Feeds

Do it with spanners – how the Iraq cyber attack will work

Security expert reveals cunning US plans

  • alert
  • submit to reddit

The essential guide to IT transformation

Updated It was recently revealed that last July President Bush had signed a secret directive covering the development of cyber warfare systems, and providing guidance on their use. We have no idea why, given that it's secret, we've heard of it, but we'll let that pass - clearly, if we're getting the components of cyber warfare in place at this juncture, then we're probably thinking about Iraq.

You can find the Washington Post's take on the directive here,, and last Friday BBC news joined in with some useful 'how it would work' input from DK Matai, chief exec of famous security outfit mi2g. "Iraq has a relatively advanced telecommunications infrastructure," DK told the Beeb, "and any cyber attack could cripple emergency services and prevent both the military and civilians from talking to each other. It would play an important part in shaking citizens' confidence in the government."

Well yes, but how would you cripple it? DK assured the Beeb that the Slammer worm is an excellent example. "The Slammer worm paralysed Korea, disrupted 13,000 ATMs in the US and disabled the emergency services in Seattle," he said. But you might reckon this kind of skips over "how" and gets straight on to "what" - it's pretty easy to see how you deliver a Pentagon-controlled killer Slammer variant to, er, the US and its allies, but as the BBC tells us that Iraq only has 12,000 people online, it's not entirely obvious how you would get it to the country's super-sensitive computer systems.

This was left unresolved in Friday's report, but last night on the BBC's World Tonight programme - hoorah! - they must have decided they liked it so much they'd do it again. The soundbites were so similar that we suspect last night's interview was using the same material, but this time mi2g covered the issue of knocking out the telecoms in a largely non-online state in more detail. And here it comes, folks. As regards Iraq, the US government would have "people on the inside who had been alerted to set certain switches."

So there you go, large numbers of hitherto unknown US agents in Iraqi telephone exchanges, acting in unison with spanners. It's a cyber attack, Jim, but not as we know them... ®

A Clarification

mi2g has contacted us regarding the above article, which it suggests might be misinterpreted by our readers without some clarification. This the company has supplied, and we are of course happy to publish it, although we remain fairly happy with the article as it stands. In mi2g's clarification, note (1) that cyber warfare is defined to include "traditional information warfare", and that NATO has been engaged in this over "the last five decades." So by this definition cyber warfare includes dropping bombs on telephone exchanges, and possibly might even encompass the 1943 attack on the Moehne, Eder, Sorpe and Schwelm Dams. As for (3), a reader points us to the CIA World Fact Book entry for Iraq, calculating that Iraq has 0.028 phone lines per head, compared with South Korea's 2.01. Advanced telecoms depends on where you're standing, we suppose.

Here, however, is what mi2g has to say regarding the BBC interview with company CEO DK Matai:

1. At the start of the interview, cyber warfare was categorically defined to include traditional information warfare which targets ICT (IT, Communications and Telcom services). The traditional information warfare "ICT disabling" doctrine was seen in Serbia in 1999 and in other NATO wars in the last five decades so why would Iraq be any different.
 
2. mi2g has maintained that any threat to critical national infrastructure where a country is paralysed from sustained command and control attacks does require insider help. We also stated that the threat to the West from counter-attack is far greater than to Iraq as evidenced during the NATO-Serbia digital attack & counter-attack.
 
3. When we said that the telecommunications infrastructure of Iraq is relatively advanced we looked at it from a holistic perspective of digital exchanges, microwave links and cellular networks. The very low number of internet connections in Iraq is down to government restrictions and not simply the result of inferior voice/data pipes.
 
4. We also informed the BBC that the most damaging scenario is a blended threat, where critical damage is inflicted through a combined physical and cyber-attack.
 
As you will agree, the article which you have published may be misinterpreted by your readers without some of the clarification mentioned above.

Gartner critical capabilities for enterprise endpoint backup

More from The Register

next story
6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
Clampdown on clickbait ... and El Reg is OK with this
No, thank you. I will not code for the Caliphate
Some assignments, even the Bongster decline must
Barnes & Noble: Swallow a Samsung Nook tablet, please ... pretty please
Novelslab finally on sale with ($199 - $20) price tag
Banking apps: Handy, can grab all your money... and RIDDLED with coding flaws
Yep, that one place you'd hoped you wouldn't find 'em
Video of US journalist 'beheading' pulled from social media
Yanked footage featured British-accented attacker and US journo James Foley
Primetime precrime? Minority Report TV series 'being developed'
I have to know. I have to find out what happened to my life
Netflix swallows yet another bitter pill, inks peering deal with TWC
Net neutrality crusader once again pays up for priority access
Judge nixes HP deal for director amnesty after $8.8bn Autonomy snafu
Lawyers will have to earn their keep the hard way, says court
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.