[Back][Home][Search] [Image] [Image] [Image] [Bomb2] [Image] Facts fight fiction in security circles POSTED 03/15/98 By Ellen Messmer Network World, 3/9/98 Do you ever lie awake at night worrying that extortionists might blast your LAN with electromagnetic HERF guns, that the military is spying on your network traffic or that hackers are in league with Saddam Hussein? There are plenty of people in government and business who do, and a whole cadre of security consultants who happily spread doom and gloom stories. These threats have even earned their own buzzword - infowar. The problem is, as the tales get bigger with each telling, separating fact from fiction can itself be "mission impossible." Take the case of High-Energy Radio Frequency (HERF) guns. HERF guns are electromagnetic pulse weapons used to garble datastored on hard disks or tapes. They also can be used to temporarily disable networks by disrupting the electron flow. Industrial nations, including the U.S., Russia and Sweden, are developing HERF guns as part of an overall infowar strategy. And banks, for instance, are ''hardening'' their data facilities with shielding to prevent possible data loss by terrorists or criminals firing radio-frequency guns from a distance. ''SEV Bank in Stockholm has hardened its computercenters against HERF guns,'' said Manuel Wik, chief engineer and strategic specialist in the Swedish Electronic Systems Directorate. He added that a number of Swiss banks are also looking into protecting their networks. Tales of HERF gun and other attacks abound, circulatedby word-of-mouth and spread by consultants or the media. The Sunday Times of London caused quite a stir in June 1996 when it reported that undisclosed ''London financial institutions'' paid ''up to 400 million pounds'' to ''international gangs of cyberterrorists'' using HERF guns. The paper named the U.S. National Security Agency as thesource of the information, but at the time, the NSA claimed no knowledge about it. The story was later discredited. But the infowar crowd - a growing cottage industry -still loves a good HERF gun tale. At last year's Infowar conference in Brussels, forexample, Nicholas Chantler, professor of intelligence and security studies atQueensland University of Technology in Brisbane, Australia, claimed that anunnamed Israeli research facility one morning discovered all of its computer records wiped out - and suspected HERF guns. The story has not been independently confirmed. Some suspect HERF guns were used against Hussein in the last Gulf War and may be used in future conflicts. In 1991 during Operation Desert Storm, ''we used non-nuclear electromagnetic pulse-tipped cruise missiles that, depending on the design, can explodeabove ground or on the ground to take out communications and power,'' said Winn Schwartau, president of Seminole, Fla.-based consultancy Security Experts, Inc., who runs the infowar.com Website. But could portable HERF guns be used by criminals to disrupt corporate networks, too? Yes, said Schwartau, but others are more skeptical. ''It's a genuine threat, but you can't build HERF guns from what you get at Radio Shack,'' said Barry Collins, senior research fellow at the Institute for Security and Intelligence. ''It takes some technical prowess, but a terrorist could do it, absolutely.'' Collins said that HERF guns can penetrate walls, wood and concrete, and can only be blocked by certain types of metal shielding. While some HERF threats have been overblown, the future could be fraught with electromagnetic peril. Ira Merritt, chief of the advanced technology concepts identification and applications analysis division at the U.S. Army Space and Missile Defense Command, complained that the Internet is becoming a place to easily disseminate technical information on radio-frequency weapons. In particular, Merritt told Congress that detailedpapers up at the Web site www.cs.monash.edu.au, attributed to Australian engineer Carlo Kopp, provided HERF gun design concepts. ''The HERF gun is eminently buildable, and this has been the case for many years now,'' Kopp told Network World. Kopp works in the systems research groupat the Department of Computer Science at Monash University in Clayton, Australia. Kopp addedhe is not in the habit of providing the precise mathematical details to build the guns. Even though it is difficult to confirm an actual HERFattack, experts say that caution is in order. ''No one knows how susceptible commercial electronic systemsmight be to a concerted electronic attack,'' Alan Keys, a senior researcher on high-power microwave radiation at the U.S. Army Laboratories, told Congress. Beware of suitcases? It might not be just guns that ultimately threaten networks. In January, the Swedish newspaper Svenska Dagbladet reported that the Swedish NationalDefense Research Institute purchased a Russian ''suitcase bomb'' that uses high-powermicrowaves to knock out computers. ''The article also reported that this device is being sold commercially and that it has been sold to the Australian military,'' Merritt said. Still, it's hard to know what to believe. As an AprilFool's joke in 1991, an InfoWorld column by John Gantz humorously said that the NSA had inserted a powerful computer virus into an Iraqi-bound printer, thereby downing the Iraqi defense network. According to Schwartau, the story was picked up by Japanese news sources, and eventually, military officials passed it along as real news to Nightline and U.S. News & World Report. These days the Gulf War virus hoax still gets a good laugh with the infowarcrowd. Is the NSA a threat? Another favorite subject in infowar circles is the NSA, the Fort Meade, Md.-based spy agency known to operate a formidable array of communication-interception equipment at listening posts around the world, filtering out fax, e-mail and phone calls that might affect U.S. national security. Within the European Parliament in Brussels, there has been growing concern about the U.S. power to intercept satellite communications via Echelon, the NSA's surveillance system that dates back to the '80s. According to Secret Power, a book by Nicky Hager, ( Available in the United States only via our Bookstore ) the largest NSA-directed satellite facility is in Menwith Hill, England, which can tap directly into the British Telecom microwave network. The European Parliament is now reviewing a report ''Assessing the Technologies of Political Control,'' which is said to verify the existence of Echelon. The report claims that Echelon is ''designed primarily for nonmilitary targets: governments, organizations and businesses in virtually every country.'' The report goes on to say that the NSA is routinely ''transferring all target information from the European mainland via the strategic hub of London, thenby satellite to Fort Meade in Maryland, via the critical hub at Menwith Hill.'' ''The only [European Union] member state that is part of Echelon is the U.K., not any of the other countries,'' said Tony Bunyan, director of London-basedpublic advocacy group StateWatch. Dutch treat Another favorite subject of speculation is whether Internet hackers are in league with Iraqs Hussein. In an assertion that has been repeated in books andbroadcasts, a Dutch hacker ring called High Tech for Peace allegedly went to the Iraqi embassy in Parisduring the U.S. Gulf War buildup and offered to foul up the network handling logistics messages between bases in the U.S. and the U.S. military units in Saudi Arabia. According to John Fialka's book, War By Other Means: Economic Espionage in America, Hussein turned down the offer. When asked where he got this information, Fialka pointed to undisclosed military sources who told him this during the Gulf War. BBC television aired the story, and had Dutch hackers actually stealing U.S. military secrets to sell to Hussein in March 1997, citing Eugene Schultz, former head of computer security at the Department of Energy, as the story's source. But while no one disputes that Dutch hackers were busy breaking into Defense Department computers right before the Gulf War, there is considerable doubt as to whether they were in league with Hussein. ''This never happened,'' said Dutch citizen Rop Genggrijp, who said he long ago gave up his former high-profile hacker ways to operate an Amsterdam-based Internet service provider. ''High Tech for Peace was not from Holland, and the story got mixed up with stories of Dutch hackers.'' Amsterdam police inspector Piel Kruyer said Dutch authorities have never heard of High Tech for Peace. And a military source who was active in the Gulf War admitted that the colonel who told Fialka that High Tech for Peace was an Amsterdam group was mistaken. Don't try this at home The wild stories continue to spread. Just last week, The New York Times ran a piece claiming that a ''computer supervisor at a Midwestern engine manufacturing company'' told his bosses that if he didn't get a raise immediately, he ''would shut the company down'' through some kind of sabotage. The plan worked and the employee ''got his raise,'' according to the Times, which cited as its source computer security consultant Erik Thompson, who ''was called in to help the company.'' The author of the story, columnist Peter Lewis, said he is convinced the story is real, and withheld the manufacturing firm's name because Thompson, who works for Orem, Utah-based AccessData, requested it. In the world of infowar and security gurus, its once again a question of Believe it or not. [Bomb2] Infowar.Com & Interpact, Inc. WebWarrior@Infowar.Com Submit articles to: infowar@infowar.com Voice: 813.393.6600 Fax: 813.393.6361