Nellis team behaves like the enemy

By Brendan Buhler

Wednesday, July 22, 2009 | 2 a.m.

Meet Lt. Col. Robin Williams, a former B-52 bombardier. “I go by Montana,” he says (and who can blame him?). He’s the director of operations for the 57th Information Aggressor Squadron, based at Nellis Air Force Base, which is bringing the Air Force’s war games into the age of, well, “WarGames.”

Seriously. The squadron is charged with training the rest of the military by impersonating enemy hackers during exercises, threats ranging from agents of the People’s Republic of China, criminals working with the Russian mob or yes, Williams says, the threat depicted in the 1983 movie, “the standard script kiddy, the 16-year-old in the basement, Matthew Broderick trying to take down the WOPR.”

Before we get any further, we must discuss the squadron’s insignia. It looks like the most awesomely radical tattoo ever designed by a 12-year-old boy. It is a bat over two crossed swords. The bat, Williams says, speaks to the traditional bad-guy, adversarial play-acting of an aggressor squadron. Also, it is “a symbol of cunning and operations of the night.” The bat has red eyes. “Adversarial red,” Williams says, the red of the enemy forces in war games, a tradition that goes back to the Cold War.

The theme carries through the squadron. Williams’ desktop background is a communist-style, yellow-outlined red star. It’s supposed to remind the squadron’s 40 or so members to think like an enemy force. If that isn’t enough, the monthly squadron awards are red stars. And if that isn’t enough, the squadron’s base of operations has Soviet-era propaganda posters and the squadron’s motto, written in Cyrillic, is “Through the eyes of the adversary.”

The adversary, Williams says, is remarkably similar whether he’s a nation state, a crime syndicate or a couple of bored teenagers. Their attack can be a simple probing scan of the network, looking for open access, or it could be team of computers (often hijacked by a virus) bombarding a network with repeated requests until it crashes, what is called a denial-of-service attack. A more recent worry is that an adversary could use social networking sites such as Facebook to make contact with service members and elicit information from them under false pretenses.

The Information Aggressors supplement their knowledge of such threats by staying in contact with the usual alphabet soup government agencies — FBI, CIA and NSA — and also anti-virus and firewall companies such as Norton and Symantec. There are also field trips to Black Hat Briefings and the DEFCON hacker conventions.

When the Information Aggressors stage attacks on military networks, they’re using both the most common and the latest forms of attack. The squadron isn’t on the normal military Internet service at Nellis — it is both more realistic and less obvious for them to use a normal civilian dot-com connection to stage their attacks.

The squadron is housed in a couple of old trailers behind barbed wire and security gates — for now. New facilities are under construction. “Real buildings,” Williams says. Like any civilian tech startup, it’s decorated with posters, coffee mugs and toys, plus the occasional camo net between cubicles. Though the squadron’s personnel come in all ages, there are a substantial number of young airmen, for what Williams says is the obvious reason: “We have an entire generation of young people who have grown up in the age of computers.”

Also, the Information Aggressors have a few civilian specialists, Williams says — “your big, 75-pound-brain-type folks.”