home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
WINMX Assorted Textfiles
/
Ebooks.tar
/
Text - Society - Anarchy - Report on Threat from Low-Energy RF Weapons.txt
< prev
next >
Wrap
Text File
|
2003-07-06
|
18KB
|
280 lines
Statement by
Victor Sheymov
ComShield Corporation
before the
Joint Economic Committee
United States Congress
Wednesday, May 20, 1998
"The Low Energy Radio Frequency Weapons Threat to Critical Infrastructure"
[------------------------------------------------------------]
Mr. Chairman, members of the Committee,
I thank you for your concern and attention to the problem of
terrorism, to the potential exploit of latest technological achievements of
this country by terrorists and other criminal groups. I also would like to
thank you for this opportunity to bring attention to a potentially dangerous
and costly impact of the possible use of radio frequency (RF) weapons by
terrorists and criminals. Special uses of RF technology were a major part of
my 27 years of involvement in intelligence, security, and technology
matters, and I would like to share my knowledge and experience into this are
which is often misunderstood and largely ignored. I have somewhat split
responsibility in this open hearing: I want to shed some light on the
problem but, at the same time, to avoid revealing crucial information to the
terrorists who undoubtedly are tuned in.
Within the wide ranging means of Information Warfare (IW), one of the
prominent places belongs to IW attacks on computers and computer-based
equipment. Leaving physical destruction of computers aside, the IW attacks
on computers could be classified as attacks through legitimate gateways of
the computer such as the modem and the keyboard (software attacks), and
attacks through other than legitimate gateways (backdoor attacks). At the
current technological level, backdoor attacks can be carried out mainly by
utilizing radio frequency (RF) technology and thus can be classified as RF
attacks.
Vulnerability of computers to software attacks is widely recognized,
and efforts with substantial funding are underway with the goal of
developing protective technology to neutralize such attacks. The backdoor
attacks, on the other hand, have little official recognition, and adequate
efforts to develop adequate protective technology do not seem to have taken
place.
One premise underlies many special applications of RF technology and
is based on a principal that any wire or electronic component is, in fact,
an unintended antenna, both transmitting and receiving. Importantly, every
such unintended antenna is particularly responsive to its specific resonance
frequency, and to some extent, to several related frequencies. It is not
responsive to all other frequencies under normal conditions. If an objective
is to eavesdrop on the device, then the EM emanations coming from
functioning components of the device are received by highly sensitive
receiving equipment and processed in order to duplicate information handled
by the device. If an objective is to influence the device's functioning,
then appropriate RF signals are transmitted to the targeted device. That RF
signal, being received by pertinent components of the device, would generate
a corresponding signal within the device. Producing and transmitting a
signal which would effectively control the targeted device through a "back
door" attack is an extremely difficult task that requires technology and
expertise available only in two or three countries is the world. At the same
time, producing and transmitting a signal which would just disrupt the
normal functioning of the target devise is a much simpler technological
task. It can be classified as a jamming "back door" attack, or jamming RF
attack. Conceivably, it can be done by a large number of parties.
Jamming RF attacks can utilize either high energy radio frequency
(HERF), or low energy radio frequency (LERF) technology. HERF is advanced
technology, practical applications of which are still being developed. It is
based on concentrating large amounts of RF EM energy in within a small
space, narrow frequency range and a very short period of time. The result of
such concentration is an overpowering RF EM impulse capable of causing
substantial damage to electronic components. The HERF impulse is strong
enough to damage electronics components irrespective of their specific
resonance frequencies.
LERF technology utilizes relatively low energy, which is spread over a
wide frequency spectrum. It can, however, be no less effective in disrupting
normal functioning of computers as the HERF due to high probability that its
wide spectrum contains frequencies matching resonance frequencies of
critical components. Generally, the LERF approach does not require time
compression, nor does it utilize high-tech components. This technology is
not new and well known, albeit to limited circles of experts in some exotic
subjects, such as Tempest protection. LERF impact on computers and computer
networks could be devastating. One of the dangerous aspects of a LERF attack
on a computer is that an unprotected computer would go into a "random output
mode". This simply means that it is impossible to predict what the computer
would do. The malfunction could differ from a single easily correctable
processing error to a total loss of its memory and operating system, to
giving a destructive command given to controlled by computer equipment.
Furthermore, differently from a simple computer failure, any level of
redundancy cannot solve the problem. This point is rarely realized by
computer users with the assumption that a back-up computer provides a
comfortable level of safety. This is certainly not true in regard to a LERF
attack.
U.S. military puts high priority on minimizing collateral damage and
applies high requirements to its weapons systems' accuracy. HERF weapons'
accuracy is relatively high, but it is not yet quite up to the military
requirements. But this certainly is not a deterrence for terrorists because
collateral damage is what they are usually after in the first place.
Considering known utilization of latest technology by terrorists and drug
cartels around the world, it is likely that HERF technology can be obtained
and used by these criminal enterprises in near time, possibly even before it
finds its wide acceptance within the military.
Differently from HERF, LERF weapons are notoriously inaccurate,
virtually by definition. LERF weapons' impact on computers is devastating
and highly indiscriminate. A very high percentage of computers within an
effective range of a utilized LERF weapon will malfunction. This is very
likely to make these weapons an attractive choice for terrorists. While HERF
weapons were substantially covered during this Committee hearing on this
subject in February of 1998, some details of LERF weapons seem to be worth
discussing.
Contrary to a popular belief, different kinds of LERF weapons have
already been used over the years, primarily in Eastern Europe. For instance,
during the Czechoslovakian invasion in 1968, the Soviet military received
advanced notice that Czechoslovakian anti-Communist activists had been wary
of relying on the telephone communications controlled by the government, and
prepared to use radio transceivers to communicate between their groups for
coordination of their resistance efforts. During the invasion Soviet
military utilized RF jamming aircraft from the Soviet air force base in
Stryi, Western Ukraine. The aircraft were flying over Czechoslovakia,
jamming all the radio spectrum, with the exception of a few narrow
pre-determined "windows" of RF spectrum utilized by the invading Soviet
army. This measure was successful, effectively nullifying communications
between the Czechoslovakian resistance groups.
Another example of a LERF attack was the KGB's manipulation of the
United States Embassy security system in Moscow in the mid-80s. This was
done in the course of the KGB operation against the Embassy which targeted
the U.S. marines there. The security system alarm was repeatedly falsely
triggered by the KGB's induced RF interference several times during the
night. This was an attempt to annoy and fatigue the marines and to cause the
turning of the "malfunctioning" system off.
Additional example of an RF attack was when the KGB used it to induce
fire in one of the equipment rooms in the U.S. Embassy in Moscow in 1977. A
malfunction was forced on a piece of equipment. It caught fire, which spread
over a sensitive area of the Embassy. The KGB tried to infiltrate its
bugging technicians into the sensitive area under the cover of the
firefighters who arrived immediately after the fire started. A similar event
occurred at the British embassy in Moscow several years earlier.
These examples illustrate a much more advanced use of RF technology
than a simple disruption of computers in a radius of several hundred yards
from the unleashed "RF bomb". An example of such a device was designed and
built by the KGB in late 70-s. The device was built for completely different
purpose and was not used to disrupt computers. However, its potential as an
"RF bomb" was clearly realized at the time. Its reference cost was within
one hundred dollars, size of about a shoe box, and it could be easily
assembled within two-three hours with general purpose tools and components
readily available in an average electrical store. The only obstacle on the
way of this technology to terrorists' arsenals is a know-how, fortunately
limited to a small number of experts in a few countries. However, some of
these experts are experiencing very difficult economic conditions in Russia.
On the other hand, a sizable cash offer tempting to these experts could come
from any of the well funded terrorist groups at any time. This situation
seems to indicate that relying on these two potentially explosive components
remaining separate from each other is less than wise.
Being a technological leader of the world, the United States has been
vulnerable to an RF attack more than any other country for some time. This
vulnerability significantly increased during last fifteen years with wide
utilization of computers in every aspect of this country's functioning. At
this time it is very difficult to find an area which would not rely heavily
on computers. In fact, this country is so dependent on computers that many
even vital functions cannot be performed manually. At the same time, it is
important to realize that all those computers performing important and vital
services are not protected from an RF attack. Areas like air traffic
control, commercial airliners, energy and water distribution systems, and
disaster and emergency response services represent attractive targets for
terrorists. At the same time these systems are totally open to an RF attack.
By the nature of computers and computer networks, the failure of one
sub-system would trigger a snow-balling effect with second, third, and
following chain failures. The full effect of such an event is difficult even
to predict, lest to neutralize, unless computers and computer networks are
reliably protected against RF weapons. A serious RF attack on critical
infrastructure would have an impact of national level with numerous losses
of life and incalculable economic damage. Besides the show-balling effect of
computer failures, there could be a crippling effect if RF weapons used in
concert with any other type of terrorist attack. Most of the responses to
other forms of terrorist attacks are designed with the assumption that the
computers of the response service are working and such functions as traffic
control are intact. With an additional RF attack, concerted with the primary
one, this assumption is not valid. Communications and transportation of the
response teams could be crippled with a tragic impact on rescue efforts.
Even a single limited and attack could have serious consequences. For
instance, an attack on computers of financial markets could have a
world-wide implications with losses easily reaching multi-billion levels.
In addition to intentional RF interference, current technological
developments lead to a problem of unintentional RF interference. Indeed,
with the speed of modern computers and their miniaturization advancing at a
rapid pace, their working frequency and sensitivity to RF emanations is also
increasing. This leads to unavoidable interference conflicts, some of which
have already shown themselves and led to an intermediary solution of
regulatory nature. For instance, even barely emanating electronic equipment
such as lap-top computers and electronic games needs to be turned off during
take-off and landing of commercial airliners.
Another aspect of offensive RF technology is its traditional
application in information intercept or eavesdropping. Traditionally, the
Soviet Union and Russia have placed high priority on the development and use
of this technology. Being one of the two "superpowers" in this area, Russia
considers its spending on RF offensive operations a very wise and profitable
investment.
Changes of last decade in Russia impacted the KGB, which has been
split into independent parts. The 8th and 16th Directorates, roughly
representing Russian equivalent of the NSA, became an independent agency,
the Federal Agency of Government Communications and Information (FAPSI, as a
Russian acronym). FAPSI is directly subordinate to the President of Russia.
In a wave of privatization, FAPSI was partially "privatized" as well. Some
of the leading FAPSI experts left the agency and founded private security
companies, taking best officers of all levels along. These companies cater
mainly to Russian private financial institutions and provide a wide range of
security services. They are fully capable of carrying out any defensive and
offensive operations with equal level of confidence.
The concentration of world-class experts on offensive electronic
operations in these few companies by far surpasses any private entity in the
world and exceeds capability of most governments. These experts can easily
intercept and provide to their clients virtually any commercial information
of any country. Commercially available means of electronic information
security present no practical difficulties for them. Intercept of commercial
and financial information could be extremely profitable and create the
capability to manipulate international financial markets as well as to carry
large scale international money-laundering operations with very limited
operational risk.
Financial success of these FAPSI private spin-off companies and high
earnings of their employees make them very attractive "golden parachutes"
for the remaining FAPSI officers. Combined with traditionally close ties,
this leads to continuing effective technological and personnel cooperation
between the FAPSI and these companies. At the same time, the end of the Cold
War somewhat shifted goals, objectives, and some targets of the FAPSI toward
a heavier emphasis on intercept of technological, commercial and financial
information. In this regard, some of the targets are easier to attack from a
position of a private company. This leads to a likely close operational
cooperation between the FAPSI and its private spin-off companies. The
private companies can provide the FAPSI with some of the products of their
intercept, while FAPSI can also share some of its products, along with
personnel and equipment, including its powerful and sophisticated
facilities, such as the Lourdes in Cuba, for a very productive long-range
intercept.
This situation can easily put American private business in a highly
unfavorable competitive position.
All of the above seems to demonstrate an urgent necessity to develop
technology for computer protection against both intentional and
unintentional RF interference, as well as against illegal intercept of
sensitive and proprietary information by foreign competitors. It can take a
few days to build a LERF weapon. It takes a few weeks or a few months to
establish a successful collection of information through RF intercept.
However, it should be realized that developing adequate computer protective
technology, even for limited applications, would take at least two years.
There seems to be a certain disconnect between appropriate U.S. technical
experts and political decision makers, who are ultimately responsible for
strategic course of technological efforts of this country. This disconnect
needs to be mended and coordinated efforts should take place for developing
protection of computers against RF attacks.
In conclusion, I would like to state that it seems that the question
that we are facing is not whether we need to develop adequate RF protective
technology or whether we can afford to protect our computers from possible
RF attacks. The real question is whether we can afford to not protect at
least critical infrastructure computers. The ultimate decision on this
dilemma is a prerogative of the United States Congress.
I would like to thank you again for your kind invitation to appear
before this Committee and for this opportunity to comment on a very
important matter.