Op andere sites online gevonden

 

 

DEFENCE NOTES
Pakistan needs an Information
Warfare capability

SYED M. AMIR HUSAIN goes over the desperate
need for PAKISTAN to develop an inherent
capability in information warfare
Introduction
Recent events in the sub-continent sent tensions rising and there was talk of deploying missiles, mass producing nuclear weapons and delivery systems and putting air forces of both sides on full scale alert. While rhetorical threats were being made from across the border, thankfully, nothing serious happened. Pakistan was not pulled into an actual conflict despite the BJP's provocations. Ironically, the only physical attack faced by either side, save the routine incidents of firing at the Line of control in Kashmir, was a hacker break-in at India's Bhabha Atomic Research Centre (BARC) computer systems. Yet, most people entirely neglected this incident and other than a one-line comment from a Pakistani spokesman proclaiming that Pakistan had nothing to fear from such attacks, no serious note was taken. This was certainly a puzzling response.
Pakistan is ill-prepared to face full fledged attacks against its computer systems. A common misconception is that since Pakistan is relatively 'low-tech' and less computerized than the western nations, we have little to lose from such an attack. While it is probably true that Pakistan's nuclear armed Ghauri missiles cannot be launched by a hacker breaking into Pakistan's C3I systems, we still do have a lot to lose to planned hacker attacks. The field of Information Warfare is a relatively new one. Whereas soldiers have fought battles for thousands of years, and generals have had millenia to evolve strategies, Information Warfare represents an entirely new dimension. Here, conventional strategies fail and war becomes more like espionage, even though attacks against enemy information repositories and systems may be fairly large scale.
For the purposes of this paper, let us define Information Warfare to be a type of Electronic Warfare, which has the aims of neutralising and obtaining information from, or monitoring enemy computer information systems and networks. Additionally, Information Warfare capability, in a defensive role, must provide adequate protection to 'own' systems and networks.
This paper does not claim to be an extensive study of the Information Warfare threat posed to Pakistan. It is only an introductory analysis that will hopefully spur similar and more detailed efforts. It addresses the need for defending Pakistan's electronic frontiers, and hence advocates expansion of our defence capabilities to a fifth dimension - Cyberspace.
As envisioned here, Pakistan's Information Warfare force would be able to conduct offensive operations against target systems, defend the country's information infrastructure from attacks and act as a force multiplier for the remaining four pillars of national defence; the Air Force, Navy, Army and Intelligence services, by providing them valuable information.
Here, we outline the need for training and inducting a company of information warfare specialists. We do not even claim that what little material we cover here will be error-free and without deficiencies. This is partly because this paper is a first attempt as far as studying and advocating Information Warfare capabilities for Pakistan is concerned. It is also because the author has little or no access to classified information and existing Pakistani computing resources at institutions like Dr. Qadeer Khan Research Labs and Pakistan Atomic Energy Commission. Similarly, network architectures, topologies and security practices at sensitive installations are obviously not commonly known.
What kind of attacks can be staged against our Information and Computer resources?

 

Espionage:
Information Extraction

The author conducted a security analysis of Pakistan's existing commercial Internet access provider networks and some Pakistani educational institutions who have their own computer systems. Certain interesting results were found. Though it is inappropriate to detail the mechanics of our actual analysis or how and exactly what kind of loopholes were found, suffice to say that many systems are vulnerable. Information can easily be stolen, some systems can be used as gateways into others, and general-purpose havoc can be unleashed. In particular, it was found that some large systems have such lax security that it actually becomes possible to plant back-doors, or 'trojan horses'. These are programs that can allow hackers to re-enter compromised systems without the knowledge of the systems administrator even after known security holes have been plugged. At other sites, it was possible to remain connected to machines for months, trying to get in to the systems, while the target systems were not configured even to log the hundreds of thousands of automated, malicious attempts.
Why should the vulnerability of commercial ISPs and educational institutions concern the Pakistan Government or Armed Forces? Simply because most people in Pakistan have access to the Internet and information systems only through educational institutions and commercial ISPs. Information security consciousness is so low in our country that many scientists, professors, politicians, and military personnel exchange classified or semi-classified information using e-mail. When we say that commercial ISPs are vulnerable, we are really claiming that it is possible to closely monitor the activities of thousands of Pakistanis, many of whom may be responsible for sensitive information.
Pakistan's growing software industry, that was projected to export software worth around $60 million this year, can be devastated in the face of a well planned onslaught against its computer systems. Network connections with customers in foreign countries can be brought down, development workstations - many of which are connected to the Internet - can be rendered un-useable and hence, a vital and growing source for earning foreign exchange can be harmed. This holds true for other commercial enterprises that rely on computers and networks, such as banks.
It is worth pointing out that in the winter of 1996, some hackers based in the United States, probably semi-skilled students, broke into PTC's Paknet network and vandalized Air Chief Marshall Farooq Feroze Khan's private internet account. Though officials were quick to dismiss the break-in as having done no damage, such post-failure claims on the part of the PTC management should be taken with a healthy pinch of salt. We do not know what information, if any, was compromised, but certainly this was not a desirable happening.
Then, very recently, in the first week of June, 1998, a hacker group by the name of milworm, gained access to Bhabha Atomic Research Center in India. A popular hacking site on the web, www.antionline.com, while carrying detailed information on the break-in, released several pages of information retrieved by the hackers from BARC (some listed in the appendix of this paper). The pages released publicly by antionline consisted of classified but non-crucial data. The milworm group retrieved a total of about 5 megabytes of text information (5 million characters Ñ hundreds of pages) from BARC; there is an extremely high likelihood of a lot of that information being classified and crucial to the Indian nuclear program. In an online interview with antionline one of the hackers, JF, had this to say about Pakistan's sensitive computer sites: We also believe we can gain access to the Pakistani servers as well. They're really weak too.
Wired Magazine, reported in its story published on 3rd June, 1998, titled 'Crackers: We stole nuclear data': The crackers say they're turning their attention to Pakistani government computer systems, claiming to have obtained topology maps for both Indian government networks and those maintained by Islamabad. The trio said they intend to take a closer look into Pakistan's nuclear weapons program.
Just four days after the attack on India's nuclear computer installations, the same group gained access to a Turkish nuclear computer centre, the Cekmece Nuclear Research and Training Centre located in Istanbul, and computers at an Iranian nuclear research complex.
Like India's BARC, Pakistan's Khan Research Labs are also connected to the Internet and have their own web site (www.krl.com.pk). Do these direct threats against Pakistan's sensitive computer resources not provide enough justification for Pakistan to immediately mobilize a counter-measures force? Attacks of this kind are far from being indicative of the maximum damage that can be done by independent hackers, or those working for the intelligence agencies or military forces of hostile governments such as India or Israel.
From the intelligence gathering point-of-view, significant information can be gained about a person merely by analyzing his pattern of communication, the materials he reads and the opinions he expresses when he naively thinks that he is not being watched. All this information can be obtained about users of under-protected networks, like those in Pakistan. The Internet is a huge information repository that can be used to extract information of any sort. And indeed, many Pakistanis use it, quite correctly, for exactly that. However, have our intelligence agencies considered how much an untrained individual can learn about a subject merely by analyzing their e-mail, the web-sites they visit, the postings they make on the Internet, the people they correspond with, even when and from where they log in to their service providers' machines? By piecing together this information, even partial daily routines for individuals can be modeled.

 

Telecommunications Disruptions
In Pakistan, the government-owned telecommunications corporation is using exchanges which support remote configuration through dial-up connections. No security study has been done that analyzes how easily, and if at all, potential terrorists or saboteurs can gain access to these systems, and in the process literally wreak havoc with telecommunications. Chaos can be brought about by re-routing numbers to different lines, setting up monitoring stations or 'listening posts', disconnecting certain numbers and even disrupting routing for entire exchanges.
Denial of Service Attacks
Relatively less sophisticated ways exist in which Pakistani information resources and computer systems can be targeted by potential enemies so that they are rendered temporarily un-useable. These, normally brute force attempts, are best described as 'denial-of-service' attacks. The aim of such an attack is to make use of a computer system or network impossible by flooding the network with too much data, or sending random messages to machines so that they become so busy dealing with the 'junk' that they no longer remain capable of serving legitimate requests. Once more, we see that most Pakistani sites are devoid of even the available protection to combat attacks such as these.

Centerboek
ISBN 90-5087-027-9

meer artikelen

back home