Do it with spanners – how the Iraq cyber attack will work
Security expert reveals cunning US plans
Updated It was recently revealed that last July President Bush had signed a secret directive covering the development of cyber warfare systems, and providing guidance on their use. We have no idea why, given that it's secret, we've heard of it, but we'll let that pass - clearly, if we're getting the components of cyber warfare in place at this juncture, then we're probably thinking about Iraq.
You can find the Washington Post's take on the directive here,, and last Friday BBC news joined in with some useful 'how it would work' input from DK Matai, chief exec of famous security outfit mi2g. "Iraq has a relatively advanced telecommunications infrastructure," DK told the Beeb, "and any cyber attack could cripple emergency services and prevent both the military and civilians from talking to each other. It would play an important part in shaking citizens' confidence in the government."
Well yes, but how would you cripple it? DK assured the Beeb that the Slammer worm is an excellent example. "The Slammer worm paralysed Korea, disrupted 13,000 ATMs in the US and disabled the emergency services in Seattle," he said. But you might reckon this kind of skips over "how" and gets straight on to "what" - it's pretty easy to see how you deliver a Pentagon-controlled killer Slammer variant to, er, the US and its allies, but as the BBC tells us that Iraq only has 12,000 people online, it's not entirely obvious how you would get it to the country's super-sensitive computer systems.
This was left unresolved in Friday's report, but last night on the BBC's World Tonight programme - hoorah! - they must have decided they liked it so much they'd do it again. The soundbites were so similar that we suspect last night's interview was using the same material, but this time mi2g covered the issue of knocking out the telecoms in a largely non-online state in more detail. And here it comes, folks. As regards Iraq, the US government would have "people on the inside who had been alerted to set certain switches."
So there you go, large numbers of hitherto unknown US agents in Iraqi telephone exchanges, acting in unison with spanners. It's a cyber attack, Jim, but not as we know them... ®
mi2g has contacted us regarding the above article, which it suggests might be misinterpreted by our readers without some clarification. This the company has supplied, and we are of course happy to publish it, although we remain fairly happy with the article as it stands. In mi2g's clarification, note (1) that cyber warfare is defined to include "traditional information warfare", and that NATO has been engaged in this over "the last five decades." So by this definition cyber warfare includes dropping bombs on telephone exchanges, and possibly might even encompass the 1943 attack on the Moehne, Eder, Sorpe and Schwelm Dams. As for (3), a reader points us to the CIA World Fact Book entry for Iraq, calculating that Iraq has 0.028 phone lines per head, compared with South Korea's 2.01. Advanced telecoms depends on where you're standing, we suppose.
Here, however, is what mi2g has to say regarding the BBC interview with company CEO DK Matai:
1. At the start of the interview, cyber warfare was categorically defined to include traditional information warfare which targets ICT (IT, Communications and Telcom services). The traditional information warfare "ICT disabling" doctrine was seen in Serbia in 1999 and in other NATO wars in the last five decades so why would Iraq be any different.
2. mi2g has maintained that any threat to critical national infrastructure where a country is paralysed from sustained command and control attacks does require insider help. We also stated that the threat to the West from counter-attack is far greater than to Iraq as evidenced during the NATO-Serbia digital attack & counter-attack.
3. When we said that the telecommunications infrastructure of Iraq is relatively advanced we looked at it from a holistic perspective of digital exchanges, microwave links and cellular networks. The very low number of internet connections in Iraq is down to government restrictions and not simply the result of inferior voice/data pipes.
4. We also informed the BBC that the most damaging scenario is a blended threat, where critical damage is inflicted through a combined physical and cyber-attack.
As you will agree, the article which you have published may be misinterpreted by your readers without some of the clarification mentioned above.
Sponsored: Cyberespionage and your business