[LINK] U.S. Plans for Cyber Warfare

Viveka listmail2@karmanaut.com
Fri, 14 Feb 2003 23:51:17 +1100


At 11:48 AM +1100 13/2/03, David Lochrin wrote:
>At 8/02/03 10:13, Brenda Aynsley wrote:
>>FYI ... U.S. Plans for Cyber Warfare 08:50 AM Feb. 07, 2003 PT...
>>WASHINGTON -- President Bush has ordered the government to draw up
>>guidelines for electronic attacks against enemy computer networks...
>>http://www.wired.com/news/conflict/0,2100,57591,00.html?tw=wn_ascii
>
>    Now who still believes that proprietary software from US 
>suppliers is free of back doors and surveillance tools?  When 
>Microsoft rummages around your computer in the process of 
>"installing a live update" I wonder what else it might do?  I can't 
>imagine the US National Security Agency hasn't been to see 
>Microsoft, Symantec, ZoneLabs and other suppliers of widely used 
>"free" software.

They'd be mad not to, given their objectives and terms of reference.

Here's a section (excised, but then leaked) from the Walsh Report 
(Review of Policy relating to Encryption Technologies), prepared in 
1996 by the Australian Attorney-General's Department but suppressed 
prior to public release:

>>6.2.10.      The opportunity may present itself to the AFP, NCA or 
>>ASIO to alter software located in premises used by subjects of 
>>intensive investigation or destined to be located in those 
>>premises. The software (or more rarely the hardware) may relate to 
>>communication, data storage, encoding, encryption or publishing 
>>devices. While some modifications may have the effect of creating a 
>>listening device which may be remotely monitored by means of the 
>>telecommunications service, for which purposes extant warranting 
>>provisions would provide, others may create an intelligent memory, 
>>a permanent set of commands not specified in the program written by 
>>the manufacturer or a remote switching device with a capacity to 
>>issue commands at request. The cooperation of manufacturers or 
>>suppliers may sometimes be obtained by agencies. When manufacturers 
>>or suppliers are satisfied the modification has no discernible 
>>effect on function, they may consent to assist or acquiesce in its 
>>installation. It will not always be possible, however, to approach 
>>manufacturers or suppliers or the latter may be in no position to 
>>consent to modification of proprietary software. When agencies are 
>>investigating a high priority target, practising effective personal 
>>and physical security, moving premises and changing telephone/fax 
>>regularly, an opportunity to access the target's computer equipment 
>>may represent not only the sole avenue but potentially the most 
>>productive.

from http://www.efa.org.au/Issues/Crypto/Walsh/chap6.htm

The parts of the report in red are the excised sections, and make the 
juiciest reading.

The point is that the AG's department considered it sensible for ASIO 
to approach manufacturers of computer equipment and ask for back 
doors to be inserted. If they think that little old ASIO would be 
likely to gain cooperation, then it must be considerably easier for 
an agency with the resources and clout of the NSA. Google for NSA_KEY 
for an illuminating leak on this topic.

If I were running an international signals intelligence agency, I 
would without question insert a keylogger into the core of every 
commercially available operating system. What's more, I'd hire a 
small team of brilliant coders to insert one into the Free/Open 
Source systems as well, via the compiler (GCC). I once heard an 
address by the author of a widely used C compiler, describing how 
he'd placed a backdoor (for himself) in such a way that it was 
impossible to find it by reading the source code; the back door also 
removed any traces of its presence. I forget exactly how it was done, 
and can't find a reference to it - can anyone remember the source of 
this story?

>    It seems that an interesting political and cultural division may 
>be forming between Europe and the US.  I wonder whether this may 
>mean an independent IT&C industry forms there?  Now where can I buy 
>a firewall of European origin?

Unfortunately this would buy only a false sense of security.

>>It may be the greatest intelligence scam of the century: For 
>>decades, the US has routinely intercepted and deciphered top secret 
>>encrypted messages of 120 countries. These nations had bought the 
>>world's most sophisticated and supposedly secure commercial 
>>encryption technology from Crypto AG, a Swiss company that staked 
>>its reputation and the security concerns of its clients on its 
>>neutrality. The purchasing nations, confident that their 
>>communications were protected, sent messages from their capitals to 
>>embassies, military missions, trade offices, and espionage dens 
>>around the world, via telex, radio, teletype, and facsimile. They 
>>not only conducted sensitive albeit legal business and diplomacy, 
>>but sometimes strayed into criminal matters, issuing orders to 
>>assassinate political leaders, bomb commercial buildings, and 
>>engage in drug and arms smuggling. All the while, because of a 
>>secret agreement between the National Security Agency (NSA) and 
>>Crypto AG, they might as well have been hand delivering the message 
>>to Washington.

from http://mediafilter.org/CAQ/caq63/caq63madsen.html (and many 
other sources if you care to look).

Yours in plaintext,

V.
-- 
Viveka Weiley, Karmanaut.
{ http://www.karmanaut.com | http://www.planet-earth.org
    http://www.MacWeb3D.org | http://sydney.siggraph.org.au }
Hypermedia, virtual worlds, human interface, truth, beauty.