Psychological Warfare Using Social Media
Published February 21, 2011 | 
BNet had an interesting article on an Air Force FedBizOps request for source sought for online persona management. Of interest is that this was released in June 2010 by Air Mobility Command. Also, HBGary has been in the news this week as well, and they are listed as one of the interested parties… they want the work. I’m not sure why Air Mobility Command would want this capability. It has nothing to do with managing the transportation of material from one point to another, so they are likely acting on behalf of the actual customer.
So, why does the Air Force, and Air Mobility Command want the ability to manage false online personas? If this request was coming from the CIA or NSA, I could understand it. Social Media is a dual edge sword. It has a great capability of helping people connect to do good things, as Egypt and the Middle East has proven. It is also a place for criminals and terrorists to hide and plot. There are many terrorist and criminal hacker forums that use social media.
The military is responsible for the conduct of Psychological Warfare, Military Deception, Counter-Intelligence, and Intelligence Collection. All of these valid military missions could possibly benefit from this capability. The military is NOT allowed to conduct propaganda operations. The key differentiator between Psychological Operations and propaganda operations is the intended audience. For both, the goal is to influence the actions of the audience.
So, there are some missions that I can see a valid use of this capability, namely Military Deception, Counter-Intelligence, and Intelligence Collection. So, what if this is intended to support Psychological Operations?
Here’s where it gets difficult. Dropping pamphlets over a village pretty much contains the message to that village. It is clear who the target of the message it. Facebook is a different story completely. How do you contain a message to the intended audience on Facebook or Twitter? The simple answer is that you can’t. It is a global media and there is no way to control the message, and therefore you are likely going to violate the separation between Psychological Warfare and propaganda. Now, other countries often do not have qualms about separating the two. Just look at any of the press statements coming from Iran or North Korea. But, we hold ourselves to a higher standard.
I have no idea if this idea has come to fruition or not. I can’t help but think that this is a bad idea. It could be benign effort to monitor social media for trends, and to watch for any explicit threats to Air Force personnel or installations, but it has the potential of misuse and there’s where I’m concerned. Once we do this, it is a line we can’t come back from. What would happen if is learned that the Egyptian outcry on Facebook and Twitter was actually the result of a handful of Airman controlling hundreds of online personas? How would we look? How would the American People react to such a blatant manipulation of the news? How would the Egyptians react? If we don’t have the capability we will never be suspected of doing such a thing.
Sometimes the military doesn’t really think things through. It is hard to imagine the second and third order effects of what otherwise looks like a good idea. Sometimes the capability has such potential that it is worth the risk. If we develop this capability we must use it wisely and within the boundaries of the law. It must not be used to manipulate or influence people on social media sites which have a global reach, that is too close becoming propaganda against our own citizens.
I will have to say that I’m not a fan of Facebook, but it would be nice to have a computer program that posted stuff to my Facebook account on my behalf. At least let the family know what’s going on, so I don’t have to actually type anything. If they can get that done, I’ll take a copy. For some reason, I don’t think that is their objective here, but I can hope.
Did Israel create Stuxnet?
Published February 17, 2011 | Several stories have come out over the past couple of days highlighting that General Gabi Ashkenazi, implied that Israel was behind the Stuxnet attack on Iran. If true, then the General should be in an Israeli prison for giving away state secrets. If false, what a way to get a frenzy up about it being Israel. Since it wasn’t an outright confession, this would be an excellent way of implying that it “may or may not” be Israel.
I don’t know if it was Israel or the US, or someone else. I do think that the world will be speculating for years to come. At this point it may not matter, and what may matter is whom will be the next target, and what else do these folks have up in their sleeve.
Is the new AF Bomber hiding somewhere?
Published February 17, 2011 | Wired has an interesting article speculating that the Air Force has a secret bomber prototype somewhere stashed in the desert. Okay, I’m making up the desert part. The article draws on two primary sources, Northrup’s classified program budget, and the X-47 unmanned aircraft. I don’t know if this is correct or not, but I hope so. Currently, our bomber fleet is very old (yes, the B-52 is still flying), or expensive (remember the cost of upkeeping the B-2’s fragile skin). If there is some classified program, I do hope that they have taken sustainment cost into account, as well as actual operational capabilities.
Maybe someday we’ll find out the truth regarding this. Previously, I’d argue that if they retired the B-52’s, that would be a strong indicator that there was a viable replacement, but not today. They are simply getting too old to fly anymore, and we could easily retire them without a replacement. Retiring the B-2’s would be something different, but that isn’t likely even with a new bomber. I’m guessing that they are trying to replace the B-52’s and possibly the B-1’s.
Well, good luck AF. If you don’t have anything in the closet, you better get started, those BUFFS aren’t getting any younger.
The Fusion of Electronic Warfare and Cyber Operations
Published January 22, 2011 | Wired has a story on the new Navy electronic warfare (EW) system, the Next Generation Jammer (NGJ), and they highlight that non-traditional EW targets may be targeted. In fact, the Wired article is called “New Navy Jammer Could Invade Networks, Nuke Sites”, neither of which are traditional EW targets. The traditional targets of jammers is radar and communication systems. The goal is normally to blind your opponent so you can survive while attacking them. So, you jam the targeting radar at a surface-to-air missile site so you can get close enough to the site to bomb it without getting shot down.
The technology in our current inventory of jammers is actually quite old. It was designed during the cold war and has not benefited from the many advances in the commercial electronics world. In its day, it was cutting edge electronics that were only available to governments. Today, my iPhone is more advanced than many of our currently fielded EW systems. So, if you start over now, and leverage the advances in electronics over the past twenty years, a lot more is possible.
The NGJ is simply doing that. It is taking advantage of today’s electronics and looking at what other targets it may be effective against. Over this same twenty year period, wireless networking has taken off. Everyone uses wireless, and it has found itself in use in places you’d be surprised. But there is a price to pay for the convenience of wireless. If you are broadcasting and receiving information through the air, you may be jammed. Depending on what and how you are doing it, not only may you be jammed, but you may be hacked.
For example, I just listed to Security Now, and Steve was talking about Bluetooth security and Bluetooth hacking. One of the aspects of the security of Bluetooth is its relatively short range. The idea is that since you have to be so close to connect to the system, that adds an additional layer of security. The underlying assumption to that is that the bad guys are playing by the rules, which they don’t. It has been demonstrated that you can hack Bluetooth devices from quite a distance if you just use a higher gain directional antenna and a more powerful transmitter. The same is true for wireless, and the NGJ is an extremely powerful transmitter with excellent antennas.
With today’s processing power and the world’s dependency on wireless devices has opened up the opportunity to fuse traditional electronic warfare with today’s cyber operations. I suspect that NGJ will attempt to break into wireless networks, and if successful, try to insert malicious code. This is no easy task mind you, but it wasn’t even possible to try in the past. With strong encryption between the different wireless nodes, it won’t be simple. They are unlikely to ever break WPA encryption for example while flying around, but WEP is easy enough to crack. There may be some other techniques that may not require a direct attack on the encryption that would work. It will really depend on the target’s network and how it is set up.
If the Navy is successful, it will open up many new roles for the EW forces in our military. Traditionally they have been there to support the guys dropping the bombs and to provide protection. Maybe someday it will be the other way around, where the guys with bombs are protecting the EW aircraft actually doing the mission. I think that this convergence was going to happen, hype or no hype. The technology behind traditional EW systems has for a long time been unique to the military and far more advanced than what you could find in the civilian world. Now, that paradigm has flipped itself and cutting edge electronics are found in the civilian world long before they find themselves in military systems. The military is just too small an electronics customer compared to consumers.
Good luck with the NGJ Navy, and I hope it works out for you. Now, I just have to worry about what other nations may do with this technology… as all of this technology magic is available for them to use in their EW systems as well.
Posted in Computers, Intelligence, Military, Technology | 
cyber attack, Electronic Warfare, hacking | 
Leave a commentI never realized how large LMCO is
Published January 17, 2011 | I read an interesting article on TomDispatch.com, regarding how large Lockheed-Martin actually is. It is a lengthy, but a great read. It you don’t know much about Lockheed-Martin, here’s how the article starts:
Have you noticed that Lockheed Martin, the giant weapons corporation, is shadowing you? No? Then you haven’t been paying much attention. Let me put it this way: If you have a life, Lockheed Martin is likely a part of it.
If you look closely at all of the different contracts LMCO has with the US Government, it is concerning that one single company can have such a broad role in almost every aspect of our lives. I guess you could argue the same with GE, and their many different business entities. They do everything from jet engines to refrigerators. While GE is spread across military and civilian technologies, LMCO appears to be mostly focused in the military space. However, that isn’t completely true. I have met one LMCO employee that is working on commercial solar energy. I was surprised when he told me that, and I was delighted to see that type of work being done by LMCO.
The article isn’t really positive about the role LMCO has within the DoD. I won’t comment on that, but I do have similar concerns when any company gets so large and has such a broad role in society, one must question if this is a good thing. I do think that President Eisenhower’s warning on the defense military complex has merit. I wonder what he would think of Lockheed-Martin and their role in our government.
I know that we need defense. We need to have military contractors, and in order to get the best price, we need competition. It is a matter of supply and demand. Again, go ahead and read the article. I think you’ll like it.
Collar Bomb
Published January 8, 2011 | Wired had an article on an amazing crime. A poor pizza man was accosted by group of men that placed a collar bomb on him, and forced him to rob a bank. As you can imagine, he robbed the bank. He was then surrounded by police and three minutes before the bomb squad arrived, it detonated and killed him.
This story only gets weirder, and it involves handcrafted guns in the shape of canes, a handyman, and his crazy ex-girlfriend. I won’t repeat the story here, for what I was fascinated by the technology used. For example, the idea of an exploding collar has been in science fiction for some time, and here it is. Not that spectacular until you read the story and it turns out the pizza guy was in on the plot and thought it was a fake bomb, but then turned victim when he found out that it was indeed real. The no-so-fake collar bomb, the DIY cane gun, all things from James Bond that a handyman took it upon himself to make. It was the real world version of a bad Star Trek episode with Capt Kirk, or something out of CSI.
It is amazing at how creative people can be in coming up with ways to kill each other. This takes the cake, at least until you find a file in the cake. End the end the bad guys and gal got either caught in their own collar bomb, or found themselves in prison. I just have to wonder why I haven’t seen the TV movie of this one, but maybe that is simply because I don’t watch TV.
Testing Tools = Weapons?
Published January 1, 2011 | PC Mag had an article on how a new fuzzing tool has found hundreds of errors in several browsers. It uses randomization of a wide range of variables to simulate a broad range of theoretically feasible (yet possibly highly unlikely) situations where software errors may be exposed and exploited. The researcher identified several Microsoft Internet Explorer errors to Microsoft in July without hearing anything back from them, except for a request to not release the tool itself.
What bothers me about this is the fact that Microsoft asked him to delay releasing the tool. The tool was designed to help increase the security, yet it is seen as a security threat by Microsoft. This is similar to how Metasploit is viewed upon by many vendors. At what point does a software testing tool become a threat? Shouldn’t these tools be available. I think that the fact that this tool found hundreds of bugs in existing browsers enough cause to keep it around, and in fact, it should be ran internally by every browser maker including Microsoft before releasing any new updates. Humans are unable to anticipate every possible configuration and circumstance that will give an attacker an exploit to use. That is whey these tools as well as other software testing tools should be used. It isn’t just up to the beta testers to find everything, and it certainly shouldn’t be up to security researchers to find bugs in your code. That is the authors job, and you need to use the best tools available.
Chasing Stuxnet
Published December 28, 2010 | Wired had an interesting article on the Microsoft team responsible for chasing down Stuxnet. It is an interesting cross section of detective work, computer forensics, and being under the gun by management. Glad they were able to pull it off. It does highlight the multi-disciplinarian team that is necessary to effectively analyze this type of complex and blended threat. It does make me wonder how non-Microsoft security companies can do this type of forensics, and how more impressive if they can without having that Microsoft expertise.
Is TSA Overly Excited by Technology?
Published December 28, 2010 | The Washington Post had an article on TSA’s fascination on technology. They are searching for the holy grail through technology and as a result has spent millions of our dollars on a wasteland of questionable technology. It is an interesting article and it really highlights the TSA’s goal of finding that one magic black box that detects all possible threats, disarms them, and serves breakfast in bed (just joking on the breakfast in bed). While I appreciate this goal, it is unrealistic and disturbing. There is no theoretical solution to the problem short of shutting down all air traffic. No technology will replace well trained personnel that can use their judgment on what is, and what is not a threat. Instead of buying the equipment I’d rather them put the money back into the budget and help pay off the deficit. I would say hire better people, but I don’t more people is the answer, in fact, they could do with less, but better people. Oh, I’m going to get Freedom Groped for this one.
China’s Stealth Fighter
Published December 28, 2010 | Wired is reporting on some new pictures of what appears to be China’s answer to the F-22 stealth fighter. It is a large beast reportedly about 70 feet in length. It should be an interesting comparison when more details are known about it. I think it is important to realize that we’d most likely meet over the skies of Taiwan, and not over California. It doesn’t have the range to hit the US, so be cautious if you hear someone justifying even more defense spending to counter this new threat.
If we ever get into an air war with China it will be ugly, with or without this plane. I hope that we never have to face any modern Air Force, and while I suspect that we could prevail, it will be at the cost of a lot of good people. However, depending on what China does, or more importantly, who they may sell it too, we could possibly see some match-ups between it and the JSF. If the F-22 is sold outside of the US, then that may also happen.
For right now it looks like they are in the flight testing mode and it will probably take at least a few years until we see them in operation. For China, it is a big step in moving from a military dominated by the pure number of soldiers they can place on a battlefield to a modern, well equipped military. I don’t know how long they will take or if they will be successful in the development of this new aircraft. I suspect they will spend whatever it takes to make it work, and I’m sure that there are some smart folks over here already thinking about how we may deal with them in the future if we ever have to.