Cyberattacks Spur Approval

of INFOCON Structure
Waving American Flag


Visitors Since
October 15, 2001.

Home

Bulletins

Upcoming
Events

Posters

Recent Newsletters

Past Articles
Computer Security
Foreign Espionage
Industrial Espionage
Personal Security
Personnel Security
Physical Security
Security Management

VSAC Desktop
Guide

Security Books
On-Line

Other Security Links

About Us
ASIS
NCMS
VSAC

E-Mail Us
ASIS
NCMS
VSAC
Webmaster

We join with those who mourn the loss of life,  the injuries, and the disruption of lives caused  by the attacks  against Washington,  DC, and  New York, N.Y.    All those effected -- the brave people who helped in rescue efforts, those involved in America's response to terror and in the war with Iraq-- are in our thoughts and prayers.

by Bill Uttenweiler
The Aerospace Corporation
Vandenberg AFB, CA

TooShort.  Makaveli.  The Analyzer.

These three teenagers—the first two from northern California, the other from Israel—set off alarms within DOD early this year with their successful attempts to hack into unclassified DOD computers.  Because the attacks came during the build-up for possible military actions against Iraq, DOD officials were initially concerned that the US was being targeted in a preemptive information warfare strike.  At risk were unclassified systems containing data on Persian Gulf related logistics, personnel, etc.

In part in response to them and in part in response to other hackers, the Defense Department has created a new alert system designed to rate the level of threats to its information system.  The new Information Conditions (INFOCONs) are structured similarly to the Threat Conditions (THREATCONs) used to rate terrorist threats.

Each level indicates an increase in the threat to DOD information technology systems.  Structured, systematic attacks to penetrate multiple systems will result in a higher INFOCON rating than when individual, isolated attempts are made.  Since DOD will use them in response to different conditions, raised INFOCON and THREATCON levels will not necessarily to hand in hand.

The INFOCON levels include:

  • INFOCON NORMAL indicates normal threat environment and  precautions apply.
  • INFOCON ALPHA indicates a heightened threat of possible information attack, to include an increased number of problems which might indicate patterned surveillance/reconnaissance.
  • INFOCON BRAVO indicated a demonstrated, increased, and patterned set of intrusion activities exists, to include a compromise of systems resources.  Examples included dedicated computer sweeps, scans, or probes and a significant increase of detected viruses, nuisances, phreaking, pinging, and spamming.
  • INFOCON CHARLIE indicated an actual information attack has occurred, or intelligence indicates an imminent information warfare attack.  This includes the response to any collection efforts targeted against classified systems.
  • INFOCON DELTA indicates the severity of an information attack has significantly degraded mission capability.  Primary efforts at INFOCON DELTA are recovery and reconstitution.
As the threat level increases, officials will employ more stringent protective procedures and policies.  For example, at INFOCON ALPHA, system administrators would advise all people to increase to back-up of key files to weekly and close all remote maintenance ports on routers, firewalls, servers, and electronic telephone switches.  At higher levels, unprotected local area networks would be disconnected from commercial Internet access and require use of encrypted media to exchange sensitive information.

Last fall, the Presidential Commission on Critical Infrastructure Protection issued a report entitled “Critical Foundations: Protecting America’s Infrastructures.”  Part one focused on how America’s vulnerabilities have changed because of our increasing dependence of computers and networks.  Part two talked about steps that should be taken to protect our infrastructures and minimize future vulnerabilities.  The report, in Adobe Acrobat format, can be viewed or downloaded from http://www.pccip.gov/report_index.html.

Win Schwartau, an author and consultant on information warfare, has recommended the Departments of Justice and Defense cooperate with large organizations and enterprises in the civilian sector to develop a stronger information protection program.  This is because commercial organizations, including the communications, financial, power, and transportation infrastructures are under their control.  Schwartau has written “The contention is that the Pentagon is in the physical war business. . . .That contention, too, is a matter of healthy debate when we ask ‘Who protects the private sector from international assaults that do not involve bombs, airplanes and submarines?’”  Schwartau’s web site is at http://www.infowar.com/.

TooShort, Makaveli, and The Analyzer were part of a hacker group called “The Enforcers.”  After the trio’s arrests, other Enforcers— including Paralyze, Immunity, and DooM—launched a brief campaign of retaliatory hacks against commercial and government web pages.  More information on the group, their successful hacks, and their announcement of a truce can be found at http://www.antionline.com/.

[Webmaster's note:  This article was originally written in March 1998 for the VSAC News and the NCMS Channel Islands Newsletter.]

For information on our group or to make comments about this page,
please email sate@impulse.net.

All Rights Reserved.  Copyright © 2000 by Bill Uttenweiler.
Last Updated:  March 23, 2000.