300 N. Washington St.
Suite B-100
Alexandria, VA 22314

GlobalSecurity.org In the News

The Standard-Times May 02, 2005

Reservist warns of cyber warfare

By Curt Brown

DARTMOUTH -- An Army reservist who recently returned from duty in Iraq said he believes insurgents are using seemingly innocent e-mails and cyber warfare to plot their deadly attacks against U.S. interests in Iraq.

Staff Sgt. Daryn Gomes, 39, returned a few weeks ago from a tour of duty in Iraq, Kuwait and Bahrain. He said he feels confidential information such as troop movements, the departure of a supply detail or a simple base departure by an individual are gleaned from e-mails and used by insurgents to plot their activities.

His 10-month tour included a six-week assignment at Camp Victory, Baghdad, the nerve center of U.S. operations.

Sgt. Gomes said information about arrivals and departures is innocently included in many e-mails that are then "mass distributed" among military personnel in Iraq.

But he said there are also Iraqis in Baghdad's International Zone who have access to these e-mails. The background of some aren't thoroughly investigated, he said.

The information in the e-mails about traveling "from Point A to Point B" can be used by insurgents to plot an attack, Sgt. Gomes said.

"It's just like traveling to Shaw's. There's only one road to get there, and they know you have to take a left," he said. "That's a good way to target an individual."

At Camp Victory, his assignment was to shut down intrusions into the U.S. information system and safeguard the network against intruders.

He believes insurgents are behind some of the "Trojans" or moles hidden on free files innocently downloaded off the Internet by U.S. military personnel. These files could be a photo of a celebrity, but they are timed to go off and automatically copy everything off a user's hard drive and deliver it back to its sender.

His sense is that these two elements are in use in 30 to 40 percent of the insurgents' attacks.

"Think about it. How do they get it?" he asked, underscoring the importance of precise information in the coordination of an attack.

"The craziest thing is to think they are stupid," he said.

The sharing of music files, blogs (a personal journal that is available on the Web), instant messaging and Yahoo are all prohibited by the military for security reasons, although many military personnel still use them.

Using sensors that gave him a window into all computers used by military personnel at every camp, Sgt. Gomes was able to spot them.

"Every day I was putting out fires," he said. "I would see intrusions and make sure they were followed through."

When he saw these intrusions, he would identify the source through a unique Internet protocol address and alert information officers of their existence.

"A lot of it is benign, but it has the potential to be vulnerable," he said.

He said his fear is the information sharing will expose U.S. tactics and strategies.

Lt. Col. Steven Boylan, U.S. Army Multi-National Forces- Iraq Public Affairs and director of the Combined Press Information Center, International Zone, Baghdad, said insurgents can't see U.S. e-mails.

"All convoy information is to be communicated through a closed (Department of Defense) secure network that does not traverse any commercial services," he said.

"The data is encrypted every step of the way and cannot be intercepted and deciphered," he said.

He said security measures include firewalls, router configurations, intrusion detection devices, data encryption, anti-virus software and vulnerability patch management tools "to keep our systems as secure as is currently possible in the industry."

Military personnel also receive training appropriate to their data access level, he said.

Lt. Col. Boylan said prior to opening an e-mail account, military personnel assigned to Camp Victory receive "information assurance training, including reminders about requirements for handling sensitive and classified information."

Information technology experts, while unable to confirm Sgt. Gomes' remarks, said what he is saying is possible.

"It's not physically implausible," said John Pike, director of GlobalSecurity.org, an independent private research and policy center based in Alexandria, Va. "I have no way of knowing if it's true, but I can't eliminate it."

He said it comes down to a battle between insurgents' ability to penetrate the U.S. military's network security and the military's prowess to protect it.

"Saddam had some pretty smart people in his intelligence community," Mr. Pike said. Syria is likewise adept in the field, he said.

"I'm sure they have tried because that's what they have done for a living," he said. "I don't know who's ahead in this game, but I know they are both trying."

George Smith, a senior fellow with GlobalSecurity.org., said moles or "Trojan horses" have been around for about a decade. He said they are hidden and often attached to a file, sometimes like the latest photo of a celebrity.

Once they have invaded an information network, he said they "selectively look for various files" and also hunt for network access points.

"Of course, it's possible," he said.

But he explained that writing code in a seamless fashion, so it doesn't interfere with a computer's other functions is a challenge.

"That's hard for virus writers, so it doesn't misfire" and become detected by the computer user, he continued.

"It's not an automatic success. It's a complete crap shoot," he said.

Copyright 2005, The Standard-Times