[ISN] U.S. Military's Elite Hacker Crew

InfoSec News isn at c4i.org
Mon Apr 18 06:00:18 EDT 2005

Forwarded from: William Knowles <wk at c4i.org>


By John Lasker
April. 18, 2005 

The U.S. military has assembled the world's most formidable hacker
posse: a super-secret, multimillion-dollar weapons program that may be
ready to launch bloodless cyberwar against enemy networks -- from
electric grids to telephone nets.

The group's existence was revealed during a U.S. Senate Armed Services
Committee hearing last month. Military leaders from U.S. Strategic
Command, or Stratcom, disclosed the existence of a unit called the
Joint Functional Component Command for Network Warfare, or JFCCNW.

In simple terms and sans any military parlance, the unit could best be
described as the world's most formidable hacker posse. Ever.

The JFCCNW is charged with defending all Department of Defense
networks. The unit is also responsible for the highly classified,
evolving mission of Computer Network Attack, or as some military
personnel refer to it, CNA.

But aside from that, little else is known. One expert on cyber warfare
said considering the unit is a "joint command," it is most likely made
up of personnel from the CIA, National Security Agency, FBI, the four
military branches, a smattering of civilians and even military
representatives from allied nations.

"They are a difficult nut to crack," said Dan Verton, a former U.S.  
Marine intelligence officer. "They're very reluctant to talk about
operations." Verton is author of the book Black Ice, which
investigates the threats cyber terrorism and vandalism could have on
military and financial networks.

Verton said the Defense Department talks often about the millions it
spends on defending its networks, which were targeted last year nearly
75,000 times with intrusion attempts. But the department has never
admitted to launching a cyber attack -- frying a network or sabotaging
radar -- against an enemy, he said.

Verton said the unit's capabilities are highly classified, but he
believes they can destroy networks and penetrate enemy computers to
steal or manipulate data. He said they may also be able to set loose a
worm to take down command-and-control systems so the enemy is unable
to communicate and direct ground forces, or fire surface-to-air
missiles, for example.

Some of the U.S. military's most significant unified commands, such as
Stratcom, are undergoing a considerable reorganization. Stratcom,
based at the massive Offutt Air Force base in eastern Nebraska and
responsible for much of the nation's nuclear arsenal, has been ordered
by the Defense Department to take over the JFCCNW.

To better understand the secret program, several questions about the
unit were submitted to Stratcom.

Capt. Damien Pickart, a Stratcom spokesman, issued a short statement
in response: "The DOD is capable of mounting offensive CNA. For
security and classification reasons, we cannot discuss any specifics.  
However, given the increasing dependence on computer networks, any
offensive or defensive computer capability is highly desirable."

Nevertheless, Verton says military personnel have told him numerous
"black programs" involving CNA capabilities are ongoing, while new
polices and rules of engagement are now on the books.

The ground was prepared in the summer of 2002, when President Bush
signed National Security Presidential Directive 16, which ordered the
government to prepare national-level guidance on U.S. policies for
launching cyber attacks against enemies.

"I've got to tell you we spend more time on the computer network
attack business than we do on computer network defense because so many
people at very high levels are interested," said former CNA commander,
Air Force Maj. Gen. John Bradley, during a speech at a 2002
Association of Old Crows conference. The group is the leading think
tank on information and electronic warfare.

Last summer, the internet-posted execution of American civilian
Nicholas Berg sparked a debate about the offensive capabilities of the
CNA program, said retired U.S. Army Col. Lawrence Dietz.

The Berg execution, a gruesome example of Netpolitiking (.pdf),
sparked a back-room debate at the highest levels, involving the State
Department, the Department of Justice and the Defense Department, said

The debate focused on whether the United States should shut down a
website as soon as it posts such brutality.

"There are some tremendous questions being raised about this," said
Dietz. "On whether they (JFCCNW) have the legal mandate or the
authority to shut these sites down with a defacement or a
denial-of-service attack."

Dietz knows a thing or two about information warfare. He led NATO's
"I-War" against Serbia in the mid-1990s -- a conflict that many
believe was the occasion for the U.S. military to launch its first
wave of cyber attacks against an enemy. One story widely reported, but
never confirmed, described how a team of military ops was dropped into
Serbia, and after cutting a wire leading to a major radar hub, planted
a device that emitted phantom targets on Serb radar.

Rita Katz, an expert on Islamic terror sites and director of the
Washington, D.C.-based Search for International Terrorist Entities,
believes a website that posts an execution should be taken out
immediately. No matter what the implications are for free speech or
other nation's laws, she said.

"There is no good, no value in those sites to exist anymore," said
Katz. However, Katz promotes the theory that some terror sites,
especially those whose servers are in the United States, should remain
up and running for intelligence purposes.

Dietz believes it could only be a matter of time before a U.S. soldier
faces a similar fate as Berg. Yet along with raising questions about
free speech, he realizes shutting down a website has its limitations.

After discovering that al-ansar.net's servers, which hosted video of
Berg's execution, were within its borders, the Malaysian government
shut the site down. But it took the Malaysian government more than a
day to act. By then, the Berg video was well on its way to becoming a
global recruiting tool for terror groups. And even if a website were
to be knocked offline, eventually such highly-charged political
statements would find a way onto the internet, Dietz said.

Verton said the Berg debate is actually an extension of a cyber
warfare debate started several years ago.

"The reality is, once you press that Enter button, you can't control
it," he said. "If the government were to release a virus to take down
an enemies' network, their radar, their electrical grid, you have no
control what the virus might do after that."

"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
C4I.org - Computer Security, & Intelligence - http://www.c4i.org

More information about the ISN mailing list