Propaganda and Defamation

This class of attack is best explained by the picture above. This image reflects the changes that were made to the BARC Internet web page after the BARC web server was hacked by milworm. The text is deliberately kept small because it contains provocative language, but in essence, it amounts to an anti-nuclear sermon delivered to India courtesy milworm. Much heartache was caused to the BARC scientists when this image was published on Internet sites and magazines around the world.

When hackers broke into the Paknet systems and obtained information from AVM Farooq Feroze's account, they could also have sent e-mails to international publications defaming Pakistan or the Pakistan Air Force using the Air Marshall's e-mail address. If nothing else, it would have made a minor splash in the international media, which seems to thrive on negative news about Pakistan. More seriously, the Pakistan Government's official home page on the Internet could be hacked into and important public information on Kashmir, for instance, could be changed in subtle ways having a negative impact on Pakistan's stand on the issue.

Though this class of attack is not very serious in terms of its effect, what must be noted is that if a hacker has come into a system and has enough access to change content, he can also destroy or steal it. Currently, there is no well-organized group working for the Pakistan government that can analyze important Pakistani computer resources and seek to better protect them. Such a group is needed badly, and must come into existence before a BARC-like fiasco occurs in Pakistan.

How can Pakistan acquire an Information Warfare capability?

We have talked at length about the kinds of threats Pakistani computer systems can face in the future, and are faced with today. How can this threat be combated, and how can Pakistan use Information Warfare to its own advantage? Clearly, since no formal organizations on the pattern of the American CERT (Computer Emergency Response Team) have been established in Pakistan, work must start from ground zero.

One can attempt to outline the infrastructure necessary to support such a group of Pakistani Information Warfare specialists. It goes without saying that computer systems of several kinds would have to be available in reasonably large numbers (2-3 per person, perhaps). Additionally, to 'break' or decode encrypted messages, large amounts of compute power would be required. Though Pakistan cannot import super computers due to decade-old sanctions, a very large cluster of high performance, commercially available workstations can be tied together to build a 'Parallel Virtual Machine' (PVM), or a distributed cluster. Networks of workstations have been harnessed by several groups internationally, prominent amongst these are projects such as Berkeley's NOW (Network of Workstations) which recently accomplished the feat of processing 10 billion floating point operations in one second, thus becoming one of the world's 200 fastest computers.

The setting up of such a large-scale distributed cluster of machines is not, by any means, a difficult task. A few Pakistani computer scientists can configure both the required hardware and software in a matter of a few weeks.

Miscellaneous hardware such as frequency scanners, taps into telecommunications facilities, ASICs (Application specific integrated circuits) for fast code-breaking, cellular signal locators and multiple high bandwidth connections to the Internet acquired using the cover of fictitious domain names are some more necessities.

The group would probably conduct offensive or 'data gathering' operations by functioning from anonymous or untraceable locations on the Internet; fictitious accounts created with the large international service providers, hacked accounts on networks such as India's ernet, or vsnl, and at international research institutions, universities and organizations. A number of cover organizations could be created under whose names multiple high bandwidth connections to the Internet could be obtained. The group's high performance computing infrastructure (workstation clusters) would remain off-line and unconnected to the Internet itself.

Typically, the group's machines would continuously scan important Pakistani computer sites for incoming connections, possible loopholes, intended break-ins and similar 'interesting' events. This is possible by writing relatively simple software. The author adopted a similar approach to scan Pakistani networks and evaluate their security.

A team of about 80-150 scientists and computer engineers should be able to handle a reasonable sized Information Warfare operation. A large number of these scientists would be mathematicians specializing in cryptography, linear algebra and related disciplines. Computer scientists would probably be the single largest group in the team, specializing in network protocols, low level programming, numerical methods algorithms, operating systems and security. Telecommunications experts would also form a very important part of the team.

If and when the need arises, this group would be able to protect Pakistan's information systems assets by conducting constant automated analyses of computer and network security. It could also play a vital role in locating sources of attacks, and generating counter-attacks. After all, if a group of 17-year-olds can hack India's BARC and extract classified information, if threatened, couldn't Pakistan do the same?

Conclusion

It is imperative for Pakistan to acquire both offensive and defensive Information Warfare capabilities. This is the only way for it to protect its own information and computer resources. As computers become more and more common, our reliance on them will go on increasing, and thus, there will be many more ways in which potential attackers would be able to cause harm. It is very important that a group of scientists be created, charged with the responsibility of investigating and evaluating threats to Pakistani computer systems. Such an operation would not require too many resources. And certainly, it would be well worth the investment.

Appendix

A sample of data stolen from BARC, released by milworm through www.antionline.com:

Is BARC being brought under the defence ministry? If that happens, there'll be a lot of restrictions. I have doubts if the explosion was successful. That place is full of idiots, including Chidu (probably referring to R. Chidambaram, India's Atomic Energy Commission chairman). I know them inside out. I'm sure those morons aren't capable of anything. Must have exploded some RDX and are now claiming to have exploded the bomb for political gains. Biku (probably Bikash Sinha who heads the Variable Energy Cyclotron Centre in Calcutta) is jumping about here and newspapers report some VECC scientists have contributed to the nuclear tests. He has asked for special security. The clown has got two bodyguards. Security has been tightened at the institute.

(ANTIONLINE'S NOTE: This letter was originally in Bengali. Thanks to our friend at THE TELEGRAPH for the translation)

I received both the mails of 17th and 18th today. I did not come on Saturday. I overlooked the isomeric nature of the 2530 keV level in Pm141 which de-excites by 639-381-882 keV cascade. It now appears certain that this level is fed by 43 keV transition from the isomer. Indeed, we have seen enhanced 43 keV in all the three gates, viz., 882,381 and 639 keV and not with the others we have placed above 882-381 in Pm142, viz.,148,175 and 1548 keV. This you may once more check. So the 43 keV, which was somewhat not possible to account for, if we accept its placement in Pm142 and the placement of 882 keV gamma-ray in Pm141 could be finalised. The slight increase in the yield of 882 in our alpha data could be accepted because at lower energy, the population of the isomer may be more which stabilises after some threshold energy of the projectile. In F19 reaction, the population takes place at a higher energy and because of that one might see some changes in the feeding intensities and the rel. int. of 728 and some other gammas lying below the so- called 2 microsec isomer.

Please comment on these arguments. 991 keV was seen by 47 MeV alpha expt. but not in 55 MeV alpha run. This points to the fact that this is more likely in 142Pm which, of course, have to be established by some arguments and our alpha exc. function data. I shall check for the presence of this and accompanying gammas today. More in the next. Regarding your DCO analysis, I shall write in my next mail. Swapanda