 You know that dream that everyone has that they're running late for eighth grade midterm exam or final exam for class that they've never Signed up for but they've discovered it in my case It's always eighth grade and and I'm not usually wearing any clothes in the dream. Well, I'm having that experience right now because I'm not a computer security guy. I'm not a hacker. I'm something much less I'm a professor of political science and what I'm what my colleague Kenneth Gears And I want to talk to you about is whether and how what you all do what you do so much better than And in greater detail than I could understand whether it could have a political impact and in particular whether it could matter for international politics what I study the use of force Conflict war and so that's what we're going to talk about today and the answer for those of you who want to the bottom line And then go home is yeah, you could have an effect For good or for ill and we're going to focus on the ill sides in the briefing But in the Q&A if you want to talk about the good sides of it We could go there as well now we're going to cover the the concept of asymmetric warfare and Expand that to a concept of globalized information Globalized warfare and then put it all together with hacking so globalized asymmetric hacking how that could affect it We're going to focus in on a one case in particular the Middle East conflict and how hacking has Been a part of that conflict and then we're going to bring it back to the United States and also focus on What we consider to be the most powerful cyber weapon with and then a look for the future But we got to begin with the idea of asymmetric warfare, which is the idea of As old as Sun Sue I mean this is thousands and thousands of years old although a lot of beltway bandits in DC get money Sort of reinventing this term But what it means is going after the other side's weakness rather than going after the other side's strength so leveraging a perceived weakness that you have And turning it to a tactical advantage sort of going after the will of the opponent rather than going after the heart of their strength and Of course, it's used by terrorists. It's used By the media. It's also arguably part of the computer hacking code as well and Obviously hacking it lends itself to asymmetric Involvement it the internet is the anonymity of the internet the deniability particularly if you're a nation-state Involved in this kind of activity the deniability that comes from An internet attack. It's also very affordable So if you are poorer or have less resources than the US Defense Department, this is an attractive Force multiplier for you But the ones I want the aspects I want to emphasize because I think it's the most important one is The ability for subcultures to connect and to mobilize The ability for non-state actors to join the fight now This is a move away from the modern state if you guys were stuck in my lecture on Political science intro 101 we talk about the modern era where the state has a monopoly on the legitimate use of force That's what characterizes today But what is what is emerging is a system in which the state does not have a monopoly is not the only Actor and is not even in some cases the dominant actor and via Cyber involvement many other groups subcultures Like-minded left-handed supporters of governor dean who like cats whatever that kind of thing can organize find themselves and Can have an impact on politics and even on international politics Particularly the posse's of the willing joining the fight who might otherwise not be willing to join a Physical kinetic sort of throwing bombs at each other fight, but they might be willing to join a fight on the internet It's global not international. It's not just between states as I've emphasized. It's it's Transnational actors throughout the states it's people in the United States who are fighting in in fact on behalf of another country That the United States is not even a party to the conflict and vice versa and it's in heavily involving Commercial interests commercial interests that are associated with the state for instance are viewed as an extension of the state and when we get to the Middle East case We'll explore that or else a commercial interests that are just lucrative targets and able to Able to be hit It's all part of a broader trend called the outsourcing of war The infamous Halliburton which is supplying logistic support for the military and then the groups like black water security Which provide security functions on the battlefield? This is all part of a trend to outsource Functions of the government or the military used to do for itself. Well What we're talking about today is that a further extension of outsourcing or allowing for groups to be fighting when they're not even enlisted into the the military of the combatants and Corporations we would argue are not just targets, but they may also be involved in the attacks as well Well, how do you do it you it's a posse of the willing It's if you recall the Spanish Civil War I maybe the roadie is old enough to remember the Spanish Civil War in the 1930s, but the It was it was a war that involved that That stimulated the captured the imagination of people all over the world who decided to grab a gun and go join and fight on behalf of the Republicans not the Current republics, but the in the Spanish Civil War Republic the Well Hactivism is sort of the modern-day equivalent of that giving everybody a chance to say, okay I'm gonna I'm gonna Effect the course of history. I'm gonna get involved in this thing I care about that conflict and I don't like what is going on and I'm gonna do something about it Well doing something about it Expands the battlefield and extends the participants and Increases we would argue the conflict in interesting ways that are beyond the control of the the government and there's a Great story that my colleague told me don't tell this is too much of a professor thing But the how the Indian and how India became a Possession of the current of the British crown it started with the corporation going corporation going getting itself in trouble couldn't handle the problem the Missionaries were involved private groups were involved and eventually called in the British regular army and Queen Victoria became Empress of India it was almost Accidental not quite accidental, but it was almost accidental and it was emerging of corporate and private interests That had a profound political effect and we're arguing that something like that could go on in the cyber jihad Arena well, what are the we're talking about the most obvious forms of attack or the denial of service attacks and and sort of web-based Basements, this is if you're a business this could mean loss of revenue that could be quite profound if you are a Business on the edge for the government It's not going to bring the government to its knees But it could have a profound loss of face and as we'll talk about at the end In the context of a crisis where government leaders are trying to control The course of the diplomacy it could have the effect of taking that diplomatic contest out of control They're a related topic, which we won't go into in much detail is the question of nation-state hacking government's actually doing this In an organized and systematic way That we'll touch on that briefly, but not we're mainly interested in these individuals and individuals Doing this for a political reason. So you go to the zone H statistics and you see that of course most hacking is done In a classic individualistic way because because it's there because it's fun because Whatever, but then look at the two that we've checked their patriotism and political Reasons arguably that you attacked a site that was identified with a group that you oppose for political international political or Domestic political reasons that's roughly one-fifth of the activity is that that's a profound subject And that's what we're that's the focus of of this Topic is about the one-fifth that is done for political reasons What's the most that that's within the last couple months that statistic. Yeah But yes, of course it changes, you know on a daily basis. Oh Is it trending good question? I don't know the answer to that question have to go back and check Cyber the of course the problem with the cyber attack if you are on the receiving end of it is Identifying the source so that you can know what to do about it and the the If you're a nation-state and you are on the receiving end that begs the question Do we go the law enforcement route? Do we go take the law into our own hands the re direct retaliation route? Do we take a conflict that is bothering us on the at the cyber level and take it to the kinetic level with? With a bomb you've you bomb us with spam. We bomb you with bombs that kind of thing There's a problem with that and it's the last bullet there. What do the lawyers say the lawyers frown on that sort of thing It's it's illegal, but of course state-sponsored hacking occurs every day this we're not confirming something that is not known to you and It there's also the interesting related problem of patriotic hackers. That is individuals who are Doing this as part they see themselves at least in this instance as an extension of the state where they are Doing something on behalf of the state to advance state policy in in some contest Of course when the state is involved directly it raises all sorts of questions about The the chain of evidence so that if you are going to go to law enforcement Around many of the hacker activities that the US government might be involved in to get the evidence cannot be introduced in the Court of law and so it produces problems. That was the case with the FBI sting in Russia that you're all familiar with I'm sure and While it's hard it may be unpopular to say this after the spring of Abu Ghra'i But the US is in this particular vulnerability because the US tries to follow international law at least is exposed to greater appropriate greater criticism when it doesn't follow international law then Then other entities and so the US has a particular vulnerability in in this area Let's focus in now on the specific case of the the Middle East and and Kenneth will go and explore that in greater detail Okay, this is our case study and In one of the first thing I want to say about the Middle East side wars is obviously there has been fighting going on in The Middle East for a long time and probably will be in the future But currently there is a new avenue to participate in this fight And that's via the internet and the interesting thing about it is you can be anywhere like for instance with the United States Within the United States, there's a sizable Palestinian population a sizable Jewish population But also plenty of folks who may maybe closely identify with one side of the other and they've taken part in this heavily from the United States Another aspect to it is that the cyber attacks have largely mirrored and even just Closely followed the activity on the ground the intensity of fighting and we'll show you that case cases of our kidnappings and Suicide bombings in which right after it there was a there was a an upsurge in cyber activity Probably way less than a count a hundred core hackers But we'll show you the websites the web portals that they have written and put on the internet Such that you can just click a couple of buttons on your computer and go to sleep at night and allow your Resources to be used overnight in a cyber attack on the other side It's kind of like if you're familiar with the setee project, which is looking for extra terrestrial life You can do the same thing. It's it's really very cool The the volunteers go way into the thousands and they can provide brute force scanning power denial of service power And they're from all over the place here are some of the homelands of the volunteers on the left side You can see the Middle East and and on the right you'll see the United States and Europe is in there In interesting cases Brazil for instance, if you know anything about the relations between Brazil and the United States There's some tension there and they have a very healthy hacking culture in Brazil And they were more than willing to lend their services to this cause they teamed up It was kind of a spontaneous alliance with pro-Palestinians and got involved in this conflict On on the other side well the other side the other the side of the pro-Palestinian movement and the United States One of their targets You can see all of the government sites That were effect by denial of services or web defasements and you'll see the part from the United States here They only come come confirmed kill that I have is is in the Middle East Either in the Middle East. I mean it's either Jewish Arab or Muslim country Here's some of the cyber tools Ping of death, you know the 64 pkp killer packet that will Take down your system if it's if it's old enough or sorry enough Evil ping very interesting Distributed not as distributed ping of death that was designed in particular for this war So came and came along at this time Ping floods were very net net floods were very common I'll show you during this time period and we'll show you a great case of the windsmurf in which a Popular Arab website was taken down just with a 56k modem in particular. I'm going to show you Defend attack here. Okay, this was very popular at the time and you're just overtaxing a server with web requests But at the time this was this was a novel method. It was Basing your requests on the current date and time so that the web caching mechanisms, you know If you're going to request another page within, you know, the two or three minutes, you know It was just going to say hey, why don't you keep the information you've already got it's probably the same In this case you kept making the web request a script was written such that the date and time would always change So a second later you're forcing the server to to give up the information again There was many versions of this Distributed in a lot of mirror sites around the world including as far as way as the dot to domain And who knows who that belongs to? Tonga, where's Tonga? South is a huge brilliant. I can believe it. I expected a far fewer. Anyway, they're participating in Tonga in the Arab-Israeli conflict and they got no idea and very interesting Now the attacks Focused on either side was a bit different the pro-Israeli the unofficial Middle East hacker war was begun Unofficially on the Israeli side but tended to focus on Extremist terrorist political sites the pro-Palestinians in their counter-attack. They had a lot more lucrative Commercial targets to go after and I think it was only a couple of months into it before the pro-Israelis thought maybe they had started a war for which they were More ill-prepared Than the other side you see all the types of targets In particular they would find you know the channels of communication that were being used Not only by the leadership figures in politics on the other side, but also by the hackers on the other side And they would go against them you know they would target them and in particular You know they would target them to steal any cool new tools that were out there rewrite them to attack the other sides Sites here is the unofficial start to the war October 25th 2000 here. This is the Hezbollah site run out of Lebanon and you have to you have to also look at the context of What was going on at the time this at this time there were kidnappings of Israeli soldiers that had occurred in Lebanon and If you've ever been to Israel you know that they really live minute to minute in that country Based on the news. I mean it's crazy. It's it's far more intense than it is here. So That was in the news and some Israeli hackers got together. They said be terrific if we took down this site So here's the Hezbollah site the Hezbollah followers They go to this site and instead of seeing what they expect to see they hear their computer speakers begin the Israeli national anthem There is Hebrew writing on the site. There's English writing on the site explaining, you know, the Conflict from their perspective, you know, they're explaining. This is great Propaganda tool. Okay, so let's go on for a second and I'll show you here's a site giving a lot of Instructions on what to do right during this period here, you know, here's an email for you to go after webmaster at Hezbollah Here's the Palestinian national authority site here. The IP addresses to hit Wazel.com was a web attack portal on the pro Israeli side and it had a lot of downloads I couldn't fit everything on here But just below these were Hezbollah web storm zip email bomber zip things like that And this is cool. Okay, so what what, you know, one of the levels on which attackers want to get you is they want to make their Attacks sticky. They want them to be difficult for you to get out from underneath them So you want to think, you know, like in chess you want to think a few moves ahead, you know Who wants to be stuck on the current move? so what they did when they started this is they bought up a lot of Spellings and misspellings of the Hezbollah Word, you know, the transliterated from the Arabic and so they were ready. So when Hezbollah wanted to Maybe try a different spelling registering a site or their followers wanted to try a different spelling to get the information They were after there was more Israeli propaganda So they had already bought Registered and configured these sites Here are some of the Israeli hackers and some of these guys were primarily known and still are for attacking US sites The top two on the left very Shreedman and the analyzer Both of whom at 18 years of age one during the first Gulf War and the second during the second Gulf War Hacked the Pentagon and they eventually, you know, were caught for it And most of these guys went on to of course to start their own You know, they got arrested and they go on and eventually start their own computer security companies Just like to 2xs is very interesting and that's part of the evolution of this the analyzer Ehud Tannenbaum When the Middle East cyber war started he had this company up and running 2xs and he See he sent out letters to Israeli companies around, you know, Israel So you have security problems on your site. So they were scanning the IEL domain We can protect you from malicious hackers belonging to Islamic groups. They signed it the white-headed hacker group He was also a part of the Israeli internet underground on the bottom there on the right And that was a group of Israeli techies from various firms who were trying to educate Israelis about what was going on from the Palestinian side Here's a picture of some of the guys who were involved in this setting up a web portal in this portal It was designed to conduct ping floods against in particular Hezbollah and Hamas They put their pictures on here, which is kind of interesting. I mean, does that mean that they don't fear law enforcement in Israel? Or they're just not so smart. I'm not sure Here is what hacker or hacker group in Israel Mossad and if you didn't know Mossad is the name of the Israel intelligence service and so they took the name from that to throwing in an O and They have 67 defacements here And this is the period really and when the hacker war was hot and you can see the stars indicate special defacements which are government and or military And here you can see, you know, they're hitting Not only dot IR dot QA Qatar Iran United Arab Emirates, they're moving out to that PK Pakistan and others But then you can see they also have to search for the the dot com and the dot nets We'll talk about in a minute how a Great of a target Israel was for the counter attack Because most all of their sites were dot IL. It really was a nice fixed target for folks around the world To methodically work through and it ended up actually in some rather funny situations targets of pro Israeli hackers Largely, they were political in nature The Hamas was a very interesting case What happened there was actually such a great hack that a lot of people begin to speculate that Israeli intelligence was involved In the affair, but when folks wanted to go to Hamas dot org, right? They were rerouted to a couple of sites lesbian sex and raw sex videos and Whenever the surfer tried to close their browser another one would just pop up in its place and send them back to these sites And and Hamas had such great difficulty Getting rid of this attack that there was some speculation at the time that you know serious professionals were involved Okay, let's look on the This is the one of the current things I found and this shows a bit of an evolution my god. Org is a is a Self-proclaimed Israeli hacker Collective and this is this is current stuff and it shows more of an evolution and one of the reasons I want to throw this in here is it shows sort of a cross-section of this hacker group which Arab or Muslim hacker groups might have in common with Americans and others you can see on this site References to indie media which is sort of an international independent media organization You can send you can see references to the ruckus society, which is an anarchist group Which was largely behind the WTO? Disruption in Seattle in 1999 and part of this site is devoted to Advertising their jabber instant messaging encryption protocol Which was is used for groups around the world, you know, and it wasn't you know They're not trying to limit it necessarily here to Jewish groups But to to allow them even instant message in encrypted fashion Okay on the counterattack was very quick on the other side and actually very powerful And I mentioned earlier very quickly the number of sites defaced in DDoS went well beyond What the Israelis had done and some of them were quite effective Israel's email system Including at the Israeli foreign ministry was down for a long time and then e-commerce sites were hit I mean this this is the this is the thing the there were a lot more lucrative targets in Israel and potentially Israel had more to lose You can see that in Israel there are more internet connections than all of the Arab countries combined and you know it's you know just the nature of the states and I'll really get into that but Suffice it to say that the more targets you have the more vulnerable boxes you have And potentially the more you have to lose Here's some of the pro-Palestinian hackers Arab hackers org is place you could go to to meet and greet and see what was going on And share tools Doty was a terrific hacker who was involved in Attacking net vision and net vision is the largest ISP in Israel through which about 70% of internet traffic runs So obviously just from the standpoint of quantity you're talking about a very juicy target, but also Very interesting Who do you think runs the internet? Connections into and out of the occupied territories the West Bank and Gaza Why of course it's Israel and it goes through net vision. So if you wanted to You know to hit back at the Israelis in that way potentially Contacting these people are disrupting that service You had to go through Israel in the first place and that also explains for instance Well, you're probably not likely to see a lot of great hacking activity to come out of the territories But it's gonna have to come you know with it with you know from without that immediate those immediate borders g4's Pakistan all mentioned because they brought a lot of experience Into the conflict immediately they entered the Middle East cyber war on November 3rd 2000 and On the very first day they entered the war it was immediately apparent they had brought a lot of Tradecraft and experience from the wars the cyber wars they had carried on over cashmere with the Indians hackers And so on November 3rd 2000 Israelis found a tons of their sites had been hacked and there was lots of information Asking whether the Torah allowed the killing of innocent women and children and showed Palestine and flaming letters and a lot of stuff that they hadn't seen before Here you can see on the pro-Palestinian side and this is your chance You know if you have a cause out there that you for you know for which you'd like to create an attack portal You can see what was done here in the Middle East You know you've got to help people out here You know a lot of people that you know with their with you know their experience on the web you've got to tell them You will attack these IPs. You will attack these domain names You know, but really all you have to do is click here I'll just just read for you what it says below it says upon clicking defend the resistance an Automatically program file will be ready to stage counter attacks against the Zionist sites This counter attack will continue as long as you have access to the internet One small window will be opened for each link you click and all you have to do is not close this box While you're on the net and the program will automatically work. So make it very easy for these folks Propaganda is something we really want to emphasize here I mean is a web defacement or potential a denial of service so that folks, you know may or may not See or feel if their e-commerce site is down for a couple hours compare nearly as much to a picture of Somebody you potentially identify with lying dead in the streets probably not This is something that is asymmetric in nature Extremely powerful and again, you know in this case the weaker side Relatively speaking. I don't know it's a little either side or take take One side or the other. This is something that in this case very powerful in Palestine and in Iraq now Obviously vis-a-vis the United States Here is a group very interesting a little bit more professional These are professional hackers that had got together and developed a plan to attack Israel Forced that plan first hit Israeli official Israeli government sites Second you hit economic sites the Bank of Israel and the stock exchange Three you want to hit the internet service provider infrastructure in four They wanted to affect Israel's ability to support its security forces on the ground So in any of which way you were able to do that You know was terrific now on this site There was an oath and I want to mention this because very interesting if you post attack tools on the web But they might you know, you might not have any unless you pass were protected obviously But in this site there were on this site. There was an oath is it? I swear that I will not use any of these programs against anyone, but Jews and Israelis All right, so There you go now here's an example of a non cyber cyber attack This is very interesting. I want to read this to you as well. This says Now this is oma.com is a very popular very important site in the Arab world And they had allowed an attack portal to be established within their site However, it says We have been reformed we've been forced to remove this site the bandwidth providers to our ISP after receiving many Complaints from Zionists and their supporters in the UK have threatened to cut off our internet connection if this site is not removed We have therefore removed this site in order to keep the rest of oma.com online most sincere apologies the oma.com team and of course the beauty of the internet was this was quickly up and you know several other places You know for the attackers to to access. However, you know, it's important to know that you know I mean that a site with commercial interests with a site with that is prominent on the web Might not be the best place to post your tools Okay, here's some pro-Palestinian targets and again I'm just want to mention a couple because we've already covered some of this material the Israeli army got hammered during this period and So they contracted out to the lower right side AT&T for backup support Now, who do you think was the next target on the Palestinians list? Okay, they AT&T itself Became the target of a lot of pressure around the world even g-force Pakistan started rerouting their traffic to quest There was an email campaign to boycott AT&T. I mean, that's a that's a serious threat So AT&T had to decide what are we gonna do here? You know, this is terrible But they decided that they had no other choice But just to declare that they were going to defend their network and their decision to support the Israeli army Another great place was APAC if you don't know about this organization the Arab Israel or the what is it the American Israel Public Affairs Committee in Washington and APAC had its site broken into and its database is stolen So this included the email addresses personal information and credit card numbers of all their members You know, this is huge. You can post that stuff on the web or you can just use it for your own Your own pleasure Okay, we mentioned net vision and how important that was already Well, which brings it back to the United States So one of our arguments is that this will get to the United States Any conflict will eventually get spilled in and involving the United States just because as the largest player in international politics And the largest target in terms of Internet site We become get sucked in But there is a wonderful wonderful. There is an important case where the u.s. Was directly involved in Recall in May 2001 a EP3 spy plane Navy spy plane was forced down in in China and and for Several days there there was a high-level diplomatic Conflict between the United States and China of what to do with this plane eventually the Chinese Disassembled it and returned it one piece at a time But while this was going on there was Tremendous tension and it was one of the earliest well was the earliest Severe crisis that the Bush administration had to deal with and there was effort by the Bush administration and the Chinese to seek a Resolution at a lower level of tenure. They were trying to get their hands on it. This wasn't quite the Cuban missile crisis where nuclear Weapons are involved in staring at at the abyss But it was a serious crisis in which the government was trying to to shut it down. Well in the midst of this a In tandem if you will with the diplomatic give-and-take a hacker were almost erupted between the u.s. And and Chinese activities there were there was Hacker portal set up to attack the Chinese from the u.s. Side for the Chinese to attack the u.s The u.s. Was particularly effective in retaliation to an individual or a group called poison box We don't know much about them if someone out there and does wants to come up and tell us more afterwards We'd like to hear that but it showed the It was pouring gasoline on a fire that the diplomats at the top were trying to tamp down as it happened it didn't The crisis ended peacefully and and the war sort of fizzled the hacker were fizzled as a result interestingly a year later the Chinese Hacker community so they were going to launch sort of a demonstration attack this the next year on the anniversary And and then mysteriously it was called off just a few days before Suggesting that there was a fair bit more centralized command and control on the Chinese side perhaps even Government involvement we're getting the high sign the hook here. Let me just Emphasize a couple points in closing one is that while this matters We're not pretending that this is as important as weapons of mass destruction blowing up or or even old-fashioned Terrorist acts that where people are dying but nevertheless it has the potential to expand and extend the conflict that is Happening at the kinetic level and it provides an avenue for people to get involved who might not want to or I mean Who might not be willing to be a suicide bomber? But might be willing to join in a hacker war what the governments can do in response is limited as you know And there is it's very unlikely that international agreements are going to Erase this problem Can this kind of hacking actually affect and influence ongoing military operations? Yes, it can we think It can to a lesser extent but perhaps primarily through propaganda and one of the interesting new forms of vulnerability are all of the military Blogging that goes on with soldiers in the fields are keeping blogs of what they're doing Giving the opportunity to hack those sites and and sort of poison the blogs Could it spark a real war probably not but it can complicated and it bears emphasis that the political leadership that are trying to Control a conflict or a contest may be wildly disconnected from the Internet or the cyber realities that are going on and there's no time for this But I'll tell you my story afterwards about Oliver North and how he was caught because he didn't understand about email We can talk about that afterwards the most powerful cyber attack of all though is the Propaganda one and these are the picture infamous pictures of Abu Ghraib when they're true and horrible pictures like this one They can be effective, but they don't have to be true to be effective the British got hit with fraudulent photos That nevertheless had a very profound effect on British morale And got the British in trouble even though they were they were clearly faked and with that sobering Bit of conclusion. Why don't we wrap it up now? Thank you