Information warfare is seen by most as a war fought over computer networks where legions of hackers are looking for chinks in the enemy’s computer system and trying to bombard them with hordes of viruses, worms, logic bombs and Trojan horses. Information warfare is also perceived as psychological manipulation through the media, writes Prashant Bakshi
The more an army knows about itself and its enemy, the more stronger it will be in battle.
INFORMATION has always been a crucial element in war. But it was during the Gulf War in the early 90s that a new dimension to warfare was added — information warfare. The CNN broadcast worldwide how a comparatively smaller and less expensive military force could overcome a larger force by gathering information. Nations all over the world sat up and acknowledged the fact that information warfare had truly arrived.
Information Warfare is seen by most as a war fought over computer networks where legions of hackers are looking for chinks in the enemy’s computer system and trying to bombard them with hordes of viruses, worms, logic bombs and Trojan horses. Information warfare is also perceived as psychological manipulation through the media.
The military version of IW includes command and control warfare, intelligence -based warfare and electronic warfare, while "hacking" into the enemy’s vital infrastructure networks like banking, railways and airlines or information manipulation by mass media are non-military form of information warfare. Both ‘hacker-warfare’ and ‘information manipulation’ are vital forms of IW, and can be used as tremendous force multipliers in a conflict.
Hacking has a mysterious undertone to it, and is an extremely misunderstood profession. Fundamentally, hackers are a breed of highly intelligent software programmers who are truly creative in nature. Authors of malicious viruses and worms like ‘Melissa’, ‘I love you’ or ‘Lovebug’ were virus writers and not hackers. ‘Mafiaboy’ — the 13-year-old boy who defaced the CNN website --was again a cracker and not a hacker. For the purpose of convenience or probably our fascination for the term, we have termed all kinds of illegal computer activity as hacking. It may come as a surprise to most that the information revolution we are witnessing today would not have been possible without the contributions from some of the famous hackers of the last century. The ‘C’ programming language and the UNIX operating system owe their origin to Dennis Ritchie and Ken Thompson, both hackers employed by Bell Industries. More recently and quite convincingly the best hack of the decade has been the development of ‘LINUX’ — a UNIX clone by Linus Horvalds. What is unique about Linux is that it is an open source program, available free along with the entire source code, and can be downloaded from the Internet by anyone. LINUX is in fact fast gaining popularity as an operating system, and might even topple Windows as it gets a friendlier Guided User Interface. The success-story of LINUX, where hackers around the world helped in co-development of the operating system through the Internet, is an indication of what hacking is all about.
As each profession has its dark side, so has hacking. It takes years of hard work and perseverance to make a mark as a hacker. It took Linus Trovalds nearly seven years to get LINUX in the market.
Unfortunately, not all hackers fall in the category of Linus Trovalds. There are some who are not skilled programmers and these hackers turn into ‘crackers’ or ‘virus writers’ and either accidentally let out malevolent viruses into networks like the Internet, or deliberately create mayhem by distributing vicious software and get their high out of the media coverage they get. The recent outbreak of the ‘Lovebug’ virus was traced to Onel De Guzman, a 23-year-old student at Manila’s AMA computer college. Guzman had submitted a thesis proposal "E-mail password sender Trojan", which was rejected by the college authorities as it was considered illegal to retrieve or rather steal Internet passwords. Later, Guzman confessed responsibility for the onslaught of the ‘Lovebug’ virus which was based on his rejected proposal. The virus not only wrecked havoc on e-mail systems around the world, but also caused damages to the tune of nearly $ 15 billion.
Law enforcement agencies worldwide are alarmed at the ease with which website infringement and virus attacks are being orchestrated and executed. Hacking or intruding into a system is no more a professional assignment. To make things simple, most of the basic hacking tools like password crackers, sniffer programs and domain scanning tools are freely available on underground hacking sites on the Internet.
The typical modus operandi of a hacker comprises three phases. The first phase involves acquiring suitable tools, which is as simple as playing a game of solitaire on a PC. Well armed, the hacker’s next step is to cover his trail and most hackers are careful enough to avoid using personal Internet accounts, and usually connect to a proxy server and bounce off to a system that has already been hacked into before trying to hack into the targeted system. Having done this the hacker breaks into the system, gets total control of the system runs sniffer programs to get secured and sensitive
information, including passwords to bounce off and hack into other systems. The cycle goes on and on.....
Living more dangerously are hacker groups with ideological missions, who may have political activism as a driving force behind their hacking activities. The ‘Lovebug’ and the other recent virus attacks have led the US federal agencies to believe that there are a number of underground hacking groups operating in the Third World countries who are thriving on international virus propagation and subversive hacking activity. Politically-motivated hacking groups in recent times have broken into the Pentagon network, sabotaged the CIA website and penetrated into the BARC network. This is an offensive form of hacker warfare where hacking groups not only steal sensitive data but also motivate themselves by penetrating high security networks and derive satisfaction by outsmarting the developed world’s high-tech computers. The international hacking watch lists includes Pakistan in its list of countries with emerging hacking hotbeds. This should be viewed with grave concern in India, in fact the Pakistan Hackerz Club (PHC) has been making regular runs against Indian Internet sites.
Offensive hacker warfare is an ideal terrorist weapon as it is inexpensive, easily smuggled, can be used from a distance and is virtually untraceable. Hired or more aptly ‘mercenary’ hackers can be employed to disable important military and civil networks. In such a scenario it becomes absolutely mandatory for a nation to indulge in defensive hacker warfare. India, with its ambitious IT action plan which includes a National Information Infrastructure, to network the entire nation, needs to concentrate on defensive hacker warfare to protect the NIIand other internal systems. In the world of hacking ‘you set a thief to catch a thief’ holds good ground and a network is best protected by testing its security using own friendly hackers.
Interestingly, a number of reformed hackers are working as security consultants in computer security firms. As far as Internet security is concerned, the thrust should be on technology and not on laws. The present trend of installing ‘firewalls’ offers the best available protection to the Network against attacks like DOS-denial of service and viruses. A firewall is a combination of hardware and software that acts like a filter between the Internet and the users network. It can blackout rogue users and unauthorised data packets from entering into the users’ network and can be supplemented with an anti-virus scanner to scan incoming e-mail messages. Apart from these measures, standard procedures of regular data backups and frequent changing of passwords (alphanumeric) goes a long way in network and information security.
Democracies the world over face another information based threat, that of information manipulation. The Internet with its worldwide connectivity, is an ideal medium for an information, or rather disinformation campaign. Pakistan’s disinformation campaign on Kashmir has been highly active and a number of Kashmir-related websites, replete with radical fundamentalist ideas are doing the rounds of the World Wide Web. Psychological warfare is at its best with a website devoted on Indian atrocities in Kashmir and crimes committed by the Indian army complete with fabricated pictures. A far cry from the truth, but studies indicate that such disinformation and ‘psychological warfare’ operations are only likely to increase as Internet proliferation, newsgroups and mailing lists intensify and become more prevalent. A site called ‘Kashnet’ is already a very popular discussion list on the Internet devoted to issues regarding Kashmir and has a massive subscriber database all over the world.
During Operation Vijay, India did well by responding pro-actively to Pakistan’s disinformation campaign. Indian Army’s official website and some additional Kargil-based websites were quickly spruced up to disseminate the truth about Kargil. As Pakistan continued to deny its Army’s role in Kargil, Indian websites quietly uploaded scanned images of identity cards, ration cards and mess bills recovered from captured Pakistani soldiers. The Internet community scoffed at Pakistan as Indian Army’s chants of ‘Satyamev jayate’ or ‘truth always triumphs’ echoed well above the Kargil heights.
uPassword Cracker: A software to retrieve log-in passwords illegally
uSniffer Bug: A program that clandestinely looks for data, and ‘steals’ vital parts of the data when it is passing through networks
uTrojan Horse: A dangerous code inserted or hidden in some authorised program, like the ‘Trojan horse’
uLogic Bombs: A dormant virus which is activated by some signal to attack the host computer
uWorms/virus: Worms are a self propagating destructive programs while virus is destructive but not self propagating.
uSpoofing: Using a fake e-mail ID or web page add/URL to trick users into passing vital information like passwords or credit card numbers.
uChange login passwords frequently
uPasswords should be alphanumeric and at least 8 characters long
uNever use pirated software
uUpdate software regularly, manufacturers’ website post patches that can be downloaded for free
uCheck out security-related websites like antionline.com, cert.org, ntsecurity.net
uNetwork security should be tested by using own hackers
uInstall ‘firewalls’ for network security
uUpdate antivirus software every fortnight, Symantec.com, mcafee.com offer free downloads for their customers
uSoftware encryption can be very effective for sensitive data
uRegular data backups is a must