The Cyber Terrorists ...

------------------------
By Steve Macko, ENN Editor
Tuesday, June 4, 1996
A fascinating story came out of London this past weekend that appears
to have dire consequences. Several financial institutions, such as
banks, brokerage firms and other large corporations, have paid
extortion money to sophisticated international "cyber terrorists."
Huge sums of money have reportedly been paid to these criminals who
have threatened to destroy computer systems and ... have proven that
they can do it.
Companies in the United States have also fallen victim to these
criminals. A London Sunday Times investigation has learned that
British and American law enforcement agencies are looking into forty
known "attacks" on financial institutions in London and in New York
since 1993.
Vast sums of money have been paid to the blackmailers who have proven
their ability by using "information warfare" techniques that may have
been learned in military or government service. The U.S. National
Security Agency (NSA), which utilizes some of the most sophisticated
computer systems in the world, has said that the criminals have
penetrated computer systems by using what are called "logic bombs."
These are coded devices that can be detonated remotely. They have also
used electromagnetic pulses and "high emission radio frequency guns."
These M.O.'s do have a distinct military bent to them.
These blackmailers are anything but subtle in their methods. They have
left encrypted threats at the highest security levels (root) of the
computer systems that they have attacked and have left messages such
as: "Now do you believe we can destroy your computers?"
Authorities have been unable to stop the attacks. It is highly
suspected that some of the criminals are in the United States. Banks
and other financial institutions have also not been very forthcoming
with law enforcement investigators. Many fail to even notify the
police of the crime. One security director of a London bank said,
"They have given in to blackmail rather than risk a collapse in
confidence in their security systems."
"We are aware of the extortion methods, but the banking community has
ways of dealing with it and rarely reports to the police," said a
senior police detective in London. Special investigative units have
been set up in both the U.S. and in Europe. But the financial
institutions have closed ranks and have hindered the investigations of
the cyber criminals.
In April, experts in the field of information warfare met in Brussels,
Belgium. to discuss the threat. There has also been a closed meeting
with the British intelligence community. And it is being reported that
there was a secret seminar held in Washington, D.C. just this past
weekend with the cyber terrorists as the main agenda topic.
The international investigation firm, Kroll Associates, confirmed last
week they have been called in to assist some financial firms through
the blackmailing schemes. In New York City, a Kroll Associates
spokesman said, "One of the problems we face is that the potential
embarrasment from loss of face is very serious. The problem for law
enforcement is that the crime is carried out globally, but law
enforcement agencies stop at each frontier."
On Saturday, a spokesman for the Bank of England confirmed that his
bank has come under attack by the cyber terrorists. Scotland Yard has
assigned a senior detective from its computer crime unit to take part
in a European-wide operation that has been codenamed, "Lathe Gambit."
In the United States, the Federal Bureau of Investigation (FBI) has
three separate squads investigating computer extortion. The U.S.
Secret Service is also involved in computer crime.
The U.S. National Security Agency believes that there are four
separate cyber terrorist gangs in operation. As has been reported in
this publication previously, there is evidence that at least one of
the gangs is based in Russia.
These are four of the extortion cases that the NSA is reportedly
taking a very hard look at:
* -- 6 January 1993. A computer crash halted trading at a British
brokerage house. A L10 million pound ransom was paid into a
Zurich, Switzerland, bank account.
* -- 14 January 1993. A British bank paid a ransom of L12.5 million
pounds.
* -- 29 January 1993. L10 million pounds was paid by a British
brokerage house in ransom after threats were made.
* -- 17 March 1995. A British defense firm paid a ransom of L10
million pounds.
In each of the four above cases, the blackmailers threatened senior
directors and demonstrated they could indeed crash the computer
system. Each of the four companies caved-in to the extortion demands
within hours and wired the money to foreign bank accounts, from which
the blackmailers removed the money within minutes of its arrival.
It is highly believed that the criminals gained their expertise in
information warfare in the United States military. The U.S. military
has been known to develop "weapons" that can disable or destroy
computer hardware.
This threat is very, very real and is very, very serious. So far, the
criminals have been satisfied in only gaining wealth. All of this
sounds like something out of a thriller novel. In Tom Clancy's last
book -- "Debt Of Honor" -- cyber experts caused a major crash on the
New York Stock Exchange. It sounds like these real cyber terrorists
could do that if they really wanted to do so.
Since it appears that at least some of these individuals may have been
trained by military agencies, do they have the expertise that could
compromise Defense Department computers? Again, it sounds like they
do. For law enforcement agencies-- what would happen if the FBI's
National Crime Information Center (NCIC) computer system were "hacked"
or destroyed?
Everything, today, is run by computers and these individuals appear to
have the ability to get into whatever they want. In the past, ENN has
offered reports on general terrorism, the threat of nuclear, chemical
and biological terrorism --"cyber terrorism" would appear to be on the
same threat scale. It's that serious.
_________________________________________________________________
For a further analysis, we offer the following from Mr. Winn Schwartau
of Interpact, Inc., who is an expert in information warfare and
security. Mr. Schwartau is the author of the books entitled,
"Information Warfare" and "Terminal Compromise."
Class III Information Warfare: Has It Begun?
The June 2, 1996 Sunday Times from London front page headline reads:
"City Surrenders to L400 million Gangs"
And HERF Guns, Electromagnetic Pulses and sophisticated logic bombs
may be responsible.
At InfoWarCon II, Montreal Canada, I made reference to investigations
I was conducting regarding concerted and organized attacks on up to 43
financial institutions in Europe and the US; an example of Class III
Information Warfare. This issue of London Sunday Times brings a
glimpse of the story that will eventually be told.
The first attack in my files dates to January 6, 1993. A trading house
in London was blackmailed into paying L10million to unknown
extortionists who demonstrated they could crash the company's
computers at will. The next incident in the Times article is also in
my files: January 14, 1993 where similar demonstrations and demands
were made for this time L12.5Million. And so is the next, January 29,
1993 and another L10Million siphoned off by the bad guys. According to
my figures and those in the Times article, hundreds of millions of
pounds have been paid ransom in what is clearly an example of Class
III Information Warfare.
According to officials in Washington, Whitehall, London, City of
London Police, the National Security Agency, Kroll Associates, Bank of
England and others (in the article) the threats are credible. The
attackers have the clear ability to bring trading and financial
operations to a halt - exactly when they say they will. "Banks,
brokerage firms and investment houses in America have also secretly
paid ransom to prevent costly computer meltdowns and a collapse in the
confidence among their customers," sources said in the article.
The article discussed the advanced information warfare techniques used
by the perpetrators. "According to the American National Security
Agency (NSA), they have penetrated computer systems using 'logic
bombs' (coded devices that can be remotely detonated), electromagnetic
pulses and 'high emission radio frequency guns' which blow a
devastating electronic 'wind' through the computer systems." [For a
complete description of HERF Guns (coined by Schwartau in 1990), see
"Information Warfare: Chaos on the Electronic Superhighway," Thunders
Mouth Press, 1994]
The perpetrators have also left encrypted messages, apparently
bypassing the highest security levels of the systems, leaving messages
such as "Now do you believe we can destroy your computers?" The NSA
and other officials believe that four gangs are involved; probably one
from the US and probably one from Russia. But, because the crimes are
international, national borders still prevail, making investigation
more difficult. Investigations and official inquiries have been in
progress for some time according to the article.
Now, for a few things you will not see in the article, but will
hopefully [if I am lucky] come out in the near future. The number of
attacks is way above 40. They have been known about for almost three
years, but only recently have people been willing to come out of the
closet and discuss this highly sensitive issue with the media. Long
briefs and analyses of these events have been submitted to high level
officials and select business persons for at least a year, but to no
avail. [Security by obscurity reigns all too often.] Banking is not
the only industry that has been attacked and the attacks have been
spread around Europe as well as Australia.
As an industry many of us have said that the only way something will
really be done is if we experience a Computer Chernobyl [Peter Neumann
Phrase as I recall] or as I first said in Congressional Testimony, "An
Electronic Pearl Harbor." Are these events the harbinger of strong
reaction by the computer community at large? As events unfold and more
information is permitted to be disseminated over the next few days and
weeks, we will see.
We have essentially solved the issues of confidentiality and
integrity. But, I have maintained that the real problem is going to be
Denial of Service. These events are unfortunate, but clear examples of
that reality.
[End Mr. Schwartau's quoted comments]
A Bank of England official reportedly told reporters, "it is not the
biggest issue in the banking market." Hmmm...we're going to have to
think about that. If our banking and defense systems are not
secure...what is?
(c) EmergencyNet News Service, 1996, All Rights Reserved.