Intel Wars Page 30

  According to senior U.S. and NATO intelligence officials, the reason for the dramatic shift in emphasis was that in the fall of 2010, senior Obama administration officials became convinced that the war in Afghanistan could not be won militarily, despite the fact that coalition forces had just made some noteworthy gains in the Taliban strongholds of Helmand and Kandahar provinces. These officials concluded that these gains were temporary at best, because the Obama administration was committed to begin withdrawing U.S. forces from Afghanistan in July 2011, and the weak and corrupt Afghan government forces had proven that they were incapable of holding the ground once the U.S. and NATO forces pulled out.

  So in the fall of 2010, the emphasis secretly shifted to trying to negotiate a peaceful settlement of the Afghan conflict with the Taliban, while at the same time keeping up the military pressure on the Taliban through an intensified campaign of commando raids that targeted senior insurgent field commanders. The expectation was that these commando raids would induce the Taliban leadership in Pakistan to come to the negotiating table.

  It remains to be seen if the Obama administration’s new Afghan war strategy will ultimately succeed. But a number of intelligence officials in the United States and Europe point out that the fundamental problem with this risky strategy is that it has not worked in the past. They point to what happened in Vietnam between 1965 and 1968, when President Lyndon Johnson had hoped that massive B-52 air strikes on targets in North Vietnam would drive the Hanoi regime to the negotiating table. But CIA reporting revealed that the air strikes were causing little, if any, real damage to the North Vietnamese war effort, and had not altered in any meaningful way Hanoi’s will to continue the war. The intelligence officials worry that the Obama administration may be making the same mistake that Johnson and his advisers made more than forty years ago.

  The collapse of intelligence cooperation between the U.S. and Pakistan in early 2011 is a very serious development that has long-term implications for the U.S. intelligence community. American intelligence officials are now concerned that Pakistan will “unleash” its Afghan Taliban proxies, ramping up the tempo of fighting inside Afghanistan. The collapse of intelligence cooperation also bodes ill for the future of the intelligence community’s campaign to destroy what is left of al Qaeda and the host of other terrorist groups that are still hiding in the northern part of the country. A number of joint intelligence collection and analysis projects have been terminated, and unmanned drone strike operations over northern Pakistan have been severely restricted since January 2011.

  And just when officials in Washington and Islamabad thought that relations couldn’t get any worse, they did. In June 2011, CIA officials alleged that someone in the Pakistani government or ISI had leaked to the Pakistani Taliban that the United States intended to launch drone strikes on one of the Taliban’s two bomb factories in northern Pakistan. This led to yet another round of bitter recriminations between the U.S. and Pakistani governments and intelligence officials. Senior CIA officials in Washington told congressional officials that, in their opinion, Pakistan could no longer be trusted with any sensitive classified information.

  Then there is the war on terror. Senior U.S. and European intelligence officials do not know if we are winning the war given the dramatic changes now taking place around the world. Even though Osama bin Laden is dead and al Qaeda in Pakistan has been whittled down to a small rump organization, new terrorist groups are taking shape around the world that are just as committed to killing Americans as bin Laden ever was. The intelligence community’s decade-long counterterrorism operations against the al Qaeda affiliates in Yemen and Somalia are stalled, with no discernible progress to report in almost two years, and new al Qaeda–affiliated terrorist groups have sprung up in recent years across Africa. The U.S. government still cannot get the full cooperation of a number of its key Middle East allies, including Saudi Arabia, to cut off the flow of funds to the Taliban and other terrorist groups around the world. And the terrorist threat at home is rapidly evolving in new and potentially more lethal directions, to the point that U.S. intelligence officials are unsure who they should be looking for anymore.

  Recent events in the Middle East and North Africa clearly show just how dangerous the world is, and how great the challenges facing the intelligence community are going to be in the future as threats to U.S. national security continuously evolve. The U.S. intelligence community did not foresee the sudden collapse of the pro-U.S. regimes in Egypt and Tunisia, the eruption of a civil war in Libya, and the escalating wave of street protests across the Middle East. Then again, no one else in the U.S. government or among our allies abroad did either.

  If pundits in Washington are to believed, the next big threat to the security of the United States is something the experts call “cyber war,” the new global battle being fought every minute of every day on the ethereal plane of the Internet. In its infancy during the 1980s and 1990s, cyber war was the exclusive domain of teenage hackers and cyber criminals, some of whom were backed by organized crime groups in Russia and elsewhere, who tried to steal passwords, bank account numbers, and other personal information so that they could loot bank accounts and cause other forms of criminal mischief.

  As the antics of the hackers and cyber criminals began appearing with greater frequency in the press in the 1990s, the intelligence services of a number of countries decided that they needed their own corps of teenage hackers who could infiltrate foreign government communications networks and computer systems to gather secrets and, if necessary, attack and destroy these systems.

  One of these was America’s electronic eavesdropping Goliath, the National Security Agency, which has been secretly engaged in disrupting foreign computer systems and e-mail traffic for more than twenty years. Shortly after the end of the Cold War in the early 1990s, NSA set up a small unit called the Information Warfare Support Center to experiment with penetrating and disrupting foreign government communications systems and computer networks.

  The concept was given a dry run during Operation Desert Storm in 1991, when NSA was able to electronically disrupt the French-made computers that controlled the Iraqi air defense system. But it was not until March 1999 that NSA first systematically applied its new cyber-attack capability when it electronically knocked down large parts of the communications and computers that supported the Yugoslav air defense system during the short war over the breakaway province of Kosovo.

  In the run-up to the invasion of Afghanistan in October 2001, the United States tried to duplicate its success in Kosovo by using cyber attacks to degrade the Taliban air defense system, but the system was so antique and decrepit that it defied attack by electronic means.

  The Pentagon took its first giant leap into the area of cyber war in January 2005 with the creation of a 125-person unit at NSA headquarters at Fort George G. Meade called the Joint Functional Component Command–Network Warfare, which was described at the time as the single largest conglomeration of computer hackers in the world.

  As soon as the unit was created, teams of its personnel were secretly deployed to Iraq to begin mapping the communications networks of the Iraqi insurgents and al Qaeda foreign fighters opposing the U.S. military there. Over a period of almost two years, this small team of military computer surveillance specialists, called the Multi-National Force–Iraq Cyber Team, carefully watched the flow of e-mails and text messages inside Iraq. They managed to identify the electronic addresses of hundreds of computers and personal messaging systems that were then being used by the Iraqi insurgents.

  As first reported by Shane Harris of the National Journal, several months before the beginning of General Petraeus’s 2007 Baghdad surge offensive, the NSA was authorized by the White House to launch a cyber attack on all of the Iraqi insurgent e-mail and text messaging systems that the Cyber Team had located. According to intelligence officials, the cyber attack knocked off the air almost all of the communications of the Iraqi insurgents and al Qaeda in Iraq fighters around Ba
ghdad for three days.

  On April 27, 2007, while NSA was gearing up to launch its electronic offensive against Iraqi insurgents, right-wing Russian nationalists, enraged by the decision of the Estonian government to relocate a huge Stalin-era statue of a Soviet soldier in downtown Tallinn, the capital of Estonia, launched a concerted month-long cyber attack on virtually every Estonian computer server, router, Web site, and e-mail system that served the country’s government ministries, banks, newspapers, and television and radio stations. According to a leaked State Department cable, “On April 28, less than 24 hours after the first cyber attacks, Russian-language internet forums … were exhorting people to attack specific GOE [government of Estonia] websites and offering links to software tools.”

  A year later, in August 2008, the Russian government itself launched a cyber attack on the communications and computer systems of the Georgian government and news media prior to the launch of a major military offensive to retake portions of the breakaway province of South Ossetia that had recently been captured by Georgian forces. A 2009 report by the NSA examining the cyber attack on Georgia found that the Russians managed to plant a Trojan Horse program into a number of Georgian government computer networks that allowed Moscow to launch continuous denial-of-service attacks on the host computers, temporarily knocking them out of commission. The Georgian government’s computer experts were able to quickly put together an ad hoc communications system to replace the one being jammed by the Russians, but the incident highlighted the fact that cyber attacks, if done right, can be more effective than an artillery barrage or air strike in wreaking havoc on foreign computer and communications systems.

  Leaked State Department documents reveal that the intelligence services of the People’s Republic of China have become the world’s foremost practitioners of cyber war. The scope of the Chinese cyber-war effort is massive. In March 2009, researchers in Canada and Great Britain discovered that someone in China was conducting a cyber-spying operation, which they named GhostNet, that involved inserting undetectable Trojan Horse viruses into computers around the world, including the personal computer of the Tibetan leader-in-exile, the Dalai Lama. Whoever was running the operation inside China was reading all of the e-mails sent to and from the targeted computers and monitoring which Web sites they visited, leading to the obvious conclusion that GhostNet was a Chinese government spying operation, though this remains to be proved.

  The classified reporting of the U.S. intelligence community strongly suggests that GhostNet was but a small part of a much larger global cyber-spying operation by the Chinese government that has been going on for almost a decade. Leaked State Department documents show that since 2002, Chinese hackers have succeeded in penetrating a number of Canadian, French, and German government computer systems, some of them very high-level. For example, a secret 2008 report by the German equivalent of the FBI, the Federal Office for the Protection of the Constitution, reported that hundreds of Chinese cyber attacks had “targeted a wide variety of German organizations to include German military, economic, science and technology, commercial, diplomatic, research and development, as well as high-level government [computer] systems.”

  The main targets of the Chinese hackers have been the computer and communications systems of the U.S. government and military. According to a classified State Department report, “Since late 2002, USG [U.S. government] organizations have been targeted with social-engineering online attacks by [Chinese] actors.” The Chinese have used the same techniques as mainstream computer hackers; the cable revealed that they had “relied on techniques including exploiting Windows system vulnerabilities and stealing login credentials to gain access to hundreds of USG and cleared defense contractor systems over the years.” The cable confirmed that the cyber attacks have targeted virtually every department of the U.S. government involved in national security matters. According to the cable, “The majority of the systems [Chinese] actors have targeted belong to the U.S. Army, but targets also include other DoD [Department of Defense] services as well as DoS [Department of State], Department of Energy, additional USG entities, and commercial systems and networks.”

  In June 2009, Chinese hackers attempted to penetrate the computers of five State Department officials in the office of the special envoy for climate in Washington just as talks got under way in Beijing with the Chinese government over reducing greenhouse gas emissions. According to a leaked State Department cable, “The event appears to be a targeted spear-phishing attempt [attempting to acquire electronically sensitive personal or financial information, such as bank account passwords] and may be indicative of efforts [by the Chinese] to gather intelligence on the U.S.’s position on climate change issues.”

  Despite knowing about the Russian and Chinese cyber attacks on U.S. and allied computer systems, the U.S. government chose to do nothing about them, fearing that Russia and other foreign countries might use the attacks to force the enactment of binding international agreements that would restrict Washington’s ability to conduct its own cyber attacks on targets deemed to be threats to U.S. national security. According to a leaked 2009 State Department cable, “U.S. policy remains that hackers and cyber criminals, not states, are the most urgent cyber threat. [U.S. delegation] should continue to oppose Russian arguments for arms-control-like constraints on information technology and offensive capabilities.”

  It was not until Chinese cyber attacks hit the giant American Internet service provider Google in January 2010 that the U.S. government finally was forced to take action. Although the U.S. intelligence community was certain that the attacks originated from inside China, no one knew exactly who launched them or why. According to a leaked State Department cable from the U.S. embassy in Beijing, “A well-placed contact claims that the Chinese government coordinated the recent intrusions of Google systems. According to our contact, the closely held operations were directed at the Politburo Standing Committee level.” Another source, however, indicated that it was one of Google’s Chinese competitors who launched the attack. When Google formally complained to the U.S. government about the attack, in an unprecedented move, America’s eavesdropping giant, the National Security Agency, was ordered to help the Internet giant erect electronic defenses against further attacks.

  The actual culprit was never identified, and probably never will be. But the revelations in the press had the salutary effect of spurring the U.S. intelligence community into action. According to senior U.S. intelligence officials, the Chinese attacks on Google resulted in cyber warfare being instantly elevated to the single most important priority item within the intelligence community. In testimony delivered before the Senate Select Committee on Intelligence in February 2010, DNI Denny Blair warned that “the recent intrusions reported by Google are a stark reminder of the importance of these cyber assets, and a wake-up call to those who have not taken this problem seriously.”

  On May 21, 2010, a new military organization called U.S. Cyber Command was created, which is responsible for directing all of America’s offensive and defensive cyber-war activities, including conducting cyber attacks on foreign government computer systems if so ordered. Although nominally independent, U.S. Cyber Command is, in fact, an adjunct of the National Security Agency. The director of the NSA, General Keith Alexander, is also the chief of the 1,100-person U.S. Cyber Command.

  So what has Cyber Command been doing since becoming operational? No one knows for sure because of the secrecy surrounding its operations, but there are telltale signs that it is already active.

  In July 2010, computer security experts discovered a new computer virus called Stuxnet, which the New York Times later described as “the most sophisticated cyberweapon ever deployed.” We know nothing for certain about the origins of Stuxnet, or who wrote the program. The New York Times has opined that the virus was written jointly by U.S. and Israeli intelligence, but there is as yet no substantive evidence to support this allegation.

  What we do know is that the person or person
s who wrote the Stuxnet program designed the system for a very narrow and specific application, and with a very specific target in mind. Unlike previous computer viruses, Stuxnet did not target personal computers or the computer servers used by corporations or financial institutions. Instead, Stuxnet was designed to attack a specific piece of software made by the German high-tech giant Siemens AG. And we now know that Stuxnet’s principal target was the computer system that regulated the operations of the nine thousand centrifuges at Iran’s main uranium enrichment plant at Natanz in central Iran.

  It also is clear that whoever designed Stuxnet was not a teenage hacker but rather one or more individuals working for a foreign intelligence agency who knew virtually everything about the Natanz plant. A detailed study of the virus shows that Stuxnet was designed based on a near-complete understanding of the computer system at Natanz, which could only have come from someone inside the plant providing the virus’s designers with the schematics of the plant’s computer hardware and software systems.

  Moreover, Stuxnet was deliberately designed to attack computer systems that were not connected to the Internet for security reasons, as was the case at Natanz. In order to get around the firewall, the Stuxnet virus had to be loaded onto a CD or flash drive and then covertly downloaded into the computer system at Natanz. Once again, this could only be accomplished by an intelligence service with an agent at Natanz with access to the plant’s computer systems. Once buried inside the targeted computer’s software, analysis of the virus shows, Stuxnet was programmed to take control of the host computer system.

  According to computer security experts, the Stuxnet virus was somehow covertly inserted into the computers at Natanz in mid-2009, knocking out of commission almost one thousand of the facility’s nine thousand centrifuges in a single blow. But a recent report by the International Atomic Energy Agency indicates that the damage caused by Stuxnet was only temporary. Beginning in late 2009, IAEA video cameras at Natanz caught Iranian workers carting off the damaged centrifuges. Six months later, in early 2010, the cameras saw the same workers hauling in crates containing new centrifuges. U.S. intelligence experts now believe that the Natanz plant is back in full operation.