[Infowarrior] - Network Attack Weapons Emerge

[Richard Forno]

(I recall working on a similar proof of concept 1994-5 timeframe for a  
bleeding-edge Beltway company, but the idea was tossed aside for  
several reasons...but we sure had some nifty stuff in it!  That said,   
reading this article I'm reminded of the fictitious 'Janus Box' from  
the movie 'Hackers' that would decrypt/hack ANY security protocol and  
essentially give its users access to everything, everywhere.  In this  
case, assuming such a device is even developed (or possible) imagine  
the havoc caused if it suddenly shows up on BitTorrent and everyone  
can have such point-click-hack capabilities? You think you have cyber  
problems now, you ain't seen nothing yet!  ---rick)


http://www.aviationweek.com/aw/generic/story_channel.jsp?channel=defense&id=news/CYBER052109.xml

Network Attack Weapons Emerge
David A. Fulghum

Devices to launch and control cyber, electronic and information  
attacks are being tested and refined by the U.S. military and industry  
in preparation for moving out of the laboratory and into the  
warfighter's backback.

It's a part of a technology race that is already well underway. The  
Russian attack on Georgia last year showed weaknesses in some combat  
areas, but not in cyberwarfare, say U.S. analysts.

"The Russians conducted a cyberattack that was well coordinated with  
what Russian troops were doing on the ground," says a longtime  
specialist in military information operations. "It was obvious that  
someone conducting the cyber[war] was talking to those controlling the  
ground forces. They knew where the [cyber]talent was [in Russia], how  
to use it, and how to coordinate it.

"That sophisticated planning at different levels of cyberwarfare  
surprised a lot of people in the Defense Dept.," he says. "It looked  
like a seamless, combined operation that coordinated the use of a  
range of cyberweapons from the sophisticated to the high school kids  
that thought it was cool to deface official web sites. The techniques  
they used everybody knows about. The issue was how effective they were  
as part of a combined operation."

The U.S. is looking for a tool to duplicate that kind of attack.  
Moreover, the Defense Advanced Research Projects Agency has awarded  
several contracts to information technology (IT) companies to design a  
cyberattack range. Candidate sites include Naval Air Warfare Center's  
China Lake, Calif., radar cross-section facility and the U.S. Air  
Force radar cross-section range at Holloman AFB, N.M.

Several future attack devices are being built in a U.S. cyberwarfare  
attack laboratory. The one shown to Aviation Week & Space Technology  
is a software framework for locating digital weaknesses. It combines  
cybersleuthing, technology analysis and tracking of information flow.  
It then offers suggestions to the operator on how best to mount an  
attack and, finally, reports on success of the effort.

Right now, electronic and cyberattacks are conducted and understood by  
a very few. To make the capability part of the warfighter's arsenal it  
has to be configured and packaged so that a non-expert could use it on  
the battlefield.

The heart of this attack device is its ability to tap into satellite  
communications, voice over Internet, proprietary Scada networks-- 
virtually any wireless network. Scada (supervisory control and data  
acquisition) is of particular interest since it is used to  
automatically control processes at high-value targets for terrorists  
such as nuclear facilities, power grids, waterworks, chemical plants  
and pipelines. The cyberattack device would test these supposedly  
inviolate networks for vulnerabilities to wireless penetration.

"If you think about the explosion of capability in the commercial  
electronics sector, it's obvious that for not too much money, anybody  
can set up a fairly robust WiFi capability and just ride the backbone  
of the Internet," says a U.S.-based, network attack researcher. "We're  
tying together the protection and the reaction side with this device  
which will serve for planning, execution and penetration testing."

A by-product of the project is that it offers a start to weaponizing  
cyberattack for the non-cyberspecialist, military user.

There are four broad objectives in designing the attack device:  
Capture expert knowledge but keep humans in the loop.

*Quantify results so that the operator can put a number against a  
choice.

*Enhance execution by creating a tool for the nonexpert that puts  
material together and keeps track of it.

*Create great visuals so missions can be executed more intuitively.

This particular network attack prototype has a display at the  
operator's position that shows a schematic of the network of interest  
and identifies its nodes.

"You could be talking about thousands and thousands of nodes being  
involved in a single mission," says a second network attack  
researcher. "Being able to visualize that without a tool is  
practically impossible."

A touch-screen dashboard beneath the network schematic display looks  
like the sound mixing console at a recording studio. The left side  
lists cyberattack mission attributes such as speed, covertness,  
attribution and collateral damage. Next to each attribute is the image  
of a sliding lever on a long scale. These can be moved, for example,  
to increase the speed of attack or decrease collateral damage.

Each change to the scales produces a different list of software  
algorithm tools that the operator needs. "Right now, all that  
information is in the head of a few guys that do computer network  
operations and there is no training system," says the first specialist.

Experts are combining digital tools that even an inexperienced  
operator can bring into play. In the unclassified arena there are  
algorithms dubbed Mad WiFi, Air Crack and Beach. For classified work,  
industry developers also have a toolbox of proprietary  
cyberexploitation algorithms.

Air Crack, for example, uses open source tools to crack the encryption  
key for a wireless network. Some cracks are quick, but require  
injecting a lot of data into the network, which makes the attack noisy  
and easy to trace. Others are very passive and slow--taking a couple  
of days or even months. But no one is aware of the intrusion. A  
passive dictionary attack can find passwords such as common English  
words, names or birthdays, but it is considered a brute force attack.

Cryptoattacks use more sophisticated techniques to cut through the  
password hash. "It runs faster and you usually get a better result,"  
says an IT specialist. "But you have to take a more active role,  
capture different types of data and send the right information to get  
a proper response."

A de-authorization capability can kick all the nodes off a network  
temporarily so that the attack system can watch them reconnect. This  
provides information needed to quickly penetrate the network.

In one prototype attack device, a colored bar is at the right of each  
scale. Green means the effect is better than specified; blue, that it  
is equal; and red signifies it does not meet the user's criteria.

The three major elements of a cyberattack system are its toolbox,  
planning and execution capabilities. The toolbox is put together by  
the hardware and software experts in any organization to address  
specific missions. They maintain the database of available capabilities.

The planning capability takes input from other planning systems--for  
example, network situational awareness--and incorporates it. The  
planner weighs the attack device's capabilities, the target to be  
attacked along with the style of execution and then ranks the  
solutions. But the final decision is left to the operator.

The output of planning is a course of action--the sequence of steps  
that must happen. This blueprint can be reviewed, modified and  
approved by a supervisor. It is then taken to the field and executed  
or exported to some other cyberattack system.