Information OperationsNewsletter

Compiled by: Mr. Jeff Harley

US Army Strategic CommandG39, Information Operations Branch

Table of Contents

Page 1

The articles and information appearing herein are intended for educational and non-commercial purposes to promote discussion of research in the public interest. The views, opinions, and/or findings and recommendations contained in this summary are those of the original authors and should not be construed as an official position, policy, or decision of the United States Government, U.S. Department of the Army, or U.S. Army Strategic Command.

ARSTRAT IO Page on Intelink-UARSTRAT IO Newsletter on OSS.net

Page 2

Table of ContentsVol. 8, no. 19 (1 – 14 August 2008)

1. US Group Calls For More Electronic Warfare Investment

2. Cyber Warfare: Examining the Relationships (blog)

3. Human Rights Groups Critical Of China Are Attacked On Web

4. Al Qaeda Shifting Tactics, Finding New Recruits

5. Blocking the Threat: Soldiers Rely On Radio Jammers to Defeat Remote Controlled IEDs

6. Winning the Ideas War against Al-Qaeda (Commentary)

7. Georgia Accuses Russia of Coordinated Cyberattack

8. Photography as a Weapon

9. Coordinated Russia vs Georgia Cyber Attack in Progress (blog)

10. Air Force Suspends Cyber Command Program

11. Russian Hackers Continue Attacks on Georgian Sites

12. Pentagon Puts Hold On USAF Cyber Effort

13. US Ponders Georgian Air Defenses

14. Web Threats Increase in the Middle East

15. The CNN Effect: Georgia Schools Russia in Information Warfare (blog)

16. When Electrons Attack: Cyber-Strikes on Georgia a Wake-Up Call for Congress

Page 3

ARSTRAT IO Page on Intelink-UARSTRAT IO Newsletter on OSS.net

US Group Calls For More Electronic Warfare Investment By Stephen Trimble, Flight Global, 4 August 2008Two US lawmakers are campaigning to stabilise investment in electronic warfare as two next-generation airborne jammer programmes enter an early development phase.The prime goal of an EW working group led by Joe Pitts, of Pennsylvania, and Rick Larsen, of Washington state, is to persuade the US Department of Defense to create internal structures that will lead to a long-term investment strategy. That means creating a senior-level post to oversee joint requirements, flag officer-level champions in each service and a dedicated career track at all ranks."That in my opinion is sorely lacking," Pitts says. Larsen adds that the group is seeking to have its objectives included in an "exit memo" that the current Pentagon leadership will prepare for the next administration for when it takes office in January. "We will try to get the next administration to build on this," Larsen says.Much about the requirements and funding for US EW programmes remains classified, making it difficult for military and public officials to fully explain their concerns. But there is a consensus acknowledgement by military and engaged lawmakers that US combat aircraft will begin to face more powerful threats after 2012."There are some gaps we're headed for," says Pitts. "We need to address that."Two major programmes have already been launched to bridge the gap. The US Navy has started to develop the next-generation jammer to replace the analogue ALQ-99 pod, and the US Air Force has started developing the core component jammer, a replacement for the stand-off jammer system cancelled in 2006. But both lawmakers express little confidence in the military's ability to adequately fund either programme."For whatever reason, EW has experienced the feast or famine effect," Larsen says. "We need to maintain a consistent investment."Pitts notes that some of the equipment in use today is the same that he used as an EW officer on Boeing B-52s in the Vietnam War. "One thing we need is a co-ordinated strategy," he says.Table of Contents

Cyber Warfare: Examining the Relationships (blog)From Selil blog, August 3rd, 2008 When considering the doctrinal documents of computer network attack (CNA), and the hierarchical relationship to information warfare there is a likelihood of misunderstanding of the concepts of cyber warfare. It is hard for somebody in academia to get traction with ideas or concepts that are foreign to the entities of the national defense structure especially if they go against common perceptions and ideas. In the waging of cyber warfare there needs to be a doctrinal understanding and though a central tenet to my research I thought I might open a bit as events move forward to try and gain some thought real estate.First it should be immediately obvious that, “hackers” are not “cyber warriors” and I cringe whenever I see a top Air Force leader give that kind of impression. Bubba the red neck truck driver with a shot gun can become a soldier of remarkable skill, but just because he can shoot a gun doesn’t make him a soldier. By the way I am a beer belly bubba who wears camo and shoots my bow at furry brown things in the late fall. However, it takes training, skills, and discipline far beyond the simplistic awareness of technology to train and adapt cyber warriors. Unfortunately even the lexicon has been polluted far beyond the Steven Levy discussion of hackers. Second having considered the posse commitatus acts and the various law enforcement entities it becomes obvious that domestic defense creates a quandary. Every agency wants a piece of the super sexy cyber realm and when given it we get abject violence towards the Constitution as we’ve seen with the border patrol and the Department of Homeland Security in regards to the seizure of laptops. There are also the whimsical attempts and censured communities that the Federal Bureau

Page 4

of Investigation (FBI) and their attempts to control and restrict information. Though often a fan of the FBI in this case their under funded, closed minded, meager attempts show a distinct lack of understanding in dealing with the threat. Though I find at the “agent” level and investigator level they “get it” the leadership is “geek” averse.The only place that a national agency can exist and work with the differing law enforcement agencies and department of defense with no legal issues is the National Guard. A bisected Guard unit with both federalized and non-federalized entities operating with full law enforcement status has the ability to interface with all groups from the state level on up. Non-federalized guard troops can operate in the inherent government function of chasing the bad guys with one way hand offs between federal and non-federalized. Thereby strengthening portions of posse commitatus. The extra-territorial and analysis functions can be done by the federalized troops in concert with the individual responsible agencies. I would like to say that I came up with this idea on my own, but after I suggested it to a member of the military, it was pointed out that Tom Clancy came up with it in his book series “Net Force”. So much for being a thought leader.Third the concept of operations for computer network attack (CNA) needs to be broken out of the information operations (IO) hierarchy. It does not belong there. Much like the concepts of the use of armor to support troops in World War 1 was supplanted by new armor-cavalry concepts of operation, where the model changed towards infantry in support of armor, cyber operations take on new expanded roles beyond IO. CNA is but one element of cyber operations and kinetic effect through cyber operations. The highly hierarchical and brittle security models of command and control (C2) infrastructures in the military and corporate world reflect a target rich environment. These brittle networks are reflected in the social and organizational structures, the physical and data communications, and the information dissemination and cognition models. Where defense has been studied, the offense task against these elements in societies where the asymmetric balance is against the United States, has not been truly considered. In general the third world is categorized as technologically inferior, the European and Pan Asian community as off limits, and domestic threats ignored. This would be great if everybody played their roles equally and allies didn’t spies on allies, and corporate espionage didn’t happen, and the world stage was a static environment. How much better to be prepared for cyber conflict before it happens. Finally the analysis of networks and the various ideas of what makes up a network needs to be explored. The term “network” is what programmers would call an over loaded operator. It is used in place of various other terms and absconded with daily when some central concept or idea needs to be obscured in geek speak. Networks though are components of a system that are connected through some medium. The system can be a group of computers that communicate data or a group of people who socialize amongst each other expressing ideas. The power distribution system is a network of carriers lines and distribution/access points. Layered on top of that is a cyber network of command and control. In fact most of the utilities in the western world have sophisticated command and control networks. Each of these elements is being explored by groups of people looking for concepts of operations in the art of cyber warfare. Cyber warfare though is a political, technical, social, and conflict laden activity and in many ways needing a new doctrinal publication and joint operating presence to bring together the defensive and offensive operational elements of the military along with the law enforcement entities. The reality is that cyber offensive warfare is still an infant among the towering giants of offensive capability.Table of Contents

Human Rights Groups Critical Of China Are Attacked On WebBy Mark Magnier, Los Angeles Times, August 7, 2008 BEIJING -- The bane of many human rights groups these days is a growing number of computer viruses, data-stealing Trojan horses and other malicious software being routed from China.Although activists said they couldn't prove the Chinese government was behind the assaults, their sophistication suggests an adept attacker with extensive resources.

Page 5

In a case in 2000, however, before technology advances allowed hackers to hide so well, a protracted cyber-attack on the Falun Gong spiritual group's sites in the U.S., Britain and Canada was traced to computers in China's Ministry of Public Security, according to a report by Rand Corp.In some cases, the attackers use viruses rarely seen before, suggesting they're tailor-made, said Nicholas Bequelin, a Hong Kong-based researcher with Human Rights Watch.A common tactic involves e-mails that look as though they're from another rights group but contain attachments that wreak havoc on the recipient's system, he said.In one recent case, an infected attachment identified as a report from Amnesty International arrived within hours of the real report's release.The Dream for Darfur activist group said it was alerted by a congressman's office a few months ago that its website was infecting visitors in what is known as a cross-site scripting attack. The matter has been referred to the FBI."We're an organization of five people, and we're disbanding at the end of this month," group spokesman Jonathan Freedman said. "It's an indication of their unwillingness to allow any freedom of speech."Table of Contents

Al Qaeda Shifting Tactics, Finding New RecruitsBy Peter Brookes, Family Security Matters, 7 August 2008The good news is that nearly seven years after Sept. 11, 2001, al-Qaida appears to be battered. The bad news is that like a prize fighter, it is bloodied, but not bowed — leaving it still capable of dealing a devastating blow. In June, CIA Director Michael Hayden trumpeted the good news, telling the Washington Post that al-Qaida movements in Iraq and Saudi Arabia were essentially defeated and struggling elsewhere, including in the terrorism hot-bed Pakistan. In truth, some doubt Hayden’s take on Pakistan, especially with Osama bin Laden and his deputy Ayman al Zawahiri still on the loose in the tribal areas along the border with Afghanistan. But, according to experts, there is bad news, too. The Islamist terrorist threat is still evolving, and the gains made on the ground against this scourge could easily be reversed. Their warning: If we do not take heed of, and adapt to, new trends in terrorism, the tide could ultimately turn against us, resulting — once again — in a tragedy on the scale of 9/11 or worse. Perhaps the most fundamental change is that al-Qaida is a different organization than it was nearly seven years ago when it struck New York City and the Pentagon. Although it still pushes a strict view of Islam, sharply sorting the world into believers and non-believers (including Muslims), and advocates violent jihad to depose of apostate governments to establish a vast caliphate under repressive sharia law, al-Qaida is not the same as it was in 2001. Today, among other shifts, bin Laden is more inspirational than operational. Although he is still dangerous, for the moment, he is more of a terrorist icon than a terrorist operative — as long as he is under pressure and on the run. It is believed he is not directing al-Qaida’s day-to-day terrorism operations around the world like he did before 9/11, when Afghanistan provided a safe haven for him and his acolytes to plan, train and operate, courtesy of their landlords, the Taliban. Instead, he has become a forceful mouthpiece for al-Qaida’s global jihad, rather than a commander in the field, providing encouragement as well as guidance to like-minded extremists. Indeed, he and the Egyptian Ayman al-Zawahiri have developed a significant — and highly successful — propaganda machine, mastering the Internet and Islamist jihadist media outlets to advance their movement across the globe. WEB WORRIES Without question, al-Qaida’s Internet propaganda machine is working overtime to spread its extremist message, seeking recruits and funding, and pushing its foot soldiers to commit acts of terror to overcome setbacks on the ground in places such as Iraq (as a result of the surge). In many ways, al-Qaida has been its own worst enemy in places like Iraq, a place it saw as a central front in its holy war. According to analysts, locals have come to see themselves as tools — even victims —

Page 6

of the terrorist group, which is pursuing its own goals, often at great cost to the people it seeks to lead. Islamist terrorist groups prize the Web, releasing a regular torrent of multimedia products — from print manifestos by radical leaders to online terrorism encyclopedias to videos of attacks — for digestion by current and would-be supporters around the world. For instance, al-Qaida’s online flack is a mysterious media operation called the al-Sahab Institute for Media Production, according to Daniel Kimmage, an analyst with Radio Free Europe/Radio Liberty, who penned a recent report on the issue. Using that and other outlets, such as the Global Islamic Media Front and al-Fajr Media Center, to push the party line of violence and hate, the terrorist groups seek to frighten some, while winning needed support from sympathetic audiences. Of course, much of the message is that the West, especially the U.S. and select European countries, is in a war against Islam; that Muslims are required to defend their religion; and that violence against innocents in the guise of holy war may be necessary in defense of Islam, according to experts. Indeed, Zawahiri wrote in a now-famous letter to his now-deceased henchman in Iraq, Abu Musab al-Zarqawi: “We are in a battle, and more than half of this battle is taking place in the battlefield of the media, ... a race for the hearts and minds of our people.” Equally important, al-Qaida uses friendly media outlets to project an image of power, presence and prestige within the Muslim world — critical for keeping the movement afloat as its indiscriminate violence has alienated many possible minions. Make no mistake: Al-Qaida’s Web work is not amateurish stuff, even in a day of YouTube-like productions. These extremist-associated outlets are feverishly improving the quality of their Web sites, videos and print materials. Also particularly interesting is the level of message control these various extremist Web sites are able to achieve — a key to efficient and effective information warfare. (This also tends to indicate some level of coordination among these media outlets.) They also are targeting young people and women — both new emphases of al-Qaida recruitment — with their online propaganda. The Web sites are quickly translating their mantra into other languages, too, especially English and European tongues. Production levels of these outlets are at all-time highs, analysts say. In fact, experts say they believe Internet radicalization is replacing in-person radicalization, which used to take place in tea houses, coffee shops, mosques, madrassas or overseas terrorist camps. This allows the Web wing to serve as an enabler for al-Qaida & Co. in building ties with the sympathetic. It also allows al-Qaida to radicalize those on the margins, using emotional issues such as the wars in Iraq, Afghanistan and Somalia to mobilize them to action. Local grievances also are manipulated to advance al-Qaida’s agenda. In addition, those already enlisted can use extremist sites to participate in distance learning by getting training and expertise in the terrorist black arts, such as making a car or truck bomb or vest for a suicide bomber, via online libraries. The growing use of the Internet to identify and connect with people and groups around the world offers opportunities to network, establishing ties and passing on experience and tricks of the trade only previously available in overseas camps, according to U.S. government officials. Some have dubbed the Internet a “virtual haven” for the terrorist. Since the struggle with Islamist terrorism is, ultimately, a battle of ideas, dealing with the rise of extremism on the Internet is, perhaps, the most difficult challenge, especially because of its appeal to the younger generation. Which leads to the next worry: homegrown terrorists. Al-Qaida has long sought to recruit terrorist operatives already in place in the West, who have no need to get passports, nor to transit immigration and customs checkpoints to reach their targets. These operatives are locals who already have legal residency in a target country and, as such, blend seamlessly into the fabric of society, possibly not raising one iota of suspicion with their fellow citizens or, more importantly, intelligence or law enforcement. Bin Laden has been especially keen to recruit converts to Islam. These new adherents can often easily overcome the challenges of racial profiling. But, even better, they may be eager to prove their worth to their new faith by undertaking acts of terrorism, leading to martyrdom. There is a sinking sense that Islamist radicalization is catching fire in Europe. This is based on the increased

Page 7

number of plots in recent years, involving homegrown terrorists there, as well as Europeans serving in violent jihad overseas. An April Europol report indicated that terrorist attacks in the European Union (EU) were up almost 25 percent in 2007 over 2006, and that Pakistan-based al-Qaida groups are the main drivers of extremism and terrorism concerns in the EU. Plus, analysts say they believe al-Qaida and its affiliates in South Asia, the Mahgreb and the Horn of Africa are interested in recruiting terrorists from — and then deploying them back to — their homes in Europe. These people would have the advantage of having local passports and being familiar with Western cultures, allowing them to travel freely in and out of Europe — and, perhaps, even to the U.S., still a key target of al-Qaida. Indeed, Hayden warned Congress in testimony earlier this year of an “influx of Western recruits” — meaning Europeans — into the troubled tribal areas of Pakistan since 2006, which suggests potential terrorism problems across the pond. Moreover, Europol also reported “dozens” of British passport holders fighting alongside Islamists in Somalia who may as well be training in camps there in preparation for future attacks in the United Kingdom — or elsewhere. As is well known, homegrown terrorists pulled off deadly attacks on public transportation systems in Madrid in 2004 and in London in 2005. Other plots, some of which included American targets, have been hatched, or carried out, in recent years in Germany, the Netherlands, France and Denmark. The British feel particularly under the gun; their law enforcement and intelligence authorities are tracking tens of active plots, hundreds of terrorist cells and more than 2,000 people in the United Kingdom who may be associated in some way with the conspiracies. No surprise: The 2006 London-based attempt to use liquid explosives to bring down 10 or so airliners over the Atlantic flying from the U.K. to Canada and the U.S. easily could have produced more victims than 9/11. Some of the suspects in the case told British investigators they intended to bomb the airliners not over the Atlantic but over U.S. and Canadian cities to increase the victim count. It’s not just Europe. We’ve also had terrorism attempts here, too, by so-called “self-radicalized” people who were inspired by, but had little or no physical contact with, al-Qaida. Terrorist cells in places such as Ohio, Illinois, California, New York and New Jersey targeted the U.S. government, the military and critical infrastructure. Compounding concerns is the lone-wolf terrorist, a particular worry for the FBI. The lone wolf could fly below everyone’s radar because he would have no contact with other local conspirators or terrorist groups overseas that might tip off law enforcement of a plot in advance of an attack, according to a recent congressional report. But it is not only the homegrown terrorist who worries analysts. Of course, terrorists have long been funded by individuals, charities and front organizations. But today, they are also increasingly getting funding through illicit activities such as narco-trafficking and trafficking-in-persons. For instance, Afghanistan’s burgeoning poppy crop, which is responsible for more than 80 percent of the world’s supply of heroin, provides 40 percent to 60 percent of the Taliban’s operational income, according to both American and United Nations’ analysts. There is little doubt that al-Qaida in Afghanistan and Pakistan is getting a cut, too, providing the group with a nearly endless source of funding, considering the drug trade’s profitability, continuing global demand and the challenges in fighting it. Al-Qaida and others can use narco-profits to plan, train and operate, including procuring weapons, paying for travel and expenses, gathering intelligence, bribing local officials and others, and developing support structure such as camps and safe houses. Terrorist groups also are making money through trafficking in persons, the State Department reports. Although these networks often are used to smuggle people for the sex trade and other nefarious purposes, these same networks are moving foreign fighters, particularly into Iraq. Naturally, these highly profitable criminal networks, including those that have brought millions of illegal immigrants to the U.S. (from well beyond Latin America), also could be used for getting terrorists into the United States. Smuggling a terrorist into the country is one thing, but of equal concern is that one of these networks moving a person across the American border also could smuggle in a weapon of mass destruction, which U.S. intelligence is still convinced al-Qaida is interested in procuring — and using.

Page 8

Al-Qaida and its allies continue to nimbly adapt their menacing means and methods to the countermeasures we take, meaning we must evolve with equal vigor to the twists and turns in terrorist tactics. Significant challenges remain in dealing with terrorism — in the battle of ideas and on the battlefield. As such, we must guard against not only terrorism, but also our own complacency.Table of Contents

Blocking the Threat: Soldiers Rely On Radio Jammers to Defeat Remote Controlled IEDs

By Aaron Aupperlee, Desert Dispatch, August 7, 2008 FORT IRWIN — The video was not meant to be funny.Inside a classroom at the Army Center of Excellent at Fort Irwin, soldiers watched a video of a botched insurgent improvised explosive device attack on American forces in Iraq. The video is shot from the hiding spot of two insurgents who had planted an IED and hoped to use a radio-controlled device to explode it when American troops passed.Each time a vehicle passed, the two who muttered “Allahu Akbar,” God is great in Arabic, and then hit the button. Each time a vehicle passed, the explosive did not go off, and the two muttered frustrations, in Arabic, to each other.The video was not meant to be funny, but the soldiers from Schofield, Hawaii laughed. It underscored the importance and success of radio jamming devices used in Iraq to defeat the threat of remote controlled IEDs.“It’s very important,” said Col. Harris, the director of the center, “(IEDs are) the number one killer of soldiers.”Before the soldiers of the 3rd Brigade of the 25th Infantry Division head to Iraq and even before they head to the National Training Center’s simulated Iraqi towns that dot the desert of Fort Irwin, they receive training on using the Army’s counter radio-controlled IED electronic warfare devices, known to the soldier as CREW. The soldiers learn how to operate the device and practice keeping vehicles and other soldiers within the device’s protected area.“We give it to them, they go out and play with it for two weeks, and they got it,” said Jay Cassidy, a trainer at the Army Center of Excellence.For many years, the radio-controlled IEDs were the bomb maker’s weapon of choice in Iraq. Using a cell phone, remote control or even a keyless entry clicker for a car, a deadly dose of explosive could be triggered from a safe distance. The Army’s jamming devices, which can be mounted on vehicles and carried in a soldier’s pack, block specific radio frequencies within a certain range. Be within the jammer’s bubble of protection and the IED cannot be triggered.Before the war started, the Army had almost no one working on electronic warfare, Taz Azuras told the class of soldiers. Early iterations of radio jamming devices were put into Iraq four years. Since then, Cassidy said, bugs have been worked out and the technology has become better. Cassidy would not say that Army had the radio-controlled threat completely under control, but said the devices had hindered it’s effectiveness.“We’re getting better; we’re getting better what we do against them,” Cassidy said. “And we know this because the threat tells us this by moving away from radio-controlled triggers.”He said triggering mechanisms rely less on radio control and more on direct wires and victim initiated devices.Before the training on the jamming devices even started, Cassidy demonstrated what was at stake to the Hawaiian soldiers. He handed a radio-controlled trigger device to one of the soldiers gathered around a pile of rubble inside the center’s training grounds. Inside the rubble, an explosive shell used to simulate an IED blast. Cassidy told the soldier to detonate the IED as two humvees passed.The first time, when the second humvee was within the protection of the jammer, nothing. The second time, when the second humvee lagged too far behind — boom — a loud explosion.“Just like the real thing,” Cassidy said to the soldiers.

Page 9

Table of Contents

Winning the Ideas War against Al-Qaeda (Commentary)By Steven W. Barnes, Daily Star, August 11, 2008US officials and policy analysts are talking less about "winning the hearts and minds" of Arabs and Muslims worldwide as part of public diplomacy efforts, and instead are focusing on winning "the war of ideas" against Islamic extremist groups. Such a shift is stirring debate about what the right approach to the war of ideas is, and the answer has serious implications for American foreign policy.Speaking in Washington in late July, President George W. Bush's new public diplomacy czar, James Glassman, said the United States is "placing the emphasis not on enticing foreigners to like us more but on defeating an ideology." He also noted, "We want to break the linkages between groups like Al-Qaeda and their target audiences" by removing "the fake veneer on the reputation of extremists and allow publics to see the shame and hostility of life in terrorism." The war of ideas, Glassman added, is "the most important ideological contest of our time."Glassman's speech was representative of research being generated on what this "war of ideas" actually is; some recent perspectives stand out in the debate. For example, in June Antulio Echevarria of the US Army War College's Strategic Studies Institute published a paper, "The War of Ideas and THE War of Ideas," examining the current American effort as well as wars of ideas throughout history. "The battle of ideas in the war on terror is a complex mixture" of two kinds of conflicts, Echevarria wrote, "one external and the other internal." Externally, it is an ideological struggle between "the West" - particularly the US - and Al-Qaeda and its offshoots, Echevarria noted. The US aims to render Al-Qaeda a negligible threat, and Al-Qaeda seeks "to undermine the West's support for moderate Islamic regimes, and to prevent its secular ways from corrupting Islam." Internally, "this war is a battle over religious dogma within Islam," Echevarria wrote, featuring a militant interpretation of the Koran and Islamic law "which would mobilize Muslims against the West, and thus lead to the purification of Islamic society."Echevarria saw two approaches in today's war of ideas: On the one hand, outreach to overseas audiences through public diplomacy (educational and cultural exchanges, US international broadcasting, etc.); and on the other, viewing it as a "real war" of opposing wills, using information-age weapons, such as the internet, to defeat an enemy. These are not mutually exclusive, he pointed out, but not entirely compatible either.But the Brooking Institution's Hady Amr and P.W. Singer, writing in the current edition of The Annals of the American Academy of Political & Social Science, have argued, "Many in the Muslim world believe the war on terrorism is essentially a war on Islam; this view impedes the success of an effective foreign policy strategy."For the next president to win the war of ideas, Amr and Singer asserted, "we must work quickly to rebuild the shattered foundations of understanding between the United States and predominantly Muslim states and communities," through such measures as "expanding cultural exchange programs while improving the visa process."Writing earlier this year, Helle Dale of the Heritage Foundation argued that America's "engagement in the war of ideas during the Cold War [was] so effective because the mission was clear and simple." This was an "ideological struggle with the Soviets as part of a comprehensive strategy designed to challenge the very basis of Soviet power."This begs the question whether a Cold War model - with its political, economic, military, and cultural dimensions - could be successful today. Echevarria noted that while in some respects it is instructive, "it is essentially impossible to wage an economic war against Al-Qaeda and its affiliates, or to pursue a military strategy of containment, without at the same time harming Muslim states and populations whom we do not want to harm."Whatever model is employed, it is important to know what populations Al-Qaeda and affiliated groups have targeted. In March, Radio Free Europe-Radio Liberty published a report by Daniel Kimmage, "The Al-Qaeda Media Nexus," which observed that Al-Qaeda and its affiliates focused

Page 10

their primarily internet-based media operations on conflict zones: in Iraq, Afghanistan, Somalia and North Africa. In 2007 such groups released online hundreds of statements, press releases, books, and video clips.Ironically, Kimmage also wrote in July that such online information operations may be Al-Qaeda's Achilles heel. The exploding online social networking movement, he said, "can unite a fragmented silent majority [of Muslims opposed to violent extremism] and help it to find its voice in the face of thuggish opponents." But Kimmage added: "the authoritarian governments of the Middle East are doing their best to hobble" such a silent majority. "By blocking the internet, they are leaving the field open to Al-Qaeda and its recruiters," he said. Such a complex concept as the war of ideas will continue to be debated throughout the remaining months left for the current US administration and into the next. How effectively it is executed will depend on the next president's clarity of vision and willingness to engage in the debate. To do so, as Amr and Singer wrote, the next administration "should include seeking and integrating input from legislative bodies, universities, think-tanks, and friends in the Muslim world." In this manner, both peoples and governments opposed to violent extremists can play a part in promoting dialogue and understanding, and help counter the Al-Qaeda threat.Table of Contents

Georgia Accuses Russia of Coordinated CyberattackFrom ZDNet (UK), 11 Aug 2008The Georgian Embassy in the UK has accused Russia of launching cyberattacks to coincide with military hostilities over the weekendThe Georgian embassy in the UK has accused forces within Russia of launching a co-ordinated cyberattack against Georgian websites, to coincide with military operations in the breakaway region of South Ossetia. Speaking to ZDNet.co.uk on Monday, a Georgian embassy spokesperson said that websites had been unavailable over the weekend, claiming this was due to Russian denial-of-service attacks. "All Georgian websites have been blocked," said the spokesperson. "Georgia is working on redirecting web traffic." At the time of writing, the Ministry of Defence of Georgia website was unavailable for viewing from the UK. Both the Georgian presidential website and the Ministry of Foreign Affairs of Georgia website were available, but the spokesperson said this was due to Georgian redirection work. "They are new [websites]," said the spokesperson. "It was impossible two days ago [to access them]." However, the spokesperson admitted that, as yet, Georgia could not confirm that Russia had been responsible, as the causes were still "under investigation". "Who else might it be though?" asked the spokesperson. The Russian embassy in London said it had no information regarding cyberattacks against Georgia, but insisted there had been no military attack against Georgia. "I'd like to draw attention to a misunderstanding," said a Russian embassy spokesperson. "There is no Russian [military] attack. There is peace enforcement in South Ossetia." According to a post on the website of the president of Poland, Lech Kaczynski, the Russian government blocked Georgian websites to coincide with "military aggression". "Along with military aggression, the Russian Federation is blocking Georgian internet portals," read a statement on the Polish presidential website. "On request of the president of Georgia, the president of the Republic of Poland has provided the website of the president of Poland for dissemination of information." One of the statements made by the Georgian government on the Polish presidential website accused the Russians of bombing the port of Poti on the Black Sea, "far from South Ossetia", and of sending warships into the area.

Page 11

"[Poti] serves as a vital energy-transit route to Europe," read the statement. "Over the past 48 hours, Russian forces have killed over 100 Georgian civilians and soldiers, after targeting residential complexes in Georgia, as well as airports, bases, and other vital infrastructure." The RBN website, which normally attempts to track the activities of the criminal Russia Business Network, kept a running commentary of technical developments over the weekend. On Saturday, the RBN blog, which is run by security researcher Jart Armin, claimed there was a "full cyber-siege" of Georgia. The RBN blog post claimed that the Russia-based servers AS12389 Rostelecom, AS8342 Rtcomm and AS8359 Comstar were controlling all traffic to Georgia's key servers. According to the blog, German hackers managed to route traffic directly to Georgia through Deutsche Telekom's AS3320 DTAG server for "a few hours" on Saturday, but this traffic was intercepted and rerouted through AS8359 Comstar, which is located in Moscow. The RBN website also warned users not to trust any websites that appeared to be maintained by the Georgian government but did not have any statements about the weekend's hostilities, as these had likely been intercepted and altered. Security organisation the Shadowserver Foundation reported in an update to an earlier blog post that it was also seeing cyberattacks directed against ".ge" sites, with the Georgian presidential and websites being hit with HTTP floods. Shadowserver reported that the command-and-control server being used to launch the attacks was located in Turkey. In July, Shadowserver security volunteer Steven Adair reported that the president of Georgia's website had suffered a denial of service attack following a build-up of hostilities between Russia and Georgia over South Ossetia.Table of Contents

Photography as a WeaponBy Errol Morris, New York Times, 11 Aug 2008As almost everyone knows by now, various major daily newspaper published, on July 10, a photograph of four Iranian missiles streaking heavenward; then Little Green Footballs (significantly, a blog and not a daily newspaper) provided evidence that the photograph had been faked. Later, many of those same papers published a Whitman’s sampler of retractions and apologies. For me it raised a series of questions about images.[1] Do they provide illustration of a text or an idea of evidence of some underlying reality or both? And if they are evidence, don’t we have to know that the evidence is reliable, that it can be trusted? Hany Farid, a Dartmouth professor and an expert on digital photography, has published a number of journal articles and a recent Scientific American article on digital photographic fraud. He seemed to be a good person to start with. If a photograph has been tampered with, he’s the person to analyze how the tampering has been done. I wanted to discuss with him the issue of the Iranian photograph starting with the issue of why we trust photographs in the first place.HANY FARID: The short answer is: I don’t know. The longer answer is: if you look at the neurological level, what’s happening in our brain, roughly 30 to 50 percent of our brain is doing visual processing. It’s just processing the visual imagery that comes in, and if you think about it in terms of bandwidth, there is a remarkable amount of information entering into our eyes and being processed by the brain. Now, the brain samples like a video camera, but 30 frames a second, high resolution, massive amounts of information. Vision is a pretty unique sense for the brain. It’s incredibly powerful and is very valuable from an evolutionary point of view. So it’s not surprising that it has an emotional effect on us. The Vietnam War, the war abroad and the war at home, has been reduced to a few iconic images — the Napalm girl, the girl at Kent State. What seems to emerge from major events and eras are one or two images that effectively embody the emotion and rage, the happiness and anger. The whole thing somehow is enfolded in there. The brain is just very good at processing visual imageries and bringing in memories associated with images.ERROL MORRIS: But text is often brought in visually as well.

Page 12

HANY FARID: Sure, but processed in a different part of the brain. So, yes, the visual system has to process it, but where it’s actually being processed is not in the back of the brain where the visual processing is, it’s on the side of the brain. It’s the language center, which is completely different. And there are plenty of people out there, my girlfriend is a middle school teacher and she talks all the time about kids who are visual learners and kids who are language learners, and who are auditory. So there’s different ways of processing information. But there’s no doubt that it is remarkably powerful. For example, when you put out a fake, like the Kerry/Fonda one.[2] And even like this missile one. You start putting it out there and saying, “Oh look, this picture? It’s a fake. This picture? It’s a fake.” But you know what people remember? They don’t remember, “It’s a fake.” They remember the picture. And there are psychology studies, when you tell people that information is incorrect, they forget that it is incorrect. They only remember the misinformation. They forget the tag associated with it. They did these great studies, especially with older people. They give them information about health, Medicare, Medicaid, that kind of stuff. And they say, “this information that you heard? It’s wrong.” And what ends up happening is, that information gets ingrained into their brains, and even if they are subsequently told it’s wrong, they end up believing it.[3] [4]ERROL MORRIS: It occurred to me, just with respect to the missile photograph, that if the people who Photoshopped this photograph wanted to call additional attention to it, they could do no better than what they did.HANY FARID: That’s exactly right. Look at how much attention is being brought to it. At the end of the day, even though they doctored the photograph, it shows that these guys still fired three missiles, and they sure brought a lot of attention to it.ERROL MORRIS: The threat remains. What are we supposed to infer? It’s a fake, so there is no need to worry? The real threat is only 75 percent of what we thought. Three missiles instead of four.HANY FARID: It raises a whole other level of information warfare, right? You intentionally put things out there just to know that the controversy in and off itself will help you make your point.ERROL MORRIS: And since it is a version of chest thumping or saber rattling — whatever you want to call it — the thumping and the rattling linger on.HANY FARID: Has there been a response from the Iranians?ERROL MORRIS: A variety of different responses — from bellicose to reassuring. Ahmadinejad said that Iran had no intention of attacking Israel.[5]HANY FARID: But no admission about doctoring the photograph?ERROL MORRIS: No. Not that I’m aware of. But doctored photographs are the least of our worries. If you want to trick someone with a photograph, there are lots of easy ways to do it. You don’t need Photoshop. You don’t need sophisticated digital photo-manipulation. You don’t need a computer. All you need to do is change the caption. [The photographs presented by Colin Powell at the United Nations in 2003 provide several examples. Photographs that were used to justify a war. And yet, the actual photographs are low-res, muddy aerial surveillance photographs of buildings and vehicles on the ground in Iraq. I’m not an aerial intelligence expert. I could be looking at anything. It is the labels, the captions, and the surrounding text that turn the images from one thing into another.[6]

Page 13

Photographs presented by Colin Powell at the United Nations in 2003. (U.S. Department of State)Powell was arguing that the Iraqis were doing something wrong, knew they were doing something wrong, and were trying to cover their tracks. Later, it was revealed that the captions were wrong. There was no evidence of chemical weapons and no evidence of concealment.

Reinterpretation of photographs presented by Colin Powell, by Daniel Mooney.There is a larger point. I don’t know what these buildings were really used for. I don’t know whether they were used for chemical weapons at one time, and then transformed into something relatively innocuous, in order to hide the reality of what was going on from weapons inspectors. But I do know that the yellow captions influence how we see the pictures. “Chemical Munitions Bunker” is different from “Empty Warehouse” which is different from “International House of Pancakes.” The image remains the same but we see it differently.[7]Change the yellow labels, change the caption and you change the meaning of the photographs. You don’t need Photoshop. That’s the disturbing part. Captions do the heavy lifting as far as deception is concerned. The pictures merely provide the window-dressing. The unending series of errors engendered by falsely captioned photographs are rarely remarked on. – E.M.]HANY FARID: You are absolutely right; you don’t need Photoshop to editorialize. We can go back to Mao and Stalin and Castro and Mussolini, and all these guys. All the dictators doctored photographs in order to effectively change history. So why is this a big deal? Is it because of the power of visual imagery, the fact that it resonates so much? Maybe that will change with the next generation. Maybe this new generation will be thinking about images differently. There is a savviness about what technology can do. Kids now are growing up in digital age where they routinely see doctored images in their mailboxes, in the media, on television, and so on and so forth.

Page 14

ERROL MORRIS: But, as we become more and more sophisticated about images — about how images are processed — haven’t we become more sophisticated about detecting fraud? Photoshop manipulations are relatively easy to detect. They fool the eye, but they don’t necessarily fool the expert.HANY FARID: The answer is: yes and no. It depends on the image source. So, if we have the raw files[8], if we have the original footage from someone’s digital camera, you can’t fool us anymore. We have enough technology today where, given the camera, the original images that came off the camera, we can tell if you’ve manipulated them. If, however, you are talking about an image that has been cropped and reduced and compressed and posted on the web, then we might be able to do it, but there’s no guarantee. The task is decidedly harder because a lot of information has been thrown away. You’ve compressed the image; you’ve resized it. This is why all the Loch Ness monster and ghost images are always so tiny and grainy, because then you can’t see the signs of tampering. With low-res images it’s much harder to detect a fake. Definitely, when we have a high-res original image, we are much better at it.[People often trust low-res images because they look more real. But of course they are not more real, just easier to fake. We look at picture of Nessie (the Loch Ness Monster). It’s grainy, fuzzy. It’s hard to make anything out. You never see a 10-megapixel photograph of Big Foot or the Abominable Snowman or the Loch Ness Monster. One explanation is: these monsters don’t exist. But if they did exist — so the thinking goes — they are probably unwilling to sit still for portraiture. The grainy images are proof of how elusive Nessie can be. This belief extends to documentary filmmaking, as well. If it’s badly shot, it’s more authentic. – E.M.]ERROL MORRIS: Well, finding evidence that someone has used the Photoshop clone-tool is relatively easy, isn’t it, if you have a raw file in front of you as a comparison?HANY FARID: Well, certainly if you have the original, but even without the original, we’re actually pretty good at detecting cloning. Now interestingly, in the Iranian missile image, I actually ran the clone detection software, and it did not detect it. Here’s the reason: they’re not perfect clones. They actually have been adjusted a little bit, and if you look carefully at the image, you will see this. There are two things going on. First of all, the image has been JPEG compressed, which changes the cloning a little bit, but we can still detect cloning in the present JPEG. But what happened is it was altered after it was cloned. Somebody went in and actually manipulated in small places to make it look less obvious. The Iranian photograph was done much more carefully and much more subtly. There were these four folds of smoke in the bottom right hand corner in one of the plumes. If they had actually adjusted that a little bit, which is what I do when I clone, people wouldn’t have seen it. That makes the fake even more impressive, because it wasn’t just copy, paste. We would have detected that. And frankly, if we didn’t have the photo with the third missile not launching, and somebody asked me what do you think, I would have said, “Well, I think it’s suspicious, but I’m not sure.”ERROL MORRIS: But here’s a question. First, there was one picture. Then there were two. When did the second picture become available? Did the Iranians post both photographs, the cloned and the uncloned original? If I’m interested in deceiving you, and I have produced an altered photograph B based on photograph A, which has not been cloned, don’t I suppress A? Don’t I suppress the unaltered photograph?HANY FARID: I don’t know where it [the three-missile photograph] came from.[9] Maybe there was just another photographer there. And if you look, it is not the original photograph that was manipulated. The photo with three missiles was taken just before, and from a slightly different vantage point. So I think what was happening was that there was another photographer and that image got released also, and that’s how we know that the third missile misfired. By the way, it’s not obvious, although everybody’s saying it is, that this is only a clone job. It could’ve been that that fourth missile fired, just at a later time, so that they tested it afterwards. It fired, they took a picture of it, and then they composited it, as opposed to cloned it, into the original picture. That also would explain why they’re not exact copies of each other. So I’m not exactly sure what happened.ERROL MORRIS: If you believe that it could not have been simple cloning, or they went in and they altered a pixel here and there, to muddy the waters, can you really say that with certainty?

Page 15

HANY FARID: The reason why we’re sure it was tampered with is because we have that other photograph. That’s why we know, right? That’s what really locks it in.ERROL MORRIS: But how do you know that that other photograph hasn’t been altered? HANY FARID: That’s a fair question. How do we know that that one’s not fake, as well?ERROL MORRIS: Yes. There’s a remarkable story about the forging of the Hitler diaries. The forger was so prolific, he created so many forgeries — letters, watercolors, diaries, etc. — that handwriting analysts (charged with the task of authenticating the diaries) took writing examples done by the forger thinking they were genuine examples of Hitler’s handwriting and compared them to the diaries. They authenticated the diaries on that basis.[10] Often we make a comparison between something that we believe is real and something that we believe is fake. I guess the moral of the story is we should always consider the possibility that we may be comparing something fake with something else that is fake.HANY FARID: It’s sort of like Rembrandt, right? His body of work has been shrinking for decades now, right? And so what’s considered to be his body of work is completely different now, cause he was faked so heavily. It’s a good question. The reason why we believe that the one with the four missiles is fake is that there is pretty strong, at least circumstantial, evidence that the cloning was there. The plumes of smoke look very, very similar. There are a lot of little pieces. But also, when you clone with a standard clone tool, there’s like a soft cloning, so it does a little bit of like alpha matting, so that it’s not a hard edge. And you see along the rocks, there’s definitely some funny business going on. Again, visually it’s not a certainty. But it certainly looks more suspicious.ERROL MORRIS: But when we see something suspicious, aren’t we asking also asking the questions: What are they up to? Why are they doing this? Why are there three missiles in one photograph and four in another? What is going on here? What were they thinking? The simple answer: If my desire is to present a bellicose posture to the West, fine, clone a couple of those missiles. We know it’s a fake. But what are we supposed to infer from the photograph? Is it that these Iranians are so unscrupulous they will stop at nothing? * * ***Looking at photography critically is also very much part of the agenda of Little Green Footballs. I spoke with Charles Johnson, who created and manages the Web site, about the role that he has played in uncovering several photographic frauds. He originated the term “fauxtography” and is something of a gadfly. His method is often visual, using elegant visual comparisons — jumping back in forth between two images to highlight the similarity of certain details. He has used this technique to challenge the authenticity of the Killian documents[11], as well as several fauxtrographs from Lebanon and Iran.[12]ERROL MORRIS: How did the controversy start?CHARLES JOHNSON: Someone emailed me and said, “Go look at this photograph.” He said, “This looks like there really aren’t four missiles here.” So I took a look at the photo, and there it was, repeating patterns in the smoke. [In Little Green Footballs, Charles Johnson graphically explains the similarities between specific areas of the fauxtograph.[13]ERROL MORRIS: Did you subject it to any kind of test?CHARLES JOHNSON: Well, you can take the image into Photoshop and exaggerate the contrast, or do some other kinds of manipulations. That can show you where areas were cut and pasted. There is no need to really put it under the microscope when it’s staring you in the face.

Page 16

Repeating patterns in the smoke. (Charles Johnson, littlegreenfootballs.com)ERROL MORRIS: What I find puzzling about it is they now have shown two different photographs. The photograph pre-Photoshop, and then of course the other one post-Photoshop.CHARLES JOHNSON: The pre-Photoshop shows that one of the missiles didn’t launch.ERROL MORRIS: Yes. But if you wanted to put out a fake story why would you release both photographs?CHARLES JOHNSON: It’s an odd thing, isn’t it? You could really go down the rabbit hole with that. You can start concocting different theories, like maybe they wanted it to be discovered. But, I’ve learned that you should never attribute to cleverness what can be easily explained by stupidity. And I think there’s a lot of stupidity in those organizations. It’s not really surprising that one hand might not know what the other was doing. They all came from Iran, I know that much. If I check it out, I think it was Sepah. The L.A. Times on their front page actually credit it to the Revolutionary Guard. I thought that was pretty ironic.ERROL MORRIS: Ironic?CHARLES JOHNSON: Well, it’s just very odd to see a photo on the cover of a major American newspaper that’s credited to one of our sworn mortal enemies. And I don’t think I’m the only one who finds that a bit disturbing.ERROL MORRIS: I guess the attribution tells you you’re looking at a genuine Iranian photograph — the photograph really came from Iran — not that the photograph itself is genuine.CHARLES JOHNSON: It’s important for a totalitarian regime to maintain control over information. And when they have a failure and it’s supposed to be one of their glorious weapons demonstrations, they want to cover it up. That’s the easiest and simplest explanation.ERROL MORRIS: That seems entirely reasonable. They want us to be impressed with the military might of Iran. With their capacity to retaliate. It says visually: if attacked, we are going to annihilate you.CHARLES JOHNSON: Which is apparently what most of the editors of major newspapers in America thought. Because they ran it on their front pages.ERROL MORRIS: Do you think that’s their reasoning?CHARLES JOHNSON: No, I think their reasoning is it was a sexy picture. That’s what I think. I don’t think it has anything to do with ideology.ERROL MORRIS: It just looks good?CHARLES JOHNSON: Right.ERROL MORRIS: But it does convey, on some very basic level, military might even though you don’t really know what the payload is. You don’t know what the range is. You don’t know anything

Page 17

about the missiles. You just know that there are four of them, and they’re streaking into the sky. And presumably they’re heading west. But even in exposing the fraud, we’re still left with the missiles, no?CHARLES JOHNSON: Right. They were real missiles, yes.ERROL MORRIS: Well, we presume they’re real missiles.CHARLES JOHNSON: As far as we know.ERROL MORRIS: As far as we know. So why is it so important to expose this kind of fraud?CHARLES JOHNSON: Well, one reason is because I don’t think you should ever not expose fraud. When you see a photo that’s been faked, and it’s on the cover of newspapers, and it came from a regime that’s our enemy, you’ve got to expose that, if you see it.

ERROL MORRIS: Does this fraud in any way change your view of the government of Iran?CHARLES JOHNSON: Probably not my view, but it might change other people’s views. * * *Charles Johnson’s term “fauxtography,” of course suggests that there is something “true” about photography, at least photography that isn’t posed or Photoshopped. And in recent years, the mainstream press has embraced this orthodox view. The principle is straightforward. Zero tolerance. Allow no digital manipulation. No posing. If a photographer uses any one of a variety of Photoshop tools, fire him. It’s not that I disagree with these rules. I don’t, but the development of Photoshop (1) can heighten our awareness of how a photograph can be manipulated, and (2) may inure us to all the other ways in which an image’s relationship to truth can be compromised. It allows the false assumption: if we can just determine that this photograph wasn’t Photoshopped, then it must be “true.”[14] But Photoshop serves as a reminder to us of something that we should have known all along: photographs can deceive.The presumption behind a photograph is: “Someone saw this.” It is supposedly presenting something that someone saw and wished for someone else to see. What is it that angers us? Charles Johnson has it right. We are angered because we have been the victims of fraud. We have been tricked. In essence, we have been lied to. The problem is not that the photograph has been manipulated, but that we have been manipulated by the photograph. Photoshop is not the culprit. It is the intention to deceive.[15]Of course, the manipulation of photographs is nothing new. It is as old as photography itself. And there are manipulated photographs that make no attempt to deceive. John Heartfield, one of the creators of photomontage in the 1920’s and 30’s (along with other representatives of Dada — Ernst,

Hoch and Hausmann), employed the motto: “Use Photography as a Weapon.” And sure enough, he juxtaposed familiar photographic images to create a bleak picture of Europe on the verge of war. (The picture at left appeared in Prague on June 29, 1938. By the end of September the Munich Agreement was signed and the Sudetenland ceded to Hitler.) Text, particularly ironic text, was an essential element of almost all of Heartfield’s pictures. Here it reads: “This is the Salvation They Bring.”A photomontage by John Heartfield, which appeared in Workers’ Illustrated Newspaper, June 29, 1938. (2008 Artist Rights Society (ARS), New York/ VG Bild-Kunst, Bonn)

Heartfield changed his name from Helmut Herzfeld because of his pacifist sympathies. After World War I, he no longer wished to see himself as German. Herzfeld, who was five-foot-two, used photomontage to take on the Third Reich. He fled Berlin in April 1933, just a step ahead of the Gestapo and went to Prague where he continued to work for almost six years. In December, 1938

Page 18

Germany was demanding Heartfield’s extradition and just ahead of the Gestapo, he fled to London, where he remained for the rest of the war.[16] Heartfield was asked in 1967, the year before he died, how he got the idea of photomontage. He replied, “I started making photomontages during the First World War. There are a lot of things that got me into working with photos. The main thing is that I saw both what was being said and not being said with photos in the newspapers … I found out how you can fool people with photos, really fool them … You can lie and tell the truth by putting the wrong title or wrong captions under them, and that’s roughly what was being done …” [17]He had become convinced that photographs were being used to sell a war that had already been lost. For Heartfield, lurking around every image is manipulation. The very real possibility that images can and will be used as propaganda even though no (chemical or digital) manipulation is involved. Heartfield, in one of his most powerful images (from 1930), uses photomontage to challenge images and words.

The text accompanying the image[18] states: “Whoever reads bourgeois newspapers becomes blind and deaf. Away with these stultifying bandages.”Heartfield’s point is that we should be suspicious of what we see and what we read — of what we are told. The essence of his art is an attempt to take images — usurp them and use them to tell a different story. He is asking us to think of images as images — to think of them ironically — and to make connections where connections were not made before. It is not so much expropriation of images — to use a term that is currently fashionable — as a repurposing of them.

A photomontage by John Heartfield from 1930. (2008 Artist Rights Society (ARS),

New York/ VG Bild-Kunst, Bonn)

A similar thing is happening today. Pop culture parodies of the Four-Missile Photograph emerged almost at once. The blog Boing Boing sponsored a contest: “Iran: You Suck at Photoshop” and posted several of the winners.[19] The Iranian-Godzilla image might be my favorite, if only because it raises the specter of atomic disaster. Wasn’t Godzilla (according to the narrative) accidentally awakened and mutated by the atomic bomb? The image ridicules the Iranians but at the same time reminds us of the possibility of an apocalypse in the Middle East? The possibility of World War III?Other blog postings include cartoon characters and others kinds of clones. Uncle Sam clutching one missile and looking reprovingly at the Photoshopped missile, as if to say, “You won’t get away with this.”

Credit: arewelumberjacks.blogspot.com. (http://blog.wired.com/defense/2008/07/attack-of-the-p. html)

A cloned storm-trooper army of rampaging Ahmadinejads.

Page 19

Credit: suitability.com. (http://blog.wired.com/defense/2008/07/attack-of-the-p. html)

For me, Godzilla and Wile E. Coyote are in the spirit of Heartfield.

Credit: Colorado Doug and GOPyouth, snappedshot.com. (http://blog.wired.com/defense/2008/07/attack-of-the-p. html)

The intention is not just to ridicule, but to make us think. Godzilla, emerging from the smoke of three rockets, reminds us of the danger of nuclear war. And Wile E. Coyote, reminds us of our vulnerability. Did he order his shield from the Acme Anti-Ballistic Shield Corporation? Here he is, holding his pathetic orange umbrella as the world devolves into nuclear war — another scheme to catch the Roadrunner gone horribly awry.Are we all Wile E. Coyotes?After Godzilla was first introduced to the public, there were some questions about whether Godzilla was a good monster or a bad monster. Sure, he crushed people and created havoc in Tokyo, but did he have bad intentions? Several additional movies were needed in order to clarify this and other questions about his motivations. New monsters were proposed, vetted and movie projects built around them. First, Rodan, then Mothra. If Godzilla wasn’t so bad, who or what was worse? The answer was soon forthcoming. Ghidrah (sometimes spelled Ghidorah[20]), a particularly nasty three-headed monster, was introduced and revealed to be Godzilla’s mortal enemy. A new axis of evil. Monsters fighting other monsters. Presumably, we can’t even create fictional monsters without dividing them into good and evil. Clearly, we are fascinated by the spectacle of a war fought by the monsters we conjure in our minds. In the film Ghidrah: King of the Monsters, it is revealed that Godzilla is a good guy, not a villain — his hatred of humans is the product of a series of unprovoked attacks by humans against him. We should remember that the power of photographs comes not only from their ability to copy reality, but also to alter reality. Photographs can be used — to borrow Heartfield’s phrase — as weapons. They can be used to warn us about the dangers of impending war. They can also be used to ratchet up the blind forces of rage and unreason that drag us into conflict. * * *[Author’s] Acknowledgments. I would like to thank Charles Silver, Ron Rosenbaum, Julia Sheehan, Dan Polsby, Alice Truax and Ann Petrone for reading several drafts of this essay and suggesting a number of essential ideas. Joshua Woltermann provided research and fact checking.FOOTNOTES:[1] The images have been discussed in The Lede.

Page 20

[2] I have discussed the Kerry/Fonda image in a previous essay. Basically, a fauxtograph was created putting Kerry and Fonda together at an anti-war rally. They had both been to anti-war rallies, but they were not speaking together at one rally.[3] We believe things that we have been told are false. We also “remember” things that never happened to us. An image can make us think that we were present at events that we have no direct experience of. When natural selection put our brains together, was there a set of pigeon-holes for information, e.g., this piece of information came from The National Enquirer, this other piece of information came from The New York Times, this third piece of information came from direct experience. Of course, we try to assess the reliability of information, but with the swirl of information around us, there if often little opportunity to sort it into reliable, less reliable and totally unreliable information. It’s just a sodden mass of information. Years ago, I was watching “Six O’Clock News,” a documentary film by Ross McElwee. In the movie, there is a scene of a television crew shooting ‘Baywatch’ from the Santa Monica pier. A year later I was standing on the Santa Monica Pier telling a producer, “The last time I was here I watched a television crew shooting ‘Baywatch.’” The producer said, “No, you weren’t. You were watching Ross McElwee’s film ‘Six O’Clock News.’ ” Of course, the producer was correct. I was confused. I had confabulated the experience of seeing something in a movie with real life. Supposedly, Ronald Reagan often made this mistake, but how can you really remember which experiences were first-hand, which were seen in a movie? Or appeared on television or in a magazine? [4] Freeman Dyson tells a story (in The New York Review of Books) about a childhood experience:“When I was a boy in England long ago, people who traveled on trains with dogs had to pay for a dog ticket. The question arose whether I needed to buy a dog ticket when I was traveling with a tortoise. The conductor on the train gave me the answer: ‘Cats is dogs and rabbits is dogs but tortoises is insects and travel free according.’”Nicholas Humphrey in a letter to the editors pointed out that “the very same encounter appeared as a cartoon in Punch in 1869. The caption of the cartoon reads:Railway Porter (to Old Lady traveling with a Menagerie of Pets). “‘STATION MASTER SAY, MUM, AS CATS IS ‘DOGS,’ AND RABBITS IS ‘DOGS,’ AND SO’S PARROTS; BUT THIS ‘ERE ‘TORTIS’ IS A INSECT, SO THERE AIN’T NO CHARGE FOR IT!” [Punch, 1869, Vol. 57, p. 96]”An 1869 cartoon by Charles Keene that appeared in Punch magazine. Used with permission from The Punch Library.Freeman Dyson replied:“Thanks to Nicholas Humphrey and Michael Jackson for letters informing me of the 1869 Punch cartoon about tortoises and dogs on trains. My memory of traveling with a tortoise has two possible explanations. The first and more probable is that I heard of the conversation recorded in the Punch cartoon and transformed it over the years into a memory. This would not be the first time that I remembered something that never happened. Memories of childhood recollected in old age are notoriously unreliable. The second possible explanation is that the memory is accurate. In that case the conductor on the train knew the cartoon and said what he was supposed to say according to the script.”Here, Dyson essentially admits to having confabulated seeing a Punch cartoon with a real experience. My friend Charles Silver has provided a thoughtful analysis. “Here are several (overlapping) definitions for ‘confabulation’: inventing things that aren’t true; making up something that’s thought to be true for a variety of reasons, one being to fill in memory gaps; inventing something that’s hoped to be true; imagining that something happened to you after hearing a report or reading a story about someone else; manufacturing, deliberately or not, a portion of reality; arriving at a fabricated story; and just plain lying.”[5] That Iran is interested in projecting a bellicose posture to Israel and the West is hardly arguable. Globalsecurity.org has published a series of Iranian press releases. This one might be called “The Regretful Response,” but more appropriately, it could be called, “The Not-So Regretful Threat.” IRNA - Islamic Republic News AgencyTehran, July 11, IRNA –Iran-Prayers-Kashani — Substitute Friday prayers leader of Tehran Ayatollah Mohammad Emami Kashani said Friday that the Islamic Republic of Iran is not a threat but will give a regretful response to possible invasions. “… So, Iran is not a threat. That’s what regional and even western states have said. They say Iran is ready for talks. Don’t raise hue and cry against Iran. Oh! The world’s liars! Oh the liar Israel! Oh the liar White House! If you wish to attack Iran, we will give you a response that will make you regretful,” said Ayatollah Kashani in his second Friday prayers sermon.”[6] The Times a year later ruefully admitted that the “intelligence” was in error. “According to the interviews conducted by The New York Times, the administration’s argument that Iraq was producing biological weapons was based almost entirely on human intelligence of unknown reliability. When mobile trailers were found by American troops, the White House and C.I.A. rushed out a white paper reporting that the vehicles were used to make biological agents. But later, an overwhelming majority of intelligence analysts concluded the vehicles were used to manufacture hydrogen for weather balloons or possibly to produce rocket fuel…” Powell’s Case, a Year Later: Gaps in Picture of Iraq Arms, by Douglas Jehl and David E. Sanger, The New York Times, Feb. 1, 2004.[7]Powell’s words before the United Nations provide little justification beyond various appeals to authority: “Let me say a word about satellite images before I show a couple. The photos that I am about to show you are sometimes hard for the average person to interpret, hard for me. The painstaking work of photo analysis takes experts with years and years of experience, poring for hours and hours over light tables. But as I show you these images, I will try to capture and explain what they mean, what they indicate, to our imagery specialists. Let’s look at one. This one is about a weapons munitions facility, a facility that holds ammunition at a place called Taji. This is one of about 65 such facilities in Iraq. We know that this one has housed chemical munitions. In fact, this is where the Iraqis recently came up with the additional four chemical weapons shells… Let me give you a closer look. Look at the image on the left. On the left is a close-up of one of the four chemical bunkers. The two arrows indicate the presence of sure signs that the bunkers are storing chemical munitions. The arrow at the top that says ’security’ points to a facility that is a signature item for this kind of bunker. Inside that facility are special guards and special equipment to monitor any leakage that might come out of the bunker. The truck you also see is a signature item. It’s a decontamination vehicle in case something goes wrong. This is characteristic of those four bunkers. The special security facility and the decontamination vehicle will be in the area, if not at any one of them or one of the other, it is moving around those four and it moves as needed to move as people are working in the different bunkers.”[8] The raw data from the image sensor or chip of a digital camera.[9] Both the three and four missile photographs were posted on the website of Sepah News, the media arm of the Iranian Revolutionary Guards.[10] Ludwig Wittgenstein in the “Philosophical Investigations”, section 265. It is “[a]s if someone were to buy several copies of the morning paper to assure himself that what it said was true.”[11] These documents, critical of George W. Bush’s service in the Texas Air National Guard in the 1970s, were allegedly written by Bush’s commander, Lt. Col. Jerry B. Killian. They were used by Dan Rather in a segment of “60 Minutes “piece on September 8, 2004. The faxed copies were presented as facsimiles of the originals. The evidence supplied by Charles Johnson makes this seems unlikely.[12] I recently had a discussion with my friend Ron Rosenbaum about the difference between a skeptic, a contrarian, and what-I-call a hyperbolic contrarian. The Skeptic says, “Everybody believes it, but I’m not so sure I believe it;”

Page 21

The Contrarian says, “Everybody believes it, so I think it’s probably false.The Hyperbolic Contrarian says, “Everybody believes it, so it’s definitely false. I mention these distinctions because there is a little of the Hyperbolic Contrarian in Charles Johnson and probably in me, as well.[13] ‘Iran’s Photoshopped Missile Launch,’ littlegreenfootballs.com.[14] I argued against the idea that photographs are either true or false in my first essay for Zoom, “Liar, Liar, Pants On Fire.”[15] The handkerchief may be the vehicle of Iago’s deception, but it is Iago who does the deceiving.[16] Heartfield survived the war, the Third Reich did not.[17] “John Heartfield,” edited by Peter Pachnicke and Klaus Honnef, Harry N. Abrams (1992).[18] Here is part of the additional text in small print on the right side of the photomontage: “I AM A CABBAGE HEAD. DO YOU KNOW MY LEAVES? FROM WORRIES I AM AT MY WIT’S END, BUT I KEEP QUIET AND HOPE FOR A SAVIOUR… I DON’T WANT TO SEE AND HEAR ANYTHING, OR TO INTERFERE WITH PUBLIC AFFAIRS…”[19] ‘Iran: You Suck at Photoshop,’ boingboing.net.[20] I don’t want to further antagonize him by misspelling his name.Table of Contents

Coordinated Russia vs Georgia Cyber Attack in Progress (blog)Posted by Dancho Danchev on ZDNet, 11 Aug 2008In the wake of the Russian-Georgian conflict, a week worth of speculations around Russian Internet forums have finally materialized into a coordinated cyber attack against Georgia’s Internet infrastructure. The attacks have already managed to compromise several government web sites, with continuing DDoS attacks against numerous other Georgian government sites, prompting the government to switch to hosting locations to the U.S, with Georgia’s Ministry of Foreign Affairs undertaking a desperate step in order to disseminate real-time information by moving to a Blogspot account.

Who’s behind it? The infamous Russian Business Network, or literally every Russian supporting Russia’s actions? How coordinated and planned is the cyber attack? And do we actually have a relatively decent example of cyber warfare combining PSYOPs (psychological operations) and self-mobilization of the local Internet users by spreading “For our motherland, brothers!” or “Your country is calling you!” hacktivist messages across web forums. Let’s find out, in-depth.The attacks originally starting to take place several weeks before the actual “intervention” with Georgia President’s web site coming under DDoS attack from Russian hackers in July, followed by active discussions across the Russian web on whether or not DDoS attacks and web site defacements should in fact be taking place, which would inevitably come as a handy tool to be used against Russian from Western or Pro-Western journalists. The peak of DDoS attack and the actual defacements started taking place as of Friday:

“Several Georgian state computer servers have been under external control since shortly before Russia’s armed intervention into the state commenced on Friday, leaving its online presence in dissaray. While the official website of Mikheil Saakashvili, the Georgian President, has become available again, the central government site, as well as the homepages for the Ministry of

Page 22

Foreign Affairs and Ministry of Defence , remain down. Some commercial websites have also been hijacked.

The Georgian Government said that the disruption was caused by attacks carried out by Russia as part of the ongoing conflict between the two states over the Georgian province of South Ossetia. In a statement released via a replacement website built on Google’s blog-hosting service, the Georgian Ministry of Foreign Affairs said: “A cyber warfare campaign by Russia is seriously disrupting many Georgian websites, including that of the Ministry of Foreign Affairs.”

After defacing Mikheil Saakashvili’s web site and integrating a slideshow portraying Saakashvili as Hitler next to coming up with identical images of both Saakashvili and Hitler’s public appearances, the site remains under a sustained DDoS attack. It’s also interesting to point out that the an average script kiddie wouldn’t bother, or wouldn’t even understand the PSYOPs effect of coming up with identical gestures of both parties and integrating them within the defaced sites.What am I trying to imply? It smells like a three letter intelligence agency’s propaganda arm has managed to somehow supply the creative for the defacement of Georgia President’s official web site, thereby forgetting a simple rule of engagement in such a conflict - risk forwarding the responsibility of the attack to each and every Russian or Russian supporter that ever attacked Georgian sites using publicly obtainable DDoS attack tools in a coordinated fashion.The DDoS attacks are so sustained that Georgian President’s web site has recently moved to Atlanta:

“The original servers located in the country of Georgia were “flooded and blocked by Russians” over the weekend, Nino Doijashvili, chief executive of Atlanta-based hosting company Tulip Systems Inc., said Monday.The Georgian-born Doijashvili happened to be on vacation in Georgia when fighting broke out on Friday. She cold-called the government to offer her help and transferred president.gov.ge and rustavi2.com, the Web site of a prominent Georgian TV station, to her company’s servers Saturday.”

More defacements of news sites and popular Georgian portals started taking place as well :“Two news websites run by breakaway South Ossetia were hacked on Tuesday morning, officials from the secessionist authorities said. The front page of the website of the news agency, OSinform - osinform.ru - which is run by the breakaway region’s state radio and television station IR - retained the agency’s header and logo, but otherwize the entire page was featuring Alania TV’s website content, including its news and images. Alania TV is supported by the Georgian government, and targets audiences in the breakaway region. Another website of the breakaway region’s radio and television station - osradio.ru – was also hacked. Alania TV has denied any involvement, saying it was itself surprised to see its content on the rival news agency’s website.”

Ironically, shortly after Civil.ge ran the story, it came under DDoS attack, and — just like Georgia’s Ministry of Foreign Affairs — it switched to a Blogger account in case the site remained unavailable.

Page 23

Moreover, the Shadowserver posted more details on the command and control servers used in the DDoS attacks, which geolocate back to Turkey and continue to remain online.

“With the recent events in Georgia, we are now seeing new attacks against .ge sites. www.parliament.ge & president.gov.ge are currently being hit with http floods. In this case, the C&C server involved is at IP address 79.135.167.22 which is located in Turkey. We are also observing this C&C as directing attacks against www.skandaly.ru. Traffic from your network to this IP or domain name of googlecomaolcomyahoocomaboutcom.net may indicate compromise and participation in these attacks.”

As always, this is just the tip of the iceberg, since on 79.135.167.22 we also have several other parked botnet command and control locations, like the following :

emultrix .orgyandexshit .comad.yandexshit .coma-nahui-vse-zaebalo-v-pizdu .comkillgay .comns1.guagaga .netns2.guagaga .netohueli .netpizdos .net

Let’s analyze the exact way in which the coordinated cyber attack was planned, a weekend’s worth of monitoring their activities :- distribute a static list of targets, eliminate centralized coordination of the attackWho was the only person ever arrested for participating in the Russian vs Estonia cyber “shock and awe” attack? A student who distributed a publicly available list of Estonian government web sites. In the ongoing Russian vs Georgia cyber war, we also have an indication of such lists actively distributed across Russian web forums. And now that the targets to be attacked are publicly known, it’s all up to the self-mobilization of the Russian Internet users.

As always, next to the hardcore hacktivists participating in the attack, there are the copycat script kiddies who seem to have found a way to enjoy the media interest into the individuals behind it. Sadly, they have no idea what they’re doing, nor how to do it. Here’s one such group, stopgeorgia.ru/stopgeorgia.info :

“We - the representatives of Russian hako-underground, will not tolerate provocation by the Georgian in all its manifestations. We want to live in a free world, but exist in a free-aggression and lies Setevom space. We do not need the guidance from the authorities or other persons, and operates in accordance with their beliefs based on patriotism, conscience and belief. You can call us criminals and cyber-terrorists, razvyazyvaya with war and killing people. But we will fight and unacceptable aggression against Russia in Space Network. We demand the cessation of attacks on information and government resources Runeta, as well as appeal to all media and journalists with a request to cover events objectively. Until the situation has changed, we will attack the Georgian government and information resources. Do not we have launched an information war, we are not responsible for its consequences. We call for the assistance of all who care about the lies of Georgian political sites, everyone who is able to inhibit the spread of black information. There is one formal mirror project - www.stopgeorgia.info. All other resources have nothing to do with the movement StopGeorgia.ru.

Page 24

DRAFT IS UNDER WWW.STOPGEORGIA.RU. IN CASE OF USE NEDOSTUPNOSTI MIRROR PROJECT - WWW.STOPGEORGIA.INFO.”

- engaging the average internet users, empower them with DoS toolsFollowing a basic cyber warfare rule, that the masses are sometimes more powerful than the botnet master’s willingness to sacrifice hundreds and thousands of his bots, the current campaign has also thought of the average Internet users who are encouraged to use a plain simple HTTP flooder distributed for this purpose. The concept is nothing new; in fact, this is state of the art cyber warfare combining all the success factors for total outsourcing of the bandwidth capacity and legal responsibility to the average Internet user. Moreover, next to the do-it-yourself tools released, end users who are not so technologically sophisticated are given instructions on how to ping flood Georgian government web sites- distribute lists of remotely SQL injectable Georgian sitesThe last time we witnessed such a tactic aiming to achieve a great deal of efficiency by basically integrating a list of remotely SQL injectable sites into a web site defacement tool, was in May’s cyber conflict where Pro-Serbian hacktivists were attacking Albanian web sites by doing exactly the same thing. Surprisingly, Russian hackers have also started distributing lists of Georgian sites vulnerable to remote SQL injections, allowing them to automatically deface them- abuse public lists of email addresses of Georgian politicians for spamming and targeted attacksAs it appears, a publicly available list of Georgian politics originally created by a lobbying organization, has started to circulate in an attempt to convince Russian hackers of the potential for abusing it in spamming attacks and targeted attacks presumably serving malware through live exploit URLs- destroy the adversary’s ability to communicate using the usual channelsIt’s been a while since I’ve last seen such a pro-active attempt to deny Georgian hackers the ability to communicate though their usual channels. One of Georgia’s most popular hacking forums has been down for over 24 hours and continues to be under a permanent DDoS attack on behalf of Russian hackers who have on purposely raised the issue of ensuring that they are unable to reach the local hacktivists and one another. No matter the attack, one should never underestimate other’s people’s ability to adapt to a certain situation - The Russian News and Information Agency - RIA Novost, was also a DDoS attack on Sunday :

“RIA Novosti news agency’s website was disabled for several hours on Sunday by a series of hacker attacks, as the conflict between Russia and Georgia over breakaway South Ossetia continued for a third day. Websites in both Russia and Georgia have been hit by cyber attacks since Georgia launched a major ground and air offensive to seize control of South Ossetia on Friday. Russia responded by sending in tanks and hundreds of troops. “The DNS-servers and the site itself have been coming under severe attack,” said Maxim Kuznetsov, head of the RIA Novosti IT department. RIA Novosti’s servers are now functioning as normal.”

The aggressiveness of the attacks is prone to accelerate in the next couple of days, due to the combination of the attacks tactics used, engaging even the less technical hacktivists next to the more sophisticated botnet master. Realizing what’s coming, Estonia has informally offered help to Georgia :

“Estonian officials say that the DDoS attacks targeted against Georgia were very similar to the attacks made against Estonian websites in 2007 after the removal of the Bronze Soldier monument. Unofficially, Estonia and Georgia have been discussing the possibility to send a special team of online security specialists to Georgia. A representative of the Development Centre of State Information Systems said that by now Georgia has not yet made a formal proposal. “This will be decided by the government,” said the official.”

Who’s behind this campaign at the bottom line? As we’ve already established a connection with well known provider of botnet services in the previous attack against Georgia President’s web site, a connection made possible to establish due to a minor mistake on behalf of the people behind the attack, there’s no connection with the current attacks and the Russian Business Network, unless of

Page 25

course you define the Russian Business Network as the script kiddies and the dozen of botnet masters paricipating who have somehow managed to build their botnets using RBN services in the past, and are now using them against Georgia’s Internet infrastructure.Overall, contingency planning in times when you need to spread a message about what’s going in your country, but have you official government sites logically the de facto information sources in such cases shut down, is crucial for reaching out to the rest of the world who would disseminate the message using the long tail. Then again, this is perhaps the first time in such a cyber conflict –aiming to deny the targeted country’s ability to reach the world with real-time information on the real-life warfare events — where the targeted country is urging others to obtain this information through a third country President’s web site, in this case Poland, and using a blog to do so.Table of Contents

Air Force Suspends Cyber Command ProgramBy Bob Brewin, NextGov (via US Air Force Aimpoints), 08/13/2008The Air Force on Monday suspended all efforts related to development of a program to become the dominant service in cyberspace, according to knowledgeable sources. Top Air Force officials put a halt to all activities related to the establishment of the Cyber Command, a provisional unit that is currently part of the 8th Air Force at Barksdale Air Force Base in Louisiana, sources told Nextgov.An internal Air Force e-mail obtained by Nextgov said, “Transfers of manpower and resources, including activation and re-assignment of units, shall be halted.” Establishment of the Cyber Command will be delayed until new senior Air Force leaders, including Chief of Staff Norton Schwartz, sworn in today, have time to make a final decision on the scope and mission of the command.The Cyber Command, headed by Maj. Gen William Lord, touted on its Web site its capabilities to “secure our nation by employing world class cyberspace capabilities” and had ambitious plans to have a cyber command presence in all 50 states.The Cyber Command hyped its capabilities on TV, in Web video advertisements and in a series of high-profile presentations conducted by Lord. The hard sell may have been the undoing of the Cyber Command, which seemed to be a grab by the Air Force to take the lead role in cyberspace. Both the Army and Navy have similar expertise in cyber operations, service sources said.Philip Coyle, senior adviser with the Center for Defense Information, a security policy research group in Washington, said he believes the Navy’s Network Warfare Command and the Space and Naval Warfare Systems Center have led the way in cyberspace. The Army engages in cyberspace operations daily in Afghanistan and Iraq, said Coyle, who served as assistant secretary of Defense and director of its operational test and evaluation office from 1994 to 2001.The decision to ratchet back the Cyber Command may have come from Adm. Mike Mullen, chairman of the Joint Chiefs of Staff, who wants to see a greater role for the Navy in cyberspace, said an Air Force source. Coyle speculated that the Air Force may have been too public in pushing the Cyber Command and is now suffering from its own hubris.The decision to pull the plug on the Cyber Command – even temporarily – is just the latest in a string of bad news for the service, Coyle said. This includes Defense Secretary Robert Gates requested in June the resignations of Air Force Chief of Staff T. Michael “Buzz” Moseley and Air Force Secretary Michael Wynne because of the service’s poor management of nuclear weapons. Also in June, the Government Accountability Office questioned the Air Force’s selection of Northrop Grumman over Boeing for a multibillion dollar aerial refueling contract and recommended that the service reopen the competition. It did so in July.Table of Contents

Page 26

Russian Hackers Continue Attacks on Georgian Sites By Peter Svensson, AP Technology Writer Tue Aug 12, 11:47 AM ETNEW YORK - Attacks by Russian hackers against Georgian Web sites, including one hosted in the United States, continued Tuesday even as Russian President Dmitri Medvedev ordered a halt to hostilities against Georgia. Tom Burling, acting chief executive of Atlanta-based Web-hosting firm Tulip Systems Inc., said the Web site of the president of Georgia was the target of a flood of traffic from Russia aiming to overwhelm the site. Burling said bogus traffic outnumbered legitimate traffic 5000 to 1 at "http://us.rd.yahoo.com/dailynews/ap/ap_on_hi_te/storytext/tec_georgia_internet/28573179/SIG=10ps6skme/*http://president.gov.ge"president.gov.ge."Literally, our people aren't getting any sleep," Burling said.Tulip's firewall was blocking most of the malicious traffic. The site has been periodically inaccessible, though it was working midday Tuesday. Burling said the attacks have been reported to the FBI.The site was transferred from servers in Georgia, the small nation south of Russia, on Saturday. Georgian-born Nino Doijashvili, Tulip's chief executive and founder, happened to be in the country on vacation when fighting broke out Thursday. Doijashvili offered help to the government when it became apparent that Russian hackers were getting the upper hand, shutting down several government and news sites.The U.S.-based Shadowserver Foundation, which tracks Internet attacks, said they had noticed commands to attack Georgian sites being issued over the weekend to "botnets," or networks of computers that have been surreptitiously subverted by hackers. The computers are used to send bogus traffic to targeted sites, slowing them or in some cases bringing them down.The same botnets are also targeting Russian news sites and the Web site of Gary Kasparov, the Russian chess player and political activist, according to Steven Adair at Shadowserver.On Monday, hackers took over the Web site of Georgia's parliament and replaced it with an image that drew parallels between Georgian president Mikhail Saakashvili and Adolf Hitler, Adair said.Table of Contents

Pentagon Puts Hold On USAF Cyber EffortBy Pamela Hess, Associate Press, 13 August 2008 WASHINGTON (AP) — The Pentagon this week delayed and may kill the Air Force's nascent Cyberspace Command, according to a memo obtained by The Associated Press. This comes as Russia used a major computer network attack to begin its assault on Georgia.The service's Cyberspace Command is meant to coordinate computer network defense and, more controversially, offensive attacks on enemy networks. The goal, according to senior officials, is to be able to take control of adversary computer networks to thwart attacks or otherwise influence their behavior_ either with or without that adversary realizing it.The Russian computer takedown served the same purpose as a traditional air attack on enemy radars and communications antennae, said Michael Wynne, the former U.S. Air Force Secretary who made cyberwar a central mission of the Air Force."The Russians just shot down the government command nets so they could cover their incursion," said Wynne. "This was really one of the first aspects of a coordinated military action that had cyber as a lead force, instead of sending in air planes. We need to figure out a way not only see the attack coming but to block it, and in blocking it chase it home.""I think this is a very poor time to send a signal that the United States is not interested in focusing on warfighting in the cyber domain," Wynne added.Wynne was fired by Defense Secretary Robert Gates earlier this year after the Air Force's mishandling of nuclear weapons. Wynne, however, told reporters he was fired over differences with Gates on the need for additional F-22 fighter jets, among other matters.

Page 27

In a memo distributed throughout the Air Force this week, service officials announced that manning and budget transfers for Air Force Cyberspace Command have been suspended, delaying the command's official Oct. 1 start. The Pentagon and the Air Force are expected to make a decision as to the command's fate later this month. The command is temporarily based at Barksdale Air Force Base, La, and will eventually have a headquarters staff of about 500 people, and 8,000 personnel total.The Air Force considers cyberspace a "domain" for which the service should train and equip forces to defend, as it does airspace. There are about 3 million attempted penetrations of Defense Department networks every day, according to the Air Force.A senior military commander told the AP, however, that the mission to defend U.S. military networks is better vested in U.S. Strategic Command, which has the military responsibility for cyberspace across all services and commands.Russia's use of computer tools to blind Georgia may not be the first time it has flexed its cyber powers for geopolitical purposes. In the spring of 2007, Estonian government, financial and media Web sites were incapacitated by a massive denial of service attack for which many in that country blamed Russia. The attack, involving a million computers in 75 countries, coincided with controversy over Estonia's plans to relocate a Soviet-era war memorial.According to an August "for official use only" intelligence report by the Homeland Security Department, obtained by The Associated Press, there are no effective means to prevent a similar attack on U.S. Web sites connected to the Internet.Table of Contents

US Ponders Georgian Air DefensesDavid A. Fulghum, Aviation Week, Aug 13, 2008 U.S. analysts are beginning to address the question of why the Israeli Air Force was able to penetrate Syria’s Russian-made air defenses, while the Russian Air Force was not able to finesse Georgia’s Russian-made air defenses.That Russian-built and designed air defenses are exploitable was shown in the Israeli Air Force’s total shutdown of Syrian air defenses prior to bombing a suspected nuclear site last year (Aerospace DAILY, May 2). But Russia apparently didn’t have or didn’t use the digital keys to unlock the Georgians’ network.There are indications from U.S. analysts that the relative simplicity – meaning far less networking – of the Georgian air defenses made it tougher to knock out the system all at once.Nevertheless, theories abound about the apparent effectiveness of Georgia’s air defense (Aerospace DAILY, Aug. 12) that run from incompetence on the part of the Russians to links to Israel’s sophisticated electronics companies and their aggressive military export goals.During the months before the conflict, the Russians claimed to have shot down several Hermes 450 drones (supplied by Israeli-based Elbit) with fighter aircraft stationed, at least temporarily, in South Ossetia. Israeli companies also supported Georgia’s Su-25 modernization program. The same companies – Israel Aerospace Industries and Elbit – are renowned for their radar, electronic warfare and electronic attack capabilities.Wartime operating frequencies for the comparatively formidable SA-11/Buk-1M and Tor-M1 can be changed, thus making them hard for Russian electronic warfare systems to defeat, U.S. aerospace industry specialists note.SimplicityAnother reason why the Russians would have difficulty affecting the whole Georgian air defense system lies in its simplicity, according to a senior U.S. Air Force officer with combat flying experience in two wars and long experience in the stealth community. “The Georgian air defense system is much less networked than that of the Syrians and [therefore relies on] autonomous sector operations,” he says. So there’s no way for tactical electronic warfare systems to create massive blind spots.

Page 28

A Washington-based analyst also pointed to the fog of war and the likelihood of fratricide of Russian aircraft by Russian surface-to-air missiles. “I think it’s probably something much more simple [that also was at work],” he says. “If you look at some of the videos of Russian equipment pouring into the conflict zone, you’ll note a couple SA-11 surface-to-air missile systems included. Quite possibly, it could be a case of the [Russian] air defenses not realizing the aircraft were Russian systems or something silly like that. Or, it could be simply that they just didn’t factor [friendly aircraft] into the mission planning like they should have.”Table of Contents

Web Threats Increase in the Middle East From Al Bawaba, 13 August 2008With regional efforts to open more websites to users, the need for smart web security becomes even more imperative.The UAE’s Telecommunication Regulatory Authority (TRA), under its ‘internet access management’ policy, is making available a thousand websites previously deemed potentially offensive.Dubai-based Trend Micro executives believe that this is the right step forward and support this initiative. However, they wish to highlight the potential increased vulnerability of persons and organisations as a result. Web-based attacks are one of the greatest threats that are faced today and with the opening up of previously blocked sites, users need to further exercise caution.“Cyber crime is increasing at an alarming rate, with global financial losses running in the tens of billions,” said Justin Doo, Managing Director, Trend Micro, Middle East and North Africa. “As internet penetration in the region grows, the potential for global and locally targeted threats constantly multiplies. It is our experience that many organisations and users have not adequately protected their IT from the dangers of cyber crime.”In order to make web interaction more exciting, regional organizations and individuals are adopting new tools by creating online user communities or opening their sites to various levels of user input. This invites new and greater risks. “We are 100% focussed upon protecting the electronic assets of our customers in a world where there is a concerted effort by criminals to use the internet to exploit our customers assets financial gain. Our solutions are designed to identify and respond these next-generation threats that are here today,” said Samir Kirouani, Technical Manager, Trend Micro, Middle East and North Africa.Table of Contents

The CNN Effect: Georgia Schools Russia in Information Warfare (blog)By Yasha Levine, Media Channel, 14 August 2008 I woke up to discover a weird link to a Digg post sent over by a friend of mine. It was a poll conducted on CNN’s website asking readers:Do you think Russians actions in Georgia are justified?1) Yes — it’s peacekeeping2) No — it’s an invasionSurprisingly, 92% of readers thought that the Russians were justified. Taking into account CNN’s boneheaded and overwhelmingly pro-Georgian coverage, the poll didn’t make any sense. Were sheepish CNN viewers actually using their brain? It didn’t seem likely. Well, the poll no longer appears on the site. It was taken down after charges of manipulation started surfacing. Apparently, Russian bloggers circulated the poll and called on Russians to let their voice be heard. And if there’s one thing CNN doesn’t like doing, it’s hearing what those damn Russkies have to say. CNN had no idea that this seemingly innocuous poll would demonstrate the huge rift in opinion between the West and Russia and underline the importance that information warfare has played in this conflict, not to mention show whom CNN was really rooting for. “Information is no longer a staff function but an operational one. It is deadly as well as useful.”

Page 29

—Executive Summary, Air Force 2025 report.The Georgians didn’t just take this message to heart, they took whole sections out of DoD’s handbook on Information Operations and followed them to the letter. Even the most cursory look at this conflict shows that Georgia’s attack was an almost perfect textbook example of how modern warfare should be fought on the information front. The Georgians showed an amazing grasp of Info Ops concepts, pulling off counterpropaganda, launching disinformation campaigns and manipulating media perceptions as if they did this type of thing every day.Oh, the Russians tried to do their part, too. But it still isn’t clear if they didn’t give a shit about what the world thought or just failed miserably. Either way, it was bad news for the Kremlin. Despite a military victory, they are going to have a heard time getting the world to go along with their plans for post-war Georgia. All because they failed to win over the hearts and minds of the world community. The Georgians knew the importance of a well-defined information war strategy. That’s because Georgia has had ample training by the masters of this art: America and Israel. Both have provided military strategy assistance, not to mention weapons training. The Americans were just in Georgia giving them a month-long military refresher course called “Immediate Response 2008” (tab picked up by U.S. taxpayers). Israeli advisers were spotted in Georgia during the first few days of the war and had been training the country for years. In fact, Georgia’s Defense Minister, Davit Kezerashvili, is a former Israeli himself.So how did things go so wrong for Russia and so right for Georgia? Borrowing a few talking points from a document on Military Information Operations prepared by the U.S. Joint Chiefs of Staff, I’m going to try to evaluate their performance. What did they do wrong? How can they improve?Psychological OperationsDoD definition: Psychological Operations (PSYOPs) are focused on the cognitive domain of the battlespace. PSYOP seeks to induce, influence, or reinforce the perceptions, attitudes, reasoning, and behavior of foreign leaders, groups, and organizations in a manner favorable to friendly national and military objectives. PSYOP is just another way to say that P word no one likes to use anymore, propaganda.Analysis: This here is a no brainer. Georgia has dominated the psychological playing field from the beginning. As Mark Ames discovered, Georgian leaders were making collect calls to just about every influential person on Wall Street, convincing them that Georgia was the victim of Russian aggression even as Georgian rockets were leveling Tskhinvali. And that was before Russia officially entered into the fray. Saakashvili then made himself available for round-the-clock CNN and BBC interviews. He repeated the same simple lines in near-perfect English, and always flanked by an EU flag: “Russia is an aggressor. We are a small democratic country. Please help us.” Georgia was putting the “CNN effect,” as the military types like to call it, to extremely good use. The pro-Georgian CNN effect was so strong, in fact, that CNN used footage of Tskhinvali for a report on the destruction in the Georgian town of Gori. Check it out:All the Russians did was call an emergency meeting of the U.N. Security Council to try to pass a resolution demanding that Georgia and the S. Ossetia lay down their arms. It wasn’t much of a psychological operation, one that the U.S. didn’t even back.Psychological Operations Grade: Georgia: A+, Russia: F+CounterpropagandaDoD description: Counterpropaganda activities are used to identify and counter adversary propaganda and expose adversary attempts to influence friendly populations and military forces situational understanding. They involve those efforts to negate, neutralize, diminish the effects of, or gain an advantage from foreign psychological operations or propaganda efforts.Analysis: As soon as Russia started seeding reports that Georgia’s shelling of Tshinkvali might have led to more than 1,000 casualties started appearing, Georgia went on the defensive. Their brutal drive to retake the city was quickly forgotten and replaced with Georgian reports of Russian air raids on civilian targets. Georgia was now the victim of a Russian military invasion. When Russia accused Georgia of ethnic cleansing in S. Ossetia, the Georgians countered with claims of Russian genocide against the Georgians. Pictures of dead bodies, taken by Western journalists, appeared in

Page 30

every Western newspaper. To drive the point home, Saakashvili himself went to the city. The PR event was cut short, however, when Russian jets were spotted above. Cowering in fear, Saakashvili was bundled into a civilian Humvee and whisked away. The debacle convinced Russian viewers that Saakashvili was a coward, but to a Western audience it was more proof that Russian jets were attacking Gori. Georgian counter-propaganda was bolstered by the fact that Georgia made no attempt to hinder Western journalists’ access to the war zone, while Russia made it almost impossible for non-Russian reporters to get into S. Ossetia. Big mistake. Russian newspapers even bitched about it. When Russia tried to reiterate that it was not attacking civilian targets, Georgians claimed that Russian jets were bombing Western-financed oil pipelines deep inside Georgia proper. It was an utter lie, but that didn’t stop the headline from hanging up on Drudge Report for two whole days. Even now, after Russia signed an agreement to stop fighting, a disheveled and sleep deprived Saakashvili accuses Russian troops of attacking central Gori and moving tanks to take over Tbilisi. Who cares if it’s true. The Russian side is silent on the matter.Counterpropaganda Grade: Georgia: A, Russia: FElectronic WarfareDoD description: Electronic Warfare operates across the electromagnetic spectrum, including radio, visible, infrared, microwave, directed energy, and all other frequencies. This includes targeting mass media and communications.Analysis: Here is where both sides were more or less evenly matched. Both countries mounted cyber attacks on news outlets and government sites. As their first order of business, Georgia blocked all Russian TV transmissions and blocked all the .ru sites. Russia did the same, but despite those notorious Russian hackers, Georgia still managed to get the upper hand. Aside from getting reports of Russian attacks suppressed (thanks to Georgia’s effective counterpropaganda machine), Georgia’s big win was in managing to bring down the website of Russia Today, the only English-language TV coverage coming out of South Ossetia and the source of hard-hitting interviews like this one (skip about 1 minute forward):Russia couldn’t keep up. And how could they? What, take down cnn.com?Electronic Warfare Grade: Georgia: B, Russia: C-[Jeff’s note: The blog has two movie clips that are not in this article. The link to the blog is http://www.mediachannel.org/wordpress/2008/08/14/the-cnn-effect-georgia-schools-russia-in-information-warfare/ if you want to view the clips.]Table of Contents

When Electrons Attack: Cyber-Strikes on Georgia a Wake-Up Call for Congress

By James Jay Carafano, Ph.D., The Heritage Foundation, 13 August 2008 WebMemo #2022 Bombs and bullets are not the only things flying around in the Russia-Georgia war that broke out over the weekend. There is a flurry of battling electrons as well. According to a news story first reported in The Telegraph, the Georgian Ministry of Foreign Affairs claimed that a "cyberwarfare campaign by Russia is seriously disrupting many Georgian websites, including that of the Ministry of Foreign Affairs." How these contributed to the country's crushing defeat and the extent of deliberate Russian "cyber-warfare" remains to be determined. This incident, however, is the latest reminder that Washington needs to get serious about systematically developing the cyber-strategic leaders in the public and private sector who are skilled in dealing with the complex issues of deliberate attacks in cyberspace.War OnlineIt has been reported in The New York Times and elsewhere that weeks before the Russian invasion, "denial of service attacks" (where websites are flooded with useless data) and other malicious acts were targeted against Georgian government computer sites. Some speculate these were a prelude to a preplanned assault on Georgian territory. In addition, it is clear that government and business websites were intentionally disrupted during the invasion. How much has been directed by the Russian government, individual hackers, and Russian criminal elements (some with alleged ties to Russian government agencies) remains to be sorted out.

Page 31

That is not the first time that Russia has been accused of cyberwarfare. A widely publicized cyberassault against Estonia in 2007 increased suspicion that Russia is using online malicious activity as a tool of national policy. The assault disrupted public and private Estonian information networks with massive denial-of-service attacks. The attacks targeted the websites of Estonian banks, telecommunication companies, media outlets, and government agencies. Estonia's defense minister described the attacks as "a national security situation. ... It can effectively be compared to when your ports are shut to the sea." The Estonian and Georgian attacks testify to the disruptive power of a coordinated cyber offensive.Russia is not the only one threatening other countries. And many countries, including America, are their targets. U.S. government information systems are attacked every day from sources within the country and around the world. China uses "cyber-spying" as a matter of course, and America is one of their prime targets. Some of these intrusions have been extremely serious, compromising security and costing millions of dollars. Penetration of computer networks at the National Defense University proved so pervasive that the university was forced to take the entire computer network offline and install new information system defenses.These attacks come from states, criminal networks, "hacktivists" (online political activists), and other malicious actors. In addition, bad people exploit the freedom of the Internet--terrorists included. They go online to gather intelligence, raise money, share tradecraft in chat rooms, and coordinate propaganda messages.Time for LeadershipThe lesson for the United States is to take the challenge of cyber threats seriously. The initiatives that will likely best serve the United States and its international partners in the cyber conflicts of the 21st century are those derived from private sector experience, emerging military and intelligence capabilities for conducting information warfare, and law enforcement measures for combating cybercrime.Cyberwar is like real war, a competition of action and reaction between two thinking, determined enemies. Technology, which evolves every day, is the "wild card" that keeps changing the nature of the battlefield. Like war on an escalator, there is no standing still. Thus, there is no quick fix or "silver bullet" solution that will make America safe. What is called for is dynamic, informed national leadership in the public and private sector that understands how to compete in the cyber-strategic environment. America needs cyber-strategic leaders that know how to: Ensure adoption of best practices. Ensuring that these are refreshed and applied

should be a priority. Know how to employ risk-based approaches. All information programs must include

assessments of criticality, threat, and vulnerability as well as measures to efficiently and effectively reduce risks.

Foster teamwork. Cybersecurity is a national responsibility requiring international cooperation. The United States must maintain effective bilateral and multinational partnerships to combat cyber threats.

Exploit emergent private sector capabilities. Government and industry must become more agile consumers of cutting-edge commercial capabilities.

Manage cyber systems. Most programs underperform because, due to inattentive senior leadership, they lack clear requirements and hold unrealistic projections of the resources required to implement those requirements.

Know how to protect, defend, and respond to cyber threats. Targets of malicious acts by either state or non-state threats should respond by using the full range of military, intelligence, law enforcement, diplomatic, and economic means.

What is needed, however, is not massive reorganization, massive government bureaucracy, massive infusions of government cash, or massive intrusions into the marketplace and the lives of Americans. What is needed is long-term commitment and sound initiatives based on better and faster acquisition of commercial services; better and smarter management of military, intelligence,

Page 32

and information technology programs; and better and sustained professional development of federal, state, local, and private-sector leaders.Congress can help develop the leaders America needs to respond to cyber threats. In part this can be accomplished by establishing effective interagency programs for professional development, particularly in regard to cyber skills. Much of this can be accomplished by modest initiatives that require federal interagency education, assignment, and accreditation programs, one that in particular addresses the preparing cyber-strategic leaders. This framework should include: Education. A program of education, assignment, and accreditation that cuts across all

levels of government and the private sector with national and homeland security responsibilities (especially cyber security) has to start with professional schools specifically designed to teach interagency skills. No suitable institutions exist in Washington, academia, or elsewhere. The government will have to establish them.

Assignment. Qualification will also require interagency assignments in which individuals can practice and hone their skills. These assignments should be at the "operational" level where leaders learn how to make things happen, not just set policies. Identifying the right organizations and assignments and ensuring that they are filled by promising leaders should be a priority.

Accreditation. Accreditation and congressional involvement are crucial to ensuring that programs are successful and sustainable. Before leaders are selected for critical (non-politically appointed) positions in national and homeland security, they should be accredited by a board of professionals in accordance with broad guidelines established by Congress.

Critical components of good governance, such as establishing long-term professional programs for developing cyber-strategic leaders, are often shunted aside as important but not pressing--something to be done later. But later never comes. The latest cyberwar should serve as a wake-up call that this is unacceptable for critical national security activities such as cyber-strategic leadership that require building interagency competencies that are not broadly extant in government.Table of Contents

Page 33