Feeds

Do it with spanners – how the Iraq cyber attack will work

Security expert reveals cunning US plans

  • alert
  • submit to reddit

The Power of One Infographic

Updated It was recently revealed that last July President Bush had signed a secret directive covering the development of cyber warfare systems, and providing guidance on their use. We have no idea why, given that it's secret, we've heard of it, but we'll let that pass - clearly, if we're getting the components of cyber warfare in place at this juncture, then we're probably thinking about Iraq.

You can find the Washington Post's take on the directive here,, and last Friday BBC news joined in with some useful 'how it would work' input from DK Matai, chief exec of famous security outfit mi2g. "Iraq has a relatively advanced telecommunications infrastructure," DK told the Beeb, "and any cyber attack could cripple emergency services and prevent both the military and civilians from talking to each other. It would play an important part in shaking citizens' confidence in the government."

Well yes, but how would you cripple it? DK assured the Beeb that the Slammer worm is an excellent example. "The Slammer worm paralysed Korea, disrupted 13,000 ATMs in the US and disabled the emergency services in Seattle," he said. But you might reckon this kind of skips over "how" and gets straight on to "what" - it's pretty easy to see how you deliver a Pentagon-controlled killer Slammer variant to, er, the US and its allies, but as the BBC tells us that Iraq only has 12,000 people online, it's not entirely obvious how you would get it to the country's super-sensitive computer systems.

This was left unresolved in Friday's report, but last night on the BBC's World Tonight programme - hoorah! - they must have decided they liked it so much they'd do it again. The soundbites were so similar that we suspect last night's interview was using the same material, but this time mi2g covered the issue of knocking out the telecoms in a largely non-online state in more detail. And here it comes, folks. As regards Iraq, the US government would have "people on the inside who had been alerted to set certain switches."

So there you go, large numbers of hitherto unknown US agents in Iraqi telephone exchanges, acting in unison with spanners. It's a cyber attack, Jim, but not as we know them... ®

A Clarification

mi2g has contacted us regarding the above article, which it suggests might be misinterpreted by our readers without some clarification. This the company has supplied, and we are of course happy to publish it, although we remain fairly happy with the article as it stands. In mi2g's clarification, note (1) that cyber warfare is defined to include "traditional information warfare", and that NATO has been engaged in this over "the last five decades." So by this definition cyber warfare includes dropping bombs on telephone exchanges, and possibly might even encompass the 1943 attack on the Moehne, Eder, Sorpe and Schwelm Dams. As for (3), a reader points us to the CIA World Fact Book entry for Iraq, calculating that Iraq has 0.028 phone lines per head, compared with South Korea's 2.01. Advanced telecoms depends on where you're standing, we suppose.

Here, however, is what mi2g has to say regarding the BBC interview with company CEO DK Matai:

1. At the start of the interview, cyber warfare was categorically defined to include traditional information warfare which targets ICT (IT, Communications and Telcom services). The traditional information warfare "ICT disabling" doctrine was seen in Serbia in 1999 and in other NATO wars in the last five decades so why would Iraq be any different.
 
2. mi2g has maintained that any threat to critical national infrastructure where a country is paralysed from sustained command and control attacks does require insider help. We also stated that the threat to the West from counter-attack is far greater than to Iraq as evidenced during the NATO-Serbia digital attack & counter-attack.
 
3. When we said that the telecommunications infrastructure of Iraq is relatively advanced we looked at it from a holistic perspective of digital exchanges, microwave links and cellular networks. The very low number of internet connections in Iraq is down to government restrictions and not simply the result of inferior voice/data pipes.
 
4. We also informed the BBC that the most damaging scenario is a blended threat, where critical damage is inflicted through a combined physical and cyber-attack.
 
As you will agree, the article which you have published may be misinterpreted by your readers without some of the clarification mentioned above.

Mobile application security vulnerability report

More from The Register

next story
Airbus promises Wi-Fi – yay – and 3D movies (meh) in new A330
If the person in front reclines their seat, this could get interesting
UK Parliament rubber-stamps EMERGENCY data grab 'n' keep bill
Just 49 MPs oppose Drip's rushed timetable
Want to beat Verizon's slow Netflix? Get a VPN
Exec finds stream speed climbs when smuggled out
Samsung threatens to cut ties with supplier over child labour allegations
Vows to uphold 'zero tolerance' policy on underage workers
Dude, you're getting a Dell – with BITCOIN: IT giant slurps cryptocash
1. Buy PC with Bitcoin. 2. Mine more coins. 3. Goto step 1
US freemium mobile network eyes up Europe
FreedomPop touts 'free' calls, texts and data
Big Blue Apple: IBM to sell iPads, iPhones to enterprises
iOS/2 gear loaded with apps for big biz ... uh oh BlackBerry
Price cuts, new features coming for Office 365 small biz customers
New plans for companies with up to 300 staff to launch in fall
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.