Transcription
Hacking Nuclear Command and ControlJason Fritz BS (St. Cloud), MIR (Bond)Executive SummaryThis paper will analyse the threat of cyber terrorism in regard to nuclear weapons.Specifically, this research will use open source knowledge to identify the structureof nuclear command and control centres, how those structures might becompromised through computer network operations, and how doing so would fitwithin established cyber terrorists’ capabilities, strategies, and tactics. If access tocommand and control centres is obtained, terrorists could fake or actually causeone nuclear-armed state to attack another, thus provoking a nuclear response fromanother nuclear power. This may be an easier alternative for terrorist groups thanbuilding or acquiring a nuclear weapon or dirty bomb themselves. This wouldalso act as a force equaliser, and provide terrorists with the asymmetric benefits ofhigh speed, removal of geographical distance, and a relatively low cost.Continuing difficulties in developing computer tracking technologies which couldtrace the identity of intruders, and difficulties in establishing an internationallyagreed upon legal framework to guide responses to computer network operations,point towards an inherent weakness in using computer networks to managenuclear weaponry. This is particularly relevant to reducing the hair triggerposture of existing nuclear arsenals.All computers which are connected to the internet are susceptible to infiltrationand remote control. Computers which operate on a closed network may also becompromised by various hacker methods, such as privilege escalation, roamingnotebooks, wireless access points, embedded exploits in software and hardware,and maintenance entry points. For example, e-mail spoofing targeted atindividuals who have access to a closed network, could lead to the installation ofa virus on an open network. This virus could then be carelessly transported onremovable data storage between the open and closed network. Information foundon the internet may also reveal how to access these closed networks directly.Efforts by militaries to place increasing reliance on computer networks, includingexperimental technology such as autonomous systems, and their desire to havemultiple launch options, such as nuclear triad capability, enables multiple entrypoints for terrorists. For example, if a terrestrial command centre is impenetrable,perhaps isolating one nuclear armed submarine would prove an easier task. Thereis evidence to suggest multiple attempts have been made by hackers tocompromise the extremely low radio frequency once used by the US Navy to sendnuclear launch approval to submerged submarines. Additionally, the allegedSoviet system known as Perimetr was designed to automatically launch nuclearweapons if it was unable to establish communications with Soviet leadership.This was intended as a retaliatory response in the event that nuclear weapons had
2decapitated Soviet leadership; however it did not account for the possibility ofcyber terrorists blocking communications through computer network operations inan attempt to engage the system.Should a warhead be launched, damage could be further enhanced throughadditional computer network operations. By using proxies, multi-layered attackscould be engineered. Terrorists could remotely commandeer computers in Chinaand use them to launch a US nuclear attack against Russia. Thus Russia wouldbelieve it was under attack from the US and the US would believe China wasresponsible. Further, emergency response communications could be disrupted,transportation could be shut down, and disinformation, such as misdirection,could be planted, thereby hindering the disaster relief effort and maximizingdestruction. Disruptions in communication and the use of disinformation couldalso be used to provoke uninformed responses. For example, a nuclear strikebetween India and Pakistan could be coordinated with Distributed Denial ofService attacks against key networks, so they would have further difficulty inidentifying what happened and be forced to respond quickly. Terrorists couldalso knock out communications between these states so they cannot discuss thesituation. Alternatively, amidst the confusion of a traditional large-scale terroristattack, claims of responsibility and declarations of war could be falsified in anattempt to instigate a hasty military response. These false claims could be posteddirectly on Presidential, military, and government websites. E-mails could also besent to the media and foreign governments using the IP addresses and e-mailaccounts of government officials. A sophisticated and all encompassingcombination of traditional terrorism and cyber terrorism could be enough tolaunch nuclear weapons on its own, without the need for compromising commandand control centres directly.1. Cyber TerrorismCyber terrorism is a disputed term, just as terrorism itself has no universally accepteddefinition. Kevin G. Coleman of the Technolytics Institute defines cyber terrorism as“the premeditated use of disruptive activities, or the threat thereof, against computersand/or networks, with the intention to cause harm or further social, ideological,religious, political or similar objectives. Or to intimidate any person in furtherance ofsuch objectives” (Cyber Operations and Cyber Terrorism 2005). This may includeusing the internet to recruit terrorists, gather information, disrupt infrastructure, orcause physical real-world harm, as they all lead to the ultimate goal of politicalchange through fear and violence. At its most basic, cyber terrorism is the use ofcomputer network operations to aid terrorism. Theoretical examples of cyberterrorism include hacking into the air traffic control system in order to cause twoplanes to collide, or causing severe financial loss by disrupting banks or the stockmarket (Denning 1999).It is difficult to establish an act of cyber terrorism from similar and overlappingterminology. There are many individuals and groups who cause damage by usingcomputers illegally; however they are not all cyber terrorists. Hackers, or moreprecisely blackhat hackers, exploit vulnerabilities in computer networks for fun,
3profit, or bragging rights. They may steal sensitive data, or cause disruption, financialloss, and real-world physical damage, yet they typically do not intend to causeviolence or severe social or economic harm. Hackers seem more interested in thetechnical capability, as though it were a game. Hactivists are activists who enhancetheir capabilities through computer skill. They may organise protests, defacewebsites, or use any number of techniques designed to disseminate their message.Cyber criminals are an extension of organised crime, and they are particularlyinterested in profit, such as extortion or credit card fraud. State sponsored (military)hackers, non-state sponsored political hackers, industrial espionage, and insiders alsofall into their own subsets of cyber crime. These classifications can alter quickly. Acyber criminal or hacker could cross over into the realm of cyber terrorism by sellingtheir services to terrorists, just as a hacker could become classified as a cyber criminalif they turn their focus to financial gain. The distinction between groups who usecomputer network operations is not of primary concern to this paper. What is ofconcern is whether or not these techniques could be used to compromise nuclearcommand and control.Modus OperandiTerrorists have a history of using asymmetric warfare to compete against their morepowerful enemies. Computer network operations fit within this modus operandi. Asnuclear capable states become more and more dependant on interconnectedinformation technology for the military and civilian infrastructure, they become anincreasingly viable target. Cyber terrorism offers multiple asymmetric benefits. It isrelatively low cost, only requiring an off the shelf computer and an internetconnection. A wide range of pre-written, automated, hacking tools are readilyavailable on the internet and require little to learn. Cyber terrorism allows greateranonymity than traditional terrorism, as tracking the source of attacks is hindered byproxies, spoofed IP addresses, botnets, and legal hindrances. In terms of stealth,cyber terrorism allows for the silent retrieval of information from a computer, or theremote use of someone else’s computer to conduct activities. Cyber terrorists canstrike an enormous number of targets around the globe without having to bephysically present, thereby reducing the risk of death or injury to the attacker. Thisenhances the speed of operations and eliminates the logistical problems of crossingborders. Reducing the risk of death, and the physical or psychological demands,makes it easier to recruit new members for their cause. Cyber terrorism has thepotential to cause damage beyond the scope of traditional tactics, and when used incombination with traditional tactics, it can create synergy.Enhancing Traditional OperationsIn much the same way that the Information Revolution has enhanced the methods andcapabilities of individuals, industry, and government, it has also enhanced themethods and capabilities of terrorism. Information gained on the internet can yieldmaps of installations, bus schedules to and from those installations, operating hours,photographs, telephone/e-mail directories, and so on. Much of this may be considerednon-sensitive information on its own, but when pieced together it can reveal a picturewhich may have been deemed classified. A simple Google search can reveal valuableinformation such as lock picking, hacking software, bomb construction, or fakeidentification, all of which may play a role in the goal of acquiring a nuclear weapon.
4The internet’s ability to identify specific groups based on ethnicity, belief, oraffiliation has enhanced the ability to recruit and target. This can be used to identifyindividuals who may possess pertinent knowledge, such as nuclear scientists ormilitary personnel, who can be targeted with spoofed e-mails containing maliciouscode. In terms of recruitment, many terrorist organisations operate their ownwebsites, complete with propaganda, donation collection, and information on how tojoin their cause. Examples include Hamas, Hezbollah, and FARC. Sunni insurgentsin Iraq have used the internet to post articles and video which undermine coalitionforces by glorifying terrorism, demonizing the coalition, and promoting theirinterpretation of events (Carfano 2008). Due to the global nature of the internet,authorities have difficulty in shutting down these sites as the web host may be locatedin foreign states with varying laws, and alternative hosts can be set relatively easily ifone is shut down. This allows them to reach a worldwide audience.Terrorists can use the internet as a covert means of communication. Even the mostbasic chat programs provide a level of anonymity. Additionally, encryption may beused all the way down to planting messages within the code of jpeg (image) filesposted on image boards and comment threads. Telephone conversations routedthrough computers may also be encrypted. Some of the 9/11 hijackers booked theirairline reservations online and used internet-based telephone services and chatsoftware in the build up to the attack (Wilson 2003). Using the internet forcommunications circumvents many government controls, and allows easy access,high speed, and low cost. Online psychological warfare and the spreading ofdisinformation can instil fear, deliver threats, and destroy morale, such as the videorelease of captured soldiers, beheadings, and crashed helicopters posted on terroristwebsites, which subsequently reach mass media. Recruitment, research, fund raising,propaganda, and communication have always been a part of terrorist activities, butthey have been enhanced with the advent of the internet.Hacker SkillsIn order to see how hackers could penetrate nuclear command and control, it isimportant to examine some of the basic tactics of hacking. Payloads, such as viruses,worms, and Trojan horses, can infect a computer simply by getting a user to click on alink, open an e-mail attachment such as a pdf file, or run an executable program.Spoofing, or making something appear to be something it is not, is often used toaccomplish this. Once one or several of these payloads are installed, they can spreadto other computers; log all keystrokes, gaining passwords and usernames; downloadall of the contents on the hard drive; delete or re-write files; activate the microphoneor webcam, sending that information back to the attacker; or shut down and possiblydestroy the computer. Essentially a hacker can gain complete control of a computerfrom a remote location without the owner’s knowledge. These exploits may alsocause the computer to become a part of a botnet. Botnets are large numbers ofcomputers (zombies) under illicit control which are banded together. These may beused in coordination to cause Distributed Denial of Service (DDoS) attacks. DDoSattacks are capable of shutting down web sites or portions of a network by floodingthe server with data requests. These massive floods of data requests can cause bufferoverflow, and jam the server, rendering it unusable. An exercise conducted by the USNational Security Agency (NSA), named Eligible Receiver, showed that much of theprivate sector infrastructure in the US could be hacked, including telecommunications
5and electronic grids. Hackers working in this exercise were also able to penetratedozens of critical Pentagon computer systems and the US Pacific military’s commandand control system, were they could reformat hard drives, alter data, or shut systemsdown (Weimann 2004, Wilson 2003).SCADA SystemsSupervisory Control and Data Acquisition (SCADA) systems are computer systemsused for critical infrastructure such as energy grids, water management, wastetreatment, transportation systems, emergency services, and communications. Thesesystems “automatically monitor and adjust switching, manufacturing, and otherprocess control activities, based on feedback data gathered by sensors” (Wilson2003). These systems were intended to remain separate from the internet; however asorganisations grew, and so did the internet, it became more cost effective to tie themtogether. In particular, with deregulation it became more important for offsitemaintenance and information sharing. This makes them a valuable target forterrorists. In 2001, an “individual used the internet, a wireless radio, and stolencontrol software to release up to 1 million litres of sewage into the river and coastalwaters of Queensland, Australia. The individual had attempted to access the system44 times, prior to being successful in his 45th attempt, without being detected” (CyberOperations and Cyber Terrorism 2005). Other examples of cyber attacks which havebeen conducted against these types of key infrastructure include: the disruption ofemergency response by embedding malicious code into e-mail; disrupting air trafficcontrol, including the ability to activate runway lights on approach; using a worm tocorrupt the computer control systems of a nuclear power plant in Ohio; using a Trojanhorse to gain control of gas pipelines; and using a worm to degrade utility companiesand the power grid (Cyber Operations and Cyber Terrorism 2005, Lourdeau 2004,Wilson 2008, Denning 2000, Wilson 2003, and Poulsen 2004).Is the threat real?As of May 2009, no major cyber terror event has occurred. Policy makers, mediaorganisations, and security companies often use the threat of cyber terrorism to furthertheir own agendas. The entertainment industry has also capitalized on cyber fears,creating exaggerated and over simplistic scenarios, such as the films War Games andDie Hard 4. Additionally, the media often reports cyber criminals, hackers, statesponsored hackers, and hacktivists all under the heading of cyber terrorists. Sensitivegovernment, military, and intelligence information tend to be maintained on closednetworks, networks separated from the broader internet. While these systems may becompromised, they are far from simple. Governments are aware of the cyber threat,and have been taking steps to increase personnel screening, inspections, inter-agencycommunication, emergency response, scrutiny of sensitive hi-tech foreign partsproduction, and overall computer network defence.SCADA systems may be more robust than some reports have indicated. Thesesystems are designed to be distributed, diverse, redundant, and self-healing, in partbecause weather systems and natural disasters pose a continual threat of disruption. Acyber attack against SCADA systems may require a sustained assault against multipletargets to have a significant effect. Additionally, humans remain in the loop. Forexample, reports that a terrorist could change the levels of iron in children’s breakfast
6cereal to toxic levels, neglects to account for the manual checks of assembly lineworkers, or the accounting procedures for the amount of iron in stock (Denning1999). Al Qaeda computers recovered in Afghanistan revealed information on watersystems and nuclear power plants. However this was more relevant to reconnaissancein support of a traditional physical attack. The degree to which these systems couldcause massive disruption or death is debatable, as traditional explosives remain amore potent tool for that task. It may take years to prepare an attack against advancednetworks, including the identification of exploits, development of tools, and theimplementation of a plan, yet technology is rapidly advancing and networkscontinually updating, possibly disrupting those plans. Terrorist organisations may notbe able to keep up with the massive financial backing of nation states. Statesponsored hackers have this problem themselves (Wilson 2003).Despite the possibility of exaggerated claims, a threat remains. Computer networkoperations do pose an asymmetric weakness, one which terrorist could use to furthertheir agenda, and one which fits within their doctrine. Just as the 9/11 attacks were anunprecedented attack with unconventional weapons, so too could a major cyberattack. Multiple cyber attacks on infrastructure have been documented, as mentionedin the SCADA Systems section above. A successful cyber attack requires findingonly one vulnerability, whereas a successful cyber defence requires finding allpossible vulnerabilities. As younger, more computer savvy, individuals are recruitedinto the ranks of terrorists, they may begin to recognise its potential. Just as thereliance on the internet is rapidly growing, so too are the weapons capable ofdamaging it. The 2005 Cyber Operations and Cyber Terrorism Handbook No. 1.02,notes:The Melissa virus that infected networks in 1999 took weeks to have an effect.However, the Code Red worm that infected the internet in July 2001 took onlyhours to flood the airways, while the Slammer worm that appeared in January2003 took only minutes to infect thousands of hosts throughout the world. Tofurther demonstrate the complexity of attacks, it took Code Red 37 minutes todouble in size, but only took Slammer 8.5 seconds to do the same.While government and corporate organisations have begun to publicly recognise theneed for a strong cyber defence, it is uncertain to what degree they have taken action.Progress in developing the tools to track cyber terrorists runs into conflict withcitizen’s right to privacy—terrorists do not have such legal or social hindrances.Further, potential targets are not unified. For example, the financial sector, thecommercial sector, home users, universities, and government networks are allattractive targets for terrorists, yet there is no coordination between these groups.Corporations and home users may not find stringent security measures to be worth thecost. In the event of an attack, there would also be considerable confusion as to thecoordination of a relief effort (Carfano 2008, Lewis 2002).OutsourcingCyber terrorists may not need sophisticated hacking skills themselves, they may beable to purchase them for cyber criminals. Insiders, such as Vitek Boden, whoreleased sewage into the Australian waterways, could be identified through traditionalcyber activities (Smith 2001). In 2000, Japan’s Metropolitan Police Departmentreported that they had obtained an illicit software program that could track policevehicles. The program was developed by The Aum Shinryko cult, the group
7responsible for the 1995 sarin gas attacks on the Tokyo subway system. Additionally,the cult had developed software for 80 Japanese firms and 10 government agencies,leading to concerns that they had installed Trojan horses to launch or facilitate cyberterrorist attacks at a later date. (Cyber Operations and Cyber Terrorism 2005,Weimann 2004, Denning 2000). Insiders can use flash drives, such as thumb drives,portable gaming devices, mobile phones, or mp3 players, for the clandestine and rapiddownloading of information, or the rapid uploading of a malicious payload used to aidin future attack.Botnets can be rented from cyber criminals, known as botherders, for as little US 200to 300 per hour. And the nature of botnets, being composed of hundreds orthousands of computers around the globe, makes the source difficult to track. Thenumber of zombie computers in the world grew by 12 million in the first 4 months of2009 alone (Zetter 2009). Identity theft can also be purchased online, includingvaluable items for terrorism, such as stolen credit card numbers, driver’s licences,birth certificates, reference letters, and bank accounts. The Provisional IrishRepublican Army hired hackers to acquire the personal information of lawenforcement and intelligence officers, which they intended to use in assassinationplans if the British government did not meet their terms for a cease fire (Denning2000). Evidence of a link between cyber criminals and terrorists is continuing togrow. For example, three British citizens used stolen credit card data to purchasenight vision goggles, tents, GPS devices, prepaid mobile phones, and airline tickets to“assist fellow jihadists in the field” (Wilson 2008). In 1998, Khalid Ibrahim, amember of the militant separatist group Harkat-ul-Ansar, attempted to buy militarysoftware from hackers who had penetrated the US Department of Defense, and in2008, it was revealed that a principal software engineer for Yahoo India was also thehead of internet operations for the Indian Mujahedeen (Rahman 2008, Denning 1999).2. Nuclear Command and ControlIn order to see how cyber terrorists could detonate a nuclear weapon it is important toidentify the structures which they would be attempting to penetrate. Nuclearcommand and control (NC2), sometimes referred to as nuclear command and controland communications (NC3) includes the personnel, equipment, communications,facilities, organisation, procedures, and chain of command involved with maintaininga nuclear weapon capability. A Command and Control Centre is typically a secureroom, bunker, or building in a government or military facility that operates as theagency's dispatch centre, surveillance monitoring centre, coordination office andalarm monitoring centre all in one. A state may have multiple command and controlcentres within the government and military branches which can act independently or,more commonly, be used in the event a higher node is incapable of performing itsfunction. A minimum of eight states possess a nuclear arsenal, providing eightvarying nuclear command and control structures for cyber terrorist to target. Theeight states which possess nuclear weapons are, in order of acquisition, the US, Russia(former Soviet Union), the UK, France, China, India, Pakistan, and North Korea.South Africa formerly possessed nuclear weapons, but has since dismantled itsarsenal. Israel is also widely believed to have nuclear weapons, but has not officiallyconfirmed their status as a nuclear state. There are approximately 20,000 activenuclear weapons in the world. The vast majority of these belong to the US andRussia, stemming from the Cold War.
8Nuclear command and control has inherent weaknesses in relation to cyber warfare.The concept of mutually assured destruction means a state must have the capability tolaunch nuclear weapons in the event of a decapitating strike. This requires havingnuclear weapons spread out in multiple locations (mobility and redundancy), so anenemy could not destroy all of their capabilities. Examples of this include land basedmobile launch platforms and submarine-launched ballistic missiles (SLBM). Thisprovides terrorists with multiple locations for attaining access to these weapons.Further, under NATO nuclear weapons sharing, the US has supplied nuclear weaponsto Belgium, Germany, Italy, the Netherlands, and Turkey for storage and possibledeployment. This further increases the number of access points for terrorists,allowing them to assess not only installations and procedures, but also which bordersand state specific laws may be easier to circumvent. The weapons themselves may allbe under the complete control of the US, but the operational plans of terrorists mayinclude items such as reconnaissance, social engineering, and crossing borders whichremain unique between states. The potential collapse of a state also presents achallenge. Following the collapse of the Soviet Union, Belarus, Kazakhstan, andUkraine were in possession of nuclear weapons. These have since been transferred toRussia, but there was, and still is, considerable concern over the security and integrityof those weapons, especially in the face of a destabilized government and civilianhardship. Mutually assured destruction also promotes a hair trigger launch postureand the need for launch orders to be decided on quickly. The advent of SLBMsincreased this high pressure tension, as the ability of a submarine to sneak up close toa state’s border before launch significantly reduced response time. These shortdecision times make it easier for terrorists to provoke a launch as little time, and littlediscussion, is given to assess a situation in full. The desire to reduce the time it takesto disseminate plans to nuclear forces may expand the use of computers in nuclearcommand and control, or lead to the introduction of fail-deadly and autonomoussystems.This chapter is by no means comprehensive, However it sheds some light on theoperations of nuclear command and control and the difficulties in defending thosesystems from cyber terrorism. Many of the details of nuclear command and controlare classified, so the information provided below may be outdated. However it pointstowards a pattern, and there is no certainty these systems and procedures have beenupdated since entering open source knowledge. Further, terrorists do not have torestrict themselves to unclassified data, and therefore may be able to obtain up to dateinformation.The United StatesThe US employs a nuclear deterrence triad consisted of nuclear-capable long rangebombers, SLBMs, and land based intercontinental ballistic missiles (ICBMs), as wellas an arsenal of nonstrategic (tactical) nuclear weapons. US nuclear command andcontrol covers a geographically dispersed force with the US President, as Commanderin Chief, being the highest authority in the decision to make a nuclear launch. Thereis a hierarchy of succession in the event the President cannot perform this duty, suchas if the President were killed in an attack. Additionally, once the order to launch isgiven, it travels down a chain of command; the President does not press the button, soto speak, nor is the President physically present at the launch location. These
9locations would be targets in a nuclear war, so it is imperative that the leader not bethere. Additionally, multiple independent launch locations make this impossible(except for cases in which multiple missiles are tied together in a Single IntegratedOperational Plan). So it is theoretically possible to subvert this control by falsifyingthe order at any number of locations down that chain of command. The infrastructurethat supports the President in his decision to launch nuclear weapons is the NuclearCommand and Control System (NCCS). “The NCCS must support situationmonitoring, tactical warning and attack assessment of missile launches, senior leaderdecision making, dissemination of Presidential force-direction orders, andmanagement of geographically dispersed forces” (Critchlow 2006).Key US nuclear command centres include fixed locations, such as the NationalMilitary Command Center (NMCC) and the Raven Rock Mountain Complex (Site R),and mobile platforms, such as the E-4B National Airborne Operations Center(NAOC) and the Mobile Consolidated Command Center (MCCC). The US seeks tointegrate its nuclear forces into its vision of command, control, computers,communications, intelligence, surveillance, and reconnaissance (C4ISR) hintingtowards a greater reliance on computer technology in maintaining and upgrading itsnuclear force, not only to combat against Cold War style nuclear war, but also againstperceived emerging threats from China, Iran and North Korea. In particular the USrecognises these states’ potential to use nuclear weapons detonated at high altitude tocreate an electromagnetic pulse (EMP). The threat of EMP was known during theCold War, and a considerable amount of attention has been paid to hardening nuclearsystems (Critchlow 2006).The Minimum Essential Emergency Communications Network (MEECN) links to theICBMs, bombers, and submarine forces. Information widely a
important to examine some of the basic tactics of hacking. Payloads, such as viruses, worms, and Trojan horses, can infect a computer simply by getting a user to click on a link, open an e-mail attachment such as a pdf file, or run an executable program. Spoofing, or making something appear to be something it is not, is often used to accomplish .
