VAAW -- VIRUS AS A WEAPON
VIRUS AS A WEAPON RESEARCH
Properly developed computer VIRUS provide the basis for a positive weapon to defeat
aggressor intrusion into communications, computer networks, computer enhanced
electronic signal feedback, etc. The potential of computer corruption reverse engineered
is virtually unlimited. The use of VIRUS offers a "cheap shot" effective solution. At present,
computer users are at a loss concerning when and if corruption is used. It is Sobczak's
belief that so much time has been spent identifying and halting VIRUS that little, if any,
effort has been directed to using the VIRUS concept as a positive protection mechanism.
The simplest use of corruption is in the area of telecommunications. In order to eliminate
the theft of video signal, a VIRUS could be transmitted which corrupts the video and/or
audio micro-circuitry of the receiving device. Naturally, legal devices would be equipped
with appropriate protection. A variant of the VIRUS Effects Program could be signed
and encrypted for this purpose.
Corruption has appeared in computer networks. Those which transmit E-Mail offer the
easiest access to a potential aggressor. The IBM problem at BOCA RATON was said
to originate in Germany. A potential aggressor need only locate a connect node.
Sufficient VIRUS type software exists to locate and copy password files. Further,
people become a major problem. So-called-hackers exchange telephone numbers on
RBBS. The privacy of any network is therefore available to a universe of non-approved
users. Even the most sophisticated, potentially incorruptible network is at risk. A
dedicated worker with the best of intentions might, under the pressure of workload, carry
a floppy disk home so that the in-house work can be completed at home. It is possible
that his personal computer is corrupted. A VIRUS timebomb could be dormant in his
system, obtained from a RBBS. It might be copied to his floppy disk and transmitted
into his otherwise secure "at-work" computer environment. The VIRUS could be
triggered by his system clock with instructions to dial out and call the aggressor device.
The Sobczak VIRUS research center has trapped this class of VIRUS. It should be
noted that a VIRUS does not need to do physical damage to be dangerous.
Sobczak has experimented with the concept of unique VIRUS protection. The signed
VIRUS is not dangerous to protected systems. Assuming that all devices are protected,
only those unapproved devices entering the frequency will be affected. We have
found that digital signals, copied to tape, are equally effective when transferred to
unprotected machines. The signature provides control so that the protection is unique
to the frequency and its approved devices. Commercial V-PHAGE does not allow an
intruder to interdict this logic.
The introduction and extension from PWB (printed wire boards) to high powered chips
opens the door to VIRUS corruption. ACC, Inc. is experimenting with corruption
excluding BIOS. We believe that the computers and connectivity used to integrate
operations and controls can and should be protected. It is imperative that we protect
existing physical resources while extending the state-of-the-art of operational equipments.
The threat of computer 'hacking' offers a positive approach to the corruption of electronic
signal as it affects ELINT, SIGINT, and COMINT. Thought should be given to the
opportunity of VIRUS to infect digital signal processing during conversion to numerical
form, cataloging or in other processing activities. It must be possible since the analog
data converts to digital data as one's (1's) and zeros (0's) to create a bit stream which is
raw assembler-category computer code. Admitting this possibility infers that any type of
signal collecting device can be placed at risk. Further, the ability to affect the response
of an energy wave allows VIRUS to enhance the signal returned so as to distort the
presentation. This would disorient the ROB/EOB by affecting millimeter wave windows.
Successful and widespread use of digital processing has resulted in numerous examples
of A-D and D-A converter use. Here are some examples.
A. Digital_Control_Systems - Variables originate within a system. They are
sensed by an analog sensor, digitized by an A-D converter, and then transmitted to a
digital processor. If the processor merely manipulates and stores this information, then
the system is a simple data acquisition system. VIRUS can be constructed, if they do not
already exist, to shift registers and/or corrupt data values by a binary manipulation (10's
complement, etc.). If, on the basis of the input information control signals such as
symbology for screen display, determined by the processor, are returned to the system,
then a digital control system is present. An analog bit stream could be created to convert
to digital assembler macros to corrupt system processes without having a trace of the
action taken. This type of VIRUS exists today. In the creation of the ACC VIRUS SUB-
ROUTINE DBMS a VIRUS was created which attacks the BIOS to either exercise or
modify commands.
The manual describes a method of interfacing an eight-bit Teledyne 8700ADC with the
8080 microprocessor using the interrupt mode of operation. The foregoing again shows
that knowledge of the chip architecture will allow the necessary manipulation to produce
digital machine code necessary to introduce a corrupt code into the ADC. In the
Teledyne System the corruption could be hidden in the 8080 low-order address bus, the
8080A microprocessor and the 8228 bi-directional bus. In the design of the 8080 vector
15 exists, but is not used. Similarly, the 8228 has MEM-R and MEM-W unused, both
feeding the 8080A via the databus.
Corruption might be appended to the 8700 ADC interrupt service by the addition of PUSH
commands to the unused registers. In most microprocessor systems the data bus is
shared by many devices, such as memory and I/O ports. It appears logical that once the
first premise, i.e., conversion of analog to digital in a preconceived ordered array is
accomplished, a corruptor is in position to manipulate the microprocessor.
B. Hybrid_Computation_Systems - Hybrid computers consist of an analog
computer and a digital computer communicating to each other through a fairly
sophisticated interface. This interface normally includes several A-D and D-A
converters for transforming the signals to the appropriate computer format. While the
analog computer is a low-accuracy device, it does permit fast parallel solution of ordinary
differential equations. The digital computer is a high- accuracy serial machine with
extensive logic and memory capabilities. Together, communicating through A-D and D-A
converters, they permit a very efficient solution of certain classes of continuous system
optimization and statistical problems. Converters used in this application are often
designed with computational capabilities. Thus, the converter may act as a multiplexer.
Computer VIRUS can attack all three, i.e., analog computer, digital computer, and
converter. The process involves disassembly of the chip architecture to comprehend its
design. The VIRUS takes advantages of design tradeoffs and flaws. As an example,
ACC determined that an omission (open door) in the design of the Everex modem chip
allowed VIRUS to load, store, and execute from the modem. To our mind the pressure
of putting sophisticated systems in place in your environment has probably left many
open doors. In addition to capitalizing on aggressor tradeoffs and omissions, we could
harden existing American equipments to resist VIRUS.
The important fact of the foregoing is the ability to overlay the ROM chip with code
which functions to affect the chips normal operations. It is fact, i.e., Corrupting Code
exists and that a Video RAM, Modem or Disk Controller Chip can be manipulated.
C. Communications_Systems - The advantages of digital data transmission
has resulted in extensive use of converters as parts of telemetering and voice
communications. In telemetering, system analog signals originating in remote locations
are first converted into digital signals and then transmitted to the control station. Remote
weather and defense related monitoring systems fall into this category of applications.
The opportunity mentioned in the first paragraph of this monograph includes:
1. Modification of binary coded characters,
2. Disruption/distortion of digitally generated symbology,
3. Transmission of VIRUS to ground site for execution during analysis, sortation or
redistribution. (NOTE: A so-called Trojan VIRUS could propagate the structure of a
network control system. The NASA and IBM experiences prove this not only can, but
does work), and
4. Distortion of wave windows in the millimeter bands by separation and range
shifting.
D. Voice communications systems - are also becoming increasingly oriented toward
digital signal processing. Thus, in many situations analog voice signals are being digitized
with A-D converters and subsequently transmitted over timeshared channels, with
many conversations being "simultaneously" carried over the same channel. Such
systems can be designed to be flexible and can handle both speech and data at the same
time while making optimum use of the bandwidth capabilities. AT&T has had its microwave
repeaters come under attack from sophisticated hackers. To date, they have been saved
from corruption by the combination of equipment sophistication, cost to duplicate that
equipment, and security. This is not to say that hackers have not taken credit for some
documented problems. This area provides a positive use of VIRUS to attack the attacker.
We have developed signed VIRUS which corrupts illegal data gatherers. We call our
concept "cheap shot protection". Again, as previously stated, a program can attack,
execute, and erase, leaving no trace of the interdiction. There are several VIRUS active
on bulletin boards which start as a time bomb, i.e., get copied to a hard drive, file server,
or unprotected controller-type chip, function as a Trojan reproducing in a new area
hidden so that the time bomb repeats itself (NASA's SCORES VIRUS is an example),
poisons the system, and then jumps to the operating system DEL (ete) command and
erases itself. In terms of disrupting communications a simple VIRUS could modify the
digital transmission to simulate a jammer repeatedly, but randomly. An aggressor
could spend a great deal of effort protecting against himself (a Trojan/VIRUS in his
system).
AN EXTENSION OF VIRUS AS A WEAPON TO PSYCHOLOGICAL OPERATIONS
Weapon systems computer security is characterized by management recognition and
support, established specialists, in-house security officers, computer security products,
federal standards, policy and procedure, formal security reviews, a body of knowledge
documenting loss experience, laws and regulations, and special controls. All approaches
to weapon system security follow the traditional way of operating. In the universe of
available corruption of software and equipments the foregoing is not enough. Traditional
philosophies are bypassed by the uniqueness and innovation of individuals who live their
lives seeking the thrill of defeating "the system". In some cases the methods involve what
is called computer virus. We suggest that research be performed using the virus anti-
corruption technology as the basis for expansion into the universe of computer oriented
psyops delivered by microwave.
Tradition has spawned a computer security trusted system mentality on one side and
a cult of system corruptors on the other. The corruptor takes advantage of the
standardization of system strategies. The narrow "business as usual" attitude on the part
of the protectors of the system does not reciprocate. Those responsible for protection fail
to acknowledge the ability of the attacker and to learn from tradition and to use standard
tactics against protection efforts to corrupt trusted equipments. The dialectic of arms
development favors offensive weapons. Every means of defense generates a new means
of attack. Every aspect of tradition is suspect as proven by the results of the ARPANET
incursion in November 1988. If the attack had included a psyops bomb as explained
herein, it is possible that people as well as machines could be casualties. Technology
requires a quantum leap to prevent the corruptors from winning. The defense computing
resource and the weapon systems represented must be defended from economic
aggressors and from misguided internal threats.
Sobczak logic, which follows, proposes new classes of corruption and a new dialectic for
weapon system security which are based upon the concept of reverse engineered
aggression. Our philosophy of computer security differs significantly from the terminal/
workstation to LANS to mini computers to data switches to mainframes and super
computers standards in architecture, function and exposure. We have included areas of
thought which may seem irrelevant to current strategies and capacities. We ask you to
consider that in 1900 airplanes were rejected by traditionalists in Military strategy. As time
passes every age learns it has capacities beyond its expectations. Our concepts deal with
high risk approaches. It must be noted that payback varies directly with risk.
In 1989, we created a benign threat model as part of a design of experiment to produce
an epidemiology of threat and user reaction to threat. We will structure an architecture
of responses presently unanticipated by traditionalists during the development of the
software. We will capitalize upon the aggressor's ego to create unanticipated response to
a determined threat. We will define a weapon specification at each level of military
computer architecture in preparation for producing demonstration test beds in the 1990's.
We can produce uniquely innovative, untraditional approaches to threat free computing
in any weapon system class defined for analysis. Our goal is to disrupt the dialectic to the
benefit of the defense computing resource, its weapon systems and future psychologically
oriented Developments.
WHY THIS LOGIC
The purpose of our research is to step back from the traditional "tit-for-tat" reaction to
computer security in order to develop an architecture of anti-corruption methodologies
which consider and use science fiction type strategies. Current vulnerability risk analyses
are based on traditional knowledge of "what in our best estimate could happen" in a
scenario of specific known threats. An epidemiology of a closed network using benign
corruption will factually define the reaction and response of users in the world as they know
it. What of the world that may be. It is possible that traditional responses could compound
the problem. Present response is oriented to occurrence colored by perception.
VAAW is untested outside a closed professional environment. Our experiences have
progressed from simple OS-based determination of the logic of corruption in micro
computers to the logic of inconceivable corruption in our country's largest systems. We
poll hacker/phreaker BBS to determine the direction and plausibility of villainous actions.
We have modified our earlier Computer Virus protection logic several times to include
potential scenarios which traditionalists termed "science fiction". We propose to extend the
logic of "science fiction" to forecast the composition of future corruption. If the problem
cannot happen, you need not expend resources to protect against that class of problem.
However if the problem is plausible, has a body of research associated with it, and affects
the security of our way of life, it must be considered. Aggressors fear retaliation. Sobczak
designs retaliation into our schema for anti-corruption technologies.
We wondered how easily one might corrupt an A/D converter. We wrote code and paper
tested a "pause/open/push" in repetitive mode. If the manual is correct an attacker can
attain an access point. Code could be entered and directed to a processing stack without
affecting the dedicated data collecting memories. If a transmitter were constructed, which
mixed analog signal being returned from a contact to produce a modified signal which was
equal but different, it becomes possible to disrupt a fielded weapon system. Using the
programmer's manual we wrote code to average input signal. This program when it entered
the microprocessor would blank the radar screens being feed converted data which is
uniformly equal. On paper the logic is theoretically sound
Next we tried to determine if sensors were protected. For the most part we believe that
sensors are a weakness in any system. We believe the corrupt codes of the virus world
could be used to create a psychological effect upon an enemy. We believe that we could
develop both a weapon and the countermeasure which protects against it. The psyops type
corrupt code concept presented herein is an extension of this thought process to include
damage to people. A modified version of VAAW was proposed for a stealth application.
Manipulated Image Response Adjusting Generated Emissions (MIRAGE) is a more
cost effective alternative and a method which implies more safety to a crew of a stealth
aircraft than current in process developments. Sobczak has talked to the Israeli engineers
building the AN/ALQ 56M Radar Warning Receiver. MIRAGE IS POSSIBLE.
We have proposed an encrypted VIRUS which is guaranteed to destroy non-authorized
users in a digital transmission network. Electronic On-Line Integrated Network
Security System (EOLINSS) was proposed. In this approach a signed virus is dispatched
upon connect to verify the validity of the sending station. If the sending station
acknowledges with the proper signature no problems are encountered. Failure causes the
sender to be attacked. If both ends are validated the system continues to function sending
random virus code during transmission so as to affect any interloper who tries to listen. The
system works to the point that data collected to a tape recorder will corrupt a hard drive
even if it is read into the device off line. This logic shuts down our modem when the
unwanted call. The advanced version is "Active Response".
DEC security is effective if it is installed properly per the DEC Instructions. Sobczak knows
of an inquisitive Federal employee who wrote/is writing/has written code which determine
if security is properly installed. If installation is improper it downloads "/passwd/id/ao" to the
attacker. Further DEC does not protect against resource manipulation. A simple shell will
lockup all types of DEC equipment.
There are several dozen UNIX BBSes which contain a great many appropriate utilities. As
we propose with micro corruption identification schema, we believe that a structured
methodology could be produced to function in the time frame between today and when
permanent protection under development at DARPA, NSA, and NIST is in place.
Sobczak has entered into arrangements with individuals we consider expert in the ability
to convert code from language A to language B within and among OS. We have found that
these experts take corrupted code we generate and convert it to minicomputer and
mainframe code in hours. As we gain experience we find that we can take a program and
convert it to a type applicable to disassembly, disassemble, execute the appropriate utility
diagnostics, adjust the disassembled code to optimize its function and reassemble in a mini
or mainframe format in less than one hour. Our test bed would be the model for the final
product designed and documented with tutorial for selected users to beta test.
Our organization for anti-corruption research includes hardware specialists. At the VAX
level a corrupt code can placed on an machine in a manner that defies human detection.
Further, the VIRUS destroys itself on execution leaving no trace of its prior existence.
DEC hardware specialists have replaced components and filed quality failure reports
concerning damage which was virus initiated, i.e. a friction generating type program at the
VAX level. In each case DEC blamed equipment for the problem. Every test was created
on the micro test bed either by our personnel or from VIRUS captured from the universe
of corrupted software on bulletin boards.
The proper organization of hardware engineers, systems software engineers, and
application programmers can readily corrupt higher level devices which are generic in
nature. We must assume that an aggressor will eventually define the methodologies
necessary to be effective in the transference of earlier psyops concepts and experimental
results to the more fertile area of weapon system interdiction. We believe based upon our
intelligence gathering on BBS, searches of information based DBMS and visibility of the
concept within an aware media that Sobczak is ahead of its competition in approach and
research.