The National Academies Press

Currently Skimming:

4 An Intelligence Community Perspective on Cyberattack and Cyberexploitation
Pages 188-199

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.

From page 188... ... 4.1 Intelligence Collection and Analysis 4.1.1 Governing Principles In the domain of national security, intelligence is useful for both tactical and strategic purposes. Tactical intelligence is useful to the military services, because it provides advantages on the battlefield against adversary forces through direct support to operational commanders in areas such as reconnaissance, mapping, and early warning of adversary force movements or other actions. Read the entire page →
From page 189... ... serves foreign policy, national security, and national economic objectives. National intelligence focuses on foreign political and economic events and trends; strategic military concerns such as plans, doctrine, and scientific and technical resources; weapons system capabilities; and nuclear program development. Read the entire page →
From page 190... ... 4.1.2 How Cyberexploitation Might Be Used to Support Intelligence Collection Some tools for intelligence collection are based on the clandestine installation of a software or hardware agent into an adversary computer system or network. Once installed, the functionality of the agent for intelligence collection depends only on its ability to route information back to its controller, however circuitous or opaque that route might be. Read the entire page →
From page 191... ... An intelligence collection operation is launched to exploit a flaw in the operating system of the server that handles the soccer team's website, and installs a Trojan horse program as a modification of an existing videoclip. When the director views the clip, the clip is downloaded to his hard drive, and when his desktop search program indexes the file, the Trojan horse is launched. The collection payload then searches the local hard drive for evidence suggesting that the user is in fact the director. Read the entire page →
From page 192... ... At first, these Trojan horses are programmed to send back to Zendian intelligence confidential business information about the Ruritanian bid; this information is subsequently shared with the Zendian negotiating team. Later, as the deadline for each side's best and final bid approaches, the second function of the Trojan horses is activated, and they proceed to subtly alter key data files associated with the Ruritanian proposal that will disadvantage the firm when the proposals are compared side by side. (Note that these cyber offensive actions combine cyberexploitation with the installation of a capability for subsequent cyberattack.) Read the entire page →
From page 193... ... Classic examples of covert action include providing weapons or funding to a favored party in a conflict, supporting agents to influence political affairs in another nation, engaging in psychological warfare, disseminating disinformation about a disfavored party, or deceiving a disfavored party. Specific actions that could be undertaken under the rubric of covert action include: • Funding opposition journalists or newspapers that present negative images of a disfavored party in power; • Paying intelligence agents or party members to make public statements favorable to U.S. Read the entire page →
From page 194... ... Nevertheless, covert action -- whether it involves computers or not -- is subject to the findings and notification process specified by law. In addition, it is entirely conceivable that activities originally intended to be outside the statutory definition of covert action will evolve over time into such action, at which time the findings mechanism is supposed to be invoked. Read the entire page →
From page 195... ... The intent of U.S. doctoring was "to disrupt the Soviet gas supply, its hard currency earnings from the West, and the internal Russian economy," and to support this goal, "the pipeline software that was to run the pumps, turbines, and valves was programmed to go haywire after a decent interval to reset pump speeds and valve settings to produce pressures far beyond those acceptable to pipeline joints and welds." Soviet use of the doctored software allegedly caused a large explosion in a Siberian natural gas pipeline. Read the entire page →
From page 196... ... U.S intelligence operatives conduct a cyberattack against the Zendian Social Services Agency by compromising employees of the agency, using the USB flash drive technique described above. Obtaining access to the Social Services Agency databases, the United States corrupts the pension records of many millions of people in the country. Read the entire page →
From page 197... ... The United States launches cyberattacks against a dozen key scientific leaders in this network to harass and discredit them. These cyberattacks plant false adverse information into their security dossiers, insert driving-under-the-influence-of-drugs/alcohol incidents into their driving records, alter their credit records to show questionable financial statuses, change records of bill payments to show accounts in arrears, and falsify telephone records to show patterns of contact with known Zendian criminals and subversives. Discrediting these individuals throws the program into chaos. Read the entire page →
From page 198... ... Hints of possible interest in the value of cyberattack for the intelligence community can be found in the testimony of Director of National Intelligence J Michael McConnell to the Senate Select Committee on 10 Although such actively destructive actions have not, to the committee's knowledge, been taken to benefit U.S. Read the entire page →
From page 199... ... 11 J Michael McConnell, "Annual Threat Assessment of the Director of National Intelligence for the Senate Select Committee on Intelligence," February 5, 2008, available at http:// intelligence.senate.gov/080205/mcconnell.pdf. Read the entire page →

From page 188...

... 4.1 Intelligence Collection and Analysis 4.1.1 Governing Principles In the domain of national security, intelligence is useful for both tactical and strategic purposes. Tactical intelligence is useful to the military services, because it provides advantages on the battlefield against adversary forces through direct support to operational commanders in areas such as reconnaissance, mapping, and early warning of adversary force movements or other actions.

Read the entire page →

From page 189...

... serves foreign policy, national security, and national economic objectives. National intelligence focuses on foreign political and economic events and trends; strategic military concerns such as plans, doctrine, and scientific and technical resources; weapons system capabilities; and nuclear program development.

Read the entire page →

From page 190...

... 4.1.2 How Cyberexploitation Might Be Used to Support Intelligence Collection Some tools for intelligence collection are based on the clandestine installation of a software or hardware agent into an adversary computer system or network. Once installed, the functionality of the agent for intelligence collection depends only on its ability to route information back to its controller, however circuitous or opaque that route might be.

Read the entire page →

From page 191...

... An intelligence collection operation is launched to exploit a flaw in the operating system of the server that handles the soccer team's website, and installs a Trojan horse program as a modification of an existing videoclip. When the director views the clip, the clip is downloaded to his hard drive, and when his desktop search program indexes the file, the Trojan horse is launched. The collection payload then searches the local hard drive for evidence suggesting that the user is in fact the director.

Read the entire page →

From page 192...

... At first, these Trojan horses are programmed to send back to Zendian intelligence confidential business information about the Ruritanian bid; this information is subsequently shared with the Zendian negotiating team. Later, as the deadline for each side's best and final bid approaches, the second function of the Trojan horses is activated, and they proceed to subtly alter key data files associated with the Ruritanian proposal that will disadvantage the firm when the proposals are compared side by side. (Note that these cyber offensive actions combine cyberexploitation with the installation of a capability for subsequent cyberattack.)

Read the entire page →

From page 193...

... Classic examples of covert action include providing weapons or funding to a favored party in a conflict, supporting agents to influence political affairs in another nation, engaging in psychological warfare, disseminating disinformation about a disfavored party, or deceiving a disfavored party. Specific actions that could be undertaken under the rubric of covert action include: • Funding opposition journalists or newspapers that present negative images of a disfavored party in power; • Paying intelligence agents or party members to make public statements favorable to U.S.

Read the entire page →

From page 194...

... Nevertheless, covert action -- whether it involves computers or not -- is subject to the findings and notification process specified by law. In addition, it is entirely conceivable that activities originally intended to be outside the statutory definition of covert action will evolve over time into such action, at which time the findings mechanism is supposed to be invoked.

Read the entire page →

From page 195...

... The intent of U.S. doctoring was "to disrupt the Soviet gas supply, its hard currency earnings from the West, and the internal Russian economy," and to support this goal, "the pipeline software that was to run the pumps, turbines, and valves was programmed to go haywire after a decent interval to reset pump speeds and valve settings to produce pressures far beyond those acceptable to pipeline joints and welds." Soviet use of the doctored software allegedly caused a large explosion in a Siberian natural gas pipeline.

Read the entire page →

From page 196...

... U.S intelligence operatives conduct a cyberattack against the Zendian Social Services Agency by compromising employees of the agency, using the USB flash drive technique described above. Obtaining access to the Social Services Agency databases, the United States corrupts the pension records of many millions of people in the country.

Read the entire page →

From page 197...

... The United States launches cyberattacks against a dozen key scientific leaders in this network to harass and discredit them. These cyberattacks plant false adverse information into their security dossiers, insert driving-under-the-influence-of-drugs/alcohol incidents into their driving records, alter their credit records to show questionable financial statuses, change records of bill payments to show accounts in arrears, and falsify telephone records to show patterns of contact with known Zendian criminals and subversives. Discrediting these individuals throws the program into chaos.

Read the entire page →

From page 198...

... Hints of possible interest in the value of cyberattack for the intelligence community can be found in the testimony of Director of National Intelligence J Michael McConnell to the Senate Select Committee on 10 Although such actively destructive actions have not, to the committee's knowledge, been taken to benefit U.S.

Read the entire page →

From page 199...

... 11 J Michael McConnell, "Annual Threat Assessment of the Director of National Intelligence for the Senate Select Committee on Intelligence," February 5, 2008, available at http:// intelligence.senate.gov/080205/mcconnell.pdf.

Read the entire page →

← Previous Chapter Skim

Next Chapter Skim →

This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More information on Chapter Skim is available.

4 An Intelligence Community Perspective on Cyberattack and Cyberexploitation Pages 188-199

4 An Intelligence Community Perspective on Cyberattack and Cyberexploitation
Pages 188-199