Download BIO-ELECTRO-INFO TECHNOLOGIES TO COMBAT TERRORISM

CHANGING PERCEPTIONS OF
CYBER WARFARE
Presentation
Higher Command Course
Army College of Warfare
18 October 2003
Genesis of the Internet





Rand thesis
Internet a product of the cold war
Paradigm shift – hierarchical to
networking
Advent of WWW
Gift of TCP/IP to public domain
2
CYBER ABUSES
CYBER TERROR
CYBER FRAUD
CYBER LAUNDERING
CYBER INFRACTION
CYBER HACKING
CYBER PHREAKING
CYBER HACTIVISM
SPYING
SPOOFING
SNIFFING
SPAMING
SPINNING
STALKING
SEEDING (Viruses, Worms
& Trojans)
3
Maxim
The Internet is the high ground and a
first termer in NDA will know that the
first lesson that one learns is to occupy
high ground and hold it under all costs.
4
5
Cyber Terrorism Threat


The most potent threat vector.
We are victims of polemics and politics of
definitions. What is terrorism? Is cyber
terrorism a hype or for real?
6
CYBER TERRORISM

According to National Information Protection Centre
(NIPC), ”Cyber terrorism is an act through computers
that results in violence death and/or destruction and
creates terror for the purpose of coercing a government
to change its policies.”

“Cyber terrorism is the premeditated, politically
motivated attack against information, computer systems,
computer programmes, and data which result in violence
against non combatant targets by sub-national groups or
clandestine agents”
7
Cyber





Psywar zoom
Cyber anarchy is a vested interest.
Anthrax, SARS and Melissa are more
psychological than physical.
We are in permanent and perpetual state of
threat.
The Motto: “We need to give them back,
something to live for, instead something to
die for.”
Cyber security is now a big business
8
Cyber enabled
Terror InfoInfra








Terror threats.
Propaganda and psyops.
Communications; crypto, stegano, PGP
Money laundering, hawala.
WMD Int, tech snooping, contact with hackers and
criminals.
Proxy operations.
Transacting, shopping and scheduling in contrabands,
drugs and weapons
Clandestine meetings and RVs, ICQ, IRC
9
Cyber Terrorism Threat
(Contd)



Asymmetric warfare anchors on
unpredictable “the unknown unknown.”
Both the perpetrator and the victim deny
the impact if not the criminal/terror act.
A virtual attack may coincide with real
one, e.g. imagine mayhem if Code Red
and 9/11 were mounted simultaneously
10
<whitehouse.gov>
-----------
The worm
propagates to other
vulnerable servers,
turning them into
dummies that infect
other servers. And
this process
continues
exponentially
2.
1. Unknown
hacker sends
Code red worm
out onto the
Internet to find
a vulnnerable
host server
red ceases to proliferate, and
the numerous dummy servers turn to
attack the White House website,
attempting to overwhelm its server with
11
junk communications
3.
…Code
Surveillance & Security
Industry
The digital surveillance and security
industry is spurting sharply.
It is expected to cross $50 billion
mark worldwide by 2008.
12
Threats to Infrastructure



The physical infrastructure threat.
Ranges from compromising critical
systems to severely affecting them.
Critical physical infrastructure, e.g.
power grids, water, railways, dams,
hospitals, oil pipelines, TV and AIR
stations, telecommunications, air traffic,
or any other networked system.
13
Scepticism
“To us cyber terrorism is a lower-level
threat”
Marcus Kempe,
Director Operations,
Masachusetts Water Source Authority
14
Vitek Borden Exploit
A hacker Vitek Borden succeeded in
releasing a million litter of sewage into
the water supply in Australia after 44
attempts
15
India’s SCADA Systems



SCADA stands for Supervisor Control and
Acquisition of Data – these are systems that
are cybernated or computer controlled/
30 percent of such networks are accessible by
modems connected to public switched
telephone networks.
Employees are lax about manual backup.
16
Threat to Data


Compromising critical computer systems
to steal or irreversibly damage vital
data. More pronounced against military,
R&D, defence production and other
sensitive data.
More critical the data, greater the
vulnerability.
17
THREATS TO INDIAN
CYBERSPACE






Muslim Hacker Club
Al Qaeda network
ISI covert Internet-enabled spy
network. ICT exploitation tactics.
Pak “G” Force, mOs, WFD, PHC and
Silver Lords
LTTE cyber hactivism.
Mercenary hackers.
18
19
Cyber Crime – Wide Canvas






Rampant misuse and abuse of e-banking and
e-businesses.
Unauthorized access to data.
Forgery of digital signatures.
Infringement of intellectual property rights
covering patents and trademarks.
Fraudulent subversion of electronic payment
systems.
Spamming.
20
Cyber Crime (contd)





Wars over domain names, browsers and
portals.
Monopoly practices.
Commercial spying.
Porno
Growing menace of intruders,
masqueraders, and saboteurs in the
cyberspace.
21
Security Breaches (1997-2001)
(% of Respondents)
100
80
1997
1998
1999
2000
2001
60
40
20
0
DoS
Laptop Unauth
Access
Virus
Sabotage
IPR
System Telecom Fin
theft penetration fraud
fraud
Respondents
CSI/ FBI 2001 Survey
1997 98 99 2000 01
484 583 460 428 503
22
Threat Perception by US Defence Science Board in 1996
High
State
Sponsored
2004
Terrorist
Potential
damage
2000
Espionage
1996
Criminal
Individual
hacker
Low
Low
High
Probability of Occurrence
Source : Jane’s Intelligence Review, Dec
2000
23
24
CYBER SURVEILLANCE
Systematic observation of cyberspace by
surfing, sniffing, snooping or other means.
primarily for the purpose of locating,
identifying,
determining,
profiling
and
analyzing by all available and predictable
means the transmission of e-mail, movement
of packets, file transfer, e-money transactions
and subversive activities of criminals, cyber
terrorists,
hostile
regimes
and
intelligence agencies.
25
CYBER SURVEILLANCE
It equally applies to watch over
friendly elements to anticipate and
prevent cyber crime and social abuse,
carry out counter surveillance and find
holes in own procedures and systems of
cyber security
26
CYBER INTELLIGENCE


Cyber Intelligence is open-source information
minus noise, gathered over the Internet
The product resulting from the collection,
processing, integration, analysis, evaluation
and interpretation of available information
concerning hackers, criminals, terrorists,
hostile countries and cyber operations.
27
CYBERINT
INT ON
SECURITY PRODUCTS
TERRORINT
HACKERINT
COMMERCIAL
& TRADEINT
CYBERCRIME INT
CYBERINT
SPYING
SNOOPING
SNIFFING
E-MAIL
INTERCEPTION
OPEN INTELLIGENCE
COUNTRIES OF INTEREST
WEBINT
IRC
ICQ
BB
28
29
Sun Tse Precepts
in Cyber Arena



PLA’s capabilities to spy in cyberspace is next
only to Echelon and that of waging cyber war
and protecting cyber assets next only to
NATO.
The scope of Chinese Information warfare
spreads over a wide canvas, military, social,
economic and political.
Encompasses electronic warfare, attacks on
“human cognitive systems,” cyber, signal and
signal deception, strategic deterrence,
30
Cyber Warfare is all Deception
and Ess Abuses
propaganda warfare, psychological warfare,
network warfare, structural sabotage and
trade warfare.
#The
Chinese
have
no
compunctions
whatsoever for employing dubious tactics,
machinations and subterfuge, e.g invasion of
adversaries’ financial systems, use of
computer
viruses,
human
sabotage,
disrupting enemies’ economies, or spreading
rumours over the Internet and thus
psychologically impacting society.
31
Doctrine and Training
“PLA has successfully integrated the latest
C4ISRT (Command, Control, Communications
and Computers Intelligence, Surveillance,
Reconnaissance
and
Targeting)
and
information warfare techniques into its war
doctrine.”

The Chinese have been conducting training in
cyber warfare.
32
Sino-Taiwanese Cyber War
1997-99
@Eversince 1997 the Taiwanese and Chinese
armed forces have been preparing openly for
a long drawn hacker war.
@“The wolf has already come. Pick up your
hunting rifle!”
@The most serious attack has been that of the
Chernobyl virus, written by a Taiwanese
computer engineering student, Chen Ing-hao.
@The virus reportedly impaired 3,60,000
computers in China and caused $120 million
in damage.
33
Cyber War -1
@Whereas China accused Taiwanese
complicity, the Taiwanese authorities
maintained that it was an individual act
of crime.
@The Guaangzhou Military Region, which
includes the South China Sea Fleet and
the Second Artillery units, was hit and
was paralyzed.
34
Cyber War-1
@A state of emergency was declared
placing the Nanjing Military Region and
the East China Sea Fleet on seconddegree combat readiness. This was the
first time China’s military entered a
second degree combat readiness since
the death of Deng Xioping in February
1997.
35
Cyber war-1
@ After the incident, the State Council and the
Central Committee Military Commission
promptly ordered the formation of a task
force composed of General staff Intelligence
Department, General staff Technology and
Communications Department, Ministry of
Defence
Technological
Intelligence
Department, Institute of Military Sciences’
Special Technologies Department (also known
as Department 553), and Ministry of
Security’s Security Bureau.
36


China is reportedly considering developing a
fourth branch of its People's Liberation Army
devoted solely to cyberwarfare.
"China’s military planners recognize that...
over-dependence on information systems is a
potential weakness... Combining information
warfare - such as computer hacking - with
irregular special and guerilla operations,
would allow China to mount destructive
attacks within the enemy’s own operations
systems, while avoiding a major head-on
confrontation." (For more on prospective 37
China’s Cyberwar Strategies
For more on prospective Chinese
cyberwar strategies, read Unrestricted
Warfare, a book of military proposals
written by two young Chinese military
officers in February 1999.
38
Sino-US CYBER WAR 2001





This war started as a sequel to the collision
between American military surveillance plane
and the Chinese fighter jet on April 1, 2001.
China launched massive attacks agains US
Websites including those of
It's (Cyber) War: China v. U.S.
Crackers Expand Private War
FBI Warns of Chinese Hack Threat
39
Cyber War-2
The Xinhua News Agency reported that
U.S hackers have defaced the websites
of the provincial governments of
Yichun, Xiajun and Beijing, the Deng
Xiaoping police force,the Tsinghua and
Xinjiang Universities, and Samsung's
and Daewoo Telecoms' Korean sites.
40
Cyber War-2
FBI-led National Infrastructure
Protection Center (NIPC) confirmed that
Chinese hackers had been active in
launching Web defacing and
distributed-denial-of-service attacks on
the Department of the Interior's
National Business Center, the U.S.
Geological Survey's site and Pacific Bell
Internet Services
41
National Security
Presidential Directive 16

President Bush signed a directive in July
2002, ordering the government to
develop a cyber-warfare guidance plan.
The strategic doctrine would detail
when the U.S. would use cyber attacks,
who would authorize it, what
constitutes legitimate targets, and what
kinds of attacks -- Denial of Service,
hacking, worms -- could be used.
42
The Fifth Dimension

The U.S. government and military have been
studying the possibility of cyberwarfare for
years, although it has only recently become a
realistic threat. The U.S. military is convinced
that "operations within the information domain
will become as important as those conducted
in the domains of sea, land, air, and space."
(Source: Joint Vision 2020).
43

The full extent of the US cyber arsenal is
among the most tightly held national security
secrets. But reports point to a broad range of
weapons under development, including use
of computer viruses or "logic bombs" to
disrupt enemy networks, the feeding of false
information to sow confusion and the
morphing of video images onto foreign
television stations to deceive.
44
Maxim

An extraordinary amount of detailed
intelligence is needed about a target's
hardware and software systems for
mounting a large scale cyber attack.
Commanders must know not just where
to strike but be able to anticipate all the
repercussions of an attack.
45
Indo-Pak Cyber War
* It’s desi hackers vs rediff.comPak G
Force. N Vidyasagar The Times of India
www.ofbjp.org
* War in Cyberspace, Priya Ganapati,
www.rediff.com
46
Al Qaeda – ISI Gathbandan



Al Qaeda uses simple hacking tools, e.g.
LOphtCrack that can break 8 letter/figure
password in two minutes. The tool is freely
downloadable.
Al Qaeda doing recce of critical infrastructure
in particular that of US, Russia and India.
Technical expertise: Khaled Sheikh
Mohammad studied engineering in a
university in North Carolina
47
Gathbandhan (contd)



Some experts had training in computer
security. ISI ran classes at Qandhar and
in Malaysia under Muslim Hacker Club.
Reports suggest revival.
All money movement is done by e-mail
and hawala. None dare burst it
Al Jazeera still gets tapes. Tapes Trail
remains uncompromised
48
Al Qaeda connection

A hacker in US opines, “Al Qaeda as a
network has known connections to ISI. ISI
has contacts with hacker groups operating
agaist other targets, The belief is that if you
accept that there is connection between Al
Qaeda and ISI and ISI is operating against
for example India, then Al Qaeda (even in its
present state) would be able to gain access
to computer hacks and plan operations”
49
It may well happen in India

Someday Al Qaeda, if it is still alive and
operating will use cybespace as a
vehicle for attacking infrastructure, not
with bombs but with bytes. It would
inflict biggest possible damage with
least possible investment.
Richard Clarke
Presidential Adviser
for Cyberspace Security
(2001-2003)
50
Hato Ashwathama
Let us not be naïve.
There are no ethics in cybersociety
War will continue to be between
belief systems
Flesh and silicate pitched against
flesh and silicate
51
52
Technologies and Tools







Black bag jobs
Packet Sniffers
Carnivore
Red and Blue Pill
Trap and Trace
Omnivore
Genoa
53
Technologies and Tools
(contd)






Protocol Analyser
Blackice Defender
Dsniff
Ethereal
Spyware, e.g. spyBuddy
AntiSpy software
54
Blackbag Jobs
A black-bag operation is a secret break-in by
a law-enforcement or intelligence
organization. It involves secret search of
suspected locations, copying files or other
materials. Besides scrounging trash, electronic and physical surveillance, pen-tests
are part of the game. The search sometimes
leads to what the hackers call “Rat Racing.”
55
PACKET SNIFFER
A packet sniffer is a wiretap device that plugs
into a computer network and eavesdrops on
the network traffic. Like a telephone wiretap
that allows an intelligence agency to listen in
on the conversations, sniffer programme lets
someone listen in computer conversation.
Carnivore is one such packet sniffer or packet
filter.
56
CARNIVORE: A PACKET
SNIFFER
Carnivore acts like a “packet sniffer”
down into bundles called "packets".
Carnivore eavesdrops on packets that
all Internet traffic is broken into and
watches them go by, then saves a copy
of the packets it is interested in.
57
Carnivore



News of Carnivore broke in July 2000.
Public furor. How voracious Carnivore could
get? Can it vacuum up Internet comns from
innocent users? How frequently is it used?
What is the legal basis? Is it permanently
hooked up?
FBI came clean or did they? “Designed to
conduct efficient wiretaps of e-mail and
online communications involving suspected
hackers, terrorists and other criminals.”
58
CARNIVORE
Carnivore is packed in a slim laptop and
is described as “a tool within a tool”
that enables the FBI, in cooperation
with an Internet Service Providers
(ISPs) to collect counter-intelligence by
tapping e-mails or other electronic
communications of targeted user. This
is done on the court orders. Carnivore
is used in two ways, viz. as a
"content-wiretap" and a “trap-andtrace, pen-register.”
59
CARNIVORE
BOX
Hardware
Authentication
Device
Windows NT or Windows 2000
Box with 128 megabytes of RAM
A Ppentium 111, 4-18 gigabit of
disk space and 2 G Jaz Drive
Network
Isolation
Device
60
Carnivore Box



A COTS (Commercial Off The Shelf) Windows
NT (or Windows 2000) box with 128megabytes of RAM, a Pentium III, 4-18
gigabytes of disk space, and a 2G Jaz drive
where evidence is written to
The software is written in C++
The box has no TCP/IP stack, and therefore it
is hack-proof.
61
Carnivore Box


A hardware authentication device to control
access to the box, preventing personnel from
accessing the device without leaving telltale
signs. It is a "network isolation device", which
is probably a Shomiti or NetOptics tap.
Some units are rumored to have dial-in
modem ports, but it seems that the standard
procedure is to have an FBI agent come in
daily to exchange the Jaz disk for a fresh one.
62
RED AND BLUE PILL

Carnivore comes in two pills, the “Red” one
and the “Blue” one The former is
administered when the ISP claims that it
cannot or will not comply with the court
order. The Blue Pill is a sophisticated
Carnivore programme that scans only e-mails
where
the
ISP
cooperates
for
an
investigation. The FBI explains the origin of
the codename: "Carnivore chews all the data
on the network, but it only actually eats the
information authorized by a court order.
63
TRAP AND TRACE
A less invasive wiretap that courts in the US allow without
probable-cause. A pen-register records just the telephone
numbers of inbound calls to a suspect.
64
IP Sniffing OMNIVORE
Earlier, the FBI was using Carnivore in a
mode they call "Omnivore": capturing
all the traffic to and from the specified
IP address. There are numerous
products that can fulfill these types of
requirements. The easiest is the
freeware program known as TCPDUMP,
which is available for both Windows and
UNIX.
65
DARPA’s GENOA




CARNIVORE is now known as DCS 1000
Effectiveness under doubt
Genoa provides a cutting edge search
engine, sophisticated information
harvesting programme and P2P
computing methods.
Still in experimental stage.
66
PROTOCOL ANALYSIS
Network wiretap comes with a feature called
“protocol analysis,” which allows them to decode the
computer traffic and make sense of it. Network
sniffing has a distinct advantage over telephone
wiretaps as many networks use shared media
dispensing the need to break into a wiring closet to
install the wiretap. This can be done from any
network connection and is called promiscuous mode
sniffer. However this shared technology is fast
changing to switched technology, which implies that
sniffer would have to actively tap the wire.
67
BLACKICE DEFENDER
BlackICE Defender" has a feature called "Packet Logging". It monitors
all traffic to and from the machine and saves it directly to disk just like
Carnivore. This feature could be used when there is apprehension of
being subjected to an attack. The popular freeware utility known as
"Ethereal" can then be used to display the contents of this data. IP
fing may also be done in a pen-register mode. Many packet sniffers
could be used for this capability.
ICE stands for Intrusion
Countermeasures Electronics.
68
Ethereal





Described as sniffing the glue that holds the
Internet
It is a freeware, network protocol analyzer for
Unix or Windows.
It allows examination of data from a live
network
Interactively browse the data.
View summary and detailed description of
each packet
69
dsniff
Dsniff is a collection of tools for network
auditing and penetration testing.dsniff,
filesmart, mailsnarf, msgsnarf, urlsnarf, and
webspy passively monitor a network for
interesting data, e.g password, e-mails, files
etc. Its avowed purpose is to create security
awareness. However significantly, it provides
useful sniffing/wiretap utilities to hackers that
are claimed to be more advanced than
Carnivore.
See http://www.monkey.org/~dugsong/dsniff/
70
dsniff Websites







www.monkey.org
www.datanerds.net
www.ethereal.zing.org
www.sysadmin.oreilly.com
www.freshmeat.net
www.groar.org
www.packages.debian.org
71
dsniff Websites (contd)







www.science.uva.nl
www.cvsweb.netbsd.org
www.rpmfind.net
www.linuxsecurity.com
www.packetstormsecurity.nl
www.itworld.com
www.online.securityfocus.com
72
Spyware
- Capture & record every IRC.
- Capture & record banking information
- Capture & record passwords
- Capture & record everything typed or
clicked on computer


Some of these software products have the
ability to send the above information covertly
via email !
If you bank online or access password
protected material, your passwords or private
banking information can be exposed!
73
SPY SOFTWARE







Downloadable, worth 40 dollars or so
Monitor home PC from workplace or
vice versa
Features:
Real-time remote keystroke viewing
Remote desktop viewing
Remote application and task management
Remote open windows management
74
Spy Software
SpyBuddy

Internet Conversation Logging.

Disk Activity Logging.



Ability to
log AOL/ICQ/MSN/AIM chat conversations.
Record all changes
made to the hard drive, e.g. directories and files,
created, deleted or renamed.
Window Activity Logging
Clipboard Activity Logging
Website Activity Monitoring
75
SpyBuddy




Printed Document Logging
Keystroke Monitoring
Screen Shot Capturing
Webwatch Keyword Alerting
76
Remote Capture









Remote system information viewing.
Remote file system navigation
Remote locking control
Remote Internet connection monitoring
Document history viewing
Mouse freeze control
Remote Website launching.
Remote application launching
Remote shut down
77
Anti-spy software





SpyCop
X-Cleaner
Anti-keylogger
Nitrous Anti-spy
Evidence Eraser software, e.g.
Window washer
Evidence Eliminator Pro
Evidence Terminator
78
Anti-Spy Software
SpyCop






Find computer monitoring programmes used
for spying.
Allows you to rename any suspect files
Minimizes software while scanning so you can
do other things!
You can right click on files in explorer and
scan them for spyware!
Single file scan function built in complete with
browse capability
Save results to a text file for future reference
79
SpyCop







Print the results directly from the software
SpyCop icon deters spyware installation
Finds when a spy programme was installed.
Checks if a spy programme is detectable with
database search
"LiveUpdate" feature to instantly update
database without re-downloading!
Unrecognizable to most spy programmes.
A screensaver which scans the system when
the user is absent.
80




Virus scanners don't detect spyware &
Firewalls don't stop it!
Many think someone needs access to your
computer to install spy software. This just
isn't true.
Now there are hybrid versions that can be
sent to you just like a virus in email.
Why aren't more people upset about
spyware?
81
82
Hacker (and terrorist) profiles are
created not by identifying real
evidence, but by probing
scenarios, resemblances and
similarities.
Vranasvich
83
PROFILING & TRACKING
TERRORISTS









Est virtual identity before real identity.
Exploit inter group rivalries
Catalogue ustad-shagird relationship.
Model “terror family” tree.
Bio-print
Psy-print.
Form chain of custody of exploits.
Become a chameleon
Play KOOTNITI
84
EWCC
LTTE NETWORK
145.640
145.650
JAFFNA
1.AMMA
2. ARASU
3. BANU
4. BURMAN
5. CALIFORNIA
6. CHICAGO
7. ESHWARAN
8. KENNEDY
9. LOSANGELES
10. MADI
11. MOSCOW
12. NAKULAN
13. RAHIM
14.SENTHIL
15. VINCENT
16. WILSON
MANNAR
1. KALI
2. NE
3. N7
4. TIMBU
MULLAITTIVU
1. AC
2. AIERISH
3
3. ALFA
1
4. ALLEN
5. BALRAJ
6. CHANDRU
7. CHARLIE
8.CHINANNA
9. DHANAM
10. DIVAKAR
11. FORK
12. IAN
13. KAMAL
14. KUMAR
15. MAHENDI
16. MURALI
17.PASILAM
18.PULLIANDI
5
6
9
11
12
15
16
11
2
8
7
6
3
10
1
13
7
JAFFNA
4
2
1
14
143.390
144.390
145.390
144.440
145.620
1
MULLAITTIVU
15
5
9
KILINOCHCHI
143.310
16
144.310
145.310
10 13
4
17
146.310/144.310
1
1
146.310/144.440
MANNAR
BATTICALOA
5
6
7
8
1. AGATIAR
1
3
4
9
TRINCOMALEE
2
2
11
2. DILIP
12
144.850
1
14
3. KANDAN
144.750
15
4. KARIHALAN
VAVUNIA
13
1
144.820 7 6 5144.850
5. KUMAR
1. BAHIR
3
3
2
2. DAYABARAN 6. NATHAR
8
2
6
8
4
1
10
7. NEWTON
3. JESSIE
7
12
8. RAJAN
4. KANNAN
BATTICALOA
145.450
4
9. REAGAN
5. MAIN
5
144.550/145.550
10
9 145.350
6. MAHENDRAN 10. SABASAN
144.820
145.630
11. SIVAN
7. N 37
143.660
4
VAVUNIYA
3 145.630
12. SURAN
8. SENDAN
144.820
1
9. SHANKAR
11
3 147.430
10. SUSI
11. VIBULAN
JAFFNA
11
146.910
8
12. VILLAI
2
KILINICHCHI
145.590
KILINOCHCHI
9
7
145.810
MANNAR
1. ALEX
6
10
12
2. GRACY
146.850
MULLAITTIVU
3.. KEEDAN
146.910
4. PARMALINGAM
5. RADHAN
TRINCOMALEE
6. RANJIT
144.440
4
BATTICALOA
7.ROBIN
TRINCOMALEE
1. BONAT
2. CHITRA
3. DAYA
4. DEEPAN
5. GURUJI
6.JENA
7. MAINDAN
8. MICHAEL
9. MOHAN
10. NATHAN
11. HIMAN
12. RADUMAN
13. RAMESH
14.SHARAD
15. SURENDRAN
145.650
85
Udhayan,,
Easan
Kumar .
Captain David .
Kiruban,
Thavoor,
Das,
Romeo,
Menon,
Kesavan,
Pathi
Raththi
Dixon
Sivarasan @ Raghuvaran,
the 'one eyed Jack',
Ravi @ Ravichandran
Suchindran @ Mahesh
KP @ T.S.Kumaran
A.S.Shanthakumar @
Rajan,
Easan @ Easwaran ...
Sigirthakumar,
86
E IDENTITY TO REAL
IDENTITY







Udhayan, Responsible for fabrication of Arul
- 89 RPG shells,
Easan. Incharge of hawala transactions.
KP. Highest functionary in SE Asia.
Kumar. Assistant of 'KP' in South East Asia.
Captain David. Commander LTTE fleet of
three vessels including Elusia and Sea Bird.
Dixon. Communication expert
Pottu Amman, Intelligence Chief
87
ISI: Cyber Surveillance
Profiling

ISI has set up a special wing called
National Response Centre for Cyber
Crimes (Associated Press, March 13,
2003). “Earlier it had to rely on US
investigators to trace e-mails sent by
the kidnappers of Danial Pearl”
88
GLOBAL INFORMATION BASE





USAF Project
Applied System Intelligence Inc. (ASI)
KARNAC (Knowledge-Aided Retrieval iN
Activity Context.
Anchored on bunch of technologies and
Database Management Systems
Detect, identify and corroborate impending
t5errorist operations interalia missions of the
like kind
89
SOFTWARE JUNGLEE





Produced by Bangalore-based company
Stratify
It sifts through myriad of unstructured
information pieces that stream into CIA.
It goes through e-mailsw, letters and even
rumours sent in by the CIA operatives to lend
aq logical pattern and coherence.
Software understands different languages
including Persian, Arabic and German.
Funded by In-Q-Tel
90
CYBER COPS



In 20001, National Science Foundation
announced a scholarship programme for
training cyber cops.
200
students
bachelor's
degrees
in
information technology and computer security
at six U.S. universities.
Graduates must work for the government for
one year for every year of scholarship
support they receive.
91
Universities involved
in the Project







Designated "Centers of Excellence" by the
National Security Agency. They are
Iowa State,
Purdue University.
The University of Idaho.
The University of Tulsa.
The Naval Postgraduate School.
Carnegie Mellon University, which is also home to the
government's CERT Coordination Center, formerly
known as the Computer Emergency Response Team.
92
93
Electronic
Communications Privacy
Act (ECPA)
Pronounced (ek-pah). This law was designed
to clarify how existing wiretap laws apply to
cyber space, but at the same time sets
boundaries on how much the government
could intrude into on-line privacy. Commonly
called "Internet wiretap law" The law was
originally promoted by privacy and civil rights
organizations. However, subtle changes that
made it into the final version ended up being
what privacy advocates called "a wish list for
the law enforcement community"
94
FISA-1978





Stands for Foreign Intelligence Surveillance
Act. It establishes va legal regime for foreign
int separate from ordinary lawenforcement.
Deter-neutralize-exploit
Special courts
FII Foreign Intelligence Information is
defined.
FISA allowsb surveillance without court order
95
CALEA-94
Communications Assistance for Law
Enforcement Act (CALEA) commonly
called
Digital telephony law was passed by
the US Congress in 1994 to allow law
enforcement to tap digital lines with the same
ease in which they were tapping analogue
lines. It required phone companies (common
carriers) to make sure their systems would
support wiretapping. This required existing
systems to be retrofitted (estimated cost:
$500 million) as well as to support new
technological developments in wiretapping.96
Patriot Act - 2001



Broadly expands law enforcement
agencies’ surveillance and investigative
powers.
Aim is to intercept and obstruct
terrorism
Contradictory views expressed on the
threats to security viz threats to privacy
97
How is it different?





Makes it easier for the investigative agencies
to use FISA to circumvent Title 111.
FISA courts can allow roving surveillance
The standard under which FISA pen/trap
orders can be obtained is much lower
Pen/trap orders apply to both wire and
electronic comns.
When obtained all pen/trap orders are valid
throughout the US
98
Regulatory Investigative
Powers (RIP) of UK.
RIP mandates black-boxes to be permanently
located at all ISPs, unlike Carnivore, where
boxes have to be brought on site for each
investigation and removed when the
investigation is done. Like Carnivore, a court
order is needed. The technology provides an
effective
mechanism
to
bypass
a
constitutionally required process of court
authorization for wiretapping of electronic
communications.
99
SORM OF RUSSIA
SORM is a Russian acronym for System of
Ensuring Investigative Activity. The regulation
requires all ISPs to install a “black box”
rerouting device and to build a high-speed
communication line, which would hot-wire the
provider, and of necessity all Internet users to
FSB headquarters. FSB is the successor
agency to KGB. The agency needs a warrant
but that is more of a formality that can be
easily dispensed with because of the
provision to reroute transmissions in real time
to FSB offices.
100
Indian Scene
Section 167 (2) (a) of the Code of Criminal
Procedure has been amended in Andhra
Pradesh to make the production of the
accused for the purpose of remand through
video linkage as valid. But for such law, the
physical production of the accused for the
purpose of remand would have been
mandatory. Similarly, recording of evidence
through video-conference has been permitted
by the Calcutta High Court.
101
102
Let us therefore



Fix the enemy in time and space (Cyber and
geographical.
Develop indigenous software that facilitates
humans and machines to think and act
together. Software that is:- Collaborative
- Coordinative
- Cognitive
- Comprehensive (Total Information
Awareness)
Destroy, disrupt, deface, deny enemy’s ICT
and cyber assets/access
103
Let us therefore





Raise cyberCops.
Revamp our intelligence agencies with intake
from technical graduates, preferably trained
in IT, biometrics, communications,
bioinformatics and cryptography.
In the army, convert Intelligence Corps into a
technical arm.
Create expertise within the Services and the
DRDO.
Promote R&D in our training institutions
104
Recommendations (contd)

* Creation of a "cyber court" to preside over
computer crime.


* Increased participation and data sharing
between the services and between the
services and the Defence Ministry, particularly
from the top down.


* Creation of a National Infrastructure
Protection Center.
105
And lastly
Shed anti-technology mindset
and
stop glorifying
technology illiteracy
and
humint
106
Concluding Remarks
India not only needs cyber warriors
but also
cyber commanders
whose cerebrums are ticking
and net-worked,
and not clogged by trivia.
Tasmaad uttishth Kauntay
udhay krit nishchaya
107
108