US MilitaryCyber Command and Cyber Forces(Part 2)
Old Buddha
(June 2, 2020)
Summary: This article first explains the concept and characteristics of cyberspace; then provides a detailed introduction to the US cyber army, cyber forces, and cyber command, including their composition, scale, functions, etc.; finally describes the cyber weapons developed by US institutions and the cyber attacks launched.
Keywords: US, military, network, cyberspace, cyber warfare
(Continuing from the previous section)
Strength of US Cyber Command and Its Forces
Through decades of effort, the US has established an invincible cyber warfare force system. This force system consists of world-class computer experts and hackers, including experts from the CIA, FBI, NSA, US Cyber Command, and other departments. All members have an average IQ above 140【Note: classified as ‘genius’ types】, and thus some media jokingly refer to them as the “140 Force“.
The following specifically describes the situation of the US Military Cyber Command and its cyber forces.
(1) Strength of the Air Force Cyber Command and its Cyber Forces
In 2006, the Air Force Cyber Warfare Command (now the Air Force Cyber Command) oversaw 65 cyber warfare squadrons, reserves, and the National Guard, in addition to 4 wings, including the famous 67th Cyber Warfare Wing.
Air Force 67th Wing is the largest operational unit in the US Air Force, with personnel and equipment spread across all continents except Antarctica, consisting of 5 intelligence groups, 35 intelligence squadrons and detachments, totaling 8000 personnel, stationed at over 100 locations worldwide.
(2) Strength of the Army Cyber Command and its Cyber Forces
In 2018, the Army Cyber Command had to operate and protect the following Army network facilities:
Ø more than 400 networks;
Ø more than 700 communication lines;
Ø over 800,000 computer workstations;
Ø more than 35,000 network servers;
Ø more than 90,000 mobile communication devices.
To operate and maintain the above facilities, approximately 120,000 cyber soldiers are required. They are not all military personnel directly under the US Cyber Command.
The Army’s network users number over 1.2 million. Their services are provided by the Army Cyber Command.
(3) Strength of the US Military Cyber Command and its Cyber Forces
In 2019, the US military had about 9,000 cyber warfare experts. The US Military Cyber Command directly led approximately 100,000 military personnel.
【Note: The US is the world’s leading military power, with the strongest overall military capability globally. The US military consists of the Army, Air Force, Navy, Marine Corps, Coast Guard, Cyber Force, and Space Force. As of 2017, the active duty military personnel numbered about 1.4 million, of which women accounted for 15.6%; in addition, there are about 700,000 civilian personnel working in the military.】
The US Military Cyber Command has a direct “Cyber Special Forces” unit, numbering about 7,000. This “special forces” unit is essentially a “hacker unit” led by the US Military Cyber Command. This unit is responsible not only for cyber defense tasks but also for covert attacks on enemy computer networks and electronic information systems.
Cyber Warfare and Cyber Weapons Developed by the US
(1) Cyber Attacks and Cyber Warfare
Since the 1990s, US institutions have developed thousands of “network (Network) weapons”, “cyber (Cyber) weapons”, launching millions of cyber attacks (CyberAttack) against enemies through “civilian” hackers and military cyber forces. The US has also systematically launched many organized cyber wars (Cyber War), which are secret wars conducted in cyberspace without gunpowder.
Cybersecurity expert Thomas Reid defines “cyber warfare” as: Cyber warfare is military action using advanced network means, with political purposes, resulting in deadly consequences.
According to this definition, there has never been a real cyber war in the world. The cyber attacks launched by the US against Iraq and Iran, where the attacked parties had no means to retaliate, cannot be called “cyber warfare”.
(2) Units and Scale of Cyber Weapon Development
The main national-level institutions in the US that develop cyber weapons include:
Ø CIA, Central Intelligence Agency, abbreviated CIA;
Ø FBI, Federal Bureau of Investigation, abbreviated FBI;
Ø NSA, National Security Agency, abbreviated NSA;
Ø DIA, Defense Intelligence Agency, abbreviated DIA;
Ø US Army Cyber Command, US Army Cyber Command, abbreviated USACC.
They have developed over 100,000 computer viruses and Trojan programs.
Among them, the CIA has developed the most cyber weapons. The cyber weapons developed by the CIA are code-named Vault, meaning “vault”.
In early 2017, WikiLeaks obtained a copy of documents from the CIA’s cyber intelligence center from a US citizen claiming to be a CIA member. This information contained 8,716 documents, 943 attachments, 7,818 web pages, and 700 million lines of source code. This is the content of the CIA’s cyber weapon repository “Vault(Vault)” version 7.
On March 7, 2017, WikiLeaks began to publicly disclose the dark history of the CIA hacker unit under the code name “Vault 7” in batches. This time, the CIA hacker unit’s attack methods, targets, meeting records, overseas operation centers, and almost all hacking tools were exposed. This was the largest secret leak in CIA history.
On March 12, 2017, the CIA issued a statement regarding the documents exposed by WikiLeaks, stating that they did not conduct electronic surveillance on US citizens.
The US Military Cyber Command has about 3,000 “cyber weapons” in its “arsenal.” The US Cyber Forces have flexible and diverse tactics and attack methods. In cyber warfare, the US Cyber Command can quickly defeat enemies, even to the point of destroying them.
(3) General Cyber Weapons Developed by the US
The US has developed many types of general cyber weapons, and we now introduce eight important general cyber weapons as follows:
(1) Computer Virus
A computer virus (Computer Virus) is a computer program that can damage computer software and hardware, computer data, computer networks, and computer-controlled systems.
Computer viruses have the characteristics of self-replication, rapid propagation, covert action, and activation upon latency.
(2) Trojan Program
A Trojan program refers to a piece of malicious code with special functions hidden within a normal computer program. Trojan programs can obtain and send passwords, destroy and delete files, record keyboard input, and perform pre-set destructive actions. Trojan programs are used by cyber soldiers and computer hackers to remotely control enemy computers.
Trojan programs are not strictly speaking computer viruses because they cannot self-replicate or automatically propagate.
(3) Logic Bomb
A logic bomb is a malicious computer program or a part of malicious code in a complete program that is activated when predetermined conditions are met. The functionality of a logic bomb is determined in advance by the program’s designer. Therefore, logic bombs can have any functionality of a computer program, and of course, destructive functionality, which is the goal of the logic bomb designer.
For system administrators and computer users, such logic bombs are like landmines or time bombs buried in the computer, posing great danger.
(4) DoS (Denial of Service)
DoS is the abbreviation for Denial of Service, which means “denial of service.” The behavior that causes DoS attacks is called DoS attack. The purpose of a DoS attack is to make a computer or network unable to provide normal services. DoS attacks involve maliciously exploiting flaws in network protocols or directly exhausting the resources of the attacked target through brute force; the most severe consequence is the paralysis of the computer or network crash.
Representative means of DoS attacks include Ping of Death, Tear Drop, UDP flood, SYN flood, Land Attack, IP Spoofing DoS, etc.
(5) Electromagnetic Pulse Weapons
US agencies have developed malicious electromagnetic pulses in cyberspace. These pulses can attack tanks, ships, missiles, and other weapon control systems, causing the computer control programs of weapon systems to malfunction, resulting in serious consequences, even self-destruction.
(6) Special Sensor Devices
The US cyber forces have developed special sensor devices based on sensor principles. These devices can be silently deployed deep into enemy territory to disrupt and destroy enemy hardware, paralyzing their command control systems and strike systems.
(7) Non-material Biological Weapons
US agencies have developed non-material biological weapons in cyberspace. These biological weapons are not bacteria or viruses but malicious programs embedded in computer terminals. These biological weapons can damage the brain nerves, visual cells of the person sitting next to the computer terminal. The serious consequences are self-evident.
(8) Other Cyber Weapons
In addition to the seven types of general cyber weapons mentioned above, US agencies have developed many other cyber weapons. Below are nine important general cyber weapons:
Ø Computer chip virus and Trojan program solidification technology.
Ø Computer virus and Trojan program remote implantation technology and wireless delivery equipment.
Ø Computer virus and Trojan program remote activation technology, which is triggered by special devices emitting electromagnetic signals or sending trigger signals through wireless networks.
Ø For special networks not connected to the internet (military networks, national security networks, etc.), technology to embed malicious software into that network system through wireless transmission.
Ø Sending high-energy microwaves (HPM) from unmanned aerial vehicles to destroy or shut down enemy computer networks.
Ø Infiltrating embedded single-board computers with the weapon Pterodactyl, controlling target computers or real-time control systems.
Ø Infiltrating network devices (routers, switches, gateways, WiFi devices, etc.), implanting Trojan programs. For example, Harpy Eagle is a cyber weapon targeting Apple network routers and WiFi devices.
Ø Controlling smart (4G, 5G) phones technology that can turn phones on and off (using Android and Apple systems), steal information from them, and control phone cameras and eavesdrop on surrounding conversations.
Ø Controlling smart TVs weapon Weeping Angel that hijacks the TV’s shutdown operation (users think it has been turned off), activates the recording function, and then transmits the recording content back to the CIA‘s backend server. Samsung TVs were the first to be “hit”.
(4) Specialized Cyber Weapons Developed by the US
The US intelligence agencies CIA, FBI, NSA, DIA, and the US Military Cyber Command have developed many specialized cyber weapons targeting specific objectives to achieve specific purposes.
Below, we list five specialized cyber weapons developed by US agencies with multiple functions:
l Fluxwire(Magnetic Flux): A large, complex network attack platform developed by the US CIA. Fluxwire utilizes backdoors in operating systems to attack and control all mainstream operating systems such as Windows, Unix, Linux, MacOS and their associated software and hardware devices, capable of:
Ø Recording keyboard input, and collecting usernames and passwords for websites, emails, online banking accounts;
Ø Stealing data from computer systems and sending it back to the CIA;
Ø Modifying data in computer systems, causing abnormal operation or even crashes;
Ø Deleting important information in computer systems.
l Umbrage(Resentment): A network attack platform developed by the CIA. CIA technicians collect a large number of publicly available attack techniques and hacker tools through this platform, identifying and gathering usable code and data from leaked information to form a cyber attack weapon database. This database can be applied to:
Ø Investigating and gathering evidence of enemy network attack activities;
Ø Modifying weapons (computer malware) in the weapon repository to attack enemies;
Ø Launching “false flag” network attacks against enemy systems, deliberately leaving traces to mislead others, achieving the purpose of confusing the enemy and framing others.
l Turbine(Turbo): Developed by the NSA, this malicious software, when implanted into hostile computer systems, gives the NSA complete operational and control rights over the targeted computers:
Ø Recording keyboard input, and collecting usernames and passwords for websites and email accounts;
Ø Controlling the target computer’s microphone, recording conversations happening nearby;
Ø Controlling the target computer’s camera, taking photos of what is in front of the computer;
Ø Recording user browsing data and being able to interrupt file downloads on the controlled computer, preventing access to websites;
Ø Retrieving data from USB drives connected to the computer.
l Turmoil(Chaos): A data surveillance sensor network developed by the NSA to monitor various data transmitted across the entire internet. Turmoil is capable of:
Ø Automatically identifying the type of data being monitored based on “selectors”;
Ø Analyzing the monitored data;
Ø Sending useful data back to the NSA.
l Suter(Speedy) project, which the US Air Force began researching and implementing in 2001. This project enables the Air Force to:
Ø Monitor and obtain target information controlled by enemy radar;
Ø By sending data streams to enemy electronic information systems, take over enemy electronic information systems, controlling enemy radar antennas to turn away from US aircraft and other entities;
Ø Conduct electromagnetic spectrum attacks, infiltrating time-sensitive systems networks of the enemy, such as missile detection systems, for disruption and destruction;
Ø Allow cyber soldiers on aircraft to enter enemy computer networks for monitoring and operations;
Ø Attack and infiltrate enemy command communication networks, manipulating them to ensure enemy failure.
Types and Methods of Cyber Attacks
(1) Types of Cyber Attacks
Cyber attacks mainly fall into the following three categories:
Ø Proactively attacking and striking the enemy (Cyber Attack);
Ø Stopping normal services provided to enemy countries;
Ø Conducting public opinion warfare and psychological attacks against enemies.
(2) Methods of Cyber Attacks (CyberAttack)
The US military cyber forces and other relevant agencies have various methods of attack in cyberspace, not only traditional computer network attacks (Computer Network Attack – CNA), but also new attack methods across the entire cyberspace.
Below, we briefly introduce eight methods of cyber attack.
(1) Hacker-type attacks
The US military cyber forces and other relevant agencies use computer viruses, Trojan programs, “logic bombs”, etc. to launch attacks against enemies. This is the type of network attack commonly used by civilian hackers.
Each time a highly harmful computer virus attack occurs, it can infect millions of computers and tens of thousands of networks globally, even causing crashes. The following image shows the distribution of infected computer network IP addresses globally on June 29, 2010:
(2) Attacks using logic bombs
A logic bomb is a type of malicious computer program or a part of malicious code in a complete program that is activated when predetermined conditions are met.
The target of this attack is predetermined and can achieve the expected effect. We can call this “precision strike”.
(3) DoS (Denial of Service) attacks
DoS (Denial of Service) attacks are technically simple attacks commonly used to make enemy computers and networks unable to accept services or even paralyze them.
To conduct a DoS attack, many participants often need to be mobilized. For instance, the email address of Xinhua Net, which is hosted by Xinhua News Agency, is [email protected]. If the enemy mobilizes thousands of internet users to simultaneously send emails to [email protected], it will cause Xinhua Net’s email server to refuse to accept emails, or even crash the server.
(4) Attacks using operating system “backdoors”
All major operating systems worldwide, including Windows, Unix, Linux, MacOS, etc., are developed by US companies and experts. US-developed operating systems all have “backdoors” pre-installed, allowing developers to freely enter and exit through these “backdoors”.
The cyber weapon Fluxwire developed by the CIA utilizes the pre-installed “backdoors” in operating systems to establish a platform for using various related attack weapons.
(5) Attacks using hardware “backdoors”
The US is the world’s leading chip manufacturing country. The production of major high-end chips (x86 architecture chips) accounts for over 95% of the global total. The US is also a major producer of network devices. The US can embed “backdoors” in the chips of those products, allowing only special experts to enter through the “backdoors” to conduct attacks against enemies.
The US Cyber Forces can use the “backdoors” in devices manufactured in the US to embed viruses and Trojan programs into enemy aircraft, tanks, ships, missiles, etc., causing them to explode, self-destruct, or engage in mutual destruction, thereby achieving the effect of destroying enemy weapon systems and defeating enemies.
(6) Attacks using software “vulnerabilities”
Operating systems and other common software will have more or less “vulnerabilities”. The larger and more complex the software, the more “vulnerabilities” it has. Once developers of operating systems discover a “vulnerability”, they will patch it up. Microsoft’s Windows discovers “vulnerabilities” almost every day and provides patches for them.
Cyber soldiers and hackers enter computer systems through the “vulnerabilities” of common software to engage in destructive activities, which is the most commonly used method of computer and network attacks.
(7) Electromagnetic pulse weapon attacks
Using malicious electromagnetic pulses to attack aircraft, tanks, ships, missiles, and other weapon systems can cause the computer control programs within them to malfunction, achieving the goal of destroying enemy weapons.
(8) Non-material biological weapon attacks
Using non-material biological weapons can damage the brain nerves, visual cells, etc. of the person sitting next to the computer terminal, severely harming the enemy’s health and the operation of their computer systems.
(3) Stopping Normal Services Provided to Enemy Countries
The US provides paid services to countries worldwide, including hostile nations, primarily internet (Internet) services and Global Positioning System (GPS) services.
When the US deems it necessary, it may take measures to interrupt the internet or stop GPS services for certain hostile countries.
(1) Interrupting Global Internet Services
The global internet is controlled by the US. Providing paid internet services to various countries, including enemy nations, is the responsibility of the global internet construction and management agencies established in the US.
During the Obama administration, the Federal Communications Commission (FCC) introduced the “net neutrality” principle, requiring all network service providers to ensure that all users can use the internet without restrictions at any time, place, or terminal; prohibiting internet service providers from blocking websites or limiting website traffic.
On June 14, 2018, Trump announced the cancellation of the “net neutrality” principle established during the Obama administration.
By canceling the “net neutrality” principle, the US government can implement “internet disconnection” against any hostile country in the world, meaning interrupting that country’s internet. For China, this gives the US government the right to implement internet disconnection against China.
During the first and second US invasions of Iraq, the US also implemented internet disconnection against Iraq.
(2) Stopping Global Positioning System (GPS) Services
The US was the first to provide paid satellite positioning services globally, namely GPS (Global Positioning System) services. Now, China’s BeiDou Navigation System also provides positioning services to many countries.
In mid-March 2019, conflict broke out between India and Pakistan in the Kargil region. Russian satellite news reported on March 15, 2019, that the US military cut off GPS signals in the Kargil region, suddenly stopping GPS services for India and Pakistan.
When GPS was cut off, Pakistani pilots immediately switched to the Chinese BeiDou navigation system. During the three hours of combat, India could only watch as its army was attacked, resulting in chaos.
(4) Public Opinion Warfare and Psychological Attacks
Public opinion warfare and psychological warfare are prominently displayed in cyberspace. By implementing public opinion warfare and psychological warfare, the enemy can be deterred, and their psychological defenses can be mentally destroyed, achieving the purpose of “defeating the enemy without fighting” or “defeating the enemy with minimal fighting”.
From late 2006 to early 2007, the US Department of Defense formed a cyber media warfare force. Members of the cyber media warfare force are both computer experts and excellent “reporters”. This force has worked around the clock in cyberspace, contributing significantly to maintaining the US’s dominant position in public opinion in cyberspace.
On March 20, 2003, the US invaded Iraq, marking the beginning of the Second Iraq War.
The US launched the largest psychological warfare in history against Iraq. The US activated various propaganda machines to accuse Iraq of possessing weapons of mass destruction, manipulating global public opinion. In the early stages of the war, the US military sent “surrender letters” to thousands of Iraqi military and political leaders’ email accounts, slandering President Saddam and persuading them to surrender. Less than 4 hours after the war started, the neutral Al Jazeera English website was blocked by the US.
Furthermore, the US employed a policy of bribery towards Iraqi officers: many officers were bought off by US intelligence agencies with large sums of money.
Coupled with the US’s absolute military advantage over Iraq, this led to Iraq’s total defeat.