Presentation on theme: "Michael Schearer (“theprez98”)"— Presentation transcript:
1 Michael Schearer (“theprez98”) presentsA Hacker in IraqMichael Schearer (“theprez98”)Opening title slide
2 Plan of Attack Introduction Disclaimers My Background Why is the Navy in Iraq?IEDsComposition, Typology, Counter-IED StrategyThe FuturePlan of Attack—what I hope to accomplishIntroduction—OPSEC, challenges and limitationsDisclaimersMy background—why I am hereWhy is the Navy in Iraq?—why was I in IraqThe main portion of the brief—the Improvised Explosive Device—makeup, typology, and strategies to reduce and eliminate themProspects for the future
3 Introduction Operational Security (OPSEC) Challenges and Limitations Operational Security—unclassified information can be assembled to reveal important details…the importance of protecting sensitive but unclassified info.Challenges and limitations--this speech is narrowly tailored such that a conference attendee can walk out of the room thinking “Wow, that was cool!” while an insurgent could see the same information and think “we didn’t learn anything here we didn’t already know”.
4 DisclaimersThis presentation is UNCLASSIFIED. On some issues I may be able to speak in generalities but not specifics.Nothing in this presentation is classified or “For Official Use Only,” nor does it contain information regarding incidents under ongoing investigation or any information protected by the Privacy Act.These disclaimers are necessary because of my ongoing role as an active duty Naval Officer and the requirements of OPSEC.
5 DisclaimersThis presentation complies with DOD Directives , , andAll images, videos and/or media within this presentation were obtained from open sources using unclassified search terms.I am not here as a representative of the U.S. government or U.S. Navy.I am not here to be “for” or “against” the war. Please leave your politics at the door!DOD Directive is “Clearance of DOD Information for Public Release.”DOD Directive is “DOD Freedom of Information Act.”DOD Directive is “Standards of Conduct.”
6 My Background Active Duty, U.S. Navy Lieutenant (O-3) EA-6B Prowler Electronic Countermeasures Officer (Naval Flight Officer)Licensed Extra Class Amateur Radio Operator (N3WI)Church of Wifi Forums Administrator“Regular” on DEFCON and NetStumbler forumsA little bit about myself…Also, NROTC instructor at Penn State NROTC and IT responsibilities at Penn State
8 This is what I did in Iraq. And yes, I visited the pool at the U. S This is what I did in Iraq. And yes, I visited the pool at the U.S. Embassy!
9 Why is the Navy in Iraq? Threat from Improvised Explosive Devices + Army asked for help+Indigenous Navy electronic warfare capabilitySimple math. The threat was there, the Army asked for help, and the Navy answered the call. The result was JCCS-1 (Joint CREW Composite Squadron ONE). CREW is an acronym for Counter-RCIED Electronic Warfare. RCIED is an acronym for Radio-Controlled Improved Explosive Device. The military LOVES acronyms so much they embedded three of them in one word!=JCCS-1
10 Improvised Explosive Devices “The majority of insurgent attacks come in the form of IEDs targetting Iraqi and Coalition convoys and patrols. Most IEDs are made from leftover munitions and foreign explosive materials which are often hastily put together. Vehicle borne IEDs, VBIEDs, are devices that use a vehicle as the package or container of the device. These IEDs come in all shapes and sizes, from small sedans to large cargo trucks. There have even been instances of what appeared to be generators, donkey-drawn cards, and ambulances used to attempt attacks on Coalition forces and the new Iraqi government.”1“Car bombs and IEDs are responsible for about 65 percent of the coalition casualties in Iraq” (ret Gen Meigs/JIEDDO)1http://
11 Letter to Admiral Mullen (Chief of Naval Operations) to LG Chiarelli, CG of MNC-I. Published into the public domain on the JCCS-1 homepage2http://
12 The Electronic Warfare Mission “Suppress the RCIED threat to Coalition Forces and reduce casualties through enhanced electronic warfare coordination and JCREW operations, training and readiness.”3Mission statement of JCCS-1 according to the JCCS-1 homepage3http://
13 Improvised Explosive Devices What makes up an IED?InitiatorDetonatorExplosive chargeThree basic components of the IED
14 4MNC-I Public Affairs Office; reprinted at InitiatorsCommand-wire (CWIED)Victim-operated (VOIED)Vehicle-borne (VBIED)Radio-controlled (RCIED)MNC-I Public Affairs remarked that these were the most common form of IEDs encountered by coalition forces in Iraq.4MNC-I Public Affairs Office; reprinted atalso
15 RC InitiatorsCommon radio controlled initiators: Standard key fob (cheap and easy to obtain); FRS radios, Long Range Cordless Telephones, Cell Phones
16 DetonatorsDet cord, various types of fuses, Blasting caps, more det cord
18 Attacking the IED Problem Eliminate source materialsEliminate the IED networkA multi-step problem that requires attention to each level.Eliminating source materials“Just getting at the source of the explosives is part of the problem,” he said, “then the factories where they're built, and the individuals who build them, and then the individuals who deliver them, and then the individuals who put them in place. So we go after the entire chain of events.”Chairman of the Joint Chiefs of Staff Marine Gen. Peter Pace;The military’s IED defeat strategy is focused on defeating the entire IED system, the insurgent network of bomb suppliers and makers, and the insurgents that emplace the devices. Taking down these networks requires precise, primarily human, intelligence.Eliminate bomb emplacersPrevent detonationProtect against explosion
19 Eliminating Source Materials: Initiators Initiators have become dual-use technologiesDesigned for non-military purposesExploited as initiation devices for IEDsPlentiful supplyVirtually impossible to trackRequired for basic governmental functionsInitiators as a whole are plentiful in number, virtually impossible to track, and (in the case of cell phones) necessary for the basic functions of government. It is virtually impossible to control or eliminate them as a source material.
20 Eliminating Source Materials: Initiators Iraqi landline network virtually non-existentExtremely costly to rebuild ($1+ billion)Cell networks began installationIraqi cell phone providers (GSM 900)Iraqna, Asia Cell, Atheer, Korek, SanaTel2004: 1.4 million subscribers2006: 7.1+ million subscribersIraqi landline system virtually destroyed by 1991 Gulf WarExtremely costly to rebuild ($1+ billion)Cell networks began installation 2003/2004Subscribers: 1.4 million (2004) now 7.1 million (2006) Total population 26.8 million (2006)Iraqna revenues $333 million (2005) $520 million (2006)
23 Eliminating Source Materials: Detonators Detonators are also dual-use technologiesLegitimate uses particularly in construction (especially given the massive rebuilding effort)Exploited as initiation devices for IEDsPlentiful supplyVirtually impossible to trackAs with initiators, detonators are plentiful in number, virtually impossible to track, and often used for legitimate purposes. It is extremely difficult to control or eliminate them as a source material.
24 Eliminating Source Materials: Explosive charges Huge caches of unused ordnance left over from the Iran-Iraq War ( ) and Gulf War (1991)Artillery shells, mortar shells, unexploded ordnanceFocus on WMD and major conventional weapons systemsPlentiful supplyVirtually impossible to trackThe focus on WMD and transfers of major conventional weapons systems meant that huge caches of ordnance were virtually ignored; this is now the primary supply of explosives for IEDs.
25 Attacking the IED Problem Eliminate source materialsEliminate the IED networkA multi-step problem that requires attention to each level.Eliminate the IED networkEliminate bomb emplacersPrevent detonationProtect against explosion
26 Eliminating the IED Network Locate and eliminate the financiers and support structure behind IED-making cells5JIEDDO Budget for “offensive operations” grown from 13% in FY06 to 31% in FY076Notice how the budget for “offensive operations” is increasingThe number of tips reported to coalition forces is increasing steadily5http://6http://
27 Eliminating the IED Network: CEXC CombinedCoalitionExplosivesIEDsExploitationForensic investigation and hardware hackingCellGroupOtherwise known as CSI: Bahgdad
28 Eliminating the IED Network: CEXC “CEXC provides technical and operational analysis of the improvised bombs the insurgents have used against coalition forces, and develops measures to counter the bombing campaign.”7CEXC is in theater…7http://
29 Eliminating the IED Network: TEDAC The U.S. Government explosives community, including the FBI, the Department of Defense, and the Bureau of Alcohol, Tobacco, and Firearms, collectively formed the Terrorist Explosive Device Analytical Center (“TEDAC”). Located at the FBI Laboratory in Quantico, Virginia, the TEDAC acts as a single interagency focal point to coordinate and manage the unified effort of law enforcement, intelligence and military assets as it relates to terrorist IEDs, and to technically and forensically exploit all IEDs …8TEDAC is stateside.8http:// see also
30 Attacking the IED Problem Eliminate source materialsEliminate the IED networkA multi-step problem that requires attention to each level.Eliminate bomb emplacersEliminate bomb emplacersPrevent detonationProtect against explosion
31 Eliminate Bomb Emplacers Emplaces IED at target locationMay or may not be part of the IED networkMay or may not arm/initiate the deviceMay be involved in video-taping the incidentEliminating bomb emplacers:TipsCommunity pressure$$$The number of attacks is going up because the opportunity is there. “It’s very easy for a young, unemployed, angry male to collect $300 for setting out an IED and (video)taping it,” Meigs said. “There’s a lot of money on the street, so market factors also play a part.”
32 Attacking the IED Problem Eliminate source materialsEliminate the IED networkA multi-step problem that requires attention to each level.Prevent detonationEliminate bomb emplacersPrevent detonationProtect against explosion
33 Prevent Detonation My primary job in Iraq “Suppress the RCIED threat to Coalition Forces and reduce casualties through enhanced electronic warfare coordination and JCREW operations, training and readiness.”9JammersAirborne, Vehicle-mounted, DismountedDifferent models/manufacturersDifferent capabilitiesThat’s all I have to say about that…Consider the limitations of a Humvee: 24VDC battery, 60+ amps (depending upon modifications)9http://
34 Attacking the IED Problem Eliminate source materialsEliminate the IED networkA multi-step problem that requires attention to each level.Protect against explosionEliminate bomb emplacersPrevent detonationProtect against explosion
35 Protect Against Explosion Armor protection: It’s not really just about “more”HHS/brittle/spallingRHA/spall protectionThe solution is not as easy as adding more armor.Spalling videoConsider effects of small arms fire vs. IEDs on armor (High Hard Steel and Rolled Homogeneous Armor)
36 Protect Against Explosion More armor means more weightDecreases maneuverability/speedIncreases rollover potential (higher COG)Increases maintenance on engines and transmissionsUnderbody vs. sidesV-shaped hullsLimitations of more armorEffects of explosions on underbody vs. sides (especially M1114)Role of vehicles with V-shaped hulls and the effects of explosions on such hulls
37 The Future Detection of IEDs using unintentional radiated emissions10 Explosive resistant coating to add protection without adding significant weight11“Local Eyes” sensor network12Detection of IEDs using unintentional radiated emissions being done at University of Missouri-Rolla“Local Eyes” uses existing cell infrastructure and people (basically informants) to collect intel10http://web.umr.edu/~daryl/IEDs/11http://12http://
38 The Future Hyperspectral sensors13 Answers to the Explosively Formed Penetrator (EFP)The Aurora Generation IV hyperspectral sensor, manufactured by BAE Systems, can be placed on a Shadow UAV. The sensor searches for disturbed earth, changes in vegetation or potholes, where roadside bombs have been hidden. The Shadow would have to fly over an area more than once to make comparisons, he said.More on EFPs (click…)13http://
39 Explosively Formed Penetrator (EFP) Misznay-Schardin effectAll you ever wanted to know about EFPs…
40 Acknowledgements See Also The Shmoo Group/Shmoocon StaffThe Church of WifiMy FamilySee AlsoI’d like to thank…WPA hash tablesDEFCON Wireless Village
41 Questions?I’d be happy to answer any of your questions…
42 Michael Schearer (“theprez98”) presentsA Hacker in IraqMichael Schearer (“theprez98”)THANKS!