Australian IT – US military versed in cyber-attack (Karen Dearne, APRIL 01, 2003)

THE US military is well practised in the “black art of offensive security”, or cyberattack, according to Ron Moritz, an e-security expert with Computer Associates International.

“It’s very clear to me that there have been active, let’s say black arts capabilities, created in the US,” he said. “When it comes to computers, offensive security may be a contradiction, but the ability to carry out offensive attacks in the cyber-world is certainly part of US military capabilities.

read the rest of the article in ‘more’ or go to article here


“That has been demonstrated in the past, not least in the first Iraq war.”

As coalition military forces battle sandstorms and Iraqi resistance, cyber-security experts suspect the US may be waging a virtual war in tandem with the physical conflict.

US newspapers have been unable to substantiate speculation, due to an apparent “don’t ask, don’t tell” policy.

Experts believe US cyber-warriors may be using viruses, worms and electronic-pulse tools to shut down Iraqi computer and communications networks.

The Arab satellite television network, Al-Jazeera, has reportedly been under sustained distributed denial-of-service, or flood, attacks, which repeatedly knocked out its websites.

Mr Moritz, who was in Australia just before war broke out, said the US Air Force Computer Emergency Response Team (AFCERT) had a well-disciplined computer emergency response capability based on complex defensive strategies.

AFCERT, which maintains a very low public profile, was reputed to be “the ultimate secure operations centre”, he said.

“Has the US military geared up for attacks against its infrastructure? Absolutely,” Mr Moritz said. “Whenever you create an offensive weapon, you obviously begin thinking about the defensive strategies that you may need to combat that same threat.”

One example that had come back to haunt the US was the surface-to-air missile program created in the 1980s when the Afghans were fighting the Russians.

“The threat came from those very deadly Russian attack helicopters,” he said. “But just before I left for Australia, one of New York’s distinguished senators appeared on television with one of those surface-to-air launch devices and talked about the threat to aircraft in the New York area. I thought, this is not a good time to be a frequent air traveller.”

Mr Moritz expected the US military would engage in classic covert campaigns in the war with Iraq.

“The ability to intercept enemy communications, which is truly what the networking infrastructure is about, moving data from point to point, being able to restructure that data are tremendous offensive capabilities,” he said.

“We’re just leveraging new technologies to facilitate classic military science.”

But mass disinformation campaigns no longer worked because the internet and worldwide communications made it easier for people to gather information from sources not controlled by governments.

Mr Moritz, who is senior vice-president of CA eTrust Security Solutions, is an 18-year industry veteran and a former member of the US delegations to G8 meetings on international cybercrime and cyber-terrorism.

He was also a founding board member of the Information Technology Information Sharing and Analysis Centre (IT-ISAC), established by then president Bill Clinton.

Mr Moritz expressed disappointment with the US National Strategy to Secure Cyberspace, released by President Bush in February.

“Unfortunately, I don’t think it goes far enough,” he said. “We feel the final version has been watered down compared with the draft.

“My interpretation is that we in industry are now going to have to step up and take collective responsibility for protecting critical infrastructure.”

In effect, the policy passed the buck – and the financial costs – back to business, he said.