Despite reports that are beginning to circulate on the Internet, the U.S. is not sending B-1 Lancer heavy bombers to its massive Pacific Ocean base on Guam.
"They're not at Guam," a U.S. Pacific Air Forces spokeswoman just told Killer Apps. "They definitely didn't even stop through."
The U.S. constantly rotates B-2 stealth bombers and B-52 Stratofortress bombers through Anderson Air Force Base, Guam under a scheme meant to maintain a constant heavy bomber presence in the Pacific. Last week, the U.S. sent six B-52s from Minot AFB in North Dakota to Guam. Also last week, a pair of B-2s also flew a 13,000-mile round-trip mission from Missouri to South Korea to perform a practice bombing run over the peninsula -- the North Koreans loved that.
B-1s, however, often deploy to Diego Garcia in the Indian Ocean or to a base on the Persian Gulf, where they are used to provide air support to troops in Afghanistan.
"They're pretty concerned with the desert, so they're pretty busy over there," added the spokeswoman when asked if the B-1s ever deploy to Anderson as part of the Air Force's "continuous bomber presence" mission.
U.S. Air Force
By now, everyone is familiar with Distributed Denial of Service attacks -- the relatively primitive cyberattack that takes down a website by flooding it with visits. Well, there's a new denial of service trend that takes advantage of VoIP technology to target phone lines instead of websites.
Last month, the Department of Homeland Security and the FBI issued a confidential warning to first responders, warning that hackers may try to flood emergency call centers with phone calls, overwhelming them and preventing legitimate calls from getting through. Instead of a DDOS attack, it's called a Telephony Denial of Service (TDOS), attack.
Dozens of attacks in "multiple jurisdictions" have targeted these public safety lines -- which are not the same as 911 lines -- according to the DHS-FBI announcement, a copy of which was put online this week by cybersecurity researcher, Brian Krebs.
"These attacks are ongoing. Many similar attacks have occurred targeting various businesses and public entities, including the financial sector and other public emergency operations interests, including air ambulance, ambulance and hospital communications," reads the March 16 bulletin, which was for immediate dissemination to "public safety answering points and emergency communications centers and personnel." The FBI's Internet Crime Complaint Center issued a little-noticed warning about TDOS attacks in January.
The DHS-FBI announcement describes the wave of attacks as part of an extortion scheme whereby an individual -- who usually speaks with a thick accent -- calls an organization and asks to speak with a current or former employee and then demands collection of a $5,000 payday loan. When the victim tells the caller to get lost and hangs up, the attackers launch the TDOS attack using hacked VoIP automated dialing systems to flood the call center.
"The organization will be inundated with a continuous stream of calls for an unspecified, but lengthy period of time," reads the bulletin. "The attack can prevent both incoming and/or outgoing calls from being completed." The attacks can continue intermittently over weeks or even months.
TDOS attacks are meant to intimidate victims by flooding their employers with debilitating phone calls. Sometimes those employers happen to be emergency call centers. But the bulletin also says, "It is speculated that government offices/emergency services are being ‘targeted' because of the necessity of functional phone lines."
In another variant of this extortion scheme, perpetrators claim that an arrest warrant has been issued for the victim's failure to pay the loan. "In order to have the police actually respond to the victim's residence, the subject places repeated, harassing calls to the local police department while spoofing the victim's telephone number," the January notice said.
I'm no extortionist, but aren't there plenty of ways to shake someone down without bringing first responders into the mix? What could possibly go wrong for the criminals there?
This is interesting. It's an illustration from a 1945 Life magazine article all about what a nuclear war would look like (though it wasn't the cover story -- that space was reserved for a piece about women with "big belts"). This particular drawing shows that the U.S. has been thinking about how to shoot down missiles with radar-guided missiles for nearly 70 years now.
"The only defense now conceivable against a rocket, once it is in flight, is illustrated above," reads the article. "It is another rocket fired like an antiaircraft shell at a point where it will meet its enemy. Once it had been launched, such a rocket might detect the attacking machine with radar and make its own corrections."
Sound familiar? The U.S. just announced that it's positioning Aegis-radar-equipped, missile defense destroyers off the in the waters off the Korean Peninsula. Those ships are armed with SM-3 missiles that once airborne, receive constant data about the location of their target, an enemy missile (or satellite) from the ships' radars until they slam into their target with 30 megajoules of kinetic energy, or the "equivalent of a 10-ton truck travelling at 600 mph," as SM-3-maker Raytheon says.
The U.S. Army meanwhile is deploying Terminal High Altitude Area Defense (THAAD) missiles to Guam. Again, these are radar-guided missiles designed to take out ballistic missiles just as they are set to reenter the atmosphere on the final leg of their voyage.
Interestingly, the Life illustration shows just such a scene.
"The enemy rocket, coasting through space with its fuel exhausted, is beginning to fall toward the U.S. The defensive rocket, racing upward under full power, is incandescent from the friction of its short passage through the Earth's atmosphere. When the two projectiles collide, the atomic explosion will appear to observers on Earth as a bright new star."
(It’s important to note that modern ballistic missile defenses wouldn’t actually set off celestial nuclear explosions, pretty as they sound. Instead, the warhead would just break apart.)
Keep in mind that hitting a missile with another missile is extremely difficult, and as FP's Kevin Baron points out in Killer Apps sister blog, The E-Ring, THAAD has seen its share of teething problems.
Then-Army Air Force chief Gen. Hap Arnold, a man who would go on to become the first ever five-star general of the Air Force, told Life just how difficult shooting missiles down would be.
"Although there now seem to be insurmountable difficulties in an active defense against future atomic projectiles similar to the German V-2 but armed with atomic explosives, this condition should only intensify our efforts to discover an effective means of defense," said the general.
Seventy years later and we're still trying to perfect such a defense.
Hat tip to Alex Wellerstein for posting the article over at Restricted Data.
As tensions on the Korean Peninsula rise, the Defense Department officially told Congress that the U.S. may sell 60 stealthy jets to South Korea.
Last Friday, the Defense Security Cooperation Agency -- the arm of DOD that handles foreign military sales -- announced the possible sale of 60 Lockheed Martin-made F-35 Joint Strike Fighters for $10.8 billion or 60 Boeing-made F-15SE Silent Eagles for $2.4 billon to the Republic of Korea.
The two U.S. defense giants have been pushing their premier export fighters on Seoul for years under the South Korean air force's effort to replace its ancient F-4 Phantoms and F-5 Tigers with a 21st century fighter, a contest known as FX III.
The U.S. jets are competing against the Eurofighter Typhoon, one of the most advanced operational fighters in the world.
"The proposed sale will augment South Korea's operational aircraft inventory and enhance its air-to-air and air-to ground self-defense capability, provide it with a credible defense capability to deter aggression in the region, and ensure interoperability with U.S. forces," reads DSCA's April 3 announcement of the possible F-15SE sale. "The Republic of Korea Air Force's F-4 aircraft will be decommissioned as F-15SEs are added to the inventory. Korea will have no difficulty absorbing this additional equipment and support into its inventory. "
The April 3 notice of the possible F-35 sale has a nearly identical paragraph with an additional sentence that reads: "The proposed sale of F-35s will provide the Republic of Korea (ROK) with a credible defense capability to deter aggression in the region and ensure interoperability with U.S. forces."
While the fighter contest has been going on since 2012, the notification to Congress comes as tensions are running high between the U.S. and North Korea. Last week U.S. F-22s and B-2 stealth bombers flew over the Korean Peninsula, the U.S. Navy sent two additional destroyers to the region, and the Pentagon announced that it is sending missile defense units to Guam. Seoul was supposed to pick a winner in the FX III contest last fall, but the decision has been pushed back to mid-2013.
Boeing's Silent Eagle is an upgraded version of its venerable F-15 Eagle/F-15E Strike Eagle, featuring V-shaped tails, internal weapons bays, and radar absorbent material in an effort to make it stealthy. Unveiled in 2009, the Silent Eagle is being offered by the Chicago-based company as a low-cost alternative to the F-35. It has no buyers yet, but South Korea's Korean Aircraft Industries is teaming with Boeing to develop the F-15SE's weapons bays.
The Korean air force already flies 60 F-15E Strike Eagles, known as F-15K SLAM Eagles due to their ability to carry SLAM-ER cruise missiles.
Still, the South Korean government has stated that it wants a modern stealth fighter such as the F-22 or the F-35 and even expressed interest in the Russian-made Sukhoi T-50 PAK FA stealth jet. While the F-15SE is stealthier than a regular F-15, it's not as stealthy as a plane designed from the start to be stealthy.
Been on the website of U.S. Forces Korea lately? Of course not because it's down.
Is it a prelude to war, similar to how Russia attacked Georgian websites before invading that country in 2008? Nope. A Pentagon spokeswoman tells Killer Apps that it's a hardware issue and that it has nothing to do with North Korea, just really bad luck and timing.
"They had a hardware problem so their server crashed and they are in the process of getting a whole new system," the spokeswoman told Killer Apps this morning. She added that communications specialists will be working over the weekend to get the site back up.
So no, North Korean cyber warriors haven't fired the first shots, er lines of code, of the second Korean War, according to the Pentagon.
We've heard plenty of civil liberties advocates object to the Cybersecurity Intelligence Sharing and Protection Act (CISPA), claiming the bill harms privacy rights. However, one group opposed to the act argues that it actually allows businesses to commit the very behavior it aims to curb -- that is, it allows them to hack the computers of anyone they believe is hacking them.
"CISPA says that a company gets immunity for any decisions made based on cyber-threat information that they receive under the bill and based on cyber-threat information that they identify and obtain using cybersecurity systems," Greg Nojeim of the Center for Democracy and Technology told reporters in Washington this morning.
This is where Nojeim worries that the bill could permit an increase in hacking.
"What if one's decision in response to the receipt of cyber-threat information from someone you think is a bad guy is to render the sending computer inoperative?" asked Nojeim. "That's certainly within the scope of the legislation and would be completely immunized."
As Nojeim and his colleagues at CDT read it, CISPA could allow businesses that think they had discovered a hacker to hit back or, hack back, against malicious actors in cyberspace -- an action frequently referred to as active defense. (Yours truly has heard this topic debated plenty of times between lawyers who are against it and businesses who want to be able to defend themselves aggressively in cyberspace.)
CDT wants the bill's language tweaked to prohibit this behavior.
"What the bill does not say is, in looking for cyber threat information you can examine only your own network," said Nojeim. "If you think the cyber threat information is on somebody else's computer or on somebody else's network, you have authority, notwithstanding any law, to go get it . . . and immunity when you do."
Killer Apps reached out to one of the bill's sponsors, House intelligence committee chairman Mike Rogers, and one of his committee staffers told us that authorizing companies to strike back at hackers "was not the chairman's intent." Rogers "intends to address this issue in committee markup" by adding language specifying that the bill does not authorize businesses to break into other people's networks.
Rogers and the bill's co-sponsor, Rep. Dutch Ruppersburger, have insisted that they are working with the White House, privacy advocates, and businesses to address their concerns.
"We want to make sure that we meet the level of privacy concerns, and we think we can do that by working in some very direct language that expresses, in language, what we believe the bill already does but we want to reiterate that," said Rogers last week when announcing that the bill will come up for a committee vote this month.
As it's currently written, the bill specifically says that businesses can receive immunity from prosecution "for using cybersecurity systems to identify or obtain cyber threat information or for sharing such information in accordance with this section; or for decisions made based on cyber threat information identified, obtained or shared under this section."
"That authorizes hacking that would otherwise be a crime under current law, it authorizes cybersecurity criminal acts that are described in this very bill," he added. "The last place one would think you would find new authority to hack would be in cybersecurity legislation, but there it is."
Here's what Rogers said in December when asked how he felt about private entities fighting back against hackers.
"It's best not to go punch your neighbor in the face before you hit the weight room," said Rogers, in a warning to both public and private sector actors that are considering offensive actions to defend their networks under the growing trend of "active defense."
Government organizations and businesses are still figuring out the best way to defend themselves from advanced cyber threats. But, said Rogers, "until we have figured out how we will defend ourselves and our networks, I would be very, very, very cautious about using an offensive capability."
The lawmaker, speaking at an event at The George Washington University, added: "Now, you can't do a good defense if you don't develop the capability for offense...so I completely agree with [building offensive power]. I'm just very concerned about engaging [in offense] before we have the ability to defend ourselves because, guess what, something's coming back" to hit us.
The Defense Department's Inspector General called out the U.S. Army for the fact that thousands of those smartphones that troops buy off-the-shelves to use on the job aren't properly secured.
"The Army Chief Information Officer (CIO) did not implement an effective cybersecurity program for" commercially purchased smartphones and tablets, reads a new announcement from the DOD IG. "Specifically, the Army CIO did not appropriately track [off-the-shelf devices] and was unaware of more than 14,000 [such devices] used throughout the Army."
(The IG investigated the Army's use of phones and tablets running Google's Android, Apple's iOS, and Microsoft's Windows Mobile operating systems in 2012. It didn't look BlackBerrys since it did a 2009 investigation into their security.)
Troops are already using commercial smartphones and tablets to do things like file flight plans. As the utility and availability of such devices grows, so will the amount, and type of data stored on them. If spies can break into these devices, they can likely glean plenty of useful information. As the report notes, the CIO "inappropriately concluded that [these devices] were not connecting to Army networks and storing sensitive information. As a result, critical information assurance controls were not appropriately applied, which left the Army networks more vulnerable to cybersecurity attacks and leakage of sensitive data."
The IG goes on to say that the Army failed to: sanitize these devices; failed to install apps on the phones that would protect stored information; allowed troops to store sensitive data on the devices; didn't implement the ability to remotely wipe data off of stolen or lost devices; and failed to make users sign agreements governing the security of their devices or to make them take training on how to keep their smartphones secure.
What's interesting is that the Army's CIO, Lt. Gen. Susan Lawrence, told yours truly last October that the service would be taking some of these very steps to protect the data on commercially purchased smartphones and tablets. Remember, the military -- following the lead of plenty of private sector businesses -- is starting to embrace the bring-your-own-device (BYOD) trend. It ultimately wants troops to be able to use one device for both personal and official use, barring all but the most classified data
Here's what Lawrence said when Killer Apps asked how the Army would protect its information:
"At the end of the day, we're really are going to become hardware agnostic. Whatever device you feel most comfortable with to do command and control, to be mobile with, is the device that you'll have and that's the one that we'll work with."
"We're in the RIM [Blackberry] environment, we're in the Apple environment, and we're in the [Google Android] already as we go through this."
"What you will agree to do is, if that's the device you want to use, you're going to sign an agreement with me that I get to scan you before you log on. I get to scan your device and then, you're also going to let me monitor you so that I can look for an inside threat as well. So if you're on the government network, you're gonna let me scan you first and you're gonna let me monitor you second."
DOD officials including Lawrence have said that enabling secure mobile computing is a top, if not the top, computing priority within the department. To enable this, Pentagon officials are hustling to field something called the Joint Information Environment, a massive cloud- based network that, over the next decade, will replace the dozens of networks that the DOD currently maintains. Officials say this will make it easier to defend and monitor data and make it easier to access from anywhere.
As Killer Apps quoted Lawrence as saying last October, one of the most important issues in the shift toward mobility and cloud computing "is in fact, ensuring that it's you on the network and that we've got your certifications and accreditations so that when you log on, I say yes, that's that person," said Lawrence.
How do you make sure users are who they say they are? Click here to read about how DARPA wants to monitor everything, from users' typing patterns and sentence structure to the way they hold their phone, to ensure that the person using a computer, smartphone, or tablet is the person who is authorized to use that device.
The Army tells the IG that, as soon as this month, it will start buying software allowing it to "wipe or remove a device from the [Army's networks] as well as monitor applications used, web sites visited, and data viewed, saved, or modified on the mobile devices." This satisfied one of the IG's recommendations that the service develop the ability to make sure mobile device users are secure.
The IG also says the Army "should develop clear and comprehensive policy to include requirements for reporting and tracking all" such devices. "In addition, the Army CIO should extend existing" practices aimed at protecting sensitive information to all off-the-shelf smartphones and tablets.
The Army however, provided what the IG called "nonresponsive" answers to those suggestions. Specifically, the Army says it already has a reporting program for mobile devices that may carry sensitive data. The IG says this reporting program for registering mobile devices isn't good enough: thousands of unregistered and unauthorized devices were found to be in use.
In response to the IG's recommendation that it do more to protect the data on its devices, the Army said that the DOD is already working on a plan to secure the information on "every managed mobile device" via its Commercial Mobile Implementation plan. Again, the IG called this answer to its recommendation "nonresponsive," since off-the-shelf mobile devices aren't designated "as information systems, users [of such devices] would not apply the appropriate information assurance controls to protect the devices and the data" on them. Furthermore, because there is no clear timeline to manage the security of these devices, "there's an increased risk that Army networks could be vulnerable to data leakage."
With the U.S. flying B-2 stealth bombers, F-22 Raptor stealth fighters, and B-52 bombers over the Korean Peninsula, we thought we'd give you a quick run-down on the air defenses these jets could face if the Korean War ever went into Round Two.
Sure, North Korea is said to have one of the densest air defense networks on Earth. But it's largely made up of 1950s-, ‘60s-, and ‘70s-vintage Soviet-designed missiles and radars -- the type of weapons that the U.S. military has been working on defeating for decades via a combination of radar jamming, anti-radar missiles, and stealth technology. In fact, the B-2 and F-22 were designed in the 1980s and 1990s specifically to evade such defenses, and the ancient B-52s could simply fire AGM-86 cruise missiles at North Korea from well beyond the range of the country's air defenses.
Let's take a look at the missiles in the North's air defense system that have claimed U.S. fighters in conflicts around the globe since 1990. (Keep in mind that hundreds of these missiles have been fired at U.S. forces in the last 23 years with only a handful of losses.) All of these systems are of Soviet origin -- some were actually built in the USSR and others were license-made in North Korea. (Note, for this post we're not even looking at the radars, antiaicraft guns and some of the older shoulder-fired missiles the North Koreans have)
SA-2 Guideline: The SA-2 is famous for downing Gary Powers' U-2 spy plane over Russia in 1960, and it would go on to claim dozens of U.S. planes during the Vietnam War. North Korea may (may is the key word there) have up to 1,950 of these missiles. Although old, Iraqi SA-2s did manage to take out a U.S. Navy F-14A+ and an F-15E Strike Eagle during the 1991 Gulf War. The SA-2 was adopted by militaries around the globe during the Cold War and has a range of 28 miles and a maximum altitude of 28,000 feet. Even with upgrades, these missiles won't be too effective against American planes.
SA-6 Gainful: There are unconfirmed reports that the North has an unknown number of these missiles. The SA-6 is sometimes nicknamed "the three fingers of death" because it has three missiles laid out next to each other on the launcher. The SA-6 is also a 1960s-vintage design (in service since the 1970s) that can be defeated relatively easily with modern jamming and missiles that lock onto the radar beams emitted by many surface-to-air missile batteries. Still, an SA-6 shot down a U.S. Air Force F-16 over Iraq in 1991 and another F-16 over Bosnia in 1996. However, some accounts claim that, during the Kosovo air war of 1999, Yugoslav forces fired 477 SA-6s without a single kill.
SA-3 Goa: This is another Soviet-designed missile from the 1960s that has taken down a handful of modern U.S. fighters. The North is said to have up to 32 batteries of these missiles with at least six sites -- equipped with concrete bunkers to protect the missiles and their radar -- protecting Pyongyang (as of 2010, anyway). An SA-3 shot down a U.S. F-16 over Iraq in 1991. During the Kosovo war, a Yugoslav army SA-3 famously scored history's only kill against a stealth jet when its crew got lucky and spotted a U.S. Air Force F-117 Night Hawk stealth fighter while the jet's bomb-bay doors were open, briefly ruining the jet's stealthy shape. (It didn't help that the F-117s had flown the same routes on their attack runs so many times that the defenders could predict where they would be.) Later that year, another Yugoslav SA-3 shot down a U.S. F-16 over Serbia.
SA-13 Gopher: This is a mobile, low-altitude, heat-seeking missile system designed in the 1970s to protect Soviet ground forces from close-air support runs by Western jets. SA-13s shot down two U.S. Air Force A-10 Warthogs during the 1991 Gulf War. (Again, there are only unconfirmed reports the North has these.) Keep in mind that the A-10 flies low and slow while hunting ground targets, making it exactly the type of plane the SA-13 is meant to counter. (The SA-13 reportedly hit a total of 27 coalition jets during the Gulf War, downing 14, but besides the A-10s those jets were older, Vietnam War-vintage planes.)
SA-16 Gimlets: The North Koreans reportedly have hundreds of these 1980s-vintage, shoulder-fired, heat-seeking missiles, which like the SA-3s are meant to protect ground troops from low-level attacks. Iraqi forces downed three A-10 Warthogs during the Gulf War using Gimlets. (The SA-16 has evolved into the SA-24 Grinch, one of the most feared shoulder-fired surface-to-air missiles.)
Finally, here are a few systems North Korea has -- or may have -- that haven't downed U.S. jets but that are still worth noting.
The SA-4 Ganef: This is a fierce-looking, mobile system from the 1960s meant to shoot down high-flying bombers. The SA-4 has a range of about 34 miles and can reportedly reach altitudes of around 80,000-feet. Still, it's been retired by most operators and is only in use by a few former Soviet republics and possibly North Korea.
SA-5 Gammon: The North may have up to 40 batteries of this old design meant to shoot down high-flying bombers at long ranges. The SA-5 was introduced in the mid-1960s and is largely a fixed system, meaning it's difficult to hide from U.S. fighters equipped with anti-radar missiles -- though the North supposedly has them hidden in concrete bunkers. Their fixed status also means that they can simply be avoided by strike aircraft. One of the strengths of the SA-5 is that the system can be plugged into a variety of radars, improving its ability to find targets. It should be noted however, that both Syria and Libya employ or employed such missiles. They didn't do much to help Muammar al-Qaddafi against the NATO air campaign of 2011, and they didn't prevent Israel from destroying a Syrian nuclear facility in 2007 (though the latter operation reportedly used a cyber strike to blind Syrian radars to the presence of Israeli jets).
SA-17 Gadfly: This system is nicknamed "four fingers of death" since, you guessed it, it's got four missiles laid out next to each other on the launcher. The North Koreans may have hundreds of these missiles (though this is unconfirmed and some dispute whether they have any), which were developed by the Soviets in the 1970s and largely fielded in the 1980s. The SA-17 reportedly has a range of about 19 miles and an altitude of 46,000 feet. Both the missile launcher and its radar system are mobile, meaning they can try to hide from enemy bombers. The SA-17 system is used by lots of countries with fairly robust air defenses, such as China, India, and Iran (which reportedly developed a knock-off version). Georgia was able to down several Russian jets, including a TU-22M strategic bomber/reconnaissance jet, with SA-17s during the 2008 war there. Meanwhile, Israeli warplanes took out a convoy of Syrian SA-17s that were supposedly being shipped to Hezbollah in January.
John Reed reports on the frontiers of cyber war and the latest in military technology for Killer Apps.