Cyber Intelligence War 2000 to Present
Starting from Titan Rain to present Nation State Actors conducting Cyber Espionage
One of the best articles about Titan Rain was from Time Magazine.
The lesson of Titan Rain: Articulate the dangers of cyber attack to upper management. article by Homeland Security News Wire.
(2003). Intelligence in Support of Strategic Signal Units – starts page 40 by James R. Lint
Please send your information, story or pictures for this time in history. http://lc-vans.lintcenter.org/submit-your-story/
Titan Rain: Chinese Cyberespionage? – TIME Inside the Chinese Hack Attack 25 Aug 2005
The Invasion of the Chinese Cyberspies – TIME 29 Aug 2005
Published with Permission by:
Lori S. Tagg, Command Historian,
US Army Intelligence Center of Excellence, Fort Huachuca, AZ.
After the invention of the radio in the 1890s, the first widespread use of the technology for military communications occurred during World War I. The ease of intercepting radio messages quickly spurred advances in encryption and decryption of codes and ciphers. The Military Intelligence Division in Washington recognized the importance of this discipline and quickly established Herbert Yardley’s Code and Cipher Section. Likewise, shortly after arriving in France, Brig. Gen. Dennis Nolan, the American Expeditionary Forces (AEF) G-2, was forced to acknowledge that the US was woefully unprepared to exploit signals intelligence. When British intelligence informed him that it had identified two-thirds of the enemy’s divisions through the intercepting and decoding of Germany’s radio messages, Nolan acted immediately. On July 28, 1917, he tasked Capt. Frank Moorman to form the AEF’s Radio Intelligence Section (RIS), also known as G-2 A6.
Moorman, a 40-year-old Coastal Artillery officer serving as the acting director of the Signal School at Fort Leavenworth, had served in the Military Information Division in the Philippines and had temporarily worked with Parker Hitt, the Army’s foremost authority on codes and ciphers. When Moorman arrived in France, however, he understood little more than his mission: to read and decipher German radio messages. Starting from scratch, Moorman soon built a successful collaborative network that provided the AEF with reliable intelligence throughout the war.
The US Army’s Signal Corps, which had responsibility for Army code compilation and communications security, figured prominently in Moorman’s network. The Signal Corps’ own Radio Intelligence Service, later renamed the Radio Section, established, operated, and maintained listening stations close to the front lines. Personnel manning these stations intercepted and copied enemy radio messages around the clock. The Signal Corps turned recorded messages over to RIS personnel at each Army headquarters for deciphering and analysis using keys provided by the G-2 A6. The most difficult codes and ciphers and potentially important messages were passed further up the chain to Moorman’s section.
The US Army’s first foray into tactical signals intelligence quickly surpassed the efforts of its Allies. Its eight listening stations intercepted more than 72,000 messages and 238,000 telephone calls. Additionally, personnel located enemy radio stations, constructed net diagrams, intercepted and located radio signals from airplanes ranging for hostile artillery, policed US Army telephone lines near the front for operational security, and distributed American trench codes. They also helped develop enemy order of battle through traffic analysis by using call signs and knowledge of German communication protocols.
One early success occurred in December 1917, when the RIS intercepted a transmission indicating the enemy planned a barrage in an area where a US division was co-located with the French. The RIS passed this intelligence to front line headquarters just in time to allow the Allies to unleash a counter-battery attack that effectively prevented the Germans from carrying out their plan. Examples like this quickly won over skeptical commanders who initially distrusted the value of code and cipher work. However, it also exposed a vulnerability for future warfare. Moorman cautioned that the system developed for use in World War I was successful primarily because of the static nature of trench warfare. Its value decreased when the enemy became mobile and the RIS could not maintain close contact long enough to establish the listening stations and install the necessary equipment.
In 1920, Moorman spoke to the officers of the Military Intelligence Division in an effort to pass on insights relevant for the future. He recalled that his most pressing problem was obtaining adequate personnel: “The difficulty in finding men who could actually think without a guardian was surprising. It is hoped that one of the aims of the future will be to develop this ability in men chosen for code and cipher work.”
Another obstacle the RIS faced was educating outside personnel about the process of code and cipher work. “What [headquarters] wanted us to do was pick out the important messages, decode them, and let the rest go.…It was a matter of considerable difficulty to make them see that we had to work them out and that the Germans did not tag their important messages before sending them.” Additionally, educating troops about the importance of safeguarding their own communications was paramount. Moorman warned, “It is a sacrifice of American lives to unnecessarily assist the enemy in the solution of our code.” Too often, soldiers mishandled codes and refused to “[observe] the ‘foolish’ little details that the code man insists on.” Moorman correctly predicted that all these issues would endure in the future.
Published with Permission by:
Lori S. Tagg, Command Historian,
US Army Intelligence Center of Excellence, Fort Huachuca, AZ.
When Ralph Van Deman established the War Department’s intelligence organization shortly after the US entered World War I, he was faced with building his section from nearly nothing. Although his background was more in the field of counterintelligence, he readily recognized the need for an office dedicated to cryptology. He received numerous letters from amateur cryptologists offering their services, but he was intrigued by one person in particular: a bored State Department telegraph operator named Herbert O. Yardley who had deciphered a communication between President Woodrow Wilson and his aide in two hours. Putting aside concerns about Yardley’s age—he was only 28—Van Deman chose him to create the Army’s first code and cipher bureau, known originally as the American Cryptographic Bureau but most popularly as MI-8. Yardley reportedly remarked that “it was immaterial to America whether I or someone else formed such a bureau, but such a bureau must begin to function at once.”
Yardley was commissioned a First Lieutenant in the Signal Corps on June 29, 1917 and was given two civilian assistants. Over the next year, MI-8 grew rapidly to 165 military and civilian personnel working in five subsections: Code and Cipher Solutions, Code and Cipher Compilation, Secret Inks, Shorthand, and Communications.
Code and Cipher Solutions examined communications from commercial telegraph and cable companies, intercepted radio traffic, and seized mail. Every suspicious missive, military or civilian, ended up on the desks of this subsection. In addition to written communications, the section analyzed atypical items like postage stamps, musical scores, religious amulets, even a pigeon’s wings. The amount of work was overwhelming, especially after the US Navy stopped its cryptology efforts and let the Army take the lead. During the course of the war, the subsection read more than 10,000 messages and solved 50 codes and ciphers used by eight foreign nations. This included the celebrated case in which Capt. John Manley deciphered a coded message found on Lothar Witzke (aka Pablo Waberski), a suspected German spy and saboteur. Manley’s solution to the code sealed Witzke’s conviction for espionage.
The Code and Cipher Compilation Subsection established secure communications for 40-plus military attachés and hundreds of intelligence officers in the American Expeditionary Forces (AEF). Its services were critical for several reasons. First, the Army’s 1915 telegraph code book had been stolen during the Punitive Expedition and had yet to be updated. Additionally, British cryptologists informed the War Department that German telegraph operators on U-boats were able to copy US messages sent to the AEF and its allies via the transatlantic cables. Because breaches in US communications would ultimately compromise the whole Allied effort, the subsection revised the entire War Department code and cipher system. In conjunction, the Communications Subsection operated round-the-clock, averaging the secure transmission of more than 100 sensitive and classified messages per day.
The Secret Ink Subsection established two laboratories specifically for MI-8 use. Chemists succeeded in developing an iodine vapor reagent for all types of secret inks. As a result, the MI-8 uncovered communications directing sabotage, which allowed the War Industries Board to implement tighter security measures. At its peak, the subsection was reviewing more than 2,000 items weekly. As more sophisticated methods to conceal messages were developed, the subsection continually worked on new reagents.
The Shorthand Subsection was an impromptu addition to the organization. Military censors provided MI-8 with a number of messages believed to be in code but were found instead to be written in shorthand. The subsection cultivated a community of experts in more than 30 shorthand systems used worldwide.
MI-8’s work was at times exciting and often fruitless, but personnel persevered. In a series of post-war articles, Capt. Manley stated, “…it is the business of a Cipher Bureau never to allow its interests or energies to flag, for although a thousand suspicious documents may turn out…to be entirely innocent or insignificant, the very next one might be of the greatest importance.” Manley also stressed that the organization successfully uncovered cases of nefarious activities but also cleared the name of several innocent civilians wrongly accused of spying for Germany.
Although employing relatively simple deciphering methods using little more than pen and paper, MI-8 constituted a significant development for military intelligence during World War I. Brig. Gen. Marlborough Churchill, the Army’s Director of Military Intelligence, predicted in 1919, “Code attack is indeed still in its infancy. It is capable of rapid and incalculable development.” Consequently, both the State and War Departments continued MI-8’s efforts as the Black Chamber in the post-war period. Soon thereafter, cryptology evolved into more sophisticated codes and ciphers requiring the invention of mechanical devices that would dominate both Allied and Axis code operations during World War II.
John Wiseman: How would you define National Security and in what capacity have you been involved with United States National Security. How did you get involved? (Approximate dates and job titles if possible).
Kevin Brothers: When I first joined the military in 1984, the United States was deep into the Cold War. Back during the Reagan administration tensions with the Soviet Union were high. I was somewhat apprehensive about joining, but then I thought to myself, “if the balloon ever goes up, I want to be out there fighting and not staying at home letting someone else do it for me.” So after college I signed up with the Navy. I chose the Navy because it guaranteed me the career path of intelligence.
In those days, we weren’t too far past the Vietnam era of distrust of the military. There were no “Thank you for your service” greetings. It was a different time. About a week after I signed with Navy, I got a mysterious call from the CIA asking if I was interested. I told them it was too late. In the end, I think the Navy was a better option for me, so I’m glad the CIA didn’t call first.
After Aviation Officer Candidate School (AOCS) in Pensacola, Florida, I was commissioned an Ensign, Special Duty, Aviation Intelligence. AOCS was not the easiest way to get a commission. The main purpose of the school was to produce naval aviators. The medical screening was legendary and many people failed out for that reason alone. Marine Corps Drill Instructors ran the school and they were demanding. I remember our Drill Instructor telling us, “My mission… is attrition.” I think something like 50% of the all candidates washed out before graduation, some for medical, some for academics, and some because the regimen was too tough. The Drill Instructors taped off an alcove in the hallway of the barracks and every time a candidate “DORed” (Dropped on Request), they put that candidates’ “chrome dome” (aka shiny uniform helmet) in the “poopie graveyard” so we would all be reminded of those who dropped out. The DIs took glee every time they added a helmet to the “graveyard.” My class started with eight intelligence officer candidates in it, and I was the only one who made it through and graduated with my class on time. The school was made famous by the movie “An Officer and a Gentleman,” although the Navy refused to cooperate with the film, forcing the production company to actually shoot the picture in Washington State, not Florida.
In those days, most people had a pretty clear conception of what “national security” meant. It was to protect the United States from existential threats, primarily the Soviet Union. The Soviets used to operate submarines with nuclear warheads around the world, including in the Atlantic Ocean. The missiles on those subs had just a seven-minute flight time to Washington, DC. There was not a lot of room for error on our part. We had to keep track of them and it was serious business. The Soviets would also fly menacing bomber flights in the North Atlantic, along the east coast of the United States and all the way down to Cuba. Everybody was a little on edge during such flights. We had to get it right to intercept them and escort them along their way.
After the Soviet empire collapsed in the 1990s and the threat from Russia decreased, many people started rethinking what “national security” meant. The term now can include everything from climate change to the financial sector to global health. I prefer to think of national security still in terms of the existential threat, even if it is not a use of military force. For example, to me, terrorism is not an existential threat to national security. Terrorists are not going to end the existence of the United States. Terrorists have to be dealt with, but in my opinion, the country spends too much time and treasure fighting a small, if politically potent threat.
In the middle of my military career, I took a break in service and went to law school. After law school I went back into the Navy Reserves. I actually had to go through the recruiting process again. I asked my recruiter if I should go into the Judge Advocate General Corps. He said, “Are you kidding, every lawyer I hear from wants to do intel” so I stayed intel. I had some great assignments in the reserves both on active and reserve duty. I had assignments in the Pentagon, Germany, and Iceland and made it to the rank of Commander. In 2004, I was assigned to the faculty of what is now known as the National Intelligence University. It’s a unique school where all the faculty and students have to have high-level security clearances and have to come from government or the military. I got a master’s degree from the same school when I was on active duty. I taught graduate classes there in intelligence in the Reserve/Executive Management program on subjects ranging from intelligence law to international security. After retiring from the Navy, I have continued to teach graduate classes in intelligence in the private sector as a civilian adjunct. Right now I am teaching at the University of Maryland University College.
JW: What is one of the more memorable or impactful experiences during your National Security Career?
KB: After about a week of Operation Desert Storm, we realized we had a problem with Bomb Damage Assessment (BDA). This was a lost art, because nobody had been doing it since Vietnam and we had no idea how much damage our military campaign was having against the forces of Saddam Hussein. It became a political issue and the president wanted to be able to understand the effect of the entire war effort. The Chairman of Joint Chiefs of Staff, Colin Powell, directed his Director of Intelligence to immediately put together a BDA team to produce bomb damage assessment reports as a top priority. I was assigned to this small team, not because I had any bomb damage assessment experience, hardly anybody did, but rather because I was a “Mac driver” as we were called in those days. Few people knew how to run Apple computers back then and only Apples had the screaming 8MB of RAM it took to make the necessary graphics. Hence I found myself on the team as the expert who could transform numbers into graphics, bar charts, and maps.
On our first morning, the director of the team asked me what kind of computer equipment I needed. I got a computer catalog and circled the items I needed. Now normally, the government procurement process was lengthy and cumbersome and takes months. This time, all the items I circled were in our spaces in the Pentagon by 1600 that same afternoon. I have no idea how they got there, I was so busy doing other things; they just magically appeared. It is amazing how fast things can get done when something is a presidential priority.
I set everything up and then went home because I was going to have to start reporting to work at 0100 every day, which is an odd time to be starting one’s work day, especially when quitting time was still around 1700 every day. Every night/morning, I would go over the data, update charts, figure out the best kind of graphs and images to include to supplement the reports and print them out right there in the office. The pressure to get this right was intense. My boss or his boss would take the report every morning and use it to brief both the Chairman of the Joint Chiefs of Staff and the Secretary of Defense. The Chairman or Secretary would then take the report across the river and brief the president with it in person at the White House.
One day during the campaign, RADM Schaefer, who was the Deputy Director of DIA at the time, wanted a copy of the report because he had to brief all the living presidents at the time – Nixon, Ford, Carter, and Reagan. Word came back to me from RADM Schaefer that Richard Nixon “loved the graphics.” Having your work presented to five different presidents in the same day is a pretty cool thing!
JW: Was there a particularly funny or comedic experience?
KB: One time we pulled into port in Palermo, Sicily. There was not a lot to do in Palermo, but there was some big news going on. The Soviets were sending their new Kilo class submarines out of area for the first time on its way to India. A Kilo was going to be in port the same time we were. The Italians were eager to avoid an incident and our captain told us to stay away from the Kilo, which was going to be in a different part of the port.
Now I was the intelligence officer in an aircraft squadron, so all the other officers in the squadron except one maintenance officer were pilots. I went out on liberty with two of our pilots, one of whom was a Canadian exchange pilot, who also had a van for some reason. The two pilots sat in front of the van while I was in the back.
Pilots are much more risk takers than intelligence officers. They decided it would be really cool to snap some pics of the Kilo. I explained to them that this was a bad idea. Having an intelligence officer involved in spying on a Soviet submarine could cause a major diplomatic incident. They ignored me.
We drove to a remote part of the Italian naval base with a view of the Kilo. They got out and indiscreetly started taking a bunch of happy snaps. I didn’t. Then suddenly one of the Soviet sailors noticed them taking the pictures. Immediately we could see all the Soviet sailors start to scramble around and cover things up on the deck. We decided then it would be in our interest to leave.
Our Canadian driver put in an admirable effort to get out the gate before word could reach the Italian guards. He drove as recklessly as any Neapolitan cab driver in a desperate attempt to get off the base. We were just nearing the main gate when we saw a guard hang up a phone at the guard post and then order us to stop. So close. The guards, made us all get out hand over our IDs and they started asking a bunch of questions. I never let on I was an intelligence officer and just stayed quiet and let the pilots do all the talking, fortunately the other pilot was Italian-American and that may have helped our situation. Inside, my heart was racing a mile a minute. I thought we might be detained and we would miss the ship’s movement, which is a big deal. Or worse, the incident could end my career. The Italian guards made us hand over our cameras. They opened the cameras and exposed all our film and then they let us go, much to our great relief. Sometimes the Italian “shrug of the shoulders” attitude about things is a nuisance, but this time it paid off.
Another funny story involved an officer candidate at AOCS we all called “Bones” because he was so skinny. There was a tradition at the school that the candidate with the highest body fat percentage at the end of the program had to buy a round of beer for the rest of the class. Because of the strange way that the Navy measured body fat percentage, which involved comparing neck measurements to waist measurements, Bones had the highest body fat percentage in the class because his neck was so thin. In the end, Bones had to buy us all a beer for being so “fat.”
JW: What is one of the most valuable lessons you learned from your NS time?
KB: I was the senior briefer for Carrier Airwing Six during the USS Vincennes shootdown of an Iranian airliner. Our team was in charge of briefing both air operations and the intelligence picture to all the embarked flight crews. That day, everyone was on edge because these little Iranian boats, Boghammers, were coming out and harassing the fleet. There were some exchanges of fire between our units and theirs.
Normally, the aircraft carrier should have had control of the airspace, but that day for some unknown reason we didn’t, which was unusual. The operational situation was confused. I was splitting my time between the carrier’s command center listening to everything unfold and the intel center where I had to relay the intelligence and air ops picture out to the aircrews in their ready rooms via closed circuit TV. We knew the Iranians still had some F-14s, which everybody was our big concern because it was a capable aircraft.
I was in the command center when I heard a radio call, “Splash one foxtrot one four,” coming from the Vincennes meaning the ship had just shot down an Iranian F-14. At this point, after the shootdown and all the little harassing incidents going on with the small boys (the smaller ships in a carrier battle group), it looked like things were really going to being spinning out of control fast. I remember during one of my briefs to the aircrews I was really talking fast and my boss told me to “slow down.”
It didn’t take long before we realized Vincennes had shot down a civilian airliner, not an F-14. We were all stunned. I remember distinctly the feeling of numbness that everyone had when we realized what had happened. The lesson there was that there really is a “fog of war.” Just because you think you understand an event does not mean you really do. Initial reports, even from direct participants, can be wrong. What we thought was a great military success was, ended up being a tragic accident where 290 civilians lost their lives. The more chaotic a situation, the more you have to stay calm and even-keeled in order to think clearly about all the possible scenarios and not jump to conclusions.
I saw this same kind of thing happen while working as an intelligence watchstander. Initial reports are often wrong and it takes time and additional sources to really put together a picture of any event.
JW: What was one of the most difficult experiences you faced during your NS time?
KB: Watchstanding ashore can really be a grind. At the National Military Joint Intelligence Center (NMJIC), the rotating watch schedule requires one week of daytime watchstanding (from 0600-1400), followed by one week of swing shifts (1400-2200), followed by one week of mids (2200—0600) that ends with two 12 hour weekend mids. Then you get five days off, do two 12-hour weekend day shifts, then a week off before starting the 0600 shift again. The work on the watch floor is really interesting requiring watchstanders to stay on top of current events in order to alert the military leadership to missile launches, troop movements, invasions, hostile aircraft flight patterns etc., but it’s physically demanding. Constantly switching from midnight shift back to morning shift does a number on your circadian rhythm.
JW: What advice would you give new personnel thinking about starting a career in National Security?
KB: Get to know the world. It really helps to know at least one foreign language well. While the national security community makes a big deal about certain “critical” languages, knowing any other language is big help. Today’s “critical” languages might be not worth much in five years, but language is always a window into how others think, view the United States, and might act. Foreign residence is also helpful. There is no better way to understand the United States and its interests than by seeing the country from the outside.
It’s also important to be able to think critically and write effectively. This matters in most areas of national security, but especially intelligence. No matter what area of national security one ends up in, there is almost always going to be a requirement to write reports and make recommendations. Good ones will get noticed. Those who are well prepared in this area have an edge.