idiot."
--- James Adams, author of "The Next World War" and head of iDefense, a company that provides intelligence on cyberterror, appearing in USC's Networker magazine, 1998-99.
Or how about this one from November 4, 1999:
``We expect that (terrorists) will attempt to use Y2K as a cover for putting some kind of attack into a vulnerable place . . . That is, when a Y2K solution goes in, they will fly underneath that with an attack of their own that will shut the system down . . . " said Utah Republican Senator Bob Bennett at a National Press Club event.
Or this from an issue of Federal Computer Week:
"Hackers will take advantage of Y2K," Assistant Secretary of Defense John Hamre [said] for a Congressional panel.
December 27, 1999: "Hackers loom over Y2K" was the title of this piece in the Chicago Sun Times.
"Hackers might use Y2K-related chaos as a cover to slip into computer systems, and computer viruses triggered by the new year may already be in place, some law enforcement officials are warning," read the piece.
A computer security salesman shows up: "[Hackers] probably won't be out partying," said a vice president of Telenisus, a local firm.
The bogeyman of foreign programmers working to install trapdoors under cover of Y2K is produced: "A top FBI official has warned that some technicians hired by companies to make Y2K repairs may have used the opportunity to plant a virus . . ."
"Jan. 1 has been described as the Super Bowl for virus writers," was another quote.
No evidence to back any of these claims up was produced.
Read "The Y2K virus-scare grinches who tried to steal Christmas" for a more balanced view.
-------------
December 21, 1999: "Government Warning About Y2K Hackers" was the title of a story in The Washington Post.
"Some of the government's Y2K watchers are warning of computer problems on New Year's Eve that may arise not from the date rollover, but from pranks committed by mischievous hackers," read the piece.
"They are watching for intentional acts perpetrated at the stroke of midnight under the cloak of Y2K problems . . . the stealthy attacks of viruses, worms and other damage-dealing software that already have made their way across the Internet and corporate computer networks."
In something of an understatement, Post reporters wrote:
"In recent weeks, the warnings have become louder and more fretful."
The litany of recent computer viruses announced by anti-virus press release is offered as proof of bad juju afoot: BubbleBoy, MyPics . . .
The anti-virus vendor appears -- in this instance, Vince Gullotto of Network Associates. The same Vince Gullotto who launched the hype on BubbleBoy virus in November . . . when zero examples of it were in circulation.
The Post article stated that the menace of Y2K viruses was based on "hard evidence."
"Hard evidence" like this?
On December 21, the anti-virus vendor DataFellows released this memo publicly:
"[The company's] research shows no increased activity on the part of the virus-writing underground in anticipation of the coming Y2K weekend . . . Many security companies have warned about the possibility of thousands of Y2K viruses appearing overnight, either intentionally spread over the new year or spread earlier but programmed to activate and do damage on or around January 1, 2000. Yet in actual fact, by the middle of December 1999, just ten viruses or trojans designed to do damage at New Year 2000 had been found, and of these only two were found in the wild . . ."
Of course, DataFellows hasn't appeared in many US media reports on Y2K viruses, particularly the "louder" and "more fretful" ones.
A "hacker" said of Y2K: "I, along with my 'computer' friends, will more likely be VERY drunk."
For a shattering dissection of the assorted salesmen and national security mandarins warning of Y2K viruses you will surely want to read Rob Rosenberger's analysis of the continuing mythos.
-------------
December 20, 1999: In this transcript from ABC World News Tonight entitled "Computer Hackers Could Target Military," news reader Connie Chung stated:
"Computer experts have been worried for some time about a flood of viruses designed to disrupt the nation's computer systems over the new year. The systems may be at far greater risk than most people believe."
Chung continued: "ABC's Kevin Newman has been granted access to a group of elite hackers who usually operate in secret."
Yes, so secret, the well-known group -- The L0pht -- has a website, has appeared in the New York Times Magazine, has appeared before Congress, has appeared . . . well, you get the idea. For a secret group, they sure appear in the media a lot.
The purpose of the interview seemed to be aimed at convincing the viewing audience that "the L0pht" were the masters of the world.
Senator Fred Thompson appeared in the videotape, inadvertently acting as "the L0pht's" unpaid press agent: "I'm informed that you think that within thirty minutes the seven of you could make the Internet unusable for the entire nation. Is that correct?"
UNIDENTIFIED [L0pht] HACKER #1: "That's correct. It would definitely take a few days for people to figure out what was going on."
[Sound of Crypt Newsletter's channel-changer switching to WWF pro wrestling, where the phonus-balonus and bluster are more entertaining.]
-------------
December 19, 1999: "US Monitors Millennium Trouble Spots Around the World" was the title of a Tim Weiner penned piece in the New York Times.
In keeping with the overkill mania that characterizes New Year's Eve-as-doomsday reporting, this story ran with the predictable theme that terrorists everywhere are taking aim at the US as part of their Year 2000 party itinerary.
"From now until after the New Year's holiday, hundreds of FBI agents will be monitoring cyberspace for warnings, like ancients searching the skies for a sign, looking out for electronic assaults by hackers and tracking political extremists by computer.
"Civilian and military officials across the country, worried about an organized attempt to take down government computers, are watching everything from reservoirs to the Federal Reserve.
Like old Jacob Marley, Richard Clarke -- the broken record of the National Security Council -- is produced to rattle his electronic chains and howl menacingly for the rubes.
" . . . Richard A. Clarke of the National Security Council, repeatedly warns them that 'cyberterrorists' could launch computer attacks 'shutting down a city's electricity, shutting down 911 systems, shutting down telephone networks and transportation systems,' as he said in a recent interview."
More accurately, Clarke has been stupefyingly repetitive on the subject through 1999, beginning with another Weiner-penned article on February 1 (see further entries, below).
Near the end of the New York Times piece, Weiner repeats:
"At FBI headquarters . . . hundreds of agents will mark the New Year by staring into computers and looking for signs of political violence, cyberspace attacks and Year 2000 computer problems at home and abroad, officials said.
". . . The FBI says that malevolent hackers might try to exploit the problem with viruses timed to multiply on January 1."
Noted computer virus expert Senator Bob Bennett (R -- Utah) said, "We are seeing evidence that some of them will release viruses that will look like Y2K failures but are not."
Read what a real virus expert at Sophos, not some Congressional windbag, has to say on the topic of Y2K viruses. Sophos is an anti-virus software developer of long standing in the UK.
-------------
December 16, 1999: "Y2K -- Experts Say 1000 Computer Viruses Released by 2000" was the title of a Beijing China Radio International report broadcast in English to North America recently.
"Experts in the field are warning computer users of new viruses that are designed to break out with the coming of the new millenium."
" . . . But in the past year or two, the Y2K bug has been the main focus of attention, and computer viruses have been neglected somewhat," read the Chinese radio reporter over the air.
Sez you, bub.
"However, experts pointed out that viruses related to the entrance of the year 2000 pose a serious threat to computer safety . . . Furthermore, the number of such viruses is on the rise. They are programmed to break out together with the Y2K bug, which poses a double danger."
Shill alert: The People's Republic of China, it seems, also has no shortage of anti-virus vendors (some supplied as Chinese operations of American firms) wishing to peddle software and hardware services on top of hysteria about Y2K. This is particularly interesting, because the broadcast is in English and aimed specifically at the Chinese community in America. It's quite a sales coup to worm your way into a public service broadcast, particularly if you're fronting for an American anti-virus firm.
"Deng Jianbin is vice president of Computer Associates, China, a joint venture producing leading anti-virus software. He says that the Y2K problem provides a good opportunity for computer crime. Deng Jianbin says some viruses can pretend they are tools to solve Y2K problems, while others cause symptoms like that of the Y2K bug itself . . . Deng Jianbin added that the Y2K problem is not only a date problem, because the viruses are also software and can be affected by the Y2K bug. If this happens, some of the viruses presently under control may become uncontrollable in their damage to computers. So far, only a few Y2K-triggered viruses have been found in China . . ."
And the pitch, leavened with a bit of voodoo:
" . . . However, experts warn that in the less than 20 days before the coming of the new century, a minimum of 1,000 viruses will be released to celebrate, in a very selfish way, the new millenium. They suggest that you back everything up before the fateful day, invest in the latest anti-virus software, and keep your fingers crossed."
-------------
December 15, 1999: "Future War in Cyberspace" was the title of a special broadcast on the Voice of America US government radio station. Disclosure: Crypt News made an appearance in it.
"At least twice this year, [the Pentagon's] Dr. John Hamre has said the United States was in the middle of a cyber war -- and the pace of attacks on U-S Military computers has increased since then," read the announcer
John Hamre said: "We are in a day to day, virtual cold war. In that sense that we have people trying to disrupt the Department of Defense's computers on a daily basis. So far, we are staying ahead of the problem. But just barely."
Frank Cilluffo, of the Center for Strategic and International Studies think tank said the danger of cyberterror "is real and constant."
"The myth persists that the United States hasn't been invaded since 1812. I'd like to inform you otherwise. And that is the fact that invasion through cyberspace is now a daily occurrence," Cilluffo said for Voice of America.
" . . . George Smith is skeptical that offensive military operations will work very well in cyberspace."
"For years, Mr. Smith has been writing a newsletter on computer break-ins . . . He says Pentagon officials are overstating the danger from computer hackers and intruders."
"Nevertheless, [Smith] expects the United States and many other nations to try to create 'cyber-attack' forces: 'I think it is likely that people will try, I think it is unlikely they will have any impact.'"
"Mr. Smith says armies in Bosnia and the Gulf War faced computer problems, including viruses. He says they coped with them in much the same way they coped with flat tires on vehicles, or worn out parts on aircraft.
"[Smith] said] the idea that small groups of people, armed only with keyboards, could seriously hurt a powerful military force belongs in Hollywood -- not the battlefield."
-------------
"U.S. torpedoed on information warfare: Experts say the country isn't prepared to fight a war in cyberspace," was the title of piece from the December 9, 1999, issue of the Pittsburgh Post-Gazette.
The inevitable deluge of experts warned of more electronic doomsdays at a short info-war conference held at the Matthew B. Ridgway Center for International Security Studies at the University of Pittsburgh.
" . . . terrorists are getting wise to the potential for disruption hacking can cause, said Professor Stephen Sloan of the University of Oklahoma."
And cribbing from Washington Times articles on November 17 and 18 that the nefarious Chinese were planning to make a move in the field of cyberwar: "The Chinese are thinking of establishing a fourth branch of their military -- in addition to the army, navy and air force -- devoted exclusively to information war, said Lt. Col. Michael Warsocki," an Army officer.
"They think they're in a war now," Warsocki said for the Gazette. "Just the reconnaissance phase, but to them, it's war."
Buckle down, Warsocki! Buckle down!
-------------
Still more "Experts warn of hacker threat" was the title of a December 7, 1999, San Francisco Examiner piece.
It was another "electronic Pearl Harbor"-day piece on . . . Pearl Harbor Day!
"Despite numerous well-publicized computer break-ins and crimes, U.S. society remains dangerously vulnerable to hacker attacks on computer and communications networks, experts warn," was cliche number one.
Then a magic number and an unspecified but very bad hypothetical doomsday scenario appear: "Computer crime costs companies more than $100 million a year, but a far worse loss - perhaps in an international catastrophe triggered by a lone hacker . . . is possible, computer security experts said at a Stanford University gathering Monday . . ."
Then a National Infrastructure Protection Center analyst was deployed to furnish another hypothetical -- emphasis on "hype" -- scenario for which no evidence is provided: Osama bin Laden could instigate a computerized equivalent of the World Trade Center bombing.
"Alan B. Carroll, an FBI agent . . . urged those at the conference to imagine a computer or communications version of the World Trade Center bombing - a disaster that brings down, say, computer or telephone networks on which society depends . . . 'Referring to the alleged terrorist Osama bin Laden . . . Carroll said that 'given the resources of this man, you can imagine the kind of damage he could do.'"
-------------
Life is full of delicious irony. On December 7, Pearl Harbor Day, the Athens Ta Nea published a story entitled "Greek Defense Ministry Establishes Cyber-Warfare Office."
It was . . . about electronic Pearl Harbor!
Much of the piece, furnished by the CIA's Foreign Broadcast Information Service, was devoted to the usual stack of repetitive and patently ridiculous claims about i-war cobbled together from assorted American stories on Pentagon info-warriors and the ubiquitous uber-wargame, Eligible Receiver.
Sub-slugged "Cyber-Soldiers in the Front Line," the Athens Ta Nea report breathlessly proclaimed:
"The Air Force base in Miami, Florida, is on 'red alert.' The operation -- an exercise -- involves the dispatch of heavily armed aircraft to bomb targets in North Korea during a supposed international crisis. The bomber pilots are waiting, engines ready, for the air-to-ground missiles to be loaded but an unforeseen event interrupts the exercise: at the last minute, crew members suddenly notice that, instead of missiles, all the storage depots are stocked with electric lighters!"
Crypt Newsletter almost fell out of the chair laughing.
"Pyle!!!!" screamed the always enraged Sgt. Carter. "Why are all these crates from Ronson stacked up at the front gate???"
"Well, Golll-eeee, Sarge, when I was shopping for a pack of ten lighters on Amazon the gol-durned '0' key kept sticking."
But back to the Athens Ta Nea story on "e-Pearl Harbor."
" . . . Only a few minutes before . . . gigantic transport planes take off, the crew notices that there is no fuel available!"
Those pesky hackers had drained the av gas from our birds on the runway! The nerve of them!
"The incident is not pure speculation," wrote the Ta Nea.
"Kept secret at all costs, the complete collapse of the US Pentagon's supply system occurred recently and was ingeniously characterized as 'the electronic Pearl Harbor'. Its perpetrators were a group of hackers secretly hired by the US Government to locate possible 'holes' in the government's information networks and close them. The tools available to the Red Team (as the group was named) during the 'cyber-attack' were only techniques and information accessible on the Web, with no further internal assistance. In record time, the hackers had incapacitated, apart from the supply system of the Armed Forces, the air traffic system and the energy networks.
"The story might sound like Hollywood, but it is no longer a movie fantasy . . . As far as Greece is concerned, the issue has also gone beyond the movie theaters: at the behest of Akis Tsokhatzopoulos, after recommendations by his colleagues, the Ministry of Defense will establish, as of next week, an Information Warfare Office within the YEETHA [National Defense General Staff].
"Dr. Alexandros Polimenopoulos, a special consultant to the Ministry of Defense, states that these soldiers will also be 'experts in the use of computer viruses, logic bombs, worm programs and other tools, which, used at the critical moment, could completely destroy the enemy's information infrastructure.'"
A diligent Crypt News reader in the US Air Force drily comments:
"Inform Athens Ta Nea we no longer have a base -- per se -- in Miami. A hurricane destroyed it. NONE of the hurricane-proof hangars survived. Repair teams resurrected 12-15 buildings for emergency services, but the rest of the base disappeared in the hurricane or fell to a wrecking ball. 'Homestead AFB' was renamed 'Homestead ARB': a tiny little component of the Air Force Reserve."
-------------
December 1, 1999: "Pentagon Planners Gird For Cyber Assault" was the title of a Philadelphia Inquirer generated "electronic Pearl Harbor" story.
It contained the standard EPH elements and claims.
"In a large windowless room of a nondescript office building a few miles from the Pentagon, the war of the future is being waged," read the Inquirer.
". . . If fears of a concerted cyber attack on the U.S. military are realized - what Deputy Defense Secretary John Hamre has called an 'electronic Pearl Harbor' - this room, the Global Network Operations and Security Center, is where the battle will be won."
The Inquirer story warns, "the rapidly approaching Y2K rollover has military officials wondering if they will be able to distinguish between a network intrusion and the millennium computer glitch."
"Capt. Bob West, deputy commander of the Joint Task Force on Computer Network Defense, said there was real potential for a 'crippling' attack at any time because of 'substantial' vulnerability . . ."
The malicious code planted under the cover of Y2K threat scenario is described: " . . . there is some worry that intruders have planted code disguised as Y2K protection but set to go off Jan. 1, like a time bomb."
The now always secret, but seemingly unproductive, cyberwar against Serbia is cited. And new Pentagon jargon for "info-war" is invented: "non-kinetic warfare."
"Some of this 'non-kinetic' warfare occurred during the bombing campaign against Serb forces in Kosovo," reads the Inquirer.
Then the Eligible Receiver script appears.
"A 1997 war-game exercise known as Eligible Receiver showed that sophisticated hackers (in this case from the National Security Agency) could cause power outages and 911 emergency phone system overloads . . . "
Moonlight Maze is referenced: "A real attack occurred from January through March, described by officials as a 'sustained, well-resourced intrusion'. . . No one is commenting, even off the record."
-------------
November 18, 1999: "Internet Warfare Concerns Admiral" was the title of another piece by Bill Gertz of the Washington Times.
It continued the story line of China cast as a Net menace started by Gertz in an article the previous day.
"The Pentagon's top intelligence official said yesterday that China's announced plans to conduct 'Internet warfare' poses a future threat to U.S. military dominance on the battlefield."
"We are clearly interested and concerned about this whole idea of information attack," said Vice Adm. Thomas Wilson, director of the Defense Intelligence Agency (DIA), to Gertz for the Times.
Richard Allen, national security advisor during the Reagan administration, is suddenly produced as an expert on cyberspace and information warfare.
"Richard Allen . . . said the Chinese could inflict strategic damage from military-backed information warfare attacks."
"Mr. Allen said the recent computer attacks on the Pentagon by an Israeli hacker and two teen-agers in California would pale in comparison to a Chinese military computer strike." [Editor's note: Actually, these "attacks," if you can call them that, were more than a year old.]
"This is something about which we ought to be mightily alarmed," said Allen to the Washington Times.
Rob Rosenberger of Virus Myths comments:
Dear Crypt News,
"Internet Warfare Concerns Admiral" in the Washington Times raises a plausible idea -- but not the one described in the story. First, let's remember President Reagan scared Soviet leaders with nothing more than a concept for space-based missile defense systems.
Yeah, we spent a lot of money on it. Yeah, David Lorge Parnas resigned because it wouldn't enter the state of the art in his lifetime. What can I say? We won the Cold War because Russia feared bogeymen in spacesuits.
Now one of our own admirals quakes in his wading boots after reading a Chinese military newspaper. How much does military ink cost these days? In other words: "information warfare." Not what we expected of the term, eh?
China 1, U.S. 0. I remember a hilarious movie scene where Jimmy Stewart scared his date into screaming at a restaurant table. "Eeek!" Your gown looks lovely tonight, admiral . . ."
CN replies: Yeah, but who reads the Liberation Army Daily outside of Cold War admirals and those unlucky enough to have the task as part of their job description? The Chinese need a pipeline into network news or the New York Times if they want to really win the propaganda i-war. Revised score: Pentagon: 500 or so, China 1.
Go boys, go!
-------------
November 17, 1999: "China Plots Winning Role in Cyberspace" was the title of a Bill Gertz front page story in the Washington Times.
The Washington Times is what Congressmen, particularly Republicans, read regularly before work. As such, material in it is influential in decision-making.
This particular piece continues the current Zeitgeist thread in which mainland China is painted as a threat.
"It is essential to have an all-conquering offensive technology and to develop software and technology for Net offensives so as to be able to launch attacks and countermeasures on the Net, including information-paralyzing software, information-blocking software, and information-deception software," Gertz quoted a Chinese military publication as stating. He neglects to mention that US Department of Defense print similar tripe fairly regularly -- and have done so for most of the decade.
Pentagon "anonymoids" show up on schedule: "A senior Pentagon official said he was notified about the article, which has raised concerns among defense officials who see China's information warfare capabilities as a potential threat to U.S. civilian infrastructures . . ."
An "expert," "William Triplett, co-author of a new book on the PLA," said: "All of this offensive-warfare talk, when China is not threatened by anyone, shows that the dragon is at the point where it doesn't have to hide its claws."
Then the scary hypothetical scenario of catastrophe is produced.
According to Triplett, by way of the Washington Times, "China could launch a devastating computer-run sabotage operation by attacking U.S. oil refineries, many of which are grouped closely together in areas of Texas, New Jersey and California."
"A [Chinese] computer attacker could penetrate the electronic 'gate' that controls refinery operations and cause fires or toxic chemical spills . . . "
-------------
In England, Independent Television News On-line published a story in November entitled, "Fears as anarchists organise on the Net."
"President Clinton has pledged $2 billion this year to protect the United States from what has been called 'an electronic Pearl Harbor,'" read the piece.
"In Britain the Government is also waking up to the threat."
"The threat is escalating on pretty much a weekly basis. New tools and technologies are evolving all the time," was one quote from D K Matai, the head of a small UK company that sells solutions for Internet troubles that usually on his company can see.
"The Internet is a military experiment that has escaped [from the US military's] control. It's a whole new way of organising," he said for ITN.
Matai, commented Nick FitzGerald, moderator of comp.virus and editor emeritus of Virus Bulletin, "[is] into hyping up Y2K issues in general with the UK media."
"He was quoted [recently] in the (UK) Sunday Times over some 'Y2K virus' that is not a virus . . . and it seems his company is the only one to have seen the code."
The London Sunday Times material from Matai can be found in a report at Virus Myths.
Another critical view addressing a Matai claim is found in a Sophos white paper on the topic of Y2K viruses. Sophos is an anti-virus software developer of long standing in the UK.
"In the City of London, if you were to hit two or three places - nor more than that - they would be able to turn the city off and that would stop the banking system and it would stop the share-trading system . . . Identifying the crazed, skilled cyber attacker is perhaps the single most difficult task that the cyber spooks face at the moment," said Peter Sommer from the London School of Economics for ITN.
The turn-off-the-power story, it seems, is also popular in the UK media.
-------------
"US Corporations Warned of Cyber-Terrorism" was the headline of piece that appeared on November 4, 1999, in the "The Washington File" -- a product of the Office of International Information Programs, U.S. Department of State.
"With the increasing use of the Internet in business operations, it will not be long before, 'more damage can be done with a keyboard than with a car bomb,' according to Nickolas Proctor, Executive Director of the Overseas Security Advisory Council (OSAC). OSAC is an office within the State Department devoted to fostering the exchange of information on security issues between government, businesses and other organizations operating internationally."
"Assistant Secretary of State for Diplomatic Security David Carpenter told [an] audience of business security specialists that they must educate themselves about the mounting threats of cyber-crime. He said terrorists are constantly devising new ways 'to cripple business, government, and infrastructure,' and inventing new methods of 'creative destruction.'"
In what can only be described as a continuing propaganda exercise aimed at the press, the Pentagon grail, Eligible Receiver -- or possibly the new edition of Eligible Receiver -- Zenith Star -- was cited.
"Michael Peters, the technical director for operations, readiness and assessments at the National Security Agency, described his successful efforts to expose weaknesses in the security of U.S. government information systems. In an exercise to test the vulnerability of systems within the Department of Defense (DOD), Peters said a team of 20 government information experts posed as adversaries attempting to break through DOD computer security . . . 'The bad guys won,' Peters said. 'We were able to cause serious problems for DOD.'"
Now, if only taxpayers could convince "our bad guys" to spend more time actually teaching people fundamentals in computing technology rather than wargaming, we'd be getting somewhere.
-------------
"My, how they do go on," remarked one reader of Crypt Newsletter while forwarding more missives on EPH.
On November 4, 1999, national counter-terror guru appeared yet again in a story entitled "US Said Vulnerable to Cyber Attacks" distributed by the Associated Press.
Sounding like a broken record, or a talking parrot, depending upon your point of view, Clarke declaimed:
``We could wake one morning and find a city, or a sector of the country, or the whole country have an electric power problem, a transportation problem or a telecommunication problem because there was a surprise attack using information warfare.''
"Clarke compared the reliance [on computer networks] to former drug addicts enrolled in a recovery program," read the AP article.
``We need to take a lesson from that -- at least they know they have a dependency problem. Many of you are still in denial.''
"[Clarke] said [programmers] hired to make a company's computer system Y2K compliant could easily slip `a little Trojan horse or malicious code' into the system instead."
``We expect that (terrorists) will attempt to use Y2K as a cover for putting some kind of attack into a vulnerable place . . . That is, when a Y2K solution goes in, they will fly underneath that with an attack of their own that will shut the system down . . . " said Utah Republican Senator Bob Bennett at a National Press Club event.
-------------
The Los Angeles Times continued the proud tradition of unsophisticated, shallow reporting on "electronic Pearl Harbor" with an October 31, 1999 -- Trick or Treat day in LA county -- article, entitled: "US Scurries to Erect Cyber-Defenses."
The article, written by Bob Drogin, is unspectacular in that it merely mimics similar reporting done by competing newspapers weeks -- well, actually sometimes even years and months -- before the LA Times joined the business of recycling the same cliches.
(See entries for October 9 and October 7 for more comment on Drogin-penned material or this analysis on Moonlight Maze for related text.
In the Times piece, it's "round up the usual suspects:" "The stakes could not be higher," writes Drogin. " . . . how can America best protect itself from hostile nations, foreign spies, terrorists or anyone else armed with a computer, an e-mail virus and the Internet?"
(NB: Actually, Drogin -- from a technical standpoint -- appears to be underprepared for this article. Macro viruses come in infected documents transmitted as file attachments -to- e-mail, of which the recent Melissa was one example; the Good Times virus -- or Join The Crew, or Penpal, or Just Say Yes to Jesus -- still don't exist.)
George Tenet, CIA director is quoted: "Potential targets are not only government computers but the lifelines we all take for granted -- our power grids and our water and transportation systems."
Another Pentagon wargame scenario, this time called Zenith Star, is invoked. The standard pro forma claims are issued: "enemy hackers supposedly had triggered blackouts . . . They paralyzed 911 systems . . . They started disrupting crucial Pentagon computer networks."
Repetition is a component of the Times piece.
Just a couple paragraphs from the mention of Zenith Star, the Pentagon's 1997 grail, Eligible Receiver, is repeated. The same claims are made: " . . . a team of NSA hackers proved that they could easily disable power, telephones and oil pipelines across the country as well as Pentagon warfighting capabilities."
The reader should ask himself this general question: If such claims are so demonstrably obvious -- which is a characteristic of the general direction of reporting on "cyberwar" -- why is it necessary to repeat them so frequently?
"We see more and more terrorist organizations . . . are recruiting computer-smart people and even providing the training for them," said John Campbell of the Pentagon's Joint Task Force for Computer Network Defense.
And those terrorist organizations would be? No one can say.
An anonymous "senior" official makes an appearance: "[we are] under constant attack, more than one a day from outside the country."
The usual ripping up of Webpages from NASA-JPL, NDU.EDU., the Naval Coastal Systems Center and others are offered as proof of cyberattack.
And Moonlight Maze was an operation in which "vast amounts of technical defense research were illegally downloaded and transferred to Russia."
And those materials would be? No one can say.
Addendum: Crypt Newsletter asks its readers to review recent quote on EPH, starting with a statement from the National Security Council's Jeffrey Hunker:
"[The term Electronic Peal Harbor] connotes this 'lights-out' idea," Jeffrey Hunker for Defense Information magazine on October 22. "It tends to oversimplify the threat, which ranges from existential terrorism to overt acts to overthrow the military. . . . It trivializes the real [danger], which I think is much more than what's been understood."
From the LA Times, attributed to CIA director George Tenet:
"Potential targets are not only government computers but the lifelines we all take for granted -- our power grids and our water and transportation systems."From the LA Times, attribution by way of the Pentagon's John Campbell of the Zenith Star "operation" -- "enemy hackers supposedly had triggered blackouts . . ."
From Richard Clarke, National Security Council counter-terrorism expert, in the August issue of Signal magazine:
"Envision all of these things happening simultaneously - electricity going out in several major cities; telephones failing . . ."
Again, from Richard Clarke, this time in the February 1, 1999, issue of the New York Times:
"I'm talking about people shutting down a city's electricity . . . shutting down 911 systems, shutting down telephone networks and transportation systems. You black out a city, people die. Black out lots of cities, lots of people die."
-------------
The Economist published a "cyberwar" editorial on October 30 entitled "Asia's lethal computers: Nerd world war." As far as "electronic Pearl Harbor"-related pieces went, it displayed the "Yellow Peril" and the let's-write-about-what-might-have-happened- not-what-did fetishes.
"Hacking, spamming and spreading viruses. Each is a means to disrupt an enemy's computer systems, and each has been employed by whizz-kids, maybe [CN emphasis added] even by governments, in recent international disputes . . . " read The Economist.
"Especially in Asia, computer nerds have nudged their way to the front line this year, arguing that the Internet is a potent weapon."
The editorial outlined a few "cyberwars" that were said to have happened -- but which seem to accomplish nothing -- if they are even noticed at all outside of the media. "Jose Ramos Horta, a Timorese leader, vowed that specialists would infect computers of the Indonesian banking system with viruses," read the article.
"One report suggests that 72,000 'cyberspace attacks' [have been] launched from China against Taiwan in August alone."
"The toll can be severe," wrote The Economist. "The Pentagon reckons that last year the Taiwanese spread two viruses, known as the Bloody 6/4 and Michelangelo . . . They damaged some 360,000 computers in China, at a cost of $120 million."
CN has no idea where this wild-ass quote came from but it can tell its readers that the idea of using the Michelangelo and Bloody computer viruses in a "cyberwar" is absurd. Neither virus is spread on the Internet or by networked computer connections. Both are very old boot sector computer viruses -- infectious programs that add themselves to the system sectors of diskettes, floppies and a PC's hard disk. They are -- or rather more accurately, were spread in the first years of the decade by exchange of infected floppy disks. Both have long been essentially extinct on western computers. The idea that one could have a "cyberwar" in which the enemies throw virus-infected diskettes back and forth at one another in the wishful hope that something bad might happen illustrates the rather quaint technical ignorance about computer viruses in those who would believe this stupid claim.
"Hackers at NATO may [CN emphasis added] have meddled with Yugoslavia's communications system . . . "
"Cyber attacks have become a favourite topic of military strategists," read The Economist.
No argument there.
-------------
The truly wonderful thing about "electronic Pearl Harbor" and "cyberwar" is that you can declare both without providing any evidence to substantiate either.
"U.S. Opened Cyber-War During Kosovo Fight" was the title of a Scripps Howard News Service piece that ran in the Washington Times on October 24, 1999.
Even by the stretchy standards of "electronic Pearl Harbor" story-telling, the missive was notable for its megalomaniacal and grandiose tone.
"With utmost secrecy during the war in Kosovo, the United States triggered a superweapon that catapulted the country into a military era that could forever alter the ways of war and the march of history . . . Silently, American forces launched offensive cyber-combat, a development of breathtaking promise and peril that some experts say matches in significance the first use of bombs dropped from warplanes during World War I and the nuclear decimation of Hiroshima in 1945," claimed the piece.
This is a rather interesting claim . . . in the sense that the observation of delusional and psychotic behaviors are interesting.
Essentially, it compares an alleged cyberwar in Kosovo -- of which it has been remarkably hard to glimpse even the slightest manifestation -- with the incineration of tens of thousands of Japanese civilians by atomic bomb in World War II.
Which Crypt Newsletter thinks its readers will agree . . . was hard to miss.
The Scripps Howard article was filled to the gunwhales with theories, hypotheses, sci-fi scenarios and a standard number of anonymous national security sources peddling the same.
To wit, "a cruise missile [could be reprogrammed] to turn around and plow into the ship or plane that fired it."
"Details are still classified, but top U.S. military officials only now confirm that during NATO's air war last spring, the United States launched a computer attack on Yugoslav systems . . . " went the piece.
Details about U.S. "cyberwars" are always secret -- classified. Ssshhhh! It burnishes their cachet. However, the Scripps piece was wrong about the confirmation of cyberwar vs. Serbia.
Unnoticed by many in the big mainstream media, the magazine Inside the Army published an article during the Kosovo conflict on April 20 of this year. In it, readers find: "[Asst. Secretary of Defense John Hamre stated] U.S. forces are conducting their own cyber attacks on Serb computers describing a campaign [waged by the Air Combat Command] as 'very heavy electronic warfare against a capable opponent'."
Claims made by the Scripps piece include anonymous sources claiming such non-provables as disruption of the Serbian command network and "keyboard warriors" planting fake electronic mail.
US info-warriors, claimed the article, "can plant computer viruses, erase computer memory, turn an electrical grid on or off and redirect the flow of money in, for instance, a leader's bank account."
Which fails to explain why the Air Force relied so heavily upon high explosive bombs and fancy chaff dispensers -- things you can see as opposed to things you can't -- to attack the power plants around Belgrade.
"Also vulnerable to U.S. cyber-attacks are such critical pillars of foreign civilian infrastructure as public telephone networks; electric or gas production and distribution; water supply; emergency services; financial systems; mass transit, railways and airports," reads the article.
It's no surprise that Crypt Newsletter maintains most of the debate about information warfare coming from the Pentagon is the equivalent of a propaganda war meant to impress Congress, other military men sanguine about its efficacy and passers-by rather easily gulled by Tom Clancy-like stories at home and abroad.
There are, to be sure, literally many easily understood reasons for this: massaging of budget requests, pseudo-public justification for projects of uncertain quality (CN calls this the "My-boss-thinks this-is-a-waste-of-time-so-plant-something-to-the-contrary-in-the- local-paper-that-he'll-read-at-breakfast" ploy), simple ego, salesmanship gone mad, different agencies all jockeying for command roles in the alleged endeavor, et cetera.
While our information warriors are said to be the mightiest in the world, the Scripps Howard piece also reads: "A nation that would have no chance challenging America's conventional or nuclear forces might well prevail in a computer attack."
Then the standard "electronic Pearl Harbor" cast of enemies to the American way are invoked as potential threats: "Among the most sophisticated are India, Syria and Iran [anonymous] experts say."
And the Chinese -- outraged over the bombing of their embassy in Serbia -- "revealed an astonishing 3,000 to 4,000 'back doors' into U.S. computer systems" -- constituting another unverifiable and, on the face of it -- rather ludicrous, claim supplied by "Jay Valentine, head of Infoglide Corp., an Austin, Texas, company that investigates computer security breaches for the U.S. government."
The article goes on to state that this is only "about 5 percent" of the trapdoors the always-to-be-watched Chinese have been able to install in American computer systems.
In the spirit of the times, where the Yellow Peril is now said to be responsible for many plots often seemingly derived from the spirit of Sax Rohmer and his sinister Dr. Fu Manchu -- the theft of nuclear secrets, the planting of software boobytraps under the cover of Y2K remediation, the running of intelligence operations in America under the cover of Chinese-American businesses -- the commie Chinese are also said to be possibly planning to strike America with computer viruses.
If so, they will have to achieve something really spectacular, Crypt News notes, or the accomplishment will likely go unnoticed among the 40,000 computer viruses already tabulated in anti-virus industry labs.
The remainder of the article is devoted to stereotypical and often mutually contradictory Strangelovian theorizing by assorted Pentagon and intelligence agency windbags over the alleged capability of information warriors -- the same talk that has been circulating since 1993.
1. " . . . But a cyberattack on a country's power grid, while militarily defensible, can cause more calamities than a missile and far more 'collateral damage' to innocents than it causes harm to an enemy's forces or ability to fight."
2. Less civilian casualties -- because it's only cyberwar, not blow-'em-up-type war.
3. More civilian casualties -- because cyberwar is more dangerous than blow-'em-up-type war. "It is not benign. It can potentially be very, very deadly," according to "Michael Swetnam, a CIA veteran and consultant to the White House and Senate."
4. Cyberwar could escalate to nuclear war: "Russia, for instance, already has vowed that it will react to a computer attack 'by any means' - including with nuclear weapons."
This is what the info-war hawks at the Pentagon love to talk about.
A great deal of the flavor of bloviation in this article can be seen as the result of simple mirroring. American journalists covering these stories tend to be uncognizant of the impact on people overseas of the periodic, albeit often weird, declarations of the U.S. Department of Defense and ancillary national security mandarins.
Quite frequently those on the receiving end go on to imitate the same, so as not to appear laggard before their national leaders.
For example, National Security Council-member Richard Clarke stated for the press in March of this year that, "An attack on American cyberspace is an attack on the United States, just as much as a landing on New Jersey . . . The notion that we could respond with military force against a cyberattack has to be accepted."
And the US Army rather publicly announced at the beginning of the decade that it was interested in getting into the business of developing computer viruses as weapons to be thrown at an enemy.
The December 1991 issue of the Bulletin of Atomic Scientists, for instance, featured an un-bylined article entitled "Attention hackers: Uncle Sam wants you," which read: "The US Army has caught the computer virus bug and is now expanding its interest in germ warfare to include electronic germs."
The US Army, said the article, was "soliciting proposals for the development of a 'weaponized virus' or a piece of 'malicious software' that could destroy enemy computers or software."
"This is the Army, we're in the weapons business," said one of the Army's project engineers.
It comes as no surprise, then, when other countries issue similar proclamations . . . sometimes years after the US military professed a desire for involvement in the same types of projects.
In fact, a good intelligence analyst would tell you this is to be expected.
Postscript: Humor break -- in late 1996, Crypt Newsletter added the following definition to the Joseph K Guide to Tech Terminology in response to similar articles on the i-war "superweapon:"
mutual assured annoyance (MAA): the state that exists when U.S. Department of Defense information warriors engage in secret combat with hackers or the information warriors of other nations.
Usage: Colonel Crystal often thought about the consequences that might befall him should his Air Force superiors ever discover that the best result his team of information warriors could hope for was mutual assured annoyance of the enemy.
-------------
October 24, 1999: A Los Angeles Times story entitled "Some Fear Sabotage by Y2K Consultants: Foreign contractors in particular may be infecting programs as they fix 2000 bugs US security experts warn" was largely more of the same completely unsubstantiated "the foreigners are doing it"-type drivel common to stories of its type.
The Times coverage, as has been the paper's trend in this area, has been heavily dependent upon repetition of the same substance, quotes and sources that have appeared previously in other publications covering the topic.
"Some of the people hired to make computer programs Y2K compliant, including foreign contractors, may have deliberately infected them with hostile programming code," writes the LA Times.
In any case, the Times article does not supply any specific examples of such -- a generic characteristic of EPH stories focusing on the peril of alleged saboteur programmers inserting computer viruses into systems under the cover of Y2K remediation.
It cites Terrill Maynard's National Infrastructure Protection Center report alleging the same.
The Times article fails to mention to readers that Maynard's report was remarkable for its total lack of verifiable citation of specific examples of programming sabotage.
A couple of sources for the story mention that it is "unfair to point the finger at overseas programmers."
A computer consultant selling services to uncover Y2K saboteurs, Warroom Research, makes the claim it has uncovered "a dozen" such instances.
And they would be? Of course, the company does not say for the Times.
But it gets the press, anyway.
Then the usual anonymoids show up from the White House and the National Security Council.
"We think there's a vulnerability . . . " says one for the Times.
Another one billed as a "senior Clinton official," curiously, is quoted as claiming, "There's a lot of silly talk out there."
Physician-heal-thyself alert. The Times fails to mention in its article that White House officials, National Security Council counter-terror "experts" and Clinton administration appointees are responsible for a great deal of "the lot of silly talk."
Specifically:
Around October 7 -- "Michael Vatis of the National Infrastructure Protection Center, the top U.S. `cybercop,' warned . . . that changes to computer software that might threaten security could have been planted by foreign contractors under the guise of Year 2000 bug fixes."
And in another example from August -- Richard Clarke, the White House's counter-terror expert on the National Security Council:
"It is at least theoretically possible that a nation could insert such trapdoors, and then make demands of the United States under threat to our infrastructure."
And another Clarke-ism from the same time:
"It doesn't merely have to be the use of a trapdoor to enter a system, seize control and destroy the system . . . Any combination of malicious virus, denial of service and trapdoor disruptions can create chaos."
-------------
October 22, 1999: A Defense Information and Electronics Report story entitled "DOD Official Says Hackers Are More Sophisticated Since Solar Sunrise" reveals a Pentagon official, Arthur Money, and a National Security Council official, turning up the volume once again on the issue of cyberterror.
It's worse than "electronic Pearl Harbor," claims an official, adhering steadfastly to the pro forma requirements of a good "electronic Pearl Harbor" story:" absence of smoking guns, allegations that unnamed "state actors" are involved and reliance on impressive-sounding but devoid-of-content policy wonk jargon like "assymetric attack" and "existential terrorism."
"Moonlight Maze brings a whole different, much more sophisticated approach . . . But it also brings another dimension -- no longer with hackers, but with the problem of a state-sponsored attack," said Money for the publication.
Ironically, alert readers will recall that Arthur Money has not been averse to contributing to the mythos of the hacker as national security menace with his old story of hospital blood-type information tampering. (See September 8, 1999 entry, below.)
The publication explains that Moonlight Maze was more serious than a previous cyberwar the Pentagon blew the whistle on -- Solar Sunrise -- "because of reports the hacking originated from the Russian Academy of Sciences . . . Reports indicate the hackers accessed sensitive DOD science and technology information."
"Moonlight Maze points a much stronger feasibility of an asymmetrical attack sponsored by a nation state," writes the publication.
The DI&ER article went on to mention that critics of the Pentagon maintain DoD uses EPH to scare financing from Congress.
Money said for the magazine that the danger of EPH was "not exaggerated."
Jeffrey Hunker, a colleague of Clinton administration counter-terror guru Richard Clarke (also well known to readers of this archive), claimed that "electronic Pearl Harbor" is not scary enough to accurately describe the nefarious Internet threats aimed at the Department of Defense.
"[The term Electronic Peal Harbor] connotes this 'lights-out' idea," Hunker said for Defense Information. "It tends to oversimplify the threat, which ranges from existential terrorism to overt acts to overthrow the military. . . . It trivializes the real [danger], which I think is much more than what's been understood."
NB: Perhaps Hunker should scold his partner on the National Security Council, Richard Clarke, for "trivializing the real danger." In August, Clarke, expanding on a scenario for "electronic Pearl Harbor," stated for Signal magazine: "Envision all of these things happening simultaneously - electricity going out in several major cities; telephones failing . . ."
Th national security mandarin rhetorical tactic for this week can be boiled down to the following:
If the current propaganda on "electronic Pearl Harbor" is insufficiently menacing-sounding, make claims that the shadowy evil is even worse than previously imagined.
-------------
October 9, 1999: "In Theory, Reality, US Open to Cyber-Attack -- An NSA test exposed vulnerability of critical computer systems to hackers; Outside assault proved it," was the sensational headline from the Los Angeles Times.
The piece continued the trend of inexplicably poor reporting on Moonlight Maze by the Times.
LA Times reporter Bob Drogin's pieces on Moonlight Maze in the second week of October have been notable for their great reliance on anonymous sources and a number of notable factual gaffes.
In paragraph seventeen, buried near the end of the piece, Drogin writes: "Indeed, the evidence suggests a certain amount of hype and hysteria have overshadowed the reality of cyberspace."
It was an inadvertently telling choice of words, for in the story's second paragraph -- one of the piece's impact points -- Drogin falls prey to the same phenomenon.
Drogin invokes the Pentagon ghost story of Eligible Receiver -- the secret DoD wargame conducted two years ago which proponents of "electronic Pearl Harbor" insist demonstrated the nation could be flattened by cyberattack.
Drogin writes: "The [Eligible Receiver] hackers broke into networks that direct 911 emergency systems."
It is a clear and rather extravagant error.
Appearing in June of 1998 to testify before Congress, Ellie Padgett, deputy chief of the National Security Agency's office of defensive information warfare spoke of how Eligible Receiver addressed the alleged vulnerability of the 911 phone system.
In a simulated exercise, Padgett said, "we scripted (an) Internet message (that) would be sent out to everybody saying there was a problem with the 911 system, understanding that human nature would result in people calling the 911 system to see if there was a problem."
The working idea in this part of Eligible Receiver revolved around the hypothesis that many people viewing the message on the Internet in a newsgroup might panic and phone their local 911 trunk, causing a jam-up on the line.
"It can probably be done, this sort of an attack, by a handful of folks working together . . ." Padgett said.
This is an extremely far cry from Drogin's assertion that the 911 system was broken into by alleged Eligible Receiver hackers. In fact, it has nothing at all to do with breaking into a 911 computer system, whatever that might be.
However, it is consistent, thematically, with the flavor of of the mythology propagated on Eligible Receiver.
In fact, during an interview with Crypt Newsletter in the summer of 1998 concerning Eligible Receiver, a Pentagon spokeswoman for the affair asserted "no actual switching systems" were broken into at any time during Eligible Receiver. She went on to say that Eligible Receiver had only simulated these attacks on NSA computer networks set up to emulate potential domestic national systems.
Nevertheless, Drogin also writes in paragraph two of the Times piece: "In less than three months, the [Eligible Receiver hackers] secretly penetrated computers that control electrical grids in Los Angeles, Washington, and other major cities."
The lead claims in the Los Angeles Times article are the framing points for a larger discussion on how Moonlight Maze has publicly proved what the Eligible Receiver exercise secretly demonstrated two years ago, which constitutes another rather extensive leap in linking the facts that are known about both.
Drogin quotes from counter-terrorist "czar" Richard Clarke:
"An enemy could systematically disrupt banking, transportation, utilities, finance, government functions and defense."
The Clarke quotes are functionally identical to the same assertions made for Signal magazine (see below) in August of this year when it was suggested that the Freedom of Information Act could be "modified" as part of a plan to help protect us from cyberattack. They add nothing to the actual body of knowledge on Moonlight Maze.
"It's cheaper and easier than building a nuclear weapon," said Clarke for the LA Times.
Buried in Drogin's piece is comment by John Gilligan who "directs information technology and information systems at the [Department of Energy.]"
Gilligan, while talking about hacker attacks, "[also argued] that the danger is usually overstated," according to the Times.
"To get access to the electricity grid computers, to start to shut some of the grid, you have to really work at it . . . To do a Pearl Harbor, you need a lot of inside information."
Which is precisely the point Crypt Newsletter made in a more lengthy article late last year.
Or read this media analysis condensing what is known about Moonlight Maze over the past nine months.
-------------
On National Public Radio's "All Things Considered," Representative Curt Weldon declaimed on topics related to Moonlight Maze.
"[Curt] Weldon says a successful hacker could disrupt civilian life, striking hospitals or train systems," said the NPR interviewer.
WELDON: "It's not a matter of if America has an electronic Pearl Harbor, but when."
This favorite Weldon mantra has appeared a number of times in the past year.
(See August 8 and March 5, 1999 entries, below.)
-------------
October 7, 1999: "Everyday a new cyberwar!"
Bob Drogin of the Los Angeles Times filed a front page story entitled "Yearlong Hacker Attack Nets Sensitive US Data." It was, you guessed it, on Moonlight Maze.
Drogin's story, while lengthy, produced no new information on Moonlight Maze. In it, no one could say with any precision what had been stolen that was so important, other than the usual references to "unclassified but still sensitive information about defense technical research matters."
Drogin's piece stated that Wednesday marked "the first public confirmation of Moonlight Maze. This was flat-out wrong. The first public confirmation of Moonlight Maze was before Congress by Curt Weldon and Asst. Secretary of Defense John Hamre in the first quarter of this year.
Note 1: The genesis of Moonlight Maze: Read about how Pentagon info-warriors claimed we were in the secret cyberwar earlier this year.
The Los Angeles Times article was notable for its genuinely excessive reliance on anonymous sources passing on innuendo, speculation, hypotheses and gossip on the matter.
Some excerpts:
" . . . circumstantial evidence points heavily toward a Russia-based intelligence gathering operation, officials said."
"'There are strong indications and it's our belief, that it's coming from Russia and that it may be a sponsored activity,' a senior Energy Department official said."
"Another computer security expert called Moonlight Maze 'the longest-running and most widespread attack we've seen. It's not been stopped . . . It's not even clear why. But the consequences are potentially huge."
"One US intelligence veteran, now a Senate staff member, said that the Internet has created huge new opportunities, as well as frightening vulnerabilities, for spy agencies around the world. 'Think of it . . . You can sit anywhere in the world now and run a spy operation.'"
"A senior White House official said that the evidence so clearly points to Russia that it almost seems like a deliberate diversion."
"Other intelligence experts argued that skilled hackers hired by Russian organized crime elements may be probing for commercially valuable information."
"Some experts suggested that France, a longtime proponent of economic espionage, may be the ultimate customer. That theory also remains unproved, however . . . "
Which would seem indisputable.
-------------
The CIA's Foreign Broadcast Information Service (FBIS) supplied a brief October 7 report from Moscow's ITAR-TASS news service entitled: "Russian Intelligence Denies Alleged Cyber Attack on US."
"Russian intelligence has nothing to do with stealing information from U.S. Federal networks," Boris Labusov, spokesman for the SVR Foreign Intelligence Service, told Itar-Tass on Thursday [7 October].
"Labusov noted that 'American specialists never found out the source of the attack, they just mentioned it came from Moscow.'"
"[Labusov] said just ordinary amateur hackers or secret services from third countries might well be behind [Moonlight Maze]."
This continues a recent pattern in which parties associated with the US government or Pentagon repetitively accuse other nations of engaging in cyberwar or cybersabotage against American assets.
Earlier this month, a National Infrastructure Protection Center analyst issued a report alleging unnamed foreign computer programmers from India, China, Israel and a host of other countries were quite possibly engaged in vague but nefarious plots to install software backdoors in American operating systems as part of plans to bring about "electronic Pearl Harbor."
Subsequently, Indian officials denied such was the case.
-------------
Everyday a new cyberwar -- another in a continuing series!
In the continuing manic theme that is "cyberwar" Reuters published "Y2K seen as possible cover for Cyberwars" on October 7, 1999.
While it repeated much of the cliches currently in favor, it was unusual in that it actually presented the view of a few skeptics.
"If you've been worrying that the worst case scenario for the millennium computer bug is that your heating could fail for a couple of days or the traffic lights go on the blink, brace yourself . . . Some military experts fear that guerrillas or rogue states might launch assaults on communications networks under cover of the millennium computer bug in what's been called a possible `Digital Pearl Harbour.'"
"Michael Vatis of the Federal Bureau of Investigation, the top U.S. `cybercop,' warned . . . that changes to computer software that might threaten security could have been planted by foreign contractors under the guise of Year 2000 bug fixes."
"The good news is that this information warfare or `NetWar' is considered unlikely."
The Reuters report added that terrorists wishing to attack a nation's infrastructure "would be more likely to try to blow [it] up with conventional explosives."
Paul Beaver, a Jane's Defence Weekly flugleman, mystifyingly implied Serbian hackers were the only ones capable of attacking the West.
``I don't think there is anyone around with the motive to do anything with the exception of the Serbs; they are the only people with the technical capability who are a potential enemy and might have a grudge.''
``This idea of a digital Pearl Harbour, the Americans are worried about it, but more as a long term problem than just Y2K.''
You ain't just whistlin' Dixie, cobber.
``I have my doubts about this digital Pearl Harbour syndrome, you have to assume some rationality even in terrorists,'' added another expert for Reuters.
"Real bombs are more likely than computer attacks," wrote Reuters.
``The notion that terrorists are thick and lash out at things around them is wrong," was still another piquant quote.
The Reuters piece then went back to the idea that foreign nations have used their programmers to sap and impurify our precious bodily fluids by planting boobytraps and computer viruses in software during Y2K remediation.
``The longer term problem is to what extent have terrorists or criminals been able to get into corporate and government networks and plant problems for the future like logic bombs.''
-------------
Everyday a new cyberwar -- another in a continuing series!
While the US mainstream media has been obsessing about Moonlight Maze this month -- the story of unnamed "Russian hackers" attacking the Department of Defense in a secret cyberwar (that actually made similar rounds in the first quarter of the year) -- gone unnoticed is this next small item from the Australian Associated Press.
"Hackers from US military base attack ASX system" was the title of an Australian news story on October 3 -- about unnamed "American hackers" who had tried to break into the Australian Stock Exchange from a U.S. military base.
Crypt Newsletter can't help but smile at the irony of this situation and it is purely the milk of human kindness that prevents it from pointing out too strongly that the Australians don't seem to have as catchy a name in their press as the US media does in "Moonlight Maze."
"Computer hackers from a United States military installation had tried to break into the Australian Stock Exchange's data base, ASX managing director Richard Humphry revealed [on October 3]" wrote the Australian wire service.
"[Humphry] said the attempt from the US military installation 'was trying to break into our site, but had broken into another site to achieve that objective.'"
"We were able to trace that back to another country, and to an installation that was associated with military activities and accordingly we contacted the defence department and asked that they advise us the likelihood that this country was attempting some form of attempted break into our database," Humphry said for AAP.
"[Humphry] said he had received an assurance that there was no possibility of the attack being an official attempt to breach the ASX's security arrangements . . . it was understood the attempt came from an airbase situated in a western US state."
Buried in the Australian news was a comment from a spokesperson at the Australian Stock Exchange that the cyberwar coming from the US military site occurred in late 1998. Why this would suddenly be news in the last quarter of 1999 was not explained by the news organ.
-------------
Everyday a new cyberwar, et cetera!
October 7, 1999: a New York Times story entitled "Computer Intruders Apparently From Russia, Senate Panel Is Told" joined the media cascade on Moonlight Maze. As has been the pattern with Moonlight Maze, the Times story added nothing to information already published. It did, however, rehash the same gossip and repeat the usual warnings about national computer danger repeated since 1992.
"Intruders who stole sensitive information on Defense Department weapons during a widespread series of attacks on government and private computer networks are apparently based in Russia, an FBI official told a Congressional panel . . ." wrote the Times, referring to NIPC's Michael Vatis.
Vatis' testimony on Moonlight Maze, in fact, has been in response to continued media interest in it -- not because anything special appears to be happening re US national security interests.
Lost in much of the overheated coverage on Moonlight Maze was Vatis testimony before Congress that most computer security breakdowns can be traced to insiders.
"Senator Robert F. Bennett, a Utah Republican who is chairman of a special Senate committee that is overseeing Year 2000 efforts . . . [said] 'The challenge of information warfare will be the No. 1 security issue for the next administration," wrote the Times.
He proposed "electronic FEMA" -- this on top of the already endless proposals for computer security czars and super-spying networks to combat the dread threats coming at us from the Internet.
And, of course, it doesn't mention all the agencies already in place that allegedly make claims to be dealing with the threat -- like the NIPC, the Critical Infrastructure Assurance Office (CIAO), the NSA, the too numerous to count DoD computer emergency response teams, the Department of Energy's Computer Incident Advisory Capability (CIAC), the NSTAC (the National Security Telecommunications Advisory Committee) the . . . well, you get the picture. One could fill a fair-sized pamphlet with names and numbers.
"I think there are indications that there will be some [attacks] -- not teen-agers hacking, but nation-states . . . We are living in a new world, a world where there is no sanctuary. It becomes very important to start thinking that way," Bennett said for the Times.
-------------
October 6, 1999: "Cyber Blitz Traced To Russia, FBI Says," was a story issued by Reuters. Once again it revives Asst. Secretary of Defense John Hamre's Moonlight Maze -- rapidly becoming the "Eligible Receiver" of 1999 in this year's stories on "electronic Pearl Harbor."
"A major effort to pierce U.S. government and private-sector computer networks seems to have originated in Russia, a top U.S. law-enforcement officer told Congress Wednesday," wrote Reuters.
NIPC head Michael Vatis was testifying before John Kyl's Senate Judiciary Subcommittee on Technology and Terrorism. For want of a better descriptor, Kyl is basically the Senate version of "electronic Pearl Harbor" dilettante Curt Weldon. (Read more on Kyl, Weldon and Moonlight Maze in subsequent entries.)
The astute reader will note that Vatis did not actually say anything new on Moonlight Maze.
In Moonlight Maze, Vatis said intruders had stolen ``unclassified but still-sensitive information about essentially defense technical research matters.''
``About the furthest I can go is to say the intrusions appear to originate in Russia,'' he said.
A Pentagon public relations officer "said the Defense Department knew of no classified information that had been jeopardized in the Moonlight Maze intrusions."
Like so many things having to do with secret cyberwars and "electronic Pearl Harbor," testimony and gossip on Moonlight Maze have been all over the map.
The following, a selection of quote from recent stories, illustrates the mutually contradictory nature of it:
From Newsweek reporter Greg Vistica: "This was, Pentagon officials say flatly, 'a state-sponsored Russian intelligence effort to get U.S. technology' -- as far as is known, the first such attempt ever by Russia."
From Federal Computer Week: ". . . Pentagon officials and security experts refute claims that the Russian government officially took part in a computer break-in that reportedly resulted in the theft of sensitive naval codes and missile-guidance data."
From Federal Computer Week: ". . . a DOD spokesperson called recent media coverage of [Moonlight Maze] 'a combination of outright fabrications, distortions and incorrect quotations,' adding that military secrets were not compromised."
From a London Sunday Times piece which ran in July:
"The intelligence heist . . . that could cause damage to America in excess of that caused by Chinese espionage in nuclear laboratories, involved computer hacking over the past six months."
From Reuters: ". . . the Defense Department knew of no classified information that had been jeopardized in the Moonlight Maze intrusions."
Reuters attributed Senator John Kyl with "frequently" mentioning ``electronic Pearl Harbor.''
"[Michael] Vatis linked the greatest potential national-security threat to ``information warfare,'' the ability to launch viruses and other cyber weapons against the bits and bytes that glue modern life," wrote Reuters.
The wonderful thing about secret cyberwar is that it can be anything anyone wants it to be. In secret cyberwar, it is not really necessary that anyone be an actual reliable witness to it or that effects of it even be presented or seen.
-------------
October 1, 1999: Electronic Pearl Harbor between 1:30 and 3:30 quoth the teenage hacker.
"Hacker Threatens To Leave Country In The Dark" was the headline of an un-bylined story issued by Reuters on Wednesday, Sept. 29.
"A computer hacker has threatened to break into the computers of Belgian electricity generator Electrabel Wednesday afternoon and halt the power supply to the entire country," proclaimed the news service in 500-word squib.
``Tomorrow I will leave Belgium without power, and that is not so difficult,'' an anonymous hacker crowed to a Belgian newspaper.
``Wednesday I will get into Electrabel's computers between 1:30 and 3:30 in the afternoon and shut down all the electricity.''
The Belgian electric company, Electrabel, "said it was taking the threat seriously but felt that the hacker had little chance of succeeding."
``There is very little chance that Belgium could be without power,'' said a corporate spokersperson.
No national blackout was subsequently reported.
Reuters reporters have established a reputation as easy targets for "hacker" pranks. Earlier this year, the news agency ran a story in which a hacker group claimed to have hijacked a British military satellite. This, too, was revealed to be without substance. (See below or Crypt News 51 for extended comment).
This new addition to the Crypt Newsletter Joseph K Guide to Tech Terminology results:
cyberwar: a condition in which electronic conflicts, threats and absurd claims are reported by the media but not experienced by anyone else. Anonymous teenagers or employees of the Pentagon tend to be central players.
Usage: After being forbidden to attend a rave in Antwerp by his mother, the teenage "hacker" went grumpily to his room and declared a cyberwar on Belgium by sending a menacing electronic mail to a local reporter.
-------------
September 27, 1999: "Department of Defense Preps For Y2K-Related Cyberattacks," was the title of this story in Federal Computer Week.
The Pentagon continues to feed the idea that the New Year will bring upon us "electronic Pearl Harbor."
"DOD and intelligence officials are concerned that rogue nations or foreign intelligence agents may use Year 2000 failures as a smokescreen to take down or steal electronic information from sensitive DOD networks," writes FCW.
"Sandia National Laboratories officials [said] that 'terrorists, hackers and other criminals might use Y2K-induced infrastructure failures as cover for theft, arson, bombings, etc.'"
Hackers are going to use alleged Y2K glitches to start fires and blow up buildings?
The FCW article writes the Pentagon has "established five graduated Year 2000 alert levels that DOD will use to warn units of imminent Year 2000-related threats." However, such a threat tier appears to already be in place at DoD with the INFOCON system -- warning levels used to describe information warfare conditions DoD-wide.
"Under the highest state of Year 2000 vulnerability -- Y2K Posture Level One -- DOD units are advised to prepare for 'deliberate information operations attacks and opportunistic engagements by hostile forces.'"
That is, smoking keyboards, crashing networks, PC's bursting into flame and a condition of general war against US forces.
Paradoxically, DoD's Y2K Posture Level One would appear to be identical to its INFOCON DELTA, like Y2K Posture Level One, the fifth tier in an infowar alarm system. INFOCON DELTA is for: smoking keyboards, crashing networks, PC's bursting into flame and a condition of general war against US forces.
It is perplexing why DoD would create two functionally identical warning systems for infowar conditions. This would appear to be a a good recipe for confusion if the systems become unsynchronized or are interpreted heterogeneously throughout the US military.
"Defense Secretary William Cohen is expected to issue the first Year 2000 posture statement after Sept. 30," writes FCW.
FCW continues that the Joint Task Force for Computer Network Defense (JTF-CND) and the National Infrastructure Protection Center will conduct a classified conference on October 4 and 5 called "Preparing for the Cyber War."
-------------
September 13, 1999: The story of Moonlight Maze is one that refuses to die.
Appearing in the first quarter of this year and timed to coincide with FY 2000 budget determinations, John Hamre and Congressman Curt Weldon warned of a secret "Russian attack" on US intelligence secrets allegedly located in cyberspace.
The original story petered out around March but was revived again in July of this year when the London Sunday Times published a piece on it.
Throughout the latter part of the summer, reporters from the mainstream media contacted Crypt Newsletter about it.
All of the reporters contacting Crypt Newsletter for comment had one thing in common: They were all working from the exact same crib sheet.
In addition to being inspired by the London Sunday Times piece (see below), the reporters all said or wrote that one "anonymous" source in "the Pentagon" was informing them that "Russian hackers" working off of the "Russian Academy of Sciences'" Internet domain were "involved."
This being the case, one cannot totally dismiss the possibility that one person or office within the Pentagon or Department of Defense is attempting to pump this story into the mainstream U.S. media for the usual "cyber-scare" purposes.
The latest appearance of "Moonlight Maze" comes from Newsweek, September 13, in Gregory Vistica's "We're In The Middle Of A Cyberwar." The Newsweek title is actually an old quote attributed to the Pentagon's John Hamre and lifted from the first quarter of the year. As such, the quote has become a watermark for stories on Moonlight Maze, although reporters employing it in the last quarter of 1999 rarely mention to their readers that it dates from much, much earlier in the year and a series of functionally identical articles published in the mainstream media at that time.
Vistica's article reports nothing new. However, it takes all of its cues from the London Sunday Times piece and republishes, unattributed, much of the quote, phraseology, innuendo and unsubstantiated gossip from it. The same Murderer's Row that appears in all stories on Moonlight Maze -- Curt Weldon, John Hamre, and/or an unspecified "anonymous" Pentagon source -- appear.
"Russian hackers may have pulled off what could be the most damaging breach ever of U.S. computer security . . ." writes Vistica breathlessly.
"It's being called 'Moonlight Maze' . . ." which creates for Newsweek readers the impression that it is relatively new . . . when it is anything but.
"This was, Pentagon officials [anonymous, of course] say flatly, 'a state-sponsored Russian intelligence effort to get U.S. technology' -- as far as is known, the first such attempt ever by Russia."
Postscript: On September 27, 1999, Federal Computer Week published a story on "Moonlight Maze" by reporter Dan Verton. Entitled "Russia hacking stories refuted," the piece stated flatly, "DOD sources say U.S. military secrets were not compromised."
Bias disclosure: Crypt Newsletter was a quoted source in this article.
". . . Pentagon officials and security experts refute claims that the Russian government officially took part in a computer break-in that reportedly resulted in the theft of sensitive naval codes and missile-guidance data," wrote FCW.
". . . a DOD spokesperson called recent media coverage of [Moonlight Maze] 'a combination of outright fabrications, distortions and incorrect quotations,' adding that military secrets were not compromised."
This is an interesting quote because it reveals that some anonymous parties within Department of Defense become dismayed when the Pentagon's original propaganda on info-war takes on a life of its own and spins out of control in the mainstream media.
Consider, it was Asst. Secretary of Defense John Hamre who started the news of Moonlight Maze when he went before Congress to attest in classified session that the US was under attack from the Internet by foreign parties in the first quarter of the year.
One of the anonymous sources peddling the story of Moonlight Maze through the summer, "who works for a major Internet domain registration firm, said he found copies of DOD duty rosters, network maps and photographs of DOD facilities residing on servers belonging to [the alleged attackers]."
"George Smith, editor of the Crypt Newsletter . . . said the so-called offensive C2 network in [Russia] 'sounds like a good description of a common playground for teenage hackers -- Russian, American, European or Asian.'"
"As far as the pictures of DOD facilities and other materials that sources claim to have found on Russian systems, Smith said that type of material can be found in many places on the Internet."
" 'Portions of DOD are prone to yell cyberwar at just about any potential misuse of cyberspace,' he said."
-------------
"Info war or electronic saber rattling?" was the title of a Ziff-Davis News story by Kevin Poulsen, on September 8, 1999.
Rather tepid stuff, by Poulsen's standards (he, a famous uber-hacker who has done his share of time in the big house), it demonstrated that, disappointingly, no matter your credentials, Ziff-Davis can straight-jacket even the most legitimately opinionated of its correspondents into a mostly vanilla-flavored flugleman for whatever power-suited tripe comes out of the dog-and-pony shows that pass for information warfare conventions.
Reporting from Winn Schwartau, Inc's. annual infowar convention in Washington, DC, (although he doesn't mention it by name in the text) Poulsen quoted the ubiquitous "electronic Pearl Harbor" dilettante, Pennsylvania Congressman Curt Weldon.
Speaking as one of Schwartau, Inc's featured EPH-pitchmen (for which assorted military types and corporate managers will pay $1000 or so a ticket to hear), Weldon said: "In my opinion, neither missile proliferation nor weapons of mass destruction are as serious as the threat you are here to discuss."
This was quite surprising, as far as Weldon propaganda goes, actually, because it was only two years or so ago that the Republican from the House used almost exactly the same terms to describe what was then his current fad worry: loose Soviet suitcase nukes.
Dreaded loose Soviet suitcase nukes were said to be possibly floating around in the criminal underground, just waiting for the right buyer wishing to blow up an American city. The Russians denied it, Weldon ranted, the Russians denied it, Weldon ranted, the Russians denied it . . . no cities blew up, and Congressman Curt moved on to better things . . . like "electronic Pearl Harbor."
Representative Weldon has become well known inside the Beltway for his remarkable ability to see things others cannot quite glimpse.
The loose Russian suitcase nukes are only one of the first entries in a growing list of dreadful menaces that has also included "Russian hackers" attacking Department of Defense computers in operation Moonlight Maze and the threat of nefarious nuclear weapon-pumped electronic attack on the US mainland.
At a conference in June of this year hosted by the Armed Forces Communications & Electronics Association (AFCEA), Weldon intimated that another threat facing the nation was that of an electromagnetic pulse attack in which an enemy would detonate a hydrogen bomb high in the atmosphere over the continent in order to destroy the country's electronic communications networks. However, even the Pentagon has been reluctant to accept this as a reasonable possibility.
At Schwartau, Inc., Poulsen quoted Weldon, retelling this howler: that of the computer terrorist changing patient blood-type information at a U.S. hospital through remote diddling.
The blood-type-information-tampering hacker is a legend that has been floating around in different flavors for a number of years. Late in 1998 it got renewed impetus when the Pentagon's chief information officer, Arthur Money, put it into one of his speeches. (See Crypt News 51)
Money embedded it as yet another techno-myth in the public domain when he informed a group of journalists at an AFCEA convention in 1998 -- the same one in which Curt Weldon indicated that the nation was at risk from a nuclear missile-pumped electromagnetic attack -- that "hackers" had altered information in a medical database by changing the data on blood types of soldiers.
Several news sources subsequently reported the story. And it has already become an addition to the "lore" on the alleged "capabilities" of anonymous hackers.
However, none of it was true. Money neglected to inform his audience that the "incident" was a simulation from another Pentagon wargame.
Money -- heh, heh, just kidding, folks -- later corrected himself.
More recently, this ghost story, in slightly different text, raised its head in a CIA Foreign Broadcast Information Service translation of a Russian TV segment on hackers broadcast by Moscow NTV on the 29th of August.
From the FBIS translation of the script, the Russian TV correspondent recounts: "In a shoot-out FBI agents wounded a criminal who could have given them a lead to an entire gangster syndicate. The colleagues of the bandit, who was taken to hospital and was being heavily guarded there, tried to do away with him several times, using their usual methods. To no avail. And then hackers took over . . . Because his condition was extremely serious, he was put on an artificial blood circulation system and a cardiostimulator. It is no secret perhaps that in America all electronic systems, including medical ones, are interlinked within a net so that help could be provided quickly, another hospital could be consulted and so on. Using the Internet criminals, broke into this hospital's local network and then into the patient's cardiostimulator and changed the stimulator's programme with remote control. The patient died."
Later on in the Russki TV script, another giggler erupts:
"Well-known Hollywood scenes showing some intellectually advanced terrorists destroying spacecraft or blowing up chemical plants or power stations with the help of a computer are not an invention by sci-fi writers. Today this is real, says a representative of the FBI in Moscow. At least one case has been reported in which a recently launched satellite was lost due to intervention by hackers."
This particular hoax was accepted by a couple of news services earlier this year and later disowned with little notice. In the first week of March 1999, Reuters and the London Daily Telegraph reported a British defense satellite had been hacked and, as a result, lost. The British Ministry of Defense subsequently issued a humorous denial and Reuters repudiated its piece on the subject but the hoax was nevertheless successfully injected into the electronic aether of the misinformation warriors. (See Crypt News 54 -- special edition.)
The Russian TV show also claimed "hackers" could write software "causing people to have hallucinations," which is still another myth . . . but not worth going into in detail here.
In any case, like most hoaxes and myths, no one ever cites real people, places or things attached to them. At Schwartau Inc's convention, Weldon couldn't name names for Poulsen, either.
"Not everyone is convinced that America is facing an electronic Pearl Harbor, though," wrote Poulsen.
Do tell.
At the close of the piece, Poulsen quoted EPIC's Marc Rotenberg naysaying the notion.
Postscript: This year's edition of Schwartau, Inc. also features another famous gobbler of hoaxes, James Adams -- he of Gulf War virus myth infame, as chairperson of a workshop rather ironically entitled: "Perception Management in Peace, Conflict, and War."
-------------
In an August 31, 1999 edition of Reuters' "Netrends" feature, journalist Dick Satran trotted out a couple computer security industry marketing reps and corporate salesmen to warn that hackers and other unnamed terrorists were poised to use the cover of the Millenium to strike with viruses and assorted software boobytraps.
"The threat ranges from the pranksters -- people who celebrate the millennium by hacking a few computers -- to cyber-terrorists who want to bring modern civilization to its knees," declared Constance Fortune, a vice-president for Science Applications International Corp. (SAIC) menacingly. SAIC has often aggressively marketed its expertise in providing info-war "solutions" for computer threats it just happens to warn the press of.
"You need people who recognize the signs of an attack, and who are trained to shut down the system as soon as possible when [trouble] hits," added Fortune. And who can supply such people? Why, SAIC, naturally.
"We're already seeing lots of (Y2K hacker) postings [on the Internet]," continued the SAIC sales veep, helpfully.
The SAIC marketroid alleged further that programmers hired to fix Y2K-related problems were also quite possibly using the opportunity to install malicious software which would later be exploited by unnamed hackers. SAIC, of course, knows how to handle such problems.
One hacker was quoted as saying the computer security industry was purposely exaggerating the case for malicious meddling and virus peddling to boost sales of its services.
Science Applications International Corporation's Fortune also made an appearance in an Australian Associated Press article published on June 15, entitled, "Y2K problem opens door for cybercrime."
"The Y2K bug had created a diversion large enough for cyberterrorists to wreak more havoc on the world's computer systems than any computer virus, a computer security conference [in Brisbane] was told today," said the article.
"Those who create viruses, worms and other destructive computer phenomena have found ways to take advantage of the Y2K problem," said the Science Applications marketroid for reporters.
"By working through the programming gaps, cybercriminals and cyberterrorists may gain unauthorised access to the technology and information on other parts of the system," she said for AAP.
"If that system is a major military or financial system, the results could be disastrous and the Y2K problem would take the blame."
Science Applications International Corporation employees appear infrequently in the mainstream media to sound the alarm on this topic. The distinguishing characteristic of their media testimony is the company's unwillingness to cite specific, verifiable examples.
Another example: In late 1998 Science Applications International Corporation vice-president, Duane Andrews, who appears multiple times in this archive -- claimed for USA Today -- "We have seen multiple times where Y2K activity has resulted in trap doors being placed in commercial systems."
More on Duane Andrews of SAIC.
Currently, Rob Rosenberger at Virus Myths is running an in-depth page on media-declared cyberwars and alleged virus attacks timed to coincide with Y2K.
-------------
The August '99 issue of Signal magazine ran a long interview with counter-terror national security advisor Richard Clarke.
Entitled "Hidden Hazards Menace U.S. Information Infrastructure," it contained all of the cliches, bromides and unbacked-up theories and allegations about information warfare that Crypt Newsletter readers have come to know and love over the past five years.
"The greatest threat to U.S. security may come from internal software or hardware trapdoors lying dormant in the nation's critical infrastructure. The digital equivalent of Cold War moles, these hidden threats would serve as access points for criminals, terrorists or hostile governments to extort money, impel foreign policy appeasement or ultimately launch crippling information attacks on the United States," states Signal.
There is "a very real possibility of an electronic Pearl Harbor," said Clarke for Signal.
"Without computer-controlled networks, there is no water coming out of your tap; there is no electricity lighting your room; there is no food being transported to your grocery store; there is no money coming out of your bank; there is no 911 system responding to emergencies; and there is no Army, Navy and Air Force defending the country . . . All of these functions, and many more, now can only happen if networks are secure and functional.
"A systematic [attack] could come from a terrorist group, a criminal cartel or a foreign nation . . . and we do know of foreign nations that are interested in our information infrastructure and are developing offensive capabilities that would allow them to take down sectors of our information infrastructure."
For Signal, Clarke claimed "trapdoors" unspecified and theoretical, "some of which may already be in place, as the greatest potential threat to the information infrastructure. Residing in the operating systems of key networks that support the U.S. critical infrastructure, these trapdoors would provide windows of opportunity for any ill-intentioned adversary to wreak considerable havoc. 'It is at least theoretically possible that a nation could insert such trapdoors, and then make demands of the United States under threat to our infrastructure.'"
And then the standard cyber-terror scenario that any fifteen year-old could dream up was deployed.
"One possible scenario would feature a demand leveled by a foreign government or terrorist group. When the U.S. government refuses to comply, this adversary demonstrates its capabilities by reducing a region of the United States to chaos. 'I think the capability to do that probably exists in the hands of several nations,' Clarke states. 'I think it could exist in the near future in the hands of criminal and terrorist organizations.'"
Clarke then repeats the mantra of "Eligible Receiver": "Envision all of these things happening simultaneously -electricity going out in several major cities; telephones failing in some regions; 911 service being down in several metropolitan areas. If all of that were to happen simultaneously, it could create a great deal of disruption, hurt the economy . . . "
The updating and patching of software is detailed as a grave threat to national security.
"Malicious individuals and organizations regularly peruse [software patch] lists, and they probe systems to find someone who has not applied the patch," said Clarke.
Clarke alleges, theoretically -- of course, that foreign governments inimical to the United States, could be, were or are inserting malicious trapdoors in the computer and networking industry by having their agents pose as programmers who are subsequently hired to do contract work on the inside. So anyone who employs foreign nationals, or Chinese-Americans, or . . . or . . . is vulnerable. " . . . a few could act as enemy saboteurs, either sympathetically or through blackmail or bribery."
"Malicious, self-propagating viruses strike computer systems worldwide," states Signal, rather obviously. Therefore viruses, too, will be the harbinger of "electronic Pearl Harbor." "It doesn't merely have to be the use of a trapdoor to enter a system, seize control and destroy the system . . . Any combination of malicious virus, denial of service and trapdoor disruptions can create chaos," states Clarke.
Clarke democratically opines for Signal that the US government is willing to work with corporate America to change laws that could be "impediments to information assurance and security."
And these impediment laws might be?
Why, only ". . . the Freedom of Information Act, antitrust legislation and liability laws," reads the Signal piece.
-------------
On Sunday, August 8, 1999, the Los Angeles Times published a story by one of its Washington, DC, bureau reporters, Jube Shiver. Entitled "Infamous Hacker's Sentencing Brings Little Comfort to Officials," the story -- although featuring a photo of Kevin Mitnick from 1995 -- was not really about him . . . but more along the lines of the stereotype "electronic Pearl Harbor" piece.
Indeed, in the fourth paragraph, Shiver quoted Rep. Curt Weldon: "It's not a matter of if America has an electronic Pearl Harbor . . . It's a matter of when." Crypt Newsletter readers know the quote isn't new, dating from March of this year when it showed up in story supplied for an MSNBC piece written by Robert Windrem and John Miklaszewski.The Times piece suffered from the same shortcomings the vast body of literature on the subject already suffers from -- non-specific, unverifiable mumble about attacks by "terrorists" or "foreign nationals." " . . . domestic and foreign terrorists are taking aim at government computers," writes Shiver. No terribly convincing examples are cited other than the standard teenage defacement of government Websites.
[NB: If one makes the assumption for a moment that cyberterrorists aimed at bringing down the American way of life are, as the mainstream media intimates, ubiquitous as ants at a picnic -- the empirical evidence would seem to indicate that they should be encouraged to keep wasting their time messing with the Internet and virtual .mil domains to no visible effect.]
Anyway, Shiver repeats Curt Weldon's announcement about "Russian hackers" attacking the US, originally aired in other newsmedia in the first quarter of this year.
Dubbed "Moonlight Maze" by John Hamre of the Pentagon, the story has more recently (as you have read) been revived by the London Sunday Times. Although Shiver does not call it "Moonlight Maze," he paraphrases Weldon's reference to it by writing, "[Weldon] added that the attackers included not just teenagers but also 'foreign nationals.'" The "foreign nationals," as is standard practice in these types of stories, remain unidentified.
"Indeed, the FBI estimated that illegal hacking of Web sites in general caused more than $123 million in losses last year and said that the activity poses 'a growing threat . . . to the rules of law in cyberspace,'" writes the Times.
However, by matter of contrast Crypt Newsletter notes that $123 million/year in damages, while only a guess by the FBI, pales in contrast to other common price tags: $2 billion for one combat ready B2 Stealth bomber, for instance; $40 million for an emergency Y2K office that the President wants to run for one weekend on January 1; $4.5 - 5 billion which President Clinton wants to earmark for extended computer security and counter-computer terror activities, on top of that which is already spent as a matter of day-to-day course in corporate, academic and government America.
Shiver cannot -- or does not -- get the government or independent sources to provide any substantive proof of any potential for EPH other than the ripping up of a number of trivial Web pages that did not even exist a couple years earlier.
"Although experts are uncertain whether the defacement of government Web sites may be a barometer of the government's vulnerability to more serious computer threats . . . The ease with which some government computers are being broken into has important implication for the nation."
One of the implications? "Electronic commerce cannot flourish unless those using the Internet have faith that transactions are secure."
This would probably constitute really startling news to regular users of Amazon . . . or CompuServe . . . or AOL . . . or eBay . . . or eTickets, all of whom seem to, as a group, have a fair amount of confidence in electronic commerce.
Crypt Newsletter has never actually heard any Amazon user, and it knows a few, say, "Geez, I'm going to stop buying my books and CDs online because Curt Weldon and the Pentagon and newspapers said 'foreign nationals' are attacking our military in cyberspace and all our wallets in cyberspace must be next."
-------------
"CyberScare" was published by ABCNEWS.com on August 4, 1999. "Beware the next Pearl Harbor! It won't come by sea, air or land. The next great threat against American could come by computer . . . at least that's what top Clinton administration officials say while trying to drum up national awareness about attempts to hack into U.S. government . . . systems . . . "
Crypt Newsletter gives this article a solid "thumbs up"! But it's biased, since the piece is critical and CN was quoted extensively.
Read "CyberScare" at ABCNEWS.com
-------------
This next article, published by the United Kingdom's "Register" on August 2, 1999, never mentions "electronic Pearl Harbor" directly but is exactly about EPH . . . being a summation of beliefs delivered by US cyber-warriors that January 1, 2000 will be the equivalent of December 7, "a day that will live in infamy."
Unlike the vast majority of counterparts in the US press, the Register's article is actually quite good. It brings an inspired sarcastic delivery to what most reporters only write about with hackneyed hysteria.
"US govt views Y2K rollover with fatalism" goes the piece.
At a Congressional hearing of the Senate's Y2K Committee, The Register writes: "The sexy topics for this hearing were cyberterrorism and information warfare. The cast of witnesses included Michael Vadis [sic], director of FBI's National Infrastructure Protection Center (NIPC); John Koskinen, chairman of the President's Information Coordination Center (ICC); and Richard Schaeffer, director of infrastructure and information assurance for the Department of Defence (DOD). Their theme, endlessly repeated, was that Y2K stuff-ups are going to provide an unfortunate layer of cover for terrorists and hostile military organisations belonging to various tribes without the law, enabling them to visit secret plagues upon information systems graciously maintained by decent Christian peoples."
"No one is saying whether the digital barbarians really are at the gate, or who they are if so . . ." continued the piece, which is a rather astute statement concerning the claims of the info-warriors and mandarins of national security.
Richard Clarke, Bill Clinton's counter-terrorism point man, was absent from the hearings commented the publication. Although expected, The Register opined that Clinton advisors had sandbagged Congress and found an excuse to keep him away so he would not have to testify about FIDNET, the grand Federal plan to monitor all of US cyberspace, leaked a day before the Senatorial hearing.
Instead, committee co-chair Sen. Christopher Dodd (D -- Conn) had to rely on Michael Vatis, head of the National Infrastructure Protection Center.
Dodd, wrote The Register, inquired of Vatis whether there was any "hard evidence" the US was being cyber-attacked by foreign military organizations."
"I wouldn't want to answer in this forum," Vatis said.
The hearings also discussed the Clinton administration's proposal to spend $40 million taxpayer dollars on an Information Coordination Center (ICC) to handle alleged Y2K meltdowns, unspecified attacks on the US infrastructure, and other related but only vaguely described computer catastrophes expected on January 1.
-------------
From the London Sunday Times, July 25, 1999:
"Russian Hackers Steal US Weapons Secrets" was the title of this breathless article.
"American experts have long warned of a 'digital Pearl Harbor' in which an enemy exploits America's reliance on computer technology to steal secrets or spread chaos as effectively as any attack using missiles and bombs." wrote the Times.
In this piece, the ubiquitous Assistant Secretary of Defense, John Hamre, appeared claiming: "We are in the middle of a cyberwar."
This particular "cyberwar," which you may not have heard of, has been dubbed Moonlight Maze.
The Hamre quote is not new, dating from the first quarter of the year. [See subsequent entries.]
The Times wrote this secret cyberwar could be with Russia or China and speculated: " . . . Russia's relations with America have reached their lowest ebb since the Cold War because of NATO's intervention in Yugoslavia. Relations with China have also suffered. An offensive in cyberspace may be their one way of retaliating without getting into a shooting war."
-------------
On June 26, 1999, the Christian Science Monitor featured a story entitled: "The hidden dangers of information warfare."
The Monitor's reporter cited the Pentagon's secret exercise, Eligible Receiver, as an opportunity to invoke the cliche.
". . . Operation Eligible Receiver demonstrated the potential vulnerability of the U.S. government's information systems. The National Security Agency hired 35 hackers to launch simulated attacks on the national information structure. The hackers obtained 'root access' - the highest level of control - in 36 of the government's 40,000 networks.
"If the exercise had been real, the attackers would have been able to create power outages across Los Angeles, Chicago, Washington, and New York. They could have disrupted the Department of Defense's communication systems (taking out most of the Pacific Command) and gained access to computer systems aboard U.S. Navy vessels.
"It was a disturbing exercise. So much so, that several top White House officials have spoken of the possibility of an 'electronic Pearl Harbor' attack on the U.S. mainland. Added to these vulnerabilities is the fact that most Americans have no sense of how information warfare will affect them."
Further along, the Monitor called upon James Adams to provide the pro forma warnings.
"It is a very serious problem," said Adams for the Monitor. "And it's getting more serious day by day. The structures that we have held constant for many years are disappearing and we need to look at things with new eyes. After all, your defenses are only as good as the single event that takes you down."
Adams is well-know to Crypt Newsletter readers as author of "The Next World War," a book on the threat of information warfare that contained a number of laughable hoaxes, among them the infamous Gulf War virus myth, the writer accepted as fact.
Adams is also the director of iDefense, a northern-Virginia based firm that offers consulting services aimed at the avoidance of the type of "electronic Pearl Harbor" scenarios he predicts.
An iDefense press release distributed on June 3, 1999, states, in the grand hyperbole that is rather standard for missives distributed via PR Newswire:
."Infrastructure Defense, Inc. (iDEFENSE), an innovative market leader in protecting industry from cyber- attacks, announced today the launch of the only service available to the private sector that provides daily, comprehensive critical infrastructure threat and vulnerability alerts. Available next Monday (6/7/99), the unique service provides iDEFENSE clients daily notification and tailored analysis of a wide range of threats, vulnerabilities and incidents that could adversely impact their critical business operating systems.
"The ongoing cyber-war between the government and various hacker groups highlights the urgency for the public and private sectors to develop a comprehensive approach to protecting the 'critical infrastructure.' While the hackers are currently focused on federal computer systems, the skirmish could quickly spill over into the private sector . . . 'One need only look at today's headlines to recognize industry's need for iDEFENSE -- the trusted source for knowledge it can use to protect the critical networks and systems upon which it are so dependent," said James Adams, CEO of iDEFENSE. "iDEFENSE draws upon an unparalleled understanding of the critical infrastructure and a keen awareness of the growing threats and vulnerabilities confronting industry to provide its clients a timely and truly unique service."
Crypt Newsletter notes that dozens of relatively new companies, many of them based in northern Virginia, also offer "the only service available to the private sector that provides daily, comprehensive critical infrastructure threat and vulnerability alerts."
-------------
U.S. Deputy Defense Secretary John Hamre warned Congress of an "electronic Pearl Harbor" by cyber-terrorists on March 9, 1999, and said the target is more likely to be commercial than military. "And this Pearl Harbor's going to be different," Hamre said scarily. "It's not going to be against Navy ships sitting in a Navy shipyard. It's going to be against commercial infrastructure . . . "
-------------
"It's not a matter of if America has an electronic Pearl Harbor -- it's a matter of when," said Rep. Curtis Weldon, R-Penn, to reporters John Miklazewski and Robert Windrem, for MSNBC on March 5.
In the same article and for the New York Times, Richard Clarke, a Clinton advisor on terrorism, said "An attack on American cyberspace is an attack on the United States, just as much as a landing on New Jersey . . . The notion that we could respond with military force against a cyberattack has to be accepted."
Acting on the advice of Clarke, President Clinton recently proposed spending $1.5 billion for cyberdefense.
Clarke, who has also employed the phrase "electronic Waterloo," because "electronic Pearl Harbor" isn't sufficiently scary, "is the genius who overrode the State Department, the CIA and the Joint Chiefs of Staff and got Clinton to launch cruise missiles at training camps in Afghanistan and a medicine factory in Sudan, in hopes of killing the alleged terrorist mastermind Osama bin Laden," reads a piquant quote from an editorial that ran in the February 2 issue of the San Francisco Examiner.
"All [Clarke] got was a night watchman and a few guerrilla trainees whose comrades are now even madder at us," it continues.
"In 1986, Clarke hatched a plan to wage psychological warfare against Libya's Moammar Gadhafi by having spy planes set off sonic booms over his head . . . "
-------------
Pentagon "information technology czar" Arthur Money told the trade publication Defense News on March 8, 1999, "We are appalled at how lax the public and industry are . . . I think it would take an electronic Pearl Harbor to wake up industry."
Money's use of the info-warrior cliche came as a result of more efforts before Congress -- and anyone who will listen, really -- to raise more, um, money for cyberdefense. And what is Money's money? Fifteen billion dollars -- a figure carried over from a 1997 Defense Science Board report authored by Science Applications International Corporation (SAIC) vice-president Duane Andrews.
Andrews, as you will read, is also featured in this piece for his publicity contributions in 1996 and 1993.
Late in 1998 Crypt Newsletter wrote in "Issues in Science & Technology" magazine: " . . . [a] reason to be skeptical of the warnings about information warfare is that those who are most alarmed are often the people who will benefit from government spending to combat the threat. A primary author of a January 1997 Defense Science Board report on information warfare, which recommended an immediate $580 million investment [and $15 billion over five years] in private sector R&D for hardware and software to implement computer security, was Duane Andrews, executive vice president of SAIC, a computer security vendor and supplier of information warfare consulting services."
This struck a nerve at the Pentagon and prompted a letter of response from Deputy Secrety of Defense John Hamre that read, in part:
". . . I take particular exception to [Crypt News'] insinuation that those who express concern about information warfare do so mainly because they will benefit from the resulting government spending. For several years a wide variety of sources in and out of government-private industry advisory councils, think tanks, academia, as well as entities such as [Duane Andrews'] Defense Science Board -- consistently have said we must do more in the area of information assurance and computer security. It is hardly surprising that some of the proponents of this research should work for companies who do business with the Defense Department. To impugn the integrity of their analysis on the basis of these associations does a disservice to those whose judgment and integrity I have come to value deeply."
The recent budget requests for cyberdefense were also tied to Pentagon-triggered media reports that Department of Defense was in a cyberwar with parties unknown.
-------------
On February 1, 1999, The New York Times' Tim Weiner profiled Richard Clarke: "The Man Who Protects America From Terrorism."
"[Richard Clarke's] stock in trade is the stuff of techno-thrillers -- biological bombs in the Wall Street subway, chemical clouds of death in the Pentagon parking lot, cyberwar attacks . . . "
"The mission of protecting Americans from attack, whether by states or rogue groups," wrote the Times, "is 'almost the primary responsibility of the government.' [Clarke] is trying to raise the fear of terrorism in the United States to the right level -- higher, not too high -- as he girds the nation against the possibility of an assault from nerve gas, bacteria and viruses, and from what he calls 'an electronic Pearl Harbor.'"
"In his office, where a small sign reads 'Think Globally/Act Globally,' he spoke passionately about the threat of cyberwar, invisible attacks on the nation's computers, a terror so insidious, so arcane he has trouble convincing corporate chieftains and political commissars it is real. But it is out there, somewhere, he says, even if he can't prove it," wrote the Times reporter.
"There is a problem convincing people that there is a threat . . . There is disbelief and resistance. Most people don't understand. CEOs of big corporations don't even know what I'm talking about. They think I'm talking about a 14-year-old hacking into their Web sites."
Clarke rambles on, referencing the Pentagon's secret wargame "Eligible Receiver," but not mentioning it directly: "I'm talking about people shutting down a city's electricity . . . shutting down 911 systems, shutting down telephone networks and transportation systems. You black out a city, people die. Black out lots of cities, lots of people die. It's as bad as being attacked by bombs."
"An attack on American cyberspace is an attack on the United States, just as much as a landing on New Jersey . . . The notion that we could respond with military force against a cyber-attack has to be accepted."
"Imagine a few years from now: A president goes forth and orders troops to move. The lights go out, the phones don't ring, the trains don't move. That's what we mean by an electronic Pearl Harbor."
"Clarke's profile first surfaced in 1986," Weiner writes. "He was an intellectual author of a plan to use psychological warfare against the Libyan leader, Moammar Gadhafi. Under his plan, flights of SR-71 spy planes set off 'sonic booms over [Gadhafi'] head, to tell him his air defenses couldn't stop us,' and mysterious American rafts floated up on the shores of Tripoli, Clarke said. The operation backfired when the Reagan White House was caught planting a false report in The Wall Street Journal about Libya's support of terrorism."
---------------
The following citation is rather too rich in irony: On December 7, 1998, President Clinton's special counter-terror assistant, Richard Clarke, announced: "If an attack comes today with information warfare . . . [it would be] much, much worse than Pearl Harbor."
---------------
On May 25, 1998, Brigadier General Robert F. Behler of the Strategic Command stepped up to the plate in the pages of Federal Computer Week to opine on "electronic Pearl Harbor" in a piece entitled "Fighting the virtual Cold War: There's no peace in cyberspace." Excerpts are included for your reference.
"Less than a decade after the Berlin Wall came tumbling down, we are in the midst of a new Cold War," stated Behler on the secret cyberwars of the Internet.
"A digital enemy can bypass the military and take down critical infrastructure -- automated power plants, stock markets and transportation systems -- and disable this nation without firing a shot . . . Call it a virtual Cold War . . ."
"As the point man for computer security at the U.S. Strategic Command, which directs all U.S. strategic nuclear forces, I'm keenly aware of the stakes of warfare in the cyberworld. Each day, I see evidence that the United States is in a digital war with cyberbandits and terrorists who are intent on destroying our nation's computer systems. We are faced with individuals who may attack our computer systems, and more than 30 nations have sponsored programs to disrupt information systems worldwide. Experience has taught me that there is no peace in the cyberworld."
"Keeping ahead of cyberenemies must become a national priority . . . I suggest the United States commit to a 'Year of Cyberspace Security.' Such an initiative would range from teaching schoolchildren the consequences of giving out their Internet addresses to developing better means of safeguarding sensitive information.
". . . Are we losing this war in cyberspace? Maybe; at this time I'm not certain. But I am certain that if we maintain the current level of complacency about computer security, 21st century cyberwarlords will 'eat our lunch.'
". . . The Year of Cyberspace Security is an idea whose time has arrived. We must step up to this challenge now or face an electronic Pearl Harbor . . ."
---------------
Twice in the May 1997 issue of WIRED magazine, both in John Carlin's "Farewell to Arms."
1. "We will have a cyber equivalent of Pearl Harbor at some point, and we do not want to wait for that wake-up call," attributed to former U.S. Deputy Atty. General Jamie Gorelick.
2. "I-war can be the kind of neat, conceptually contained electronic Pearl Harbor scenario that Washington scenarists like -- collapsing power grids, a stock market software bomb, an electromagnetic pulse that takes the phone system out."
---------------
Twice in Robert Minehart's tutorial on Information Warfare, a course currently presented by the U.S. Army's training school in Carlisle, PA. Minehart's bio refers to him as an NSA/CIA/DIA employee and Visiting Professor of Information Warfare at Carlisle. Minehart prefers "Information Pearl Harbor" to "electronic Pearl Harbor" but as far as Crypt Newsletter is concerned, they're the same thing.
1. "So what would an effective Information Pearl Harbor look like?"
2. "The U.S. may find it difficult to use military force in response to an Information Pearl Harbor-type attack."
---------------
Once by John Woodward, a mouthpiece for MITRE Corporation in McLean, VA, in a long-winded 1997 company Website sales pitch for hiring MITRE expertise in avoiding "electronic Pearl Harbor":
"It's MITRE's job to keep the information warfare equivalent of [electronic] Pearl Harbor solely and exclusively in the realm of simulation."
Also attributed to Woodward, "MITRE is the best source on information warfare in the world." Of course, how could it be otherwise?
---------------
"Electronic Pearl Harbor" was invoked three times by strategist Martin Libicki, in "Defending Cyberspace and other Metaphors," a paper on info-war published by the Pentagon-administered National Defense University in Washington, D.C. The paper appeared earlier this year and Libicki uses the term "digital" in place of "electronic."
1."A strategic motive for a digital Pearl Harbor could be to dissuade the United States from military operations (perhaps against the attacking country) or to hinder their execution by disrupting mobilization, deployment, or command and control.
2. "How much damage could a digital Pearl Harbor cause?"
3. "A more pertinent question than how much damage a digital Pearl Harbor might cause is how well hackers attacks can delay, deny, destroy, or disrupt military operations."
---------------
In the January 6, 1997 edition of the Wall Street Journal, reporter Tom Ricks attributes Duane Andrews of Science Applications International Corporation and the Pentagon's Defense Science Board with:
"Warning of a possible 'electronic Pearl Harbor,' the task force appointed by the Defense Science Board also said the Pentagon should seek the legal authority to launch counterattacks against hackers."
Keep in mind SAIC, like MITRE Corporation, advertises its skills in avoiding problems related to "electronic Pearl Harbor."
---------------
"We could be on the brink of an 'electronic Pearl Harbor' or an 'information Chernobyl' and not even know it."
This one was uttered by Frank Morgan, an Air Force Intelligence Agency/Air Force Information Warfare Center officer out of Kelly AFB, Texas, in an article for the September 1996 issue of Airman magazine entitled "Info Warriors!"
---------------
In Cybernautics Digest, Vol. 3, No. 7 (1996), "All's Not Quiet on the Information Front":
"Pentagon officials fear an electronic Pearl Harbor: an attack which could go undetected until it is too late."
---------------
"[John] Deutch favors center to avoid `electronic Pearl Harbor' and [it] would not require hiring new personnel," showed up in a July 1, 1996 story on Congressional testimony on the subject of hackers and info-war. It appeared in Federal Computer Week.
If you've been following newspapers, sometimes it seemed as if CIA-director Deutch spent most of 1996 talking about "electronic Pearl Harbor," a remarkable feat from someone who could not distinguish the PenPal Greetings Net virus hoax from reality.
And in the same story, a couple paragraphs on:
"I don't know whether we will face an electronic Pearl Harbor, but we will have, I'm sure, some very unpleasant circumstances in this area," said John Deutch.
Postscript: In rather too obvious a case of delicious irony, John Deutch demonstrated in 1999 that even he didn't take his propaganda on "electronic Pearl Harbor" and the necessity for rigid computer security very seriously. Deutch received a reprimand for copying materials from a classified intelligence agency computer system to his home -- unclassified -- PC.
It was, Crypt Newsletter wagers, a "very unpleasant circumstance" for the former CIA leader.
And you can read about how John Deutch was taken in by the famous Penpal Greeting virus hoax.
---------------
"Senator Sam Nunn (D-Ga.), who chaired the hearing, raised the issue of 'an electronic Pearl Harbor' against the 'national information infrastructure,' and asked 'are we fully alerted to this danger now?"
The above quote came from an article written by John Elliston for something called "Dossier." It, of course, also repeats the Deutch "electronic Pearl Harbor" quote -- published by hundreds around the country -- taken from the same July 1996 Congressional hearings.
---------------
"We're facing an electronic Pearl Harbor," said Ronald Gove, a vice president of Science Applications International Corporation, at a 1995 National Computer Security Association Info-war conference, as reported by a September '95 issue of the Arizona Star.
---------------
"The Pentagon's New Nightmare: An Electronic Pearl Harbor" was the title of a Neil Munro-penned editorial in the July 16, 1995 edition of The Washington Post.
---------------
And in Alvin and Heidi Toffler's 1993 book entitled "War and Anti-War," "electronic Pearl Harbor" is said to be just waiting to happen. (Page 149 in a section entitled "Info-terror.")
Duane Andrews of Science Applications International Corporation also makes an appearance in the Toffler book, and similar to what he said in 1997, he says in "War and Anti-War:" "Our information security is atrocious, our operation [secrecy] is atrocious, our communications secrecy is atrocious."
---------------
Other interesting articles du jour: