Delving deeper into the weaponization aspect, Winn Schwartau gets down to describing such technologies as HERF, EMP, un-manned vehicles, and flying bots.Next thing I’m really interested in is EMP and HERF (see right-hand image). Why do I care about EMP and HERF? It makes some other technology useless – perfectly good words. And we’ve known about it since some of the earlier tests in Bikini Island in 1946, and it was one of the accidental side effects, when some of the ship’s navigation systems that were monitoring the test went down.
We have HERF – High Energy Radio Frequency, EMP – Electromagnetic Pulse, HPM – High Power Microwave signals. And we’re starting to see programs that have been highly classified in the military. They began in the late 70s, called DEW, Directed Energy Weapon, sort of Star Trek-y, Star War-ish kind of stuff.
And I was curious: what can the bad guys do? The first one I saw, I don’t have a picture here, was in Holland. It was in 1990, and it was part of the old Star Wars project. Does anybody know what a Jacob’s Ladder is, any EE kind of people in the room? Alright, cool. It’s good that we have geeks in there, and not the RSA corporate assholes.
And so, Jacob’s Ladder is an electrical multiplier, and these guys wanted to make Christmas lights and use them for cool stuff in their condo. Turns out, their neighbors said: “How come you’re turning off our computers?” Oh, unintended effect, cool. And they ended up being able to spark gap discharge and take down stuff for a couple hundred feet. It was random, they couldn’t repeat it, but I really got intrigued by this.
So, when I went in for WarCon in 1994-1995 I got a buddy of mine who built this device down there (see middle part of the image above) – it used a wide dispersion pattern and was able to shoot down shit; he said a kilometer, he lived out in the desert and he did the testing. And I thought: if it’s inside of a building, there will be a much shorter range but he was in the desert. And I said: “How do we do something even cheaper?”
Some of you know who Heinrich Hertz is. Who does not know Heinrich Hertz? Perish yourself with your hands. No hands go up. Oh, wait; you don’t know who Heinrich Hertz is? 60 Hertz on the wall, right? Hertz, he was the guy, he invented electricity. If you believe this, get the hell out – no, I’m kidding.
So we found his original book on Hertzian Generator, I think it was from 1882, and we said: “Let’s build one with a car battery.” We plugged it in, shot it off, had a capacity so we could do the spark gap stuff, and thankfully the guy with a pacemaker didn’t die. The VCR died, the cameras died, and we thought: “Wow, this is really cool!” And then we upped it with a couple more car batteries, and probably shot off a Terawatt next to a National airport. Don’t be scared of a Terawatt – has anyone read my book Time Based Security? A few of you, maybe. It’s called the byte by time – a Terawatt over how much time, because then you’re looking at average power, spontaneous power, people forget that these are all parts of the fundamental Hertzian equation. Again, I’m going back 150 years here. It’s fundamental EE stuff that we have ignored.
Now, imagine you work for a bank. Imagine a branch office going down at 9:46 for no known reason. 10:13, goes down for no reason. 11:17, goes down for no reason. This stuff cannot be tracked, cannot be seen unless you’ve got specific EMP kind of monitoring capabilities, which puts you then into the nation state realm.
Are the bad guys going to use this? Take a look at the British tabloid and papers from 1996, headlined: “British gang taking down banking services for 400 million pounds.” One article was published, and the Secret Service and the MI6 pulled everything immediately thereafter. Is it going to be adapted? My belief is Yes, which comes down to a concept: “How do you defend against it?” How do you defend against something like this? Research, start somewhere.
My answer is: 1) you guys start thinking about it; 2) graceful degradation. How do you take your networks when they’re under attack of any sort, of any vector, how do you gracefully degrade services without having a binary function? Digital is not binary; it’s still on a spectrum. Our network, we designed this so that all data is equal, let’s protect absolutely everything – it’s not real. But some of the fundamental concepts that we’re using have this binary mindset. Degrade services gracefully under your control and design those into your network.Some more technology: Un-Manned Vehicles – UMV (see right-hand image). A few years ago at WarCon we had a UMV helicopter. Now we have UMV. Has anybody seen the pizza delivery helicopters? That’s kind of cool! As these get more and more prolific outside of the military domain, and we’re starting to commercialize them – put on your evil hat, what can you do with this? Pizzas falling from the sky… Can we intentionally cause some sort of damage through our un-manned vehicles?
Right now we’re talking about cars that are all going to be autonomous driving; they’re going to be safer. Are we going to screw with them? Has anybody screwed with car hacking yet in the room? Alright, we need more of this. I was on the phone with OnStar three years ago, and they said: “We want to add some security” – “What do you need?” – “Oh, we want this to work…”, and they actually had these ideas. I said: “Yeah, but you need this and this, etc.” They said: “Yeah, but it’s going to up the cost like $4.” For your 37,000-dollar car that $4 is going to break your bank? And what are we seeing now? We’re seeing… what are they called? CAN – the Car Area Network, I think it’s awesome. The University of Ohio right now is doing a hacking; they’ve got 150 people now actually hacking all of these cars. I want you guys to think about the evil side of this before the evil guys start taking over and we start losing more and more.There we go! In Germany they’re really paranoid about these things (see right-hand image), so what they do is they’ve got a cage with bumblebees in. They recently discovered on how to mechanically reproduce birds and flying bugs with new aerodynamic principles. Now that we understand how bumblebees fly, we can duplicate them with silicone parts, etc.
When you’re in a meeting, super sensitive board meeting, and there is a fly in the room, what do you do? Cancel the meeting? Yeah, ok. We’re going to have a very difficult time being able to distinguish quickly what are real units and what are silicone units. How do we adapt ourselves to this kind of espionage, whatever term you want to use, or this technology? Are we ready to start defending against this, or are we going to have to wait for the first half a dozen incidents, and then start having to catch up again? And I’m really tired after 30 years in security of still playing catch-up. I want to get thinking about these things earlier and earlier.
Read previous: Beyond Information Warfare 3: Technology Weaponization