USAF Operation Igloo White

The US Air Force (USAF) at the end of 1967 started to air-drop around 20,000 micro sensors into a country bordering Vietnam to be monitored by an IBM mainframe, in order to help direct US airstrikes. The project was an expensive disaster that became a foundation for US domestic military surveillance of non-whites.

Scene from “Bugging the Battlefield” by National Archives and Records Administration, 1969 *

It had little impact (e.g. “sensors couldn’t tell the difference between a gun and a shovel”) while costing American lives. All it did prove was the fact that drones flying above a mesh of sensors could launch airstrikes on a moment’s notice…for a low low price of just $1 billion/year in the 1970s, as the following documentary puts plainly:

When you stop to think about it if you have $30M orbiting reconnaissance aircraft to transmit signals, and $20M command post to call in four $10M fighters to assault a convoy of five $5000 trucks with $2000 worth of rice, it’s easy to see that’s not cost-effective. This is a self-inflicted wound… a losing proposition…

Initial Plans

The North Vietnamese had built a network of roads through neighboring neutral countries Laos and Cambodia to supply forces in South Vietnam. This “Truong Son Road” (called “Ho Chi Minh Trail” by Americans) was concealed by the natural foliage of thick jungle.

Plans were concocted by Americans to appear respectful of Laos and Cambodia, while still bombing them, by secretly dropping hidden sensors that would guide targeted strikes and Army Special Forces teams “over the fence

The idea of constructing an anti-infiltration barrier across the DMZ and the Laotian panhandle was first proposed in January 1966 by Roger Fisher of Harvard Law School in one of his periodic memos to McNaughton.

A book called The Closed World explains in detail what these Harvard Law School plans turned into:

From Paul Edwards’ “The Closed World: Computers and the Politics of Discourse in Cold War America“: Chapter 1

Sensor Technical Details (Data Integrity Failure)

There were several iterations of the sensors. The USAF archives refer to these categories:

  • ADSID I and III, (Normal) and (Short): (Air Delivered Seismic Intrusion Detector) – transmitted vibration from geophone (personnel or vehicles in motion)
  • HELOSID (Helicopter Delivered Seismic Intrusion Detector)
  • ACOUSID II and III: (Acoustic and Seismic Intrusion Detector) – transmitted sound from microphone

We’re talking here about $2K radios inside a dart-shaped canister with a 2 week battery (later expanded to 45 days by changing from continuous to polling), and a 20% failure rate on deployment.

ACOUSID III Cutaway (USAF Drawing)

Ten years ago Air Force Magazine described the wide set of problems with false positives from these wireless sensors in a jungle. This honest analysis is a far cry from how the USAF originally fluffed up the technology to be as easy as “drugstore pinball” and give North Vietnamese “nowhere to hide”:

The challenge for the seismic sensors (and for the analysts) was not so much in detecting the people and the trucks as it was in separating out the false alarms generated by wind, thunder, rain, earth tremors, and animals—especially frogs.

There were other kinds of sensors as well. One of them was the “people sniffer,” which chemically sensed sweat and urine.

[…]

“We wire the Ho Chi Minh Trail like a drugstore pinball machine, and we plug it in every night,” an Air Force officer told Armed Forces Journal in 1971. “Before, the enemy had two things going for him. The sun went down every night, and he had trees to hide under. Now he has nothing.”

Here are the sort of acoustic details captured in working group studies hoping to isolate signals of frogs and shovels from soldiers and trucks:

Figure and Table from “Acoustical Working Group: Acquisition, Reduction and Analysis of Acoustical Data. An Unclassified Summary of Acoustical Working Group Studies.” NADC Report No. AWG-SU, 1974

Sensor Deployment

Either a F-4 Phantom jet, a OV-10 Bronco plane, or a CH-3 Jolly Green Giant helicopter was used for air drops. Given the large quantity of sensors, frequency of drops, size of budget and talent of engineering, their placement wasn’t as sophisticated as one might imagine.

Here you can see a member of 21st Special Operations Squad (SOS) based in Nakhon Phanom (under the Dust Devils call sign) at low altitude sending a sensor by hand.

Initially MC-130E Blackbird were used to orbit and monitor the sensors. The 554th Reconnaissance Squad (under the Vampires call sign) by 1970 started orbiting a QU-22B “drone” to pick up signals from the sensors and relay them back to Infiltration Surveillance Center (ISC) at the Nakhon Phanom Royal Thai Air Force Base.

Despite being engineered with complex electrical equipment to enable remote control. reliability failures meant every flight carried a pilot on board (A QU-22 reunion site interviews them).

The high-tech QU-22 drone program was cancelled after just two years with a number of crashes including two inside Laos.

Command Center

Back at the ISC, computers made by IBM were connected to a giant wall-sized display of the area under surveillance, as well as touchscreen monitors (images from US Air Force Historical Research Agency):



Military Surveillance “Toys” Deployed in America

Despite President Nixon’s backing, the expense of Igloo White coupled with many American casualties sat on top of a failure to produce results to justify continuing the program, especially after North Vietnamese simple changed tactics. The program was cancelled by 1973 just as Nixon was infamously announcing he would criminalize being non-white.

Nixon had believed so strongly in the new surveillance technology that he had the same sensors deployed to his lawns and…of course the border with Mexico.

Needless to say, even domestically the systems failed spectacularly as documented in 1971 and reported again in 1972:

“Bringing the toys home from Vietnam” New Scientist 15 Jun 1972

That kind of outcome didn’t seem to dissuade some from thinking there is a bright future for military surveillance technology along America’s borders.

In 1989 the Air War College reported that military surveillance failure under Nixon on the border with Mexico meant President Reagan actually had a useful foundation for military role in the criminalization of non-whites.

Reagan pushed so hard on invasive of domestic military surveillance the Posse Comitatus Act of 1878 was modified “to allow all branches of the Armed Forces to provide equipment, training, and assistance to the U.S. Coast Guard, U.S. Customs, and to other Drug Enforcement agencies”. Today it is widely known and becoming uncontroversial that the “war on drugs” was intentionally racist — criminalizing non-whites.

Conclusion

The true lesson from Igloo White was that an expensive technological military replacement (even domestically) for human intelligence gathering systems may have been very fast yet also very expensive and never really proven accurate. It will forever be known in history as a “self-inflicted wound” by Nixon that Reagan doubled-down on.

Air Force Magazine, while admitting the USAF vastly overstated the success of their work, also emphasized analysis of data can be mishandled by everyone involved:

…7th Air Force’s “numbers game” was refuted by the CIA’s own “highly reliable sources,” referring to its agents in the enemy ranks. The CIA and the Defense Intelligence Agency developed a formula that arbitrarily discounted 75 percent of the pilot claims. […] Then, as now, the bomb damage assessment process was flawed on both ends: Operations tended to claim too much; Intelligence tended to validate too little.

It was the “fire, ready, aim” foreshadowing of today’s drone programs (e.g. Operation Haymaker) where the vast majority of targets are later reported to be innocent civilians.


* “Bugging the Battlefield” by National Archives and Records Administration, 1969:

For a perspective from the Laotian side, see “The Rocket”:



Update April 2021:
Jim Bolen (former Special Forces operative in Laos and Cambodia on SOG operations to the Ho Chi Minh and Sihanouk Trails during the Vietnam War — recon team leader on over 40 SOG missions and extracted under fire from over 30) gives a new interview where he describes “Reconnaissance Missions to the Ho Chi Minh Trail” and argues that electronic sensors were infallible technology and instead it was LBJ who wasn’t listening.

…we had planted electronic seismic sensors along the Trail coming out of North Vietnam. These sensors were monitored 24 hours a day 365 days a year by C-130 Blackbirds. The seismic sensors would pick up vibrations from truck or tank movements along the Trail.


Sensors dropped along the Ho Chi Minh Trail in Attapeu Laos. Source: Military Assistance Command, Vietnam – Studies and Observations Group

Update October 2021: Declassification of secret missions gives us the opposite of Jim Bolen, “MACV-SOG: A Conversation with John Stryker Meyer“, which includes a gold nugget of modest wisdom from a Green Beret who served on the ground at the time that the bombing campaigns in Laos were “completely useless“.

How the NSA Can Tell if You Are a Foreigner

For several years I have tried to speak openly about why I find it disappointing that analysts rely heavily (sometimes exclusively) on language to determine who is a foreigner.

Back in 2011 I criticized McAfee for their rather awful analysis of language.

They are making some funny and highly improbable assumptions: … The attackers used Chinese language attack tools, therefore they must be Chinese. This is a reverse language bias that brings back memories of L0phtCrack. It only ran in English.

Here’s the sort of information I have presented most recently for people to consider:

You see above the analysts tell a reporter that presence of a Chinese language pack is the clue to Chinese design and operation of attacks on Russia. Then further investigation revealed the source actually was Korea. Major error, no? It seems to be reported as only an “oops” instead of a WTF.

At a recent digital forensics and incident response (DFIR) meeting I pointed out that the switch from Chinese to Korean origin of attacks on Russia of course was a huge shift in attribution, one with potential connections to the US.

This did not sit well with at least one researcher in the audience. “What proof do you have there are any connections from Korea to the US” they yelled out. I assumed they were facetiously trying to see if I had evidence of an English language pack to prove my point.

In retrospect they may actually have been seriously asking me to offer clues why Korean systems attacking Russia might be linked to America. I regret not taking the time to explain what clues more significant than a language pack tend to look like. Cue old history lesson slides…but I digress.

A traitorous Confederate flag flies from an American M4 (A3E8?) in the “Forgotten War

Here’s another slide from the same talk I gave about attribution and language. I point to census data with the number and location of Chinese speakers in America, and most popular languages used on the Internet.

Unlike McAfee, mentioned above, FireEye and Mandiant have continued to ignore the obvious and point to Chinese language as proof of someone being foreign.

Consider for a moment that the infamous APT1 report suggests that language proves nothing at all. Here is page 5:

Unit 61398 requires its personnel to be…proficient in the English language

Thus proving APT1 are English-speaking and therefore not foreigners? No, wait, I mean proving that APT1 are very dangerous because you can never trust anyone required to be proficient in English.

But seriously, Mandiant sets this out presumably to establish two things.

First, “requires to be proficient” is a subtle way to say Chinese never will do better than “proficient” (non-native) because, foreigners.

Second, the Chinese target English-speaking victims (“Only two victims appear to operate using a language other than English…we believe that the two non-English speaking victims are anomalies”). Why else would the Chinese learn English except to be extremely targeted in their attacks — narrowing their focus to basically everywhere people speak English. Extremely targeted.

And then on page 6 of APT1 we see supposed proof from Mandiant of something else very important. Use of a Chinese keyboard layout:

…the APT1 operator’s keyboard layout setting was “Chinese (Simplified) – US Keyboard”

On page 41 (suspense!) they explain why this matters so much:

…Simplified Chinese keyboard layout settings on APT1’s attack systems, betrays the true location and language of the operators

Mandiant gets so confident in where someone is from based on assessing language they even try to convince the reader that Americans do not make grammar errors. Errors in English (failed attempts at proficiency) prove they are dealing with a foreigner.

Their own digital weapons betray the fact that they were programmed by people whose first language is not English. Here are some examples of grammatically incorrect phrases that have made it into APT1’s tools

It is hard to believe this is not meant as a joke. There is a complete lack of linguistic analysis, for example, just a strange assertion about proficiency. In our 2010 RSAC presentation on the linguistics of threats we give analysis of phrases and show how syntax and spellings can be useful to understand origins. I can only imagine what people would have said if we tried to argue “Bad Grammar Means English Ain’t Your First Language”.

Of course I am not saying Mandiant or others are wrong to have suspicion of Chinese connections when they find some Chinese language. Despite analysts wearing clothes with Chinese language tags and using computers that probably have Chinese language print there may be some actual connections worth investigating further.

My point is that the analysis offered to support conclusions has been incredibly weak, almost to the point of being a huge distraction from the quality in the rest of the reports. It makes serious work look absurd when someone over-emphasizes language spoken as proof of geographic location.

Now, in some strange twist of “I told you so”, the Twittersphere has come alive with condemnation of an NSA analyst for relying to heavily on language.

Thank you to Chris and Halvar and everyone else for pointing out how awful it is when the NSA does this kind of thinking; please also notice how often it happens elsewhere.

More people need to speak out against this generally in the security community on a more regular basis. It really is far too common in far too many threat reports to be treated as unique or surprising when the NSA does it, no?

In Defense of Microsoft’s Active Defense Against No-IP

The Microsoft take-down of malicious DNS has stirred a healthy debate. This is the sort of active defense dilemma we have been presenting on for years, trying to gather people to discuss. Now it seems to be of interest thanks to a court order authorizing a defense attempt against malware: take-over and scrubbing of name resolution.

Over the past several days I have been in lengthy discussions with numerous lawyers on mailing lists about legal and technical details to the complaint and action. Some have asked me to put my thoughts into a blog, so here you have it.

This dialogue with both lawyers and security experts has crystallized for me that a community trying to increase freedom on the Internet should be, and some already are, supportive of elements in Microsoft’s action.

There is an opportunity here for guiding courts to course-correct and increase the effectiveness of individuals or even groups using active defense to reduce harm with minimal impact to freedoms. One exception in the security community stands out; some said the organization implicated in harm was sufficiently responsive before Microsoft action and should have been left alone to continue dispensing at current rates. Hold that thought.

Throughout my entire career, just to put this in some perspective, I have been an outspoken critic of Microsoft. My site name, flyingpenguin, started in the mid-1990s as homage to Linux and in belief that it would ultimately bypass Microsoft. This was in part due to coming from a VMS and Unix background and then being asked in my first professional job to lock-down and defend Windows NT 3.51 from compromise. It was hairy bad.

Anyone remember Bill Gates saying NT would ship but security can wait? Or remember Microsoft’s founder telling the UNIX community they have to explain to him how to make a billion dollars with security? My 2011 Dr. Stuxlove presentation started with some of those stories.

Ok, a full confession: I was offered PCs with Microsoft Word at home but I preferred WordPerfect and switched to Apple as soon as I could (1990, although I stopped using Apple in 2010). Despite preferences, I also accepted my fate as a security professional, which has meant 20 years spent working on ways to protect Microsoft customers.

To me, for as long as I can remember, Microsoft really seemed like a law firm started with lawyerish intentions; it just happened to also write and sell software. I might have further hardened these views due to years I spent watching legal trickery used like cannons to sink all the competing software boats; obvious hostility and attempts to knock holes into hobbyist and free software movements.

That legally-led-and-defended direction against competition didn’t last forever for various reasons outside the scope of this post. But Microsoft gradually was forced by external factors to realign their definition of malice away from competitors and hobbyists and towards clearly malicious software as well as some glaring flaws in their accountability department. The change started around 2000. By 2005 I was invited inside for a meeting where I was told “we now have five people full-time on security”. Five, in the entire company; don’t know if that was accurate but apparently 1/5 of the Microsoft security group saw me almost fall out of my chair.

Today, despite the thick jade-colored glasses you might think I wear when looking at Microsoft, I can see a different company taking very different approaches to security. Microsoft is *cough*, I can’t believe I have to say this, emerging as a leader and committed to improving safety in some balanced and thoughtful ways.

I was surprised to be invited to another internal meeting in 2013 but was even more surprised to see how thoroughly a security message is working its way through the organization. Don’t count me a full supporter yet, however. I’m still a skeptic, but I have to admit some noticeable changes happening that I wanted to see. Either they’re really getting it or my bullshit detector is failing. Of course both are possible but I believe it is the former.

Microsoft in the past few months appears to have rotated their massive legal cannons to fire volleys of legal briefs upon those they find willingly causing catastrophic harm to Microsoft-made vessels. Am I using the “letter of marque” analogy too liberally here? Microsoft is asking the legal authority for permission to fire, opening their plans for assessment by that authority, and claiming they will act responsibly within limits defined by the authority. We might actually want this to happen more. After all, if Microsoft does not try to actively help in the defense of their users from harm, who should we turn to and ask for a better job with less risk?

Let me try with another analogy. This one might resonate closer to home (pun not intended). Microsoft builds houses and people move in thinking it will be safe. Nearly 24 million people residing in these homes are soon reported sick or dead, causing huge cost and outages. Several independent reports confirm publicly that a service provider is involved in harm. And this provider has been taking little or no significant action to block distribution of harm despite overwhelming evidence; confirmed impact to at least 8 million people. The service provider not only shows no response to public reports of harm, the harm continues to rise.

Microsoft, (now) showing concern about the safety of its homes, tells the court that numerous independent investigations show over 90% harm comes from one service provider. Microsoft asks the court for authority to act on this because, well, logic. They suggest they are in the best position to lead a takeover to continue services without interruption while filtering out harm to tens of millions of people that the court wants to protect. The courts grant this limited authority for the purpose of efficiently cleaning harm.

Unfortunately, this proposal fails. Microsoft’s service has been oversold (surprise) and unable to perform at a level anticipated. Moreover, it turns out to be difficult to prove whether only those causing harm are inconvenienced or also others using the service.

Critics argue as many as 4 million might be inconvenienced (without qualifying as malware or not); but those critics do not measure benefits, or put in perspective of the potentially 24 million harmed over the past year. Critics also argue insufficient notice was given to the service provider before Microsoft moved services to clean them. Remember how I told you to keep in mind that some people said the provider was very responsive to reports of malware? I believe this responsiveness argument backfires on critics of Microsoft. Here’s why:

24 million (worst case) or even 8 million (best case) victims in a year, reported by multiple sources, makes it hard to argue the provider was “responsive” to the issue at hand. They may have been responsive for some particular request, but what did they do about the 24 million problem?

Technically people are right that formal notice is required and necessary. Many in the security community point out however that the provider was a known source of harm being *regularly* notified, which tends to contradict those in the community saying they felt responsiveness adequate for a narrow band of their request. The context often missing from critics of Microsoft is whether reasonable action had been taken in response to public notice about problem in the millions.

A basic review of those who claim responsiveness sufficient suggests the business of remediation and profit from insufficient responses to malware may color their judgment. We can probably balance the question of responsiveness by asking those assessing damage at the full scale of harm whether response was adequate. The courts were maybe considering notification from that angle?

The take-over clearly brought to light some mistakes. I remain skeptical about the action taken, as I said, but I recognize Microsoft for doing what appears to be the right thing. Microsoft obviously needs to be held accountable, just like we would want the DNS service provider to be held more accountable for harm. In fact, it will be interesting to see how harm from the take-over will be demonstrated or documented, as that could actually help Microsoft make their next complaint.

Lessons from this event will help inform how to make improvements for future active defense and set standards of care or definitions of reasonableness. It really kind of annoys me that Microsoft was not able to prove successful their solution for DNS scrubbing. Had they done better engineering or had some proof of service levels, we would be having a completely different discussion right now.

Instead I hear people saying Microsoft was a vigilante (acting without proper authority). That is incorrect. Microsoft asked and was granted authority. Those saying only the government can be an enforcement agent either do not understand public-private relationships or have not thought about the technical challenges (let alone social) of asking the US government to run safe DNS services. Talk about a scary proposition.

Those saying companies are getting a green light to takeover others also are incorrect. Microsoft put together a detailed and compelling complaint with a systemic fix recommendation to reduce a massive amount of harm, linked to multiple current independent sources of research and verification. A green light is very different from the complicated hurdles overcome by Microsoft’s legal team. As in history, their legal prowess unfortunately outdid their engineering.

What this really boils down to is some interesting ethics questions. People are asking for a more trusted Internet, but how do we get there unless someone closest to the harm takes responsibility and proposes solutions within a legal framework (oversight)? Solutions to these types of “wicked problems” require forward thinking in partnerships, as several of us from different industries explained in a recent panel presentation.

So let’s talk about whether Microsoft should be allowed to claim safety of their consumers and users fits within a definition of self-defense. I’m obviously side-stepping the part where Microsoft said they were suffering reputation harm from malware. You can probably tell how I might respond to that claim.

What I really want the community to decide is whether Microsoft can be authorized to perform actions of “self-defense”. They are not policing the Internet. They seem to be asking for the right to block harm to their users in the most efficient, least intrusive way. Perhaps we should ask instead can Microsoft, if we don’t accept a self-defense argument, be authorized to defend consumers and users of theirs who request protection?

It has been very interesting to hear what people think. I really have been doing my best to engage the legal community these past few days and measure as broad a reaction as possible. I am writing this more publicly in the hope to cut through some of the noise about what the security community thinks and point out that even I feel Microsoft is not being fairly credited for reasonable efforts to find cures to some of the problems they helped create.