Table of Contents
Virus, Hospital Infection
Team, Device, and Location
Wall Street Incursions
Hospital Foundation Startup
World-Wide Military Tactics
Exposing Terrorist Activities
Hacking the Hackers
Computer Infection Definitions
Cyberwarfare Combat & Tactics
Major Oil Cartel Price-Fixing
Funding Large Political Donations
Stealing The Robin Hood Virus
Welcome to The Robin Hood
A Book by Robert Nerbovig
World-Wide Military Tactics
Because we have the ability to secretly occupy any computer in the world it becomes critical that we establish an internal department of military tactical information. We will enter the computer networks of countries that may be a threat to the security of the United States and the world such as:
The Russian government spied on hundreds of American, European and Asian companies, the first time Moscow has been linked to cyber attacks for alleged economic - rather than political - gains. The victims of the previously unreported cyber espionage campaign include energy and technology firms, some of which have lost valuable intellectual property.
The Robin Hood Virus / 96
These attacks appear to have been motivated by the Russian government's interest in helping its industry maintain competitiveness in key areas of national importance.
Iran is responsible for a wave of computer
attacks on US corporations, with targets including oil, gas and electricity companies, citing American officials and corporate security experts. The officials stated that the goal of the Iranian attacks is sabotage rather than espionage. The cyber attacks are seen as attempts to gain control of critical processing systems.
The Japanese have mounted a comprehensive
economic espionage and economic intelligence
The Robin Hood Virus / 97
collection effort directed against the United States. Because Japan has a very small government intelligence organization, most intelligence is collected by Japanese companies in coordination with the Japanese Ministry of International Trade and Industry (MITI). Major Japanese multinational corporations such as Mitsubishi, Hitachi, and Matsushita have large corporate intelligence organizations that collect political and economic intelligence. The quasi-official Japanese External Trade Organization (JETRO) has also been used as an intelligence asset, collecting information and even supporting espionage activities.
The French General Directorate of External
Security (DGSE) has targeted U.S. economic and
proprietary data since at least 1964. The top
The Robin Hood Virus / 98
priorities of the DGSE are combating terrorism and collecting economic intelligence. Service 7 of the DGSE has successfully conducted technical operations against telecommunications systems throughout the world and has gathered significant data through these activities. Reportedly, the DGSE targeted Loral Space Systems and Hughes Aircraft for information on telecommunications satellite technology, Lockheed Missile and Space Company for data on the MILSTAR military communications satellite system, TRW for military telecommunications technologies, and GTE Telecommunications Products for microwave technologies.
The South Korean government and South Korean businesses have also conducted operations directed at collecting U.S.
The Robin Hood Virus / 99
economic and proprietary data. South Korea has centered its collection efforts on computer systems, aerospace technologies, and nuclear technologies. According to the Defense Intelligence Agency, South Korean activities have included stealing information from computerized databases maintained by U.S. government agencies and the U.S. companies.
Germany has been accused of using computer
intrusion techniques and SIGINT to gather information on foreign competitors to be passed on to German companies. There are no indications of a HUMINT effort against United States corporations, however, it is likely that German trade officers are collecting economic intelligence through open-source analysis. The German Federal Intelligence Service (BND) is
The Robin Hood Virus / 100
alleged to have created a classified, computer intelligence facility outside Frankfurt designed to permit intelligence officers to enter data networks and databases from countries around the world. This program, code named Project RAHAB, is alleged to have accessed computers in Russia, the United States, Japan, France, Italy, and the United Kingdom.
Israel has an active program to gather
proprietary information within the United States. These collection activities are primarily directed at obtaining information on military systems, and advanced computing applications that can be used in Israel's sizable armaments industry. Two primary activities have conducted espionage activities
The Robin Hood Virus / 101
within the United States: the Central Institute for Intelligence and Special Activities (MOSSAD) and the Scientific Affairs Liaison Bureau of the Defense Ministry (LAKAM). The Israelis use classic HUMINT techniques, SIGINT, and computer intrusion to gain economic and proprietary information.
We will actively enter the networks and monitor these and other countries computer networks for possible hacking efforts against U.S. installations. We will monitor various hackers to intercept the theft of commercial data and prevent a virus from being introduced into a domestic computer systems to prevent the sabotage of our operations. We will monitor NCADE to intercept critical data that is gathered by foreign governments. NCADE was
subordinate to the KGB and is now believed to
The Robin Hood Virus / 102
play a central role in SVR computer intelligence collection activities. NCADE has direct access to data networks in the United States, Canada, Germany, the United Kingdom, and France, and is a client of several on-
line databases. These databases include:
The U.S. Library of Congress
The LEXIS/NEXIS data service
The U.S. National Technical Information Service
The British Library
The International Atomic Energy Agency
The Russians have also established direct connection with Internet service providers such as COMPUSERVE, TYMNET, and the European Union's EUNET. During the Cold War, the Bulgarian Security Service (DS) was a major client of Lockheed's Dialog on-line database service.
The Robin Hood Virus / 103
Dialog information was available to all hosts connected to the Bulgarian packet switch network, BULPAC. These connected hosts included DS computers, the computers of the Bulgarian military intelligence organization, and the Bulgarian research and development institutions. The Chinese, Japanese, and South Koreans have been particularly active in collecting open source economic and technical data by exploiting electronic databases. We will search for and gather all information regarding:
Available imagery products will include:
synthetic aperture radar (SAR) images, electro-optical (EO) images, and multi-spectral imagery (MSI) products.
The Robin Hood Virus / 104
RADAR IMAGERY applications provide a day/night,
all weather imagery capability, and they can potentially be used for detection of submerged vessels or underground facilities.
ELECTRO-OPTIC IMAGERY provides a digitized
panchromatic product that offers visible information at high spatial resolutions. Essentially, EO imagery provides a black and white picture of the targeted facility or area.
MSI provides spectral range coverage, recording
energy visible, near infrared, short-wave infrared, and medium infrared wavelengths of the spectrum of light.
These systems have medium resolution and wide area coverage capabilities. Their utility
The Robin Hood Virus / 105
for targeting, mapping, and regional monitoring was demonstrated by military intelligence applications during the Persian Gulf War. Proposed commercial EO systems will have ground resolutions of approximately 1 meter. This is sufficient in most cases for the precise identification of most types of facilities and will provide significant detail for technical analysis. Currently, ten commercial imaging satellites are being developed, and five of these will provide 1-meter resolution imagery. The use of multiple sensor systems, such as the use of EO, SM and MSI imagery to cross reference a particular feature or facility, will allow change detection analysis, layover analysis, and other sophisticated imagery assessments to be performed by nations and groups that previously
The Robin Hood Virus / 106
had no access to these types of products.
The various types of intelligence include:
(HUMINT) is the collection of information from human sources. The collection may be done through clandestine or covert means (espionage). Within the United States, HUMINT collection is the FBI's responsibility. Beyond U.S. borders, HUMINT is generally collected by the CIA, but also by other U.S. components abroad.
(SIGINT) refers to electronic transmissions that can be collected by ships, planes, ground sites, or satellites.
The Robin Hood Virus / 107
(COMINT) is a type of SIGINT and refers to the interception of communications between two parties. U.S. SIGINT satellites are designed and built by the National Reconnaissance Office, although conducting U.S. signals intelligence activities is primarily the responsibility of the National Security Agency
(NSA). The FBI collects SIGINT through authorized wiretaps and other electronic intercepts of information.
(IMINT) is sometimes also referred to as photo intelligence (PHOTINT). One of the earliest forms of IMINT took place during the Civil War, when soldiers were sent up in balloons to gather intelligence about their
The Robin Hood Virus / 108
surroundings. IMINT was practiced to a greater extent in World Wars I and II when both sides took photographs from airplanes. Today, the National Reconnaissance Office designs, builds, and operates imagery satellites, while the National Geospatial-Intelligence Agency is largely responsible for processing and using the imagery.
MEASUREMENT AND SIGNATURE INTELLIGENCE
(MASINT) is a relatively little-known collection discipline that concerns weapons capabilities and industrial activities. MASINT includes the advanced processing and use of data gathered from overhead and airborne IMINT and SIGINT collection systems.
The Robin Hood Virus / 109
(TELINT) is sometimes used to indicate data relayed by weapons during tests.
(ELINT) can indicate electronic emissions picked up from modern weapons and tracking systems. Both TELINT and ELINT can be types of SIGINT and contribute to MASINT. The Defense Intelligence Agency's Central MASINT Office (CMO), is the principal user of MASINT data. Measurement and Signatures Intelligence has become increasingly important due to growing concern about the existence and spread of weapons of mass destruction. MASINT can be used, for example, to help identify chemical weapons or pinpoint the specific features of unknown weapons systems. The FBI's extensive
The Robin Hood Virus / 110
forensic work is a type of MASINT. The FBI Laboratory's Chem-Bio Sciences Unit, for example, provides analysis to detect traces of chemical, biological, or nuclear materials to support the prevention, investigation, and prosecution of terrorist activities.
(OSINT) refers to a broad array of information and sources that are generally available, including information obtained from the media (newspapers, radio, television, etc.), professional and academic records (papers, conferences, professional associations, etc.), and public data (government reports, demographics, hearings, speeches, etc.).
The Robin Hood Virus / 111
The five steps of the Operational Security(OPSEC) process are:
IDENTIFICATION OF CRITICAL INFORMATION.
Critical information is factual data about an organization's intentions, capabilities, and
activities that the adversary needs to plan and act effectively to degrade operational effectiveness or place the potential for organizational success at risk.
ANALYSIS OF THREATS.
Threat analysis consists of determining the adversary's ability to collect, process, analyze, and use information. The objective of threat analysis is to know as much as possible about each adversary and their ability to target the organization.
The Robin Hood Virus / 112
ANALYSIS OF VULNERABILITIES.
Vulnerability analysis requires that the OPSEC analyst adopt an adversarial view of the activity requiring protection.
ASSESSMENT OF RISKS.
Risk assessment is the heart of the OPSEC process. In a risk assessment, threats and vulnerabilities are compared to determine the potential risk posed by adversary intelligence collection activities targeting an activity, program, or organization. When the level of vulnerability is assessed to be high and the adversary threat is evident, then adversary exploitation is expected, and risks are assessed to be high.
APPLICATION OF APPROPRIATE COUNTERMEASURES.
In the final step, countermeasures are
The Robin Hood Virus / 113
developed to protect the activity. Ideally, the chosen countermeasures eliminate the adversary threat, the vulnerabilities that can be exploited by the adversary, or the utility of the information. The steps in the intelligence cycle are:
PLANNING AND DIRECTION.
The first step in the cycle, planning and
direction, involves the management of the entire intelligence effort, from the identification of a need for data to the final delivery of the intelligence product to the consumer. The process consists of identifying, prioritizing, and validating intelligence requirements, translating requirements into observables, preparing collection plans, issuing requests for information collection,
The Robin Hood Virus / 114
production, and dissemination, and continuously monitoring the availability of collected data.
The second step, collection, includes both acquiring information and provisioning that
information to processing and production elements. The collection process encompasses the management of various activities, including developing collection guidelines that ensure optimal use of available intelligence resources. Intelligence collection requirements are developed to meet the needs of
potential consumers. Based upon identified intelligence, requirements collection activities are given specific tasks to collect information.
The Robin Hood Virus / 115
The third step, processing, is the conversion of collected information into a form suitable for the production of intelligence. In this process, incoming information is converted into formats that can be readily used by intelligence analysts in producing intelligence. Processing may include such activities as translation and reduction of
intercepted messages into written format to permit detailed analysis and comparison with other information. Other types of processing include video production, photographic processing, and correlation of information collected by technical intelligence platforms.
The fourth step, production, is the
The Robin Hood Virus / 116
process of analyzing, evaluating, interpreting, and integrating raw data and information into finished intelligence products for known or anticipated purposes and applications. The product may be developed from a single source or from all-source collection and databases. To be effective, intelligence production must focus on the consumer's needs. It should be objective, timely, and most importantly accurate.
The final step of the intelligence cycle is dissemination. Dissemination is the conveyance of intelligence to the consumer in a usable form.
Targeted Information and Technologies
The Robin Hood Virus / 117
The importance of proprietary information concerning advanced technologies to the future of the United States has been recognized in both the National Critical Technologies List (NCTL) published by the Department of Commerce, and the Militarily Critical Technologies List (MCTL) published by the Department of Defense. The MCTL incorporates all of the technologies listed in the NCTL and includes additional technologies that have military significance. As a result, it provides an all-encompassing view of the range of technologies that are considered essential to the security of the
United States. The MCTL was mandated by Congress under the Export Administration Act of 1970 and was supplemented by guidance contained in executive orders. The MCTL is organized into 15 technology groups that include over 200
The Robin Hood Virus / 118
different technology applications.
Among these groups are:
Composite Materials, Alloys, Super-conductive Conductors
Automated and Robotic Production Technologies
Telecommunications Transmission, Switching, and Networking
Management Capabilities Lasers, Optics and Power Systems
Technologies Biomedical Technologies
Advanced Electronic Devices, Components, and Circuits
Optical, Acoustic and Electro-Optic Sensors
Aerospace Structures and Propulsion Systems
The Robin Hood Virus / 119
Directed Energy and Kinetic Energy Applications
Specialized Technical Operations
These techniques include computer intrusion, telecommunications targeting and interception, and exploitation of weak private sector encryption systems. According to NACIC, these activities account for the largest part of economic and industrial information lost by U.S. corporations. Because telecommunications are easily accessed—particularly international telecommunications they provide a lucrative and extremely vulnerable source for anyone interested in obtaining, economic or proprietary data.
Obtaining Threat Assessment Information Threat information can be obtained through a
The Robin Hood Virus / 120
number of sources within the United States Government. These agencies are responsible for protecting U.S. government and commercial activities, and executing counterintelligence programs, security education, or threat analysis. These agencies are:
Federal Bureau of Investigation (FBI)
The FBI has primary responsibility for counterintelligence investigations within the United States and can provide a variety of support services and classified analytical products to Government agencies. An integral part of the FBI's counterintelligence efforts is the Development of Espionage, Counterintelligence and Counter-terrorism
Awareness program (DECA). DECA is the FBI's medium for providing foreign intelligence
The Robin Hood Virus / 121
threat information-especially information concerning economic espionage to the private sector.
Defense Intelligence Agency (DIA)
The DIA is a combat support agency and the senior military component in the U.S. Intelligence Community. It provides intelligence in support of joint military operations in peacetime, crisis, contingency, and combat; service weapons systems acquisition; and defense policy making. The DIA prepares CI risk assessments for the Department of Defense and conducts a variety of assessments and studies on the foreign intelligence collection threat. The DIA also assesses the threat to our military capabilities posed by illegal transfers of
The Robin Hood Virus / 122
high technology to U.S. adversaries.
Defense Investigative Service (DIS)
DIS is responsible for safeguarding classified information received, produced, stored, and disseminated by U.S. Government contractors. DIS shares information with industry about specific targeting techniques used by foreign intelligence organizations. The focus of the DIS program is the protection of Government classified information. DIS
provides information about the targeting of specific technologies or specific contractors based on its analysis of information from databases such as the Foreign Ownership, Control, or Influence (FOCI) database and various elements of the Foreign Disclosure and Technical Information System. Foreign threat
The Robin Hood Virus / 123
information is also developed through personal security interviews by DIS Special Agents, by Industrial Security representatives during inspections and facility visits conducted under the auspices of the National Industrial Security Program (NISP), and through liaison with other government agencies. Reports developed by DIS are disseminated throughout the Department of Defense, to the U.S. Intelligence Community, and to cleared defense contractors during industrial security visits. Specific threat data can be obtained directly from any DIS Industrial Security representative.
Department of Defense Security Institute
DODSI develops and presents courses on DoD security countermeasure programs. DODSI
The Robin Hood Virus / 124
conducts instructional courses on industrial, personnel, and information security. Discussion of intelligence collection threats are an inherent part of training provided by DODSI. DODSI also publishes unclassified
security awareness publications. The best known of these publications is the Security Awareness Bulletin, which is distributed to 25,000 customers in government and industry. Articles often highlight foreign economic and industrial intelligence efforts, and methods to protect against such activities.
Department of Energy (DOE) Counterintelligence Division
The DOE Counterintelligence Division is responsible for analyzing foreign intelligence collection threats, providing awareness
The Robin Hood Virus / 125
training, and disseminating threat assessments to government and contractor activities. The CI Division publishes classified and unclassified threat assessments, and distributes bulletins and newsletters concerning foreign intelligence threats to DOE activities and facilities. We will enter their government agencies, departments, and diplomatic offices and embassies. We have established various security tests to determine subject of the information, the level of importance, and which department should have this information. We have setup a U.S. Government communication channel that does not know our identity. We have sent numerous pieces of information that they have verified to be true and have welcomed our continued forwarding of
The Robin Hood Virus / 126
information concerning people, places, activities, I.P. Addresses of major hackers, foreign military plans and activity, individuals we have identified as terrorists and their location and activities.
Our communications channel is with INSCOM. INSCOM oversees a number of major subordinate commands, and coordinates efforts between the various command groups in order to gather and best use the information received. This can include providing linguistic support to various commanders throughout the Army, ensuring the security and maintenance of US Army computer systems and servers, working with other intelligence agencies such as the National Security Agency, and providing location specific support and analysis in numerous military theaters across the world. US Army
The Robin Hood Virus / 127
military intelligence can be used in peace time to prepare for potential attacks and coordinate defensive efforts or during wartime to give soldiers an advantage on a battlefield. Information gathered through US Army military
intelligence efforts can be used for political negotiations and treaties between the U.S. and other nations, as well as for advising political leaders on better understanding world military actions. The information can also be used on a battlefield to allow soldiers to better understand where potential attacks may come from, or to be better aware of their surroundings during an attack. This type of US Army military intelligence is often gathered by
intelligence personnel specially trained in intelligence gathering techniques.
The Robin Hood Virus / 128
Diversion total to date $207,500,000
Donation total to date $195,000,000