Combined Cyber/Physical Ops

A combined cyber/physical tactical operation pushes computer network attack into the field. When you add CNA/CND to the war fighter's tool belt you increase mission flexibility, maximize mission success and truly engage in net-centric warfare.

In 2006, Tim Rosenberg presented a paper entitled 'The Sword and the Network' wherein is described the merging of cyber and physical combat into the same warrior. (The Sword and the Network [PDF]) After the presentation of the paper, several attendees asked about practical application and how to train for such operations.

In the early winter of 2007, White Wolf Security began giving live demonstrations of a combined operation to invitation-only crowds within the DoD. The hypothetical scenario is as follows:

  • Intel has received A2 information that Ali Al-Kahlil ibn Halehm, a Sunni terrorist cell leader, is using an apartment on Street of the Prophet as a safe house. This safe house is also his C2 center for terrorist operations in the Al Muqta district.
  • The source says that Al-Kahlil leaves the apartment on Thursday evenings for approximately 45 minutes to deliver messages to cell members by dead drop vic the bazaar 1.5 kilometers north. He normally leaves approximately 45 minutes before the evening curfew. He goes to the drop and returns by a different route but does not make additional stops or deviations.
  • Intel has detected a wireless network at the location.
  • Intel believes that by introducing ANVISS, and a rootkit into his computer we can intercept their digital C2 traffic and locate the adjacent cell leaders and the higher headquarters' box.
  • 162200(local)February07 Intel cracked the target WI-FI connection.
  • Identified an internal surveillance camera, desktop PC and a wireless firewall/router.
  • Intel is unable to attack the PC system from within the network.
  • THE PC IS THE TARGET, NOT THE PERSON

Mission

262200(local)February07

  • Team 625 infiltrates Baghdad's Al-Muqta district
  • Conducts surreptitious entry of Al-Kahlil safe house
  • Implants ANVISS and rootkit programs onto his C2 computer and exfils undetected.

Operation Flow

  • Red will acquire the visual camera signal as we move in range.
  • Red will call for the DDoS when room is verified clear. On confirmation of DDoS we will complete infil on foot.
  • Enter room, drop power to camera
  • Insert USB (auto-play with U3)
  • Wait 10 seconds
  • Turns system over to Dwight.
  • Power up camera
  • Exfil
  • Continually monitor comms from PC until discovered.