Computer Viruses for
Military Purposes
Content:
Personal Computers in Military Structures
Introduction
Because of the destructive functions that can be built into computer viruses the idea of using these for military purposes is obvious. Realising this, the American Department of Defence already in 1990 promised a reward of USD 50.000 to anyone capable of developing a promising concept for a militarily useful computer virus. lf the concept proved viable and practical, a development contract of the order of magnitude of USD 500.000 was likely. It is quite understandable that this caused hundreds of hobbyprogrammers to start writing viruses in order to make big money or do something for their God and country.
Till this day no virus used for military purposes is known, even though research projects in the USA, Russia and France have been carried out by companies and research institutions. The fact that so far no such virus has been discovered is based in the design of large computer structures, nets and organisations in the military realm. Also the specific design of military computer Systems plays an important part, however. This leads to considerable problems both on the computer side and the side of the computer viruses.
Military Computer Systems
Military computer systems are used to calculate positions, control weapon systems, target systems, etc. They are included in practically every weapon system today, ranging from armoured vehicles over fighter planes to rocket defence systems. The significance of this is that the computer systems are not universally usable, but fall into the category of Dedicated Systems, i.e. systems that can only be used for one particular purpose. These systems are not all based on the same type of CPU like the PCs. This alone leads to considerable difficulties for a computer virus.
The next problem is that the functionspecific systems are based on applicationspecific optimised operating systems, which are not in any way compatible with e.g. PC DOS-type operating systems. Furthermore it is safe to assume that the operating system used in the navigational system of a tank is completely incompatible with the weapons control or target following system used in the same vehicle. Thus, a virus would not be able to migrate from one system to the other.
Since these control systems are furthermore stored in ROMs or EPROMS, no virus would be able to infect an executable piece of code. The task of this type of military computer systems is to process data from e.g. GPS receivers or target coordinates acquired through the use of laserbased range measuring equipment or radar equipment. This type of system does not permit the user to make changes to the operating system or the programs running. In other words, a virus stands no chance whatsoever of penetrating a system of this type, because the only input to the systems are data obtained from various sources and no executable files at all. For these reasons dedicated and other military systems are not threatened by computer viruses.
Urban Myths
A die-hard tale that has reached the Urban Myth level and is still believed, is the story that the CIA in 1991 succeeded in rendering the Iraqui air defence powerless during operation Desert Storm by means of printers containing a computer virus. According to the tale these printers had been brought into Iraq through Jordan, bypassing the UN embargo. This printer-smuggling operation is supposed to have been planned by the CIA and started several months in advance of the attack on Iraq by the allied forces. The computer virus is supposed to have disturbed or rendered useless all the computer controlled Iraqui radar and air defence systems for the duration of the Golf war.
The fact is that this report was published in an American computer magazine in April 1991 as an April joke for computer professionals. The story was picked up by one of the large news networks and presented as factual. It is interesting to note that the persons within the CIA responsible for this by no means were soon discovered and several interviewe published. Orson Wells has certainly not lived in vain!
Personal Computers in Military Structures
Of course personal computers are increasingly employed in military organisations, but as described above, they are not used directly in the military field. PCs are mainly found in organisational areas such as intelligence or in administrative functions like accounting and order processing. Thus, in case a military virus were to have any merit, it must be directed against targets within these areas. Although the damage caused in these areas by a well designed virus allowed free reign could be considerable seen from a datatechnical point of view, the disturbance as seen from the point of view of the military structure would be small. And a virus would hardly be allowed free reign.
Another problem is how to smuggle the virus into a military organisation. A virus is not a weapon that you target and fire, causing more or less damage to the target after a certain time. A Computer virus cannot be directed the way a firearm can, because it infiltrates (infects) more or less indiscriminately. The further away from the target a virus is started, the higher the probability that it will not reach its target at all because it is discovered before reaching it, or because it spreads in a direction different from the one anticipated. The possibility even exists that the virus could act like a boomerang and hit the organisation starting it in the first place, through unsecured channels.
Thus the Computer virus must be let loose directly into the target organisation to be effective, to minimise the spread and to ensure that the target is hit at all. This means that it must be possible to gain direct access to the military complex containing the target Computer. Maybe a screwdriver or a grenade would be smarter after all...
A virus does not seem cost/effective in this case. Under the circumstances it is much faster, simpler and more effektive to use well-known means of electronic warfare to disturb the functions of the target Computer or decommission it completely by damaging it in a suitable manner.
Military Computer Centres
A much more potentially profitable target than personal Computers are military computer centres. These centres process important data, and taking out a Computer centre could cause considerable problems. However, here we have to leave the realm of DOS viruses and look at mainframe operating systems like UNIX. lt is necessary to know under which operating systems the target Computer runs and program a virus that will work under that operating system, not an insurmountable task. However, for these Computer centres what was said above about PCs is doubly true. The virus must be let loose in the Computer in order to do what it is supposed to. Penetrating one of these important Computers by electronic or other means is much more difficult than gaining access to an administrative PC in a military organisation. Again, the question is whether it is not more effizient to use well-known methods of electronic warfare or sabotage.
lt is evident from the information above that much more effizient military means to attack Computer installations than viruses are at the disposal of the armed forces. Besides, certain inherent properties make Computer viruses less suitable for electronic warfare. Considering all factors, it is extremely improbable that Computer viruses can be successfully employed in any military capacity.
Copyright (C) 08/1994 by Howard Fuhs
Deutsch
Thema 00
Realisation
Content