You are on page 1of 7

UTICA COLLEGE MASTERS PROGRAM

Turing Bombe

Gray Hat Hacking Democracy’s enemies

Harry R Cooper
CYB673 – Principles of Cybercrime
APA Citation Style
08/09/2011

Issue Statement:

A summary of what a cyber militia would look like if established by myself. A description of the militia,
a blueprint for creating and maintaining the militia, legal issues the militia faces, and finally the usage
of the militia will all be covered in the paper below.
When constructing a cyber militia for this academic exercise, a lot of time was spent determining
the guiding principles behind the organization. Without a framework in place that is built upon a solid
set of guiding principles, a cyber militia could devolve and morph into something that it was not
originally intended to be. Once the guiding principles were determined an exhaustive approach to
choosing the most appropriate organizational model was undertaken with a focus on ensuring a strict
adherence to the militia’s principles and a focus on future needs to sustain the organization going
forward. The work done in the guiding steps of this academic exercise laid the groundwork for a final
setting of a cyber militia that was focused on defending democracy. The Turing Bombe, as the cyber
militia has been named, is guided by the work of and named after Alan Turing, the father of computer
science and artificial intelligence.

The guiding principles of this new cyber militia were the key and primary focus of the initial
stages of this exercise. A guiding principle is defined as “any principles or precepts that guide an
organization throughout its life in all circumstances, irrespective of changes in its goals, strategies, type
of work, or the top management.” (Staff, 2011). As seen by this definition, the goal of the guiding
principle exercise was to make a clear guideline for the future functioning of the cyber militia that would
serve to guide the leaders, the lawyers, and the members (bombes) in carrying out the militia’s stated
goals. The guidelines for the militia are as follows:

“Terrorism, whether sponsored by states or terroristic organizations, are having a considerable


and dangerous effect upon the democratic ideals of which most of the free world is based upon. The
Turing Bombe’s goal is to use the power of cyber militias to attack sponsors of terrorism and their
encrypted networks. By using the tools and skills of black hat hackers, the Turing Bombe’s goal is to bring
about the removal of the protection afforded to these organization’s communications by their use of
encryption.”

The Turing Bombe’s next step was to determine the most advantageous infrastructure to setup
for command and control purposes of the organization’s day to day activities. After reviewing Rain Ottis’s
paper on theoretical offensive cyber militia models (Ottis, 2011), the final model chosen for the Turing
Bombe group was the hierarchy model. The primary reason for this choice was that the founder,
cRazykiLLEr, wished to retain the day to day control and focus of the organization. Through the use of the
hierarchical model, the founder is able to maintain the group’s laser like focus on the guiding principle of
attacking democracy’s enemies. Additional considerations were also taken into account when choosing
the most accurate model. The first of these was the requirement that all individuals wishing to join the
organization had to bring to the table a distinct and strong technical background. Since the organization
is working toward cracking extremely complex algorithms that underlie encryption software, extremely
technical skills were necessary, and script kiddies and other “bottom of the barrel” members would
serve no purpose nor provide any benefit to the organization. Under the hierarchy model, the
organization can leverage vetting procedures before allowing any member to join. Now while this vetting
may be seen as a negative by some when it comes to scalability, the usage of the vetting procedures in
the Turing Bombe organization ensure extremely high skill levels that bring more knowledge to the table
and the militia thusly is not constrained by quantity of individuals but rather enhanced by the intellect of
the smaller collective of members. Finally, while the Hierarchy model does have an inherent weakness
when it comes to infiltration, the founder believes that the stated goals of the militia and its “gray”
nature will overcome this particular weakness.

Now that the cyber militia has a command and control model for its base layout, the exercise can
now focus on the creation and ongoing maintaining of the militia. The militia will operate with a
structure similar to the organized crime syndicates in New York and other cities across the United States
as seen below (Deutsch, 2009):

Illustration of an organized crime syndicate (Deutsch, 2009)

The founder, cRazykiLLEr, will assume the role of the head of the family, otherwise called the
Boss. The founder’s most trusted advisor and preferably a member of the Federal Bureau of
Investigation or other law enforcement agency will take on the role of the Consigliere. The next person in
the organizational structure of the militia would be the Underboss, this individual would preferably be an
extremely intelligent and resourceful black hat hacker. The combination of these three individuals, the
Boss, the Consigliere, and the Underboss would assume the role of a ruling body for the militia, in
essence becoming the militia’s administrative arm. After these individuals would come the Caporegime,
who would fulfill the role of leading each team in their attacks on a specific encryption packet or sponsor
of terrorism. When needed the Caporegime can join their forces, or soldiers, with other Caporegime and
their soldiers. The day to day management of the teams resides within the role of the Caporegime, with
decisions of more difficulty moving up the chain as needed. A final role of Associate is also present in the
organizational chart above. The role of associate is for outsiders who have proven their usefulness in
certain areas. This role can contain such individuals as reporters, military, intelligence analysts, software
manufacturer insiders, and much more. It should be noted that the role of associate is not aware of the
operations of the organization except for the times when they need to know to further the objectives of
the militia.

The next hurdle to present itself to the cyber militia organization is that of the legal issues that it
may face due to its activities. Unlike a standard white hat militia that is setup to stay within the laws of
all countries while leveraging their vast knowledge in prevention of possible catastrophic situations, gray
hat hackers skirt around the laws of countries in their day to day acts. In this particular instance, the
Turing Bombe militia would most likely not run afoul of United States laws due to its nature of cracking
encryption codes of terrorist organizations and their sponsors. That does not mean though that they are
not chargeable in other countries. The likelihood is that one sponsor of terrorism that would be targeted
by this militia would be the Islamic Republic of Iran. By using Iran as an example, we can dig a bit more
into the legality issue that arises when the militia targets a legitimate country with its own laws and legal
system. In July of 2005, the Constitution of the Islamic Republic of Iran was amended to include the
Computer Crimes Act which covers a majority of the crimes and their punishments under Iranian law.
After a thorough overview of the Google provided translation of the act (Ahmadinejad, 2005), the militia
by their act of attacking the encryption mechanisms of Iranian computers is in violation of Articles 10,
12, and 25 of the law. Each of these articles carry either jail time, monetary damages, or both jail and
monetary damages. The other laws on the book in Iran prior to this are extremely lacking and have little
to no bearing to the acts to be committed by the militia.
Now that we have successfully identified our guiding principles, infrastructure, day to day
organization, and legal ramifications, we must turn our attention to the final and most important reason
for the militia’s creation. What is the cyber militia’s use with respect to the area of cybercrime? Well,
that is extremely difficult to discern since the militia is operating in a gray hat manner. On one hand the
usage of the militia itself is a criminal act according to the Constitution of the Islamic Republic of Iran and
most likely any other terrorist sponsors who are nation-states. But on the other hand the usage of the
militia in furtherance of identify possible terrorist attacks both physical and cyber, would be a public
service rather than a crime. So when it comes to this particular piece of the puzzle, the experimental
militia would serve to create and fight cyber crime. With regards to the physical or non-preventive
cybercrime angle, the militia would operate in a constant state of attack against terrorist organizations.
Via leveraging their extremely high level of skills, the members of the Turing Bombe can bring to bear
against any organization the intellect of their members and through the use of a command and control
infrastructure a computer zombie army, for all purposes hundreds if not thousands of supercomputers,
that would act as one large Turing Bombe against the encryption algorithms being used by the target
organizations.

Using theories and tools conceived, designed, and built by Alan Turing, the cyber militia called
the Turing Bombe has taken these theories and tools into the 21 st century. By leveraging computing
resources of millions of computers across the world, the militia will aim to crack the encryption in use
today by terrorist organizations and their sponsors, just like Turing and his “militia” used against
Germany and their Enigma encryption during World War II. While the militia would be considered a gray
hat hacking organization, the guiding principle behind the militia and its members would be one of
patriotism and heroism. While this militia has been an academic exercise, such an organization if it does
not already exist in the “shadows of the internet” should be looked at for possible implementation by
interested parties.
Bibliography

Staff, BD. (2011). What is guiding principles?. Businessdictionary.com. Retrieved August 9, 2011, from
http://www.businessdictionary.com/definition/guiding-principles.html

Ottis, R. (2011). Theoretical offensive cyber militia models . Cooperative Cyber Defence Centre of
Excellence, Retrieved from
http://www.ccdcoe.org/articles/2011/Ottis_TheoreticalOffensiveCyberMilitiaModels.pdf

Deutsch, D. (2009, June 18). Fear the auditors [Web log message]. Retrieved from
http://fourstory.org/features/story/fear-the-auditors/

Ahmadinejad, M. Department of Justice, (2005). Computer crimes act (71 063). Tehran: Parliament.
Retrieved from http://www.rooznamehrasmi.ir/Detail.asp?NewsID=924303898312204