Section 5: Offensive Information Warfare

There are a number of different types of offensive attacks in information warfare. They can be used alone or in various combinations, depending upon the desired objective.

One of the most basic attacks is theft. Data theft is particularly insidious in that a victim often does not know his data was stolen until well after the fact, if at all. A common civilian example is credit card fraud, but other examples include copying databases, listening in on telephone calls, and even "dumpster diving", or going through the trash in search of useful information. Theft of services, such as computer time or long-distance telephone calls, is another example. Physical items can be “acquired” for purposes their original designers would not like, such as reverse-engineering a weapons system to discover its weaknesses.

Information corruption is a different type of attack in which an opponent alters or damages your information. Closely related is "spoofing", which is a very covert form of corruption. While corruption can be haphazard, intended to cast doubt on the veracity of a large body of information, spoofing is more carefully planned to ensure the victim retains trust in the information even though it is wrong. These two kinds of attack, particularly spoofing, are extremely difficult to carry out effectively and require considerable planning, resources, and expertise.

Disinformation is yet another kind of attack. This can be done by providing totally false information, by providing carefully selected bits of true information, by "spin control", or other techniques. It does not necessarily require access to the opponent's information or information systems. The disinformation about the Marine invasion plans during the Gulf War is a good example of a military application. In everyday life, virtually any political campaign makes use of some form of disinformation.

Data destruction is a particularly overt form of information warfare. It can be achieved by a variety of means, from wiping out a computer disc to dropping a 500-pound bomb on the building.

The last major category of information attack is denial or interruption of service. Cutting a telephone line, shutting off power to a particular computer, and jamming a radio frequency are all examples. If information cannot be accessed, used, or communicated, it is worthless. This approach formed the basis of our strategy in the Gulf War. However, the Iraqis could easily have waged a similar campaign against us by using their satellite jammers against our fleet communications satellites. Why they didn't is a mystery.

The decision on which attack is used is driven by many factors. If you have a high degree of skill, ample time and resources, and desire stealth, then a spoof attack may be in order. If, on the other hand, you need to interrupt a link NOW and don't particularly care about how it's done, then a 5” shell could suffice. Many kinds of attacks, particularly non-military network hacks, face tremendous legal obstacles in the form of privacy, copyright, wiretapping, or national and international laws and regulations. A governmental agency, therefore, must have considerable legal assistance to effectively conduct offensive acts. Non-governmental organizations, such as terrorist groups, usually just ignore legal issues.

Previous Section | Article Main Page | Next Section