The Biggest Military Hacks of All Time

The biggest military hack of all time, the Pentagon hacker, the NASA hacker - hold your breath, it's another media hype or traffic acquisition headline strategy by the majority of online media sites. Who else are we missing? The NASA port scanner, the true walking case study on tweaking NMAP for subconscious espionage purposes, the CIA IRC junkies that managed to talk them into talking with "them", and Bozo the clown chased by the Thought Police for his intentions.

Great examples of buzz generating, deadline-centered news articles you can always amuse yourself with, and feel sorry for the lack of insightful perspectives nowadays -- I'm slowly compiling a list of best of the best news items ever, so let there be less intergalactic security statements, and less flooding web sites with Hezbollah data stories.

In case you've somehow missed Gary McKinnon's story, don't you worry as you haven't missed anything spectacular, besides today's flood of reporters with claimed prehistoric IT security experience -- you must make the different between a reporter, a journalist, and a barking dog thought. Perhaps the only objective action done by an industry representative was the Sophos survey on Gary McKinnon. It would be much more credible to differentiate the severity of the hack, depending on which military or government network was actually breached, don't just go where the wind blows, barely reporting, where's YOUR opinion if ANY?

Was it the NSANet, the Joint Worldwide Intelligence Communications System [JWICS], the Secret Internet Protocol Router Network (SIPRNET), or the Unclassified but Sensitive Internet Protocol Router Network (NIPRNet) actually breached?

Moreover, were the following real-life examples a paintball game or something :

- Solar SunRise
"SOLAR SUNRISE was a series of DoD computer network attacks which occurred from 1-26 February 1998. The attack pattern was indicative of a preparation for a follow-on attack on the DII. DoD unclassified networked computers were attacked using a well-known operating system vulnerability. The attackers followed the same attack profile: (a) probing to determine if the vulnerability exists, (b) exploiting the vulnerability, (c) implanting a program (sniffer) to gather data, and (d) returning later to retrieve the collected data."

- Dutch hackers during the Gulf War
"At least one penetrated system directly supported U.S. military operations in Operation Desert Storm prior to the Gulf War. They copied or altered unclassified data and changed software to permit future access. The hackers were also looking for information about nuclear weapons. Their activities were first disclosed by Dutch television when camera crews filmed a hacker tapping into what was said to be U.S. military test information."

- The Case Study: Rome Laboratory, Griffiss Air Force Base
"However, events really began in 1994, when the two young men broke into an Air Force installation known as Rome Labs, a facility at the now closed Griffiss Air Force Base, in New York. This break-in became the centerpiece of a Government Accounting Office report on network intrusions at the Department of Defense in 1996 and also constituted the meat of a report entitled "Security and Cyberspace" by Dan Gelber and Jim Christy, presented to the Senate Permanent Subcommittee on Investigations during hearings on hacker break-ins the same year. It is interesting to note that Christy, the Air Force Office of Special Investigations staffer/author of this report, was never at Rome while the break-ins were being monitored."

- Moonlight Maze
"It was claimed that these hackers had obtained large stores of data that might include classified naval codes and information on missile guidance systems, though it was not certain that any such information had in fact been compromised."

- Titan Rain
"Titan Rain hackers have gained access to many U.S. computer networks, including those at Lockheed Martin, Sandia National Laboratories, Redstone Arsenal, and NASA."

- Chinese hackers who supposedly downloaded 10 to 20 terabytes from the NIPRNet -- it's like I love you from 1 to 50, and you?

From another perspective, the biggest military hack doesn't have to come from the outside, but from the inside, as soldiers are easily losing their USB sticks on the field. Breaching the SIPRnet from the ouside would be a good example of a big military hack, but then again, insiders are always there to "take care".

If Gary McKinnon did the biggest military hack of all time, why do I still hear Bozo singing - ta ta tararata ta ta rara tata.

UPDATE:
Related posts you might also find informative - North Korea's Cyber Warfare Unit 121, Techno imperialism and the effect of Cyber terrorism, Cyber War Strategies and Tactics, the rest you can Google. Surprised to come across the post at Meneame.net too.

The Walls and Lamps are Listening

And so are the hardware implanted "covert operatives".

Cyber War Strategies and Tactics

Starting from the basic premise that "All warfare is based on deception", the Cyberspace offers an unprecedented amount of asymmetric power to those capable of using it. Cyber wars are often perceived as innocent exchange of "virtual shots" between teenage defacement groups, whereas if one's willing the embrace the rough reality, Hacktivism remains a sub-activity of Cyberterrorism, where Information Warfare unites all these tactics.

Quality techno-thrillers often imply the notion of future warfare battles done in the virtual realm compared to actual spill of blood and body parts -- death is just an upgrade. Coming back to today's Hacktivism dominated mainstream news space, you may find this paper on Cyberwar Strategy and Tactics - An Analysis of Cyber Goals, Strategies, Tactics, and Techniques, and the development of a Cyber war Playbook, informative reading :

"To create a cyberwar playbook, we must first understand the stratagem building blocks or possible moves that are available. It is important to note however that these stratagem building blocks in and of themselves are not strategic. Instead, it is the reasoned application of one or more stratagems in accomplishing higher-level goals that is strategic in nature. We thus need to understand the situations in which the stratagems should be applied and how. We can begin to predict and choose the most effective stratagem for a given situation as we become more experienced. Example stratagems include:

Fortify Dodge
Deceive Block
Stimulate Skirt
Condition Monitor

Stratagems may also have sub-stratagems. Examples are:

Deceive.Chaff --- Block.Barricade
Deceive.Fakeout --- Block.Cutoff
Deceive.Conceal --- Monitor.Eavesdrop
Deceive.Feint --- Monitor.Watch
Deceive.Misinform --- Monitor.Follow

These stratagems are very high level and can be supported through many tactical means. Each building block defines a stratagem and contains one or more possible tactical implementations for that stratagem, including requirements, goals that may be satisfied using the stratagem, caveats, example uses, and possible countermeasures."

No matter the NCW doctrine, UAVs intercepting or hijacking signals, "shock and awe" still dazzles the majority of prone to be abused by cheap PSYOPS masses of "individuals".

Related resources and posts:
Network Centric Warfare basics back in 1995
Information Warfare
Cyber Warfare
Who's Who in Cyber Warfare?
North Korea's Cyber Warfare Unit 121
Hacktivism Tensions - Israel vs Palestine Cyberwars
Achieving Information Warfare Dominance Back in 1962

Bed Time Reading - Spying on the Bomb

Continuing the Bed Time Reading series, and a previous post related to India's Espionage Leaks, this book is a great retrospective on the U.S Nuclear Intelligence from Nazi Germany to Iran and North Korea.

In-depth review with an emphasis on India's counterintelligence tactics:

"India's success in preventing U.S. spy satellites from seeing signs of the planned tests days to weeks in advance was matched by its success in preventing acquisition of other types of intelligence. India's Intelligence Bureau ran an aggressive counterintelligence program, and the CIA, despite a large station in New Delhi, was unable to recruit a single Indian with information about the Vajpayee government's nuclear plans. Instead, the deputy chief of the CIA station in New Delhi was expelled after a botched try at recruiting the chief of Indian counterintelligence operations. Former ambassador Frank Wisner recalled that `we didn't have... the humans who would have given us an insight into their intentions'." Ambassadors do not keep aloof from the CIA's work, evidently. Their denials are false.

NSA's eavesdropping activities did not detect test preparations. "It's a tough problem," one nuclear intelligence expert told investigative journalist Seymour Hersh. India's nuclear weapons establishment would communicate via encrypted digital messages relayed via small dishes through satellites, using a system known as VSAT (very small aperture terminal), "a two-way version of the system used by satellite television companies". Good show. At the end of the day, Americans admitted that even if they had been better informed, they could not have prevented Pokhran II just as they could not deter Pakistan from staging its tests at Chagai."

Was the USSR's tactic of helping the enemies of their enemies, thus ruining the Nuclear-club monopoly by making the A-bomb a public secret, the smartest or dumbest thing they ever did? Monopolies are bad by default, but balance is precious as the "rush must always be tempered with wisdom". How about a nice game of chess instead?

Related resources and posts:
Nuclear
Who needs nuclear weapons anymore?
North Korea's Strategic Developments and Financial Operations
Japan's Reliance on U.S Spy Satellites and Early Warning Missile Systems