A Russian criminal gang breaks into a bank undetected after immobilizing the alarm system with a blast of electromagnetic energy. Hundreds of miles away in Holland, a criminal mastermind keeps one step ahead of the police by bugging and deciphering even their most secret communications. These two events, though far apart, are part of the same frightening phenomenon: the growing use by criminals of sophisticated information warfare (IW) techniques and technologies borrowed from the military and security services.
Information warfare is the art of monitoring or attacking your enemy's communications and information networks. IW techniques range from overt physical attacks aimed at damaging or destroying communications and computer networks to covert "virtual" attacks -- such as tapping communications or hacking computer files -- which rely on their effect of being undetected. Information warfare also includes elements of propaganda and psychological operations, such as jamming enemy broadcasts and replacing the content with your messages.
IW used to be a technique used by generals and spies, but now it's something happening on the streets in any town. "A great part of IW now takes place in the field of computer-related crime," says Captain Freddy Gevaert of the Belgian national police, the Gendarmerie. "We have gone beyond the world of tangible goods and stepped into a virtual world where data is knowledge, knowledge is power, and power is money. And where you find money, you find criminal organizations."
A criminal investigation in Holland showed how criminal gangs are using IW techniques not just to attack commercial targets, but also to harass and outmanoeuvre police and judicial agencies. "We found ourselves dealing with an opponent who was technologically ahead of us and who was therefore very difficult to follow," says Piet Kruijer, a chief inspector in the Amsterdam police. "We discovered that information warfare can be used against the police force and civil authorities as well as against industry and military organizations."
Kruijer's opponent was an Amsterdam gangland boss, Charles Zwolsman, who created a sophisticated counter-intelligence organization, backed by impressive hardware and software technology, to destabilize the police investigation into his operations. Zwolsman's private intelligence agency, dubbed the "Service Department" by Kruijer, operated as five separate groups, or "cells." As with military or terrorist groups, each cell worked independently and only communicated with others when necessary.
A group calling itself the "counter-observation team" (COT) shadowed police personnel and passed on intelligence -- including home addresses and license plates of police personnel -- to Zwolsman. A second group of wire-tapping experts -- dubbed the "scanner freaks" -- developed and installed wire-tapping equipment, with the help of people within the Dutch telephone company and local universities. Two separate groups of hackers -- one politically motivated and another more criminally oriented -- monitored police IS and communication systems.
"These groups succeeded in cracking the encryption used by many Dutch government services," Kruijer says. "They could decode our conversations within three days of interception." A fifth group, known as the "technical criminals," developed the IS and communications infrastructure supporting the others.
Using the inside information acquired from monitoring police communications, Zwolsman kept one step ahead of the Amsterdam police for months on end. But he also waged a destabilizing psychological war against Kruijer's people, using information gathered by the COT and the wire-tapping units. "We discovered that our communications were being tapped, computers and files were disappearing, attempted burglaries were made on houses of investigating officers, and our people were subjected to threats and blackmail attempts," Kruijer says. Transcripts of conversations embarrassing to the police and the judiciary were also leaked to journalists, he adds.
Zwlosman was only defeated after Kruijer identified and pursued key members of the service department during an 11-month period, ending with a wave of house searches and arrests. Zwolsman and several associates were convicted, and the organization was broken -- at least temporarily. The experience taught Kruijer two lessons: that criminals are building technological infrastructures potentially more powerful than those used by the police; and that the authorities must change the way they operate. "Since the Zwolsman case, we've managed to raise the awareness of this sort of problem within our organization, but we are always going to have people within the police who underestimate the problem," Kruijer told a recent conference organized by the National Computer Security Association.
From - Criminal Information On The Wires by Douglas Hayward