Monday, October 31, 2005
Great Birthday!
Thank you everyone for the gifts you all gave me and also for making my birthday visit great. I hope I can see you all again soon. If you haven't noticed, my pictures are back as I fixed my server at my Dad's while I was there. It needs an overhaul, but I have it going well enough until I have time to work on it.
P.S. I strung up all of the peppers from Duncannon. I'll post a picture when I get a chance. Thanks again for keeping them for me Ma and Joe.
P.S. I strung up all of the peppers from Duncannon. I'll post a picture when I get a chance. Thanks again for keeping them for me Ma and Joe.
Monday, October 24, 2005
My resume that I used at my Bayer interview
Brandon Himes
308 Montebello Farm Rd,
Duncannon, PA 17020
717.834.3460
Brando@gmail.com
SUMMARY
I will be graduating with my undergraduate degree in information technology from Slippery Rock University in May of 2006. I have many skills that I have developed during the many employment experiences that I have had during my undergraduate work.
COMPUTER SKILLS
Languages
• Proficient in: C++, C#, HTML, JavaScript, PHP, SQL
• Familiar with: Unix Shell, Perl, VB, .NET Framework, Java
Software
• Proficient with: Office, Photoshop, Visual Studio, Illustrator, Flash, Enterprise Manager, Director
• Familiar with: QuarkXpress, Indesign, Sql Compare
Skills
• Network administration
• Web Design
• Computer repair
• Experienced Trainer
• Technical Writing
• Leadership/Management
EXPERIENCE
2005-2006 Teaching Learning Technology Roundtable
Personal Technology Assistant to University Faculty
• Conducted one-on-one instruction on technology to university professors
• Worked with the TLTR to develop training tactics to better prepare students and faculty to utilize campus resources.
2005 Penn National Insurance
Systems Analyst Intern – E-commerce and Information Systems team
• Coded in VB.Net and C#.net.
• Developed both intranet and internet applications.
• Worked with SQL databases including stored procedures.
• Worked with Unicenter, a job scheduling system.
2004-2006 The Rocket
Slippery Rock University Student Newspaper - Web Editor
• Produced an online version of the newspaper from quark express format.
• Received an award from the American Society of Journalists for 1st place in Online Newspaper.
• Wrote “Bitter Bytes,” a sarcastic weekly technology column.
2004 Pennsylvania Department of Transportation
Intern – Data Analyst
• Analyzed crash data and utilized several information systems.
• Worked with text based information systems as well as GIS (Geographic Information System).
2003-2006 Slippery Rock University
Department of Information Technology – Head Resident Network Assistant
• Promoted to head network assistant in 2005.
• Developed extremely successful hands-on training process for new RNAs.
• Diagnosed and repaired networking problems.
• Dealt with security issues such as viruses and spyware.
2003 Von Entress Glasswork
Graphic Artist and Web Designer
• Utilized photo editing software to produce graphics to be used on the Internet.
• Developed code for the Von Entress website.
2002-2006 Slippery Rock University
Department of Information Technology – Computer Lab Assistant
• Fixed networking, printing, hardware and software problems.
2000-2002 EndlessLink Web Design
Web Designer and Graphic Artist
• Completed Web pages for statewide associations including PenSPRA (Pennsylvania School Public Relations Association), PAESSP (Pennsylvania Association of Elementary and Secondary School Principals), and PSFSA (Pennsylvania School Food Service Association).
2000 R/M Omni Media
Assistant Web Designer
• Gained web design experience.
• Learned about small business.
EDUCATION
Slippery Rock University
2002-2006
Slippery Rock, Pennsylvania
• B.S., Information Technology
• 3.75 QPA - Dean’s List
• Honors Program Member – Chair of technology committee.
• Blue Key Honor Society – Vice President
• German Club Member
• Recognized by Who’s Who Among American College and University Students.
• Awarded “Best Student Paper” by Information Systems in Education Conference (ISECON).
• Completed many extra classes found in the computer science major to further hone my programming skills.
308 Montebello Farm Rd,
Duncannon, PA 17020
717.834.3460
Brando@gmail.com
SUMMARY
I will be graduating with my undergraduate degree in information technology from Slippery Rock University in May of 2006. I have many skills that I have developed during the many employment experiences that I have had during my undergraduate work.
COMPUTER SKILLS
Languages
• Proficient in: C++, C#, HTML, JavaScript, PHP, SQL
• Familiar with: Unix Shell, Perl, VB, .NET Framework, Java
Software
• Proficient with: Office, Photoshop, Visual Studio, Illustrator, Flash, Enterprise Manager, Director
• Familiar with: QuarkXpress, Indesign, Sql Compare
Skills
• Network administration
• Web Design
• Computer repair
• Experienced Trainer
• Technical Writing
• Leadership/Management
EXPERIENCE
2005-2006 Teaching Learning Technology Roundtable
Personal Technology Assistant to University Faculty
• Conducted one-on-one instruction on technology to university professors
• Worked with the TLTR to develop training tactics to better prepare students and faculty to utilize campus resources.
2005 Penn National Insurance
Systems Analyst Intern – E-commerce and Information Systems team
• Coded in VB.Net and C#.net.
• Developed both intranet and internet applications.
• Worked with SQL databases including stored procedures.
• Worked with Unicenter, a job scheduling system.
2004-2006 The Rocket
Slippery Rock University Student Newspaper - Web Editor
• Produced an online version of the newspaper from quark express format.
• Received an award from the American Society of Journalists for 1st place in Online Newspaper.
• Wrote “Bitter Bytes,” a sarcastic weekly technology column.
2004 Pennsylvania Department of Transportation
Intern – Data Analyst
• Analyzed crash data and utilized several information systems.
• Worked with text based information systems as well as GIS (Geographic Information System).
2003-2006 Slippery Rock University
Department of Information Technology – Head Resident Network Assistant
• Promoted to head network assistant in 2005.
• Developed extremely successful hands-on training process for new RNAs.
• Diagnosed and repaired networking problems.
• Dealt with security issues such as viruses and spyware.
2003 Von Entress Glasswork
Graphic Artist and Web Designer
• Utilized photo editing software to produce graphics to be used on the Internet.
• Developed code for the Von Entress website.
2002-2006 Slippery Rock University
Department of Information Technology – Computer Lab Assistant
• Fixed networking, printing, hardware and software problems.
2000-2002 EndlessLink Web Design
Web Designer and Graphic Artist
• Completed Web pages for statewide associations including PenSPRA (Pennsylvania School Public Relations Association), PAESSP (Pennsylvania Association of Elementary and Secondary School Principals), and PSFSA (Pennsylvania School Food Service Association).
2000 R/M Omni Media
Assistant Web Designer
• Gained web design experience.
• Learned about small business.
EDUCATION
Slippery Rock University
2002-2006
Slippery Rock, Pennsylvania
• B.S., Information Technology
• 3.75 QPA - Dean’s List
• Honors Program Member – Chair of technology committee.
• Blue Key Honor Society – Vice President
• German Club Member
• Recognized by Who’s Who Among American College and University Students.
• Awarded “Best Student Paper” by Information Systems in Education Conference (ISECON).
• Completed many extra classes found in the computer science major to further hone my programming skills.
My interview
I had an interview with a representative of the Bayer Corporation this morning. That went pretty well. The rep told me that my credentials were great and that my resume looked good. Based on my performance I think I will probably be asked back for a second interview. I don't know if I'm interested in working for Bayer or not as the job would almost definitely be in Pittsburgh where the corporate HQ for the US is located. Interestingly, Bayer was originally founded in Germany and has international opportunities. They were interested to hear that I have experience in German. Perhaps an international work experience is in my future someday. Who knows. I'll let you know when I hear back from Bayer. It will probably be a few weeks.
My weekend
As everyone probably knows by now, Evan and Patty were visiting Slippery Rock for the weekend. We had a lot of fun. We cooked dinner in my apartment Friday and Saturday night. Evan brought all kinds of gifts for me. Thanks so much for everyone who sent things. On Friday we went to visit with some friends who live off campus (Shaggy, if anyone's heard me talk about him). Then Saturday my roommates were home so we had a few friends over for a poker game. Lots of fun. Evan left Sunday morning after my roommate Brett and I made omelettes from the farm fresh Duncannon eggs. Talk to you soon.
Friday, October 14, 2005
Birthday List
- A new palm (my old one is getting outdated)
- A giant eagle gift card
- A walmart gift card
- Some new t-shirts (XL tagless)
- Some warm wool socks for winter
- If there is such a thing as a gift certificate to this cigar shop, then I'd like one very much. I know the owner well so he'll probably do something special for me.
- I'd like a new tattoo, but they cost far too much.
- A gift certificate to Lindsay and my favorite restaurants near SRU.
- I could actually just use some money.
Wednesday, October 12, 2005
My Paper
Information Warfare
Brandon Himes
bchim11@sru.edu
Patricia A. Joseph
patricia.joseph@sru.edu
Computer Science Department, Slippery Rock University
Slippery Rock, PA 16057, USA
Abstract
Information warfare is the use of information as an instrument of war. Information warfare is a relatively new topic. The development of new technologies such as broadband Internet ac-cess, wireless networking, and the dependence of governments and businesses on the func-tionality of the Internet has been a catalyst for information warfare. Information warfare can take many forms. Some are purely destructive such as Distributed Denial of Service (DDoS) attacks and the creation of viruses, but other methods of information warfare resemble normal use of the Internet such as organizing groups and disseminating information. Although infor-mation warfare is typically destructive and is mostly used for terrorism or crime, it can also be used as a powerful, constructive tool that empowers law enforcement and grassroots move-ments.
Keywords: Leading Edge Technologies, Networks, Security.
Introduction
Information warfare is the use of information as an instrument of war. Information war-fare is a relatively new topic. The develop-ment of new technologies such as broadband Internet access, wireless networking, and the dependence of governments and busi-nesses on the functionality of the Internet has been a catalyst for information warfare. Information warfare can take many forms. Some are purely destructive such as Distrib-uted Denial of Service (DDoS) attacks and the creation of viruses, but other methods of information warfare resemble normal use of the Internet such as organizing groups and disseminating information. Although infor-mation warfare is typically destructive and is mostly used for terrorism or crime, it can also be used as a powerful, constructive tool that empowers law enforcement and grass-roots movements.
Methods of Information Warfare
A first destructive method of information warfare is called “Google bombing.” A Google bomb is a tactic used to alter the search results of the Internet’s most prolific search engine, Google. A Google bomb is created by Internet users--often bloggers or message board users--posting links to the web site of their victim and titling their link with the desired search phrase they would like that page to appear on. When Google crawls the web to generate its search re-sults, each instance of the aforementioned hyperlink raises the rank of the victim’s page on Google’s search results. In order to en-sure that the victim’s web site will be the first result on Google, there must a large quantity of hyperlinks. This is why blogs and message boards are often utilized. Us-ers update information that appears on every page of their blog or on every post on a message board. This is an effective way to propagate the number of hyperlinks.
Although this tactic may not seem inherently destructive, it becomes so in the way it is typically used. Often the search terms are ad hominem attacks or slanderous speech against the victim of the Google bomb. One specific example of this is the G. W. Bush Google bomb. Due to the multitude of links posted to the White House’s online biogra-phy of George W. Bush that are titled “fail-ure,” the search results for that keyword bear a link to the biography as the first re-sult. Google has repeatedly defended the exploitation of its search results as an accu-rate representation of how other sites feel that a site should be categorized ("’Miserable Failure’ Links to Bush," 2005). This method of information warfare is not inherently de-structive. However, exploiting Google’s search results has little application other than to make disparaging references making it one of the ways that information warfare is used to destructive ends.
A second destructive method of information warfare is Distributed Denial of Service (DDoS) attacks. A DDoS attack is a varia-tion of a Denial of Service (DoS) attack. A DOS attack is when a user repeatedly re-quests data from a server in order to tie up all of the server’s resources until it is so overworked that it grinds to a halt. A DDoS attack is only different from a DoS attack in that it is a distributed attack. This means that many users simultaneously use up re-sources, making the attack much more ef-fective (Acohido, 2005). One instance of a DDoS attack being used for information war-fare was during post war period in Iraq, a DDoS attack was used to disable the Al Jazeera English language web site by regime sympathizers ("’Miserable Failure’ Links to Bush," 2005). Just as the majority of infor-mation warfare tactics are destructive, a DDoS attack is purely destructive.
A third type of information warfare that is potentially very destructive is attacks on industrial control systems. Since many in-dustrial control systems such as the electri-cal power, water, telephone and television systems are now run by computers that can be controlled remotely via the Internet (Dougherty, 2005), this means that these systems are vulnerable to attack from the Internet. Such an attack was thought to have taken place during the blackout that left parts of Canada and the eastern United States without power. Though after a thor-ough investigation by the FBI it was found that the blackout was in fact not caused by an attack but by a failure in the system it-self. This does not discount the fear that such an attack could take place. After the conclusion of the FBI investigation, the re-port warned that such an attack is a possibil-ity that we must defend against with vigi-lance ("FBI Concerned about Threat of Ter-ror-Induced Blackouts," 2005). Attacks on industrial control systems present a real danger to the population they service and represent the most dangerous of the threats of information warfare.
A fourth threat posed by information warfare is the threat of highly trained mercenaries capable of launching an arsenal of informa-tion warfare attacks. Though even an ama-teur attacker can cause damage using in-formation warfare and only basic techniques, the greater threat is from those trained and experienced in using information warfare to cause damage. The prospect of information warfare mercenaries is very real and there are documented cases both domestically and abroad. One such case is that of Jay R. Echouafni, who was investigated by the FBI and was found to have hired a mercenary to use a variety of information warfare attack against his business competitors (Bryan-Low, 2004). Yet another, more frightening, example of information warfare mercenaries being used en masse is that of North Korea. South Korea, concerned about the potential of an information warfare attack, investi-gated reports that North Korea had estab-lished a school for the training of information warriors (MacKinnon, 2005).
The findings of this investigation were sur-prising given the relatively low amount of cutting edge technology in North Korea. South Korea’s investigation found that North Korea had established an “Automated War-fare Institute” and that it trained 100 highly specialized information warriors a year (MacKinnon, 2005). The threat of a highly trained army of information warriors is one of the grimmest threats that information warfare poses. The fact that this army is trained in North Korea expresses the true threat that information warfare poses. North Korea does not supply its own Internet access, have very advanced technology, or even have reliable electrical grids, yet it is capable of producing information warriors. What can be expected of more advanced countries who take initiative to participate in information warfare? Though an army of information warriors trained to defend could possibly have constructive application, the only instances of trained information warri-ors have been used for purely destructive purposes, posing a great threat to their ad-versaries.
A fifth threat of information warfare is the creation of viruses. Viruses are malicious code written expressly for the purpose of penetrating security and causing damage. Viruses are the oldest form of information warfare and therefore are the threat that the general population is most equipped to deal with. There are many companies that pro-duce anti-virus software that is used to de-fend users against such attacks. Some ex-amples are Norton, McAfee and others. De-spite this, viruses cannot be completely de-fended against and as a consequence they often cause large amounts of damage.
Some of the most destructive viruses ever devised are Sasser (2004), Blaster (2003), and Nimda (2001) which caused 3.5 billion, 1.5 billion, and 1.5 billion dollars worth of damage, respectively (Vogelstein, 2004). Viruses are probably the most common type of attack used in information warfare. It is common for viruses to be used only for the purpose of terrorism. They are seldom used on one group or another, but rather are re-leased on the general population to cause damage. Microsoft, whose products are the target of many viruses, often has offered a reward for any information leading to the author of the virus being brought to justice. This is seldom effective because frequently viruses are launched from geographic areas where the United States holds no authority. Viruses are certainly a destructive and threatening means of information warfare.
A sixth type of information warfare, and perhaps the most serving to the warrior’s cause, is hacktivism. Hacktivism is a com-pound of “hacking” and “activism”. Hacktiv-ism utilizes many other means of informa-tion warfare but tends to center more on web sites as the goal of hacktivism is to be as public as possible in order to influence the feelings and opinions of others. Hacktivists often uncover passwords or manipulate web servers in order to deface the website of their victim in order to put their message into the public eye. Hacktivism also includes other means by which to convey the mes-sage of the hacktivist’s ideology.
Information Warfare Activities
One recent example of hacktivism took place in Italy. The Italian legislature made a deci-sion that many homosexuals felt infringed on their rights. Hacktivist sympathizers at-tacked the Italian government by planting a backdoor Trojan virus into the government’s computer network (Sturgeon, 2005). A “backdoor Trojan virus” works by putting seemingly innocuous code onto a machine then once the code is inside the code changes to become malicious. A “backdoor” virus is one that, once inside a system opens a security hole that allows a remote user to perform a multitude of actions on the user’s machine without the user’s consent. The Italian hacktivists used this backdoor to cause homosexual pornography to play on the screens of all of the computers on the Italian government’s computers (Sturgeon, 2005). Although hacktivism can certainly be used to destructive ends, it is not nearly as costly as other means of information warfare and is seldom used for terrorist ends.
Unlike the preceding types of information warfare a seventh type of information war-fare, using the Internet to organize and communicate with supporters is almost al-ways a constructive act. The Internet en-ables large, geographically dispersed groups to organize, plan and coordinate their efforts to achieve the group’s goals. This is one of the reasons that the Internet was created. While its peacetime applications were origi-nally envisioned at its creation, the Internet has many applications in communication and administration in wartime.
A group that uses the Internet to coordinate their side of a conflict is the Zapatista movement in Mexico. The Zapatistas are a group of indigenous people of Chiapas, Mex-ico. They have been in a long and violent conflict with the Mexican government over a dispute about the ownership of their land. The Mexican government has attempted many times to forcefully remove the Zapa-tistas from the land in question with little to no success due to the heavy military resis-tance of the men, women and children of the Zapatista (Accion Zapatista de Austin, 2005). However, realizing that time was on the side of the Mexican government, the Za-patista decided that they would need a bet-ter consolidated force and the opinion of the world on their side if they were to win the conflict. In order to do this the Zapatista moved their organization into cyberspace. The Zapatista web site helps convey infor-mation and organize the movements of the Zapatista while also telling the world of their righteous struggle to keep their ancestor’s lands (Accion Zapatista de Austin, 2005). This method of information warfare is not destructive to the enemy, unlike those that preceded it, but it is constructive and posi-tive in any light.
Computer Network Security
Closely related to organizing support and another means of information warfare that is constructive is basic communication. This method of information warfare is the es-sence of the Internet. What is the Internet if not a means of communicating informa-tion?
Communication, when considered in the con-text of war, is a means of information war-fare. Often a military action will attempt to isolate an area, preventing it from communi-cating from the rest of the world. Informa-tion warfare then becomes essentially com-munication.
During the days after the United States in-vasion of Iraq all means of communication in Baghdad were destroyed. This left many families, friends, and loved ones to wonder what had become of the people of Baghdad. In the days following the invasion, recogniz-ing the need to communicate, a few Iraqi entrepreneurs invested in a mobile satellite Internet receiver. Along with a store front and the necessary computers, this became Baghdad’s only Internet café. Iraqi citizens now use this café to broadcast the conditions of Baghdad’s condition as well as to contact their family members to let them know that they are safe (“In Baghdad, Rebuilding the Net,” 2005). Connecting the Iraqi people with the outside world and to their families would not have been possible without this constructive means of information warfare.
A third constructive means of information warfare is the identification of potential ter-rorists and criminals. National security has become an all important task. Since the September 11th attacks, the U.S. govern-ment has been seeking means of ensuring that it is safe from terrorist plots. One method of achieving this goal is to use in-formation warfare to seek out and identify those that would commit acts of terror. This can be done by comparing information that has been collected by national agencies. Comparing such data as flight records, citi-zenship status, lists of known criminals and background checks software applications can find commonalities that may have gone un-noticed.
One such piece of software that is used to identify potential terrorists is Matrix, an ap-plication that pulls data from many data-bases. The power of Matrix was most strik-ingly displayed when it identified common ties between all of the September 11th high-jackers after the fact. Matrix is now used in many airports to identify individuals that may pose a threat to security (“LexisNexis buys counterterror software maker,” 2005). Another means of distributing information to help identify terrorists and aid in law en-forcement is the National Homeland Security Network. This network allows many of the U.S. government’s agencies such as the De-partment of Homeland Security, the Federal Bureau of Investigation and the Central In-telligence Agency to share information they have gathered in order to prevent terrorist attacks (Swartz, 2004). The prevention of terror that this means of information warfare provides is not only constructive but actually prevents destructive means of physical war-fare.
Yet another means of information warfare is the electronic verification of documents. Counterfeit documents present an immense problem for those that rely on the use of physical documents for verifying identity. Despite advances in the technology used to produce identification documents, counter-feiting technology has managed to adapt and change its methods. Electronic verifica-tion of documents presents an impasse for counterfeiters. A copy of the original docu-ment is obtained electronically and displayed to verify documents authenticity. Counter-feit documents can be easily recognized and confiscated.
The most effective instance of electronic document verification has been developed and is now used in American airports. As a foreign visitor enters an airport in the United States, the identification documents they provide are electronically verified. A picture of the electronic document is displayed for airport personnel to verify the authenticity of the documents. This verification process allows airport authorities to inspect identifi-cation documents for counterfeiting such as altered photographs and inconsistent infor-mation. Preventing those with counterfeit identification documents helps to keep out terrorists and other threats to national secu-rity (Mangaliman, 2005). The electronic verification of documents is certainly a posi-tive use of information warfare that protects the masses from those who would use them to aid terror and crime.
A final means of information warfare is elec-tronic law enforcement. Through the use of information warfare electronic sting opera-tions can be performed by law enforcement agencies. The ability to perform such covert operations allows local and federal law en-forcement agencies to catch criminals whose crimes might otherwise be beyond the scope of law enforcement officials.
The most important use of information war-fare to apprehend electronic criminals in the United States was Operation Web Snare. During the course of Operation Web Snare federal law enforcement agencies placed decoy targets that were sure to attract elec-tronic criminals in cyberspace. As attacks on the targets were made, law enforcement officials tracked down the attackers and brought charges against them. Several hundred electronic criminals were charged for their crimes who would otherwise have continued to commit crimes unbeknownst to law enforcement (O’Rourke, 2004). Opera-tion Web Snare displayed the positive use of information warfare as a tool to apprehend electronic criminals.
Conclusions
As with so many other issues that involve new technologies and change, information warfare has proven to have two sides to its coin. The threat of viruses proves to be costly economically. DDoS attacks also stand to prevent the technology that world depends on in its daily live to be disrupted which is at times a monumental inconven-ience. Far greater a threat than either of these negative uses of information technol-ogy is the prospect of an attack on an indus-trial control system which could not only in-convenience the masses but cause the loss of vital resources needed to live such as electricity and water.
Yet along with such negative uses, informa-tion warfare also offers many positive out-comes. One such outcome is the organiza-tion of grassroots movements which need to harness the power of information warfare to level the playing field against their colossal foes. Another positive is the ability to com-municate no matter what the conditions, which is very valuable. Perhaps the most valuable positive of information technology is to protect the world from those that would do it harm by means either electronically or otherwise through the use of information warfare as a law enforcement tool. Despite the typically destructive nature of informa-tion warfare through methods such as DDoS attacks, Viruses and attacks on industrial control systems, the use of information war-fare for positive purposes such as the or-ganization of grassroots movements, com-munication during wartime and law en-forcement confirms information warfare’s status as a tool that can be used for positive as well as destructive ends.
References
Accion Zapatista de Austin (2005) “Neoliberalism: Zapatismo in Cyberspace,” Zapatismo, March 2005, Available at http://studentorgs.utexas.edu/nave/cyber.html
Acohido, B. (2005) "Hacktivists Protest War by Attacking Web Sites," USA TODAY, March 2005, Available at http://www.usatoday.com/money/world/iraq/2003-03-25-hacktivism_x.htm
Bryan-Low, C. (2004) “Growing Number of Hackers Attack Web Sites for Cash,” Wall Street Journal, 30 November 2004, p. A1, 2004.
Dougherty, J. (2005) "Report warned power vulnerable to terror," WorldNetDaily.com, March 2005, Available at http://www.wnd.com/news/article.asp?ARTICLE_ID=34212
"FBI Concerned about Threat of Terror-Induced Blackouts" (2005) CNN News, March 2005, Available at http://www.cnn.com/2003/ALLPOLITICS/09/04/blackout.hearing/
“In Baghdad, Rebuilding the Net” (2005) USA Today, March 2005, Available at http://www.usatoday.com/tech/world/2003-05-23-baghdad-online_x.htm
“LexisNexis buys Counterterror Software Maker” (2005) Sun-Sentinel, March 2005, Available at http://search.ep.com/login.aspx?direct=true&db=nfh&an=2w6335931
MacKinnon, R. (2005) "Hermit Hackers," Foreign Policy, March 2005, Available at http://search.epnet.com/login.aspx?direct=true&db=aph&an=8800024323
Mangaliman, J. (2005) “INS’ Ziglar Unveils New Airport Security Computers that Track Foreign Visitors,” San Jose Mercury News, March 2005, Available at http://search.epnet.com/login.aspz?direct=true&db=ngh&an=2w7084115
"’Miserable Failure’ Links to Bush" (2005) BBC NEWS, March 2005, Available at http://news.bbc.co.uk/2/hi/americas/3298443.stm
O’Rourke, M. (2004) “Operation Web Snare,” Risk Management, November 2004, Vol. 51, Is-sue 11, p. 8, 2004.
Sturgeon, W. (2005) "Gay Porn Hackers Strike Italian Politics," Silicon.com, March 2005, Available at http://software.silicon.com/malware/0,3800003100,39126103,00.htm
Swartz, N. (2004) “U.S. Anti-Terrorism Network Enables Data Sharing,” Information Manage-ment Journal, June 2004, Vol. 38, Issue 3, p. 12, 2004.
Vogelstein, F. (2004) “Why Hackers Are a Giant Threat to Microsoft’s Future,” Fortune, Issue 8, p. 263, 2004.
Brandon Himes
bchim11@sru.edu
Patricia A. Joseph
patricia.joseph@sru.edu
Computer Science Department, Slippery Rock University
Slippery Rock, PA 16057, USA
Abstract
Information warfare is the use of information as an instrument of war. Information warfare is a relatively new topic. The development of new technologies such as broadband Internet ac-cess, wireless networking, and the dependence of governments and businesses on the func-tionality of the Internet has been a catalyst for information warfare. Information warfare can take many forms. Some are purely destructive such as Distributed Denial of Service (DDoS) attacks and the creation of viruses, but other methods of information warfare resemble normal use of the Internet such as organizing groups and disseminating information. Although infor-mation warfare is typically destructive and is mostly used for terrorism or crime, it can also be used as a powerful, constructive tool that empowers law enforcement and grassroots move-ments.
Keywords: Leading Edge Technologies, Networks, Security.
Introduction
Information warfare is the use of information as an instrument of war. Information war-fare is a relatively new topic. The develop-ment of new technologies such as broadband Internet access, wireless networking, and the dependence of governments and busi-nesses on the functionality of the Internet has been a catalyst for information warfare. Information warfare can take many forms. Some are purely destructive such as Distrib-uted Denial of Service (DDoS) attacks and the creation of viruses, but other methods of information warfare resemble normal use of the Internet such as organizing groups and disseminating information. Although infor-mation warfare is typically destructive and is mostly used for terrorism or crime, it can also be used as a powerful, constructive tool that empowers law enforcement and grass-roots movements.
Methods of Information Warfare
A first destructive method of information warfare is called “Google bombing.” A Google bomb is a tactic used to alter the search results of the Internet’s most prolific search engine, Google. A Google bomb is created by Internet users--often bloggers or message board users--posting links to the web site of their victim and titling their link with the desired search phrase they would like that page to appear on. When Google crawls the web to generate its search re-sults, each instance of the aforementioned hyperlink raises the rank of the victim’s page on Google’s search results. In order to en-sure that the victim’s web site will be the first result on Google, there must a large quantity of hyperlinks. This is why blogs and message boards are often utilized. Us-ers update information that appears on every page of their blog or on every post on a message board. This is an effective way to propagate the number of hyperlinks.
Although this tactic may not seem inherently destructive, it becomes so in the way it is typically used. Often the search terms are ad hominem attacks or slanderous speech against the victim of the Google bomb. One specific example of this is the G. W. Bush Google bomb. Due to the multitude of links posted to the White House’s online biogra-phy of George W. Bush that are titled “fail-ure,” the search results for that keyword bear a link to the biography as the first re-sult. Google has repeatedly defended the exploitation of its search results as an accu-rate representation of how other sites feel that a site should be categorized ("’Miserable Failure’ Links to Bush," 2005). This method of information warfare is not inherently de-structive. However, exploiting Google’s search results has little application other than to make disparaging references making it one of the ways that information warfare is used to destructive ends.
A second destructive method of information warfare is Distributed Denial of Service (DDoS) attacks. A DDoS attack is a varia-tion of a Denial of Service (DoS) attack. A DOS attack is when a user repeatedly re-quests data from a server in order to tie up all of the server’s resources until it is so overworked that it grinds to a halt. A DDoS attack is only different from a DoS attack in that it is a distributed attack. This means that many users simultaneously use up re-sources, making the attack much more ef-fective (Acohido, 2005). One instance of a DDoS attack being used for information war-fare was during post war period in Iraq, a DDoS attack was used to disable the Al Jazeera English language web site by regime sympathizers ("’Miserable Failure’ Links to Bush," 2005). Just as the majority of infor-mation warfare tactics are destructive, a DDoS attack is purely destructive.
A third type of information warfare that is potentially very destructive is attacks on industrial control systems. Since many in-dustrial control systems such as the electri-cal power, water, telephone and television systems are now run by computers that can be controlled remotely via the Internet (Dougherty, 2005), this means that these systems are vulnerable to attack from the Internet. Such an attack was thought to have taken place during the blackout that left parts of Canada and the eastern United States without power. Though after a thor-ough investigation by the FBI it was found that the blackout was in fact not caused by an attack but by a failure in the system it-self. This does not discount the fear that such an attack could take place. After the conclusion of the FBI investigation, the re-port warned that such an attack is a possibil-ity that we must defend against with vigi-lance ("FBI Concerned about Threat of Ter-ror-Induced Blackouts," 2005). Attacks on industrial control systems present a real danger to the population they service and represent the most dangerous of the threats of information warfare.
A fourth threat posed by information warfare is the threat of highly trained mercenaries capable of launching an arsenal of informa-tion warfare attacks. Though even an ama-teur attacker can cause damage using in-formation warfare and only basic techniques, the greater threat is from those trained and experienced in using information warfare to cause damage. The prospect of information warfare mercenaries is very real and there are documented cases both domestically and abroad. One such case is that of Jay R. Echouafni, who was investigated by the FBI and was found to have hired a mercenary to use a variety of information warfare attack against his business competitors (Bryan-Low, 2004). Yet another, more frightening, example of information warfare mercenaries being used en masse is that of North Korea. South Korea, concerned about the potential of an information warfare attack, investi-gated reports that North Korea had estab-lished a school for the training of information warriors (MacKinnon, 2005).
The findings of this investigation were sur-prising given the relatively low amount of cutting edge technology in North Korea. South Korea’s investigation found that North Korea had established an “Automated War-fare Institute” and that it trained 100 highly specialized information warriors a year (MacKinnon, 2005). The threat of a highly trained army of information warriors is one of the grimmest threats that information warfare poses. The fact that this army is trained in North Korea expresses the true threat that information warfare poses. North Korea does not supply its own Internet access, have very advanced technology, or even have reliable electrical grids, yet it is capable of producing information warriors. What can be expected of more advanced countries who take initiative to participate in information warfare? Though an army of information warriors trained to defend could possibly have constructive application, the only instances of trained information warri-ors have been used for purely destructive purposes, posing a great threat to their ad-versaries.
A fifth threat of information warfare is the creation of viruses. Viruses are malicious code written expressly for the purpose of penetrating security and causing damage. Viruses are the oldest form of information warfare and therefore are the threat that the general population is most equipped to deal with. There are many companies that pro-duce anti-virus software that is used to de-fend users against such attacks. Some ex-amples are Norton, McAfee and others. De-spite this, viruses cannot be completely de-fended against and as a consequence they often cause large amounts of damage.
Some of the most destructive viruses ever devised are Sasser (2004), Blaster (2003), and Nimda (2001) which caused 3.5 billion, 1.5 billion, and 1.5 billion dollars worth of damage, respectively (Vogelstein, 2004). Viruses are probably the most common type of attack used in information warfare. It is common for viruses to be used only for the purpose of terrorism. They are seldom used on one group or another, but rather are re-leased on the general population to cause damage. Microsoft, whose products are the target of many viruses, often has offered a reward for any information leading to the author of the virus being brought to justice. This is seldom effective because frequently viruses are launched from geographic areas where the United States holds no authority. Viruses are certainly a destructive and threatening means of information warfare.
A sixth type of information warfare, and perhaps the most serving to the warrior’s cause, is hacktivism. Hacktivism is a com-pound of “hacking” and “activism”. Hacktiv-ism utilizes many other means of informa-tion warfare but tends to center more on web sites as the goal of hacktivism is to be as public as possible in order to influence the feelings and opinions of others. Hacktivists often uncover passwords or manipulate web servers in order to deface the website of their victim in order to put their message into the public eye. Hacktivism also includes other means by which to convey the mes-sage of the hacktivist’s ideology.
Information Warfare Activities
One recent example of hacktivism took place in Italy. The Italian legislature made a deci-sion that many homosexuals felt infringed on their rights. Hacktivist sympathizers at-tacked the Italian government by planting a backdoor Trojan virus into the government’s computer network (Sturgeon, 2005). A “backdoor Trojan virus” works by putting seemingly innocuous code onto a machine then once the code is inside the code changes to become malicious. A “backdoor” virus is one that, once inside a system opens a security hole that allows a remote user to perform a multitude of actions on the user’s machine without the user’s consent. The Italian hacktivists used this backdoor to cause homosexual pornography to play on the screens of all of the computers on the Italian government’s computers (Sturgeon, 2005). Although hacktivism can certainly be used to destructive ends, it is not nearly as costly as other means of information warfare and is seldom used for terrorist ends.
Unlike the preceding types of information warfare a seventh type of information war-fare, using the Internet to organize and communicate with supporters is almost al-ways a constructive act. The Internet en-ables large, geographically dispersed groups to organize, plan and coordinate their efforts to achieve the group’s goals. This is one of the reasons that the Internet was created. While its peacetime applications were origi-nally envisioned at its creation, the Internet has many applications in communication and administration in wartime.
A group that uses the Internet to coordinate their side of a conflict is the Zapatista movement in Mexico. The Zapatistas are a group of indigenous people of Chiapas, Mex-ico. They have been in a long and violent conflict with the Mexican government over a dispute about the ownership of their land. The Mexican government has attempted many times to forcefully remove the Zapa-tistas from the land in question with little to no success due to the heavy military resis-tance of the men, women and children of the Zapatista (Accion Zapatista de Austin, 2005). However, realizing that time was on the side of the Mexican government, the Za-patista decided that they would need a bet-ter consolidated force and the opinion of the world on their side if they were to win the conflict. In order to do this the Zapatista moved their organization into cyberspace. The Zapatista web site helps convey infor-mation and organize the movements of the Zapatista while also telling the world of their righteous struggle to keep their ancestor’s lands (Accion Zapatista de Austin, 2005). This method of information warfare is not destructive to the enemy, unlike those that preceded it, but it is constructive and posi-tive in any light.
Computer Network Security
Closely related to organizing support and another means of information warfare that is constructive is basic communication. This method of information warfare is the es-sence of the Internet. What is the Internet if not a means of communicating informa-tion?
Communication, when considered in the con-text of war, is a means of information war-fare. Often a military action will attempt to isolate an area, preventing it from communi-cating from the rest of the world. Informa-tion warfare then becomes essentially com-munication.
During the days after the United States in-vasion of Iraq all means of communication in Baghdad were destroyed. This left many families, friends, and loved ones to wonder what had become of the people of Baghdad. In the days following the invasion, recogniz-ing the need to communicate, a few Iraqi entrepreneurs invested in a mobile satellite Internet receiver. Along with a store front and the necessary computers, this became Baghdad’s only Internet café. Iraqi citizens now use this café to broadcast the conditions of Baghdad’s condition as well as to contact their family members to let them know that they are safe (“In Baghdad, Rebuilding the Net,” 2005). Connecting the Iraqi people with the outside world and to their families would not have been possible without this constructive means of information warfare.
A third constructive means of information warfare is the identification of potential ter-rorists and criminals. National security has become an all important task. Since the September 11th attacks, the U.S. govern-ment has been seeking means of ensuring that it is safe from terrorist plots. One method of achieving this goal is to use in-formation warfare to seek out and identify those that would commit acts of terror. This can be done by comparing information that has been collected by national agencies. Comparing such data as flight records, citi-zenship status, lists of known criminals and background checks software applications can find commonalities that may have gone un-noticed.
One such piece of software that is used to identify potential terrorists is Matrix, an ap-plication that pulls data from many data-bases. The power of Matrix was most strik-ingly displayed when it identified common ties between all of the September 11th high-jackers after the fact. Matrix is now used in many airports to identify individuals that may pose a threat to security (“LexisNexis buys counterterror software maker,” 2005). Another means of distributing information to help identify terrorists and aid in law en-forcement is the National Homeland Security Network. This network allows many of the U.S. government’s agencies such as the De-partment of Homeland Security, the Federal Bureau of Investigation and the Central In-telligence Agency to share information they have gathered in order to prevent terrorist attacks (Swartz, 2004). The prevention of terror that this means of information warfare provides is not only constructive but actually prevents destructive means of physical war-fare.
Yet another means of information warfare is the electronic verification of documents. Counterfeit documents present an immense problem for those that rely on the use of physical documents for verifying identity. Despite advances in the technology used to produce identification documents, counter-feiting technology has managed to adapt and change its methods. Electronic verifica-tion of documents presents an impasse for counterfeiters. A copy of the original docu-ment is obtained electronically and displayed to verify documents authenticity. Counter-feit documents can be easily recognized and confiscated.
The most effective instance of electronic document verification has been developed and is now used in American airports. As a foreign visitor enters an airport in the United States, the identification documents they provide are electronically verified. A picture of the electronic document is displayed for airport personnel to verify the authenticity of the documents. This verification process allows airport authorities to inspect identifi-cation documents for counterfeiting such as altered photographs and inconsistent infor-mation. Preventing those with counterfeit identification documents helps to keep out terrorists and other threats to national secu-rity (Mangaliman, 2005). The electronic verification of documents is certainly a posi-tive use of information warfare that protects the masses from those who would use them to aid terror and crime.
A final means of information warfare is elec-tronic law enforcement. Through the use of information warfare electronic sting opera-tions can be performed by law enforcement agencies. The ability to perform such covert operations allows local and federal law en-forcement agencies to catch criminals whose crimes might otherwise be beyond the scope of law enforcement officials.
The most important use of information war-fare to apprehend electronic criminals in the United States was Operation Web Snare. During the course of Operation Web Snare federal law enforcement agencies placed decoy targets that were sure to attract elec-tronic criminals in cyberspace. As attacks on the targets were made, law enforcement officials tracked down the attackers and brought charges against them. Several hundred electronic criminals were charged for their crimes who would otherwise have continued to commit crimes unbeknownst to law enforcement (O’Rourke, 2004). Opera-tion Web Snare displayed the positive use of information warfare as a tool to apprehend electronic criminals.
Conclusions
As with so many other issues that involve new technologies and change, information warfare has proven to have two sides to its coin. The threat of viruses proves to be costly economically. DDoS attacks also stand to prevent the technology that world depends on in its daily live to be disrupted which is at times a monumental inconven-ience. Far greater a threat than either of these negative uses of information technol-ogy is the prospect of an attack on an indus-trial control system which could not only in-convenience the masses but cause the loss of vital resources needed to live such as electricity and water.
Yet along with such negative uses, informa-tion warfare also offers many positive out-comes. One such outcome is the organiza-tion of grassroots movements which need to harness the power of information warfare to level the playing field against their colossal foes. Another positive is the ability to com-municate no matter what the conditions, which is very valuable. Perhaps the most valuable positive of information technology is to protect the world from those that would do it harm by means either electronically or otherwise through the use of information warfare as a law enforcement tool. Despite the typically destructive nature of informa-tion warfare through methods such as DDoS attacks, Viruses and attacks on industrial control systems, the use of information war-fare for positive purposes such as the or-ganization of grassroots movements, com-munication during wartime and law en-forcement confirms information warfare’s status as a tool that can be used for positive as well as destructive ends.
References
Accion Zapatista de Austin (2005) “Neoliberalism: Zapatismo in Cyberspace,” Zapatismo, March 2005, Available at http://studentorgs.utexas.edu/nave/cyber.html
Acohido, B. (2005) "Hacktivists Protest War by Attacking Web Sites," USA TODAY, March 2005, Available at http://www.usatoday.com/money/world/iraq/2003-03-25-hacktivism_x.htm
Bryan-Low, C. (2004) “Growing Number of Hackers Attack Web Sites for Cash,” Wall Street Journal, 30 November 2004, p. A1, 2004.
Dougherty, J. (2005) "Report warned power vulnerable to terror," WorldNetDaily.com, March 2005, Available at http://www.wnd.com/news/article.asp?ARTICLE_ID=34212
"FBI Concerned about Threat of Terror-Induced Blackouts" (2005) CNN News, March 2005, Available at http://www.cnn.com/2003/ALLPOLITICS/09/04/blackout.hearing/
“In Baghdad, Rebuilding the Net” (2005) USA Today, March 2005, Available at http://www.usatoday.com/tech/world/2003-05-23-baghdad-online_x.htm
“LexisNexis buys Counterterror Software Maker” (2005) Sun-Sentinel, March 2005, Available at http://search.ep.com/login.aspx?direct=true&db=nfh&an=2w6335931
MacKinnon, R. (2005) "Hermit Hackers," Foreign Policy, March 2005, Available at http://search.epnet.com/login.aspx?direct=true&db=aph&an=8800024323
Mangaliman, J. (2005) “INS’ Ziglar Unveils New Airport Security Computers that Track Foreign Visitors,” San Jose Mercury News, March 2005, Available at http://search.epnet.com/login.aspz?direct=true&db=ngh&an=2w7084115
"’Miserable Failure’ Links to Bush" (2005) BBC NEWS, March 2005, Available at http://news.bbc.co.uk/2/hi/americas/3298443.stm
O’Rourke, M. (2004) “Operation Web Snare,” Risk Management, November 2004, Vol. 51, Is-sue 11, p. 8, 2004.
Sturgeon, W. (2005) "Gay Porn Hackers Strike Italian Politics," Silicon.com, March 2005, Available at http://software.silicon.com/malware/0,3800003100,39126103,00.htm
Swartz, N. (2004) “U.S. Anti-Terrorism Network Enables Data Sharing,” Information Manage-ment Journal, June 2004, Vol. 38, Issue 3, p. 12, 2004.
Vogelstein, F. (2004) “Why Hackers Are a Giant Threat to Microsoft’s Future,” Fortune, Issue 8, p. 263, 2004.
Monday, October 10, 2005
While I was in Florida there were some goings-on in Ohio
I went to Florida with the Fraser family this weekend to attend Lindsay's Uncle Bill's wedding. I had a lot of fun and finally got to meet her "Munga" (grandma) who lives in Florida. It was a nice wedding. The ceremony took place at the Vinoy in St. Petersburg.
Back north in Ohio at about the same time a paper that I wrote about information warfare (abstract 3343) was being presented at the Information Systems Education Conference. I wrote this paper last spring and at the professor's request I gave permission for have it submitted for publication. Originally the conference was to be held in New Orleans, but that didn't work out for obvious reasons. I wasn't able to attend but the professor who submitted my paper was kind enough to present my paper in my absence.
When I arrived home last night (around midnight) I immediately finished some homework and went straight to bed, forgetting about the conference completely. However, when I arrived to my first class today my professor (who also attended the conference) congratulated me on my award. I didn't find out until my 1:00 class that my paper was awarded best student paper at the conference. I was shocked, to say the least. Somehow, class wasn't as hard to get though as I had anticipated, but I am running on "E" from all of the here and there associated with my trip this weekend. Luckily tomorrow is a "professional development" day which means that my class will not be held. I'll still have to show up for work in the computer lab, but then again I can't really call the computer lab "work".
Things seemed pretty dire when I got home so late last night, but they're looking up now. As always I apologize that I've been so long since posting. I have considerably less free time this year than I have had in years past. I'm considering leaving a job. By considering, I really mean counting the days pending some miracle. Anyhow more to come soon including a birthday list which I realize I am procrastinating on. Love ya all and I look forward to seeing everyone soon.
Back north in Ohio at about the same time a paper that I wrote about information warfare (abstract 3343) was being presented at the Information Systems Education Conference. I wrote this paper last spring and at the professor's request I gave permission for have it submitted for publication. Originally the conference was to be held in New Orleans, but that didn't work out for obvious reasons. I wasn't able to attend but the professor who submitted my paper was kind enough to present my paper in my absence.
When I arrived home last night (around midnight) I immediately finished some homework and went straight to bed, forgetting about the conference completely. However, when I arrived to my first class today my professor (who also attended the conference) congratulated me on my award. I didn't find out until my 1:00 class that my paper was awarded best student paper at the conference. I was shocked, to say the least. Somehow, class wasn't as hard to get though as I had anticipated, but I am running on "E" from all of the here and there associated with my trip this weekend. Luckily tomorrow is a "professional development" day which means that my class will not be held. I'll still have to show up for work in the computer lab, but then again I can't really call the computer lab "work".
Things seemed pretty dire when I got home so late last night, but they're looking up now. As always I apologize that I've been so long since posting. I have considerably less free time this year than I have had in years past. I'm considering leaving a job. By considering, I really mean counting the days pending some miracle. Anyhow more to come soon including a birthday list which I realize I am procrastinating on. Love ya all and I look forward to seeing everyone soon.
