changing perceptions of cyber warfare presentation higher command course army college of warfare 18...

CHANGING PERCEPTIONS OF CYBER WARFARE

Presentation Higher Command CourseArmy College of Warfare

18 October 2003

2

Genesis of the Internet Rand thesis Internet a product of the cold war Paradigm shift – hierarchical to

networking Advent of WWW Gift of TCP/IP to public domain

3

CYBER ABUSES

CYBER TERROR

CYBER FRAUD

CYBER LAUNDERING

CYBER INFRACTION

CYBER HACKING

CYBER PHREAKING

CYBER HACTIVISM

SPYING

SPOOFING

SNIFFING

SPAMING

SPINNING

STALKING

SEEDING (Viruses, Worms & Trojans)

4

Maxim

The Internet is the high ground and a first termer in NDA will know that the first lesson that one learns is to occupy high ground and hold it under all costs.

5

6

Cyber Terrorism Threat The most potent threat vector. We are victims of polemics and politics of

definitions. What is terrorism? Is cyber terrorism a hype or for real?

7

According to National Information Protection Centre

(NIPC), ”Cyber terrorism is an act through computers

that results in violence death and/or destruction and

creates terror for the purpose of coercing a government

to change its policies.”

“Cyber terrorism is the premeditated, politically

motivated attack against information, computer

systems, computer programmes, and data which result

in violence against non combatant targets by sub-

national groups or clandestine agents”

CYBER TERRORISM

8

Cyber Psywar zoom Cyber anarchy is a vested interest. Anthrax, SARS and Melissa are more

psychological than physical. We are in permanent and perpetual

state of threat. The Motto: “We need to give them back,

something to live for, instead something to die for.”

Cyber security is now a big business

9

Cyber enabled Terror InfoInfra Terror threats. Propaganda and psyops. Communications; crypto, stegano, PGP Money laundering, hawala. WMD Int, tech snooping, contact with hackers

and criminals. Proxy operations. Transacting, shopping and scheduling in

contrabands, drugs and weapons Clandestine meetings and RVs, ICQ, IRC

10

Cyber Terrorism Threat (Contd) Asymmetric warfare anchors on

unpredictable “the unknown unknown.” Both the perpetrator and the victim deny

the impact if not the criminal/terror act. A virtual attack may coincide with real

one, e.g. imagine mayhem if Code Red and 9/11 were mounted simultaneously

11

----------------

1. Unknown hacker sends Code red worm out onto the Internet to find a vulnnerable host server

2. The worm propagates to other vulnerable servers, turning them into dummies that infect other servers. And this process continues exponentially

3. …Code red ceases to proliferate, and the numerous dummy servers turn to attack the White House website, attempting to overwhelm its server with junk communications

<whitehouse.gov>

12

Surveillance & Security Industry

The digital surveillance and security industry is spurting sharply.

It is expected to cross $50 billion mark worldwide by 2008.

13

Threats to Infrastructure The physical infrastructure threat. Ranges from compromising critical

systems to severely affecting them. Critical physical infrastructure, e.g.

power grids, water, railways, dams, hospitals, oil pipelines, TV and AIR stations, telecommunications, air traffic, or any other networked system.

14

Scepticism

“To us cyber terrorism is a lower-level threat”

Marcus Kempe, Director Operations,

Masachusetts Water Source Authority

15

Vitek Borden Exploit

A hacker Vitek Borden succeeded in releasing a million litter of sewage into the water supply in Australia after 44 attempts

16

India’s SCADA Systems SCADA stands for Supervisor Control

and Acquisition of Data – these are systems that are cybernated or computer controlled/

30 percent of such networks are accessible by modems connected to public switched telephone networks.

Employees are lax about manual backup.

17

Threat to Data Compromising critical computer

systems to steal or irreversibly damage vital data. More pronounced against military, R&D, defence production and other sensitive data.

More critical the data, greater the vulnerability.

18

THREATS TO INDIAN CYBERSPACE Muslim Hacker Club Al Qaeda network ISI covert Internet-enabled spy

network. ICT exploitation tactics. Pak “G” Force, mOs, WFD, PHC and

Silver Lords LTTE cyber hactivism. Mercenary hackers.

19

20

Cyber Crime – Wide Canvas Rampant misuse and abuse of e-

banking and e-businesses. Unauthorized access to data. Forgery of digital signatures. Infringement of intellectual property

rights covering patents and trademarks. Fraudulent subversion of electronic

payment systems. Spamming.

21

Cyber Crime (contd) Wars over domain names,

browsers and portals. Monopoly practices. Commercial spying. Porno Growing menace of intruders,

masqueraders, and saboteurs in the cyberspace.

22

Security Breaches (1997-2001)

0

20

40

60

80

100

(% o

f Res

po

nd

ents

)

1997

1998

1999

2000

2001

Respondents 1997 98 99 2000 01

CSI/ FBI 2001 Survey 484 583 460 428 503

DoS Laptop Unauth Virus Sabotage IPR System Telecom Fin

Access theft penetration fraud fraud

23

Threat Perception by US Defence Science Board in 1996

StateSponsored

Terrorist

Espionage

Criminal

Individual hacker

High

Low

Low High

Probability of Occurrence

Potential damage

1996

2000

2004

Source : Jane’s Intelligence Review, Dec 2000

24

25

CYBER SURVEILLANCE

Systematic observation of cyberspace by surfing, sniffing, snooping or other means. primarily for the purpose of locating, identifying, determining, profiling and analyzing by all available and predictable means the transmission of e-mail, movement of packets, file transfer, e-money transactions and subversive activities of criminals, cyber terrorists, hostile regimes and intelligence agencies.

26

CYBER SURVEILLANCE

It equally applies to watch over friendly elements to anticipate and prevent cyber crime and social abuse, carry out counter surveillance and find holes in own procedures and systems of cyber security

27

CYBER INTELLIGENCE

Cyber Intelligence is open-source information minus noise, gathered over the Internet

The product resulting from the collection, processing, integration, analysis, evaluation and interpretation of available information concerning hackers, criminals, terrorists, hostile countries and cyber operations.

28

CYBERINT

HACKERINT TERRORINT

E-MAILINTERCEPTION

WEBINT

OPEN INTELLIGENCECOUNTRIES OF INTEREST

COMMERCIAL& TRADE-INT

CYBERCRIME INT

IRC

SPYINGSNOOPINGSNIFFING

CYBERINT

BB

INT ON SECURITY PRODUCTS

ICQ

29

30

Sun Tse Precepts in Cyber Arena

PLA’s capabilities to spy in cyberspace is next only to Echelon and that of waging cyber war and protecting cyber assets next only to NATO.

The scope of Chinese Information warfare spreads over a wide canvas, military, social, economic and political.

Encompasses electronic warfare, attacks on “human cognitive systems,” cyber, signal and signal deception, strategic deterrence,

31

Cyber Warfare is all Deception and Ess Abuses propaganda warfare, psychological

warfare, network warfare, structural sabotage and trade warfare.

#The Chinese have no compunctions whatsoever for employing dubious tactics, machinations and subterfuge, e.g invasion of adversaries’ financial systems, use of computer viruses, human sabotage, disrupting enemies’ economies, or spreading rumours over the Internet and thus psychologically impacting society.

32

Doctrine and Training “PLA has successfully integrated the latest

C4ISRT (Command, Control, Communications and Computers Intelligence, Surveillance, Reconnaissance and Targeting) and information warfare techniques into its war doctrine.”

The Chinese have been conducting training in cyber warfare.

33

Sino-Taiwanese Cyber War 1997-99

@Eversince 1997 the Taiwanese and Chinese armed forces have been preparing openly for a long drawn hacker war.

@“The wolf has already come. Pick up your hunting rifle!”

@The most serious attack has been that of the Chernobyl virus, written by a Taiwanese computer engineering student, Chen Ing-hao.

@The virus reportedly impaired 3,60,000 computers in China and caused $120 million in damage.

34

Cyber War -1

@Whereas China accused Taiwanese complicity, the Taiwanese authorities maintained that it was an individual act of crime.

@The Guaangzhou Military Region, which includes the South China Sea Fleet and the Second Artillery units, was hit and was paralyzed.

35

Cyber War-1

@A state of emergency was declared placing the Nanjing Military Region and the East China Sea Fleet on second-degree combat readiness. This was the first time China’s military entered a second degree combat readiness since the death of Deng Xioping in February 1997.

36

Cyber war-1@ After the incident, the State Council and the

Central Committee Military Commission promptly ordered the formation of a task force composed of General staff Intelligence Department, General staff Technology and Communications Department, Ministry of Defence Technological Intelligence Department, Institute of Military Sciences’ Special Technologies Department (also known as Department 553), and Ministry of Security’s Security Bureau.

37

China is reportedly considering developing a fourth branch of its People's Liberation Army devoted solely to cyberwarfare.

"China’s military planners recognize that... over-dependence on information systems is a potential weakness... Combining information warfare - such as computer hacking - with irregular special and guerilla operations, would allow China to mount destructive attacks within the enemy’s own operations systems, while avoiding a major head-on confrontation." (For more on prospective Chinese cyberwar strategies, read Unrestricted Warfare [file is in .pdf format], a book of military proposals written by two young Chinese military officers in February 1999.)

38

China’s Cyberwar Strategies

For more on prospective Chinese cyberwar strategies, read Unrestricted Warfare, a book of military proposals written by two young Chinese military officers in February 1999.

39

Sino-US CYBER WAR 2001 This war started as a sequel to the

collision between American military surveillance plane and the Chinese fighter jet on April 1, 2001.

China launched massive attacks agains US Websites including those of

It's (Cyber) War: China v. U.S. Crackers Expand Private War FBI Warns of Chinese Hack Threat

40

Cyber War-2

The Xinhua News Agency reported that U.S hackers have defaced the websites of the provincial governments of Yichun, Xiajun and Beijing, the Deng Xiaoping police force,the Tsinghua and Xinjiang Universities, and Samsung's and Daewoo Telecoms' Korean sites.

41

Cyber War-2

FBI-led National Infrastructure Protection Center (NIPC) confirmed that Chinese hackers had been active in launching Web defacing and distributed-denial-of-service attacks on the Department of the Interior's National Business Center, the U.S. Geological Survey's site and Pacific Bell Internet Services

42

National Security Presidential Directive 16

President Bush signed a directive in July 2002, ordering the government to develop a cyber-warfare guidance plan. The strategic doctrine would detail when the U.S. would use cyber attacks, who would authorize it, what constitutes legitimate targets, and what kinds of attacks -- Denial of Service, hacking, worms -- could be used.

43

The Fifth Dimension The U.S. government and military have been

studying the possibility of cyberwarfare for years, although it has only recently become a realistic threat. The U.S. military is convinced that "operations within the information domain will become as important as those conducted in the domains of sea, land, air, and space." (Source: Joint Vision 2020).

44

The full extent of the US cyber arsenal is among the most tightly held national security secrets. But reports point to a broad range of weapons under development, including use of computer viruses or "logic bombs" to disrupt enemy networks, the feeding of false information to sow confusion and the morphing of video images onto foreign television stations to deceive.

45

Maxim An extraordinary amount of detailed

intelligence is needed about a target's hardware and software systems for mounting a large scale cyber attack. Commanders must know not just where to strike but be able to anticipate all the repercussions of an attack.

46

Indo-Pak Cyber War

* It’s desi hackers vs rediff.comPak G Force. N Vidyasagar The Times of India

www.ofbjp.org * War in Cyberspace, Priya

Ganapati, www.rediff.com

47

Al Qaeda – ISI Gathbandan Al Qaeda uses simple hacking tools, e.g.

LOphtCrack that can break 8 letter/figure password in two minutes. The tool is freely downloadable.

Al Qaeda doing recce of critical infrastructure in particular that of US, Russia and India.

Technical expertise: Khaled Sheikh Mohammad studied engineering in a university in North Carolina

48

Gathbandhan (contd) Some experts had training in

computer security. ISI ran classes at Qandhar and in Malaysia under Muslim Hacker Club. Reports suggest revival.

All money movement is done by e-mail and hawala. None dare burst it

Al Jazeera still gets tapes. Tapes Trail remains uncompromised

49

Al Qaeda connection A hacker in US opines, “Al Qaeda as a

network has known connections to ISI. ISI has contacts with hacker groups operating agaist other targets, The belief is that if you accept that there is connection between Al Qaeda and ISI and ISI is operating against for example India, then Al Qaeda (even in its present state) would be able to gain access to computer hacks and plan operations”

50

It may well happen in India Someday Al Qaeda, if it is still alive

and operating will use cybespace as a vehicle for attacking infrastructure, not with bombs but with bytes. It would inflict biggest possible damage with least possible investment.

Richard Clarke Presidential Adviser for Cyberspace Security (2001-2003)

51

Hato Ashwathama

Let us not be naïve. There are no ethics in cybersocietyWar will continue to be between

belief systemsFlesh and silicate pitched against

flesh and silicate

52

53

Technologies and Tools Black bag jobs Packet Sniffers Carnivore Red and Blue Pill Trap and Trace Omnivore Genoa

54

Technologies and Tools (contd) Protocol Analyser Blackice Defender Dsniff Ethereal Spyware, e.g. spyBuddy AntiSpy software

55

Blackbag Jobs A black-bag operation is a secret break-in

by a law-enforcement or intelligence organization. It involves secret search of suspected locations, copying files or other materials. Besides scrounging trash, elect- ronic and physical

surveillance, pen-tests are part of the game. The search sometimes leads to what the hackers call “Rat Racing.”

56

PACKET SNIFFER

A packet sniffer is a wiretap device that plugs into a computer network and eavesdrops on the network traffic. Like a telephone wiretap that allows an intelligence agency to listen in on the conversations, sniffer programme lets someone listen in computer conversation.

Carnivore is one such packet sniffer or

packet filter.

57

CARNIVORE: A PACKET SNIFFER

Carnivore acts like a “packet sniffer” down into bundles called "packets". Carnivore eavesdrops on packets that all Internet traffic is broken into and watches them go by, then saves a copy of the packets it is interested in.

58

Carnivore News of Carnivore broke in July 2000. Public furor. How voracious Carnivore

could get? Can it vacuum up Internet comns from innocent users? How frequently is it used? What is the legal basis? Is it permanently hooked up?

FBI came clean or did they? “Designed to conduct efficient wiretaps of e-mail and online communications involving suspected hackers, terrorists and other criminals.”

59

CARNIVORE

Carnivore is packed in a slim laptop and is described as “a tool within a tool” that enables the FBI, in cooperation with an Internet Service Providers (ISPs) to collect counter-intelligence by tapping e-mails or other electronic communications of targeted user. This is done on the court orders. Carnivore is used in two ways, viz. as a "content-wiretap" and a “trap-and-trace, pen-register.”

60

CARNIVOREBOX

Windows NT or Windows 2000Box with 128 megabytes of RAMA Ppentium 111, 4-18 gigabit of

disk space and 2 G Jaz Drive

HardwareAuthentication

Device

Network IsolationDevice

61

Carnivore Box

A COTS (Commercial Off The Shelf) Windows NT (or Windows 2000) box with 128-megabytes of RAM, a Pentium III, 4-18 gigabytes of disk space, and a 2G Jaz drive where evidence is written to

The software is written in C++

The box has no TCP/IP stack, and therefore it is hack-proof.

62

Carnivore Box

A hardware authentication device to control access to the box, preventing personnel from accessing the device without leaving telltale signs. It is a "network isolation device", which is probably a Shomiti or NetOptics tap.

Some units are rumored to have dial-in modem ports, but it seems that the standard procedure is to have an FBI agent come in daily to exchange the Jaz disk for a fresh one.

63

RED AND BLUE PILL

Carnivore comes in two pills, the “Red” one and the “Blue” one The former is administered when the ISP claims that it cannot or will not comply with the court order. The Blue Pill is a sophisticated Carnivore programme that scans only e-mails where the ISP cooperates for an investigation. The FBI explains the origin of the codename: "Carnivore chews all the data on the network, but it only actually eats the information authorized by a court order.

64

TRAP AND TRACE

A less invasive wiretap that courts in the US allow without probable-cause. A pen-register records just the telephone numbers of inbound calls to a suspect. 

65

IP Sniffing OMNIVORE

Earlier, the FBI was using Carnivore in a mode they call "Omnivore": capturing all the traffic to and from the specified IP address. There are numerous products that can fulfill these types of requirements. The easiest is the freeware program known as TCPDUMP, which is available for both Windows and UNIX.

66

DARPA’s GENOA

CARNIVORE is now known as DCS 1000

Effectiveness under doubt Genoa provides a cutting edge

search engine, sophisticated information harvesting programme and P2P computing methods.

Still in experimental stage.

67

PROTOCOL ANALYSIS

Network wiretap comes with a feature called “protocol analysis,” which allows them to decode the computer traffic and make sense of it. Network sniffing has a distinct advantage over telephone wiretaps as many networks use shared media dispensing the need to break into a wiring closet to install the wiretap. This can be done from any network connection and is called promiscuous mode sniffer. However this shared technology is fast changing to switched technology, which implies that sniffer would have to actively tap the wire.

68

BLACKICE DEFENDER

  BlackICE Defender" has a feature called "Packet Logging". It monitors all traffic to and from the machine and saves it directly to disk just like Carnivore. This feature could be used when there is apprehension of being subjected to an attack. The popular freeware utility known as

"Ethereal" can then be used to display the contents of this data. IP fing may also be done in a pen-register mode. Many packet sniffers could be used for this capability.

ICE stands for Intrusion Countermeasures Electronics.

69

Ethereal Described as sniffing the glue that holds

the Internet It is a freeware, network protocol

analyzer for Unix or Windows. It allows examination of data from a live

network Interactively browse the data. View summary and detailed description

of each packet

70

dsniff

Dsniff is a collection of tools for network auditing and penetration testing.dsniff, filesmart, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data, e.g password, e-mails, files etc. Its avowed purpose is to create security awareness. However significantly, it provides useful sniffing/wiretap utilities to hackers that are claimed to be more advanced than Carnivore. See http://www.monkey.org/~dugsong/dsniff/

71

dsniff Websites www.monkey.org www.datanerds.net www.ethereal.zing.org www.sysadmin.oreilly.com www.freshmeat.net www.groar.org www.packages.debian.org

72

dsniff Websites (contd) www.science.uva.nl www.cvsweb.netbsd.org www.rpmfind.net www.linuxsecurity.com www.packetstormsecurity.nl www.itworld.com www.online.securityfocus.com

73

Spyware - Capture & record every IRC. - Capture & record banking information - Capture & record passwords - Capture & record everything typed or clicked on computer Some of these software products have the ability to

send the above information covertly via email ! If you bank online or access password protected

material, your passwords or private banking information can be exposed!

74

SPY SOFTWARE Downloadable, worth 40 dollars or

so Monitor home PC from workplace

or vice versa Features: Real-time remote keystroke viewing Remote desktop viewing Remote application and task management Remote open windows management

75

Spy SoftwareSpyBuddy Internet Conversation Logging. Ability

to log AOL/ICQ/MSN/AIM chat conversations. Disk Activity Logging. Record all

changes made to the hard drive, e.g. directories and files, created, deleted or renamed.

Window Activity Logging Clipboard Activity Logging Website Activity Monitoring

76

SpyBuddy Printed Document Logging Keystroke Monitoring Screen Shot Capturing Webwatch Keyword Alerting

77

Remote Capture Remote system information viewing. Remote file system navigation Remote locking control Remote Internet connection monitoring Document history viewing Mouse freeze control Remote Website launching. Remote application launching Remote shut down

78

Anti-spy software SpyCop X-Cleaner Anti-keylogger Nitrous Anti-spy Evidence Eraser software, e.g. Window washer Evidence Eliminator Pro Evidence Terminator

79

Anti-Spy SoftwareSpyCop Find computer monitoring programmes used

for spying. Allows you to rename any suspect files Minimizes software while scanning so you

can do other things! You can right click on files in explorer and

scan them for spyware! Single file scan function built in complete

with browse capability Save results to a text file for future reference

80

SpyCop Print the results directly from the software SpyCop icon deters spyware installation Finds when a spy programme was installed. Checks if a spy programme is detectable

with database search "LiveUpdate" feature to instantly update

database without re-downloading! Unrecognizable to most spy programmes. A screensaver which scans the system

when the user is absent.

81

Virus scanners don't detect spyware & Firewalls don't stop it!

Many think someone needs access to your computer to install spy software. This just isn't true.

Now there are hybrid versions that can be sent to you just like a virus in email.

Why aren't more people upset about spyware?

82

83

Hacker (and terrorist) profiles are created not by identifying real

evidence, but by probing scenarios, resemblances and

similarities. Vranasvich

84

PROFILING & TRACKING TERRORISTS Est virtual identity before real identity. Exploit inter group rivalries Catalogue ustad-shagird relationship. Model “terror family” tree. Bio-print Psy-print. Form chain of custody of exploits. Become a chameleon Play KOOTNITI

85

JAFFNA1.AMMA2. ARASU3. BANU4. BURMAN5. CALIFORNIA6. CHICAGO7. ESHWARAN8. KENNEDY9. LOSANGELES10. MADI11. MOSCOW12. NAKULAN13. RAHIM14.SENTHIL15. VINCENT16. WILSON

MANNAR1. KALI2. NE3. N74. TIMBU

VAVUNIA1. BAHIR2. DAYABARAN3. JESSIE4. KANNAN5. MAIN6. MAHENDRAN7. N 378. SENDAN9. SHANKAR10. SUSI11. VIBULAN12. VILLAI

KILINOCHCHI1. ALEX2. GRACY3.. KEEDAN4. PARMALINGAM5. RADHAN6. RANJIT7.ROBIN8.SELVA

EWCCLTTE NETWORK

1

35 6

1615

12119

7

414

13

102 8

23

1567

8

4

8621

7

5

11

43

9

12

10

1

1412

119

87654

2

1

13

3

15

10

16

17413109515

11 76

32

1

11

1

4

28

1311

1210

796

4

21 3

VAVUNIYA

MANNAR

KILINOCHCHI

MULLAITTIVU

JAFFNA

BATTICALOA

JAFFNA

BATTICALOA

TRINCOMALEE

MULLAITTIVU

MANNAR

KILINICHCHI

MULLAITTIVU1. AC2. AIERISH3. ALFA4. ALLEN5. BALRAJ6. CHANDRU7. CHARLIE8.CHINANNA9. DHANAM10. DIVAKAR11. FORK12. IAN13. KAMAL14. KUMAR15. MAHENDI16. MURALI17.PASILAM18.PULLIANDI

BATTICALOA1. AGATIAR2. DILIP3. KANDAN4. KARIHALAN5. KUMAR6. NATHAR7. NEWTON8. RAJAN9. REAGAN10. SABASAN11. SIVAN12. SURAN

TRINCOMALEE1. BONAT2. CHITRA3. DAYA4. DEEPAN5. GURUJI6.JENA7. MAINDAN8. MICHAEL9. MOHAN10. NATHAN11. HIMAN12. RADUMAN13. RAMESH14.SHARAD15. SURENDRAN

TRINCOMALEE

143.390144.390145.390

144.440

146.310/144.310

146.310/144.440143.310144.310145.310

144.550/145.550

147.430

145.650

145.810

146.850146.910

144.440

145.590

146.910

145.630

145.350145.630

144.820

144.820143.660

144.820

145.450

144.850144.750

144.850

145.620

145.640145.650

86

Udhayan,,Easan Kumar .Captain David . Kiruban, Thavoor, Das, Romeo, Menon, Kesavan, Pathi RaththiDixon Pottu Amman

Sivarasan @ Raghuvaran,the 'one eyed Jack',

Ravi @ Ravichandran Suchindran @ MaheshKP @ T.S.Kumaran A.S.Shanthakumar @ Rajan,Easan @ Easwaran ... Sigirthakumar,

87

E IDENTITY TO REAL IDENTITY Udhayan, Responsible for fabrication of

Arul - 89 RPG shells, Easan. Incharge of hawala transactions. KP. Highest functionary in SE Asia. Kumar. Assistant of 'KP' in South East Asia. Captain David. Commander LTTE fleet of

three vessels including Elusia and Sea Bird. Dixon. Communication expert Pottu Amman, Intelligence Chief

88

ISI: Cyber Surveillance Profiling ISI has set up a special wing called

National Response Centre for Cyber Crimes (Associated Press, March 13, 2003). “Earlier it had to rely on US investigators to trace e-mails sent by the kidnappers of Danial Pearl”

89

GLOBAL INFORMATION BASE USAF Project Applied System Intelligence Inc. (ASI) KARNAC (Knowledge-Aided Retrieval iN

Activity Context. Anchored on bunch of technologies and

Database Management Systems Detect, identify and corroborate

impending t5errorist operations interalia missions of the like kind

90

SOFTWARE JUNGLEE

Produced by Bangalore-based company Stratify

It sifts through myriad of unstructured information pieces that stream into CIA.

It goes through e-mailsw, letters and even rumours sent in by the CIA operatives to lend aq logical pattern and coherence.

Software understands different languages including Persian, Arabic and German.

Funded by In-Q-Tel

91

CYBER COPS

In 20001, National Science Foundation announced a scholarship programme for training cyber cops.

200 students bachelor's degrees in information technology and computer security at six U.S. universities.

Graduates must work for the government for one year for every year of scholarship support they receive.

92

Universities involved in the Project

Designated "Centers of Excellence" by the National Security Agency. They are

Iowa State, Purdue University. The University of Idaho. The University of Tulsa. The Naval Postgraduate School. Carnegie Mellon University, which is also home to the

government's CERT Coordination Center, formerly known as the Computer Emergency Response Team.

93

94

Electronic Communications Privacy Act (ECPA)

Pronounced (ek-pah). This law was designed to clarify how existing wiretap laws apply to cyber space, but at the same time sets boundaries on how much the government could intrude into on-line privacy. Commonly called "Internet wiretap law" The law was originally promoted by privacy and civil rights organizations. However, subtle changes that made it into the final version ended up being what privacy advocates called "a wish list for the law enforcement community"

95

FISA-1978 Stands for Foreign Intelligence Surveillance

Act. It establishes va legal regime for foreign int separate from ordinary lawenforcement.

Deter-neutralize-exploit Special courts FII Foreign Intelligence Information is

defined. FISA allowsb surveillance without court order

96

CALEA-94

Communications Assistance for Law Enforcement Act (CALEA) commonly called Digital telephony law was passed by the US Congress in 1994 to allow law enforcement to tap digital lines with the same ease in which they were tapping analogue lines. It required phone companies (common carriers) to make sure their systems would support wiretapping. This required existing systems to be retrofitted (estimated cost: $500 million) as well as to support new technological developments in wiretapping.

ISA

97

Patriot Act - 2001 Broadly expands law enforcement

agencies’ surveillance and investigative powers.

Aim is to intercept and obstruct terrorism

Contradictory views expressed on the threats to security viz threats to privacy

98

How is it different? Makes it easier for the investigative

agencies to use FISA to circumvent Title 111.

FISA courts can allow roving surveillance The standard under which FISA pen/trap

orders can be obtained is much lower Pen/trap orders apply to both wire and

electronic comns. When obtained all pen/trap orders are

valid throughout the US

99

Regulatory Investigative Powers (RIP) of UK. RIP mandates black-boxes to be

permanently located at all ISPs, unlike Carnivore, where boxes have to be brought on site for each investigation and removed when the investigation is done. Like Carnivore, a court order is needed. The technology provides an effective mechanism to bypass a constitutionally required process of court authorization for wiretapping of electronic communications.

100

SORM OF RUSSIA

SORM is a Russian acronym for System of Ensuring Investigative Activity. The regulation requires all ISPs to install a “black box” rerouting device and to build a high-speed communication line, which would hot-wire the provider, and of necessity all Internet users to FSB headquarters. FSB is the successor agency to KGB. The agency needs a warrant but that is more of a formality that can be easily dispensed with because of the provision to reroute transmissions in real time to FSB offices.

101

Indian Scene Section 167 (2) (a) of the Code of Criminal

Procedure has been amended in Andhra Pradesh to make the production of the accused for the purpose of remand through video linkage as valid. But for such law, the physical production of the accused for the purpose of remand would have been mandatory. Similarly, recording of evidence through video-conference has been permitted by the Calcutta High Court.

102

103

Let us therefore Fix the enemy in time and space (Cyber

and geographical. Develop indigenous software that

facilitates humans and machines to think and act together. Software that is:-

- Collaborative - Coordinative - Cognitive - Comprehensive (Total Information Awareness) Destroy, disrupt, deface, deny enemy’s

ICT and cyber assets/access

104

Let us therefore Raise cyberCops. Revamp our intelligence agencies with

intake from technical graduates, preferably trained in IT, biometrics, communications, bioinformatics and cryptography.

In the army, convert Intelligence Corps into a technical arm.

Create expertise within the Services and the DRDO.

Promote R&D in our training institutions

105

Recommendations (contd) * Creation of a "cyber court" to preside over

computer crime. * Increased participation and data sharing

between the services and between the services and the Defence Ministry, particularly from the top down.

* Creation of a National Infrastructure

Protection Center.

106

And lastly

Shed anti-technology mindset and

stop glorifying technology illiteracy

and humint

107

Concluding RemarksIndia not only needs cyber warriors

but alsocyber commanders

whose cerebrums are ticking and net-worked,

and not clogged by trivia.

Tasmaad uttishth Kauntay udhay krit nishchaya

108