Threat of computer sabotage looms Published: Oct. 29, 1996 BY STEVE LOHR New York Times It was the OPEC meeting in May 2000 that started the crisis. The oil-price hawks, led by Iran, demanded a sharp cutback inproduction to drive prices up to at least $60 a barrel. The stormy gathering of the Organization of Petroleum Exporting Countries ended on May 4, with a shouting match betweenthe Iranian and Saudi Arabian oil ministers. Over the next two weeks, Iran and its allies mobilized troops and fired on Saudiwarships. But they also unleashed an arsenal of high-technology weapons to try to destabilize the Saudi government andprevent the United States from intervening. A huge refinery near Dhahran was destroyed by an explosion and fire because of a mysterious malfunction in itscomputerized controls. A software logic bomb caused a new Metro-Superliner to slam into a mis-routed freight train nearLaurel, Md., killing 60 people and critically injuring 120. The Bank of England found sniffer programs running amok in its electronic funds transfer system. And a computer wormstarted corrupting files in the Pentagon's top-secret force deployment database.The opening scenes from a Hollywood script or a new Tom Clancy novel? No, these are excerpts from a role-playing gameconducted last year at the Government's National Defense University in Washington. The goal was to generate some seriousthinking about ''information warfare.'' Today, there are a lot of people thinking seriously about information warfare, not only at the Pentagon and the CIA but also inthe executive offices of banks, securities firms and other companies. Once dismissed as the stuff of science fiction, high-techinformation warfare is fast becoming a reality.Defense and intelligence officials believe that enemy nations, terrorists and criminal groups either already have thecapability to mount information warfare strikes or soon will. Criminals are quickly progressing beyond the vandalism andpetty theft associated with teenage hackers and into robbery and extortion schemes ranging up to millions of dollars,corporate executives and private investigators say.Future targetsIn the future, they fear, information warfare assaults could be made against commercial networks like the banking system orutilities in several states.Yet there is a heated debate among experts in this emerging field about whether the kinds of catastrophic incidents cited inthe National Defense University war game are imminent threats or worst-case nightmares.''A couple of years ago, no one took information warfare seriously,'' said Howard Frank, director of the informationtechnology office at the Defense Advanced Research Project Agency, or DARPA. ''But the more you learn about it, the moreconcerned you become.''Others reply that the worst threats mentioned are mostly speculation. ''Information warfare is a risk to our nation's economyand defense,'' said Martin Libicki, a senior fellow at the National Defense University. ''But I believe we will find ways tocope with these attacks, adjust and shake them off, just as we do to natural disasters like hurricanes.''Experts on both sides of the debate do agree that the growing reliance on computer networks and telecommunications ismaking the nation increasingly vulnerable to ''cyber attacks'' on military war rooms, power plants, telephone networks, airtraffic control centers and banks.John M. Deutch, the director of the CIA, told Congress in June that such assaults ''could not only disrupt our daily lives, butalso seriously jeopardize our national and economic security.''''The electron, in my view,'' Deutch warned, ''is the ultimate precision-guided weapon.''President Clinton last July created a Commission on Critical Infrastructure Protection to craft a coordinated policy to dealwith the threat.Special units establishedWithin the government, information warfare tactics and intelligence are highly classified issues. But the CIA has recentlycreated an ''Information Warfare Center.'' And the National Security Agency intends to set up an information warfare unitstaffed by as many as 1,000 people, with both offensive and defensive expertise, as well as a 24-hour response team,according to a staff report by the Senate Permanent Subcommittee on Investigations, which was initiated by Sen. Sam Nunn,D-Ga.Information warfare is a catchall term. The military, for example, often refers to information warfare broadly to includetime-tested techniques and tools like disinformation, cryptography, radio jamming and bombing communications centers.But it is high-tech information warfare that has been getting most of the attention and funding lately. This budding warfareindustry is an eclectic field indeed, ranging from computer scientists whose work is funded by the government tohackers-for-hire who specialize in theft, extortion and sabotage. In his Senate testimony, Deutch said the CIA had determinedthat cyber attacks are now ''likely to be within the capabilities of a number of terrorist groups,'' including the Hezbollah in theMiddle East.The weapons of information warfare are mostly computer software, like destructive logic bombs and eavesdropping sniffers,or advanced electronic hardware, like a high-energy radio frequency device, known as a HERF gun.In theory, at least, these weapons could cripple the computer systems that control everything from the electronic fundstransfer systems of banks to electric utilities to battlefield tanks.Advantage lostFor the military, information warfare raises the prospect of a new deal for America's adversaries. Cyberwar units couldsidestep or cripple conventional weaponry, undermining the advantage the United States holds.''Even a third-tier country has access to first-class programmers, to state-of-the-art computer hardware and expertise in thisarea,'' said Barry Horton, principal deputy assistant secretary of defense, who oversees the Pentagon's information warfareoperations. ''There is a certain leveling of the playing field.''Cyberspace also plays havoc with traditional definitions: What is a military target and what is a commercial one, if 95percent of military communications are over commercial networks; what is within United States jurisdiction and what is aninternational issue, when cyberspace has no geographic borders?''We have to redefine national security for the information age,'' Horton said.There is, to be sure, an aspect of self-interest in the information warfare alarms raised by defense and intelligence agencies.Those bureaucracies are sizable and costly, and in the post Cold-War era, they are in need of new enemies.''The people who are concerned about information warfare tend to magnify its significance,'' said Libicki of the NationalDefense University.The Electronic Industries Association estimates that over the next decade, the government's information warfare procurement,mainly for specialized software and services, will grow sevenfold, to more than $1 billion annually.Yet the projected information warfare spending amounts to pocket change, compared with next year's military budget of $257billion.''The point of information warfare is that you don't need fighter planes and billions of dollars to launch an attack on theUnited States anymore,'' said Winn Schwartau, an author and president of Interpact Inc., a security consulting firm.Weaknesses already shownThe government's computer systems are clearly susceptible to intruders. In 1988, a Cornell student sent a worm program overthe Internet that penetrated military and intelligence systems, shutting down 6,000 computers.In 1994, a 16-year-old British hacker broke into the computer system at an Air Force laboratory in Rome, N.Y.And in ''red team'' exercises, the military's experts have been able to break into 65 percent of the Defense Departmentsystems they tried to penetrate, using hacking tools available over the Internet.But nearly all these intrusions have been into some of the 2 million computers in military networks that handle unclassifiedinformation - though that information can be useful to enemies, defense officials concede. The classified information is on theother 10 percent of the military's computer networks, which do not have open links to the outside.Private companies and banks typically do not have the luxury of making their networks off-limits to outsiders.''We invite our customers into our computer networks,'' said Colin Crook, the senior technology officer of Citibank. ''I thinkour problem is more challenging than the government's.''Citibank got an alarming brush with the problem two years ago, when a Russian computer hacker tapped into the bank's fundstransfer system, taking more than $10 million. Citibank will not discuss the case, but investigators say the bank recovered allbut $400,000.In the business world, the reported hacker activity to date is mostly stealing credit card numbers, vandalizing software orharassing Internet service companies.''At the moment, we're dealing with penny ante stuff,'' said Peter Neumann, a computer scientist at SRI International, aresearch firm in Menlo Park. ''But the risk of much greater damage is there.'''Frightening vulnerability'Frank of DARPA speaks of a ''frightening vulnerability'' of utilities systems, of the private data networks of the internationalfinancial system and of the digital switches at the core of modern phone systems.Major breakdowns caused by computer intruders have not yet occurred. But there is evidence that more sophisticated hackersare now at work. The Science Applications International Corp., a defense contractor and technology security firm, surveyedmore than 40 major corporations who confidentially reported that they lost an estimated $800 million due to computerbreak-ins last year, both in lost intellectual property and money.Private investigators and bankers say they are aware of four banks, three in Europe and one in New York, that have maderecent payments of roughly $100,000 each to hacker extortionists. The bankers and investigators would not name the banks,but the weapon used to blackmail the banks was a logic bomb - a software program that, when detonated, could cripple abank's internal computer system. In each case, the sources said, the banks paid the money, and then took new securitymeasures.Frequently, experts say, the tighter security measures are nothing fancy. One problem is modems on employees' computers.They are open connections to the outside world, potentially giving hackers access to an internal network.''You can't eliminate risk of information attacks, but you can minimize it,'' said William Marlow, a senior vice president ofScience Applications International. ''Many of the steps are not all that high-tech or expensive.''After it got stung in the Russia episode, Citibank has taken a series of measures, from instructing employees to never assumea computer network is secure to aggressively pursuing hackers.''You mess with us and we're going after you,'' Crook said. ''This is a big deal for us now.'' Infobox: The weaponsLOGIC BOMBA software program that detonates at a specific time, or when certain instructions are executed. It then typically destroys orrewrites data.HERF GUNA high-energy radio frequency weapon. It shoots a high-power radio signal at an electronic target and disables it.SNIFFERAn eavesdropping program that can monitor communications or commercial transactions.COMPUTER WORMA self-replicating program that uses disk space and memory and can eventually shut down computer systems.Source: New York TimesThe targetsAIRPLANESDestructive software could cause plane crashes by making on-board avionics malfunction. High-energy weapons, in theory,could also cause crashes by disabling computer systems.ELECTRIC UTILITIESLogic bombs or worms could knock out power grids, causing local or regional blackoutsBANKS AND STOCK EXCHANGESSniffer programs can track transfers of funds. Logic bombs could cripple the markets and destroy records of transactions.Computer hackers can crack into banking networks and steal money.TANKS AND ARMSSophisticated computer controls are vulnerable to both destructive software and high-energy weapons. Everything from tanksto surveillance aircraft are potentially at riskTRAINSLogic bombs in traffic-control networks could cause crashes by misrouting trains.Keywords: INFORMATION WAR COMPUTER TECHNOLOGY MILITARY FUTURE PLANNING Caption: DRAWING: