The Robin Hood Virus
Page 5
activities have conducted espionage activities within the United States: the Central Institute for Intelligence and
Special Activities (MOSSAD) and the Scientific Affairs Liaison Bureau of the Defense Ministry (LAKAM). The Israelis use classic HUMINT techniques, SIGINT, and computer intrusion to gain economic and proprietary information.
We will actively enter the networks and monitor these and other countries computer networks for possible hacking efforts against U.S. installations. We will monitor various hackers to intercept the theft of commercial data and prevent a virus from being introduced into a domestic computer systems to prevent the sabotage of our operations. We will monitor NCADE to intercept critical data that is gathered by foreign governments. NCADE was subordinate to the KGB and is now believed to play a central role in SVR computer intelligence collection activities. NCADE has direct access to data networks in the United
States, Canada, Germany, the United Kingdom, and France, and is a client of several on-line databases. These databases include:
The U.S. Library of Congress
The LEXIS/NEXIS data service
The U.S. National Technical
Information Service
The British Library
The International Atomic Energy Agency
The Russians have also established direct connection with Internet service providers such as COMPUSERVE, TYMNET, and the European Union's EUNET. During the Cold War, the Bulgarian Security Service (DS) was a major client of Lockheed's Dialog on-line database service. Dialog information was available to all hosts connected to the Bulgarian packet switch network, BULPAC.
These connected hosts included DS computers, the computers of the Bulgarian military intelligence organization, and the Bulgarian research and development institutions. The Chinese, Japanese, and South Koreans have been particularly active in collecting open source economic and technical data by exploiting electronic databases. We will search for and gather all information regarding:
COMMERCIAL IMAGERY
Available imagery products will include:
synthetic aperture radar (SAR) images, electro-optical (EO) images, and multi-spectral imagery (MSI) products.
RADAR IMAGERY applications provide a day/night, all weather imagery capability, and they can potentially be used for
detection of submerged vessels or underground facilities.
ELECTRO-OPTIC IMAGERY provides a digitized
panchromatic product that offers visible information at high spatial resolutions. Essentially, EO imagery provides a black and white picture of the targeted facility or area.
MSI provides spectral range coverage, recording energy visible, near infrared, short-wave infrared, and medium infrared wavelengths of the spectrum of light.
These systems have medium resolution and wide area coverage capabilities. Their utility for targeting, mapping, and regional monitoring was demonstrated by military intelligence applications during the Persian Gulf War. Proposed commercial
EO systems will have ground resolutions of approximately 1 meter. This is sufficient in most cases for the precise identification of most types of facilities
and will provide significant detail for technical analysis. Currently, ten commercial imaging satellites are being developed, and five of these will provide 1-meter resolution imagery. The use of multiple sensor systems, such as the use of EO, SM and MSI imagery to cross reference a particular feature or facility, will allow change detection analysis, layover analysis, and other sophisticated imagery assessments to be performed by nations and groups that previously had no access to these types of products. The various types of intelligence include:
HUMAN INTELLIGENCE
(HUMINT) is the collection of
information from human sources. The collection may be done through clandestine or covert means (espionage). Within the United States, HUMINT collection is the FBI's responsibility. Beyond U.S. borders, HUMINT is generally collected by the CIA, but also by other U.S. components abroad.
SIGNALS INTELLIGENCE
(SIGINT) refers to electronic transmissions that can be collected by ships, planes, ground sites, or satellites.
COMMUNICATIONS INTELLIGENCE
(COMINT) is a type of SIGINT and refers to the interception of communications between two parties. U.S. SIGINT satellites are designed and built by the National Reconnaissance Office, although conducting U.S. signals
intelligence activities is primarily the responsibility of the National Security Agency (NSA). The FBI collects SIGINT through authorized wiretaps and other electronic intercepts of information.
IMAGERY INTELLIGENCE
(IMINT) is sometimes also referred to as photo intelligence (PHOTINT). One of the earliest forms of IMINT took place during the Civil War, when soldiers were sent up in balloons to gather intelligence about their surroundings. IMINT was practiced to a greater extent in World Wars I and II when both sides took photographs from airplanes. Today, the National Reconnaissance Office designs, builds, and operates imagery satellites, while the National Geospatial-Intelligence Agency is largely responsible for processing and using the imagery.
MEASUREMENT AND SIGNATURE INTELLIGENCE
(MASINT) is a relatively little-known collection discipline that concerns weapons capabilities and industrial activities. MASINT includes the advanced processing and use of data gathered from overhead and airborne IMINT and SIGINT collection systems.
TELEMETRY INTELLIGENCE
(TELINT) is sometimes used to indicate data relayed by weapons during tests.
ELECTRONIC INTELLIGENCE
(ELINT) can indicate electronic emissions picked up from modern weapons and tracking systems. Both TELINT and ELINT can be types of SIGINT and contribute to MASINT. The Defense Intelligence Agency's Central MASINT Office (CMO), is the principal user of MASINT data. Measurement
and Signatures Intelligence has become increasingly important due to growing concern about the existence and spread of weapons of mass destruction. MASINT can be used, for example, to help identify chemical weapons or pinpoint the specific features of unknown weapons systems. The FBI's extensive forensic work is a type of MASINT. The FBI Laboratory's Chem-Bio Sciences Unit, for example, provides analysis to detect traces of chemical, biological, or nuclear materials to support the prevention, investigation, and prosecution of terrorist activities.
OPEN-SOURCE INTELLIGENCE
(OSINT) refers to a broad array of information and sources that are generally available, including information obtained from the media (newspapers, radio, television, etc.), professional and
academic records (papers, conferences, professional associations, etc.), and public data (government reports, demographics, hearings, speeches, etc.).
The five steps of the Operational Security(OPSEC) process are:
IDENTIFICATION OF CRITICAL INFORMATION.
Critical information is factual data about an organization's intentions, capabilities, and activities that the adversary needs to plan and act effectively to degrade operational effectiveness or place the potential for organizational success at risk.
ANALYSIS OF THREATS.
Threat analysis consists of determining the adversary's ability to collect, process, analyze, and use
information. The objective of threat
analysis is to know as much as possible about each adversary and their ability to target the organization.
ANALYSIS OF VULNERABILITIES.
Vulnerability analysis requires that the OPSEC analyst adopt an adversarial view of the activity requiring protection.
ASSESSMENT OF RISKS.
Risk assessment is the heart of the OPSEC process. In a risk assessment, threats and vulnerabilities are compared to determine the potential risk posed by adversary intelligence collection activities targeting an activity, program, or organization. When the level of vulnerability is assessed to be high and the adversary threat is evident, then adversary exploitation is expected, and risks are assessed to be high.<
br />
APPLICATION OF APPROPRIATE COUNTERMEASURES.
In the final step, countermeasures are
developed to protect the activity. Ideally, the chosen countermeasures eliminate the adversary threat, the vulnerabilities that can be exploited by the adversary, or the utility of the information. The steps in the intelligence cycle are:
PLANNING AND DIRECTION.
The first step in the cycle, planning and direction, involves the management of the entire intelligence effort, from the identification of a need for data to the final delivery of the intelligence product to the consumer. The process consists of identifying, prioritizing, and validating intelligence requirements, translating requirements into observables, preparing
collection plans, issuing requests for
information collection, production, and dissemination, and continuously monitoring the availability of collected data.
COLLECTION.
The second step, collection, includes both acquiring information and provisioning that information to processing and production elements. The collection process encompasses the management of various activities, including developing collection guidelines that ensure optimal use of available intelligence resources. Intelligence collection requirements are developed to meet the needs of potential consumers. Based upon identified
intelligence, requirements collection activities are given specific tasks to collect information.
PROCESSING.
The third step, processing, is the
conversion of collected information into a form suitable for the production of intelligence. In this process, incoming information is converted into formats that can be readily used by intelligence analysts in producing intelligence. Processing may include such activities as translation and reduction of intercepted messages into written format to permit detailed analysis and comparison with other information. Other types of processing include video production, photographic processing, and correlation of information collected by technical intelligence
platforms.
PRODUCTION.
The fourth step, production, is the
process of analyzing, evaluating, interpreting, and integrating raw data and information into finished intelligence
products for known or anticipated purposes and applications. The product may be developed from a single source or from all-source collection and databases. To be effective, intelligence production
must focus on the consumer's needs. It should be objective, timely, and most importantly accurate.
DISSEMINATION.
The final step of the intelligence cycle is dissemination. Dissemination is the conveyance of intelligence to the consumer in a usable form.
Targeted Information and Technologies
The importance of proprietary information concerning advanced technologies to the future of the United States has been recognized in both the National Critical Technologies List (NCTL)
published by the Department of Commerce, and the Militarily Critical Technologies List (MCTL) published by the Department of Defense. The MCTL incorporates all of the technologies listed in the NCTL and includes additional technologies that have military significance. As a result, it provides an all-encompassing view of the range of technologies that are considered essential to the security of the United States. The MCTL was mandated by Congress under the Export Administration Act of 1970 and was supplemented by guidance contained in executive orders. The MCTL is organized into 15 technology groups that include over 200 different technology applications.
Among these groups are:
Composite Materials, Alloys, Super-conductive Conductors
Automated and Robotic Production Technologies
Telecommunications Transmission, Switching, and Networking
Management Capabilities Lasers, Optics and Power Systems
Technologies Biomedical Technologies
Advanced Electronic Devices, Components, and Circuits
Optical, Acoustic and Electro-Optic Sensors
Aerospace Structures and Propulsion Systems
Directed Energy and Kinetic Energy Applications
Specialized Technical Operations
These techniques include computer intrusion, telecommunications targeting and interception, and exploitation of weak private sector encryption systems.
According to NACIC, these activities account for the largest part of economic and industrial information lost by U.S. corporations. Because telecommunications are easily accessed—particularly international telecommunications they provide a lucrative and extremely vulnerable source for anyone interested in obtaining, economic or proprietary data.
Obtaining Threat Assessment Information Threat information can be obtained through a number of sources within the United States Government. These agencies are responsible for protecting U.S. government and commercial activities, and executing counterintelligence programs, security education, or threat analysis. These agencies are:
Federal Bureau of Investigation (FBI)
The FBI has primary responsibility for
counterintelligence investigations within the United States and can provide a variety of support services and classified analytical products to Government agencies. An integral part of the FBI's counterintelligence efforts is the Development of Espionage, Counterintelligence and Counter-terrorism
Awareness program (DECA). DECA is the FBI's medium for providing foreign intelligence threat information-especially information concerning economic espionage to the private sector.
Defense Intelligence Agency (DIA)
The DIA is a combat support agency and the senior military component in the U.S. Intelligence Community. It provides intelligence in support of joint military operations in peacetime, crisis, contingency, and combat; service weapons
systems acquisition; and defense policy making. The DIA prepares CI risk assessments for the Department of Defense and conducts a variety of assessments and studies on the foreign intelligence collection threat. The DIA also assesses the threat to our military capabilities posed by illegal transfers of high technology to U.S. adversaries.
Defense Investigative Service (DIS)
DIS is responsible for safeguarding classified information received, produced, stored, and disseminated by U.S. Government contractors. DIS shares information with industry about specific targeting techniques used by foreign intelligence organizations. The focus of the DIS program is the protection of Government classified information. DIS
provides information about the targeting of
specific technologies or specific contractors based on its analysis of information from databases such as the Foreign Ownership, Control, or Influence (FOCI) database and various elements of the Foreign Disclosure and Technical Information System. Foreign threat information is also developed through personal security interviews by DIS Special Agents, by Industrial Security representatives during inspections and facility visits conducted under the auspices of the National Industrial Security Program (NISP), and through liaison with other government agencies. Reports developed by DIS are disseminated throughout the Department of Defense, to the U.S. Intelligence Community, and to cleared defense contractors during industrial security visits. Specific threat data can be obtained directly from any DIS Industrial Security representative.
Department of Defense Security Institute
DODSI develops and presents courses on DoD security countermeasure programs. DODSI conducts instructional courses on industrial, personnel, and information security. Discussion of intelligence collection threats are an inherent part of training provided by DODSI. DODSI also publishes unclassified security awareness publications. The best known of these publications is the Security Awareness Bulletin, which is distributed to 25,000 customers in government and industry. Articles often highlight foreign economic and industrial intelligence efforts, and methods to protect against such activities.
Department of Energy (DOE) Counterintelligence Division
; The DOE Counterintelligence Division is responsible for analyzing foreign
intelligence collection threats, providing awareness training, and disseminating threat assessments to government and contractor activities. The CI Division publishes classified and unclassified threat assessments, and distributes bulletins and newsletters concerning foreign intelligence threats to DOE activities and facilities.
We will enter their government agencies, departments, and diplomatic offices and embassies. We have established various security tests to determine subject of the information, the level of importance, and which department should have this information.
We have setup a U.S. Government communication channel that does not know our identity. We have sent numerous pieces of information that they have verified to be true and have welcomed our continued
forwarding of information concerning people, places, activities, I.P. Addresses of major hackers, foreign military plans and activity, individuals we have identified as terrorists and their location and activities.
Our communications channel is with INSCOM.
INSCOM oversees a number of major subordinate commands, and coordinates efforts between the various command groups in order to gather and best use the information received. This can include providing linguistic support to various commanders throughout the Army, ensuring the security and maintenance of US Army computer systems and servers, working with other intelligence agencies such as the National Security Agency, and providing location specific support and analysis in numerous military theaters across the